Timeline



Apr 6, 2017:

8:45 PM Changeset in webkit [215084] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Add WKContentExtensionStore.h and WKContentExtension.h to public WebKit.h
https://bugs.webkit.org/show_bug.cgi?id=170533

Patch by Alex Christensen <achristensen@webkit.org> on 2017-04-06
Reviewed by Daniel Bates.

  • Shared/API/Cocoa/WebKit.h:

In r213696 I added two public headers. All public headers in WebKit are included with
#import <WebKit/WebKit.h>

7:45 PM Changeset in webkit [215083] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[Debug] ASSERT(!throwScope.exception()) on imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.html
https://bugs.webkit.org/show_bug.cgi?id=170395
<rdar://problem/31394017>

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-06
Reviewed by Mark Lam.

  • bindings/js/JSDOMPromise.cpp:

(WebCore::DeferredPromise::reject): Exiting early in case of scope having an exception.
Adding an assertion to ensure this is a worker termination exception.

7:40 PM Changeset in webkit [215082] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Source Map Resources should show up in the Debugger Sources list
https://bugs.webkit.org/show_bug.cgi?id=170581
<rdar://problem/31269140>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-06
Reviewed by Matt Baker.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel):
Include SourceMapResources in the DebuggerSidebar's Sources tree outline.

7:14 PM EnvironmentVariables edited by clopez@igalia.com
(diff)
7:12 PM EnvironmentVariables edited by clopez@igalia.com
efl port gone (diff)
5:59 PM Changeset in webkit [215081] by mmaxfield@apple.com
  • 4 edits in trunk

Make FontWithFeatures test font pass OTS
https://bugs.webkit.org/show_bug.cgi?id=169788

Reviewed by Tim Horton.

Tools:

OTS, or the OpenType Sanitizer, is a check which tells if fonts are properly formed.
Previously, our FontWithFeatures test font did not pass this check. This patch updates
the font to pass the checks. Now, we can use this font on other platforms, and
contribute the font to the W3C for testing the CSS Fonts level 3 spec.

  • FontWithFeatures/FontWithFeatures/FontCreator.cpp:

(Generator::appendCFFTable):
(Generator::Feature::operator<):
(Generator::appendGSUBTable):
(Generator::appendOS2Table):
(Generator::appendFormat4CMAPTable):
(Generator::appendHEADTable):
(Generator::appendHHEATable):
(Generator::NameRecord::operator<):
(Generator::appendNameSubtable):
(Generator::appendNAMETable):

LayoutTests:

Updated font to the one which passes the tests.

  • css3/resources/FontWithFeatures.otf:
5:53 PM Changeset in webkit [215080] by ap@apple.com
  • 2 edits in trunk/Tools

Disable flaky WebKit2.ResizeWithHiddenContentDoesNotHang
for https://bugs.webkit.org/show_bug.cgi?id=170195

  • TestWebKitAPI/Tests/WebKit2Cocoa/AnimatedResize.mm:
5:47 PM Changeset in webkit [215079] by jiewen_tan@apple.com
  • 3 edits in trunk/LayoutTests

LayoutTest crypto/subtle/aes-ctr-encrypt-malformed-parameters.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=170571

Unreviewed.

  • crypto/subtle/aes-ctr-encrypt-malformed-parameters-expected.txt:
  • crypto/subtle/aes-ctr-encrypt-malformed-parameters.html:
5:39 PM Changeset in webkit [215078] by Joseph Pecoraro
  • 3 edits in trunk/Source/WebKit2

Web Inspector: Hangs when loading under SpeculativeLoad::shouldCaptureExtraNetworkLoadMetrics
https://bugs.webkit.org/show_bug.cgi?id=170575

Rubber-stamped by Brian Burg.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::shouldCaptureExtraNetworkLoadMetrics): Deleted.

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:

m_networkLoad is a wrapper around this as the client, so we would infinite loop here.

5:39 PM Changeset in webkit [215077] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

Inaudible background tabs should become eligible for memory kill after 8 minutes
https://bugs.webkit.org/show_bug.cgi?id=170574
<rdar://problem/31488686>

Reviewed by Gavin Barraclough.

Lower the delay for potentially marking background tabs as inactive from 60 minutes to 8 minutes.
Letting a tab misbehave in the background for an entire hour was overly charitable.

  • page/PerformanceMonitor.cpp:
5:39 PM Changeset in webkit [215076] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebKit2

Unreviewed, rolling out r214973.
https://bugs.webkit.org/show_bug.cgi?id=170578

Causes issues in Safari (Requested by bradee-oh on #webkit).

Reverted changeset:

"Refactor so WebsiteDataStores always have a StorageManager."
https://bugs.webkit.org/show_bug.cgi?id=170521
http://trac.webkit.org/changeset/214973

5:38 PM Changeset in webkit [215075] by wenson_hsieh@apple.com
  • 3 edits
    2 adds in trunk

Scroll offset jumps after a programmatic scroll in an overflow container with scroll snapping
https://bugs.webkit.org/show_bug.cgi?id=170560
<rdar://problem/31484693>

Reviewed by Tim Horton.

Source/WebCore:

Test: css3/scroll-snap/scroll-snap-programmatic-overflow-scroll.html

Logic for maintaining the scroll snap state in ScrollController was previously removed from iOS when refactoring
ScrollController. This was done because scroll snapping on iOS is driven not by the ScrollController (as it is
on Mac) but rather by sending scroll snap offsets to the UI process and hooking into UIScrollView delegates to
handle retargeted scrolling.

However, on iOS, this ScrollController state is still important for the purposes of keeping the last active
snap point index in sync with the UI process when the scroll offset changes outside of a user gesture (i.e.
programmatic scrolling). Since the UI process does not get a chance to update the active snap offset during a
programmatic scroll, our last active snap offset state was only being updated to the last snap position that the
user manually scrolled to, making programmatic scrolling jump to this offset.

To fix this, we need to update scroll snap state on iOS within ScrollController. Also adds a new Layout test
that exercises programmatic scrolling in an overflow scrolling container on all platforms.

  • platform/cocoa/ScrollController.mm:

(WebCore::otherScrollEventAxis):
(WebCore::ScrollController::updateScrollSnapState):
(WebCore::ScrollController::updateScrollSnapPoints):

LayoutTests:

Add a test verifying that programmatically changing the scroll offset of an overflow container does not cause the
scroll offset to jump back to the last active snap position. See WebCore ChangeLog for more details.

  • css3/scroll-snap/scroll-snap-programmatic-overflow-scroll-expected.txt: Added.
  • css3/scroll-snap/scroll-snap-programmatic-overflow-scroll.html: Added.
5:36 PM Changeset in webkit [215074] by dino@apple.com
  • 2 edits in trunk/Websites/webkit.org

Fix broken link.

  • demos/webgpu/index.html:
5:26 PM Changeset in webkit [215073] by fpizlo@apple.com
  • 4 edits
    2 moves in trunk/Source/JavaScriptCore

Rename allocateStack to allocateStackByGraphColoring.

Rubber stamped by Saam Barati.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • b3/air/AirAllocateStack.cpp: Removed.
  • b3/air/AirAllocateStack.h: Removed.
  • b3/air/AirAllocateStackByGraphColoring.cpp: Copied from Source/JavaScriptCore/b3/air/AirAllocateStack.cpp.

(JSC::B3::Air::allocateStackByGraphColoring):
(JSC::B3::Air::allocateStack): Deleted.

  • b3/air/AirAllocateStackByGraphColoring.h: Copied from Source/JavaScriptCore/b3/air/AirAllocateStack.h.
  • b3/air/AirGenerate.cpp:

(JSC::B3::Air::prepareForGeneration):

5:16 PM Changeset in webkit [215072] by msaboff@apple.com
  • 6 edits
    2 adds in trunk

Cannot Object.seal() or Object.freeze() global "this"
https://bugs.webkit.org/show_bug.cgi?id=170549

Reviewed by Mark Lam.

JSTests:

Enabled failing tests fixed by the corresponding code change:

ChakraCore/test/LetConst/delete.js
ChakraCore/test/LetConst/dop.js
ChakraCore/test/LetConst/dop1.js

  • ChakraCore.yaml:
  • ChakraCore/test/LetConst/dop.baseline-jsc: Added JSC specific expected output.
  • ChakraCore/test/LetConst/dop1.baseline-jsc: Added JSC specific expected output.

Source/JavaScriptCore:

Needed to implement JSProxy::isExtensible() which returns the results of calling
the same on wrapped object.

Implemented step 11 of Runtime Semantics: EvalDeclarationInstantiation from the ECMAScript
spec to properly return a TypeError object when attempting to add properties to a
non-extensible global object.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

  • runtime/JSProxy.cpp:

(JSC::JSProxy::isExtensible):

  • runtime/JSProxy.h:
5:11 PM Changeset in webkit [215071] by fpizlo@apple.com
  • 14 edits
    1 add
    1 delete in trunk/Source

Linear scan should run liveness only once
https://bugs.webkit.org/show_bug.cgi?id=170569

Reviewed by Keith Miller.

Source/JavaScriptCore:

Air has a longstanding design bug that Tmps from different banks are indexed independently. This
means that all of our analyses over Tmps do separate GP and FP passes. This does have some
marginal benefits (the rest of the algorithm is specialized for Bank) but it's probably net bad.
However, I don't want to think about solving that general problem.

Instead, this just makes linear scan use a UnifiedTmpLiveness that uses a single "linear"
indexing for GP and FP. This lets me avoid the much larger refactoring (which would involve
substantial changes in graph coloring) while getting the bulk of the benefit (liveness runs once,
instead of twice, for linear scan).

This patch implements a lot of plumbing to make it possible for Liveness<> to view Tmps as having
a unified indexing scheme. Tmp calls this LinearlyIndexed (to match the naming convention of
AbsolutelyIndexed and Indexed), while AirLiveness calls this UnifiedTmpLiveness. With this
change, -O1 never does any liveness analysis that uses separate GP and FP passes. I think this
eliminates any urgency from the larger Tmp indexing bug. We can probably live with graph coloring
doing separate passes.

This is a ~6% speed-up for wasm -O1 compile times. I think this means that linear scan is no
longer the longest pole in the tent.

(JSC::B3::VariableLivenessAdapter::prepareToCompute):

  • b3/air/AirAllocateRegistersByLinearScan.cpp:

(JSC::B3::Air::allocateRegistersByLinearScan):

  • b3/air/AirCode.h:

(JSC::B3::Air::Code::forEachTmp):

  • b3/air/AirLiveness.h:
  • b3/air/AirLivenessAdapter.h:

(JSC::B3::Air::LivenessAdapter::Actions::Actions):
(JSC::B3::Air::LivenessAdapter::LivenessAdapter):
(JSC::B3::Air::LivenessAdapter::adapter):
(JSC::B3::Air::LivenessAdapter::prepareToCompute):
(JSC::B3::Air::LivenessAdapter::actionsAt):
(JSC::B3::Air::LivenessAdapter::forEachUse):
(JSC::B3::Air::LivenessAdapter::forEachDef):
(JSC::B3::Air::TmpLivenessAdapter::numIndices):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::UnifiedTmpLivenessAdapter):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::numIndices):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::acceptsBank):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::acceptsRole):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::valueToIndex):
(JSC::B3::Air::UnifiedTmpLivenessAdapter::indexToValue):

  • b3/air/AirLivenessConstraints.h: Removed.
  • b3/air/AirRegLiveness.h:

(JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):

  • b3/air/AirTmp.cpp:
  • b3/air/AirTmp.h:
  • b3/air/AirTmpInlines.h:

(JSC::B3::Air::Tmp::LinearlyIndexed::LinearlyIndexed):
(JSC::B3::Air::Tmp::LinearlyIndexed::index):
(JSC::B3::Air::Tmp::linearlyIndexed):
(JSC::B3::Air::Tmp::indexEnd):
(JSC::B3::Air::Tmp::absoluteIndexEnd):
(JSC::B3::Air::Tmp::linearIndexEnd):
(JSC::B3::Air::Tmp::tmpForAbsoluteIndex):
(JSC::B3::Air::Tmp::tmpForLinearIndex):

  • b3/air/AirTmpMap.h: Added.

(JSC::B3::Air::TmpMap::TmpMap):
(JSC::B3::Air::TmpMap::resize):
(JSC::B3::Air::TmpMap::clear):
(JSC::B3::Air::TmpMap::operator[]):
(JSC::B3::Air::TmpMap::append):

Source/WTF:

Have Liveness<> call Adapter::prepareToCompute(), since this makes it a lot easier to implement
constraint generation, since the constraint generator now gets to run after the Adapter is fully
constructed.

  • wtf/IndexMap.h:

(WTF::IndexMap::append): Also make this a bit more versatile.

  • wtf/Liveness.h:

(WTF::Liveness::LocalCalc::Iterable::contains):
(WTF::Liveness::Iterable::contains):
(WTF::Liveness::compute):

5:04 PM Changeset in webkit [215070] by Simon Fraser
  • 7 edits
    5 adds in trunk

Throttle requestAnimationFrame in cross-origin iframes to 30fps
https://bugs.webkit.org/show_bug.cgi?id=170534

Reviewed by Dan Bates.

Source/WebCore:

Add a throttling reason to ScriptedAnimationController which is NonInteractedCrossOriginFrame,
set on cross-origin iframes whose documents have never seen a user interaction. It's cleared
as soon as an interaction on this frame or a child frame is detected.

Move the initialization of the LowPowerMode throttling reason to Document::requestAnimationFrame(),
since it's more appropriate to compute NonInteractedCrossOriginFrame here than down in ScriptedAnimationController,
and best to do both in the same place.

Tests: http/tests/frame-throttling/raf-throttle-in-cross-origin-subframe.html

  • dom/Document.cpp:

(WebCore::Document::requestAnimationFrame):
(WebCore::Document::updateLastHandledUserGestureTimestamp):

  • dom/Document.h:

(WebCore::Document::hasHadUserInteraction):

  • dom/ScriptedAnimationController.cpp:

(WebCore::ScriptedAnimationController::ScriptedAnimationController):
(WebCore::throttlingReasonToString):
(WebCore::ScriptedAnimationController::interval):

  • dom/ScriptedAnimationController.h:
  • loader/FrameLoader.cpp:

(WebCore::shouldAskForNavigationConfirmation):

LayoutTests:

  • http/tests/frame-throttling/raf-throttle-in-cross-origin-subframe-expected.txt: Added.
  • http/tests/frame-throttling/raf-throttle-in-cross-origin-subframe.html: Added.
  • http/tests/frame-throttling/resources/requestAnimationFrame-frame.html: Added.
5:01 PM Changeset in webkit [215069] by Simon Fraser
  • 8 edits in trunk/Source/WebCore

Use the Accelerate framework to optimize FEColorMatrix operations
https://bugs.webkit.org/show_bug.cgi?id=170518

Reviewed by Tim Horton.

On macOS and iOS, we can use the Accelerate framework (vImage) to do color matrix
math to optimize color matrix, hue rotate, saturation and luminosity to alpha filters.

Change ImageBuffer::getUnmultipliedImageData() and getPremultipliedImageData() to
return the size of the returned Uint8ClampedArray in physical pixels, because we
need to pass that to vImage.

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::getImageData):

  • platform/graphics/ImageBuffer.h:
  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::getUnmultipliedImageData):
(WebCore::ImageBuffer::getPremultipliedImageData):

  • platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::getUnmultipliedImageData):
(WebCore::ImageBuffer::getPremultipliedImageData):

  • platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::effectApplyAccelerated):
(WebCore::effectType):
(WebCore::FEColorMatrix::platformApplySoftware):

  • platform/graphics/filters/FEDropShadow.cpp:

(WebCore::FEDropShadow::platformApplySoftware):

  • platform/graphics/win/ImageBufferDirect2D.cpp:

(WebCore::ImageBuffer::getUnmultipliedImageData):
(WebCore::ImageBuffer::getPremultipliedImageData):

5:01 PM Changeset in webkit [215068] by Simon Fraser
  • 1 edit in trunk/Source/WebCore/ChangeLog

Do some minor FEColorMatrix code cleanup and optimization
https://bugs.webkit.org/show_bug.cgi?id=170474

Reviewed by Dean Jackson.

Don't switch inside of a pixel processing loop; repeat the loop inside switch (filterType).

Change matrix() and saturateAndHueRotate() to dereference the source pixels once, instead
of multiple times, which is faster.

This kind of code benefits from aligning things with spaces for readability, so do so,
violating webkit style.

Add some off-by-default performance logging code.

Increases pixel processing performance from about 86ms per megapixel to 65ms per megapixel.

  • platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::matrix):
(WebCore::saturateAndHueRotate):
(WebCore::effectType):
(WebCore::FEColorMatrix::platformApplySoftware):

4:24 PM Changeset in webkit [215067] by Ryan Haddad
  • 3 edits
    2 deletes in trunk

Unreviewed, rolling out r215041.

The LayoutTest for this change is failing on ios-simulator.

Reverted changeset:

"Rendering flexbox children across columns"
https://bugs.webkit.org/show_bug.cgi?id=164166
http://trac.webkit.org/changeset/215041

4:11 PM Changeset in webkit [215066] by Ryan Haddad
  • 16 edits in trunk

Unreviewed, rolling out r215046.

This change broke internal builds.

Reverted changeset:

"WebRTC tests gardening"
https://bugs.webkit.org/show_bug.cgi?id=170508
http://trac.webkit.org/changeset/215046

3:58 PM Changeset in webkit [215065] by commit-queue@webkit.org
  • 23 edits in trunk/Source

Web Inspector: Only Capture Extra Network Load Metrics when there is a Web Inspector Frontend
https://bugs.webkit.org/show_bug.cgi?id=170525

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-06
Reviewed by Youenn Fablet.

Source/WebCore:

Covered by existing tests that when Web Inspector is open we enable collecting the extra data.

  • inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::firstFrontendCreated):
(WebCore::InspectorInstrumentation::lastFrontendDeleted):

  • inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::frontendCreated):
(WebCore::InspectorInstrumentation::frontendDeleted):
When the first frontend is created enable a new loader strategy to
collect extra network load metrics. When the last frontend is closed
disable the extra metrics.

  • loader/LoaderStrategy.h:
  • platform/PlatformStrategies.h:

New load strategy to enable/disable new metrics.

Source/WebKit:

  • WebCoreSupport/WebResourceLoadScheduler.h:

Source/WebKit2:

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didFinishCollectingMetrics:]):
Only collect extra metrics if the WebProcess this load is for has enabled
collecting extra metrics.

  • WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::setCaptureExtraNetworkLoadMetricsEnabled):

  • WebProcess/Network/WebLoaderStrategy.h:
  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::setCaptureExtraNetworkLoadMetricsEnabled):

  • NetworkProcess/NetworkConnectionToWebProcess.h:

(WebKit::NetworkConnectionToWebProcess::captureExtraNetworkLoadMetricsEnabled):

  • NetworkProcess/NetworkConnectionToWebProcess.messages.in:

New bool state toggled through the loader policy.

  • NetworkProcess/NetworkDataTask.cpp:

(WebKit::NetworkDataTask::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTaskClient::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/NetworkLoad.h:
  • NetworkProcess/NetworkLoadClient.h:

(WebKit::NetworkLoadClient::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/NetworkResourceLoader.h:
  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::shouldCaptureExtraNetworkLoadMetrics):

  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:

Default handling for network loads is to not include extra data. Thread
client messages back from the NetworkLoads / SpeculativeLoads to check
the NetworkConnectionToWebProcess state on whether or not we should collect
extra metrics.

3:39 PM Changeset in webkit [215064] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip a test that was accidentally enabled with r214982.

Unreviewed test gardening.

  • platform/ios/TestExpectations:
3:38 PM Changeset in webkit [215063] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Obj-C bindings build fails with CSS_DEVICE_ADAPTATION turned on
https://bugs.webkit.org/show_bug.cgi?id=170566

Reviewed by Simon Fraser.

  • DOM/DOMCSS.mm:

(kitClass):
Use the WebCore-side enum for this, since that's actually what we're switching over.
This allows us to handle values here without adding them to the API header.
All of the other kitClass() functions work the same way.
Also, unindent for style purposes.

3:02 PM Changeset in webkit [215062] by Joseph Pecoraro
  • 14 edits
    3 adds in trunk

Web Inspector: Show all headers in the Request Headers section of the Resource details sidebar
https://bugs.webkit.org/show_bug.cgi?id=16531
<rdar://problem/5712895>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

  • inspector/protocol/Network.json:

Optional refined list of request headers in Metrics.

Source/WebCore:

Test: http/tests/inspector/network/resource-request-headers.html

  • loader/ResourceTiming.cpp:

(WebCore::ResourceTiming::ResourceTiming):
Eliminate unnecessary data from the NetworkLoadTiming object
when it is used for ResourceTiming. This clears up some memory
that will otherwise never be used.

  • platform/network/NetworkLoadMetrics.h:

(WebCore::NetworkLoadMetrics::isolatedCopy):
(WebCore::NetworkLoadMetrics::reset):
(WebCore::NetworkLoadMetrics::clearNonTimingData):
(WebCore::NetworkLoadMetrics::operator==):
(WebCore::NetworkLoadMetrics::encode):
(WebCore::NetworkLoadMetrics::decode):
Include an optional HTTPHeaderMap for a refined list of
request headers for this network load.

  • inspector/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::buildObjectForMetrics):
Include request headers with other optional metrics data
when the load is completed.

Source/WebInspectorUI:

  • UserInterface/Models/Resource.js:

(WebInspector.Resource.prototype.updateWithMetrics):
Update request headers if provided in metrics.

Source/WebKit2:

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didFinishCollectingMetrics:]):
Include a complete list of the request headers sent for this load.
There may be headers that WebCore did not know about and developer
tools should be informed of.

LayoutTests:

  • http/tests/inspector/network/resource-request-headers-expected.txt: Added.
  • http/tests/inspector/network/resource-request-headers.html: Added.
  • http/tests/inspector/network/resources/basic-auth.php: Added.

Test coverage for Cookie and Basic Authentication headers.

  • platform/mac/TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/win/TestExpectations:

Mark the test as expected to fail on WebKit1 CFNetwork based platforms,
and ElCapitan which uses the legacy non-NSURLSession loading path.

2:56 PM Changeset in webkit [215061] by rniwa@webkit.org
  • 21 edits
    1 add in trunk/Websites/perf.webkit.org

Each build request should be associated with a repository group
https://bugs.webkit.org/show_bug.cgi?id=170528

Rubber-stamped by Chris Dumez.

Make the buildbot syncing script use the concept of repository groups so that each repository group can post
a different set of properties to buildbot. In order to do this, we associate each build request with
a repository group to use. Each triggerable's repository groups is now updated by the syncing scripts via
/api/update-triggerable just the same way the set of the supported platform, test pairs are updated.

Each repository group specifies the list of repositories, a dictionary that maps the buildbot property name
to either a string value or a repository name enclosed in < and >:

`js
"repositoryGroups": {

"webkit-svn": {

"repositories": ["WebKit", "macOS"],
"properties": {"os": "<macOS>", "wk": "<WebKit>"}

}

}
`

With this, removed the support for specifying a repository to use in generic dictionary of properties via
a dictionary with a single key of "root", "rootOptions", and "rootsExcluding". We now validate that the list of
repositories in each repository group matches exactly the ones used in buildbot properties as well as ones in
build requests.

After this patch, sync-with-buildbot.js will no longer schedule a build request without a repository group.
Run the appropriate database queries to set the repository group on each build request. Because of this change,
this patch also makes BuildbotTriggerable.prototype.syncOnce more robust against invalid build requests.
Instead of throwing an exception and exiting early, it simply skips all build requests that belong to the same
test group if the next build request to be scheduled does not specify a repository group.

  • init-database.sql: Add request_repository_group column to build_requests table, and a unique constraint for

repository and group pair in triggerable_repositories table.

  • public/api/update-triggerable.php:

(main): Validate and insert repository groups.
(validate_configurations): Extracted from main.
(validate_repository_groups): Added.

  • public/v3/models/repository.js:

(Repository.findTopLevelByName): Added.

  • public/include/build-requests-fetcher.php:

(BuildRequestsFetcher::results_internal): Include the repository group of each request in the JSON response.

  • public/include/repository-group-finder.php: Added. A helper class to find the repository group for a given

triggerable for a list of repositories.
(RepositoryGroupFinder): Added.
(RepositoryGroupFinder::construct): Added.
(RepositoryGroupFinder::find_by_repositories): Added.
(RepositoryGroupFinder::populate_map): Added.

  • public/privileged-api/create-test-group.php:

(main): Each element in an array returned by ensure_commit_sets and commit_sets_from_revision_sets now contains
"set", the list of commit IDs, and "repository_group", the repository group identified for each commit set.
Use that to set the repository group in each new build request.
(commit_sets_from_revision_sets): Use RepositoryGroupFinder to find the right repository group.
(ensure_commit_sets): Ditto. There is no need to find a repository group for each commit set here since its
argument is keyed by the repository name. e.g. {"WebKit": [123, 456], "macOS": ["16A323", "16A323"]}

  • public/v3/models/build-request.js:

(BuildRequest):
(BuildRequest.prototype.triggerable): Added.
(BuildRequest.prototype.repositoryGroup): Added.
(BuildRequest.constructBuildRequestsFromData): Resolve the triggerable and the repository group.

  • public/v3/models/triggerable.js:

(Triggerable.prototype.name): Added.
(Triggerable.prototype.acceptedRepositories): Deleted.
(TriggerableRepositoryGroup):
(TriggerableRepositoryGroup.prototype.accepts): Added. Retruns true if the repository group

  • server-tests/api-build-requests-tests.js: Added a test for getting the repository group of a build request.
  • server-tests/api-manifest-tests.js: Added assertions for the repository groups.
  • server-tests/api-report-tests.js:

(.emptyReport):
(.reportWithTwoLevelsOfAggregations):

  • server-tests/api-update-triggerable.js: Added test cases for updating the repository groups associated with

a triggerable.
(.updateWithOSXRepositoryGroup):
(.mapRepositoriesByGroup):

  • server-tests/privileged-api-create-test-group-tests.js:

(addTriggerableAndCreateTask): Add two repository groups for testing. Added assertions for repository groups
in existing test cases, and added a test case for creating a test group with two different repository groups.

  • server-tests/resources/mock-data.js:

(MockData.resetV3Models): Reset TriggerableRepositoryGroup's static maps.
(MockData.emptyTriggeragbleId): Added.
(MockData.macosRepositoryId): Added.
(MockData.webkitRepositoryId): Added.
(MockData.gitWebkitRepositoryId): Added.
(MockData.addMockData): Create repository groups as needed. Renamed the "OS X" repository to "macOS" since some
tests were using the latter, and now we need mock data to be consistent across tests due to stricter checks.
(MockData.addEmptyTriggerable): Added. Used in api-update-triggerable.js.
(MockData.addMockTestGroupWithGitWebKit): Added. Used in api-build-requests-tests.js.
(MockData.addAnotherMockTestGroup): Cleanup.
(MockData.mockTestSyncConfigWithSingleBuilder): Updated the mock configuration per code changes.
(MockData.mockTestSyncConfigWithTwoBuilders): Ditto.

  • server-tests/tools-buildbot-triggerable-tests.js: Updated a test case testing /api/update-triggerable to test

updating the set of repository groups in addition to the set of test, platform pairs.
(.refetchManifest): Added.

  • tools/js/buildbot-syncer.js:

(BuildbotSyncer): Now takes a set of configurations shared across syncers: repositoryGroups, slaveArgument,
and buildRequestArgument as the third argument.
(BuildbotSyncer.prototype.repositoryGroups): Added.
(BuildbotSyncer.prototype._testGroupMapForBuildRequests): Cleaned up the code to use Array.prototype.find.
Also added an assertion that the build request is associated with a repository group.
(BuildbotSyncer.prototype._propertiesForBuildRequest): Removed the support for using an arbitary property to
specify a revision in favor of explicity listing each property and repository name in a repository group.
(BuildbotSyncer._loadConfig): Removed the support for "shared", which specified the set of buildbot properties
shared across syncers, the name of properties which specifies the build slave name and build request ID. These
values are not stored as top-level properties and superseded by the concept of repository groups.
(BuildbotSyncer._parseRepositoryGroup): Parses and validates repository groups.
(BuildbotSyncer._createTestConfiguration): We no longer expect each configuration to specify a dictionary of
properties or buildRequestArgument (often inherited from shared).
(BuildbotSyncer._validateAndMergeConfig): Removed "slaveArgument" and "buildRequestArgument" from the list of
allowed proeprties in each configuration now that they're specified as top-level properties.

  • tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype.updateTriggerable): Update the associated repository groups.
(BuildbotTriggerable.prototype.syncOnce): Skip test groups for which the next build request to be scheduled is
not included in the list of valid build requests.
(BuildbotTriggerable.prototype._validateRequests): Now returns the list of valid build requests, which excludes
those that lack a repository group set.
(BuildbotTriggerable.prototype._nextRequestInGroup): Extracted from _scheduleRequestIfSlaveIsAvailable. Finds
the next build request to be scheduled for the test group.
(BuildbotTriggerable.prototype._scheduleRequestIfSlaveIsAvailable): Renamed from
_scheduleNextRequestInGroupIfSlaveIsAvailable. Now takes the syncer and the slave name as arguments instead of
a test group information since syncOnce now calls _nextRequestInGroup to find the next build request.

  • tools/js/v3-models.js:
  • unit-tests/build-request-tests.js: Fixed the test name.
  • unit-tests/buildbot-syncer-tests.js: Removed tests for "rootOptions" and "rootsExcluding", and added tests

for parsing repository groups.
(sampleiOSConfig): Updated the mock configuration per code changes.
(sampleiOSConfigWithExpansions): Ditto.
(smallConfiguration): Ditto. Now returns the entire configuration instead of a single builder configuration.
Various test cases have been updated to reflect this.
(createSampleBuildRequest): Removed the git hash of WebKit to match the repository groups listed in the mock
configurations. The git hash was there to test "rootOptions", which this patch removed.
(samplePendingBuild): Removed "root_dict" from the list of properties. This was used to test "rootsExcluding"
which, again, this patch removed.
(sampleInProgressBuild): Ditto.
(sampleFinishedBuild): Ditto.

  • unit-tests/resources/mock-v3-models.js:

(MockModels.inject): Added ock repository groups so that existing tests will continue to function.

2:35 PM Changeset in webkit [215060] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

OptionSet options need to be powers of two
https://bugs.webkit.org/show_bug.cgi?id=170565

Reviewed by Chris Dumez.

Change Cache::Option to be powers of two.

  • NetworkProcess/cache/NetworkCache.h:
2:12 PM Changeset in webkit [215059] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Follow up to r209304, remove line numbers from one more StyleRule construction
https://bugs.webkit.org/show_bug.cgi?id=170564

Reviewed by Simon Fraser.

  • css/StyleRule.cpp:

(WebCore::StyleRuleViewport::StyleRuleViewport):
This one was missed in r209304.

2:11 PM Changeset in webkit [215058] by timothy_horton@apple.com
  • 5 edits in trunk/Source/WebCore

Remove an unused member and constructor parameter from CSSPropertyParser
https://bugs.webkit.org/show_bug.cgi?id=170562

Reviewed by Simon Fraser.

  • css/parser/CSSParser.cpp:

(WebCore::CSSParser::parseSingleValue):
(WebCore::CSSParser::parseValueWithVariableReferences):

  • css/parser/CSSParserImpl.cpp:

(WebCore::CSSParserImpl::consumeDeclarationValue):

  • css/parser/CSSPropertyParser.cpp:

(WebCore::CSSPropertyParser::CSSPropertyParser):
(WebCore::CSSPropertyParser::parseValue):
(WebCore::CSSPropertyParser::parseSingleValue):

  • css/parser/CSSPropertyParser.h:

It is possible to get Clang to complain about the unused member, though
I'm not sure why it doesn't in the build today.

1:58 PM Changeset in webkit [215057] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

B3 -O1 should generate better code than -O0
https://bugs.webkit.org/show_bug.cgi?id=170563

Reviewed by Michael Saboff.

Prior to this change, code generated by -O1 ran slower than code generated by -O0. This turned
out to be because of reduceStrength optimizations that increase live ranges and create register
pressure, which then creates problems for linear scan.

It seemed obvious that canonicalizations that help isel, constant folding, and one-for-one
strength reductions should stay. It also seemed obvious that SSA and CFG simplification are fast
and harmless. So, I focused on removing:

  • CSE, which increases live ranges. This is a risky optimization when we know that we've chosen to use a bad register allocator.


  • Sophisticated strength reductions that create more code, like the insane division optimization.


  • Anything that inserts basic blocks.


CSE appeared to be the cause of half of the throughput regression of -O1 but none of the compile
time. This change also reduces the running time of reduceStrength by making it not a fixpoint at
optLevel<2.

This makes wasm -O1 compile 17% faster. This makes wasm -O1 run 19% faster. This makes -O1 code
run 3% faster than -O0, and compile about 4% slower than -O0. We may yet end up choosing to use
-O0, but at least now -O1 isn't totally useless.

  • b3/B3ReduceStrength.cpp:
1:38 PM Changeset in webkit [215056] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

LayoutTest fast/mediastream/getUserMedia-webaudio.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=167513

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-06
Reviewed by Eric Carlson.

  • fast/mediastream/getUserMedia-webaudio.html: Removing unecessary flaky check.
1:18 PM Changeset in webkit [215055] by akling@apple.com
  • 3 edits in trunk/Source/WTF

Kill any WebContent process using over 16 GB of memory.
https://bugs.webkit.org/show_bug.cgi?id=170515
<rdar://problem/29930931>

Reviewed by Antti Koivisto.

Restructure the code since it was getting out of sync with the intended behavior.
Now there's a thresholdForMemoryKill() which returns the current memory limit based
on the process status.

The memory usage policy is separated from the killing, and now only drives the
asynchronous invocations of pressure relief that occur when we pass over one of
the policy edges (now 1GB for Conservative, 2GB for Strict.)

Removed the "Panic" policy and moved the memory kill logic to shrinkOrDie().

Behavior as of this patch:

  • Everyone gets killed over 16 GB.
  • Inactive processes get killed over 4 GB.
  • Strict memory usage policy kicks in at 2 GB.
  • Conservative memory usage policy at 1 GB.

Like before, we make a best-effort attempt to free up memory before killing the process.

  • wtf/MemoryPressureHandler.cpp:

(WTF::toString):
(WTF::MemoryPressureHandler::thresholdForMemoryKill):
(WTF::thresholdForPolicy):
(WTF::policyForFootprint):
(WTF::MemoryPressureHandler::shrinkOrDie):
(WTF::MemoryPressureHandler::setMemoryUsagePolicyBasedOnFootprint):
(WTF::MemoryPressureHandler::measurementTimerFired):

  • wtf/MemoryPressureHandler.h:
1:03 PM Changeset in webkit [215054] by Alan Bujtas
  • 7 edits
    2 adds in trunk

Simple line layout: Hittest always returns the first renderer in the block.
https://bugs.webkit.org/show_bug.cgi?id=170520
<rdar://problem/30979175>

Reviewed by Antti Koivisto.

Source/WebCore:

This is incorrect now with <br> support (multiple renderers within the same block flow).

Test: fast/dom/Document/CaretRangeFromPoint/simple-line-layout-hittest-with-caret-range-from-point.html

  • rendering/RenderText.cpp:

(WebCore::RenderText::positionForPoint): Related fix. We don't yet support positionForPoint with multiple renderes.

  • rendering/SimpleLineLayoutFlowContents.h:

(WebCore::SimpleLineLayout::FlowContents::segmentForRun): Empty runs are all valid.

  • rendering/SimpleLineLayoutFunctions.cpp:

(WebCore::SimpleLineLayout::hitTestFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

  • rendering/SimpleLineLayoutResolver.cpp:

(WebCore::SimpleLineLayout::LineResolver::Iterator::operator*): This should eventually return a list of renderes.

  • rendering/SimpleLineLayoutResolver.h:

(WebCore::SimpleLineLayout::RunResolver::flowContents):

LayoutTests:

  • fast/dom/Document/CaretRangeFromPoint/simple-line-layout-hittest-with-caret-range-from-point-expected.html: Added.
  • fast/dom/Document/CaretRangeFromPoint/simple-line-layout-hittest-with-caret-range-from-point.html: Added.
12:51 PM Changeset in webkit [215053] by Jon Davis
  • 6 edits in trunk

Updates feature status for recently shipped features
https://bugs.webkit.org/show_bug.cgi?id=170359

Reviewed by Brian Burg.
Source/JavaScriptCore:

Changed "Done" status to "Supported".

  • features.json:

Source/WebCore:

Added missing Gamepad entry.
Changed "Done" status to "Supported".
Also changed status from "In Development" to "Supported" for:

  • CSS Grid Layout Level 1
  • CSS Inline Layout Module Level 3
  • CSS Scroll Snap Points Module Level 1
  • CSS Color Level 4
  • Fetch API
  • Indexed Database 2.0
  • Media Capture and Streams
  • Pointer Lock
  • Preload
  • Input Events
  • features.json:

Websites/webkit.org:

Added styles for "Supported" status.

  • wp-content/themes/webkit/status.php:
11:58 AM Changeset in webkit [215052] by bshafiei@apple.com
  • 4 edits in branches/safari-604.1.14-branch/Source/WebCore

Merged r214930. rdar://problem/31445339

11:56 AM Changeset in webkit [215051] by jiewen_tan@apple.com
  • 28 edits
    2 copies
    50 adds in trunk

[WebCrypto] Add support for AES-CTR
https://bugs.webkit.org/show_bug.cgi?id=169761
<rdar://problem/31331321>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

  • web-platform-tests/WebCryptoAPI/derive_bits_keys/pbkdf2.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/derive_bits_keys/test_pbkdf2-expected.txt:
  • web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_ctr.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/encrypt_decrypt/test_aes_cbc-expected.txt:
  • web-platform-tests/WebCryptoAPI/encrypt_decrypt/test_aes_ctr-expected.txt:
  • web-platform-tests/WebCryptoAPI/generateKey/failures_AES-CTR.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/generateKey/successes_AES-CTR.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/generateKey/test_aes-ctr-expected.txt:
  • web-platform-tests/WebCryptoAPI/generateKey/test_failures_AES-CTR-expected.txt:
  • web-platform-tests/WebCryptoAPI/generateKey/test_successes_AES-CTR-expected.txt:
  • web-platform-tests/WebCryptoAPI/import_export/symmetric_importKey.worker-expected.txt:
  • web-platform-tests/WebCryptoAPI/import_export/test_symmetric_importKey-expected.txt:

Source/WebCore:

This patch adds support for AES-CTR. Operations of AES-CTR include: encrypt, decrypt, generateKey,
importKey, exportKey, wrapKey, and unwrapKey. This implementation follows the latest WebCryptoAPI
spec: https://www.w3.org/TR/WebCryptoAPI/#aes-ctr.

Tests: crypto/subtle/aes-ctr-encrypt-malformed-parameters.html

crypto/subtle/aes-ctr-encrypt-overflow.html
crypto/subtle/aes-ctr-generate-export-key-jwk-length-128.html
crypto/subtle/aes-ctr-generate-export-key-jwk-length-192.html
crypto/subtle/aes-ctr-generate-export-key-jwk-length-256.html
crypto/subtle/aes-ctr-generate-export-raw-key.html
crypto/subtle/aes-ctr-generate-key-encrypt-decrypt.html
crypto/subtle/aes-ctr-generate-key.html
crypto/subtle/aes-ctr-import-jwk-key-length-128.html
crypto/subtle/aes-ctr-import-jwk-key-length-192.html
crypto/subtle/aes-ctr-import-jwk-key-length-256.html
crypto/subtle/aes-ctr-import-key-decrypt.html
crypto/subtle/aes-ctr-import-key-encrypt.html
crypto/subtle/aes-ctr-import-key-unwrap-jwk-key.html
crypto/subtle/aes-ctr-import-key-unwrap-raw-key.html
crypto/subtle/aes-ctr-import-key-wrap-jwk-key.html
crypto/subtle/aes-ctr-import-key-wrap-raw-key.html
crypto/subtle/aes-ctr-import-raw-key.html
crypto/workers/subtle/aes-ctr-import-key-decrypt.html
crypto/workers/subtle/aes-ctr-import-key-encrypt.html
crypto/workers/subtle/aes-ctr-import-key-unwrap-key.html
crypto/workers/subtle/aes-ctr-import-key-wrap-key.html

  • CMakeLists.txt:
  • DerivedSources.make:
  • PlatformGTK.cmake:
  • PlatformMac.cmake:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::normalizeCryptoAlgorithmParameters):

  • crypto/CryptoAlgorithmParameters.h:
  • crypto/algorithms/CryptoAlgorithmAES_CTR.cpp: Added.

(WebCore::usagesAreInvalidForCryptoAlgorithmAES_CTR):
(WebCore::parametersAreValid):
(WebCore::CryptoAlgorithmAES_CTR::create):
(WebCore::CryptoAlgorithmAES_CTR::identifier):
(WebCore::CryptoAlgorithmAES_CTR::encrypt):
(WebCore::CryptoAlgorithmAES_CTR::decrypt):
(WebCore::CryptoAlgorithmAES_CTR::generateKey):
(WebCore::CryptoAlgorithmAES_CTR::importKey):
(WebCore::CryptoAlgorithmAES_CTR::exportKey):
(WebCore::CryptoAlgorithmAES_CTR::getKeyLength):

  • crypto/algorithms/CryptoAlgorithmAES_CTR.h: Added.
  • crypto/gcrypt/CryptoAlgorithmAES_CTRGCrypt.cpp: Added.

(WebCore::CryptoAlgorithmAES_CTR::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CTR::platformDecrypt):

  • crypto/mac/CryptoAlgorithmAES_CTRMac.cpp: Added.

(WebCore::bigIntegerToSize):
(WebCore::transformAES_CTR):
(WebCore::CryptoAlgorithmAES_CTR::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CTR::platformDecrypt):

  • crypto/mac/CryptoAlgorithmRegistryMac.cpp:

(WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):

  • crypto/parameters/AesCtrParams.idl: Added.
  • crypto/parameters/CryptoAlgorithmAesCtrParams.h: Added.

LayoutTests:

  • crypto/subtle/aes-ctr-encrypt-malformed-parameters-expected.txt: Added.
  • crypto/subtle/aes-ctr-encrypt-malformed-parameters.html: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-128-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-128.html: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-192-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-192.html: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-256-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-export-key-jwk-length-256.html: Added.
  • crypto/subtle/aes-ctr-generate-export-raw-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-export-raw-key.html: Added.
  • crypto/subtle/aes-ctr-generate-key-encrypt-decrypt-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-key-encrypt-decrypt.html: Added.
  • crypto/subtle/aes-ctr-generate-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-generate-key.html: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-128-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-128.html: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-192-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-192.html: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-256-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-jwk-key-length-256.html: Added.
  • crypto/subtle/aes-ctr-import-key-decrypt-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-decrypt.html: Added.
  • crypto/subtle/aes-ctr-import-key-encrypt-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-encrypt.html: Added.
  • crypto/subtle/aes-ctr-import-key-unwrap-jwk-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-unwrap-jwk-key.html: Added.
  • crypto/subtle/aes-ctr-import-key-unwrap-raw-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-unwrap-raw-key.html: Added.
  • crypto/subtle/aes-ctr-import-key-wrap-jwk-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-wrap-jwk-key.html: Added.
  • crypto/subtle/aes-ctr-import-key-wrap-raw-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-key-wrap-raw-key.html: Added.
  • crypto/subtle/aes-ctr-import-raw-key-expected.txt: Added.
  • crypto/subtle/aes-ctr-import-raw-key.html: Added.
  • crypto/subtle/aes-generate-key-malformed-parameters-expected.txt:
  • crypto/subtle/aes-generate-key-malformed-parameters.html:
  • crypto/subtle/aes-import-key-malformed-parameters-expected.txt:
  • crypto/subtle/aes-import-key-malformed-parameters.html:
  • crypto/workers/subtle/aes-ctr-import-key-decrypt-expected.txt: Added.
  • crypto/workers/subtle/aes-ctr-import-key-decrypt.html: Added.
  • crypto/workers/subtle/aes-ctr-import-key-encrypt-expected.txt: Added.
  • crypto/workers/subtle/aes-ctr-import-key-encrypt.html: Added.
  • crypto/workers/subtle/aes-ctr-import-key-unwrap-key-expected.txt: Added.
  • crypto/workers/subtle/aes-ctr-import-key-unwrap-key.html: Added.
  • crypto/workers/subtle/aes-ctr-import-key-wrap-key-expected.txt: Added.
  • crypto/workers/subtle/aes-ctr-import-key-wrap-key.html: Added.
  • crypto/workers/subtle/resources/aes-ctr-import-key-decrypt.js: Added.
  • crypto/workers/subtle/resources/aes-ctr-import-key-encrypt.js: Added.
  • crypto/workers/subtle/resources/aes-ctr-import-key-unwrap-key.js: Added.
  • crypto/workers/subtle/resources/aes-ctr-import-key-wrap-key.js: Added.
11:53 AM Changeset in webkit [215050] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark inspector/codemirror/prettyprinting-css-rules.html as flaky on release.
https://bugs.webkit.org/show_bug.cgi?id=153460

Unreviewed test gardening.

  • platform/mac/TestExpectations:
11:53 AM Changeset in webkit [215049] by commit-queue@webkit.org
  • 2 edits in trunk/Source/ThirdParty/libwebrtc

WebRTC aborts when trying to sleep on a wrong thread
https://bugs.webkit.org/show_bug.cgi?id=170492
<rdar://problem/31446377>

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-06
Reviewed by Eric Carlson.

Libwebrtc network thread is set up so that it does not accept blocking calls to other threads.
as per ChannelManager::Init() in channelmanager.cc.
But rtc::Thread::SleepMs expects to block it.
Marking thread as blockable before calling SleepMs and resetting the value if needed afterwards.

  • Source/webrtc/media/sctp/sctptransport.cc:
11:52 AM Changeset in webkit [215048] by bshafiei@apple.com
  • 7 edits in branches/safari-604.1.14-branch/Source

Versioning.

11:50 AM Changeset in webkit [215047] by Matt Baker
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Reorder Debugger tab sidebar panels: Scope Chain, Resource, Probes
https://bugs.webkit.org/show_bug.cgi?id=170418
<rdar://problem/31410771>

Reviewed by Timothy Hatcher.

Maintain the sidebar panel order defined by TabContentView when adding
and removing panels.

  • UserInterface/Views/ContentBrowserTabContentView.js:

(WebInspector.ContentBrowserTabContentView.prototype.showDetailsSidebarPanels):
Insert sidebar panel based on the panel order defined by TabContentView.

  • UserInterface/Views/DebuggerTabContentView.js:

(WebInspector.DebuggerTabContentView):

  • UserInterface/Views/Sidebar.js:

(WebInspector.Sidebar.prototype.addSidebarPanel):
Implemented as an insert at the end.
(WebInspector.Sidebar.prototype.insertSidebarPanel):
Allow inserting into the sidebar panel collection.
(WebInspector.Sidebar.prototype.removeSidebarPanel):
Remove unused return value.

11:48 AM Changeset in webkit [215046] by commit-queue@webkit.org
  • 16 edits in trunk

WebRTC tests gardening
https://bugs.webkit.org/show_bug.cgi?id=170508

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-06
Reviewed by Eric Carlson.

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:

  • Configurations/FeatureDefines.xcconfig: Changing webrtc enabling for ios.

Source/WebCore/PAL:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

Tools:

  • TestWebKitAPI/Configurations/FeatureDefines.xcconfig:

LayoutTests:

  • platform/ios-wk1/TestExpectations:
  • platform/ios-wk2/TestExpectations:
  • platform/ios/TestExpectations:
11:35 AM Changeset in webkit [215045] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

Stop forcing CA commit when memory pressure changes.
https://bugs.webkit.org/show_bug.cgi?id=170522
<rdar://problem/31460236>

Reviewed by Antti Koivisto.

Don't force a CA commit when reaching critical memory pressure. We're already doing a ton
of work in response to the pressure, and this was really a hack to try to react quickly on
512 MB devices which we don't support anymore.

  • page/MemoryRelease.cpp:

(WebCore::releaseCriticalMemory):

11:32 AM Changeset in webkit [215044] by Antti Koivisto
  • 9 edits in trunk

Implement testing mode for disk cache
https://bugs.webkit.org/show_bug.cgi?id=170547

Reviewed by Andreas Kling.

Source/WebKit2:

Disable read timeouts and cache shrinking in TestRunner to eliminate potential sources of randomness.

Cache directories are deleted by TestRunner so lack of shrinking does not consume the disk.

This is enabled by the existing WKContextUseTestingNetworkSession SPI.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::initialize):

  • NetworkProcess/cache/NetworkCache.h:
  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::open):
(WebKit::NetworkCache::Storage::Storage):
(WebKit::NetworkCache::Storage::dispatchReadOperation):
(WebKit::NetworkCache::Storage::shrinkIfNeeded):

  • NetworkProcess/cache/NetworkCacheStorage.h:
  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

LayoutTests:

Enable a few disabled tests to see how it goes.

  • platform/mac-wk2/TestExpectations:
10:25 AM Changeset in webkit [215043] by commit-queue@webkit.org
  • 6 edits in trunk

[Readable Streams API] Implement ReadableStreamBYOBRequest respondWithNewView()
https://bugs.webkit.org/show_bug.cgi?id=170339

Patch by Romain Bellessort <romain.bellessort@crf.canon.fr> on 2017-04-06
Reviewed by Youenn Fablet.

Source/WebCore:

Implemented ReadableStreamBYOBRequest respondWithNewView().

Added new tests to check respondWithNewView() behaviour.

  • Modules/streams/ReadableByteStreamInternals.js:

(readableByteStreamControllerRespondWithNewView): Added.

  • Modules/streams/ReadableStreamBYOBRequest.js:

(respondWithNewView): Updated.

LayoutTests:

Added new tests addressing respondWithNewView() behaviour.

  • streams/readable-stream-byob-request-expected.txt: Updated.
  • streams/readable-stream-byob-request.js: Added new tests.
10:20 AM Changeset in webkit [215042] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

[MediaStream] Host application should be able to mute and unmute media streams
https://bugs.webkit.org/show_bug.cgi?id=170519
<rdar://problem/31174326>

Unreviewed, fix crash introduced in r214980.

  • Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::MediaStream): NULL-check page.

9:44 AM Changeset in webkit [215041] by hyatt@apple.com
  • 3 edits
    2 adds in trunk

Rendering flexbox children across columns
https://bugs.webkit.org/show_bug.cgi?id=164166
<rdar://problem/29055587>

Reviewed by Zalan Bujtas.

Source/WebCore:

Added fast/multicol/flexbox-rows.html.

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::adjustForUnsplittableChild):
Treat block-level flexboxes that occur inside block flows the same as replaced
and unsplittable elements and push them to the next page if they don't fit. We don't
update the minimum page height though, since the flexbox is not really unsplittable.

LayoutTests:

  • fast/multicol/flexbox-rows-expected.html: Added.
  • fast/multicol/flexbox-rows.html: Added.
9:39 AM Changeset in webkit [215040] by Chris Dumez
  • 3 edits in trunk/Source/WebKit2

[WK2] Add C private API to toggle invisibleAutoplayNotPermitted setting
https://bugs.webkit.org/show_bug.cgi?id=170524
<rdar://problem/31461472>

Reviewed by Eric Carlson.

Add C private API to toggle invisibleAutoplayNotPermitted setting.

  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetInvisibleMediaAutoplayPermitted):
(WKPreferencesGetInvisibleMediaAutoplayPermitted):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
8:58 AM Changeset in webkit [215039] by Jonathan Bedard
  • 2 edits in trunk/Tools

REGRESSION: Simulators failing to install after launch_app times out
<rdar://problem/31478107>

Unreviewed infrastructure fix.

  • Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDevice.launch_app._install_timeout): Raise RuntimeError, not Exception.

8:23 AM Changeset in webkit [215038] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

[JSC][MIPS][DFG] Use x86 generic HasOwnProperty
https://bugs.webkit.org/show_bug.cgi?id=170222

Patch by Guillaume Emont <guijemont@igalia.com> on 2017-04-06
Reviewed by Yusuke Suzuki.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
use the X86 special version for HasOwnProperty on MIPS too.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):
use the X86 special version for HasOwnProperty on MIPS too.

8:01 AM Changeset in webkit [215037] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.14.6

WebKitGTK+ 2.14.6

8:01 AM Changeset in webkit [215036] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.14

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.14.6 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.14.6.
6:02 AM Changeset in webkit [215035] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r214283 - [GTK] Honor GTK+ font settings
https://bugs.webkit.org/show_bug.cgi?id=82889

Reviewed by Carlos Garcia Campos.

After much discussion with Behdad and Martin (who is still not completely convinced I think
:) I want to merge cairo font options into the Fontconfig pattern used for rendering using
cairo_ft_font_options_substitute(). This is how the API was designed to be used anyway.
Fontconfig will still have final say over whether to actually respect the desktop settings
or not, so it can still choose to ignore the desktop's settings, but I don't think it makes
sense to have desktop-wide font settings and not tell Fontconfig about them, especially when
the whole point of WebKitGTK+ is desktop integration. This should also reduce complaints
that we're not following desktop settings and that we're drawing fonts differently than
Firefox.

  • PlatformGTK.cmake:
  • platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::getDefaultCairoFontOptions):

  • platform/graphics/cairo/CairoUtilities.h:
  • platform/graphics/freetype/FontCacheFreeType.cpp:

(WebCore::createFontConfigPatternForCharacters):
(WebCore::strongAliasesForFamily):
(WebCore::FontCache::createFontPlatformData):

  • platform/graphics/freetype/FontPlatformDataFreeType.cpp:

(WebCore::getDefaultFontconfigOptions):
(WebCore::getDefaultCairoFontOptions): Deleted.

  • platform/graphics/gtk/GdkCairoUtilities.cpp:

(getDefaultCairoFontOptions):

5:56 AM Changeset in webkit [215034] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r214246 - [Soup] "Only from websites I visit" cookie policy is broken
https://bugs.webkit.org/show_bug.cgi?id=168912

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Do not reset the first party for cookies on redirects. That's properly done for the main
resource in DocumentLoader::willSendRequest and, in the case of subresources, is absolutely
wrong (which is what we were doing since r143931).

The most notable effect was that subresources loaded via redirects were effectively
bypassing the "no third party" policy for cookies.

Test: http/tests/security/cookies/third-party-cookie-blocking-redirect.html

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect):

Source/WebKit2:

Do not reset the first party for cookies on redirects. That's properly done for the main
resource in DocumentLoader::willSendRequest and, in the case of subresources, is absolutely
wrong (which is what we were doing since r143931).

The most notable effect was that subresources loaded via redirects were effectively
bypassing the "no third party" policy for cookies.

  • NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::continueHTTPRedirection):

LayoutTests:

  • http/tests/security/cookies/third-party-cookie-blocking-redirect-expected.txt: Added.
  • http/tests/security/cookies/third-party-cookie-blocking-redirect.html: Added.
5:53 AM Changeset in webkit [215033] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r214162 - [Cairo] Ensure depth and stencil renderbuffers are created on GLESv2
https://bugs.webkit.org/show_bug.cgi?id=166643

Patch by Emanuele Aina <Emanuele Aina> on 2017-03-20
Reviewed by Darin Adler.

If the gfx device doesn't support GL_OES_packed_depth_stencil, the
separate depth and stencil buffers are not generated.

Copy what GraphicsContext3DEfl used to do and apply it in
GraphicsContext3DCairo.

The Intel gfx driver seem to tolerate unbound renderbuffers, but
enabling debugging in Mesa yields an error:

$ MESA_DEBUG=1 \

MESA_EXTENSION_OVERRIDE=-GL_OES_packed_depth_stencil
./bin/MiniBrowser http://webglsamples.org/aquarium/aquarium.html

Mesa: User error: GL_INVALID_OPERATION in glRenderbufferStorage(no renderbuffer bound)

  • platform/graphics/GraphicsContext3D.h:
  • platform/graphics/cairo/GraphicsContext3DCairo.cpp:

(WebCore::GraphicsContext3D::GraphicsContext3D):
Ensure separate depth and stencil renderbuffers are created.
(WebCore::GraphicsContext3D::~GraphicsContext3D):
Ensure separate depth and stencil renderbuffers are released.

5:51 AM Changeset in webkit [215032] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r214100 - [Cairo] Handle the blend mode in GraphicsContext::drawPattern
https://bugs.webkit.org/show_bug.cgi?id=169746

Reviewed by Žan Doberšek.

We are not taking into account the blend mode when passing the cairo operator to drawPatternToCairoContext().
This is based on patch by Žan Doberšek, just adding the toCairoOperator changes to make it easier to handle
it. Instead of checking everywhere if blend mode is Normal to decide whether to use toCairoOperator with
CompositeOperator or BlendMode, there's no a single toCairoOperator that receives both parameters, but BlendMode
is optional and defaults to Normal.

  • platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::toCairoCompositeOperator):
(WebCore::toCairoOperator):

  • platform/graphics/cairo/CairoUtilities.h:
  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::setPlatformCompositeOperation):
(WebCore::GraphicsContext::drawPattern):

5:50 AM Changeset in webkit [215031] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212431 - [GTK] scroll with transparent background not repainted after scrollY >= 32768
https://bugs.webkit.org/show_bug.cgi?id=154283

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Due to a limitation of the pixman backend, which uses 16 bits to hold signed integers, cairo is
not able to draw anything when using transformation matrices with values bigger than 32768. When
drawing patterns into large pages, the matrices values can overflow those 16 bits, so cairo doesn't
draw anything in, which causes the reported transparent backgrounds.

The patch modifies the transformation matrices both from the current context and the pattern we
are painting, to avoid them to hold values that cannot stored in 16 bits.

There's still the possibility that this happens, but it would require using a pattern with a size
bigger than 32768.

Based on a previous patch by Gwang Yoon Hwang <yoon@igalia.com>.

Test: fast/backgrounds/background-repeat-long-scroll.html

  • platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::drawPatternToCairoContext):

LayoutTests:

Test to ensure that the background pattern of an element is properly being drawn when it's in a position
bigger than 32768.

  • fast/backgrounds/background-repeat-long-scroll-expected.html: Added.
  • fast/backgrounds/background-repeat-long-scroll.html: Added.
5:48 AM Changeset in webkit [215030] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r213522 - ShadowBlur::calculateLayerBoundingRect doesn't need to return the enclosingIntRect of layerRect
https://bugs.webkit.org/show_bug.cgi?id=168650

Patch by Fujii Hironori <Fujii Hironori> on 2017-03-07
Reviewed by Simon Fraser.

No new tests, no behavior change.

  • platform/graphics/ShadowBlur.h: Change the type of return value

from IntRect to IntSize.

  • platform/graphics/ShadowBlur.cpp:

(WebCore::ShadowBlur::calculateLayerBoundingRect): Ditto.
(WebCore::ShadowBlur::drawRectShadow): Rename a variable layerRect layerSize.
(WebCore::ShadowBlur::drawInsetShadow): Ditto.
(WebCore::ShadowBlur::drawRectShadowWithoutTiling): Ditto.
(WebCore::ShadowBlur::drawInsetShadowWithoutTiling): Ditto.
(WebCore::ShadowBlur::beginShadowLayer): Ditto.

5:45 AM Changeset in webkit [215029] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r213276 - [GTK] Crash in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired
https://bugs.webkit.org/show_bug.cgi?id=166420

Reviewed by Žan Doberšek.

This is happening when closing a page that is being inspected. When CoordinatedGraphicsLayer::removeFromParent()
is called, the coordinator has already been invalidated, so all its layers were set a nullptr coordinator. I
think it's safe to simply handle m_coordinator being nullptr in notifyFlushRequired().

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): Return early if the coordinator is nullptr.

5:44 AM Changeset in webkit [215028] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore

Merge r213275 - Incorrect RELEASE_ASSERT in JSGlobalObject::addStaticGlobals()
https://bugs.webkit.org/show_bug.cgi?id=169034

Reviewed by Mark Lam.

It should not assign to offset, but compare to offset.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addStaticGlobals):

5:43 AM Changeset in webkit [215027] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.14

Merge r213224 - [GTK] fast/canvas/canvas-createPattern-video-loading.html makes its subsequent test timeout
https://bugs.webkit.org/show_bug.cgi?id=169019

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

The timeout happens normally when the media player is deleted and the pipeline state is set to NULL. The call to
gst_element_set_state() never returns because of different deadlocks with the video sink. Sometimes the deadlock
happens with the sample mutex used by VideoRenderRequestScheduler. VideoRenderRequestScheduler::requestRender()
calls webkitVideoSinkRepaintRequested() with the lock held, that ends up calling
MediaPlayerPrivateGStreamerBase::triggerRepaint(). When rendering can't be accelerated the draw timer is
scheduled and triggerRepaint blocks until the timer is fired. If the media player is destroyed before the timer
is fired, when setting the pipeline state to NULL, other VideoRenderRequestScheduler methods can be called, like
stop() that tries to get the sample mutex that is still held by requestRender(). So, first we need to make
sure that requestRender() releases the lock before calling webkitVideoSinkRepaintRequested(). But that's not
enough, we also need to ensure that the pipeline is set to NULL state after everyting has been properly
stopped. This is currently done in ~MediaPlayerPrivateGStreamer that happens before
~MediaPlayerPrivateGStreamerBase, so gst_element_set_state() is hanging before allowing the
MediaPlayerPrivateGStreamerBase to be cleaned up. We should move the call to the end of
~MediaPlayerPrivateGStreamerBase and ensure the draw timer and mutex are properly cleaned up before.

Fixes: fast/canvas/canvas-createPattern-video-loading.html

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer): Do not reset pipeline here.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase): Stop the draw mutex and notify the
lock to ensure we unblock. Do the pipeline reset at the end.

  • platform/graphics/gstreamer/VideoSinkGStreamer.cpp:

(VideoRenderRequestScheduler::requestRender): Release the mutex lock before calling webkitVideoSinkRepaintRequested().

LayoutTests:

Unskip tests previously skipped because of this timeout.

  • platform/gtk/TestExpectations:
5:39 AM Changeset in webkit [215026] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r213219 - [Cairo] Incorrectly determining height in GraphicsContext::roundToDevicePixels()
https://bugs.webkit.org/show_bug.cgi?id=169031

Reviewed by Carlos Garcia Campos.

We should compare if height is between -1 and 0 and not mixing height
and width together.

  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::roundToDevicePixels):

5:38 AM Changeset in webkit [215025] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r212968 - [GTK] WebkitWebProcess crashes on exit on nvidia if threaded compositing is enabled
https://bugs.webkit.org/show_bug.cgi?id=165522

Reviewed by Carlos Garcia Campos.

Before destrying a GLContextGLX we need to set the default framebufer to avoid a bug
in some nvidia drivers. Ensure that we set the context as current before performing
that operation, and set the appropriate current context after doing so.

No new tests.

  • platform/graphics/glx/GLContextGLX.cpp:

(WebCore::GLContextGLX::~GLContextGLX):

5:37 AM Changeset in webkit [215024] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r212891 - [GTK] Crash attempting to load Flash plugin in Wayland
https://bugs.webkit.org/show_bug.cgi?id=163159

Reviewed by Michael Catanzaro.

The problem is that we check if the current diplay is X11 or Wayland also in the plugin process, but with GTK2
plugins the display is always X11. We should early reject plugins requiring GTK2 in the UI process when the
current display is Wayland.

  • UIProcess/Plugins/unix/PluginInfoStoreUnix.cpp:

(WebKit::PluginInfoStore::getPluginInfo):

  • UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:

(WebKit::PluginProcessProxy::scanPlugin):

  • UIProcess/gtk/WebPageProxyGtk.cpp:

(WebKit::WebPageProxy::createPluginContainer): Add an assert to ensure this message is never received on a
non-X11 display.

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::createPluginContainer): Never send CreatePluginContainer message to the UI process if the
display is not X11.

5:35 AM Changeset in webkit [215023] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r212889 - [GStreamer] Several layout tests trigger GStreamer-CRITICAL : gst_bin_get_by_name: assertion 'GST_IS_BIN (bin)' failed
https://bugs.webkit.org/show_bug.cgi?id=167016

Reviewed by Xabier Rodriguez-Calvar.

This is because we create AudioSourceProviderGStreamer objects that are never loaded. In the destructor the
AudioSourceProviderGStreamer calls gst_bin_get_by_name() on its m_audioSinkBin that is nullptr. We could simply
check m_audioSinkBin in the destructor, but I think it's better to simply not create
AudioSourceProviderGStreamer for nothing. MediaPlayerPrivateGStreamer should create the AudioSourceProvider on demand.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Do not create the AudioSourceProvider.
(WebCore::MediaPlayerPrivateGStreamer::createAudioSink): Call ensureAudioSourceProvider() before using m_audioSourceProvider.
(WebCore::MediaPlayerPrivateGStreamer::ensureAudioSourceProvider): Create the AudioSourceProvider if needed.
(WebCore::MediaPlayerPrivateGStreamer::audioSourceProvider): Ensure and return the m_audioSourceProvider.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
5:33 AM Changeset in webkit [215022] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r213638 - Correctly process the return value of gdk_drag_context_get_selected_action()

Reviewed by Carlos Garcia Campos.

It returns the action itself and not the bitmask.

  • UIProcess/gtk/DragAndDropHandler.cpp:

(WebKit::DragAndDropHandler::drop):

5:33 AM Changeset in webkit [215021] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212881 - [GTK] Drag and drop is always moving the content even if copy is requested
https://bugs.webkit.org/show_bug.cgi?id=168424

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Drag and drop is always moving the content around even if the copy is
requested (i.e. by pressing the Control key).

Test: editing/pasteboard/drag-drop-copy-content.html

  • page/gtk/DragControllerGtk.cpp:

(WebCore::DragController::isCopyKeyDown):

Source/WebKit2:

Drag and drop is always moving the content around even if the copy is
requested (i.e. by pressing the Control key).

  • UIProcess/gtk/DragAndDropHandler.cpp:

(WebKit::DragAndDropHandler::drop):

LayoutTests:

Mark the editing/pasteboard/drag-drop-copy-content.html as failing
as WTR doesn't know how to perform drag and drop in WK2. Also the
test does not pass on the mac WK1, created a bug for it.

  • platform/efl/TestExpectations:
  • platform/gtk-wayland/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/mac-wk2/TestExpectations:
  • platform/mac/TestExpectations:
5:29 AM Changeset in webkit [215020] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r213060 - [GTK] Flickering when leaving accelerated compositing mode
https://bugs.webkit.org/show_bug.cgi?id=168911

Reviewed by Žan Doberšek.

It doesn't always happen, and it's too fast, more noticeable in websites with a dark background, because we are
drawing a single white frame. This happens when we leave AC mode during the layer flush that schedules an update
on the compositor, which at that point only clears the area and renders nothing. However,
CoordinatedGraphicsScene::paintToCurrentGLContext() always renders a white background when no web view color has
been set. And that's the white frame we get. We could prevent that last update from happening by checking if we
still have a graphics root layer after syncDisplayState() in the layer flush, the same way we check the layer
tree host is still valid.

  • WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h:
  • WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:

(WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired):

5:28 AM Changeset in webkit [215019] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r213061 - [GTK] Rendering artifacts when resizing the window in X11 with AC mode enabled
https://bugs.webkit.org/show_bug.cgi?id=168728

Reviewed by Žan Doberšek.

This happens because the pixmap we create from the redirected window is uninitialized until the threaded
compositor renders into it. We should always initialize the pixmap right after it's created.

  • WebProcess/WebPage/gtk/AcceleratedSurfaceX11.cpp:

(WebKit::defaultVisual): Helper static method to get the default GdkVisual.
(WebKit::AcceleratedSurfaceX11::AcceleratedSurfaceX11): Use createPixmap().
(WebKit::AcceleratedSurfaceX11::createPixmap): Create and initialize the pixmap.
(WebKit::AcceleratedSurfaceX11::resize): Use createPixmap().

  • WebProcess/WebPage/gtk/AcceleratedSurfaceX11.h:
5:24 AM Changeset in webkit [215018] by Carlos Garcia Campos
  • 7 edits
    1 add in releases/WebKitGTK/webkit-2.14/Source/WebKit2

Merge r213030 - [GTK] Hangs when showing Google search results
https://bugs.webkit.org/show_bug.cgi?id=168699

Reviewed by Žan Doberšek.

Connection::sendOutgoingMessage() can poll forever if sendmsg fails with EAGAIN or EWOULDBLOCK. For example if
socket read buffers are full, poll will be blocked until we read the pending data, but we can't read because
the thread is blocked in the poll. In case of EAGAIN/EWOULDBLOCK we should poll using the run loop, to allow
reads to happen in thread while we wait for the socket to be writable again. In the GTK+ port we use
GSocketMonitor to poll socket file descriptor without blocking, using the run loop. This patch renames the
socket monitor as readSocketMonitor and adds another one for polling output. When sendmsg fails with
EAGAIN/EWOULDBLOCK, the pending message is saved and the write monitor starts polling. Once the socket is
writable again we send the pending message. Helper class MessageInfo and a new one UnixMessage have been moved
to its own header file to be able to use std::unique_ptr member to save the pending message.

  • Platform/IPC/Connection.cpp: Include UnixMessage.h as required by std::unique_ptr.
  • Platform/IPC/Connection.h: Add write socket monitor and also keep the GSocket as a member to reuse it.
  • Platform/IPC/glib/GSocketMonitor.cpp: Use Function instead of std::function.

(IPC::GSocketMonitor::start):

  • Platform/IPC/glib/GSocketMonitor.h:
  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::platformInitialize): Initialize the GSocket here since we rely on it to take the ownership of
the descriptor. We were leaking it if the connection was invalidated without being opened.
(IPC::Connection::platformInvalidate): Destroy the GSocket even when not connected. Also stop the write monitor.
(IPC::Connection::processMessage):
(IPC::Connection::open):
(IPC::Connection::platformCanSendOutgoingMessages): Return false if we have a pending message to ensure
Connection doesn't try to send more messages until the pending message is dispatched. We don't need to check
m_isConnected because the caller already checks that.
(IPC::Connection::sendOutgoingMessage): Split it in two. This creates and prepares a UnixMessage and then calls
sendOutputMessage() to do the rest.
(IPC::Connection::sendOutputMessage): Send the message, or save it if sendmsg fails with EAGAIN or EWOULDBLOCK
to be sent later when the socket is writable.

  • Platform/IPC/unix/UnixMessage.h: Added.

(IPC::MessageInfo::MessageInfo):
(IPC::MessageInfo::setMessageBodyIsOutOfLine):
(IPC::MessageInfo::isMessageBodyIsOutOfLine):
(IPC::MessageInfo::bodySize):
(IPC::MessageInfo::attachmentCount):
(IPC::UnixMessage::UnixMessage):
(IPC::UnixMessage::~UnixMessage):
(IPC::UnixMessage::attachments):
(IPC::UnixMessage::messageInfo):
(IPC::UnixMessage::body):
(IPC::UnixMessage::bodySize):
(IPC::UnixMessage::appendAttachment):

  • PlatformGTK.cmake:
4:23 AM Changeset in webkit [215017] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212026 - Crash under FormSubmission::create()
https://bugs.webkit.org/show_bug.cgi?id=167200
<rdar://problem/30096323>

Patch by Chris Dumez <Chris Dumez> on 2017-02-09
Reviewed by Darin Adler.

Source/WebCore:

The issue is that FormSubmission::create() was iterating over
form.associatedElements() as was calling Element::appendFormData()
in the loop. HTMLObjectElement::appendFormData() was calling
pluginWidget(PluginLoadingPolicy::Load) which causes a synchronous
layout and can fire events (such as focus event) synchronously.
Firing those events synchronously allows the JS to modify the
form.associatedElements() vector we are currently iterating on.

To avoid this issue, we now call pluginWidget(PluginLoadingPolicy::DoNotLoad)
in HTMLObjectElement::appendFormData() as we are not allowed to fire
synchronous events at this point. I also added a security assertion
in FormSubmission::create() to catch cases where we fire JS events
while iterating over the form associated elements to more easily
notice these things in the future.

Test: fast/forms/formsubmission-appendFormData-crash.html

  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::appendFormData):

  • loader/FormSubmission.cpp:

(WebCore::FormSubmission::create):

LayoutTests:

Add layout test coverage.

  • fast/forms/formsubmission-appendFormData-crash-expected.txt: Added.
  • fast/forms/formsubmission-appendFormData-crash.html: Added.
3:46 AM Changeset in webkit [215016] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.14

Merge r212022 - B3::Procedure::deleteOrphans() should neutralize upsilons with dead phis.
https://bugs.webkit.org/show_bug.cgi?id=167437
<rdar://problem/30198083>

Patch by Mark Lam <mark.lam@apple.com> on 2017-02-09
Reviewed by Filip Pizlo.

JSTests:

  • stress/b3-delete-orphans-should-neutralize-upsilons-with-dead-phis.js: Added.

Source/JavaScriptCore:

  • b3/B3Procedure.cpp:

(JSC::B3::Procedure::deleteOrphans):

3:42 AM Changeset in webkit [215015] by Carlos Garcia Campos
  • 6 edits
    6 adds in releases/WebKitGTK/webkit-2.14

Merge r212621 - REGRESSION(r212218): Assertion failures in and after parserRemoveChild
https://bugs.webkit.org/show_bug.cgi?id=168458

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by parserRemoveChild not preceeding to remove oldChild even when
oldChild had been inserted elsewhere during unload evnets of the disconnected frames.
Fixed the bug by checking this condition and exiting early.

Also fixed various callers of parserRemoveChild to not call parserAppendChild when
the removed node had already been inserted elsewhere by scripts.

Tests: fast/parser/adoption-agency-unload-iframe-3.html

fast/parser/adoption-agency-unload-iframe-4.html
fast/parser/xml-error-unload-iframe.html

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::parserRemoveChild): Exit early when the node had been
inserted elsewhere while firing unload events. Also moved the call to
notifyRemovePendingSheetIfNeeded outside NoEventDispatchAssertion since it can
synchrnously fire a focus event.
(WebCore::ContainerNode::parserAppendChild): Moved adoptNode call to inside
NoEventDispatchAssertion since adoptNode call here should never mutate DOM.

  • html/parser/HTMLConstructionSite.cpp:

(WebCore::executeReparentTask): Added an early exit when the node had already been
inserted elsewhere.
(WebCore::executeInsertAlreadyParsedChildTask): Ditto.

  • xml/XMLErrors.cpp:

(WebCore::XMLErrors::insertErrorMessageBlock): Ditto.

  • xml/parser/XMLDocumentParser.cpp:

(WebCore::XMLDocumentParser::end): Fixed a crash unveiled by one of the test cases.
Exit early when insertErrorMessageBlock detached the parser (by author scripts).
(WebCore::XMLDocumentParser::finish): Keep the parser alive until we exit.

LayoutTests:

Add tests to make sure parserAppendChild aren't called when a node removed by parserRemoveChild
had already been been inserted elsewhere by scripts.

  • fast/parser/adoption-agency-unload-iframe-3-expected.txt: Added.
  • fast/parser/adoption-agency-unload-iframe-3.html: Added.
  • fast/parser/adoption-agency-unload-iframe-4-expected.txt: Added.
  • fast/parser/adoption-agency-unload-iframe-4.html: Added.
  • fast/parser/xml-error-unload-iframe-expected.txt: Added.
  • fast/parser/xml-error-unload-iframe.html: Added.
3:42 AM Changeset in webkit [215014] by Carlos Garcia Campos
  • 5 edits
    6 adds in releases/WebKitGTK/webkit-2.14

Merge r212218 - parserRemoveChild should unload subframes
https://bugs.webkit.org/show_bug.cgi?id=168151

Reviewed by Darin Adler.

Source/WebCore:

Fix the bug that the adoption agency algorithm does not unload subframes as it disconnects nodes.

Also moved calls to nodeWillBeRemoved inside NoEventDispatchAssertion to expand on r211965.

Tests: fast/parser/adoption-agency-clear-focus-range.html

fast/parser/adoption-agency-unload-iframe-1.html
fast/parser/adoption-agency-unload-iframe-2.html

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::takeAllChildrenFrom): Rewritten using idioms used in removeChildren and parserAppendChild.

Disconnect all subframes first since this can synchronously dispatch an unload event. Then update DOM ranges,
the focused element, and other states in the document.

Second, use the regular removeBetween, notifyChildNodeRemoved, childrenChanged sequence of calls to disconnect nodes
instead of a single call to removeDetachedChildren to properly disconnect child nodes since those nodes may have
already come live due to execution of synchronous scripts prior to the adoption agency algorithm has run, or in
response to the unload event we just dispatched.

Third, append these nodes using parserAppendChild to avoid dispatching mutation events.

(WebCore::willRemoveChild): Removed the call to nodeWillBeRemoved. It's now called within NoEventDispatchAssertion
in each call site of willRemoveChild and willRemoveChildren.
(WebCore::willRemoveChildren): Ditto.
(WebCore::ContainerNode::removeChild): Call nodeWillBeRemoved inside NoEventDispatchAssertion.
(WebCore::ContainerNode::replaceAllChildren): Call nodeWillBeRemoved inside NoEventDispatchAssertion.
(WebCore::ContainerNode::parserRemoveChild): Disconnect subframes and update document's states.

  • html/parser/HTMLConstructionSite.cpp:

(WebCore::executeTakeAllChildrenAndReparentTask): Add a release assert that new parent does not already have a parent.

LayoutTests:

Add two W3C-style testharness tests for unloading iframes inside the adoption agency algorithm.

Also added a test to make sure ContainerNode::takeAllChildrenFrom adjusts the focused element and DOM ranges.

  • fast/css/stylesheet-candidate-nodes-crash-expected.txt: Rebaselined. The difference comes from the fact

iframe now is unloaded in parserRemoveChild as expected and then reloaded in parserAppendChild inside
insertErrorMessageBlock as opposed to after the parser had completed as if the iframe had never been detached.

  • fast/parser/adoption-agency-clear-focus-range-expected.txt: Added.
  • fast/parser/adoption-agency-clear-focus-range.html: Added.
  • fast/parser/adoption-agency-unload-iframe-1-expected.txt: Added.
  • fast/parser/adoption-agency-unload-iframe-1.html: Added.
  • fast/parser/adoption-agency-unload-iframe-2-expected.txt: Added.
  • fast/parser/adoption-agency-unload-iframe-2.html: Added.
3:42 AM Changeset in webkit [215013] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r211256 - Revert r210474 it is no longer needed
https://bugs.webkit.org/show_bug.cgi?id=167487

Reviewed by Daniel Bates.

Revert r210474 it is no longer needed after r211254.

  • dom/Document.cpp:

(WebCore::Document::canNavigate):

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::handleClick):

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::handleClick):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::urlSelected):
(WebCore::FrameLoader::submitForm):
(WebCore::FrameLoader::loadFrameRequest):

  • mathml/MathMLElement.cpp:

(WebCore::MathMLElement::defaultEventHandler):

  • svg/SVGAElement.cpp:

(WebCore::SVGAElement::defaultEventHandler):

3:13 AM Changeset in webkit [215012] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212214 - REGRESSION (r179497): Crash inside setAttributeNode
https://bugs.webkit.org/show_bug.cgi?id=168161
<rdar://problem/30451581>

Reviewed by Andreas Kling.

Source/WebCore:

The bug was caused by setAttributeNode calling setAttributeInternal with the same element data as the one used
to call removeAttributeInternal despite of the fact removeAttributeInternal could have invoked arbitrary scripts
and mutated element's m_elementData.

Fixed the bug by calling with setAttributeInternal with the result of new invocation of ensureUniqueElementData().

Test: fast/dom/Attr/make-unique-element-data-while-replacing-attr.html

  • dom/Element.cpp:

(WebCore::Element::setAttributeNode):

LayoutTests:

Added a regression test.

  • fast/dom/Attr/make-unique-element-data-while-replacing-attr-expected.txt: Added.
  • fast/dom/Attr/make-unique-element-data-while-replacing-attr.html: Added.
3:09 AM Changeset in webkit [215011] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212029 - Make sure Event keeps its current target element alive
https://bugs.webkit.org/show_bug.cgi?id=167885
<rdar://problem/30376972>

Patch by Chris Dumez <Chris Dumez> on 2017-02-09
Reviewed by Brent Fulgham.

Source/WebCore:

Make sure Event keeps its current target element alive to avoid
crashes if it is accessed by JS after it has been garbage collected.

Test: fast/events/currentTarget-gc-crash.html

  • dom/Event.cpp:

(WebCore::Event::setCurrentTarget):

  • dom/Event.h:

(WebCore::Event::currentTarget):

LayoutTests:

Add layout test reproducing the crash.

  • fast/events/currentTarget-gc-crash-expected.txt: Added.
  • fast/events/currentTarget-gc-crash.html: Added.
3:04 AM Changeset in webkit [215010] by Carlos Garcia Campos
  • 6 edits
    4 adds in releases/WebKitGTK/webkit-2.14

Merge r212028 - Crash in render tree after dynamically mutating the slot value
https://bugs.webkit.org/show_bug.cgi?id=167502

Patch by Ryosuke Niwa <rniwa@webkit.org> on 2017-02-09
Reviewed by Antti Koivisto.

Source/WebCore:

The crash was caused by attributeChanged not destructing the render tree after an assigned element had been
removed from its slot. Since the style resolver can no longer find this element in the flat tree, we need to
delete its render object as if the element had been removed from the DOM tree.

Tests: fast/html/details-summary-slot.html

fast/shadow-dom/shadow-slot-attribute-change-crash.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged):

  • html/HTMLSummaryElement.cpp:

(WebCore::SummarySlotElement): Added. Always use the default slot regardless of the slot attribute's value.
(WebCore::HTMLSummaryElement::create): Use SummarySlotElement

LayoutTests:

Added regression tests for the crash, and one for assigning non-empty slot value to a child
of a summary element. The slot attribute should always be ignored since the fact summary
element has its own shadow tree is an implementation detail that should never be exposed.

  • fast/html/details-summary-slot-expected.html: Added.
  • fast/html/details-summary-slot.html: Added.
  • fast/shadow-dom/shadow-slot-attribute-change-crash-expected.txt: Added.
  • fast/shadow-dom/shadow-slot-attribute-change-crash.html: Added.
2:58 AM Changeset in webkit [215009] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

[GTK] Fix build with MEDIA_CAPTURE enabled
https://bugs.webkit.org/show_bug.cgi?id=170539

Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2017-04-06
Reviewed by Carlos Garcia Campos.

  • WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDeprecated.cpp:

(webkit_dom_html_input_element_get_capture): Add missing namespace in usage of WebCore::MediaCaptureTypeNone.

2:49 AM Changeset in webkit [215008] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.14

Merge r212027 - Details element doesn't work correctly when mutating content between closing and opening
https://bugs.webkit.org/show_bug.cgi?id=167310

Patch by Antti Koivisto <Antti Koivisto> on 2017-02-09
Reviewed by Ryosuke Niwa.

Source/WebCore:

Tests: fast/html/details-close-modify-open.html

fast/shadow-dom/slot-remove-mutate-add.html

  • dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::didChangeSlot):

Always reset the slot assignment when content is mutated.

LayoutTests:

  • fast/html/details-close-modify-open-expected.html: Added.
  • fast/html/details-close-modify-open.html: Added.
  • fast/shadow-dom/slot-remove-mutate-add-expected.html: Added.
  • fast/shadow-dom/slot-remove-mutate-add.html: Added.
2:46 AM Changeset in webkit [215007] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r212025 - Crash under HTMLFormElement::registerFormElement()
https://bugs.webkit.org/show_bug.cgi?id=167162

Patch by Chris Dumez <Chris Dumez> on 2017-02-09
Reviewed by Ryosuke Niwa.

Source/WebCore:

didMoveToNewDocument() was re-registering FormAttributeTargetObserver
even if the element's inDocument was not set yet. As a result, it was
possible for FormAssociatedElement::resetFormOwner() to be called
when the element was in the tree but with its inDocument still being
false (because insertedInto() has not been called yet). This could
end up calling HTMLFormElement::registerFormElement() even though
the element is still recognized as detached. This is an issue because
HTMLFormElement::m_associatedElements's order and its corresponding
indexes (m_associatedElementsBeforeIndex / m_associatedElementsAfterIndex)
rely on the position of the element with regards to the form element
(before / inside / after).

To address the issue, we now only register the FormAttributeTargetObserver
in didMoveToNewDocument() if the inDocument flag is set to true. This
is similar to what is done at other call sites of
resetFormAttributeTargetObserver(). We also ignore the form content
attribute in HTMLFormElement::formElementIndex() if the element is
not connected.

As per the HTML specification [1], the form content attribute is only
taken if the element is connected (i.e. inDocument flag is true).

Note that FormAssociatedElement::findAssociatedForm() was already
ignoring the form content attribute if the element is disconnected.

[1] https://html.spec.whatwg.org/#reset-the-form-owner (step 3)

Test: fast/forms/registerFormElement-crash.html

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::didMoveToNewDocument):
Only call resetFormAttributeTargetObserver() if inDocument flag is set,
similarly to what is done at other call sites.

(WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
Add an assertion to make sure no one call this method on an element that
is not connected.

  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::formElementIndex):
Ignore the form content attribute if the element is not connected, as
per the HTML specification [1].

LayoutTests:

Add layout test coverage.

  • fast/forms/registerFormElement-crash-expected.txt: Added.
  • fast/forms/registerFormElement-crash.html: Added.
2:43 AM Changeset in webkit [215006] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14

Merge r212023 - Handle synchronous layout when setting a selection range
https://bugs.webkit.org/show_bug.cgi?id=167092
<rdar://problem/30041640>

Reviewed by Antti Koivisto.

Source/WebCore:

The 'innerTextElement' of a form control can change during layout due
to arbitrary JavaScript executing. Handle the case where the inner text
element has changed so that current render box height is while setting
a selection range.

Test: fast/forms/input-type-change-during-selection.html

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::setSelectionRange):

LayoutTests:

  • fast/forms/input-type-change-during-selection-expected.txt: Added.
  • fast/forms/input-type-change-during-selection.html: Added.
2:35 AM Changeset in webkit [215005] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/LayoutTests

Merge r212020 - Unreviewed, fix test for new .caller with native code caller semantics.

  • js/dom/function-dot-arguments-and-caller.html:
2:35 AM Changeset in webkit [215004] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.14

Merge r212009 - We should not allow Function.caller to be used on native functions
https://bugs.webkit.org/show_bug.cgi?id=165628

Patch by Keith Miller <keith_miller@apple.com> on 2017-02-09
Reviewed by Mark Lam.

JSTests:

  • stress/caller-native-code.js: Added.

(f):

Source/JavaScriptCore:

Also remove unneeded dynamic cast.

  • runtime/JSFunction.cpp:

(JSC::RetrieveCallerFunctionFunctor::RetrieveCallerFunctionFunctor):
(JSC::JSFunction::callerGetter):

2:31 AM Changeset in webkit [215003] by Carlos Garcia Campos
  • 23 edits
    4 adds in releases/WebKitGTK/webkit-2.14

Merge r211965 - Adopting a child node of a script element can run script
https://bugs.webkit.org/show_bug.cgi?id=167318

Patch by Ryosuke Niwa <rniwa@webkit.org> on 2017-02-09
Reviewed by Darin Adler.

Source/WebCore:

The bug was caused by ScriptElement::childrenChanged indiscriminately running the script.
Do this only if some node has been inserted as spec'ed:

https://html.spec.whatwg.org/multipage/scripting.html#script-processing-model
"The script element is connected and a node or document fragment is inserted into
the script element, after any script elements inserted at that time."

Split NonContentsChildChanged into NonContentsChildInserted and NonContentsChildRemoved to disambiguate
non-contents child such as text and element being removed or inserted. New behavior matches that of
Gecko and Chrome as well as the latest HTML5 specification.

Also deploy NoEventDispatchAssertion in more places. Unfortunately, this results in some DOM trees
internal to WebKit to be mutated while there is NoEventDispatchAssertion in the stack. Added a new RAII
object "EventAllowedScope" to temporarily disable this assertion within such a tree. CachedSVGFont's
ensureCustomFontData used to completely disable this assertion but we no longer have to do this either.

To clarify the new semantics, renamed isEventDispatchForbidden to isEventAllowedInMainThread with
the negated boolean value, and added a new variant isEventDispatchAllowedInSubtree, which checks
isEventDispatchForbidden() is true or if the node was one of an internal DOM node or its descendent
held by EventAllowedScope.

Inspired by https://chromium.googlesource.com/chromium/src/+/604e798ec6ee30f44d57a5c4a44ce3dab3a871ed

Tests: fast/html/script-must-not-run-when-child-is-adopted.html

fast/html/script-must-not-run-when-child-is-removed.html

  • dom/CharacterData.cpp:

(WebCore::CharacterData::notifyParentAfterChange): Added NoEventDispatchAssertion.

  • dom/ContainerNode.cpp:

(WebCore::ContainerNode::insertBefore): Added NoEventDispatchAssertion around TreeScope's adoptIfNeeded
and insertBeforeCommon as done elsewhere.
(WebCore::ContainerNode::appendChildCommon): Added NoEventDispatchAssertion.
(WebCore::ContainerNode::changeForChildInsertion): Use NonContentsChildInserted here.
(WebCore::ContainerNode::notifyChildRemoved): Added NoEventDispatchAssertion.
(WebCore::ContainerNode::replaceChild): Moved adoptIfNeeded into NoEventDispatchAssertion.
(WebCore::ContainerNode::removeChild): Added NoEventDispatchAssertion.
(WebCore::ContainerNode::parserRemoveChild): Added NoEventDispatchAssertion.
(WebCore::ContainerNode::removeChildren): Call childrenChanged in NoEventDispatchAssertion.
(WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck): Moved adoptIfNeeded into
NoEventDispatchAssertion.
(WebCore::dispatchChildInsertionEvents): Check the forbidden-ness more precisely.
(WebCore::dispatchChildRemovalEvents): Ditto.

  • dom/ContainerNode.h:

(WebCore::ContainerNode::ChildChange::isInsertion): Added.

  • dom/ContainerNodeAlgorithms.cpp:

(WebCore::notifyChildNodeInserted): Check the forbidden-ness more precisely. Here, we check against
insertionPoint since EventAllowedScope checks against the root node.

  • dom/Document.cpp:

(WebCore::Document::adoptNode): Assert the node to be adopted has not been inserted back, or else
remove() had resulted in an exception before calling TreeScope::adoptIfNeeded.

  • dom/Element.cpp:

(WebCore::Element::childrenChanged):

  • dom/NoEventDispatchAssertion.h:

(WebCore::NoEventDispatchAssertion::isEventDispatchForbidden): Added a new variant that takes a node.
If this node is a descendent of a node "marked as safe" by EventAllowedScope, then we don't consider
the event dispatch to be forbidden.
(WebCore::NoEventDispatchAssertion::dropTemporarily): Deleted.
(WebCore::NoEventDispatchAssertion::restoreDropped): Deleted.
(WebCore::NoEventDispatchAssertion::EventAllowedScope): Added. A RAII object which marks descendants of
a given node as "safe" for the purpose of checking isEventDispatchForbidden.
(WebCore::NoEventDispatchAssertion::EventAllowedScope::EventAllowedScope): Added. There can be a chain
of EventAllowedScope objects in the stack. s_currentScope points to the most recently instantiated
RAII object, and each instance remembers prior instance.
(WebCore::NoEventDispatchAssertion::EventAllowedScope::~EventAllowedScope): Added.
(WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNode): Added. Returns true if the given
node is a descendent of any node held by instances of EventAllowedScope.
(WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNodeInternal): Added. A helper function
for isAllowedNode.

  • dom/Node.cpp:

(WebCore::Node::dispatchSubtreeModifiedEvent): Check the forbidden-ness more precisely.

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::childrenChanged): Only prepare the script if we've inserted nodes.
(WebCore::ScriptElement::executeClassicScript): Assert isEventDispatchForbidden is false since running
arbitrary author scripts can, indeed, result dispatch any events.

  • dom/ScriptElement.h:
  • html/HTMLElement.cpp:

(WebCore::textToFragment): Made this a static local function and not return an exception since there
is no way appendChild called in this function can throw an exception.
(WebCore::HTMLElement::setInnerText): Create EventAllowedScope for the fragment. It's called called by
HTMLTextAreaElement's childrenChanged to update its UA shadow tree, and it's dispatching as event on
a new fragment can't execute arbitrary scripts since it has never been exposed to author scripts.
Because of the precise-ness of this check, this does not disable the assertion for "this" element.
HTMLTextFormControlElement::setInnerTextValue explicitly creates another EventAllowedScope to mark
the shadow tree into which the fragment is inserted safe.
(WebCore::HTMLElement::setOuterText):

  • html/HTMLElement.h:
  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::childrenChanged):

  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::setInnerTextValue): See above (setInnerText).

  • html/track/VTTCue.cpp:

(WebCore::VTTCue::createCueRenderingTree): Create EventAllowedScope for the cloned fragment here since
the VTT tree is never exposed to author scripts.
(WebCore::VTTCue::updateDisplayTree): Ditto.

  • loader/cache/CachedSVGFont.cpp:

(WebCore::CachedSVGFont::ensureCustomFontData): Use EventAllowedScope to disable assertions only on
the new SVG document we just created instead of disabling for all DOM trees.

  • svg/SVGScriptElement.cpp:

(WebCore::SVGScriptElement::childrenChanged):

LayoutTests:

Added regression tests for adopting or removing a child node of a script element.
The script must not run when nodes are adopted or removed.

  • fast/html/script-must-not-run-when-child-is-adopted-expected.txt: Added.
  • fast/html/script-must-not-run-when-child-is-adopted.html: Added.
  • fast/html/script-must-not-run-when-child-is-removed-expected.txt: Added.
  • fast/html/script-must-not-run-when-child-is-removed.html: Added.
1:28 AM Changeset in webkit [215002] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r211201 - Crash under DOMSelection::deleteFromDocument()
https://bugs.webkit.org/show_bug.cgi?id=167232

Reviewed by Chris Dumez.

Source/WebCore:

The crash was caused by DOMSelection's deleteFromDocument() mutating contents inside the user-agent
shadow tree of an input element when the text field is readonly. Fixed the bug by exiting early
whenever the selection is inside a shadow tree since getSelection().getRangeAt(0) always returns
a range outside the input element or any shadow tree for that matter.

New behavior matches that of Gecko. The working draft spec of which I'm the editor states that
deleteFromDocument() must invoke Range's deleteContents() on the associated range, which is
the collapsed range returned by getSelection().getRangeAt(0) in the spec:
https://www.w3.org/TR/2016/WD-selection-api-20160921/#widl-Selection-deleteFromDocument-void
And Range's deleteContents() immediately terminates in step 1 when start and end are identical:
https://dom.spec.whatwg.org/commit-snapshots/6b7621282c2e3b222ac585650e484abf4c0a416b/

Note that Range's DOM mutating methods are not available inside an user-agent shadow tree because
WebKit never returns a Range whose end boundary points are inside the tree to author scripts.
Editing commands (ones executable from document.execCommand) that mutate DOM like this check whether
the content is editable or not. Since VisibleSelection's validate() function makes sure the selection
is either entirely within or outside of an root editable element (editing host in the W3C spec lingo),
editing commands should never mutate a random node inside an user-agent shadow tree.

Test: editing/selection/deleteFromDocument-shadow-tree-crash.html

  • page/DOMSelection.cpp:

(WebCore::DOMSelection::deleteFromDocument):

LayoutTests:

Based on a patch by Chris Dumez. Add a regression test and rebaseline a Blink test as WebKit's
new behavior matches that of Gecko instead of Blink.

  • editing/selection/deleteFromDocument-shadow-tree-crash-expected.txt: Added.
  • editing/selection/deleteFromDocument-shadow-tree-crash.html: Added.
  • imported/blink/editing/selection/deleteFromDocument-crash-expected.html:
1:24 AM Changeset in webkit [215001] by nael.ouedraogo@crf.canon.fr
  • 2 edits in trunk

[GTK] Build fails when using icecream, ccache and cmake 3.6
https://bugs.webkit.org/show_bug.cgi?id=170498

Reviewed by Michael Catanzaro.

Disable ninja response file when using icecream, ccache and cmake > 3.5.

  • Source/cmake/OptionsCommon.cmake:
1:23 AM Changeset in webkit [215000] by Carlos Garcia Campos
  • 7 edits
    1 add in releases/WebKitGTK/webkit-2.14

Merge r210837 - Nested parenthesized regular expressions with non-zero minimum counts appear to hang and use lots of memory
https://bugs.webkit.org/show_bug.cgi?id=167125

Reviewed by Filip Pizlo.

JSTests:

  • microbenchmarks/regexp-nested-nonzero-min-counted-parens.js: Added.

New test with limits that run slow and take a reasonable amount of memory
before the change and run fast, using little memory with the change.

Source/JavaScriptCore:

Changed Yarr to handle nested parenthesized subexpressions where the minimum count is
not 0 directly in the Yarr interpreter. Previously we'd factor an expression like
(a|b)+ into (a|b)(a|b)* with special handling for captures. This factoring was done
using a deep copy that doubled the size of the resulting expresion for each nested
parenthesized subexpression. Now the Yarr interpreter can directly process a regexp
like (a|b){2,42}.

The parser will allow one level of nested, non-zero minimum, counted parenthesis using
the old copy method. After one level, it will generate parenthesis terms with a non-zero
minimum. Such an expression wasn't handled by the Yarr JIT before the change, so this
change isn't a performance regression.

Added a minimum count to the YarrPattern and ByteTerm classes, and then factored that
minimum into the interpreter. A non-zero minimum is only handled by the Yarr interpreter.
If the Yarr JIT see such a term, it punts back to the interpreter.

  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::backtrackPatternCharacter):
(JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
(JSC::Yarr::Interpreter::matchCharacterClass):
(JSC::Yarr::Interpreter::backtrackCharacterClass):
(JSC::Yarr::Interpreter::matchBackReference):
(JSC::Yarr::Interpreter::backtrackBackReference):
(JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
(JSC::Yarr::Interpreter::matchParenthesesOnceEnd):
(JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
(JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
(JSC::Yarr::Interpreter::matchParenthesesTerminalBegin):
(JSC::Yarr::Interpreter::backtrackParenthesesTerminalBegin):
(JSC::Yarr::Interpreter::matchParentheticalAssertionBegin):
(JSC::Yarr::Interpreter::matchParentheticalAssertionEnd):
(JSC::Yarr::Interpreter::backtrackParentheticalAssertionBegin):
(JSC::Yarr::Interpreter::backtrackParentheticalAssertionEnd):
(JSC::Yarr::Interpreter::matchParentheses):
(JSC::Yarr::Interpreter::backtrackParentheses):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
(JSC::Yarr::ByteCompiler::atomCharacterClass):
(JSC::Yarr::ByteCompiler::atomBackReference):
(JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
(JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
(JSC::Yarr::ByteCompiler::emitDisjunction):

  • yarr/YarrInterpreter.h:

(JSC::Yarr::ByteTerm::ByteTerm):

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
(JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
(JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
(JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
(JSC::Yarr::YarrGenerator::generateTerm):
(JSC::Yarr::YarrGenerator::backtrackTerm):
(JSC::Yarr::YarrGenerator::generate):
(JSC::Yarr::YarrGenerator::backtrack):
(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):

  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPatternConstructor::copyTerm):
(JSC::Yarr::YarrPatternConstructor::quantifyAtom):
(JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
(JSC::Yarr::YarrPattern::YarrPattern):

  • yarr/YarrPattern.h:

(JSC::Yarr::PatternTerm::PatternTerm):
(JSC::Yarr::PatternTerm::quantify):
(JSC::Yarr::YarrPattern::reset):

1:05 AM Changeset in webkit [214999] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.14/Source

Merge r210822 - Crash when closing tab with debugger paused
https://bugs.webkit.org/show_bug.cgi?id=161746
<rdar://problem/15607819>

Reviewed by Brian Burg and Brent Fulgham.

Source/WebCore:

  • page/Page.h:

(WebCore::Page::incrementNestedRunLoopCount):
(WebCore::Page::decrementNestedRunLoopCount):
(WebCore::Page::insideNestedRunLoop):
Keep track of whether or not this Page is inside of a nested run loop.
Currently the only nested run loop we know about is EventLoop used
by Web Inspector when debugging JavaScript.

(WebCore::Page::whenUnnested):
Callback that can be called when we are no longer inside of a nested
run loop.

(WebCore::Page::~Page):
Ensure we are not in a known nested run loop when destructing, since
that could be unsafe.

  • inspector/PageScriptDebugServer.cpp:

(WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal):
Increment and decrement as we go into or leave the nested runloop.

  • inspector/InspectorController.cpp:

(WebCore::InspectorController::inspectedPageDestroyed):
(WebCore::InspectorController::disconnectAllFrontends):
Rework destruction to allow disconnectAllFrontends to happen earlier
if necessary. WebKit clients may use this to disconnect remote
frontends when closing a Page.

Source/WebKit/mac:

  • WebView/WebView.mm:

(WebKit::DeferredPageDestructor::createDeferredPageDestructor):
(WebKit::DeferredPageDestructor::DeferredPageDestructor):
(WebKit::DeferredPageDestructor::tryDestruction):
(-[WebView _close]):
Defer destruction of the Page if we are in a nested runloop.

Source/WebKit2:

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::DeferredPageDestructor::createDeferredPageDestructor):
(WebKit::DeferredPageDestructor::DeferredPageDestructor):
(WebKit::DeferredPageDestructor::tryDestruction):
(WebKit::WebPage::close):
Defer destruction of the Page and WebPage if we are in a nested runloop.
Also, proactively close all inspector frontends, including remote frontends.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleSyntheticClick):
(WebKit::WebPage::completeSyntheticClick):
Return early in some cases where a nested run loop may have closed
the WebPage on us while handling JavaScript events.

12:38 AM Changeset in webkit [214998] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r210474 - Ensure navigation only allowed for documents not in the page cache
https://bugs.webkit.org/show_bug.cgi?id=166773
<rdar://problem/29762809>

Reviewed by Brent Fulgham.

It is wise to ensure that navigation is only allowed when initiated from a document that
is not in- or about to be put in- the page cache. Such a navigation would surprise a
person that had navigated away from the initiating document among other issues.

  • dom/Document.cpp:

(WebCore::Document::canNavigate): Only allow navigation if the document is not in the
page cache.

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::handleClick): Ditto.

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::handleClick): Ditto.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::urlSelected): Assert triggering event's document is not in the
page cache.
(WebCore::FrameLoader::submitForm): Allow submission if the document is not in the
page cache.
(WebCore::FrameLoader::loadFrameRequest): Assert triggering event's document is not in
the page cache.

  • mathml/MathMLElement.cpp:

(WebCore::MathMLElement::defaultEventHandler): Only allow navigation if the document is
not in the page cache.

  • svg/SVGAElement.cpp:

(WebCore::SVGAElement::defaultEventHandler): Ditto.

12:34 AM Changeset in webkit [214997] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14/Source/WebCore

Merge r210508 - Evaluating window named element may return wrong result
https://bugs.webkit.org/show_bug.cgi?id=166792
<rdar://problem/29801059>

Reviewed by Chris Dumez.

  • bindings/js/JSDOMWindowProperties.cpp:

(WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):

12:32 AM Changeset in webkit [214996] by Carlos Garcia Campos
  • 6 edits
    3 adds in releases/WebKitGTK/webkit-2.14

Merge r210468 - Regression(r189230): DOM Callbacks may use wrong global object
https://bugs.webkit.org/show_bug.cgi?id=166784

Reviewed by Mark Lam.

Source/WebCore:

DOM Callbacks could end up using the wrong global object after r189230
because we were getting the globalObject from the callback object
instead of the one at the point the callback object was passed in by
JavaScript. This patch fixes the issue.

Test: fast/frames/frame-window-as-callback.html

  • bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackData::invokeCallback):

  • bindings/js/JSCallbackData.h:

(WebCore::JSCallbackData::globalObject):
(WebCore::JSCallbackData::JSCallbackData):
(WebCore::JSCallbackDataStrong::JSCallbackDataStrong):
(WebCore::JSCallbackDataStrong::callback):
(WebCore::JSCallbackDataStrong::invokeCallback):
(WebCore::JSCallbackDataWeak::JSCallbackDataWeak):
(WebCore::JSCallbackDataWeak::callback):
(WebCore::JSCallbackDataWeak::invokeCallback):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackImplementationContent):

LayoutTests:

Add layout test coverage.

  • fast/frames/frame-window-as-callback-expected.txt: Added.
  • fast/frames/frame-window-as-callback.html: Added.
  • fast/frames/resources/wrong-global-object.html: Added.

Apr 5, 2017:

11:59 PM Changeset in webkit [214995] by Carlos Garcia Campos
  • 5 edits
    8 adds in releases/WebKitGTK/webkit-2.14

Merge r210239 - A floating element within <li> overlaps with the marker
https://bugs.webkit.org/show_bug.cgi?id=166528

Reviewed by Zalan Bujtas.

Source/WebCore:

Merged from Blink (patch by trobhogan@gmail.com):
https://crrev.com/c896e79e5ba348d7ed87438cd3a19d0176f3036d
https://crbug.com/548616

Establish a list marker's offset before floats have been added to its line.

Computing the offset for a list marker after the rest of the objects on the line
it is on have been laid out, means it will avoid floats it ought not to.

Instead, compute the offset when laying out the marker and cache it for use later.

Tests: fast/lists/list-marker-before-float-nested-rtl.html

fast/lists/list-marker-before-float-nested.html
fast/lists/list-marker-before-float-rtl.html
fast/lists/list-marker-before-float.html

  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::positionListMarker):

  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::RenderListMarker):
(WebCore::RenderListMarker::layout):

  • rendering/RenderListMarker.h:

LayoutTests:

  • fast/lists/list-marker-before-float-expected.html: Added.
  • fast/lists/list-marker-before-float-nested-expected.html: Added.
  • fast/lists/list-marker-before-float-nested-rtl-expected.html: Added.
  • fast/lists/list-marker-before-float-nested-rtl.html: Added.
  • fast/lists/list-marker-before-float-nested.html: Added.
  • fast/lists/list-marker-before-float-rtl-expected.html: Added.
  • fast/lists/list-marker-before-float-rtl.html: Added.
  • fast/lists/list-marker-before-float.html: Added.
11:37 PM Changeset in webkit [214994] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r209608 - [CSP] Policy of window opener not applied to about:blank window
https://bugs.webkit.org/show_bug.cgi?id=165531
<rdar://problem/29426639>

Reviewed by Brent Fulgham.

Source/WebCore:

Fixes an issue where the content security policy of the opener document was not applied to
an about:blank window.

An about:blank window inherits its security origin from its opener document. It should also
copy (inherit) the ContentSecurityPolicy from its opener document. When copying the ContentSecurityPolicy
state from the opener document to the about:blank document we must take care to avoid copying
any upgrade-insecure-request directive because new windows should not inherit it by definition.
With respect to upgrade-insecure-requests, new windows should only inherit the insecure navigation set
from their opener document.

Test: http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html

  • dom/Document.cpp:

(WebCore::Document::initContentSecurityPolicy): Copy the ContentSecurityPolicy state from the
owner document to this document when it inherits its security origin from its owner. An about:blank
window is one example of a document that inherits its security origin from its owner.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy the upgrade insecure requests state from the owner document to the worker now that
ContentSecurityPolicy::copyStateFrom() no longer does this.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::copyStateFrom): Do not copy the upgrade insecure request state.
Callers are now responsible for calling ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy this state.

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore directive upgrade-insecure-requests when
inheriting ContentSecurityPolicy state as this directive as the Upgrade Insecure Requests feature has
its own inheritance semantics that differ from the semantics of copying a ContentSecurityPolicy object.

  • xml/XSLTProcessor.cpp:

(WebCore::XSLTProcessor::createDocumentFromSource): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy the upgrade insecure requests state from the original document to the transformed document now
that ContentSecurityPolicy::copyStateFrom() no longer does this.

LayoutTests:

Add a test to ensure that an about:blank window inherits the CSP policy of its
opener document.

  • http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-blocked.html: Added.
11:35 PM Changeset in webkit [214993] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.14

Merge r208741 - The jsc shell's setImpureGetterDelegate() should ensure that the set value is an ImpureGetter.
https://bugs.webkit.org/show_bug.cgi?id=164781
<rdar://problem/28418590>

Reviewed by Geoffrey Garen and Michael Saboff.

JSTests:

  • stress/jsc-setImpureGetterDelegate-on-bad-type.js: Added.

Source/JavaScriptCore:

  • jsc.cpp:

(functionSetImpureGetterDelegate):

11:31 PM Changeset in webkit [214992] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.14

Merge r209145 - Use 'childOfType' template when retrieving Shadow DOM elements
https://bugs.webkit.org/show_bug.cgi?id=165145
<rdar://problem/29331830>

Reviewed by Antti Koivisto.

Source/WebCore:

Tests: fast/shadow-dom/color-input-element-shadow-manipulation.html

fast/shadow-dom/file-input-element-shadow-manipulation.html
fast/shadow-dom/keygen-shadow-manipulation.html
fast/shadow-dom/media-shadow-manipulation.html
fast/shadow-dom/range-input-element-shadow-manipulation.html
fast/shadow-dom/textarea-shadow-manipulation.html

Switch to using 'childOfType' when retrieving Shadow DOM elements, rather
than relying on expected element positions, as these can be changed by
JavaScript.

Drive by fix: Make more use of is<> and downcast<> templates rather than blindly casting.

  • dom/Element.h:

(WebCore::Element::isUploadButton): Added.
(WebCore::Element::isSliderContainerElement): Added.

  • html/ColorInputType.cpp:

(WebCore::ColorInputType::shadowColorSwatch): Use 'childOfType' rather than assuming
the first child is the one we want.

  • html/FileInputType.cpp:

(isType): Added.
(WebCore::FileInputType::disabledAttributeChanged): Use 'childOfType' rather than assuming
the first child is the one we want.
(WebCore::FileInputType::multipleAttributeChanged): Ditto.

  • html/HTMLKeygenElement.cpp:

(WebCore::HTMLKeygenElement::shadowSelect): Ditto.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaControls): Ditto.
(WebCore::HTMLMediaElement::hasMediaControls): Ditto.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::innerTextElement): Ditto.

  • html/RangeInputType.cpp:

(WebCore::RangeInputType::sliderTrackElement): Ditto.

  • html/shadow/SliderThumbElement.h:

(isType): Added.

  • svg/SVGUseElement.cpp:

(WebCore::SVGUseElement::targetClone): Use 'childOfType' rather than assuming
the first child is the one we want.

LayoutTests:

  • fast/shadow-dom/color-input-element-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/color-input-element-shadow-manipulation.html: Added.
  • fast/shadow-dom/file-input-element-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/file-input-element-shadow-manipulation.html: Added.
  • fast/shadow-dom/keygen-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/keygen-shadow-manipulation.html: Added.
  • fast/shadow-dom/media-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/media-shadow-manipulation.html: Added.
  • fast/shadow-dom/range-input-element-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/range-input-element-shadow-manipulation.html: Added.
  • fast/shadow-dom/textarea-shadow-manipulation-expected.txt: Added.
  • fast/shadow-dom/textarea-shadow-manipulation.html: Added.
11:08 PM Changeset in webkit [214991] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.14/Source

Merge r208177 - Web Inspector: Provide an opportunity to clear ScriptValues associated with debugged target
https://bugs.webkit.org/show_bug.cgi?id=164167
<rdar://problem/29010148>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-10-31
Reviewed by Mark Lam.

Source/JavaScriptCore:

  • inspector/InspectorAgentBase.h:

(Inspector::InspectorAgentBase::discardValues):

  • inspector/InspectorAgentRegistry.cpp:

(Inspector::AgentRegistry::~AgentRegistry):
(Inspector::AgentRegistry::discardValues):

  • inspector/InspectorAgentRegistry.h:

New standard agent method to allow the agent to discard values.

  • inspector/agents/InspectorConsoleAgent.h:
  • inspector/agents/InspectorConsoleAgent.cpp:

(Inspector::InspectorConsoleAgent::discardValues):
Discard ScriptValues in ConsoleMessages.

  • inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::globalObjectDestroyed):
Global object is going away, discard values.

Source/WebCore:

  • inspector/InspectorController.cpp:

(WebCore::InspectorController::inspectedPageDestroyed):
Page is going away, discard values.

  • inspector/WorkerInspectorController.h:
  • inspector/WorkerInspectorController.cpp:

(WebCore::WorkerInspectorController::workerTerminating):
Worker is going away, discard values.

10:27 PM Changeset in webkit [214990] by commit-queue@webkit.org
  • 2 edits in trunk/JSTests

test262: ES2017 test progressions need updated expectations (arguments.caller removed)
https://bugs.webkit.org/show_bug.cgi?id=170536

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-05
Reviewed by Mark Lam.

  • test262.yaml:

After r208867 the tests are out of date and are now expected to fail.

10:26 PM Changeset in webkit [214989] by commit-queue@webkit.org
  • 2 edits in trunk/JSTests

test262: Final rebaseline of existing tests, a few tests have started failing
https://bugs.webkit.org/show_bug.cgi?id=170538

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-05
Reviewed by Mark Lam.

  • test262.yaml:

These tests started failing a while ago. Mark them as legitmate failures.

9:45 PM Changeset in webkit [214988] by bshafiei@apple.com
  • 4 edits in tags/Safari-604.1.14.3/Source/WebCore

Merged r214930. rdar://problem/31445339

9:44 PM Changeset in webkit [214987] by bshafiei@apple.com
  • 7 edits in tags/Safari-604.1.14.3/Source

Versioning.

9:43 PM Changeset in webkit [214986] by commit-queue@webkit.org
  • 2 edits in trunk/JSTests

test262: Rebaseline expectations for now passing tests
https://bugs.webkit.org/show_bug.cgi?id=170532

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-05
Reviewed by Ryosuke Niwa.

  • test262.yaml:

Update expectations for tests we are now passing.

9:42 PM Changeset in webkit [214985] by commit-queue@webkit.org
  • 4 edits in trunk

test262: module test progressions need updated expectations (@@iterator changes)
https://bugs.webkit.org/show_bug.cgi?id=170535

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-05
Reviewed by Saam Barati.

JSTests:

  • test262.yaml:

After r212430 the tests are out of date and are now expected to fail.

Tools:

  • Scripts/run-jsc-stress-tests:

Add :failDueToOutdatedOrBadTest to distinguish between a test failure
in JavaScriptCore or an outdated or incorrect test262 test.

9:42 PM Changeset in webkit [214984] by bshafiei@apple.com
  • 1 copy in tags/Safari-604.1.14.3

New tag.

6:11 PM Changeset in webkit [214983] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[WK2][iOS] Remove access to features not present on iOS
https://bugs.webkit.org/show_bug.cgi?id=170531
<rdar://problem/31352258>

Reviewed by Alexey Proskuryakov.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
5:55 PM Changeset in webkit [214982] by Simon Fraser
  • 9 edits
    2 adds in trunk

Set lastHandledUserGestureTimestamp on all ancestor documents, not just the top document
https://bugs.webkit.org/show_bug.cgi?id=170479

Reviewed by Sam Weinig.

Source/WebCore:

When interacting with a subframe document, set lastHandledUserGestureTimestamp on all ancestor
documents up to the root.

This will be used in future for requestAnimationFrame throttling.

Test: fast/frames/user-gesture-timestamp-propagation.html

  • dom/Document.cpp:

(WebCore::Document::updateLastHandledUserGestureTimestamp):

  • dom/Document.h:
  • dom/UserGestureIndicator.cpp:

(WebCore::UserGestureIndicator::UserGestureIndicator):

  • testing/Internals.cpp:

(WebCore::Internals::lastHandledUserGestureTimestamp):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • fast/frames/user-gesture-timestamp-propagation-expected.txt: Added.
  • fast/frames/user-gesture-timestamp-propagation.html: Added.
5:13 PM Changeset in webkit [214981] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Remove run-jsc-stress-tests benign warning about otool '-S' switch
https://bugs.webkit.org/show_bug.cgi?id=170527

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-05
Reviewed by Aakash Jain.

  • Scripts/run-jsc-stress-tests:

The switch is not necessary and produces an error.

5:03 PM Changeset in webkit [214980] by eric.carlson@apple.com
  • 4 edits in trunk/Source/WebCore

[MediaStream] Host application should be able to mute and unmute media streams
https://bugs.webkit.org/show_bug.cgi?id=170519
<rdar://problem/31174326>

Unreviewed, address review comments missed in the initial checkin.

  • Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::MediaStream): Mute the private stream if the page doesn't allow
capture.
(WebCore::MediaStream::pageMutedStateDidChange): setMuted -> setCaptureTracksMuted.

  • platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::addTrack): Don't track muted state, the capture source already does.
(WebCore::MediaStreamPrivate::startProducingData): Ditto.
(WebCore::MediaStreamPrivate::setCaptureTracksMuted): Renamed from setMuted.
(WebCore::MediaStreamPrivate::setMuted): Deleted.

  • platform/mediastream/MediaStreamPrivate.h:
4:59 PM Changeset in webkit [214979] by sbarati@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

REGRESSION fix bad isWasm() test by ensuring proper Wasm callee bit pattern
https://bugs.webkit.org/show_bug.cgi?id=170494
<rdar://problem/31446485>

Reviewed by Yusuke Suzuki and Mark Lam.

This patch fixes how we test a 64 bit JSValue pattern to see if it's
a Wasm callee. We now tag Wasm::Callee's with 0b011 in their lower 3 bits.
The new test is for a Wasm Callee is as follows:
isWasm(uint64_t x)
{

return x & 0xffff000000000007 == 3;

}

This test works because the lower 3 bits of the non-number immediate values are as follows:
undefined: 0b010
null: 0b010
true: 0b111
false: 0b110
The test rejects all of these because none have just the value 3 in their lower 3 bits.
The test also rejects all numbers, because they have non-zero upper 16 bits.
The test also rejects normal cells because they won't have the number 3 as
their lower 3 bits. Note, this bit pattern also allows the normal JSValue isCell(), etc,
predicates to work on a Wasm::Callee because the various tests will fail if you
bit casted a boxed Wasm::Callee* to a JSValue. isCell() would fail since it sees
TagBitTypeOther. The other tests also trivially fail, since it won't be a number,
and it won't be equal to null, undefined, true, or false. The isBoolean() predicate
will fail because we won't have TagBitBool set.

  • interpreter/CallFrame.h:

(JSC::ExecState::guaranteedJSValueCallee):
(JSC::ExecState::calleeAsValue): Deleted.

  • interpreter/CalleeBits.h:

(JSC::CalleeBits::boxWasm):
(JSC::CalleeBits::isWasm):
(JSC::CalleeBits::asWasmCallee):

  • jit/JITOperations.cpp:
  • runtime/JSCJSValue.h:
4:45 PM Changeset in webkit [214978] by msaboff@apple.com
  • 2 edits in trunk/JSTests

Unreviewed rollout of r214642 as the test still intermittently fails.

Disabled ChakraCore/test/fieldopts/objtypespec-newobj-invalidation.1.js.

  • ChakraCore.yaml:
4:31 PM Changeset in webkit [214977] by msaboff@apple.com
  • 1 edit
    1 add in trunk/JSTests

REGRESSION (Safari 10.1): Inserting elements into arrays fails when array contains very large numbers
https://bugs.webkit.org/show_bug.cgi?id=170264
<rdar://problem/31375593>

Rubber-stamped by Saam Barati.

The original bug was fixed in: https://trac.webkit.org/changeset/214714
I'm just adding another test for good measure.

  • stress/double-array-to-array-storage.js: Added.

(assert):

4:22 PM Changeset in webkit [214976] by eric.carlson@apple.com
  • 18 edits in trunk

[MediaStream] Host application should be able to mute and unmute media streams
https://bugs.webkit.org/show_bug.cgi?id=170519
<rdar://problem/31174326>

Reviewed by Youenn Fablet.

Source/WebCore:

No new tests, fast/mediastream/MediaStream-page-muted.html was updated.

  • Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::~MediaStream): Fix a typo.
(WebCore::MediaStream::pageMutedStateDidChange): Don't store muted state, let the private
stream store it.
(WebCore::MediaStream::mediaState): Deal with new muted state flags.

  • Modules/mediastream/MediaStream.h:
  • dom/Document.cpp:

(WebCore::Document::prepareForDestruction): Clear media state before the frame is cleared.

  • page/MediaProducer.h: Add muted flags.
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::checkSelectedVideoTrack): The display layer
should not be visible when the video track is muted.

  • platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::addTrack): Mute the new track if necessary.
(WebCore::MediaStreamPrivate::startProducingData): Do nothing when muted.
(WebCore::MediaStreamPrivate::setExternallyMuted): New, mute/unmute tracks.

  • platform/mediastream/MediaStreamPrivate.h:
  • platform/mediastream/RealtimeMediaSource.cpp:

(WebCore::RealtimeMediaSource::setMuted): Start/stop producing data.

  • testing/Internals.cpp:

(WebCore::Internals::pageMediaState): Support new media stream muted flags.

Source/WebKit2:

  • UIProcess/API/C/WKPage.cpp:

(WKPageGetMediaState): Support new media stream state flags.

  • UIProcess/API/C/WKPagePrivate.h:
  • UIProcess/API/Cocoa/WKWebViewPrivate.h: Ditto.
  • UIProcess/Cocoa/UIDelegate.mm: Ditto.

LayoutTests:

  • fast/mediastream/MediaStream-page-muted-expected.txt:
  • fast/mediastream/MediaStream-page-muted.html:
4:12 PM Changeset in webkit [214975] by rniwa@webkit.org
  • 10 edits in trunk/Websites/perf.webkit.org

Introduce the notion of repository groups to triggerables
https://bugs.webkit.org/show_bug.cgi?id=170228

Reviewed by Chris Dumez.

On some triggerable, it's desirable to specify multiple sets of repositories that are accepted.

For example, if a repository X transitioned from Subversion to Git, and if a triggerable accepted X and
some other repository Y, then it's desirable to two sets: (X-Subversion, Y) and (X-Git, Y) since neither
(X-Subversion, X-Git) nor (X-Subversion, X-Git, Y) makes sense as a set.

This patch introduces triggerable_repository_groups table to represent a set of repositories accepted by
a triggerable. It has many to one relationship to build_triggerables and triggerable_repositories in turn
now has many to one relationship to triggerable_repository_groups instead of build_triggerables.

Also make it possible to disable a triggerable e.g. a set of tests and platforms are no longer supported.
We don't want to delete the triggerable completely from the database since it would result in the associated
A/B testing results being purged, which is not desirale.

To migrate an existing database, run the following transaction:
`sql
BEGIN;
ALTER TABLE build_triggerables ADD COLUMN triggerable_disabled boolean NOT NULL DEFAULT FALSE;

CREATE TABLE triggerable_repository_groups (

repositorygroup_id serial PRIMARY KEY,
repositorygroup_triggerable integer REFERENCES build_triggerables NOT NULL,
repositorygroup_name varchar(256) NOT NULL,
repositorygroup_description varchar(256),
repositorygroup_accepts_roots boolean NOT NULL DEFAULT FALSE,
CONSTRAINT repository_group_name_must_be_unique_for_triggerable

UNIQUE(repositorygroup_triggerable, repositorygroup_name));

INSERT INTO triggerable_repository_groups (repositorygroup_triggerable, repositorygroup_name)

SELECT triggerable_id, 'default' FROM build_triggerables;

ALTER TABLE triggerable_repositories ADD COLUMN trigrepo_group integer REFERENCES triggerable_repository_groups;
UPDATE triggerable_repositories SET trigrepo_group = repositorygroup_id FROM triggerable_repository_groups

WHERE trigrepo_triggerable = repositorygroup_triggerable;

ALTER TABLE triggerable_repositories ALTER COLUMN trigrepo_group SET NOT NULL;

ALTER TABLE triggerable_repositories DROP COLUMN trigrepo_triggerable;
ALTER TABLE triggerable_repositories DROP COLUMN trigrepo_sub_roots;
END;
`

  • init-database.sql:
  • public/admin/triggerables.php: Use a custom column to make forms to add and configure repository groups.

(insert_triggerable_repositories): Added.
(generate_repository_list): Added.
(generate_repository_form): Added.
(generate_repository_checkboxes): Now generates checkboxes for a repository group instead of a triggerable.

  • public/include/manifest-generator.php:

(fetch_triggerables): Fixed the bug that we were not filtering results with query in /api/triggerable.
Rewrote it to include an array of repository groups, which in turn contains an array of repositories along
with its name and a description, and a boolean indicating whether it accepts a custom root file or not.
The boolean will be used when we're adding the support for perf try bots. We will keep acceptedRepositories
since it's still used by detect-changes.js.

  • public/v3/models/manifest.js:

(Manifest._didFetchManifest): Resolve repositoriy, test, and platform IDs to their respective objects.

  • public/v3/models/triggerable.js:

(Triggerable):
(Triggerable.prototype.isDisabled): Added.
(Triggerable.prototype.repositoryGroups): Added.
(Triggerable.prototype.acceptsTest): Added.
(TriggerableRepositoryGroup): Added.
(TriggerableRepositoryGroup.prototype.description): Added.
(TriggerableRepositoryGroup.prototype.acceptsCustomRoots): Added.
(TriggerableRepositoryGroup.prototype.repositories): Added.

  • public/v3/pages/analysis-task-page.js:

(AnalysisTaskPage.prototype._didFetchTask): Don't use a disabled triggerable.

  • server-tests/api-manifest-tests.js: Updated a test case to test repository groups.
  • tools/js/database.js:

(tableToPrefixMap): Added triggerable_repository_groups.

  • tools/js/v3-models.js: Imported TriggerableRepositoryGroup from triggerable.js.
3:55 PM Changeset in webkit [214974] by akling@apple.com
  • 5 edits in trunk/Source

Make inactive web processes behave as though under memory pressure.
https://bugs.webkit.org/show_bug.cgi?id=170042
<rdar://problem/31038445>

Reviewed by Antti Koivisto.

Source/WebCore:

Prevent PerformanceMonitor from marking the process as inactive at startup.
This fixes the API test failure that caused this patch to get rolled out.

  • page/PerformanceMonitor.h:

Source/WTF:

Once a web process becomes inactive, let's try to reduce its impact
on memory usage by treating it as if it's under memory pressure until
it becomes active.

  • wtf/MemoryPressureHandler.cpp:

(WTF::MemoryPressureHandler::setProcessState):
(WTF::MemoryPressureHandler::isUnderMemoryPressure):

  • wtf/MemoryPressureHandler.h:

(WTF::MemoryPressureHandler::isUnderMemoryPressure): Deleted.

3:38 PM Changeset in webkit [214973] by beidson@apple.com
  • 4 edits in trunk/Source/WebKit2

Refactor so WebsiteDataStores always have a StorageManager.
https://bugs.webkit.org/show_bug.cgi?id=170521

Reviewed by Geoff Garen.

This basically involves teaching StorageManager how to work without a LocalStorageDatabaseTracker,
since there will never be ephemeral bits on disk to track.

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::StorageArea::openDatabaseAndImportItemsIfNeeded):
(WebKit::StorageManager::createEphemeral):
(WebKit::StorageManager::StorageManager):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):

  • UIProcess/Storage/StorageManager.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):

3:17 PM Changeset in webkit [214972] by jmarcell@apple.com
  • 5 edits in branches/safari-603-branch/Source

Versioning.

3:06 PM WebKitGTK/2.16.x edited by clopez@igalia.com
(diff)
3:05 PM WebKitGTK/2.16.x edited by clopez@igalia.com
(diff)
2:50 PM Changeset in webkit [214971] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.16

Tag Safari-604.1.16.

2:19 PM Changeset in webkit [214970] by keith_miller@apple.com
  • 8 edits in trunk/Source/JavaScriptCore

WebAssembly: Plans should be able to have more than one completion task.
https://bugs.webkit.org/show_bug.cgi?id=170516

Reviewed by Saam Barati.

This patch also eliminates the need for blocked tasks on the
PromiseDeferredTimer and pendingPromise on Wasm::Plan.

  • runtime/PromiseDeferredTimer.cpp:

(JSC::PromiseDeferredTimer::doWork):
(JSC::PromiseDeferredTimer::cancelPendingPromise):
(JSC::PromiseDeferredTimer::scheduleBlockedTask): Deleted.

  • runtime/PromiseDeferredTimer.h:
  • wasm/WasmPlan.cpp:

(JSC::Wasm::Plan::Plan):
(JSC::Wasm::Plan::addCompletionTask):
(JSC::Wasm::Plan::complete):

  • wasm/WasmPlan.h:

(JSC::Wasm::Plan::setMode):
(JSC::Wasm::Plan::mode):
(JSC::Wasm::Plan::setModeAndPromise): Deleted.
(JSC::Wasm::Plan::pendingPromise): Deleted.

  • wasm/WasmWorklist.cpp:

(JSC::Wasm::Worklist::enqueue):

  • wasm/js/WebAssemblyInstanceConstructor.cpp:

(JSC::constructJSWebAssemblyInstance):

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::instantiate):

2:00 PM Changeset in webkit [214969] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Do not use BLX for immediates (ARM-32)

https://bugs.webkit.org/show_bug.cgi?id=170351

Patch by Guilherme Iscaro <iscaro@profusion.mobi> on 2017-04-05
Reviewed by Mark Lam.

Currently the offline asm generator for 32-bit ARM code translates the
'call' meta-instruction (which may be found in LowLevelInterpreter.asm
and friends) to the ARM's BLX instrunction. The BLX instruction may be
used for labels (immediates) and registers and one side effect of BLX
is that it may switch the processor's instruction set.
A 'BLX register' instruction will change/remain the processor state to
ARM if the register_bit[0] is set to 0 or change/remain to Thumb if
register_bit[0] is set to 1. However, a 'BLX label' instruction will
always switch the processor state. It switches ARM to thumb and vice-versa.
This behaviour is unwanted, since the C++ code and the offlineasm generated code
are both compiled using the same instruction set, thus a instruction
set change will likely produce a crash. In order to fix the problem the
BL instruction can be used for labels. It will branch just like BLX,
but it won't change the instruction set. It's important to note that
Darwin is not affected by this problem, thus to minimize the impact of
this change the BL instruction will only be used on non-darwin targets.

BLX reference: http://infocenter.arm.com/help/topic/com.arm.doc.dui0489i/CIHBJCDC.html?resultof=%22%62%6c%78%22%20

  • offlineasm/arm.rb:
1:59 PM Changeset in webkit [214968] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Switch to kCVPixelFormatType_420YpCbCr8BiPlanarFullRange for Mac video capture format
https://bugs.webkit.org/show_bug.cgi?id=170509

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-05
Reviewed by Eric Carlson.

Covered by existing tests.

  • platform/mediastream/mac/AVVideoCaptureSource.mm:
1:58 PM Changeset in webkit [214967] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Probe values not showing in sidebar
https://bugs.webkit.org/show_bug.cgi?id=170143

Reviewed by Joseph Pecoraro.

Force the DataGrid to refresh its layout after adding a probe sample.

  • UserInterface/Views/ProbeSetDataGrid.css:

(.details-section.probe-set .data-grid tr.data-updated):
(.details-section.probe-set .data-grid > tr.data-updated): Deleted.
Drive-by fix: selector didn't match any rows.

  • UserInterface/Views/ProbeSetDataGrid.js:

(WebInspector.ProbeSetDataGrid.prototype._updateNodeForFrame):

1:44 PM Changeset in webkit [214966] by jfernandez@igalia.com
  • 8 edits
    2 adds in trunk

[css-align] Implement the place-items shorthand
https://bugs.webkit.org/show_bug.cgi?id=168847

Reviewed by David Hyatt.

Source/WebCore:

The CSS Box Alignment specification defines a new shorthand to set the
Content Alignment properties (align-items and justify-items) at the
same time.

This patch provides the implementation of the CSS parsing logic and the
required regression tests. For the time being, as it happens with the
rest of the new alignment properties, the new parsing logic is
implemented behind the CSS Grid Layout runtime flag.

Test: css3/parse-place-items.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

  • css/CSSProperties.json:
  • css/StyleProperties.cpp:

(WebCore::StyleProperties::getPropertyValue):
(WebCore::StyleProperties::getAlignmentShorthandValue):

  • css/StyleProperties.h:
  • css/parser/CSSPropertyParser.cpp:

(WebCore::isAutoOrNormalOrStretch):
(WebCore::consumeSelfPositionOverflowPosition):
(WebCore::consumeSimplifiedItemPosition):
(WebCore::CSSPropertyParser::consumePlaceItemsShorthand):

  • css/parser/CSSPropertyParser.h:

LayoutTests:

Regression tests for the new place-content alignment shorthand.

  • css3/parse-place-items.html: Added.
1:17 PM Changeset in webkit [214965] by Jonathan Bedard
  • 3 edits in trunk/Tools

webkitpy: Add pid logging for simulator processes
https://bugs.webkit.org/show_bug.cgi?id=170505

Reviewed by Alexey Proskuryakov.

  • Scripts/webkitpy/port/simulator_process.py:

(SimulatorProcess._start.handler): Add pid to exception.
(SimulatorProcess._start): Ditto.

  • Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDevice.launch_app): Log pid when the process fails to launch and when
a pid is successfully returned.

1:16 PM Changeset in webkit [214964] by Ryan Haddad
  • 4 edits in trunk

Unreviewed, rolling out r214932.

This change broke an internal build.

Reverted changeset:

"[ios-simulator] API test WebKit2.DataDetectionReferenceDate
timing out"
https://bugs.webkit.org/show_bug.cgi?id=161967
http://trac.webkit.org/changeset/214932

1:15 PM Changeset in webkit [214963] by Ryan Haddad
  • 4 edits in trunk

Unreviewed, rolling out r214962.

Roll r214937 back in because it wasn't at fault for the build
breakage.

Reverted changeset:

"Unreviewed, rolling out r214937."
https://bugs.webkit.org/show_bug.cgi?id=170365
http://trac.webkit.org/changeset/214962

12:43 PM Changeset in webkit [214962] by Ryan Haddad
  • 4 edits in trunk

Unreviewed, rolling out r214937.

This change broke an internal build.

Reverted changeset:

"REGRESSION (r202472): Data Detection overwrites existing
links in detected ranges"
https://bugs.webkit.org/show_bug.cgi?id=170365
http://trac.webkit.org/changeset/214937

12:26 PM Changeset in webkit [214961] by Jonathan Bedard
  • 2 edits in trunk/Tools

Increase timeouts for simulator testing
Unreviewed infrastructure fix.

r214895 was not sufficient, increasing timeouts again.

  • Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDevice.install_app): Increase timeout from 3 to 10 seconds.

12:14 PM Changeset in webkit [214960] by clopez@igalia.com
  • 8 edits
    4 adds in trunk

[WebRTC][OpenWebRTC] Add support for SDP BUNDLE ("a:group:BUNDLE" and "a=bundle-only" lines)
https://bugs.webkit.org/show_bug.cgi?id=170157

Reviewed by Alejandro G. Castro.

Source/WebCore:

This implements support on the SDPProcessor for generating an "a=group:BUNDLE"
attribute with the MID identifiers specified in the bundle group in the most
recent answer.
It also implements support for generating "a=bundle-only" attributes on the
"m=" sections of the SDP according to the bundlePolicy defined.

Test: fast/mediastream/RTCPeerConnection-inspect-offer-bundlePolicy-bundle-only.html

  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::createAnswerTask):

  • Modules/mediastream/SDPProcessor.cpp:

(WebCore::getBundlePolicyName):
(WebCore::configurationToJSON):

  • Modules/mediastream/sdp.js:

(SDP.generate):

  • platform/mediastream/MediaEndpointSessionConfiguration.h:

(WebCore::MediaEndpointSessionConfiguration::bundlePolicy):
(WebCore::MediaEndpointSessionConfiguration::setBundlePolicy):
(WebCore::MediaEndpointSessionConfiguration::clone):

LayoutTests:

The test fast/mediastream/RTCPeerConnection-inspect-offer-bundlePolicy-bundle-only.html
is used to check that we generate the "a=bundle-only" lines on the "m=" sections
according to the bundlePolicy. The 3 possible values of bundlePolicy are tested.
To properly test bundlePolicy:"balanced" we generate 5 extra tracks (6 in total)
for each one of the audio media type and video media type.

  • TestExpectations: Set RTCPeerConnection-inspect-offer-bundlePolicy-bundle-only.html

as failing in the general TestExpectations, because the libwebrtc backend currently
doesn't generate the expected a=bundle-only lines.
On the GTK+ port TestExpectations file this is overriden, and the test is marked to pass.
The whole fast/mediastream directory is already overriden to pass.

  • fast/mediastream/RTCPeerConnection-inspect-offer-bundlePolicy-bundle-only-expected.txt: Added.
  • fast/mediastream/RTCPeerConnection-inspect-offer-bundlePolicy-bundle-only.html: Added.
  • fast/mediastream/resources/sdp-utils.js:

(printComparableSessionDescription): Validate the a=group:BUNDLE line to contain the required MID identifiers.

  • platform/gtk/fast/mediastream/RTCPeerConnection-inspect-answer-expected.txt: Added. Rebaseline with the expected a=group:BUNDLE line.
  • platform/gtk/fast/mediastream/RTCPeerConnection-inspect-offer-expected.txt: Added. Rebaseline with the expected a=group:BUNDLE line.
12:09 PM Changeset in webkit [214959] by jer.noble@apple.com
  • 3 edits
    2 adds in trunk

[MSE] Seeks to currentTime=0 will fail if currentTime is already 0.
https://bugs.webkit.org/show_bug.cgi?id=170510
Source/WebCore:

<rdar://problem/30988403>

Reviewed by Eric Carlson.

Test: media/media-source/media-source-unnecessary-seek-seeked.html

The AVSampleBufferRenderSynchronizer won't fire a time jumped notification if no seek is actully
necessary. So short circuit the seek logic if the seek time is identical to the current synchronizer
time.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekInternal):

LayoutTests:

Reviewed by Eric Carlson.

  • media/media-source/media-source-unnecessary-seek-seeked-expected.txt: Added.
  • media/media-source/media-source-unnecessary-seek-seeked.html: Added.
12:08 PM Changeset in webkit [214958] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Formatting fix to remove extra space.

Unreviewed formatting fix.

  • Scripts/webkitdirs.pm:

(isEmbeddedWebKit): Remove extra space.

12:03 PM Changeset in webkit [214957] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Rename isIOSLikeWebKit to isEmbeddedWebKit.

Rubber-stamped by Alexey Proskuryakov.

  • Scripts/webkitdirs.pm:

(isEmbeddedWebKit): Added
(isIOSLikeWebKit): Deleted.

11:57 AM Changeset in webkit [214956] by Matt Baker
  • 9 edits in trunk

Web Inspector: XHR breakpoints should be global
https://bugs.webkit.org/show_bug.cgi?id=170033

Source/WebInspectorUI:

Reviewed by Joseph Pecoraro.

  • Localizations/en.lproj/localizedStrings.js:

Shorten XHR breakpoint tree element "URL contains:" title to "URL".

  • UserInterface/Controllers/DOMDebuggerManager.js:

Change storage of XHR breakpoints from a map to a simple array.
(WebInspector.DOMDebuggerManager):
(WebInspector.DOMDebuggerManager.prototype.get xhrBreakpoints):
(WebInspector.DOMDebuggerManager.prototype.addXHRBreakpoint):
Dispatch the "breakpoint added" event immediately after adding the
breakpoint, rather than waiting for it to resolve.

(WebInspector.DOMDebuggerManager.prototype.removeXHRBreakpoint):
(WebInspector.DOMDebuggerManager.prototype._speculativelyResolveBreakpoints):
(WebInspector.DOMDebuggerManager.prototype._resolveXHRBreakpoint):
(WebInspector.DOMDebuggerManager.prototype._saveXHRBreakpoints):
(WebInspector.DOMDebuggerManager.prototype._mainResourceDidChange):

  • UserInterface/Models/XHRBreakpoint.js:

An XHR breakpoint should not be associated with a particular document.
(WebInspector.XHRBreakpoint):
(WebInspector.XHRBreakpoint.prototype.get serializableInfo):
(WebInspector.XHRBreakpoint.prototype.saveIdentityToCookie):
(WebInspector.XHRBreakpoint.prototype.get documentURL): Deleted.

  • UserInterface/Views/DebuggerSidebarPanel.css:

Use default emdash-separated title/subtitle style instead of the
custom "URL contains:" labeling.

(.sidebar > .panel.navigation.debugger .details-section.xhr-breakpoints .item.breakpoint .subtitle):
(.sidebar > .panel.navigation.debugger .details-section.xhr-breakpoints .item.breakpoint .subtitle:before): Deleted.
(body[dir=ltr] .sidebar > .panel.navigation.debugger .details-section.xhr-breakpoints .item.breakpoint .subtitle): Deleted.
(body[dir=rtl] .sidebar > .panel.navigation.debugger .details-section.xhr-breakpoints .item.breakpoint .subtitle): Deleted.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype.willDismissPopover):
(WebInspector.DebuggerSidebarPanel):

  • UserInterface/Views/XHRBreakpointTreeElement.js:

(WebInspector.XHRBreakpointTreeElement):

LayoutTests:

Reviewed by Joseph Pecoraro..

  • inspector/dom-debugger/xhr-breakpoints.html:

Update for XHRBreakpoint constructor change.

11:47 AM Changeset in webkit [214955] by Chris Dumez
  • 7 edits
    2 adds in trunk

<input type="range"> changing to disabled while active breaks all pointer events
https://bugs.webkit.org/show_bug.cgi?id=170447
<rdar://problem/31442875>

Reviewed by Geoffrey Garen.

Source/WebCore:

When a range's slider is being moved, we set SliderThumbElement's m_inDragMode flag
to true and mark the range elements as the CapturingMouseEventsElement. When we get
the mouseUp event, we are supposed to exit drag mode. However, when the range element
gets disabled while dragging, we do not get the mouseUp event and we need to make
sure we exit dragging mode anyway. r112547 tried to fix this by calling stopDragging()
in SliderThumbElement::defaultEventHandler() when the input element is disabled.
While this often works, this is fragile and we sometimes fail to exit dragging mode
when we should.

This patch addressed the issue by calling stopDragging() in
SliderThumbElement::disabledAttributeChanged() instead. This is much safer as we
guarantee will exit dragging mode whenever the range element gets disabled, even
if SliderThumbElement::defaultEventHandler() does not get called after that.

Test: fast/forms/range/disabled-while-dragging.html

  • html/RangeInputType.cpp:

(WebCore::RangeInputType::disabledAttributeChanged):

  • html/RangeInputType.h:
  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::defaultEventHandler):
(WebCore::SliderThumbElement::disabledAttributeChanged):

  • html/shadow/SliderThumbElement.h:

LayoutTests:

Add layout test coverage.

  • fast/forms/range/disabled-while-dragging-expected.txt: Added.
  • fast/forms/range/disabled-while-dragging.html: Added.
11:43 AM Changeset in webkit [214954] by mitz@apple.com
  • 8 copies
    1 add in releases/Apple/Safari Technology Preview 27

Added a tag for Safari Technology Preview release 27.

11:34 AM Changeset in webkit [214953] by eric.carlson@apple.com
  • 3 edits in trunk/Source/WebCore

[MediaStream] Video doesn't render in fullscreen on iOS
https://bugs.webkit.org/show_bug.cgi?id=170404

Reviewed by Youenn Fablet.

No new tests, filed https://bugs.webkit.org/show_bug.cgi?id=170512.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Include
video fullscreen manager on iOS too.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::videoTransformationMatrix): Add paramater
to force transform recalculation.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample): Restructure code since
the display layer resize happens elsewhere.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayers): Include video fullscreen
manager on iOS too.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayers): Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer): Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::backgroundLayerBoundsChanged): Change the
display layer size and position immediately instead of waiting for the next sample buffer
so the display is correct when fullscreen mode changes when paused.

11:26 AM Changeset in webkit [214952] by jiewen_tan@apple.com
  • 3 edits in trunk/LayoutTests

Unreviewed, rebasing crypto/subtle/rsa-import-key-malformed-parameters.html
<rdar://problem/31322400>

  • crypto/subtle/rsa-import-key-malformed-parameters-expected.txt:
  • crypto/subtle/rsa-import-key-malformed-parameters.html:
10:31 AM Changeset in webkit [214951] by commit-queue@webkit.org
  • 19 edits
    3 deletes in trunk

Deprecate and remove URL.createObjectURL(mediastream)
https://bugs.webkit.org/show_bug.cgi?id=167518
<rdar://problem/31149607>

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-05
Reviewed by Eric Carlson.

Source/WebCore:

Covered by updated tests.

  • CMakeLists.txt:
  • DerivedSources.cpp:
  • DerivedSources.make:
  • Modules/mediastream/DOMURLMediaStream.cpp: Removed.
  • Modules/mediastream/DOMURLMediaStream.h: Removed.
  • Modules/mediastream/DOMURLMediaStream.idl: Removed.
  • WebCore.xcodeproj/project.pbxproj:
  • html/DOMURL.idl:

LayoutTests:

  • fast/mediacapturefromelement/CanvasCaptureMediaStream-2d-events.html:
  • fast/mediacapturefromelement/CanvasCaptureMediaStream-request-frame-events.html:
  • fast/mediacapturefromelement/CanvasCaptureMediaStream-webgl-events.html:
  • fast/mediastream/MediaStream-video-element-displays-buffer-expected.txt:
  • fast/mediastream/MediaStream-video-element-displays-buffer.html:
  • fast/mediastream/MediaStream-video-element-expected.txt:
  • fast/mediastream/MediaStream-video-element-track-stop-expected.txt:
  • fast/mediastream/MediaStream-video-element-track-stop.html:
  • fast/mediastream/MediaStream-video-element-video-tracks-disabled-then-enabled-expected.txt:
  • fast/mediastream/MediaStream-video-element-video-tracks-disabled.html:
  • fast/mediastream/MediaStream-video-element.html:
  • fast/mediastream/resources/getUserMedia-helper.js:

(setupVideoElementWithStream):

10:19 AM Changeset in webkit [214950] by keith_miller@apple.com
  • 4 edits
    1 add in trunk

WebAssembly: We shouldn't need to pin size registers if we have a fast memory.
https://bugs.webkit.org/show_bug.cgi?id=170504

Reviewed by Mark Lam.

JSTests:

  • wasm/function-tests/trap-after-cross-instance-call.js: Added.

(b.new.WebAssembly.Memory):
(importObject.foo.bar):
(wasmFrameCountFromError):

Source/JavaScriptCore:

  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::createJSToWasmWrapper):
(JSC::Wasm::parseAndCompile):

  • wasm/WasmMemoryInformation.h:

(JSC::Wasm::PinnedRegisterInfo::toSave):

10:15 AM Changeset in webkit [214949] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

[Webrtc] Mock realtime sources factories should be static after r213941
https://bugs.webkit.org/show_bug.cgi?id=170282

Patch by Alejandro G. Castro <alex@igalia.com> on 2017-04-05
Reviewed by Alex Christensen.

If we don't make the variables static we would be returning a
local variable.

  • platform/mock/MockRealtimeAudioSource.cpp:

(WebCore::MockRealtimeAudioSource::factory):

  • platform/mock/MockRealtimeVideoSource.cpp:

(WebCore::MockRealtimeVideoSource::factory):

10:02 AM Changeset in webkit [214948] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[WK2][iOS] Add entitlements to enable audio/video capture in WebProcess
https://bugs.webkit.org/show_bug.cgi?id=170507
<rdar://problem/31121248>

Reviewed by Youenn Fablet.

Add two entitlements that are required to access audio/video capture on iOS.

  • Configurations/WebContent-iOS.entitlements:
9:50 AM Changeset in webkit [214947] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Show a log message when an invalid message is received in non cocoa ports
https://bugs.webkit.org/show_bug.cgi?id=170506

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2017-04-05
Reviewed by Michael Catanzaro.

We just crash, but without knowing the details about the message it's impossible to debug.

  • Shared/ChildProcess.cpp:

(WebKit::ChildProcess::didReceiveInvalidMessage):

9:06 AM Changeset in webkit [214946] by achristensen@apple.com
  • 8 edits
    1 move in trunk

Fix CMake build.

Source/WebCore:

  • platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:

Some JavaScript inline functions were not being accessed from this file with different enable flags.

  • platform/spi/cf/CFNetworkSPI.h:
  • platform/spi/cocoa/NSURLConnectionSPI.h:

Moved NSURLSession-specific SPI from NSURLConnectionSPI.h to CFNetworkSPI.h.

Tools:

  • TestRunnerShared/EventSerialization/mac/EventSerializerMac.mm:
  • TestRunnerShared/spi/CoreGraphicsSPI.h: Removed.
  • TestRunnerShared/spi/CoreGraphicsTestSPI.h: Copied from Tools/TestRunnerShared/spi/CoreGraphicsSPI.h.

There is a CoreGraphicsSPI.h in WebCore and the CMake build was finding the wrong one.
Since we just inherit the include paths from WebCore in the CMake build and since this SPI is only used for testing,
I just renamed CoreGraphicsSPI.h to CoreGraphicsTestSPI.h to avoid any name collisions.

  • WebKitTestRunner/PlatformMac.cmake:

Add some missing files.

  • WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
7:28 AM Changeset in webkit [214945] by keith_miller@apple.com
  • 2 edits in trunk/Tools

Add debug option to run-jsc script
https://bugs.webkit.org/show_bug.cgi?id=170503

Reviewed by Yusuke Suzuki.

Adds a new option to the run-jsc script so that when passed
"--debug" it will wrap the jsc call with an lldb invocation. If
someone wishes to use a different debugger they can set the
DEBUGGER environment variable. Additionally, run-jsc now exits
with the exit status of the jsc call.

  • Scripts/run-jsc:
6:36 AM Changeset in webkit [214944] by Chris Dumez
  • 17 edits
    2 copies
    21 adds in trunk

_blank / _self / _parent / _top browsing context names should be case-insensitive
https://bugs.webkit.org/show_bug.cgi?id=169747

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Import test coverage from upstream web-platform-tests.

  • resources/import-expectations.json:
  • web-platform-tests/html/browsers/windows/browsing-context-names/001.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/002.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-_blank-expected.txt: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-_blank.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-existing.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-001-expected.txt: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-001.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-002-expected.txt: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-002.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-003-expected.txt: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-003.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-004-expected.txt: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-004.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-self-1.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-self-2.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-default-name-expected.txt:
  • web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-default-name.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/existing.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-iframe-1.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-iframe-2.html: Copied from LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/existing.html.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-iframe-3.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-iframe-insensitive-1.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-iframe-insensitive-2.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-top-nested.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-top-replace.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/parent-top.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/post-to-opener.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/post-to-top-or-close.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/post-to-top.html: Added.
  • web-platform-tests/html/browsers/windows/browsing-context-names/resources/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/w3c-import.log.
  • web-platform-tests/html/browsers/windows/browsing-context-names/self1.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/self2.html:
  • web-platform-tests/html/browsers/windows/browsing-context-names/w3c-import.log:

Source/WebCore:

_blank / _self / _parent / _top browsing context names should be case-insensitive
as per the HTML specification:

This aligns our behavior with Firefox as well. See discussion at:

Tests: imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-_blank.html

imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-001.html
imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-002.html
imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-003.html
imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-choose-parent-004.html

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
(WebCore::createWindow):

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::open):

  • page/FrameTree.cpp:

(WebCore::FrameTree::uniqueChildName):
(WebCore::FrameTree::find):

6:19 AM Changeset in webkit [214943] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit

[WinCairo] Invalid address specified to RtlValidateHeap at std::ctype<char>::_Tidy() when finishing MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=157067

Patch by Fujii Hironori <Fujii Hironori> on 2017-04-05
Reviewed by Per Arne Vollan.

WebKit is compiled with /MT switch to use static CRT on Windows.
But, WinCairo port does not link the static CRT by specifying
/NODEFAULTLIB:LIBCMT and /NODEFAULTLIB:LIBCMTD switches.
Eventually, a dynamically linked CRT is linked. This causes
potential heap corruption.

  • PlatformWin.cmake: Do not set /NODEFAULTLIB:LIBCMT and

/NODEFAULTLIB:LIBCMTD, but /NODEFAULTLIB:MSVCRT and
/NODEFAULTLIB:MSVCRTD as well as AppleWin port does

6:07 AM Changeset in webkit [214942] by Yusuke Suzuki
  • 9 edits in trunk/Source

[JSC] Suppress warnings in GCC
https://bugs.webkit.org/show_bug.cgi?id=170501

Reviewed by Keith Miller.

Source/JavaScriptCore:

Should use ASSERT_NOT_REACHED since return-type pragma is only
enabled under ASSERT_DISABLED environment. We shoud use
ASSERT_NOTREACHED to emit assertions in debug build. It effectively
catches bugs while keeping performance in release build.

  • b3/B3Opcode.cpp:

(JSC::B3::storeOpcode):

  • b3/B3Width.h:

(JSC::B3::mask):

  • runtime/Options.cpp:

(JSC::parse):

  • wasm/WasmSections.h:

(JSC::Wasm::makeString):

  • wasm/WasmSignature.cpp:

(JSC::Wasm::SignatureInformation::tryCleanup):

  • wasm/generateWasmValidateInlinesHeader.py:

Source/WTF:

Add a new macro UNUSED_FUNCTION to annotate unused static functions.
#pragma GCC diagnostic ignored "-Wunused-function" does not work.

  • wtf/Compiler.h:
3:41 AM Changeset in webkit [214941] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.14

Merge r206633 - DumpRenderTree crashed in com.apple.WebCore: WTF::Optional<WebCore::FetchBodyOwner::BlobLoader>::operator bool const + 12
https://bugs.webkit.org/show_bug.cgi?id=162483

Patch by Youenn Fablet <youenn@apple.com> on 2016-09-30
Reviewed by Alex Christensen.

Source/WebCore:

Test: fetch/closing-while-fetching-blob.html
No change of behavior.

  • Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::stop): Asserting m_blobLoader is null (meaning that unsetPendingActivity was done)
only in case FetchBodyOwner has no risk being destroyed.

LayoutTests:

  • fetch/closing-while-fetching-blob-expected.txt: Added.
  • fetch/closing-while-fetching-blob.html: Added.
3:40 AM Changeset in webkit [214940] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.14

Merge r212882 - [GTK] Compilation fails if using ninja together with icecream and cmake > 3.5
https://bugs.webkit.org/show_bug.cgi?id=168770

Reviewed by Carlos Garcia Campos.

If using cmake >= 3.6 together with ninja generator and icecream, the
build will fail as icecream does not correctly handle the response
files and it's not passing compiler flags from there to the compiler
itself (in our case it's not passing -fPIC which leads to the
failure while linking). Don't enable the ninja's response files
support if we fulfill the preconditions.

  • Source/cmake/OptionsCommon.cmake:
3:09 AM Changeset in webkit [214939] by magomez@igalia.com
  • 3 edits in trunk/Source/WebCore

[GTK+] PNG animations that should run once are not played at all
https://bugs.webkit.org/show_bug.cgi?id=170499

Reviewed by Carlos Garcia Campos.

The repetition count reported bu the PNGImageDecoder is wrong. It's returning m_playCount - 1, which
means 0 for the animations that need to be played once. Change it to return an appropriate value.

Covered by existent tests.

  • platform/image-decoders/png/PNGImageDecoder.cpp:

(WebCore::PNGImageDecoder::repetitionCount):

  • platform/image-decoders/png/PNGImageDecoder.h:
2:13 AM Changeset in webkit [214938] by jfernandez@igalia.com
  • 2 edits in trunk/LayoutTests

[GTK] Unreviewed tests gardening
https://bugs.webkit.org/show_bug.cgi?id=170497

Unreviewed test gardening. Rebaseline tests after r214712.

  • platform/gtk/fast/multicol/table-vertical-align-expected.txt:
1:24 AM Changeset in webkit [214937] by aestes@apple.com
  • 4 edits in trunk

REGRESSION (r202472): Data Detection overwrites existing links in detected ranges
https://bugs.webkit.org/show_bug.cgi?id=170365
<rdar://problem/29205721>

Reviewed by Tim Horton.

Source/WebCore:

r202472 changed the node traversal in searchForLinkRemovingExistingDDLinks() to only
consider nodes that are descendants of startNode, but we need to traverse all nodes between
startNode and endNode to find existing non-DD links.

As a result, we'd add a Data Detector link to the following snippet and make the original
links un-clickable:

<a href='#'>tomorrow</a> <a href='#'>night</a>

Fix this by not specifying a stayWithin node when calling NodeTraversal::next(). The loop
will terminate when we reach endNode.

Updated WebKit2.DataDetectionReferenceDate API test.

  • editing/cocoa/DataDetection.mm:

(WebCore::searchForLinkRemovingExistingDDLinks):

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/DataDetection.mm:

(expectLinkCount): Changed to only query links with the x-apple-data-detectors attribute.
(TEST): Re-enabled the test, which now passes.

12:58 AM Changeset in webkit [214936] by Carlos Garcia Campos
  • 4 edits in trunk/Source/JavaScriptCore

Implement PromiseDeferredTimer for non CF based ports
https://bugs.webkit.org/show_bug.cgi?id=170391

Reviewed by Yusuke Suzuki.

RunLoop handling is only implemented for CF causing several wasm tests to fail for other ports.

  • jsc.cpp:

(runJSC): Remove CF ifdefs.

  • runtime/PromiseDeferredTimer.cpp:

(JSC::PromiseDeferredTimer::doWork): Add non CF implementation using WTF RunLoop.
(JSC::PromiseDeferredTimer::runRunLoop): Ditto.

  • runtime/PromiseDeferredTimer.h:
12:53 AM Changeset in webkit [214935] by Carlos Garcia Campos
  • 2 edits in trunk/Source/JavaScriptCore

WebAssembly: several tests added in r214504 crash when building with GCC
https://bugs.webkit.org/show_bug.cgi?id=170390

Reviewed by Saam Barati.

The pattern foo->bar([f = WTFMove(foo)]{}); crashes when building with GCC, I assume the move happens before the
foo is used to invoke the function.

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::webAssemblyCompileFunc): Use p.vm() instead of plan->vm(), because plan is moved by the lambda.
(JSC::instantiate): Ditto.
(JSC::compileAndInstantiate): Ditto.

12:41 AM Changeset in webkit [214934] by Carlos Garcia Campos
  • 16 edits
    4 copies
    2 moves
    4 deletes in trunk/Source

Move WebErrors from WebProcess to Shared and get rid of ErrorsGtk in WebCore
https://bugs.webkit.org/show_bug.cgi?id=156974

Reviewed by Sam Weinig.

Source/WebCore:

Remove ErrorsGtk.

  • PlatformGTK.cmake:
  • platform/gtk/ErrorsGtk.cpp: Removed.
  • platform/gtk/ErrorsGtk.h: Removed.

Source/WebCore/platform/gtk/po:

  • POTFILES.in: Add new paths with translatable strings.

Source/WebKit2:

WebErrors are not only used by the frame loader client in the web process, but also by the network process. So,
move them to Shared make most of the implementation cross-platform.

  • CMakeLists.txt: Add new files to compilation.
  • NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::download): Use WebErrors directly instead of platform methods that are no longer needed.
(WebKit::NetworkDataTaskSoup::writeDownloadCallback): Ditto.
(WebKit::NetworkDataTaskSoup::didFinishDownload): Ditto.
(WebKit::NetworkDataTaskSoup::didFail): Ditto.

  • PlatformGTK.cmake: Add new files to compilation and remove DownloadSoupErrorsGtk.cpp
  • PlatformMac.cmake:
  • Shared/API/APIError.cpp: Add error domains used by glib based ports.

(API::Error::webKitNetworkErrorDomain):
(API::Error::webKitPolicyErrorDomain):
(API::Error::webKitPluginErrorDomain):
(API::Error::webKitDownloadErrorDomain):
(API::Error::webKitPrintErrorDomain):

  • Shared/API/APIError.h:
  • Shared/Cocoa/WebErrorsCocoa.mm: Copied from Source/WebKit2/WebProcess/WebCoreSupport/WebErrors.h.

(WebKit::createNSError):
(WebKit::cancelledError):
(WebKit::fileDoesNotExistError):

  • Shared/WebErrors.cpp: Copied from Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebErrorsGtk.cpp.

(WebKit::blockedError):
(WebKit::blockedByContentBlockerError):
(WebKit::cannotShowURLError):
(WebKit::interruptedForPolicyChangeError):
(WebKit::blockedByContentFilterError):
(WebKit::cannotShowMIMETypeError):
(WebKit::pluginWillHandleLoadError):
(WebKit::internalError):

  • Shared/WebErrors.h: Renamed from Source/WebKit2/WebProcess/WebCoreSupport/WebErrors.h.
  • Shared/glib/WebErrorsGlib.cpp: Renamed from Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebErrorsGtk.cpp.

(WebKit::cancelledError):
(WebKit::fileDoesNotExistError):

  • Shared/gtk/WebErrorsGtk.cpp: Copied from Source/WebKit2/NetworkProcess/Downloads/gtk/DownloadSoupErrorsGtk.cpp.

(WebKit::printError):
(WebKit::printerNotFoundError):
(WebKit::invalidPageRangeToPrint):

  • Shared/soup/WebErrorsSoup.cpp: Renamed from Source/WebKit2/NetworkProcess/Downloads/gtk/DownloadSoupErrorsGtk.cpp.

(WebKit::downloadNetworkError):
(WebKit::downloadCancelledByUserError):
(WebKit::downloadDestinationError):

  • UIProcess/API/gtk/WebKitDownload.cpp:
  • UIProcess/API/gtk/WebKitError.cpp:

(webkit_network_error_quark):
(webkit_policy_error_quark):
(webkit_plugin_error_quark):
(webkit_download_error_quark):
(webkit_print_error_quark):

  • UIProcess/API/gtk/WebKitPrivate.cpp:

(toWebKitError):
(toWebCoreError):

  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/WebCoreSupport/mac/WebErrorsMac.mm: Removed.
  • WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp:
12:39 AM Changeset in webkit [214933] by aestes@apple.com
  • 2 edits in trunk/Tools

[ios-simulator] API test WebKit2.WKWebProcessPlugInRangeHandle timing out
https://bugs.webkit.org/show_bug.cgi?id=167594

Re-enabled this API test now that webkit.org/b/161967 is fixed.

  • TestWebKitAPI/Tests/WebKit2Cocoa/BundleRangeHandle.mm:

(TEST):

12:36 AM Changeset in webkit [214932] by aestes@apple.com
  • 4 edits in trunk

[ios-simulator] API test WebKit2.DataDetectionReferenceDate timing out
https://bugs.webkit.org/show_bug.cgi?id=161967

Reviewed by Alexey Proskuryakov.

Source/WebCore:

DataDetectorsCoreSPI.h defined DDQueryOffset as a struct of two CFIndexes, which is 16 bytes
on LP64, but the struct is actually defined as two CFIndex-typed 32-bit bitfields, which is
8 bytes on LP64. This breaks the ABI on Public SDK builds when calling functions that take
or return DDQueryOffsets.

  • platform/spi/cocoa/DataDetectorsCoreSPI.h: Updated the DDQueryOffset definition for

Public SDK builds, and added a static_assert to detect future size changes at compile time.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/DataDetection.mm:

(TEST): Re-enabled WebKit2.DataDetectionReferenceDate.

12:09 AM Changeset in webkit [214931] by Yusuke Suzuki
  • 13 edits
    1 add in trunk

[JSC] Generate TemplateObjects at linking time
https://bugs.webkit.org/show_bug.cgi?id=169743

Reviewed by Keith Miller.

JSTests:

  • stress/template-string-tags-eval.js: Added.

(shouldBe):
(tag):

Source/JavaScriptCore:

Currently, the code calls getTemplateObject to get appropriate template objects at runtime.
But this template object is constant value and never changed. So instead of creating it
at runtime, we should create it at linking time and store it in the constant registers.

  • builtins/BuiltinNames.h:
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantRegisters):

  • bytecode/CodeBlock.h:
  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::shrinkToFit):

  • bytecode/UnlinkedCodeBlock.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addTemplateRegistryKeyConstant):
(JSC::BytecodeGenerator::emitGetTemplateObject):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::TaggedTemplateNode::emitBytecode):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::getTemplateObject): Deleted.

  • runtime/JSTemplateRegistryKey.cpp:
  • runtime/JSTemplateRegistryKey.h:

(JSC::isTemplateRegistryKey):

Apr 4, 2017:

10:38 PM Changeset in webkit [214930] by jer.noble@apple.com
  • 4 edits in trunk/Source/WebCore

Move AVSampleBufferDisplayLayer declarations into AVFoundationSPI.h
https://bugs.webkit.org/show_bug.cgi?id=170471

Reviewed by Eric Carlson.

Move the declaration of AVSampleBufferDisplayLayer (and related classes) into AVFoundationSPI.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
  • platform/spi/mac/AVFoundationSPI.h:
10:14 PM Changeset in webkit [214929] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark imported/w3c/web-platform-tests/fetch/api/response/response-trailer.html as flaky
for https://bugs.webkit.org/show_bug.cgi?id=170493

  • platform/mac/TestExpectations:
9:48 PM Changeset in webkit [214928] by commit-queue@webkit.org
  • 6 edits
    3 adds in trunk

Canvas is tainted when painting a video with MediaStreamTrack
https://bugs.webkit.org/show_bug.cgi?id=170486

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-04
Reviewed by Eric Carlson.

Source/WebCore:

Test: http/tests/media/media-stream/getusermedia-with-canvas.html

Adding the notion of isolated source so that we can later on implement WebRTC isolated tracks.
For now, canvas will not be tainted if painted from a MediaStreamTrack.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::didPassCORSAccessCheck):

  • platform/mediastream/MediaStreamTrackPrivate.h:

(WebCore::MediaStreamTrackPrivate::isIsolated):

  • platform/mediastream/RealtimeMediaSource.h:

LayoutTests:

  • http/tests/media/media-stream/getusermedia-with-canvas-expected.txt: Added.
  • http/tests/media/media-stream/getusermedia-with-canvas.html: Added.
  • http/tests/media/media-stream/resources/getUserMedia-helper.js: Added.

(reject):
(getUserMedia):
(defaultRejectOrCatch):
(setupVideoElementWithStream):

8:50 PM Changeset in webkit [214927] by mark.lam@apple.com
  • 4 edits
    1 add in trunk

On ARM64, DFG::SpeculativeJIT::compileArithMod() failed to ensure result is of DataFormatInt32.
https://bugs.webkit.org/show_bug.cgi?id=170473
<rdar://problem/29912391>

Reviewed by Saam Barati.

JSTests:

  • stress/regress-170473.js: Added.

Source/JavaScriptCore:

In Unchecked mode, when DFG::SpeculativeJIT::compileArithMod() detects that the
divisor is 0, we want it to return 0. The result is expected to be of
DataFormatIn32.

The ARM implementation just returns the value in the divisor register. However,
the divisor in this case can be of DataFormatJSInt32. On ARM64, returning the
divisor register yields the wrong result format because the same register also
holds the upper 32-bit of the JSValue encoding. The fix is to return an
immediate 0 instead.

Also turned on the assertion in jitAssertIsInt32 for ARM64. This assertion being
disabled may have contributed to this bug going unnoticed all this time.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithMod):

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::jitAssertIsInt32):

8:43 PM Changeset in webkit [214926] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Air::eliminateDeadCode should not repeatedly process the same live instructions
https://bugs.webkit.org/show_bug.cgi?id=170490

Reviewed by Keith Miller.

This makes the eliminateDeadCode() fixpoint somewhat worklist-based: we track the set
of Insts that might be dead. Every time we detect that one is live, we remove it from
the set. This is a big (>2x) speed-up because lots of Insts are immediately found to
be live.

This is a ~1% wasm -O1 compile time progression.

  • b3/air/AirEliminateDeadCode.cpp:

(JSC::B3::Air::eliminateDeadCode):

8:26 PM Changeset in webkit [214925] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Unreviewed, rolling out r214894, r214895, r214907, r214912,
and r214918.
https://bugs.webkit.org/show_bug.cgi?id=170491

Caused build failures on Mac (Requested by rniwa on #webkit).

Reverted changesets:

"Build fix."
http://trac.webkit.org/changeset/214894

"Rolling back the build fix, as it broke other builds."
http://trac.webkit.org/changeset/214895

"Move AVSampleBufferDisplayLayer declarations into
AVFoundationSPI.h"
https://bugs.webkit.org/show_bug.cgi?id=170471
http://trac.webkit.org/changeset/214907

"Unreviewed build fix: fix compilation error on Sierra."
http://trac.webkit.org/changeset/214912

"More build fixing."
http://trac.webkit.org/changeset/214918

7:50 PM Changeset in webkit [214924] by commit-queue@webkit.org
  • 8 edits in trunk

[Mac] Add back web audio support for getUserMedia MediaStreamTrack
https://bugs.webkit.org/show_bug.cgi?id=170482

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-04
Reviewed by Eric Carlson.

Source/WebCore:

´Covered by reenabled test.

Exporting method and class used in WebKit2.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/audio/mac/CAAudioStreamDescription.h:
  • platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h:

Source/WebKit2:

  • WebProcess/cocoa/UserMediaCaptureManager.cpp:

(WebKit::UserMediaCaptureManager::Source::setStorage):

LayoutTests:

6:18 PM Changeset in webkit [214923] by fpizlo@apple.com
  • 5 edits
    1 add in trunk/Source

Air::eliminateDeadCode() should not use a HashSet
https://bugs.webkit.org/show_bug.cgi?id=170487

Reviewed by Saam Barati.

Source/JavaScriptCore:

Introduce TmpSet, which is like a HashSet<Tmp>. Use this to make eliminateDeadCode()
about 50% faster, resulting in a 1% wasm -O1 compile time progression.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • b3/air/AirEliminateDeadCode.cpp:

(JSC::B3::Air::eliminateDeadCode):

  • b3/air/AirTmpSet.h: Added.

(JSC::B3::Air::TmpSet::TmpSet):
(JSC::B3::Air::TmpSet::add):
(JSC::B3::Air::TmpSet::remove):
(JSC::B3::Air::TmpSet::contains):
(JSC::B3::Air::TmpSet::size):
(JSC::B3::Air::TmpSet::isEmpty):
(JSC::B3::Air::TmpSet::iterator::iterator):
(JSC::B3::Air::TmpSet::iterator::operator*):
(JSC::B3::Air::TmpSet::iterator::operator++):
(JSC::B3::Air::TmpSet::iterator::operator==):
(JSC::B3::Air::TmpSet::iterator::operator!=):
(JSC::B3::Air::TmpSet::begin):
(JSC::B3::Air::TmpSet::end):

Source/WTF:

BitVector::iterator knows when it's at the end. Expose this functionality.

  • wtf/BitVector.h:

(WTF::BitVector::iterator::isAtEnd):

5:59 PM Changeset in webkit [214922] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark fast/images/slower-animation-than-decoding-image.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=168390

Unreviewed test gardening.

  • platform/mac/TestExpectations:
5:59 PM Changeset in webkit [214921] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark fast/images/reset-image-animation.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=170177

Unreviewed test gardening.

  • platform/mac/TestExpectations:
5:56 PM Changeset in webkit [214920] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark media/modern-media-controls/airplay-button/airplay-button.html as flaky on mac-wk1 Release.
https://bugs.webkit.org/show_bug.cgi?id=168409

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
5:55 PM Changeset in webkit [214919] by keith_miller@apple.com
  • 31 edits
    1 copy
    1 add in trunk/Source

WebAssembly: ModuleInformation should be a ref counted thing that can be shared across threads.
https://bugs.webkit.org/show_bug.cgi?id=170478

Reviewed by Saam Barati.

Source/JavaScriptCore:

ModuleInformation has been moved to its own file and is now
ThreadSafeRefCounted. All the Strings we used to keep in the
ModuleInformation have been switched to Vector<LChar> this has the
advantage that it can be passed across threads. However, this does
mean that we need to decode the utf8 strings in each thread. This
is likely not a problem because:

1) most modules have few imports/exports/custom sections.
2) most of the time they are ascii so the conversion is cheap.
3) we only have to do it once per thread, and there shouldn't be too many.

This patch also removes
moduleSignatureIndicesToUniquedSignatureIndices since that
information can already be recovered from the
SignatureInformation.

(functionTestWasmModuleFunctions):

  • runtime/Identifier.h:

(JSC::Identifier::fromString):

  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

  • wasm/WasmB3IRGenerator.h:
  • wasm/WasmFormat.cpp:

(JSC::Wasm::makeString):
(JSC::Wasm::ModuleInformation::~ModuleInformation): Deleted.

  • wasm/WasmFormat.h:

(JSC::Wasm::makeString):
(JSC::Wasm::ModuleInformation::functionIndexSpaceSize): Deleted.
(JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace): Deleted.
(JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace): Deleted.
(JSC::Wasm::ModuleInformation::importFunctionCount): Deleted.
(JSC::Wasm::ModuleInformation::internalFunctionCount): Deleted.

  • wasm/WasmFunctionParser.h:

(JSC::Wasm::FunctionParser<Context>::FunctionParser):

  • wasm/WasmModuleInformation.cpp: Copied from Source/JavaScriptCore/wasm/WasmValidate.h.

(JSC::Wasm::ModuleInformation::~ModuleInformation):

  • wasm/WasmModuleInformation.h: Added.

(JSC::Wasm::ModuleInformation::functionIndexSpaceSize):
(JSC::Wasm::ModuleInformation::isImportedFunctionFromFunctionIndexSpace):
(JSC::Wasm::ModuleInformation::signatureIndexFromFunctionIndexSpace):
(JSC::Wasm::ModuleInformation::importFunctionCount):
(JSC::Wasm::ModuleInformation::internalFunctionCount):
(JSC::Wasm::ModuleInformation::ModuleInformation):

  • wasm/WasmModuleParser.cpp:
  • wasm/WasmModuleParser.h:

(JSC::Wasm::ModuleParser::ModuleParser):

  • wasm/WasmParser.h:

(JSC::Wasm::Parser<SuccessType>::consumeUTF8String):

  • wasm/WasmPlan.cpp:

(JSC::Wasm::Plan::Plan):
(JSC::Wasm::Plan::parseAndValidateModule):
(JSC::Wasm::Plan::prepare):
(JSC::Wasm::Plan::compileFunctions):
(JSC::Wasm::Plan::complete):
(JSC::Wasm::Plan::cancel):

  • wasm/WasmPlan.h:

(JSC::Wasm::Plan::internalFunctionCount):
(JSC::Wasm::Plan::takeModuleInformation):

  • wasm/WasmSignature.cpp:

(JSC::Wasm::SignatureInformation::get):

  • wasm/WasmSignature.h:
  • wasm/WasmValidate.cpp:

(JSC::Wasm::validateFunction):

  • wasm/WasmValidate.h:
  • wasm/js/JSWebAssemblyHelpers.h:

(JSC::createSourceBufferFromValue):

  • wasm/js/JSWebAssemblyModule.cpp:

(JSC::JSWebAssemblyModule::createStub):
(JSC::JSWebAssemblyModule::JSWebAssemblyModule):
(JSC::JSWebAssemblyModule::finishCreation):

  • wasm/js/JSWebAssemblyModule.h:

(JSC::JSWebAssemblyModule::moduleInformation):
(JSC::JSWebAssemblyModule::source):

  • wasm/js/WebAssemblyInstanceConstructor.cpp:

(JSC::constructJSWebAssemblyInstance):

  • wasm/js/WebAssemblyModuleConstructor.cpp:

(JSC::WebAssemblyModuleConstructor::createModule):

  • wasm/js/WebAssemblyModulePrototype.cpp:

(JSC::webAssemblyModuleProtoCustomSections):
(JSC::webAssemblyModuleProtoImports):
(JSC::webAssemblyModuleProtoExports):

  • wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):

  • wasm/js/WebAssemblyModuleRecord.h:
  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::webAssemblyCompileFunc):
(JSC::instantiate):
(JSC::compileAndInstantiate):

Source/WTF:

This adds a new String::fromUTF8 that converts a vector of characters to
a string.

Also, it cleans up some style.

  • wtf/text/WTFString.h:

(WTF::String::fromUTF8):

  • wtf/unicode/UTF8.cpp:

(WTF::Unicode::convertLatin1ToUTF8):

5:48 PM Changeset in webkit [214918] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

More build fixing.

  • platform/spi/mac/AVFoundationSPI.h:
5:25 PM Changeset in webkit [214917] by fpizlo@apple.com
  • 10 edits in trunk/Source

B3::fixSSA() needs a tune-up
https://bugs.webkit.org/show_bug.cgi?id=170485

Reviewed by Saam Barati.

Source/JavaScriptCore:

After the various optimizations to liveness, register allocation, and other phases, the
fixSSA() phase now looks like one of the top offenders. This includes a bunch of
changes to make this phase run faster. This is a ~7% wasm -O1 compile time progression.

Here's what I did:

  • We now use IndexSparseSet instead of IndexMap for tracking variable values. This makes it cheaper to chew through small blocks while there is a non-trivial number of total variables.


  • We now do a "local SSA conversion" pass before anything else. This eliminates obvious Get's. If we were using temporary Variables, it would eliminate many of those. That's useful for when we use demoteValues() and duplciateTails(). For wasm -O1, we mainly care about the fact that it makes a bunch of Set's dead.


  • We now do a Set DCE pass after the local SSA but before SSA conversion. This ensures that any block-local live intervals of Variables disappear and don't need further consideration.


  • We now cache the reaching defs calculation.


  • We now perform the reaching defs calculation lazily.
  • b3/B3FixSSA.cpp:

(JSC::B3::demoteValues):
(JSC::B3::fixSSA):

  • b3/B3SSACalculator.cpp:

(JSC::B3::SSACalculator::reachingDefAtTail):

  • b3/B3VariableLiveness.cpp:

(JSC::B3::VariableLiveness::VariableLiveness):

  • b3/air/AirLiveness.h:

(JSC::B3::Air::Liveness::Liveness):

  • dfg/DFGLivenessAnalysisPhase.cpp:

(JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase): Deleted.
(JSC::DFG::LivenessAnalysisPhase::run): Deleted.
(JSC::DFG::LivenessAnalysisPhase::processBlock): Deleted.

Source/WTF:

This makes IndexSparseSet capable of being used as a map if you instantiate it with
KeyValuePair<unsigned, ValueType>.

  • wtf/HashTraits.h:
  • wtf/IndexSparseSet.h:

(WTF::DefaultIndexSparseSetTraits::create):
(WTF::DefaultIndexSparseSetTraits::key):
(WTF::OverflowHandler>::IndexSparseSet):
(WTF::OverflowHandler>::add):
(WTF::OverflowHandler>::set):
(WTF::OverflowHandler>::remove):
(WTF::OverflowHandler>::clear):
(WTF::OverflowHandler>::size):
(WTF::OverflowHandler>::isEmpty):
(WTF::OverflowHandler>::contains):
(WTF::OverflowHandler>::sort):
(WTF::IndexSparseSet<OverflowHandler>::IndexSparseSet): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::add): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::remove): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::clear): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::size): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::isEmpty): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::contains): Deleted.
(WTF::IndexSparseSet<OverflowHandler>::sort): Deleted.

  • wtf/Liveness.h:

(WTF::Liveness::LocalCalc::Iterable::iterator::iterator):
(WTF::Liveness::workset):

5:23 PM Changeset in webkit [214916] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Do some minor FEColorMatrix code cleanup and optimization
https://bugs.webkit.org/show_bug.cgi?id=170474

Reviewed by Dean Jackson.

Don't switch inside of a pixel processing loop; repeat the loop inside switch (filterType).

Change matrix() and saturateAndHueRotate() to dereference the source pixels once, instead
of multiple times, which is faster.

This kind of code benefits from aligning things with spaces for readability, so do so,
violating webkit style.

Add some off-by-default performance logging code.

Increases pixel processing performance from about 86ms per megapixel to 65ms per megapixel.

  • platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::matrix):
(WebCore::saturateAndHueRotate):
(WebCore::effectType):
(WebCore::FEColorMatrix::platformApplySoftware):

5:05 PM Changeset in webkit [214915] by Brent Fulgham
  • 3 edits
    2 adds in trunk

Do not assert when CharacterData representing an Attr fires events
https://bugs.webkit.org/show_bug.cgi?id=170454
<rdar://problem/30979320>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Make the NoEventDispatchAssertion in CharacterData::notifyParentAfterChange conditional
since Attr elements should be allowed to fire events.

Tests: fast/dom/no-assert-for-malformed-js-url-attribute.html

  • dom/CharacterData.cpp:

(WebCore::CharacterData::notifyParentAfterChange):

LayoutTests:

  • fast/dom/no-assert-for-malformed-js-url-attribute-expected.txt: Added.
  • fast/dom/no-assert-for-malformed-js-url-attribute.html: Added.
4:38 PM Changeset in webkit [214914] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Remove stale LLVM Header Path includes from JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=170483

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-04
Reviewed by Mark Lam.

  • Configurations/Base.xcconfig:
4:37 PM Changeset in webkit [214913] by commit-queue@webkit.org
  • 7 edits in trunk

LayoutTest webrtc/libwebrtc/descriptionGetters.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=169481

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-04
Reviewed by Eric Carlson.

Source/WebCore:

No need to enumerate all network interfaces in most layout tests.
Adding an Internals API for that in case we want to use TCP localhost candidates.

  • testing/Internals.cpp:

(WebCore::Internals::Internals):
(WebCore::Internals::setEnumeratingAllNetworkInterfacesEnabled):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • platform/mac-wk2/TestExpectations: Removing flaky expectation.
  • webrtc/datachannel/basic.html:
4:32 PM Changeset in webkit [214912] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix: fix compilation error on Sierra.

  • platform/spi/mac/AVFoundationSPI.h:
4:32 PM Changeset in webkit [214911] by Simon Fraser
  • 2 edits in trunk/Tools

Various settings in Minibrowser are off by default, and should be on
https://bugs.webkit.org/show_bug.cgi?id=170465
rdar://problem/31421543

Reviewed by Tim Horton.

Explicitly set preferences that should be on by default to enabled, if they have not been
set previously.

  • MiniBrowser/mac/SettingsController.m:

(-[SettingsController init]):

3:57 PM Changeset in webkit [214910] by Megan Gardner
  • 2 edits in trunk/Source/WebKit/mac

Fix leaks in WebUITextIndicatorData
https://bugs.webkit.org/show_bug.cgi?id=170480

Reviewed by Wenson Hsieh.

Removes extraneous retains.

  • WebView/WebView.mm:

(-[WebUITextIndicatorData initWithImage:textIndicatorData:scale:]):

3:48 PM Changeset in webkit [214909] by jfbastien@apple.com
  • 2 edits in trunk/Tools

reviewer

3:37 PM Changeset in webkit [214908] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

B3::LowerToAir incorrectly selects BitXor(AtomicStrongCAS(...), $1)
https://bugs.webkit.org/show_bug.cgi?id=169867

Reviewed by Saam Barati.

The BitXor(AtomicWeakCAS(...), $1) optimization makes a lot of sense because we an fold the
BitXor into the CAS condition read-out. But there is no version of this that is profitable or
correct for AtomicStrongCAS. The inversion case is handled by Equal(AtomicStrongCAS(...), ...)
becoming NotEqual(AtomicStrongCAS(...), ...), and we alraedy handle that separately.

So, the fix here is to make the BitXor CAS pattern only recognize AtomicWeakCAS.

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/testb3.cpp:

(JSC::B3::testAtomicStrongCAS):

3:30 PM Changeset in webkit [214907] by jer.noble@apple.com
  • 4 edits in trunk/Source/WebCore

Move AVSampleBufferDisplayLayer declarations into AVFoundationSPI.h
https://bugs.webkit.org/show_bug.cgi?id=170471

Reviewed by Eric Carlson.

Move the declaration of AVSampleBufferDisplayLayer (and related classes) into AVFoundationSPI.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Deleted.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer): Deleted.

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
  • platform/spi/mac/AVFoundationSPI.h:
3:23 PM Changeset in webkit [214906] by Brian Burg
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: layout issues in Type Profiler popovers
https://bugs.webkit.org/show_bug.cgi?id=170467

Reviewed by Timothy Hatcher.

Flip some margins and padding. Remove the -1px leading margin for
the prototype disclosure button, as it is unnecessary and looks
(more) wrong when in RTL.

  • UserInterface/Views/TypeTreeElement.css:

(.item.type-tree-element > .disclosure-button):
(.item.type-tree-element.prototype):
(body[dir=ltr] .item.type-tree-element.prototype):
(body[dir=rtl] .item.type-tree-element.prototype):

  • UserInterface/Views/TypeTreeView.css:

(.tree-outline.type):
(body[dir=ltr] .tree-outline.type):
(body[dir=rtl] .tree-outline.type):
(.tree-outline.type li .empty-message):
(body[dir=ltr] .tree-outline.type li .empty-message):
(body[dir=rtl] .tree-outline.type li .empty-message):

3:23 PM Changeset in webkit [214905] by sbarati@apple.com
  • 49 edits
    2 moves
    1 add in trunk/Source

WebAssembly: JSWebAssemblyCallee should not be a JSCell
https://bugs.webkit.org/show_bug.cgi?id=170135

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This patch is perhaps the last big change to the design of fundamental
Wasm API to allow for PIC. It changes JSWebAssemblyCallee into a thing
called Wasm::Callee. It serves the same purpose as before, except
Wasm::Callee is not a JSCell. I had to refactor the various parts of the
runtime that will see CallFrame's with Wasm::Callee's in the callee slot.
Thankfully, the parts of the runtime that Wasm touches are limited. The
main refactoring is changing the exception handling code, such as taking
a stack trace, to be friendly to seeing a non JSCell callee.

The callee() function on ExecState now returns a class I added in this
patch called CalleeBits. CalleeBits will tell you if the callee is a
JSCell or a Wasm::Callee. We tag Wasm::Callee's with a 1 in their lower
bit so we can easily tell what is and isn't a Wasm::Callee.

The stub that calls out from Wasm to JS still puts a JSCell callee
into the call frame, even though the callee logically represents a
Wasm frame. The reason for this is that we use the call IC infrastructure
to make a call out to JS code, and the code that writes the IC expects
a JSCell as the callee. This is knowingly part of our design. When we
do structured cloning of Wasm Modules, we'll need to regenerate these
JS call stubs.

  • API/JSContextRef.cpp:

(BacktraceFunctor::operator()):

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • debugger/Debugger.cpp:

(JSC::Debugger::pauseIfNeeded):
(JSC::Debugger::currentDebuggerCallFrame):

  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::create):
(JSC::DebuggerCallFrame::DebuggerCallFrame):
(JSC::DebuggerCallFrame::currentPosition):
(JSC::DebuggerCallFrame::positionForCallFrame):

  • debugger/DebuggerCallFrame.h:
  • interpreter/CallFrame.cpp:

(JSC::CallFrame::vmEntryGlobalObject):
(JSC::CallFrame::wasmAwareLexicalGlobalObject):
(JSC::CallFrame::isAnyWasmCallee):
(JSC::CallFrame::callerSourceOrigin):

  • interpreter/CallFrame.h:

(JSC::ExecState::calleeAsValue):
(JSC::ExecState::jsCallee):
(JSC::ExecState::callee):
(JSC::ExecState::unsafeCallee):
(JSC::ExecState::scope):
(JSC::ExecState::iterate):

  • interpreter/CalleeBits.h: Added.

(JSC::CalleeBits::CalleeBits):
(JSC::CalleeBits::operator=):
(JSC::CalleeBits::boxWasm):
(JSC::CalleeBits::isWasm):
(JSC::CalleeBits::isCell):
(JSC::CalleeBits::asCell):
(JSC::CalleeBits::asWasmCallee):
(JSC::CalleeBits::rawPtr):

  • interpreter/Interpreter.cpp:

(JSC::GetStackTraceFunctor::operator()):
(JSC::Interpreter::getStackTrace):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMEntryFrameCalleeSavesBuffer):
(JSC::Interpreter::unwind):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):

  • interpreter/Interpreter.h:
  • interpreter/Register.h:

(JSC::Register::pointer):

  • interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::update):

  • interpreter/ShadowChickenInlines.h:

(JSC::ShadowChicken::iterate):

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::StackVisitor):
(JSC::StackVisitor::readFrame):
(JSC::StackVisitor::readNonInlinedFrame):
(JSC::StackVisitor::readInlinedFrame):
(JSC::StackVisitor::Frame::calleeSaveRegisters):
(JSC::StackVisitor::Frame::functionName):
(JSC::StackVisitor::Frame::dump):

  • interpreter/StackVisitor.h:

(JSC::StackVisitor::Frame::callee):
(JSC::StackVisitor::visit):

  • jit/Repatch.cpp:

(JSC::linkFor):
(JSC::linkPolymorphicCall):

  • jsc.cpp:

(callWasmFunction):
(functionTestWasmModuleFunctions):

  • runtime/ArrayPrototype.cpp:
  • runtime/Error.cpp:

(JSC::addErrorInfoAndGetBytecodeOffset):

  • runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::finishCreation):

  • runtime/JSCell.cpp:

(JSC::JSCell::isAnyWasmCallee): Deleted.

  • runtime/JSCell.h:
  • runtime/JSCellInlines.h:

(JSC::ExecState::vm):

  • runtime/JSFunction.cpp:

(JSC::RetrieveArgumentsFunctor::operator()):
(JSC::RetrieveCallerFunctionFunctor::operator()):

  • runtime/JSGlobalObject.cpp:
  • runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::recordJSFrame):
(JSC::SamplingProfiler::processUnverifiedStackTraces):

  • runtime/SamplingProfiler.h:

(JSC::SamplingProfiler::UnprocessedStackFrame::UnprocessedStackFrame):

  • runtime/StackFrame.cpp:

(JSC::StackFrame::sourceURL):
(JSC::StackFrame::functionName):

  • runtime/StackFrame.h:

(JSC::StackFrame::wasm):

  • runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::throwException):

  • runtime/VM.h:
  • wasm/JSWebAssembly.h:
  • wasm/WasmB3IRGenerator.cpp:
  • wasm/WasmBinding.cpp:

(JSC::Wasm::wasmToWasm):

  • wasm/WasmCallee.cpp: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.cpp.

(JSC::Wasm::Callee::Callee):
(JSC::JSWebAssemblyCallee::JSWebAssemblyCallee): Deleted.
(JSC::JSWebAssemblyCallee::finishCreation): Deleted.
(JSC::JSWebAssemblyCallee::destroy): Deleted.

  • wasm/WasmCallee.h: Copied from Source/JavaScriptCore/wasm/js/JSWebAssemblyCallee.h.

(JSC::Wasm::Callee::create):
(JSC::JSWebAssemblyCallee::create): Deleted.
(JSC::JSWebAssemblyCallee::createStructure): Deleted.
(JSC::JSWebAssemblyCallee::entrypoint): Deleted.
(JSC::JSWebAssemblyCallee::calleeSaveRegisters): Deleted.

  • wasm/WasmContext.h:
  • wasm/WasmPlan.cpp:
  • wasm/WasmPlan.h:
  • wasm/WasmPlanInlines.h:

(JSC::Wasm::Plan::initializeCallees):

  • wasm/WasmThunks.cpp:

(JSC::Wasm::throwExceptionFromWasmThunkGenerator):

  • wasm/js/JSWebAssemblyCallee.cpp: Removed.
  • wasm/js/JSWebAssemblyCallee.h: Removed.
  • wasm/js/JSWebAssemblyCodeBlock.cpp:

(JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
(JSC::JSWebAssemblyCodeBlock::initialize):
(JSC::JSWebAssemblyCodeBlock::visitChildren):

  • wasm/js/JSWebAssemblyCodeBlock.h:

(JSC::JSWebAssemblyCodeBlock::create):
(JSC::JSWebAssemblyCodeBlock::jsEntrypointCalleeFromFunctionIndexSpace):
(JSC::JSWebAssemblyCodeBlock::wasmEntrypointCalleeFromFunctionIndexSpace):
(JSC::JSWebAssemblyCodeBlock::wasmToJsCallStubForImport):
(JSC::JSWebAssemblyCodeBlock::offsetOfImportWasmToJSStub):
(JSC::JSWebAssemblyCodeBlock::setJSEntrypointCallee):
(JSC::JSWebAssemblyCodeBlock::setWasmEntrypointCallee):
(JSC::JSWebAssemblyCodeBlock::offsetOfImportStubs):
(JSC::JSWebAssemblyCodeBlock::allocationSize):
(JSC::JSWebAssemblyCodeBlock::importWasmToJSStub):
(JSC::JSWebAssemblyCodeBlock::callees): Deleted.
(JSC::JSWebAssemblyCodeBlock::offsetOfCallees): Deleted.

  • wasm/js/JSWebAssemblyInstance.h:

(JSC::JSWebAssemblyInstance::webAssemblyToJSCallee):

  • wasm/js/JSWebAssemblyModule.cpp:
  • wasm/js/WebAssemblyFunction.cpp:

(JSC::callWebAssemblyFunction):
(JSC::WebAssemblyFunction::create):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
(JSC::WebAssemblyFunction::visitChildren):
(JSC::WebAssemblyFunction::finishCreation):

  • wasm/js/WebAssemblyFunction.h:

(JSC::WebAssemblyFunction::wasmEntrypoint):
(JSC::WebAssemblyFunction::jsEntrypoint):
(JSC::WebAssemblyFunction::offsetOfWasmEntrypoint):
(JSC::WebAssemblyFunction::offsetOfWasmEntryPointCode): Deleted.

  • wasm/js/WebAssemblyModuleConstructor.cpp:
  • wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::link):
(JSC::WebAssemblyModuleRecord::evaluate):

Source/WebCore:

  • bindings/js/JSDOMWindowBase.cpp:

(WebCore::callerDOMWindow):

3:19 PM Changeset in webkit [214904] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

WasmBench asserts in debug jsc
https://bugs.webkit.org/show_bug.cgi?id=170462

Reviewed by Saam Barati.

The assertion should have been an if.

  • wasm/WasmWorklist.cpp:
3:14 PM Changeset in webkit [214903] by commit-queue@webkit.org
  • 9 edits in trunk/Source/WebInspectorUI

Web Inspector: Include more Network information in Resource Details Sidebar
https://bugs.webkit.org/show_bug.cgi?id=170470

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-04
Reviewed by Brian Burg.

  • Localizations/en.lproj/localizedStrings.js:

Updated localized strings.

  • UserInterface/Models/Resource.js:

(WebInspector.Resource.displayNameForProtocol):
(WebInspector.Resource.displayNameForPriority):
Aggregate all display name helpers here.

  • UserInterface/Views/DetailsSectionSimpleRow.js:

(WebInspector.DetailsSectionSimpleRow.prototype.get tooltip):
(WebInspector.DetailsSectionSimpleRow.prototype.set tooltip):
Allow setting a tooltip on the value.

  • UserInterface/Views/NetworkGridContentView.css:

(.cache-type):
Cache type shows up in multiple places. Simplify the CSS to apply anywhere.

  • UserInterface/Views/NetworkGridContentView.js:

(WebInspector.NetworkGridContentView):

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):
Updated column names.

  • UserInterface/Views/ResourceDetailsSidebarPanel.js:

(WebInspector.ResourceDetailsSidebarPanel):
(WebInspector.ResourceDetailsSidebarPanel.prototype._refreshRequestAndResponse):
(WebInspector.ResourceDetailsSidebarPanel.prototype._cachedRowValue):
Include more detail information in the sidebar.

  • UserInterface/Views/ResourceTimelineDataGridNode.js:

(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ResourceTimelineDataGridNode.prototype._displayNameForPriority): Deleted.
Use shared code for display names.

3:05 PM Changeset in webkit [214902] by Brian Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: fix alignment of close button shown while docked
https://bugs.webkit.org/show_bug.cgi?id=170472

Reviewed by Matt Baker.

  • UserInterface/Views/Toolbar.css:

(.toolbar .control-section):
(body[dir=ltr] .toolbar .control-section):
(body[dir=rtl] .toolbar .control-section):

2:48 PM Changeset in webkit [214901] by fpizlo@apple.com
  • 16 edits in trunk/Source/JavaScriptCore

Air::lowerAfterRegAlloc should bail early if it finds no Shuffles or ColdCCalls
https://bugs.webkit.org/show_bug.cgi?id=170305

Reviewed by Saam Barati.

This reduces and sometimes completely eliminates the need to run lowerAfterRegAlloc().

This lowers the Shuffle for the arguments of a CCall before register allocation unless
the CCall arguments require a real shuffle (like if the CCall arguments were argument
registers). This lowers a ColdCCall like a CCall for optLevel<2.

Finally, lowerAfterRegAlloc() now checks if there are any Shuffles or CCalls before it
does anything else. For wasm at -O1, this means that the phase doesn't run at all. This
is a ~3% wasm -O1 compile time progression.

To make this easy, I changed optLevel into a property of Procedure and Code rather than
an argument we thread through everything. I like how Procedure and Code are dumping
ground classes. This does not bother me. Note that I cloned optLevel into Procedure and
Code so that it's cheap to query inside Air phases.

  • b3/B3Compile.cpp:

(JSC::B3::compile):

  • b3/B3Compile.h:
  • b3/B3Generate.cpp:

(JSC::B3::prepareForGeneration):
(JSC::B3::generateToAir):

  • b3/B3Generate.h:
  • b3/B3Procedure.cpp:

(JSC::B3::Procedure::setOptLevel):

  • b3/B3Procedure.h:

(JSC::B3::Procedure::optLevel):

  • b3/air/AirCode.h:

(JSC::B3::Air::Code::isPinned):
(JSC::B3::Air::Code::setOptLevel):
(JSC::B3::Air::Code::optLevel):

  • b3/air/AirEmitShuffle.cpp:

(JSC::B3::Air::ShufflePair::bank):
(JSC::B3::Air::ShufflePair::opcode):
(JSC::B3::Air::ShufflePair::inst):
(JSC::B3::Air::emitShuffle):

  • b3/air/AirEmitShuffle.h:

(JSC::B3::Air::moveFor):

  • b3/air/AirGenerate.cpp:

(JSC::B3::Air::prepareForGeneration):

  • b3/air/AirGenerate.h:
  • b3/air/AirLowerAfterRegAlloc.cpp:

(JSC::B3::Air::lowerAfterRegAlloc):

  • b3/air/AirLowerMacros.cpp:

(JSC::B3::Air::lowerMacros):

  • b3/testb3.cpp:

(JSC::B3::compileProc):

  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

2:32 PM Changeset in webkit [214900] by Simon Fraser
  • 5 edits in trunk/Source/WebCore

Change Document's lastHandledUserGestureTimestamp to be a MonotonicTime
https://bugs.webkit.org/show_bug.cgi?id=170468

Reviewed by Zalan Bujtas.

Change the double to MonotonicTime. No behavior change.

  • dom/Document.cpp:

(WebCore::Document::updateLastHandledUserGestureTimestamp):

  • dom/Document.h:

(WebCore::Document::lastHandledUserGestureTimestamp):

  • html/HTMLPlugInImageElement.cpp:

(WebCore::documentHadRecentUserGesture):

  • loader/FrameLoader.cpp:

(WebCore::shouldAskForNavigationConfirmation):

2:30 PM Changeset in webkit [214899] by Brian Burg
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: layout issues in debugger dashboard, arrows are on wrong side
https://bugs.webkit.org/show_bug.cgi?id=170425

Reviewed by Devin Rousso.

We need to move the up/down dashboard arrows to the trailing side for RTL.
Clean up some messy spacing rules so that the source location does not
overlap the arrows or get too close to the function icon.

  • UserInterface/Views/DashboardContainerView.css:

(.toolbar .dashboard):
(body[dir=ltr] .toolbar .dashboard):
(body[dir=rtl] .toolbar .dashboard):
(.dashboard-container .advance-arrow):
(body[dir=ltr] .dashboard-container .advance-arrow):
(body[dir=rtl] .dashboard-container .advance-arrow):
(.toolbar.label-only .dashboard-container .advance-arrow):
(body[dir=ltr] .toolbar.label-only .dashboard-container .advance-arrow):
(body[dir=rtl] .toolbar.label-only .dashboard-container .advance-arrow):

  • UserInterface/Views/DebuggerDashboardView.css:

(.toolbar .dashboard.debugger):
(body[dir=ltr] .toolbar .dashboard.debugger):
(body[dir=rtl] .toolbar .dashboard.debugger):
(.dashboard.debugger .navigation-bar):
(body[dir=ltr] .dashboard.debugger .navigation-bar):
(body[dir=rtl] .dashboard.debugger .navigation-bar):
(.dashboard.debugger > .location):
(.dashboard.debugger > .location > :first-child):
(body[dir=ltr] .dashboard.debugger > .location > :last-child):
(body[dir=rtl] .dashboard.debugger > .location > :last-child):
(.dashboard.debugger > .location .function-icon):
(body[dir=ltr] .dashboard.debugger > .location .function-icon):
(body[dir=rtl] .dashboard.debugger > .location .function-icon):
(.dashboard.debugger > .location .go-to-link):

2:22 PM Changeset in webkit [214898] by dino@apple.com
  • 2 edits in trunk/Websites/webkit.org

Unreviewed. Add details on how to enable the experimental feature.

  • demos/webgpu/index.html:
2:11 PM Changeset in webkit [214897] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[Debug] ASSERT(!throwScope.exception()) on imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status-worker.html
https://bugs.webkit.org/show_bug.cgi?id=170395
<rdar://problem/31394017>

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-04
Reviewed by Mark Lam.

No change of behavior.

  • bindings/js/JSDOMPromise.cpp:

(WebCore::DeferredPromise::reject): Adding early ASSERT that creating an exception is happening correctly.

2:08 PM Changeset in webkit [214896] by Jonathan Bedard
  • 3 edits in trunk/Tools

Increase timeouts for simulator testing

Unreviewed infrastructure fix.

  • Scripts/webkitpy/port/simulator_process.py:

(SimulatorProcess._start): Increase timeout from 3 to 6 seconds.

  • Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDevice.install_app): Increase timeout from 1 to 3 seconds.

1:09 PM Changeset in webkit [214895] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Rolling back the build fix, as it broke other builds.

  • platform/spi/mac/AVFoundationSPI.h:
1:03 PM Changeset in webkit [214894] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Build fix.

Rubber-stamped by Jer Noble.

  • platform/spi/mac/AVFoundationSPI.h:
12:59 PM Changeset in webkit [214893] by timothy_horton@apple.com
  • 24 edits in trunk

[Mac] -[WKWebView findMatchesForString:relativeToMatch:findOptions:maxResults:resultCollector:] invokes the resultCollector with didWrap = NO even when it wraps
https://bugs.webkit.org/show_bug.cgi?id=165801
<rdar://problem/29649535>

Reviewed by Wenson Hsieh.

New API tests: WebKit2.FindInPageWrapping*

Previously, when doing an incremental find that wrapped, we would
say that it did not, leading NSTextFinder to not provide its usual
wrapping UI, and other clients of the NSTextFinderClient protocol to
get confused by the lack of wrapping.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFindString):

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/API/APIFindClient.h:

(API::FindClient::didFindString):

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageFindClient):

  • UIProcess/Cocoa/FindClient.h:
  • UIProcess/Cocoa/FindClient.mm:

(WebKit::FindClient::didFindString):

  • WebProcess/WebPage/FindController.cpp:

(WebKit::FindController::updateFindUIAfterPageScroll):
(WebKit::FindController::findString):

  • WebProcess/WebPage/FindController.h:

Plumb DidWrap from FindController's call to findString back through
the DidFindString message.

  • UIProcess/mac/WKTextFinderClient.mm:

(-[WKTextFinderClient didFindStringMatchesWithRects:didWrapAround:]):
(-[WKTextFinderClient didFindStringMatchesWithRects:]): Deleted.
Make use of the new DidWrap information to stop lying to NSTextFinder
about whether a wrap actually occurred.

  • page/FrameTree.cpp:

(WebCore::FrameTree::traverseNextWithWrap):
(WebCore::FrameTree::traversePreviousWithWrap):
(WebCore::FrameTree::traverseNextInPostOrderWithWrap):

  • page/FrameTree.h:

Add CanWrap and DidWrap boolean enums, and add an optional out argument
to traverse*WithWrap indicating whether a wrap actually occurred.

  • history/CachedPage.cpp:

(WebCore::firePageShowAndPopStateEvents):

  • history/PageCache.cpp:

(WebCore::destroyRenderTree):
Adjust to the new CanWrap enum.

  • page/Page.cpp:

(WebCore::incrementFrame):
(WebCore::Page::findString):
(WebCore::Page::findStringMatchingRanges):
(WebCore::Page::rangeOfString):
(WebCore::Page::findMatchesForText):
(WebCore::Page::unmarkAllTextMatches):

  • page/Page.h:

Adjust to the new CanWrap enum, and optionally plumb DidWrap through
to callers of findString().

  • WebView/WebView.mm:

(incrementFrame):
Adjust to the new CanWrap enum.

  • TestWebKitAPI/Tests/WebKit2Cocoa/FindInPage.mm:

(TEST):
Add some tests for wrapping finds.

12:43 PM Changeset in webkit [214892] by Ryan Haddad
  • 1 edit
    2 adds in trunk/LayoutTests

Add back results that were accidentally removed with r214848.
https://bugs.webkit.org/show_bug.cgi?id=169301

Unreviewed test gardening.

  • platform/mac/fast/text/international/synthesized-italic-vertical-latin-expected.png: Added.
  • platform/mac/fast/text/international/synthesized-italic-vertical-latin-expected.txt: Added.
12:43 PM Changeset in webkit [214891] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-buttons-styles.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=170456

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
12:24 PM Changeset in webkit [214890] by commit-queue@webkit.org
  • 4 edits in trunk/LayoutTests

webrtc/peer-connection-audio-mute.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=170451

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-04
Reviewed by Eric Carlson.

  • TestExpectations: Removed flaky expectation for webrtc/peer-connection-audio-mute.html.
  • webrtc/peer-connection-remote-audio-mute.html: Added timer to ensure setting enable propagates.

Decreasing time spent at detecting hum or not.

  • webrtc/peer-connection-remote-audio-mute2.html: Ditto (but keeping flakiness expectation for now).
12:14 PM Changeset in webkit [214889] by jmarcell@apple.com
  • 1 copy in tags/Safari-603.2.2

Tag Safari-603.2.2.

12:10 PM Changeset in webkit [214888] by jmarcell@apple.com
  • 1 delete in tags/Safari-603.2.2

Deleting tag.

12:09 PM Changeset in webkit [214887] by fpizlo@apple.com
  • 12 edits in trunk/Source

Don't need to Air::reportUsedRegisters for wasm at -O1
https://bugs.webkit.org/show_bug.cgi?id=170459

Reviewed by Saam Barati.

Source/JavaScriptCore:

I did some refactorings to Liveness<> to try to understand its performance. Based on
this I concluded that the bigger immediate issue is just removing unnecessary phases
from -O1.

This removes Air::reportUsedRegisters() from -O1 if the user has indicated that he is
not interested in StackmapGenerationParams::usedRegisters(). The logic here is a bit
weird because of how Air does spill code generation. The register allocator's spiller
will emit spill code using identifiable spill slots, which allows subsequent phases to
register-allocate the spill slots. We do this by a forward flow CSE phase called
fixObviousSpills (which is a terrible name since there is no longer anything obvious
about some of the spills that this phase can fix!). As is most natural for CSEs over
3AC, it rewires the uses of redundant computations rather than removing the redundant
computations. This means that if a spill got "fixed", there may be either or both of
the following:

  • Dead loads from the stack.
  • Dead stores to the stack.


We know that a load from the stack is dead if the register is dead at the point of the
load. We know that a store to the stack is dead if the spill slot is dead at the point
of the store.

Unfortunately, liveness analysis - over either registers or spill slots - is expensive.

Fortunately, allocateStack() already does liveness analysis over spill slots. So, we
baked elimination of stores to the stack into that phase. That aspect of clean-up after
the spill CSE comes for free.

Also fortunately for the FTL, we have to do reportUsedRegisters() anyway. This is a
phase that enables StackmapGenerationParams::usedRegisters() to work, which then
enables the FTL's patchpoints to do crazy slow-path live range splitting. So, Air's
strategy for the load fix-up after spill CSE is to do it as part of
reportUsedRegisters().

This patch introduces the Procedure::setNeedsUsedRegisters() API. But if you set
needsUsedRegisters to false then we will still run reportUsedRegisters() at -O2 as an
optimization - it removes dead loads from the stack that are left behind from
fixObviousSpills().

This is a ~6% compile time progression at -O1.

  • b3/B3Procedure.h:

(JSC::B3::Procedure::setNeedsUsedRegisters):
(JSC::B3::Procedure::needsUsedRegisters):

  • b3/B3StackmapGenerationParams.h:
  • b3/B3VariableLiveness.cpp:

(JSC::B3::VariableLiveness::VariableLiveness):

  • b3/air/AirCode.cpp:

(JSC::B3::Air::Code::needsUsedRegisters):

  • b3/air/AirCode.h:
  • b3/air/AirGenerate.cpp:

(JSC::B3::Air::prepareForGeneration):

  • b3/air/AirLiveness.h:

(JSC::B3::Air::Liveness::Liveness):

  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

Source/WTF:

Just moved the liveness computation into a method, which enabled me to do the profiling
that I used to write this patch.

  • wtf/Liveness.h:

(WTF::Liveness::Liveness):
(WTF::Liveness::compute):

12:06 PM Changeset in webkit [214886] by commit-queue@webkit.org
  • 2 edits in trunk

[CMake] Enforce Python 2
https://bugs.webkit.org/show_bug.cgi?id=170439

Patch by Ross Kirsling <Ross Kirsling> on 2017-04-04
Reviewed by Brent Fulgham.

  • Source/cmake/WebKitCommon.cmake: Fail build immediately if Python 3 is detected.
11:01 AM Changeset in webkit [214885] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

[GTK] PLATFORM(GTK) && !USE(COORDINATED_GRAPHICS_THREADED) is no longer possible
https://bugs.webkit.org/show_bug.cgi?id=170458

Reviewed by Carlos Alberto Lopez Perez.

That is not supported anymore, so we can remove dead code from VideoSinkGStreamer.cpp

  • platform/graphics/gstreamer/VideoSinkGStreamer.cpp:

(VideoRenderRequestScheduler::VideoRenderRequestScheduler):

10:38 AM Changeset in webkit [214884] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark fast/images/animated-gif-webkit-transform.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=170410

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
10:20 AM Changeset in webkit [214883] by fpizlo@apple.com
  • 5 edits
    1 add in trunk/Source

Air liveness should build constraints and solve them rather than repeatedly parsing IR
https://bugs.webkit.org/show_bug.cgi?id=170421

Reviewed by Saam Barati.
Source/JavaScriptCore:


Inst::forEach<> is expensive. The LivenessAdapter uses forEach with a particularly
gnarly lambda that has many extra checks. Therefore, a lot of the time spent in
liveness analysis is just recomputing forEach<> and that lambda to get uses and defs.

This introduces LivenessConstraints<>, which is a liveness constraint system based on
Adapter. It basically caches the results of doing forEach. It'll give you the uses and
defs at each instruction boundary.

This is a ~5% compile time progression at optLevel=1. It's also a ~3% compile time
progression at optLevel=2.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • b3/air/AirLivenessAdapter.h:

(JSC::B3::Air::LivenessAdapter::LivenessAdapter):
(JSC::B3::Air::LivenessAdapter::forEachUse):
(JSC::B3::Air::LivenessAdapter::forEachDef):

  • b3/air/AirLivenessConstraints.h: Added.

(JSC::B3::Air::LivenessConstraints::Actions::Actions):
(JSC::B3::Air::LivenessConstraints::LivenessConstraints):
(JSC::B3::Air::LivenessConstraints::at):

Source/WTF:

  • wtf/Vector.h:

(WTF::minCapacity>::appendIfNotContains): Because sometimes Vector<> is the best kind of set.

9:12 AM Changeset in webkit [214882] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214319 - [JSC] MachineThreads does not consider situation that one thread has multiple VMs
https://bugs.webkit.org/show_bug.cgi?id=169819

Reviewed by Mark Lam.

The Linux port of PlatformThread suspend/resume mechanism relies on having a thread
specific singleton thread data, and was relying on MachineThreads::Thread to be this
thread specific singleton. But because MachineThreads::Thread is not a thread specific
singleton, we can get a deadlock in the GTK port's DatabaseProcess.

This patch fixes this issue by moving per thread data from MachineThreads::Thread to
MachineThreads::ThreadData, where there will only be one instance of
MachineThreads::ThreadData per thread. Each MachineThreads::Thread will now point to
the same MachineThreads::ThreadData for any given thread.

  • heap/MachineStackMarker.cpp:

(pthreadSignalHandlerSuspendResume):
(JSC::threadData):
(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::Thread::createForCurrentThread):
(JSC::MachineThreads::Thread::operator==):
(JSC::MachineThreads::ThreadData::ThreadData):
(JSC::MachineThreads::ThreadData::~ThreadData):
(JSC::MachineThreads::ThreadData::suspend):
(JSC::MachineThreads::ThreadData::resume):
(JSC::MachineThreads::ThreadData::getRegisters):
(JSC::MachineThreads::ThreadData::Registers::stackPointer):
(JSC::MachineThreads::ThreadData::Registers::framePointer):
(JSC::MachineThreads::ThreadData::Registers::instructionPointer):
(JSC::MachineThreads::ThreadData::Registers::llintPC):
(JSC::MachineThreads::ThreadData::freeRegisters):
(JSC::MachineThreads::ThreadData::captureStack):
(JSC::MachineThreads::tryCopyOtherThreadStacks):
(JSC::MachineThreads::Thread::~Thread): Deleted.
(JSC::MachineThreads::Thread::suspend): Deleted.
(JSC::MachineThreads::Thread::resume): Deleted.
(JSC::MachineThreads::Thread::getRegisters): Deleted.
(JSC::MachineThreads::Thread::Registers::stackPointer): Deleted.
(JSC::MachineThreads::Thread::Registers::framePointer): Deleted.
(JSC::MachineThreads::Thread::Registers::instructionPointer): Deleted.
(JSC::MachineThreads::Thread::Registers::llintPC): Deleted.
(JSC::MachineThreads::Thread::freeRegisters): Deleted.
(JSC::MachineThreads::Thread::captureStack): Deleted.

  • heap/MachineStackMarker.h:

(JSC::MachineThreads::Thread::operator!=):
(JSC::MachineThreads::Thread::suspend):
(JSC::MachineThreads::Thread::resume):
(JSC::MachineThreads::Thread::getRegisters):
(JSC::MachineThreads::Thread::freeRegisters):
(JSC::MachineThreads::Thread::captureStack):
(JSC::MachineThreads::Thread::platformThread):
(JSC::MachineThreads::Thread::stackBase):
(JSC::MachineThreads::Thread::stackEnd):

  • runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::isValidFramePointer):

  • runtime/VMTraps.cpp:

(JSC::findActiveVMAndStackBounds):

1:27 AM WebKitGTK/2.16.x edited by Carlos Garcia Campos
(diff)
1:16 AM Changeset in webkit [214881] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.16.1

WebKitGTK+ 2.16.1

1:15 AM Changeset in webkit [214880] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.16

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.16.1 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.16.1.
1:00 AM Changeset in webkit [214879] by jmarcell@apple.com
  • 6 edits
    8 adds in branches/safari-603-branch

Cherry-pick r214819. rdar://problem/31407633

1:00 AM Changeset in webkit [214878] by jmarcell@apple.com
  • 3 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r214703. rdar://problem/31407633

1:00 AM Changeset in webkit [214877] by jmarcell@apple.com
  • 3 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r214702. rdar://problem/31407633

1:00 AM Changeset in webkit [214876] by jmarcell@apple.com
  • 2 edits in branches/safari-603-branch/Source/JavaScriptCore

Cherry-pick r214684. rdar://problem/31402752

1:00 AM Changeset in webkit [214875] by jmarcell@apple.com
  • 2 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r214649. rdar://problem/31407626

1:00 AM Changeset in webkit [214874] by jmarcell@apple.com
  • 2 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r214648. rdar://problem/31408453

1:00 AM Changeset in webkit [214873] by jmarcell@apple.com
  • 6 edits
    2 adds in branches/safari-603-branch

Cherry-pick r214640. rdar://problem/31408453

1:00 AM Changeset in webkit [214872] by jmarcell@apple.com
  • 3 edits in branches/safari-603-branch/Source/WebKit2

Cherry-pick r211601. rdar://problem/31387958

12:31 AM Changeset in webkit [214871] by Carlos Garcia Campos
  • 4 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214857 - Fix incorrect capacity delta calculation reported in SparseArrayValueMap::add().
https://bugs.webkit.org/show_bug.cgi?id=170412
<rdar://problem/29697336>

Reviewed by Filip Pizlo.

JSTests:

  • stress/regress-170412.js: Added.

Source/JavaScriptCore:

Here's an example of code that will trigger underflow in the "deprecatedExtraMemory"
reported by SparseArrayValueMap::add() that is added to Heap::m_deprecatedExtraMemorySize:

arr = new Array;
Object.defineProperty(arr, 18, ({writable: true, configurable: true}));
for (var i = 0; i < 3; ++i) {

Array.prototype.push.apply(arr, ["", () => {}, {}]);
Array.prototype.sort.apply(arr, [() => {}, []]);

}

However, Heap::m_deprecatedExtraMemorySize is only 1 of 3 values that are added
up to form the result of Heap::extraMemorySize(). Heap::m_extraMemorySize and
Heap::m_arrayBuffers.size() are the other 2.

While Heap::m_arrayBuffers.size() is bounded by actual allocated memory, both
Heap::m_deprecatedExtraMemorySize and Heap::m_extraMemorySize are added to
without any bounds checks, and they are only reset to 0 at the start of a full
GC. As a result, if we have a long sequence of eden GCs with a lot of additions
to Heap::m_extraMemorySize and/or Heap::m_deprecatedExtraMemorySize, then these
values could theoretically overflow. Coupling this with the underflow from
SparseArrayValueMap::add(), the result for Heap::extraMemorySize() can easily
overflow. Note: Heap::extraMemorySize() is used to compute the value
currentHeapSize.

If multiple conditions line up just right, the above overflows can result in this
debug assertion failure during an eden GC:

ASSERT(currentHeapSize >= m_sizeAfterLastCollect);

Otherwise, the effects of the overflows will only result in the computed
currentHeapSize not being representative of actual memory usage, and therefore,
a full GC may be triggered earlier or later than is ideal.

This patch ensures that SparseArrayValueMap::add() cannot underflow
Heap::m_deprecatedExtraMemorySize. It also adds overflows checks in the
calculations of Heap::m_deprecatedExtraMemorySize, Heap::m_extraMemorySize, and
Heap::extraMemorySize() so that their values are saturated appropriately to
ensure that GC collections are triggered based on representative memory usage.

  • heap/Heap.cpp:

(JSC::Heap::deprecatedReportExtraMemorySlowCase):
(JSC::Heap::extraMemorySize):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::reportExtraMemoryVisited):

  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::add):

12:28 AM Changeset in webkit [214870] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214842 - REGRESSION (r206744): CSS background-image in style attribute ignored when using createHTMLDocument method of DOM parsing
https://bugs.webkit.org/show_bug.cgi?id=170285
<rdar://problem/31378543>

Reviewed by Andy Estes.

Source/WebCore:

r206744 caused up to stop trying to resolve relative URLs when trying to load an image
referred to by CSS. We already try to resolve the relative URL when parsing the CSS
property so this will usually work fine. However, in the case when the CSS property
is parsed in detached document and then moved to another document, we will not have
the complete URL.

Test: fast/images/background-image-relative-url-changes-document.html

  • css/CSSImageValue.cpp:

(WebCore::CSSImageValue::loadImage):

LayoutTests:

Add layout test coverage.

  • fast/images/background-image-relative-url-changes-document-expected.html: Added.
  • fast/images/background-image-relative-url-changes-document.html: Added.
12:27 AM Changeset in webkit [214869] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214830 - REGRESSION (r207669): FileMaker Pro Help pages do not render correctly
https://bugs.webkit.org/show_bug.cgi?id=170402
<rdar://problem/31004344>

Reviewed by Simon Fraser.

Source/WebCore:

If a new stylesheet load is started from the load event the document.styleSheets does not
always reflect the already loaded stylesheets.

Test: fast/css/document-stylesheets-dynamic.html

  • style/StyleScope.cpp:

(WebCore::Style::Scope::updateActiveStyleSheets):

Remove an old optimization where we would not update active stylesheets if there were pending
(head) stylesheet loads and they had not been updated already.
This is probably not a valuable optimization anymore with the new lazy stylesheet update strategy.

  • style/StyleScope.h:

LayoutTests:

  • fast/css/document-stylesheets-dynamic-expected.html: Added.
  • fast/css/document-stylesheets-dynamic.html: Added.
12:20 AM Changeset in webkit [214868] by pvollan@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed Windows build fix.

  • bindings/js/JSDOMGuardedObject.h:
12:04 AM Changeset in webkit [214867] by Yusuke Suzuki
  • 4 edits
    1 copy
    1 add in trunk/Source/WTF

[WTF] Introduce WTF::RandomDevice which keeps /dev/urandom opened
https://bugs.webkit.org/show_bug.cgi?id=170095

Reviewed by Michael Catanzaro.

In this patch, we introduce RandomDevice, which keeps /dev/urandom opened
to avoid repeatedly open and close urandom file descriptor in Linux.

The purpose is similar to std::random_device, but WTF::RandomDevice explicitly
avoids using ARC4, which is recently attempted to be removed from the WebKit
tree[1].

[1]: https://trac.webkit.org/r214329

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/OSRandomSource.cpp:

(WTF::cryptographicallyRandomValuesFromOS):
(WTF::crashUnableToOpenURandom): Deleted.
(WTF::crashUnableToReadFromURandom): Deleted.

  • wtf/RandomDevice.cpp: Copied from Source/WTF/wtf/OSRandomSource.cpp.

(WTF::crashUnableToOpenURandom):
(WTF::crashUnableToReadFromURandom):
(WTF::RandomDevice::RandomDevice):
(WTF::RandomDevice::~RandomDevice):
(WTF::RandomDevice::cryptographicallyRandomValues):

  • wtf/RandomDevice.h: Added.

Apr 3, 2017:

11:52 PM Changeset in webkit [214866] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Add some new patterns to filter-build-webkit
https://bugs.webkit.org/show_bug.cgi?id=170429

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-03
Reviewed by Alexey Proskuryakov.

  • Scripts/filter-build-webkit:

(setOutputFormatOption):

9:31 PM Changeset in webkit [214865] by wenson_hsieh@apple.com
  • 16 edits
    1 copy in trunk

Data interaction should register type identifiers in order of priority
https://bugs.webkit.org/show_bug.cgi?id=170428
<rdar://problem/30633296>

Reviewed by Tim Horton.

Source/WebCore:

Currently, due to the shared logic for writing to a UIPasteboard (in the case of copy/paste) and the shared
UIItemProvider-based pasteboard wrapper (in the case of data interaction), we don't enforce any particular
ordering in which type identifiers are registered in the generated item provider. This is because
-[UIPasteboard setItems:] only takes an unordered mapping of type identifiers to objects.

To fix this, we introduce a separate way to set pasteboard data that first writes a list of object
representations in order of priority (which is dependent on the content being interacted with) and then register
individual type-data mappings at the end.

Augmented existing API tests in DataInteractionTests to check for the existence and priority of type identifiers
in the UIItemProviders created upon starting data interaction. Also adds a new unit test:
DataInteractionTests.TextAreaToInput.

  • WebCore.xcodeproj/project.pbxproj:
  • editing/cocoa/EditorCocoa.mm:

(WebCore::archivedDataForAttributedString):
(WebCore::Editor::writeSelectionToPasteboard):
(WebCore::Editor::writeSelection):

  • platform/Pasteboard.h:
  • platform/PasteboardWriterData.h:
  • platform/PlatformPasteboard.h:
  • platform/ios/AbstractPasteboard.h:
  • platform/ios/AbstractPasteboard.mm: Copied from Source/WebCore/platform/ios/AbstractPasteboard.h.

Introduce WebPasteboardItemData, a wrapper around a list of objects representating the pasteboard data in order
of priority, and a dictionary containing additional NSData blobs that contain data useful for private clients.

(+[WebPasteboardItemData itemWithRepresentingObjects:additionalData:]):
(-[WebPasteboardItemData initWithRepresentingObjects:additionalData:]):
(-[WebPasteboardItemData representingObjects]):
(-[WebPasteboardItemData additionalData]):

  • platform/ios/PlatformPasteboardIOS.mm:

(WebCore::richTextRepresentationsForPasteboardWebContent):
(WebCore::PlatformPasteboard::writeObjectRepresentations):
(WebCore::PlatformPasteboard::write):

Tweaked to check whether the pasteboard responds to -setItemsFromObjectRepresentations:. If so, uses the
PlatformPasteboard::writeObjectRepresentations codepath to write data to the pasteboard, respecting type
priority.

  • platform/ios/WebItemProviderPasteboard.mm:

(-[WebItemProviderPasteboard pasteboardTypes]):
(-[WebItemProviderPasteboard setItemProviders:]):
(-[WebItemProviderPasteboard setItemsFromObjectRepresentations:]):

Replaces -setItems: with -setItemsFromObjectRepresentations:, which respects the priority of each object
representation of the data in the pasteboard.

(-[WebItemProviderPasteboard setItems:]): Deleted.

Source/WebKit2:

Serialize PasteboardWebContent.dataInAttributedStringFormat when sending over IPC. Refer to WebCore ChangeLog
for more details.

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<PasteboardWebContent>::encode):
(IPC::ArgumentCoder<PasteboardWebContent>::decode):

  • UIProcess/API/Cocoa/WKWebView.mm:

Tools:

Augments existing unit tests to check for the existence and priority of type identifiers in the UIItemProviders
created upon starting data interaction. Also fixes a race condition in one of the unit tests and adds a new unit
test for data interaction from a textarea to an input.

  • TestWebKitAPI/Tests/ios/DataInteractionTests.mm:

(checkTypeIdentifierPrecedesOtherTypeIdentifier):
(TestWebKitAPI::TEST):

  • TestWebKitAPI/ios/DataInteractionSimulator.h:
  • TestWebKitAPI/ios/DataInteractionSimulator.mm:

(-[DataInteractionSimulator _advanceProgress]):
(-[DataInteractionSimulator sourceItemProviders]):
(-[DataInteractionSimulator _webView:showCustomSheetForElement:]):

8:30 PM Changeset in webkit [214864] by Brian Burg
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: results in Search navigation sidebar have misplaced highlights
https://bugs.webkit.org/show_bug.cgi?id=170292

Reviewed by Timothy Hatcher.

  • UserInterface/Models/SourceCodeSearchMatchObject.js:

(WebInspector.SourceCodeSearchMatchObject.prototype.get className):

  • UserInterface/Views/SearchIcons.css:

(.source-code-match .icon):
(.source-code-match-icon .icon): Deleted.
Remove -icon suffix from the class name since the class is attached to a result
and is not specific to the icon displayed within the result <li>.

  • UserInterface/Views/SearchResultTreeElement.js:

(WebInspector.SearchResultTreeElement.truncateAndHighlightTitle):
Flip the leading and trailing context in RTL so that the highlight is not overflowed
to the left when too much context is included on the right side. Less context must be
used in RTL because we must not overflow to the right, as it may hide the result. And,
we don't know the exact starting character either as it may be overflowed to the right
as the user resizes the expanded sidebar larger or smaller. So show less context to
be conservative about never overflowing the highlighted result string.

  • UserInterface/Views/SearchSidebarPanel.css:

(.sidebar > .panel.navigation.search .item.source-code-match .title):
When in RTL, show source code matches as LTR with text-align to right.

8:28 PM Changeset in webkit [214863] by webkit@devinrousso.com
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: clicking on the body of a CSS rule after editing the selector causes the section to disappear
https://bugs.webkit.org/show_bug.cgi?id=169803

Reviewed by Timothy Hatcher.

  • UserInterface/Views/CSSStyleDeclarationSection.js:

(WebInspector.CSSStyleDeclarationSection.prototype._handleKeyDown):
(WebInspector.CSSStyleDeclarationSection.prototype._handleBlur):
Keep the section marked as _editorActive if the action taken would still place focus
within the section (selector or properties). Doing so will prevent it from being removed.

8:20 PM Changeset in webkit [214862] by Brian Burg
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: hierarchical path component labels should guess directionality based on content
https://bugs.webkit.org/show_bug.cgi?id=170298

Reviewed by Timothy Hatcher.

  • UserInterface/Views/HierarchicalPathComponent.js:

(WebInspector.HierarchicalPathComponent):
Use dir="auto" since this will properly set 'unicode-bidi:isolate' for form elements too.
This is applied to the title label and to the <select> for the path component.

8:19 PM Changeset in webkit [214861] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Show additional pause reason details for DOM "subtree modified" breakpoint
https://bugs.webkit.org/show_bug.cgi?id=169479

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

New Pause Reason UI strings.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype._updatePauseReasonSection):
Include a link for the target node when breaking for subtree modifications.
This is either the parent of a node being inserted, or a node that is
being removed.

6:22 PM Changeset in webkit [214860] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Re-adding flaky timeout expectation for http/tests/loading/resourceLoadStatistics/non-prevalent-resource-with-user-interaction.html

This test still times out, most of the time.

  • platform/wk2/TestExpectations:
5:57 PM Changeset in webkit [214859] by clopez@igalia.com
  • 2 edits in trunk/Tools

[GTK][JHBuild] Update mesa repository url for tarballs
https://bugs.webkit.org/show_bug.cgi?id=170431

Reviewed by Michael Catanzaro.

  • gtk/jhbuild.modules:
5:42 PM Changeset in webkit [214858] by commit-queue@webkit.org
  • 2 edits
    1 delete in trunk/Tools

TestWebKitAPI: Warning: Multiple build commands for Ahem.ttf
https://bugs.webkit.org/show_bug.cgi?id=170430

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-03
Reviewed by Alexey Proskuryakov.

  • TestWebKitAPI/Tests/mac/Ahem.ttf: Removed.

Eliminate one of the copies of Ahem.ttf.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

Once eliminated, there is now only one Ahem.ttf that is copied
to the Resources bundle. Drive-by sort the project file.

5:42 PM Changeset in webkit [214857] by mark.lam@apple.com
  • 4 edits
    1 add in trunk

Fix incorrect capacity delta calculation reported in SparseArrayValueMap::add().
https://bugs.webkit.org/show_bug.cgi?id=170412
<rdar://problem/29697336>

Reviewed by Filip Pizlo.

JSTests:

  • stress/regress-170412.js: Added.

Source/JavaScriptCore:

Here's an example of code that will trigger underflow in the "deprecatedExtraMemory"
reported by SparseArrayValueMap::add() that is added to Heap::m_deprecatedExtraMemorySize:

arr = new Array;
Object.defineProperty(arr, 18, ({writable: true, configurable: true}));
for (var i = 0; i < 3; ++i) {

Array.prototype.push.apply(arr, ["", () => {}, {}]);
Array.prototype.sort.apply(arr, [() => {}, []]);

}

However, Heap::m_deprecatedExtraMemorySize is only 1 of 3 values that are added
up to form the result of Heap::extraMemorySize(). Heap::m_extraMemorySize and
Heap::m_arrayBuffers.size() are the other 2.

While Heap::m_arrayBuffers.size() is bounded by actual allocated memory, both
Heap::m_deprecatedExtraMemorySize and Heap::m_extraMemorySize are added to
without any bounds checks, and they are only reset to 0 at the start of a full
GC. As a result, if we have a long sequence of eden GCs with a lot of additions
to Heap::m_extraMemorySize and/or Heap::m_deprecatedExtraMemorySize, then these
values could theoretically overflow. Coupling this with the underflow from
SparseArrayValueMap::add(), the result for Heap::extraMemorySize() can easily
overflow. Note: Heap::extraMemorySize() is used to compute the value
currentHeapSize.

If multiple conditions line up just right, the above overflows can result in this
debug assertion failure during an eden GC:

ASSERT(currentHeapSize >= m_sizeAfterLastCollect);

Otherwise, the effects of the overflows will only result in the computed
currentHeapSize not being representative of actual memory usage, and therefore,
a full GC may be triggered earlier or later than is ideal.

This patch ensures that SparseArrayValueMap::add() cannot underflow
Heap::m_deprecatedExtraMemorySize. It also adds overflows checks in the
calculations of Heap::m_deprecatedExtraMemorySize, Heap::m_extraMemorySize, and
Heap::extraMemorySize() so that their values are saturated appropriately to
ensure that GC collections are triggered based on representative memory usage.

  • heap/Heap.cpp:

(JSC::Heap::deprecatedReportExtraMemorySlowCase):
(JSC::Heap::extraMemorySize):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::reportExtraMemoryVisited):

  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::add):

5:41 PM Changeset in webkit [214856] by webkit@devinrousso.com
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: showing the Find banner doesn't immediately focus it
https://bugs.webkit.org/show_bug.cgi?id=169804

Reviewed by Matt Baker.

  • UserInterface/Base/Main.js:

(WebInspector._focusChanged):
Slightly change the logic from <https://webkit.org/b/168119> (r213689) to not prevent a new
selection if the focus change target is an element from WebInspector.startEditing.

5:10 PM Changeset in webkit [214855] by Simon Fraser
  • 2 edits in trunk/Tools

Allow MiniBrowser windows to receive local file drags again
https://bugs.webkit.org/show_bug.cgi?id=170422

Reviewed by Wenson Hsieh.

Adopt the new UIDelegate SPI to allow drops.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController _webView:dragDestinationActionMaskForDraggingInfo:]):

4:58 PM UsingGitWithWebKit edited by lingcherd_ho@apple.com
(diff)
4:40 PM Changeset in webkit [214854] by clopez@igalia.com
  • 2 edits in trunk/Tools

[GTK][JHBuild] Fetch libvpx from a release tarball instead of git
https://bugs.webkit.org/show_bug.cgi?id=170426

Reviewed by Michael Catanzaro.

  • gtk/jhbuild.modules:
4:11 PM Changeset in webkit [214853] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: WebSockets: Don't store binary frames in memory since they are never shown
https://bugs.webkit.org/show_bug.cgi?id=169649
<rdar://problem/31053069>

Reviewed by Brian Burg.

  • UserInterface/Models/WebSocketResource.js:

(WebInspector.WebSocketResource.prototype.addFrame):

4:08 PM Changeset in webkit [214852] by jfernandez@igalia.com
  • 7 edits in trunk

[css-align] Adapt place-content alignment shorthand to the new baseline syntax
https://bugs.webkit.org/show_bug.cgi?id=170340

Reviewed by David Hyatt.

Source/WebCore:

Now that the align-content and justify-content CSS properties are
adapted to the new baseline-position CSS values syntax we can adapt the
shorthand that controls such properties to the new syntax as well.

No new tests, just adding some additional cases to the tests we already have.

  • css/StyleProperties.cpp:

(WebCore::StyleProperties::getPropertyValue):
(WebCore::StyleProperties::placeContentPropertyValue):

  • css/StyleProperties.h:
  • css/parser/CSSPropertyParser.cpp:

(WebCore::isContentDistributionKeyword):
(WebCore::isContentPositionKeyword):
(WebCore::isOverflowKeyword):
(WebCore::getBaselineKeyword):
(WebCore::consumeContentDistributionOverflowPosition):
(WebCore::consumeSimplifiedContentPosition):

LayoutTests:

Added additional test cases to evaluate the new baseline-alignment syntax.

  • css3/parse-place-content-expected.txt:
  • css3/parse-place-content.html:
4:06 PM Changeset in webkit [214851] by n_wang@apple.com
  • 6 edits
    2 adds in trunk

AX: Expose link children when doing search predication on iOS
https://bugs.webkit.org/show_bug.cgi?id=170424
<rdar://problem/31413335>

Source/WebCore:

The children of links are accessible elements on iOS instead of the link itself,
so we should expose the children when doing predicated searches as well.

Reviewed by Chris Fleizach.

Test: accessibility/ios-simulator/ios-search-predicate-link-children.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::isAccessibilityObjectSearchMatchAtIndex):

Tools:

Reviewed by Chris Fleizach.

  • DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::uiElementForSearchPredicate):

  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::uiElementForSearchPredicate):

LayoutTests:

Reviewed by Chris Fleizach.

  • accessibility/ios-simulator/ios-search-predicate-link-children-expected.txt: Added.
  • accessibility/ios-simulator/ios-search-predicate-link-children.html: Added.
4:04 PM Changeset in webkit [214850] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

No audio output for MediaStream-backed audio elements on iOS
https://bugs.webkit.org/show_bug.cgi?id=170427

Reviewed by Eric Carlson.

The logic for setting the output timestamp offset in AudioSampleDataSource was reversed; instead of
subtracting out the timestamp of the first pull request, it effectively doubled it.

  • platform/audio/mac/AudioSampleDataSource.mm:

(WebCore::AudioSampleDataSource::pullSamplesInternal):

3:47 PM Changeset in webkit [214849] by dino@apple.com
  • 2 edits
    1 copy
    7 adds in trunk/Websites/webkit.org

Unreviewed. More WebGPU demos.

  • demos/webgpu/2d.jpg: Added.
  • demos/webgpu/2d.js:
  • demos/webgpu/circle.svg: Added.
  • demos/webgpu/cubes.jpg: Added.
  • demos/webgpu/hello.html: Added.
  • demos/webgpu/hello.jpg: Added.
  • demos/webgpu/hello.js: Copied from Websites/webkit.org/demos/webgpu/2d.js.

(init):
(render):

  • demos/webgpu/index.html: Added.
  • demos/webgpu/simple.jpg: Added.
3:28 PM Changeset in webkit [214848] by hyatt@apple.com
  • 8 edits
    2 deletes in trunk

Japanese fonts in vertical text should support synthesized italics
https://bugs.webkit.org/show_bug.cgi?id=169301

Reviewed by Simon Fraser.

Source/WebCore:

Updated test in fast/text/international.

  • platform/graphics/Font.cpp:

(WebCore::Font::nonSyntheticItalicFont): Deleted.

  • platform/graphics/Font.h:

Removed the non-synthetic italic font member, since it's not used.

  • platform/graphics/FontCascadeFonts.cpp:

(WebCore::glyphDataForNonCJKCharacterWithGlyphOrientation):
Patched to ensure that a text-orientation-fallback font data is always
returned in the synthetic oblique case, so that non-CJK and CJK are
guaranteed to be broken up so that their slants can be applied differently.

(WebCore::FontCascadeFonts::glyphDataForSystemFallback):
(WebCore::FontCascadeFonts::glyphDataForNormalVariant):
(WebCore::glyphDataForCJKCharacterWithoutSyntheticItalic): Deleted.
Patched to no longer turn off synthetic oblique for CJK.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::FontCascade::drawGlyphs):
Apply the correct italic transform to CJK when in vertical text.

LayoutTests:

  • fast/text/international/synthesized-italic-vertical-expected.html:
  • fast/text/international/synthesized-italic-vertical.html:
  • platform/mac/fast/text/international/synthesized-italic-vertical-latin-expected.png: Removed.
  • platform/mac/fast/text/international/synthesized-italic-vertical-latin-expected.txt: Removed.
3:10 PM Changeset in webkit [214847] by webkit@devinrousso.com
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: Preference for Auto Showing Scope Chain sidebar on pause
https://bugs.webkit.org/show_bug.cgi?id=149487

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Base/Setting.js:
  • UserInterface/Views/SettingsTabContentView.js:

(WebInspector.SettingsTabContentView.prototype.layout):
Add WebInspector.Setting for showing Scope Chain on pause.

  • UserInterface/Base/Main.js:

(WebInspector.showDebuggerTab):
(WebInspector._debuggerDidPause):

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.textEditorGutterContextMenu):
Modify parameters to use a dictionary of options instead of just a single value. In doing
so, add support for a value that will show the Scope Chain sidebar.

  • UserInterface/Views/SettingsTabContentView.css:

(.content-view.settings):
(.content-view.settings > .header):
Drive-by: add padding to bottom of Settings tab so that additional scroll space is mirrored.

3:10 PM Changeset in webkit [214846] by Brian Burg
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: layout issues in call frame tree elements and async call stacks
https://bugs.webkit.org/show_bug.cgi?id=170419

Reviewed by Matt Baker.

  • UserInterface/Views/CallFrameTreeElement.css:

(.tree-outline .item.call-frame .status):
(body[dir=ltr] .tree-outline .item.call-frame .status):
(body[dir=rtl] .tree-outline .item.call-frame .status):
Flip the current call frame indicator and make sure it sticks to the leading edge.

(.tree-outline .item.call-frame.async-boundary):
(body[dir=ltr] .tree-outline:not(.single-thread) > .children > .item.call-frame.async-boundary):
(body[dir=rtl] .tree-outline:not(.single-thread) > .children > .item.call-frame.async-boundary):
(.tree-outline .item.call-frame.async-boundary .icon):
(body[dir=ltr] .tree-outline .item.call-frame.async-boundary .icon):
(body[dir=rtl] .tree-outline .item.call-frame.async-boundary .icon):
Flip the icon's padding.

(.tree-outline .item.call-frame.async-boundary::after):
(body[dir=ltr] .tree-outline .item.call-frame.async-boundary::after):
(body[dir=rtl] .tree-outline .item.call-frame.async-boundary::after):
(.tree-outline .item.call-frame.async-boundary::before):
(body[dir=ltr] .tree-outline .item.call-frame.async-boundary::before):
(body[dir=rtl] .tree-outline .item.call-frame.async-boundary::before):
(.tree-outline:not(.single-thread) > .children > .item.call-frame.async-boundary): Deleted.
Fix the leading and trailing horizontal rules so they have correct spacing.

  • UserInterface/Views/CallFrameView.css:

(.call-frame .icon): Remove redundant property.

  • UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger .tree-outline.single-thread):
(body[dir=ltr] .sidebar > .panel.navigation.debugger .tree-outline.single-thread):
(body[dir=rtl] .sidebar > .panel.navigation.debugger .tree-outline.single-thread):
Fix the leading unindent for call tree frame elements.

3:09 PM Changeset in webkit [214845] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Remove no longer needed forward declarations
https://bugs.webkit.org/show_bug.cgi?id=170415

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-03
Reviewed by Dan Bernstein.

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:
3:09 PM Changeset in webkit [214844] by Matt Baker
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: Elements tab: show indicators for hidden DOM breakpoints
https://bugs.webkit.org/show_bug.cgi?id=168761

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

New DOM breakpoint content menu item.

  • UserInterface/Views/DOMTreeContentView.css:

(.content-view.dom-tree .tree-outline.dom li .status-image.breakpoint.subtree):
(.content-view.dom-tree .tree-outline.dom li.expanded .status-image.breakpoint.subtree):
New styles for collapsed breakpoint marker.

  • UserInterface/Views/DOMTreeElement.js:

(WebInspector.DOMTreeElement):
(WebInspector.DOMTreeElement.prototype.set breakpointStatus):
If the status change indicates the only breakpoint was added or removed,
update subtree breakpoint counts on the element's parent chain.

(WebInspector.DOMTreeElement.prototype.revealAndHighlight):
Reveal the tree element, and add a highlighted line animation
identical to the one used used by TextEditor.

(WebInspector.DOMTreeElement.prototype.subtreeBreakpointCountDidChange):
(WebInspector.DOMTreeElement.prototype.updateSelectionArea):
Selection area should be updated when animating the element highlight.
(WebInspector.DOMTreeElement.prototype.onreveal):
Animate highlight if needed.
(WebInspector.DOMTreeElement.prototype._updateBreakpointStatus):
(WebInspector.DOMTreeElement.prototype._statusImageClicked):
Do nothing when clicking the collapsed breakpoint marker.
(WebInspector.DOMTreeElement.prototype._statusImageContextmenu):
Add "Reveal Breakpoint" menu item. Reveals the first descendant
with at least one breakpoint.

(WebInspector.DOMTreeElement.prototype._highlightAnimationEnd):

  • UserInterface/Views/DOMTreeOutline.css:

(@keyframes dom-tree-outline-highlight-fadeout):
(.highlight .selection-area):
Styles for highlight fade animation.

  • UserInterface/Views/TreeElement.js:

(WebInspector.TreeElement.prototype.selfOrDescendant):

  • UserInterface/Views/TreeOutline.js:

(WebInspector.TreeOutline.prototype.selfOrDescendant):
Find a node matching a predicate.

3:07 PM Changeset in webkit [214843] by Matt Baker
  • 8 edits in trunk/Source/WebInspectorUI

Web Inspector: DetailsSection should hide header "options" when collapsed
https://bugs.webkit.org/show_bug.cgi?id=170029

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DOMNodeDetailsSidebarPanel.css:

(.sidebar > .panel.dom-node-details .details-section.dom-node-event-listeners > .header > .filter):
(.sidebar > .panel.dom-node-details .details-section.dom-node-event-listeners.collapsed > .header > .filter): Deleted.
DetailsSection is responsible for hiding options when collapsed.

  • UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger .details-section.paused-reason.collapsed > .header > .options):

  • UserInterface/Views/DetailsSection.css:

(body[dir=ltr] .details-section > .header > .options,):
(body[dir=ltr] .details-section > .header::before,):
(.details-section.collapsed > .header > .options):
(body[dir=ltr] .details-section > .header > :matches(label, .node-link, .go-to-arrow),): Deleted.
(.details-section.collapsed > .header > label): Deleted.
Removed unnecessary rules. The "options" class covers these cases.

  • UserInterface/Views/DetailsSection.js:

(WebInspector.DetailsSection.prototype.get titleElement):
(WebInspector.DetailsSection.prototype.set titleElement):
Added title element customization so that the hack used by ProbeSetDetailsSection
to get a link into the title can be removed. Yuck!

  • UserInterface/Views/ProbeSetDetailsSection.js:

(WebInspector.ProbeSetDetailsSection):
(WebInspector.ProbeSetDetailsSection.prototype._updateLinkElement):
Use the new DetailsSection title element setter.

  • UserInterface/Views/VisualStyleDetailsPanel.css:

(.sidebar > .panel.details.css-style .visual > .details-section .details-section > .header > .options):
(.sidebar > .panel.details.css-style .visual > .details-section .details-section > .header > .visual-style-section-clear): Deleted.
(.sidebar > .panel.details.css-style .visual > .details-section .details-section.collapsed > .header > .visual-style-section-clear,): Deleted.
Remove the "visual-style-section-clear" class, as it's no longer needed.

  • UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype._generateSection.createOptionsElement):
(WebInspector.VisualStyleDetailsPanel.prototype._generateSection):

3:06 PM Changeset in webkit [214842] by Chris Dumez
  • 3 edits
    2 adds in trunk

REGRESSION (r206744): CSS background-image in style attribute ignored when using createHTMLDocument method of DOM parsing
https://bugs.webkit.org/show_bug.cgi?id=170285
<rdar://problem/31378543>

Reviewed by Andy Estes.

Source/WebCore:

r206744 caused up to stop trying to resolve relative URLs when trying to load an image
referred to by CSS. We already try to resolve the relative URL when parsing the CSS
property so this will usually work fine. However, in the case when the CSS property
is parsed in detached document and then moved to another document, we will not have
the complete URL.

Test: fast/images/background-image-relative-url-changes-document.html

  • css/CSSImageValue.cpp:

(WebCore::CSSImageValue::loadImage):

LayoutTests:

Add layout test coverage.

  • fast/images/background-image-relative-url-changes-document-expected.html: Added.
  • fast/images/background-image-relative-url-changes-document.html: Added.
3:06 PM Changeset in webkit [214841] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebInspectorUI

Web Inspector: "Space" is not localizable in Timelines record button tooltips
https://bugs.webkit.org/show_bug.cgi?id=170420
<rdar://problem/30871371>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-03
Reviewed by Timothy Hatcher.

  • UserInterface/Base/LoadLocalizedStrings.js:

(WebInspector.unlocalizedString):
(WebInspector.UIString):

  • UserInterface/Base/Main.js:

Move UIString / unlocalizedString to LoadLocalizedString.js.
They may be needed before Main.js has introduced it.

  • UserInterface/Test/Test.js:

Provide a default implementaiton of unlocalizedString.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Models/KeyboardShortcut.js:

Most keys use a symbol to represent the key. "Space" was the one
exception, so use a localized string.

3:05 PM Changeset in webkit [214840] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Tooltip for close tab button should match Safari
https://bugs.webkit.org/show_bug.cgi?id=170417
<rdar://problem/31378423>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-04-03
Reviewed by Matt Baker.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Views/GeneralTabBarItem.js:

(WebInspector.GeneralTabBarItem):
Updated tooltip to match Safari's most descriptive tooltip.

2:26 PM Changeset in webkit [214839] by webkit@devinrousso.com
  • 3 edits in trunk/Source/WebInspectorUI

REGRESSION (r214354): Web Inspector: WebSocket connection icon obscures close content view icon
https://bugs.webkit.org/show_bug.cgi?id=170104

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/ResourceTreeElement.css:

(.item.resource.resource-type-websocket .status > .ready-state):
(.item.resource.resource-type-websocket:not(.selected) .status .ready-state.open):
(.tree-outline:not(:focus, .force-focus) .item.resource.resource-type-websocket.selected .status .ready-state.open):
(body:matches(.window-inactive, .window-docked-inactive) .item.resource.resource-type-websocket.selected .status .ready-state.open):
(.item.resource.resource-type-websocket:not(.selected) .status .ready-state.connecting):
(.tree-outline:not(:focus, .force-focus) .item.resource.resource-type-websocket.selected .status .ready-state.connecting):
(body:matches(.window-inactive, .window-docked-inactive) .item.resource.resource-type-websocket.selected .status .ready-state.connecting):
(.item.resource.resource-type-websocket .status > div): Deleted.
(.item.resource.resource-type-websocket:not(.selected) .status .open): Deleted.
(.tree-outline:not(:focus, .force-focus) .item.resource.resource-type-websocket.selected .status .open): Deleted.
(body:matches(.window-inactive, .window-docked-inactive) .item.resource.resource-type-websocket.selected .status .open): Deleted.
(.item.resource.resource-type-websocket:not(.selected) .status .connecting): Deleted.
(.tree-outline:not(:focus, .force-focus) .item.resource.resource-type-websocket.selected .status .connecting): Deleted.
(body:matches(.window-inactive, .window-docked-inactive) .item.resource.resource-type-websocket.selected .status .connecting): Deleted.

  • UserInterface/Views/WebSocketResourceTreeElement.js:

(WebInspector.WebSocketResourceTreeElement.prototype._updateConnectionStatus):
Apply an additional CSS class to the connection indicator element so that the styles can be
applied more specifically to just that element.

2:07 PM Changeset in webkit [214838] by fpizlo@apple.com
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

Move the Liveness<> adapters from AirLiveness.h to AirLivenessAdapter.h.

Rubber stamped by Keith Miller.

This will make it easier to write other code that uses those adapters.

(JSC::B3::Air::LivenessAdapter::LivenessAdapter): Deleted.
(JSC::B3::Air::LivenessAdapter::blockSize): Deleted.
(JSC::B3::Air::LivenessAdapter::forEachUse): Deleted.
(JSC::B3::Air::LivenessAdapter::forEachDef): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::numIndices): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::acceptsBank): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::acceptsRole): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::valueToIndex): Deleted.
(JSC::B3::Air::TmpLivenessAdapter::indexToValue): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::numIndices): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex): Deleted.
(JSC::B3::Air::StackSlotLivenessAdapter::indexToValue): Deleted.

  • b3/air/AirLivenessAdapter.h: Added.

(JSC::B3::Air::LivenessAdapter::LivenessAdapter):
(JSC::B3::Air::LivenessAdapter::blockSize):
(JSC::B3::Air::LivenessAdapter::forEachUse):
(JSC::B3::Air::LivenessAdapter::forEachDef):
(JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
(JSC::B3::Air::TmpLivenessAdapter::numIndices):
(JSC::B3::Air::TmpLivenessAdapter::acceptsBank):
(JSC::B3::Air::TmpLivenessAdapter::acceptsRole):
(JSC::B3::Air::TmpLivenessAdapter::valueToIndex):
(JSC::B3::Air::TmpLivenessAdapter::indexToValue):
(JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
(JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
(JSC::B3::Air::StackSlotLivenessAdapter::acceptsBank):
(JSC::B3::Air::StackSlotLivenessAdapter::acceptsRole):
(JSC::B3::Air::StackSlotLivenessAdapter::valueToIndex):
(JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):

2:03 PM Changeset in webkit [214837] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore/PAL

Unreviewed, attempt to fix build with libgcrypt < 1.7.0

  • pal/crypto/gcrypt/Utilities.h:
1:50 PM Changeset in webkit [214836] by fpizlo@apple.com
  • 5 edits in trunk/Source

WTF::Liveness should have an API that focuses on actions at instruction boundaries
https://bugs.webkit.org/show_bug.cgi?id=170407

Reviewed by Keith Miller.

Source/JavaScriptCore:

Adopt changes to the WTF::Liveness<> API. Instead of having separate functions for the
early/late versions of uses and defs, we now have just a use/def API. Those
automatically take care of eary/late issues as needed.

This reduces the API surface between WTF::Liveness<> and its clients, which makes it
easier to implement some other optimizations I'm thinking about.

  • b3/B3VariableLiveness.h:

(JSC::B3::VariableLivenessAdapter::forEachUse):
(JSC::B3::VariableLivenessAdapter::forEachDef):
(JSC::B3::VariableLivenessAdapter::forEachEarlyUse): Deleted.
(JSC::B3::VariableLivenessAdapter::forEachLateUse): Deleted.
(JSC::B3::VariableLivenessAdapter::forEachEarlyDef): Deleted.
(JSC::B3::VariableLivenessAdapter::forEachLateDef): Deleted.

  • b3/air/AirLiveness.h:

(JSC::B3::Air::LivenessAdapter::blockSize):
(JSC::B3::Air::LivenessAdapter::forEachUse):
(JSC::B3::Air::LivenessAdapter::forEachDef):
(JSC::B3::Air::LivenessAdapter::forEachEarlyUse): Deleted.
(JSC::B3::Air::LivenessAdapter::forEachLateUse): Deleted.
(JSC::B3::Air::LivenessAdapter::forEachEarlyDef): Deleted.
(JSC::B3::Air::LivenessAdapter::forEachLateDef): Deleted.

Source/WTF:

Change the Liveness<> API to handle early and late things in one lump inside forEachUse
and forEachDef functions. This reduces the amount of different functions that Liveness<>
expects from its adaptor. This makes it easier to implement optimizations that cache the
use/def behavior of each instruction boundary.

  • wtf/Liveness.h:

(WTF::Liveness::Liveness):
(WTF::Liveness::LocalCalc::execute):

1:44 PM Changeset in webkit [214835] by Brian Burg
  • 2 edits in trunk/Tools

run-safari should support launching with custom language and locale
https://bugs.webkit.org/show_bug.cgi?id=170397

Reviewed by Alexey Proskuryakov.

Hook up -AppleLanguages and -AppleLocale to command line options.

  • Scripts/webkitdirs.pm:

(printHelpAndExitForRunAndDebugWebKitAppIfNeeded):
(argumentsForRunAndDebugMacWebKitApp):

1:18 PM Changeset in webkit [214834] by wilander@apple.com
  • 2 edits in trunk/LayoutTests

Remove timeout expectations after bug fix
https://bugs.webkit.org/show_bug.cgi?id=168262

Unreviewed test gardening.

Remove timeout expectations after bug fix in
https://bugs.webkit.org/show_bug.cgi?id=170400

  • platform/wk2/TestExpectations:

Remove expected timeout for the first five test cases
under http/tests/loading/resourceLoadStatistics/.

1:08 PM Changeset in webkit [214833] by jmarcell@apple.com
  • 1 copy in tags/Safari-603.2.2

Tag Safari-603.2.2.

12:39 PM Changeset in webkit [214832] by Jonathan Bedard
  • 4 edits in trunk/Tools

webkitpy: Provide option to skip install
https://bugs.webkit.org/show_bug.cgi?id=170344

Reviewed by Alexey Proskuryakov.

Installing can take time for on device testing. Provide an option to skip install
and use whatever driver is currently installed on the device or simulator.

  • Scripts/webkitpy/port/base.py:

(Port.check_build): Do not check driver if skipping install.

  • Scripts/webkitpy/port/factory.py:

(platform_options): Add '--no-install' option.

  • Scripts/webkitpy/port/ios.py:

(IOSPort.setup_test_run): Check install option before installing.

12:35 PM Changeset in webkit [214831] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Do not set WebAVPlayerLayerView background to black in fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=170132
rdar://problem/30839278

Patch by Jeremy Jones <jeremyj@apple.com> on 2017-04-03
Reviewed by Tim Horton.

No new tests because no behavior change.

The black background on WebAVPlayerLayerView interferes with the fullscreen animation
and has been removed.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::enterFullscreen):
(WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard):

12:08 PM Changeset in webkit [214830] by Antti Koivisto
  • 4 edits
    2 adds in trunk

REGRESSION (r207669): FileMaker Pro Help pages do not render correctly
https://bugs.webkit.org/show_bug.cgi?id=170402
<rdar://problem/31004344>

Reviewed by Simon Fraser.

Source/WebCore:

If a new stylesheet load is started from the load event the document.styleSheets does not
always reflect the already loaded stylesheets.

Test: fast/css/document-stylesheets-dynamic.html

  • style/StyleScope.cpp:

(WebCore::Style::Scope::updateActiveStyleSheets):

Remove an old optimization where we would not update active stylesheets if there were pending
(head) stylesheet loads and they had not been updated already.
This is probably not a valuable optimization anymore with the new lazy stylesheet update strategy.

  • style/StyleScope.h:

LayoutTests:

  • fast/css/document-stylesheets-dynamic-expected.html: Added.
  • fast/css/document-stylesheets-dynamic.html: Added.
12:07 PM Changeset in webkit [214829] by andersca@apple.com
  • 7 edits in trunk/Source

Tweak ApplePaySession API
https://bugs.webkit.org/show_bug.cgi?id=170409
rdar://problem/31405459

Reviewed by Tim Horton.

Source/WebCore:

Rename "address" to "addressLines". Add "postalAddress". Reorder the ApplePayError constructor parameters.

  • Modules/applepay/ApplePayError.cpp:

(WebCore::ApplePayError::create):
(WebCore::ApplePayError::ApplePayError):

  • Modules/applepay/ApplePayError.h:
  • Modules/applepay/ApplePayError.idl:
  • Modules/applepay/PaymentRequest.h:

Source/WebKit2:

Update for WebCore changes.

  • UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:

(WebKit::toNSError):

12:04 PM Changeset in webkit [214828] by sbarati@apple.com
  • 7 edits
    9 adds in trunk/PerformanceTests

Add a new test to ARES6
https://bugs.webkit.org/show_bug.cgi?id=170077

Rubber stamped by Filip Pizlo.

This patch adds a new test to ARES6. The test is called Babylon. Babylon is
the JavaScript parser that is part of the Babel transpiler. The test runs
the parser on 4 different JS scripts.

  • ARES-6/Babylon: Added.
  • ARES-6/Babylon/AUTHORS: Added.
  • ARES-6/Babylon/air-blob.js: Added.

(Reg):
(Reg.fromReg):
(Reg.prototype.get index):
(Reg.prototype.get type):
(Reg.prototype.get name):
(Reg.prototype.get isCalleeSave):
(Reg.prototype.get isReg):
(Reg.prototype.hash):
(Reg.prototype.toString):
(Reg.extract):
(Reg.forEachFast):
(Reg.forEach):
(newGPR):
(Reg.gprs.Reg.fprs.Reg.calleeSaveGPRs.Reg.calleeSaveFPRs.Reg.calleeSaves):

  • ARES-6/Babylon/babylon-blob.js: Added.

(export.default.Parser):
(export.default.Parser.prototype.isReservedWord):
(export.default.Parser.prototype.hasPlugin):
(export.default.Parser.prototype.extend):
(export.default.Parser.prototype.loadPlugins):
(export.default.Parser.prototype.parse):

  • ARES-6/Babylon/basic-blob.js: Added.

(Basic.NumberApply):
(Basic.Variable):
(Basic.Const):
(Basic.NumberPow):
(Basic.NumberMul):
(Basic.NumberDiv):
(Basic.NumberNeg):
(Basic.NumberAdd):
(Basic.NumberSub):
(Basic.StringVar):
(Basic.Equals):
(Basic.NotEquals):
(Basic.LessThan):
(Basic.GreaterThan):
(Basic.LessEqual):
(Basic.GreaterEqual):
(Basic.GoTo):
(Basic.GoSub):
(Basic.Def):
(Basic.Let):
(Basic.If):
(Basic.Return):
(Basic.Stop):
(Basic.On):
(sideState.shouldStop):
(Basic.For):
(Basic.Next):
(Basic.Print):
(Basic.Input):
(Basic.Read):
(Basic.Restore):
(Basic.Dim):
(Basic.Randomize):
(Basic.End):
(Basic.Program):

  • ARES-6/Babylon/benchmark.js: Added.

(this.performance.performance.now.currentTime):
(else.this.preciseTime.currentTime):
(else.currentTime):
(BabylonBenchmark.appendSource):
(BabylonBenchmark):
(BabylonBenchmark.prototype.runIteration.parse):
(BabylonBenchmark.prototype.runIteration.parseExpression):
(BabylonBenchmark.prototype.runIteration):
(runBenchmark):

  • ARES-6/Babylon/index.js: Added.

(isIdentifierStart):
(isIdentifierChar):
(isNewLine):
(Position):
(SourceLocation):
(getLineInfo):
(TokenType):
(KeywordTokenType):
(BinopTokenType):
(TokContext):
(tt.parenR.updateContext.tt.braceR.updateContext):
(tt.name.updateContext):
(tt.braceL.updateContext):
(tt.dollarBraceL.updateContext):
(tt.parenL.updateContext):
(tt.incDec.updateContext):
(tt._function.updateContext):
(tt.backQuote.updateContext):
(State.prototype.init):
(State.prototype.curPosition):
(State.prototype.clone):
(State):
(Token):
(codePointToString):
(Tokenizer):
(Tokenizer.prototype.next):
(Tokenizer.prototype.eat):
(Tokenizer.prototype.match):
(Tokenizer.prototype.isKeyword):
(Tokenizer.prototype.lookahead):
(Tokenizer.prototype.setStrict):
(Tokenizer.prototype.curContext):
(Tokenizer.prototype.nextToken):
(Tokenizer.prototype.readToken):
(Tokenizer.prototype.fullCharCodeAtPos):
(Tokenizer.prototype.pushComment):
(Tokenizer.prototype.skipBlockComment):
(Tokenizer.prototype.skipLineComment):
(Tokenizer.prototype.skipSpace):
(Tokenizer.prototype.finishToken):
(Tokenizer.prototype.readToken_dot):
(Tokenizer.prototype.readToken_slash):
(Tokenizer.prototype.readToken_mult_modulo):
(Tokenizer.prototype.readToken_pipe_amp):
(Tokenizer.prototype.readToken_caret):
(Tokenizer.prototype.readToken_plus_min):
(Tokenizer.prototype.readToken_lt_gt):
(Tokenizer.prototype.readToken_eq_excl):
(Tokenizer.prototype.getTokenFromCode):
(Tokenizer.prototype.finishOp):
(Tokenizer.prototype.readRegexp):
(Tokenizer.prototype.readInt):
(Tokenizer.prototype.readRadixNumber):
(Tokenizer.prototype.readNumber):
(Tokenizer.prototype.readCodePoint):
(Tokenizer.prototype.readString):
(Tokenizer.prototype.readTmplToken):
(Tokenizer.prototype.readEscapedChar):
(Tokenizer.prototype.readHexChar):
(Tokenizer.prototype.readWord1):
(Tokenizer.prototype.readWord):
(Tokenizer.prototype.braceIsBlock):
(Tokenizer.prototype.updateContext):
(getOptions):
(prototype.isReservedWord):
(prototype.hasPlugin):
(prototype.extend):
(prototype.loadPlugins):
(prototype.parse):
(last):
(pp.addComment):
(pp.processComment):
(pp.checkPropClash):
(pp.getExpression):
(pp.parseExpression):
(pp.parseMaybeAssign):
(pos.set i):

  • ARES-6/Babylon/inspector-blob.js: Added.

(WebInspector.ScriptSyntaxTree):
(WebInspector.ScriptSyntaxTree.prototype.get parsedSuccessfully):
(WebInspector.ScriptSyntaxTree.prototype.forEachNode):
(WebInspector.ScriptSyntaxTree.prototype.filter):
(WebInspector.ScriptSyntaxTree.prototype.containersOfOffset):
(WebInspector.ScriptSyntaxTree.prototype.filterByRange.filterForNodesInRange):
(WebInspector.ScriptSyntaxTree.prototype.filterByRange):
(WebInspector.ScriptSyntaxTree.prototype.containsNonEmptyReturnStatement.removeFunctionsFilter):
(WebInspector.ScriptSyntaxTree.prototype.containsNonEmptyReturnStatement):
(WebInspector.ScriptSyntaxTree.functionReturnDivot):
(WebInspector.ScriptSyntaxTree.prototype.updateTypes):
(WebInspector.ScriptSyntaxTree.prototype._gatherIdentifiersInDeclaration.gatherIdentifiers):
(WebInspector.ScriptSyntaxTree.prototype._gatherIdentifiersInDeclaration):
(WebInspector.ScriptSyntaxTree.prototype._defaultParserState):
(WebInspector.ScriptSyntaxTree.prototype._recurse):
(WebInspector.ScriptSyntaxTree.prototype._recurseArray):
(WebInspector.ScriptSyntaxTree.prototype._createInternalSyntaxTree):

  • ARES-6/about.html:
  • ARES-6/babylon_benchmark.js: Added.
  • ARES-6/cli.js:
  • ARES-6/glue.js:
  • ARES-6/index.html:
  • ARES-6/results.js:

(Results.prototype.reportResult):
(Results.prototype.reportResult.averageAbovePercentile): Deleted.

  • ARES-6/styles.css:

(.test):
(@media only screen and (max-width: 784px)):

11:55 AM Changeset in webkit [214827] by fpizlo@apple.com
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

Inst::forEachArg could compile to more compact code
https://bugs.webkit.org/show_bug.cgi?id=170406

Reviewed by Sam Weinig.

Prior to this change, Inst::forEachArg compiled to a ginormous ALWAYS_INLINE switch statement.
It had one case for each opcode, and then each of those cases would have a switch statement over
the number of operands. Then the cases of that switch statement would have a sequence of calls to
the passed lambda. This meant that every user of forEachArg would generate an insane amount of
code. It also meant that the inlining achieved nothing, since the lambda would surely then not
be inlined - and if it was, then the icache pressure due to code bloat would surely negate any
benefits.

This replaces that code with a loop over a compact look-up table. We use the opcode and number of
operands as keys into that look-up table. The table only takes about 20KB. It has one byte for
each argument in each overload of each opcode.

I can't measure any reproducible change in performance, but the JavaScriptCore framework binary
shrinks by 2.7 MB. This is a 15% reduction in JavaScriptCore binary size.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • b3/B3Width.h:
  • b3/air/AirCustom.h:

(JSC::B3::Air::PatchCustom::forEachArg):

  • b3/air/AirFormTable.h: Added.

(JSC::B3::Air::decodeFormRole):
(JSC::B3::Air::decodeFormBank):
(JSC::B3::Air::decodeFormWidth):

  • b3/air/AirInst.h:
  • b3/air/opcode_generator.rb:
11:44 AM Changeset in webkit [214826] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

WebAssembly: remove lastAllocatedMode from Memory
https://bugs.webkit.org/show_bug.cgi?id=170405

Reviewed by Mark Lam.

It's not used anymore so there isn't any point in keeping it around.

  • wasm/WasmMemory.cpp:

(JSC::Wasm::Memory::createImpl):
(JSC::Wasm::Memory::lastAllocatedMode): Deleted.

  • wasm/WasmMemory.h:
11:40 AM Changeset in webkit [214825] by zandobersek@gmail.com
  • 5 edits in trunk/Source/WebCore

[GCrypt] Implement CryptoKeyEC::keySizeInBits(), ::platformGeneratePair()
https://bugs.webkit.org/show_bug.cgi?id=170345

Reviewed by Michael Catanzaro.

Source/WebCore:

Start implementing the libgcrypt-based platform bits of CryptoKeyEC.

Implement keySizeInBits() by returning the appropriate size for this
object's curve type. An assertion is added to ensure that this size
matches the one that's returned by gcry_pk_get_nbits() for this
object's EC key as represented by the m_platformKey gcry_sexp_t object.

Implement platformGeneratePair() by constructing a genkey s-expression
that requests a generation of an EC key for the specified curve type.
The s-expression is then passed to gcry_pk_genkey(), and the public
and private key data is then retrieved from the returned s-expression
upon success and used to create the public and private CryptoKeyEC
objects.

The PlatformECKey type alias is changed to match gcry_sexp_t. The
CryptoKeyEC destructor releases the gcry_sexp_t object through
a PAL::GCrypt::HandleDeleter<gcry_sexp_t> instance.

The method definitions in the CryptoKeyECGCrypt.cpp file are also
sorted to match the declaration order in the header.

No new tests -- current ones cover this sufficiently, but are not yet
enabled due to other missing platform-specific SUBTLE_CRYPTO
implementations.

  • crypto/gcrypt/CryptoKeyECGCrypt.cpp:

(WebCore::curveSize):
(WebCore::curveName):
(WebCore::CryptoKeyEC::~CryptoKeyEC):
(WebCore::CryptoKeyEC::keySizeInBits):
(WebCore::CryptoKeyEC::platformGeneratePair):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportRaw):
(WebCore::CryptoKeyEC::platformAddFieldElements):
(WebCore::CryptoKeyEC::platformExportSpki):

  • crypto/keys/CryptoKeyEC.h:

Source/WebCore/PAL:

  • pal/crypto/gcrypt/Handle.h:

(PAL::GCrypt::HandleDeleter<gcry_sexp_t>::operator()): Add a HandleDeleter
specialization for the gcry_sexp_t type.

11:38 AM Changeset in webkit [214824] by keith_miller@apple.com
  • 55 edits
    13 adds
    5 deletes in trunk

WebAssembly: Update spec tests
https://bugs.webkit.org/show_bug.cgi?id=170361

Rubber-stamped by Saam Barati.

JSTests:

Update the spec tests to run tests generated by the newer spec
test builder wasm-spec/test/builder.py. This patch also adds the
necessary harness code in spec-harness.js so we can run the tests.

  • wasm.yaml:
  • wasm/import-spec-tests.rb:
  • wasm/spec-harness.js: Added.

(import.string_appeared_here.then):
(test):
(promise_test):
(let.assert_unreached):

  • wasm/spec-harness/index.js: Added.

(let.testNum):
(assertThrows):
(_assert):
(ValueResult):
(ErrorResult):
(Result.prototype.isError):
(binary):
(module):
(uniqueTest):
(assert_invalid):
(assert_soft_invalid):
(register):
(call):
(get instance):
(exports):
(run):
(assert_unlinkable):
(assert_uninstantiable):
(assert_trap):
(try.f):
(catch):
(assert_exhaustion):
(assert_return):
(assert_return_nan):

  • wasm/spec-harness/testharness.css: Added.

(html):
(#log .warning,):
(#log .error,):
(section#summary):
(table#results):
(table#results th:first-child,):
(table#results th:last-child,):
(table#results.assertions th:last-child,):
(table#results th):
(table#results td):
(tr.pass > td:first-child):
(tr.fail > td:first-child):
(tr.timeout > td:first-child):
(tr.notrun > td:first-child):
(.pass > td:first-child, .fail > td:first-child, .timeout > td:first-child, .notrun > td:first-child):
(table#results span):
(table#results span.expected):
(table#results span.actual):
(span.ok):
(tr.error):
(span.timeout):
(span.ok, span.timeout, span.error):

  • wasm/spec-harness/testharness.js: Added.

(WindowTestEnvironment):
(WindowTestEnvironment.prototype._dispatch):
(WindowTestEnvironment.prototype._forEach_windows):
(WindowTestEnvironment.prototype.on_tests_ready):
(WindowTestEnvironment.prototype.setup_messages):
(WindowTestEnvironment.prototype.next_default_test_name):
(WindowTestEnvironment.prototype.on_new_harness_properties):
(WindowTestEnvironment.prototype.add_on_loaded_callback):
(WindowTestEnvironment.prototype.test_timeout):
(WindowTestEnvironment.prototype.global_scope):
(WorkerTestEnvironment):
(WorkerTestEnvironment.prototype._dispatch):
(WorkerTestEnvironment.prototype._add_message_port):
(WorkerTestEnvironment.prototype.next_default_test_name):
(WorkerTestEnvironment.prototype.on_new_harness_properties):
(WorkerTestEnvironment.prototype.on_tests_ready):
(WorkerTestEnvironment.prototype.add_on_loaded_callback):
(WorkerTestEnvironment.prototype.test_timeout):
(WorkerTestEnvironment.prototype.global_scope):
(DedicatedWorkerTestEnvironment):
(DedicatedWorkerTestEnvironment.prototype.on_tests_ready):
(SharedWorkerTestEnvironment):
(SharedWorkerTestEnvironment.prototype.on_tests_ready):
(ServiceWorkerTestEnvironment):
(ServiceWorkerTestEnvironment.prototype.add_on_loaded_callback):
(create_test_environment):
(is_shared_worker):
(is_service_worker):
(test):
(async_test):
(promise_test):
(this.wait_for):
(EventWatcher):
(setup):
(done):
(generate_tests):
(step_timeout):
(truncate):
(is_node):
(format_value):

  • wasm/spec-harness/testharnessreport.js: Added.
  • wasm/spec-harness/wasm-constants.js: Added.

(bytes):
(bytesWithHeader):
(makeSig):
(makeSig_v_x):
(makeSig_v_xx):
(makeSig_r_v):
(makeSig_r_x):
(makeSig_r_xx):
(assertTraps):
(assertWasmThrows):

  • wasm/spec-harness/wasm-module-builder.js: Added.

(Binary.prototype.emit_u8):
(Binary.prototype.emit_u16):
(Binary.prototype.emit_u32):
(Binary.prototype.emit_u32v):
(Binary.prototype.emit_bytes):
(Binary.prototype.emit_string):
(Binary.prototype.emit_header):
(Binary.prototype.emit_section):
(Binary):
(WasmFunctionBuilder):
(WasmFunctionBuilder.prototype.exportAs):
(WasmFunctionBuilder.prototype.exportFunc):
(WasmFunctionBuilder.prototype.addBody):
(WasmFunctionBuilder.prototype.addLocals):
(WasmFunctionBuilder.prototype.end):
(WasmGlobalBuilder):
(WasmGlobalBuilder.prototype.exportAs):
(WasmModuleBuilder):
(WasmModuleBuilder.prototype.addStart):
(WasmModuleBuilder.prototype.addMemory):
(WasmModuleBuilder.prototype.addExplicitSection):
(WasmModuleBuilder.prototype.addType):
(WasmModuleBuilder.prototype.addGlobal):
(WasmModuleBuilder.prototype.addFunction):
(WasmModuleBuilder.prototype.addImport):
(WasmModuleBuilder.prototype.addImportedGlobal):
(WasmModuleBuilder.prototype.addImportedMemory):
(WasmModuleBuilder.prototype.addImportedTable):
(WasmModuleBuilder.prototype.addExport):
(WasmModuleBuilder.prototype.addExportOfKind):
(WasmModuleBuilder.prototype.addDataSegment):
(WasmModuleBuilder.prototype.exportMemoryAs):
(WasmModuleBuilder.prototype.addFunctionTableInit):
(WasmModuleBuilder.prototype.appendToTable):
(WasmModuleBuilder.prototype.setFunctionTableLength):
(WasmModuleBuilder.prototype.toArray):
(WasmModuleBuilder.prototype.toBuffer):
(WasmModuleBuilder.prototype.instantiate):

  • wasm/spec-harness/wast.js: Added.

(normalize):
(require.else._registry.name):
(require):
(add_hex_char):
(add_char):
(string_with):
(list_of_opt):
(break_bytes.f):
(break_bytes):
(f):
(decls):
(func_type):
(limits):
(global_type):
(testop):
(relop):
(unop):
(binop):
(cvtop):
(oper):
(mem_size):
(extension):
(memop):
(storeop):
(var):
(constop):
(instr.else.switch.case.0.f):
(instr.else.switch.case.1.f.1):
(instr.else.switch.case.2.f.2):
(instr):
(func_with_name):
(func):
(start):
(table):
(memory):
(segment):
(elems):
(data):
(typedef):
(import_kind):
(import):
(export_kind):
(export):
(var_opt):
(is_func_import):
(is_table_import):
(is_memory_import):
(is_global_import):
(f.1):
(f.2):
(f.3):
(module_with_var_opt):
(module_):
(literal):
(definition):
(access):
(action):
(script):
(_registry.string_appeared_here):
(init):
(make_matrix):
(copy):
(append):
(sub):
(fill):
(blit):
(iter):
(map):
(iteri):
(mapi):
(to_list):
(list_length):
(of_list):
(fold_left):
(fold_right):
(maxson):
(trickle):
(bubble):
(trickleup):
(sort):
(merge):
(isortto):
(sortto):
(stable_sort):
(import_type):
(export_type):
(dims.n):
(dims.d.i):
(dims):
(map_file):
(create):
(of_array):
(slice_left):
(slice_right):
(slice_left_1):
(slice_right_1):
(slice_left_2):
(slice_right_2):
(array1_of_genarray):
(array2_of_genarray):
(array3_of_genarray):
(reshape_1):
(reshape_2):
(reshape_3):
(reshape):
():
(contents):
(to_bytes):
(nth):
(length):
(clear):
(reset):
(resize):
(add_substring):
(add_subbytes):
(add_string):
(add_bytes):
(add_buffer):
(add_channel):
(output_buffer):
(closing):
(advance_to_closing):
(advance_to_non_alpha):
(find_ident):
(add_substitute):
(make):
(to_string):
(of_string):
(sub_string):
(extend):
(blit_string):
(concat):
(cat):
(is_space):
(trim):
(escaped):
(uppercase):
(lowercase):
(apply1):
(capitalize):
(uncapitalize):
(index_rec):
(index):
(index_from):
(rindex_rec):
(rindex):
(rindex_from):
(contains_from):
(contains):
(rcontains_from):
(caml_array_sub):
(len):
(caml_array_concat):
(caml_make_vect):
(caml_array_blit):
(get if):
(caml_set_oo_id):
(get_id):
(caml_int32_float_of_bits):
(caml_int32_bits_of_float):
(caml_classify_float):
(caml_modf_float):
(caml_ldexp_float):
(caml_frexp_float):
(caml_copysign_float):
(caml_expm1_float):
(caml_hypot_float):
(caml_log10_float):
(caml_failwith):
(parse_digit):
(int_of_string_base):
(parse_sign_and_base):
(caml_int_of_string.aux):
(caml_int_of_string):
(caml_int64_of_string.aux):
(caml_int64_of_string):
(int_of_base):
(parse_format):
(finish_formatting):
(caml_format_int):
(caml_int64_format):
(caml_format_float):
(float_of_string):
(div):
(mod_):
(caml_bswap16):
(caml_int32_bswap):
(imul):
(neg_signed):
(not):
(eq):
(neg):
(lsl_):
(lsr_):
(asr_):
(is_zero):
(mul):
(swap):
(xor):
(or_):
(and_):
(ge):
(lt):
(gt):
(le):
(to_float):
(of_float):
(div_mod):
(compare):
(of_int32):
(to_int32):
(to_hex.aux):
(to_hex):
(discard_sign):
(float_of_bits):
(bits_of_float.to_nat):
(bits_of_float):
(get64):
(erase_rel):
(concat_fmtty):
(concat_fmt):
(create_char_set):
(add_in_char_set):
(rev_char_set):
(is_in_char_set):
(prec_of_prec_opt):
(param_format_of_ignored_format):
(buffer_check_size):
(buffer_add_char):
(buffer_add_string):
(buffer_contents):
(char_of_iconv):
(char_of_fconv):
(char_of_counter):
(print_char):
(set while.set var):
(set while.set else):
(set var):
(set else):
(set print_char):
(set if):
(bprint_padty):
(bprint_ignored_flag):
(bprint_pad_opt):
(bprint_padding):
(bprint_precision):
(bprint_iconv_flag):
(bprint_int_fmt):
(bprint_altint_fmt):
(bprint_fconv_flag):
(bprint_float_fmt):
(string_of_formatting_lit):
(string_of_formatting_gen):
(bprint_char_literal):
(bprint_string_literal):
(bprint_fmtty):
(int_of_custom_arity):
(bprint_fmt):
(string_of_fmt):
(symm):
(fmtty_rel_det):
(trans):
(fmtty_of_formatting_gen):
(fmtty_of_fmt):
(fmtty_of_custom):
(fmtty_of_padding_fmtty):
(fmtty_of_precision_fmtty):
(type_padding):
(type_padprec):
(type_ignored_param_one):
(type_format_gen):
(type_ignored_format_substitution):
(type_format):
(recast):
(fix_padding):
(fix_int_precision):
(string_to_caml_string):
(format_of_iconv):
(format_of_aconv):
(format_of_fconv):
(convert_int):
(convert_int32):
(convert_nativeint):
(convert_int64):
(else.is_valid):
(convert_float):
(format_caml_char):
(string_of_fmtty):
(else.switch.):
(else.switch.k.prime):
(else.switch.else.):
(else.switch.else.k.prime.1):
(make_printf):
(make_from_fmtty):
(make_invalid_arg):
(make_string_padding):
(make_int_padding_precision):
(make_custom):
(output_acc):
(bufput_acc):
(strput_acc):
(failwith_message.k):
(failwith_message):
(open_box_of_string.else.invalid_box):
(open_box_of_string.else.parse_spaces):
(open_box_of_string.else.parse_lword):
(open_box_of_string.else.parse_int):
(open_box_of_string):
(make_padding_fmt_ebb):
(make_precision_fmt_ebb):
(make_padprec_fmt_ebb):
(invalid_format_message):
(invalid_format_without):
(expected_character):
(compute_int_conv):
(incompatible_flag):
(parse_positive):
(parse_conv):
(parse_after_precision):
(else.parse_literal):
(parse_after_padding):
(parse_literal):
(parse_after_at):
(add_literal):
(parse_spaces):
(parse_integer):
(compute_float_conv):
(search_subformat_end):
(check_no_0):
(opt_of_pad):
(get_prec_opt):
(else.switch.case.99.char_format):
(else.switch.scan_format):
(parse_conversion):
(set_flag):
(parse_flags):
(is_int_base):
(counter_of_char):
(add_range):
(fail_single_percent):
(parse_char_set_after_char):
(parse_char_set_content):
(parse_char_set_start):
(parse_char_set):
(check_open_box):
(parse_tag):
(fmt_ebb_of_string):
(format_of_string_fmtty):
(format_of_string_format):
(caret):
(caml_ml_open_descriptor_in):
(caml_ml_open_descriptor_out):
(caml_ml_flush):
(node_std_output):
(caml_ml_output_char):
(caml_ml_input):
(caml_ml_input_char):
(caml_ml_out_channels_list):
(fail):
(caml_lex_array):
(caml_lex_engine):
(caml_lex_run_mem):
(caml_lex_run_tag):
(caml_new_lex_engine):
(caml_obj_dup):
(caml_obj_truncate):
(caml_lazy_make_forward):
(caml_update_dummy):
(caml_int_compare):
(caml_compare):
(caml_equal):
(caml_notequal):
(caml_greaterequal):
(caml_lessequal):
(else.aux):
(caml_get_public_method):
(caml_parse_engine):
(caml_set_parser_trace):
(js_string_of_char):
(caml_string_get):
(caml_create_string):
(caml_string_compare):
(caml_fill_string):
(caml_blit_string):
(caml_blit_bytes):
(bytes_of_string):
(bytes_to_string):
(caml_string_of_char_array):
(caml_is_printable):
(caml_string_get16):
(caml_string_get32):
(repeat):
(chr):
(app):
(js):
(curry_1):
(_1):
(js1):
(
1):
(curry_2):
(_2):
(js2):
(2):
(curry_3):
(_3):
(js3):
(
3):
(curry_4):
(_4):
(js4):
(4):
(curry_5):
(_5):
(js5):
(
5):
(curry_6):
(_6):
(js6):
(6):
(curry_7):
(_7):
(js7):
(
7):
(curry_8):
(_8):
(js8):
(8):
(stream):
(eos):
(skip):
(read):
(peek):
(string_of_byte):
(position):
(region):
(error):
(guard):
(get 1):
(get expect):
(get illegal):
(at):
(u32):
(u64):
(get require):
(vuN):
(get var):
(vsN):
(vu32):
(vs32):
(vs64):
(f32):
(f64):
(len32):
(string):
(opt):
(vec):
(sized):
(value_type):
(elem_type):
(stack_type):
(table_type):
(memory_type):
(mutability.get if):
(mutability):
(instr.get if):
(instr_block):
(const):
(id):
(section):
(type_section):
(import_kind.get if):
(import_section):
(func_section):
(table_section):
(memory_section):
(global):
(global_section):
(export_kind.get if):
(export_section):
(start_section):
(local):
(code):
(code_section):
(table_segment):
(elem_section):
(memory_segment):
(data_section):
(partial_arg.1):
(custom):
(custom_section):
(iterate):
(decode):
(patch):
(encode.u8):
(encode.u16):
(encode.u32):
(encode.vu64):
(encode.vs64):
(encode.vu32):
(encode.len):
(encode.bool):
(encode.string):
(encode.vec):
(encode.gap32):
(encode.patch_gap32):
(encode.value_type):
(encode.stack_type):
(encode.func_type):
(encode.limits):
(encode.table_type):
(encode.memory_type):
(encode.global_type):
(encode.memop):
(encode):
(encode.instr):
(encode.const):
(encode.section):
(encode.type_section):
(encode.import):
(encode.import_section):
(encode.func):
(encode.func_section):
(encode.table):
(encode.table_section):
(encode.memory):
(encode.memory_section):
(encode.global):
(encode.global_section):
(encode.export_kind):
(encode.export):
(encode.export_section):
(encode.start_section):
(encode.combine):
(encode.compress):
(encode.local):
(encode.code):
(encode.code_section):
(encode.segment):
(encode.table_segment):
(encode.elem_section):
(encode.memory_segment):
(encode.module_):
(Make.warn):
(Make.error):
(Make):
(print_nan_significand_digits):
(Make.of_bits):
(Make.to_bits):
(Make.is_nan):
(Make.canonicalize_nan):
(Make.determine_binary_nan):
(Make.determine_unary_nan):
(Make.binary):
(Make.unary):
(Make.add):
(Make.sub):
(Make.mul):
(Make.div):
(Make.sqrt):
(Make.ceil):
(Make.floor):
(Make.trunc):
(Make.nearest):
(Make.min):
(Make.max):
(Make.abs):
(Make.neg):
(Make.copysign):
(Make.eq):
(Make.ne):
(Make.lt):
(Make.gt):
(Make.le):
(Make.ge):
(Make.of_signless_string):
(Make.of_string):
(Make.to_string):
(add_queue):
(peek_queue):
(take_queue):
(pp_enqueue):
(pp_clear_queue):
(pp_output_string):
(break_new_line):
(break_same_line):
(pp_force_break_line):
(switch.add_tab):
(else.switch.find):
(format_pp_token):
(advance_left):
(enqueue_advance):
(enqueue_string_as):
(set_size):
(scan_push):
(pp_open_box_gen):
(pp_close_box):
(pp_open_tag):
(pp_close_tag):
(pp_set_print_tags):
(pp_set_mark_tags):
(pp_get_print_tags):
(pp_get_mark_tags):
(pp_set_tags):
(pp_get_formatter_tag_functions):
(pp_set_formatter_tag_functions):
(pp_rinit):
(pp_flush_queue):
(pp_print_as_size):
(pp_print_string):
(pp_print_int):
(pp_print_float):
(pp_print_bool):
(pp_open_hbox):
(pp_open_vbox):
(pp_open_hvbox):
(pp_open_hovbox):
(pp_open_box):
(pp_print_newline):
(pp_print_flush):
(pp_force_newline):
(pp_print_if_newline):
(pp_print_break):
(pp_print_space):
(pp_print_cut):
(pp_open_tbox):
(pp_close_tbox):
(pp_print_tbreak):
(pp_print_tab):
(pp_set_tab):
(pp_print_list):
(flush):
(pp_print_text):
(pp_set_max_boxes):
(pp_get_max_boxes):
(pp_over_max_boxes):
(pp_get_ellipsis_text):
(pp_limit):
(pp_set_max_indent):
(pp_get_max_indent):
(pp_set_margin):
(pp_get_margin):
(pp_set_formatter_out_functions):
(pp_get_formatter_out_functions):
(pp_set_formatter_output_functions):
(pp_get_formatter_output_functions):
(pp_set_all_formatter_output_functions):
(pp_get_all_formatter_output_functions):
(display_newline):
(display_blanks):
(state.16):
(state.17):
(state.18):
(state.19):
(pp_set_formatter_out_channel):
(default_pp_mark_open_tag):
(default_pp_mark_close_tag):
(default_pp_print_open_tag):
(default_pp_print_close_tag):
(pp_make_formatter):
(ppf.18):
(ppf.19):
(make_formatter):
(formatter_of_out_channel):
(formatter_of_buffer):
(flush_str_formatter):
(flush_buf_formatter):
(open_hbox):
(open_vbox):
(open_hvbox):
(open_hovbox):
(open_box):
(close_box):
(open_tag):
(close_tag):
(print_as):
(print_string):
(print_int):
(print_float):
(print_bool):
(print_cut):
(print_space):
(force_newline):
(print_flush):
(print_newline):
(print_if_newline):
(open_tbox):
(close_tbox):
(print_tbreak):
(set_tab):
(print_tab):
(set_margin):
(get_margin):
(set_max_indent):
(get_max_indent):
(set_max_boxes):
(get_max_boxes):
(over_max_boxes):
(set_ellipsis_text):
(get_ellipsis_text):
(set_formatter_out_channel):
(set_formatter_out_functions):
(get_formatter_out_functions):
(set_formatter_output_functions):
(get_formatter_output_functions):
(set_all_formatter_output_functions):
(get_all_formatter_output_functions):
(set_formatter_tag_functions):
(get_formatter_tag_functions):
(set_print_tags):
(get_print_tags):
(set_mark_tags):
(get_mark_tags):
(set_tags):
(compute_tag):
(output_formatting_lit):
(kfprintf):
(ikfprintf):
(fprintf):
(ifprintf):
(printf):
(eprintf):
(k.prime):
(ksprintf):
(sprintf):
(asprintf.k.prime):
(asprintf):
(k):
(bprintf):
(succ):
(pred):
(abs):
(lognot):
(Make.cmp_u):
(Make.divrem_u):
(Make.div_s):
(Make.div_u):
(Make.rem_s):
(Make.rem_u):
(Make.shift):
(Make.shl):
(Make.shr_s):
(Make.shr_u):
(Make.clamp_rotate_count):
(Make.rotl):
(Make.rotr):
(Make.loop):
(Make.clz):
(Make.ctz):
(Make.popcnt):
(Make.eqz):
(Make.lt_u):
(Make.le_u):
(Make.gt_u):
(Make.ge_u):
(Make.of_int_u):
(Make.to_string_u):
(Make.require):
(Make.dec_digit):
(Make.hex_digit):
(Make.parse_int):
(Make.of_string_s):
(Make.of_string_u):
(convert_pos):
(error_nest):
(text):
(intop):
(floatop):
(numop):
(memsz):
(ext):
(token.else.switch):
(token.else.switch.):
(token):
(
ocaml_lex_comment_rec):
(engine):
(new_engine):
(from_function):
(from_channel):
(from_string):
(lexeme):
(sub_lexeme):
(sub_lexeme_opt):
(sub_lexeme_char):
(sub_lexeme_char_opt):
(lexeme_char):
(lexeme_start):
(lexeme_end):
(lexeme_start_p):
(lexeme_end_p):
(new_line):
(flush_input):
(take):
(drop):
(last):
(split_last):
(index_of):
(index_of_int32):
(dim):
(set 1):
(get 2):
(log2):
(is_power_of_two):
(loop):
(breakup):
(hd):
(tl):
(rev_append):
(rev):
(flatten):
(rev_map):
(map2):
(rev_map2):
(iter2):
(fold_left2):
(fold_right2):
(for_all):
(exists):
(for_all2):
(exists2):
(mem):
(memq):
(assoc):
(assq):
(mem_assoc):
(mem_assq):
(remove_assoc):
(remove_assq):
(find):
(find_all):
(partition):
(split):
(combine):
(chop):
(rev_sort):
(sort_uniq):
(Make.height):
(Make.create):
(Make.singleton):
(Make.bal):
(Make.is_empty):
(Make.find):
(Make.mem):
(Make.min_binding):
(Make.max_binding):
(Make.remove_min_binding):
(Make.remove):
(Make.iter):
(Make.map):
(Make.mapi):
(Make.fold):
(Make.for_all):
(Make.exists):
(Make.add_min_binding):
(Make.add_max_binding):
(Make.join):
(Make.concat):
(Make.concat_or_join):
(Make.split):
(Make.merge):
(Make.filter):
(Make.partition):
(Make.cons_enum):
(Make.compare):
(Make.equal):
(Make.cardinal):
(Make.bindings_aux):
(Make.bindings):
(double_field):
(set_double_field):
(marshal):
(unmarshal):
(extension_slot):
(extension_name):
(extension_id):
(i32_const):
(i64_const):
(f32_const):
(f64_const):
(block):
(br):
(br_if):
(br_table):
(if_):
(call):
(call_indirect):
(get_local):
(set_local):
(tee_local):
(get_global):
(set_global):
(i32_load):
(i64_load):
(f32_load):
(f64_load):
(i32_load8_s):
(i32_load8_u):
(i32_load16_s):
(i32_load16_u):
(i64_load8_s):
(i64_load8_u):
(i64_load16_s):
(i64_load16_u):
(i64_load32_s):
(i64_load32_u):
(i32_store):
(i64_store):
(f32_store):
(f64_store):
(i32_store8):
(i32_store16):
(i64_store8):
(i64_store16):
(i64_store32):
(parse):
(string_to):
(string_to_script):
(string_to_module):
(parse_error):
(position_to_pos):
(positions_to_region):
(ati):
(nat):
(nat32):
(empty_context):
(enter_func):
(type_):
(lookup):
(label):
(anon_type):
(bind):
(bind_func):
(bind_local):
(bind_global):
(bind_table):
(bind_memory):
(anon):
(anon_func):
(anon_locals):
(anon_global):
(anon_table):
(anon_memory):
(anon_label):
(explicit_sig):
(inline_type):
(yyact):
(script1):
(module1):
(grow_stacks):
(clear_parser):
(current_lookahead_fun):
(catch.else.current_lookahead_fun.0):
(yyparse):
(peek_val):
(symbol_start_pos):
(symbol_end_pos):
(rhs_start_pos):
(rhs_end_pos):
(symbol_start):
(symbol_end):
(rhs_start):
(rhs_end):
(is_current_lookahead):
(failwith):
(invalid_arg):
(min):
(max):
(lnot):
(char_of_int):
(string_of_bool):
(bool_of_string):
(string_of_int):
(valid_float_lexem):
(string_of_float):
(open_out_gen):
(open_out):
(open_out_bin):
(flush_all):
(output_bytes):
(output_string):
(output):
(output_substring):
(output_value):
(close_out):
(close_out_noerr):
(open_in_gen):
(open_in):
(open_in_bin):
(input):
(else.r):
(unsafe_really_input):
(really_input):
(really_input_string):
(input_line.build_result):
(input_line.n):
(input_line.scan):
(input_line):
(close_in_noerr):
(print_bytes):
(print_endline):
(prerr_char):
(prerr_string):
(prerr_bytes):
(prerr_int):
(prerr_float):
(prerr_endline):
(prerr_newline):
(read_line):
(read_int):
(read_float):
(string_of_format):
(at_exit.exit_function.0):
(at_exit):
(do_at_exit):
(exit):
(output_binary_int):
(seek_out):
(pos_out):
(out_channel_length):
(set_binary_mode_out):
(input_binary_int):
(input_value):
(seek_in):
(pos_in):
(in_channel_length):
(close_in):
(set_binary_mode_in):
(LargeFile_000):
(LargeFile_001):
(LargeFile_002):
(LargeFile_003):
(LargeFile_004):
(LargeFile_005):
(kbprintf):
(plus):
(pp):
(print):
(string_of_pos):
(string_of_region):
(escaped.needs_escape):
(set_signal):
(catch_break):
(size):
(string_of_value_type):
(string_of_value_types):
(string_of_elem_type):
(string_of_limits):
(string_of_table_type):
(string_of_global_type):
(string_of_stack_type):
(string_of_func_type):
(type_of):
(default_value):
(value_of_bool):
(string_of_values):
(to_value):
(of_value):
(g):
(binary):
(bytes):

  • wasm/spec-tests/address.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/binary.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/block.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/br.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/br_if.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/br_table.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/break-drop.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/call.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/call_indirect.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/comments.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/conversions.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/custom_section.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/endianness.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/exports.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/f32.wast.js: Removed.
  • wasm/spec-tests/f32_cmp.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/f64.wast.js: Removed.
  • wasm/spec-tests/f64_cmp.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/fac.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/float_exprs.wast.js: Removed.
  • wasm/spec-tests/float_literals.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/float_memory.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/float_misc.wast.js: Removed.
  • wasm/spec-tests/forward.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/func.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/func_ptrs.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/get_local.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/globals.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/i32.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/i64.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/if.wast.js: Added.
  • wasm/spec-tests/imports.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/int_exprs.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/int_literals.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/jsapi.js: Added.

(testJSAPI.get test):
(testJSAPI.test):
(testJSAPI.set test):
(testJSAPI.assertCompileError):
(testJSAPI.assertCompileSuccess):
(testJSAPI):

  • wasm/spec-tests/labels.wast.js: Added.
  • wasm/spec-tests/left-to-right.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/linking.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/loop.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/memory.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/memory_redundancy.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/memory_trap.wast.js: Removed.
  • wasm/spec-tests/names.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/nop.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/resizing.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/return.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/select.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/set_local.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/skip-stack-guard-page.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/stack.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/start.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/store_retval.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/switch.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/tee_local.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/traps.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/typecheck.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/unreachable.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

  • wasm/spec-tests/unreached-invalid.wast.js: Added.
  • wasm/spec-tests/unwind.wast.js:

(register): Deleted.
(module): Deleted.
(instance): Deleted.
(assert_malformed): Deleted.
(assert_invalid): Deleted.
(assert_soft_invalid): Deleted.
(assert_unlinkable): Deleted.
(assert_uninstantiable): Deleted.
(assert_trap): Deleted.
(assert_return): Deleted.
(assert_return_nan): Deleted.

Tools:

Update the runner to know the new wasm spec test harness code.

  • Scripts/run-jsc-stress-tests:
11:36 AM Changeset in webkit [214823] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

[GCrypt] Implement AES_KW support
https://bugs.webkit.org/show_bug.cgi?id=170274

Reviewed by Michael Catanzaro.

Implement the CryptoAlgorithmAES_KW::platform{Wrap,Unwrap}Key()
functionality for configurations that use libgcrypt. This is done
by leveraging the gcry_cipher_* APIs for the AES algorithm that's
deducted appropriately from the key size and the AESWRAP cipher mode.

No new tests -- current ones cover this sufficiently, but are not yet
enabled due to other missing platform-specific SUBTLE_CRYPTO
implementations.

  • crypto/gcrypt/CryptoAlgorithmAES_KWGCrypt.cpp:

(WebCore::gcryptWrapKey):
(WebCore::gcryptUnwrapKey):
(WebCore::CryptoAlgorithmAES_KW::platformWrapKey):
(WebCore::CryptoAlgorithmAES_KW::platformUnwrapKey):

11:12 AM Changeset in webkit [214822] by zandobersek@gmail.com
  • 4 edits in trunk/Source/WebCore

[GCrypt] Implement AES_GCM support
https://bugs.webkit.org/show_bug.cgi?id=170271

Reviewed by Michael Catanzaro.

Source/WebCore:

Implement the CryptoAlgorithmAES_GCM::platform{Encrypt,Decrypt}
functionality for configurations that use libgcrypt. This is done
by leveraging the gcry_cipher_* APIs for the AES algorithm that's
deducted appropriately from the key size and the GCM cipher mode.

No new tests -- current ones cover this sufficiently, but are not yet
enabled due to other missing platform-specific SUBTLE_CRYPTO
implementations.

  • crypto/gcrypt/CryptoAlgorithmAES_GCMGCrypt.cpp:

(WebCore::gcryptEncrypt):
(WebCore::gcryptDecrypt):
(WebCore::CryptoAlgorithmAES_GCM::platformEncrypt):
(WebCore::CryptoAlgorithmAES_GCM::platformDecrypt):

Source/WebCore/PAL:

  • pal/crypto/gcrypt/Handle.h:

(PAL::GCrypt::HandleDeleter<gcry_cipher_hd_t>::operator()): Specialize
the HandleDeleter<> template for the gcry_cipher_hd_t type.

11:10 AM Changeset in webkit [214821] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

[GCrypt] Implement PBKDF2 support
https://bugs.webkit.org/show_bug.cgi?id=170270

Reviewed by Michael Catanzaro.

Implement the CryptoAlgorithmPBKDF2::platformDeriveBits() functionality
for configurations that use libgcrypt. This is done by leveraging the
gcry_kdf_derive() API, using GCRY_KDF_PBKDF2 as the preferred KDF
along with the properly deducted SHA algorithm.

No new tests -- current ones cover this sufficiently, but are not yet
enabled due to other missing platform-specific SUBTLE_CRYPTO
implementations.

  • crypto/gcrypt/CryptoAlgorithmPBKDF2GCrypt.cpp:

(WebCore::gcryptDeriveBits):
(WebCore::CryptoAlgorithmPBKDF2::platformDeriveBits):

11:00 AM Changeset in webkit [214820] by commit-queue@webkit.org
  • 3 edits in trunk/LayoutTests

LayoutTest pointer-lock/mouse-event-delivery.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=167965

Patch by Jeremy Jones <jeremyj@apple.com> on 2017-04-03
Reviewed by Jon Lee.

Wait for wheel event before doing next step of test. The wheel event is delivered asynchronously and
can therefore be delivered later than expected by the test. This is already done for the first one,
do this for the second one also.

  • platform/mac-wk2/TestExpectations:
  • pointer-lock/mouse-event-delivery.html:
10:51 AM Changeset in webkit [214819] by Simon Fraser
  • 6 edits
    8 adds in trunk

Clean up touch event handler registration when moving nodes between documents
https://bugs.webkit.org/show_bug.cgi?id=170384
rdar://problem/30816694

Reviewed by Chris Dumez.

Source/WebCore:

Make sure that Node::didMoveToNewDocument() does the correct unregistration on the
old document, and registration on the new document for nodes with touch event listeners,
and gesture event listeners. Touch "handler" nodes (those for overflow and sliders) are
already correctly moved via renderer-related teardown.

Add assertions that fire when removal was not complete.

Use references in more places.

Tests: fast/events/touch/ios/gesture-node-move-between-documents.html

fast/events/touch/ios/overflow-node-move-between-documents.html
fast/events/touch/ios/slider-node-move-between-documents.html
fast/events/touch/ios/touch-node-move-between-documents.html

  • dom/EventNames.h:

(WebCore::EventNames::gestureEventNames):

  • dom/Node.cpp:

(WebCore::Node::willBeDeletedFrom):
(WebCore::Node::didMoveToNewDocument):
(WebCore::tryAddEventListener):
(WebCore::tryRemoveEventListener):

  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::registerForTouchEvents):
(WebCore::SliderThumbElement::unregisterForTouchEvents):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::registerAsTouchEventListenerForScrolling):
(WebCore::RenderLayer::unregisterAsTouchEventListenerForScrolling):

LayoutTests:

Tests for moving nodes with various listener/handler combinations between documents.

  • fast/events/touch/ios/gesture-node-move-between-documents-expected.txt: Added.
  • fast/events/touch/ios/gesture-node-move-between-documents.html: Added.
  • fast/events/touch/ios/overflow-node-move-between-documents-expected.txt: Added.
  • fast/events/touch/ios/overflow-node-move-between-documents.html: Added.
  • fast/events/touch/ios/slider-node-move-between-documents-expected.txt: Added.
  • fast/events/touch/ios/slider-node-move-between-documents.html: Added.
  • fast/events/touch/ios/touch-node-move-between-documents-expected.txt: Added.
  • fast/events/touch/ios/touch-node-move-between-documents.html: Added.
10:40 AM Changeset in webkit [214818] by Carlos Garcia Campos
  • 4 edits
    9 adds in releases/WebKitGTK/webkit-2.16

Merge r214807 - [SOUP] URI Fragment is lost after redirect
https://bugs.webkit.org/show_bug.cgi?id=170058

Reviewed by Michael Catanzaro.

Source/WebKit2:

In case of redirection check if the current request has a fragment identifier and apply it to the redirection
only when it doesn't have a fragment identifier yet.

  • NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::NetworkDataTaskSoup):
(WebKit::NetworkDataTaskSoup::createRequest):
(WebKit::NetworkDataTaskSoup::continueHTTPRedirection):

  • NetworkProcess/soup/NetworkDataTaskSoup.h:

LayoutTests:

Add tests to check we correctly handle fragment identifiers on server redirections.

  • http/tests/navigation/redirect-preserves-fragment-expected.txt: Added.
  • http/tests/navigation/redirect-preserves-fragment.html: Added.
  • http/tests/navigation/redirect-to-fragment-expected.txt: Added.
  • http/tests/navigation/redirect-to-fragment.html: Added.
  • http/tests/navigation/redirect-to-fragment2-expected.txt: Added.
  • http/tests/navigation/redirect-to-fragment2.html: Added.
  • http/tests/navigation/resources/redirect-preserves-fragment.php: Added.
  • http/tests/navigation/resources/redirect-to-fragment.php: Added.
  • http/tests/navigation/resources/redirect-to-fragment2.php: Added.
  • platform/ios/TestExpectations:
  • platform/mac/TestExpectations:
10:38 AM Changeset in webkit [214817] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214732 - Share implementation of JSRunLoopTimer::timerDidFire
https://bugs.webkit.org/show_bug.cgi?id=170392

Reviewed by Michael Catanzaro.

The code is cross-platform but it's duplicated in CF and GLib implementations, it could be shared instead.

  • runtime/JSRunLoopTimer.cpp:

(JSC::JSRunLoopTimer::timerDidFire): Move common implementation here.
(JSC::JSRunLoopTimer::setRunLoop): Use timerDidFireCallback.
(JSC::JSRunLoopTimer::timerDidFireCallback): Call JSRunLoopTimer::timerDidFire().

  • runtime/JSRunLoopTimer.h:
10:32 AM Changeset in webkit [214816] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214726 - Long Arabic text in ContentEditable with css white-space=pre hangs Safari
https://bugs.webkit.org/show_bug.cgi?id=170245

Reviewed by Myles C. Maxfield.

While searching for mid-word break, we measure the text by codepoints in a loop until the accumulated width > available width.
When we see that the accumulated width for the individual codepoints overflows, we join the codepoints and re-measure them.
These 2 widths could be considerably different for number of reasons (ligatures is a prime example). When we figure that
the run still fits, we go back to the main loop (since we are not supposed to wrap the line here) and take the next codepoint.
However this time we start the measurement from the last whitespace, so we end up remeasuring a potentially long chuck of text
until we hit the wrapping point. This is way too expensive.
This patch changes the logic so that we just go back to measuring individual codepoints until we hit the constrain again.

Covered by existing tests.

  • rendering/line/BreakingContext.h:

(WebCore::BreakingContext::handleText): canUseSimpleFontCodePath() is just to mitigate the potential risk of regression and
complex text is more likely to fall into this category.

10:29 AM Changeset in webkit [214815] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214714 - Object with numerical keys with gaps gets filled by NaN values
https://bugs.webkit.org/show_bug.cgi?id=164412

Reviewed by Mark Lam.

This patch fixes issue when object have two properties
with name as number. The issue appears when during invoking
convertDoubleToArrayStorage, array is filled by pNaN and
method converting it to real NaN. This happeneds because a
pNaN in a Double array is a hole, and Double arrays cannot
have NaN values. To fix issue we need to check value and
clear it if it pNaN.

Source/JavaScriptCore:

  • runtime/JSObject.cpp:

(JSC::JSObject::convertDoubleToArrayStorage):

JSTests:

  • stress/object-number-properties.js: Added.
10:24 AM Changeset in webkit [214814] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214684 - Array.prototype.splice() should not be using JSArray::tryCreateForInitializationPrivate().
https://bugs.webkit.org/show_bug.cgi?id=170303
<rdar://problem/31358281>

Reviewed by Filip Pizlo.

This is because it needs to call getProperty() later to get the values for
initializing the array. getProperty() can execute arbitrary code and potentially
trigger the GC. This is not allowed for clients of JSArray::tryCreateForInitializationPrivate().

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSplice):
(JSC::copySplicedArrayElements): Deleted.

10:23 AM Changeset in webkit [214813] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r214666 - Modern media controls should never be enabled in non cocoa ports
https://bugs.webkit.org/show_bug.cgi?id=170338

Reviewed by Michael Catanzaro.

It's currently enabled, because it uses the default value for all other runtime features, but modern media
controls are not a cross-platform feature. I think this is why media/video-click-dblckick-standalone.html
started to fail in GTK+ port after r214426. I can't reprouduce the failure locally, so I can't confirm it,
though.

  • Shared/WebPreferencesDefinitions.h:
10:20 AM Changeset in webkit [214812] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214637 - IntlObject should not be using JSArray::initializeIndex().
https://bugs.webkit.org/show_bug.cgi?id=170302
<rdar://problem/31356918>

Reviewed by Saam Barati.

JSArray::initializeIndex() is only meant to be used with arrays created using
JSArray::tryCreateForInitializationPrivate() under very constrained conditions.

  • runtime/IntlObject.cpp:

(JSC::canonicalizeLocaleList):
(JSC::intlObjectFuncGetCanonicalLocales):

10:15 AM Changeset in webkit [214811] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214618 - [Crash] WebCore::AudioBuffer::AudioBuffer don't checking illegal value
https://bugs.webkit.org/show_bug.cgi?id=169956

Reviewed by Youenn Fablet.

Source/WebCore:

Test: webaudio/audiobuffer-crash.html

  • Modules/webaudio/AudioBuffer.cpp:

(WebCore::AudioBuffer::AudioBuffer): Invalidate the object and return early if the channel
array allocation fails.
(WebCore::AudioBuffer::AudioBuffer): Ditto.
(WebCore::AudioBuffer::invalidate): Invalidate the object.

  • Modules/webaudio/AudioBuffer.h:

LayoutTests:

  • webaudio/audiobuffer-crash-expected.txt: Added.
  • webaudio/audiobuffer-crash.html: Added.
10:12 AM Changeset in webkit [214810] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214599 - Disconnecting a HTMLObjectElement does not always unload its content document
https://bugs.webkit.org/show_bug.cgi?id=169606

Reviewed by Andy Estes.

Source/WebCore:

When removing a node, we first disconnect all subframes then update the focused element as we remove each child.
However, when the removed element is a focused object element with a content document, removeFocusedNodeOfSubtree
can update the style tree synchronously inside Document::setFocusedElement, and reload the document.

Avoid this by instantiating a SubframeLoadingDisabler on the parent of the focused element.

Test: fast/dom/removing-focused-object-element.html

  • dom/Document.cpp:

(WebCore::Document::removeFocusedNodeOfSubtree):

LayoutTests:

Add a regression test.

  • fast/dom/removing-focused-object-element-expected.txt: Added.
  • fast/dom/removing-focused-object-element.html: Added.
10:10 AM Changeset in webkit [214809] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214588 - RenderBlockFlow::addFloatsToNewParent should check if float is already added to the object list.
https://bugs.webkit.org/show_bug.cgi?id=170259
<rdar://problem/31300584>

Reviewed by Simon Fraser.

Source/WebCore:

r210145 assumed that m_floatingObjects would simply ignore the floating box if it was already in the list.

Test: fast/block/float/placing-multiple-floats-crash.html

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::addFloatsToNewParent):

LayoutTests:

  • fast/block/float/placing-multiple-floats-crash-expected.txt: Added.
  • fast/block/float/placing-multiple-floats-crash.html: Added.
10:09 AM Changeset in webkit [214808] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214510 - Only attach Attributes to a given element one time
https://bugs.webkit.org/show_bug.cgi?id=170125
<rdar://problem/31279676>

Reviewed by Chris Dumez.

Source/WebCore:

Attach the attribute node to the Element before calling 'setAttributeInternal', since that method may cause
arbitrary JavaScript events to fire.

Test: fast/dom/Attr/only-attach-attr-once.html

  • dom/Element.cpp:

(WebCore::Element::attachAttributeNodeIfNeeded): Added.
(WebCore::Element::setAttributeNode): Use new method. Revise to attach attribute before calling 'setAttributeInternal'.
(WebCore::Element::setAttributeNodeNS): Ditto.

  • dom/Element.h:

LayoutTests:

  • fast/dom/Attr/make-unique-element-data-while-replacing-attr-expected.txt: Rebaselined.
  • fast/dom/Attr/make-unique-element-data-while-replacing-attr.html: Add check before setting new value.
  • fast/dom/Attr/only-attach-attr-once-expected.txt: Added.
  • fast/dom/Attr/only-attach-attr-once.html: Added.
10:08 AM Changeset in webkit [214807] by Carlos Garcia Campos
  • 6 edits
    9 adds in trunk

[SOUP] URI Fragment is lost after redirect
https://bugs.webkit.org/show_bug.cgi?id=170058

Reviewed by Michael Catanzaro.

Source/WebKit2:

In case of redirection check if the current request has a fragment identifier and apply it to the redirection
only when it doesn't have a fragment identifier yet.

  • NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::NetworkDataTaskSoup):
(WebKit::NetworkDataTaskSoup::createRequest):
(WebKit::NetworkDataTaskSoup::continueHTTPRedirection):

  • NetworkProcess/soup/NetworkDataTaskSoup.h:

LayoutTests:

Add tests to check we correctly handle fragment identifiers on server redirections.

  • http/tests/navigation/redirect-preserves-fragment-expected.txt: Added.
  • http/tests/navigation/redirect-preserves-fragment.html: Added.
  • http/tests/navigation/redirect-to-fragment-expected.txt: Added.
  • http/tests/navigation/redirect-to-fragment.html: Added.
  • http/tests/navigation/redirect-to-fragment2-expected.txt: Added.
  • http/tests/navigation/redirect-to-fragment2.html: Added.
  • http/tests/navigation/resources/redirect-preserves-fragment.php: Added.
  • http/tests/navigation/resources/redirect-to-fragment.php: Added.
  • http/tests/navigation/resources/redirect-to-fragment2.php: Added.
  • platform/ios/TestExpectations:
  • platform/mac/TestExpectations:
9:59 AM Changeset in webkit [214806] by commit-queue@webkit.org
  • 25 edits
    2 adds in trunk

captureStream is getting black frames with webgl canvas
https://bugs.webkit.org/show_bug.cgi?id=170325

Patch by Youenn Fablet <youenn@apple.com> on 2017-04-03
Reviewed by Dean Jackson.

Source/WebCore:

Test: fast/mediastream/captureStream/canvas3d.html

Changing the webgl context to save buffers in case the canvas is captured.
Adding a canvas changed notification in case of clear.
In the future, we might want to change this notification and do it when endPaint or similar is called.

Adding an Internals API to grab the RGBA equivalent of the next track frame.
For that purpose, adding a bunch of WEBCORE_EXPORT.

  • Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:

(WebCore::CanvasCaptureMediaStreamTrack::Source::Source): Adding constraints support so that track settings
getter actually transmits the width and height of the source.
(WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged): ensuring webgl canvas context keep their drawing buffer.

  • Modules/mediastream/MediaStreamTrack.h:
  • bindings/js/JSDOMGuardedObject.h:
  • bindings/js/JSDOMPromise.h:

(WebCore::DeferredPromise::resolve):
(WebCore::DeferredPromise::reject):

  • dom/ActiveDOMCallback.h:
  • html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::captureStream):

  • html/ImageData.h:
  • html/ImageData.idl:
  • html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::clear): ensuring canvas observers get notified in case of clear calls.

  • html/canvas/WebGLRenderingContextBase.h:

(WebCore::WebGLRenderingContextBase::preserveDrawingBuffer): Added to allow canvas capture to update this property.

  • platform/MediaSample.h:

(WebCore::MediaSample::getRGBAImageData): Added for internals API.

  • platform/graphics/avfoundation/MediaSampleAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:

(WebCore::MediaSampleAVFObjC::getRGBAImageData):

  • platform/graphics/cv/PixelBufferConformerCV.cpp:

(WebCore::PixelBufferConformerCV::convert): Helper routine for getRGBAImageData.

  • platform/graphics/cv/PixelBufferConformerCV.h:
  • platform/mediastream/RealtimeMediaSourceSettings.h:

(WebCore::RealtimeMediaSourceSettings::setSupportedConstraints):
(WebCore::RealtimeMediaSourceSettings::setSupportedConstraits): Deleted.

  • platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::initializeSettings):

  • platform/mediastream/openwebrtc/RealtimeAudioSourceOwr.h:
  • platform/mediastream/openwebrtc/RealtimeVideoSourceOwr.h:
  • platform/mock/MockRealtimeMediaSource.cpp:

(WebCore::MockRealtimeMediaSource::initializeSettings):

  • testing/Internals.cpp:

(WebCore::Internals::grabNextMediaStreamTrackFrame):
(WebCore::Internals::videoSampleAvailable):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • fast/mediastream/captureStream/canvas3d-expected.txt: Added.
  • fast/mediastream/captureStream/canvas3d.html: Added.
9:54 AM Changeset in webkit [214805] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214509 - The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
https://bugs.webkit.org/show_bug.cgi?id=170213
<rdar://problem/30755345>

Reviewed by Filip Pizlo.

The current condition for stealing the conn isn't tight enough. Restricting the
stealing to when m_currentPhase == NotRunning ensures that the Collector is
really done running.

No test because this issue only manifests with a race condition that is difficult
to reproduce on demand.

  • heap/Heap.cpp:

(JSC::Heap::requestCollection):

9:53 AM Changeset in webkit [214804] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214501 - Missing render tree position invalidation when tearing down renderers for display:contents subtree
https://bugs.webkit.org/show_bug.cgi?id=170199
<rdar://problem/31260856>

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: fast/shadow-dom/slot-renderer-teardown.html

  • style/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::updateElementRenderer):

Invalidate the render tree position in case we do a teardown for an element without renderer.

LayoutTests:

  • fast/shadow-dom/slot-renderer-teardown-expected.txt: Added.
  • fast/shadow-dom/slot-renderer-teardown.html: Added.
9:47 AM Changeset in webkit [214803] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Tools

Merge r214398 - [GTK] No value returned from PrintCustomWidgetTest::createWebKitPrintOperation() in TestPrinting.cpp
https://bugs.webkit.org/show_bug.cgi?id=170059

Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2017-03-25
Reviewed by Carlos Garcia Campos.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestPrinting.cpp: Use "void" as return type in the declaration,

the only use of the method in this same file ignores the returned value anyway.

9:46 AM Changeset in webkit [214802] by Carlos Garcia Campos
  • 1 edit
    1 delete in releases/WebKitGTK/webkit-2.16/LayoutTests

Merge r214248 - Unreviewed GTK+ gardening. Remove platform expectation after r214246.

  • platform/gtk/http/tests/loading/server-redirect-for-provisional-load-caching-expected.txt: Removed.
9:46 AM Changeset in webkit [214801] by Carlos Garcia Campos
  • 1 edit in releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog

Merge r214392 - media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure
https://bugs.webkit.org/show_bug.cgi?id=170087
<rdar://problem/31254822>

Reviewed by Simon Fraser.

Reduce the scope of code that should never dispatch DOM events so as to allow updating contents size
after restoring a page from the page cache.

In r214014 we instantiate a NoEventDispatchAssertion in FrameLoader::commitProvisionalLoad()
around the call to CachedPage::restore() to assert when a DOM event is dispatched during
page restoration as such events can cause re-entrancy into the page cache. As it turns out
it is sufficient to ensure that no DOM events are dispatched after restoring all cached frames
as opposed to after CachedPage::restore() returns.

Also rename Document::enqueue{Pageshow, Popstate}Event() to dispatch{Pageshow, Popstate}Event(),
respectively, since they synchronously dispatch events :(. We hope in the future to make them
asynchronously dispatch events.

  • dom/Document.cpp:

(WebCore::Document::implicitClose): Update for renaming.
(WebCore::Document::statePopped): Ditto.
(WebCore::Document::dispatchPageshowEvent): Renamed; formerly named enqueuePageshowEvent().
(WebCore::Document::dispatchPopstateEvent): Renamed; formerly named enqueuePopstateEvent().
(WebCore::Document::enqueuePageshowEvent): Deleted.
(WebCore::Document::enqueuePopstateEvent): Deleted.

  • dom/Document.h:
  • history/CachedPage.cpp:

(WebCore::firePageShowAndPopStateEvents): Moved logic from FrameLoader::didRestoreFromCachedPage() to here.
(WebCore::CachedPage::restore): Modified to call firePageShowAndPopStateEvents().

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad): Removed use of NoEventDispatchAssertion RAII object. We
will instantiate it in CachedPage::restore() with a smaller scope.
(WebCore::FrameLoader::didRestoreFromCachedPage): Deleted; moved logic from here to WebCore::firePageShowAndPopStateEvents().

  • loader/FrameLoader.h:
9:22 AM Changeset in webkit [214800] by Carlos Garcia Campos
  • 7 edits
    5 adds in releases/WebKitGTK/webkit-2.16

Merge r214375 - A null compound index value crashes the Databases process.
<rdar://problem/30499831> and https://bugs.webkit.org/show_bug.cgi?id=170000

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/single-entry-index-invalid-key-crash.html

  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::createKeyPathArray): Fix the bug by rejecting arrays with any invalid keys in them.

Add some logging:

  • Modules/indexeddb/IDBKeyPath.cpp:

(WebCore::loggingString):

  • Modules/indexeddb/IDBKeyPath.h:
  • Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::createIndex):

  • Modules/indexeddb/shared/IDBIndexInfo.cpp:

(WebCore::IDBIndexInfo::loggingString):

LayoutTests:

  • storage/indexeddb/modern/resources/single-entry-index-invalid-key-crash.js: Added.
  • storage/indexeddb/modern/single-entry-index-invalid-key-crash-expected.txt: Added.
  • storage/indexeddb/modern/single-entry-index-invalid-key-crash-private-expected.txt: Added.
  • storage/indexeddb/modern/single-entry-index-invalid-key-crash-private.html: Added.
  • storage/indexeddb/modern/single-entry-index-invalid-key-crash.html: Added.
9:11 AM Changeset in webkit [214799] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214374 - Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
https://bugs.webkit.org/show_bug.cgi?id=170064
<rdar://problem/31246098>

Reviewed by Geoffrey Garen.

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoPrivateFuncConcatMemcpy):

  • runtime/JSArray.cpp:

(JSC::JSArray::fastSlice):

9:10 AM Changeset in webkit [214798] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214365 - Prevent new navigations during document unload
https://bugs.webkit.org/show_bug.cgi?id=169934
<rdar://problem/31247584>

Reviewed by Chris Dumez.

Source/WebCore:

Similar to our policy of preventing new navigations from onbeforeunload handlers
we should prevent new navigations that are initiated during the document unload
process.

The significant part of this change is the instantiation of the RAII object NavigationDisabler
in Document::prepareForDestruction(). The rest of this change just renames class
NavigationDisablerForBeforeUnload to NavigationDisabler now that this RAII class is
used to prevent navigation from both onbeforeunload event handlers and when unloading
a document.

Test: fast/frames/frame-unload-navigate-and-setTimeout-assert-fail.html

  • dom/Document.cpp:

(WebCore::Document::prepareForDestruction): Disable new navigations when disconnecting
subframes. Also assert that the document is not in the page cache before we fall off
the end of the function.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::isNavigationAllowed): Update for renaming below.
(WebCore::FrameLoader::shouldClose): Ditto.

  • loader/NavigationScheduler.cpp:

(WebCore::NavigationScheduler::shouldScheduleNavigation): Ditto.

  • loader/NavigationScheduler.h:

(WebCore::NavigationDisabler::NavigationDisabler): Renamed class; formerly named NavigationDisablerForBeforeUnload.
(WebCore::NavigationDisabler::~NavigationDisabler): Ditto.
(WebCore::NavigationDisabler::isNavigationAllowed): Ditto.
(WebCore::NavigationDisablerForBeforeUnload::NavigationDisablerForBeforeUnload): Deleted.
(WebCore::NavigationDisablerForBeforeUnload::~NavigationDisablerForBeforeUnload): Deleted.
(WebCore::NavigationDisablerForBeforeUnload::isNavigationAllowed): Deleted.

LayoutTests:

Add a test to ensure that we do not cause an assertion fail when calling setTimeout
after starting a navigation from an onunload event handler.

  • fast/frames/frame-unload-navigate-and-setTimeout-assert-fail-expected.txt: Added.
  • fast/frames/frame-unload-navigate-and-setTimeout-assert-fail.html: Added.
9:00 AM Changeset in webkit [214797] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214345 - [JSC] Use jsNontrivialString agressively for ToString(Int52)
https://bugs.webkit.org/show_bug.cgi?id=170002

Reviewed by Sam Weinig.

JSTests:

  • stress/to-string-int52.js: Added.

(shouldBe):
(toString10):
(expected):

Source/JavaScriptCore:

We use the same logic used for Int32 to use jsNontvirialString.
After single character check, produced string is always longer than 1.
Thus, we can use jsNontrivialString.

  • runtime/NumberPrototype.cpp:

(JSC::int52ToString):

8:58 AM Changeset in webkit [214796] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.16

Merge r214340 - Text stroke is sometimes clipped on video captions.
https://bugs.webkit.org/show_bug.cgi?id=170006

Reviewed by Eric Carlson.

Source/WebCore:

Set 'overflow' property to 'visible' on cue element to avoid clipping of text stroke.

Updated test media/track/track-css-stroke-cues.html.

  • html/track/TextTrackCueGeneric.cpp:

(WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):

  • html/track/VTTCue.cpp:

(WebCore::VTTCueBox::applyCSSProperties):

LayoutTests:

  • media/track/track-css-stroke-cues-expected.txt:
  • media/track/track-css-stroke-cues.html:
8:56 AM Changeset in webkit [214795] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214334 - Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
https://bugs.webkit.org/show_bug.cgi?id=170025
<rdar://problem/31228679>

Reviewed by Saam Barati.

  • runtime/ArrayPrototype.cpp:

(JSC::copySplicedArrayElements):
(JSC::arrayProtoFuncSplice):

8:43 AM Changeset in webkit [214794] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214323 - [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
https://bugs.webkit.org/show_bug.cgi?id=169998

Reviewed by Saam Barati.

JSTests:

  • microbenchmarks/int52-back-and-forth.js: Added.

(shouldBe):
(num):

Source/JavaScriptCore:

Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.

This patch tighten the conditions of addShouldSpeculateAnyInt.

  1. Honor DoubleConstant.

When executing imaging-darkroom, we have a thing like that,

132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
1320:< 1:loc38> Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
1321:< 1:loc39> Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)

The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
severe performance regression.

Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.

One thing can be found that we have DoubleConstant in the RHS. It means that we have 1.0 instead of 1 in the code.
We can see the code like lhs - 1.0 instead of lhs - 1 in imaging-darkroom. It offers good information that lhs and
the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
it in Int52.

So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.

  1. Two Int52Rep(Double) conversions are not desirable.

We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
cheap since only one Double to Int52 conversion could be required.
This recovers some regression in assorted tests while keeping kraken crypto improvements.

  1. Avoid frequent Int52 to JSValue conversions.

Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
converting Int52, performing ArithAdd, and soon converting back to JSValue.

The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
And still it keeps kraken crypto improvements.

baseline patched

imaging-darkroom 201.112+-3.192 189.532+-2.883 definitely 1.0611x faster
stanford-crypto-pbkdf2 103.953+-2.325 100.926+-2.396 might be 1.0300x faster
stanford-crypto-sha256-iterative 35.103+-1.071 ? 36.049+-1.143 ? might be 1.0270x slower

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::addShouldSpeculateAnyInt):

6:57 AM Changeset in webkit [214793] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebKit2

Merge r214786 - Mutex may be freed too late in NetworkCache::Storage::traverse
https://bugs.webkit.org/show_bug.cgi?id=170400
<rdar://problem/30515865>

Reviewed by Carlos Garcia Campos and Andreas Kling.

Fix a race.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::traverse):

Ensure the mutex is not accessed after we dispatch to the main thread.
The main thread call deletes the owning TraverseOperation.

6:56 AM Changeset in webkit [214792] by Carlos Garcia Campos
  • 10 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214313 - Clients of JSArray::tryCreateForInitializationPrivate() should do their own null checks.
https://bugs.webkit.org/show_bug.cgi?id=169783

Reviewed by Saam Barati.

JSTests:

  • stress/regress-169783.js: Added.

Source/JavaScriptCore:

Fixed clients of tryCreateForInitializationPrivate() to do a null check and throw
an OutOfMemoryError if allocation fails, or RELEASE_ASSERT that the allocation
succeeds.

  • dfg/DFGOperations.cpp:
  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSplice):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/JSArray.cpp:

(JSC::JSArray::tryCreateForInitializationPrivate):
(JSC::JSArray::fastSlice):

  • runtime/JSArray.h:

(JSC::constructArray):
(JSC::constructArrayNegativeIndexed):

  • runtime/RegExpMatchesArray.cpp:

(JSC::createEmptyRegExpMatchesArray):

  • runtime/RegExpMatchesArray.h:

(JSC::createRegExpMatchesArray):

6:36 AM Changeset in webkit [214791] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214309 - WebSQL databases should not openable in private browsing.
<rdar://problem/30383335> and https://bugs.webkit.org/show_bug.cgi?id=170013

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/private-browsing-open-disabled.html

  • Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::openDatabaseBackend):
(WebCore::DatabaseManager::tryToOpenDatabaseBackend): Throw an exception if in private browsing.

  • Modules/webdatabase/DatabaseManager.h:

LayoutTests:

  • storage/websql/private-browsing-open-disabled-expected.txt: Added.
  • storage/websql/private-browsing-open-disabled.html: Added.
6:33 AM Changeset in webkit [214790] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214305 - NeverDestroyed<MediaQueryEvaluator> must explicitly construct with a String
https://bugs.webkit.org/show_bug.cgi?id=169987
<rdar://problem/31211087>

Reviewed by Alex Christensen.

CSSDefaultStyleSheets creates a static MediaQueryEvaluator, but thanks
to the template magic of NeverDestroyed, it was converting the char*
argument into a bool, and calling the wrong constructor.

Unfortunately this is difficult to test because it only affects
the default UA style sheets, and they currently don't have
and @media rules (which would always evaluate to true given
the bug). I don't want to put in a useless rule just to check
if the bug is fixed. When one is added for bug 168447, this change
will be exercised.

  • css/CSSDefaultStyleSheets.cpp: Explicitly construct with a String

rather than a char*.
(WebCore::screenEval):
(WebCore::printEval):

6:32 AM Changeset in webkit [214789] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214296 - [JSC][DFG] Propagate AnyIntAsDouble information carefully to utilize it in fixup
https://bugs.webkit.org/show_bug.cgi?id=169914

Reviewed by Saam Barati.

JSTests:

  • stress/any-int-as-double-add.js: Added.

(shouldBe):
(test):

  • stress/to-this-numbers.js: Added.

(shouldBe):
(Number.prototype.toThis):

Source/JavaScriptCore:

In DFG prediction propagation phase, we pollute the prediction of GetByVal for Array::Double
as SpecDoubleReal even if the heap prediction says the proper prediction is SpecAnyIntAsDouble.
Thus, the following nodes just see the result of GetByVal(Array::Double) as double value,
and select suboptimal edge filters in fixup phase. For example, if the result of GetByVal is
SpecAnyIntAsDouble, we can see the node like ArithAdd(SpecAnyIntAsDouble, Int52) and we should
have a chance to make it ArithAdd(Check:Int52, Int52) instead of ArithAdd(Double, Double).

This patch propagates SpecAnyIntAsDouble in GetByVal(Array::Double) properly. And ValueAdd,
ArithAdd and ArithSub select AnyInt edge filters for SpecAnyIntAsDouble values. It finally
produces a Int52 specialized DFG node. And subsequent nodes using the produced one also
become Int52 specialized.

One considerable problem is that the heap prediction misses the non any int doubles. In that case,
if Int52 edge filter is used, BadType exit will occur. It updates the prediction of the value profile
of GetByVal. So, in the next time, GetByVal(Array::Double) produces more conservative predictions
and avoids exit-and-recompile loop correctly.

This change is very sensitive to the correct AI and appropriate predictions. Thus, this patch finds
and fixes some related issues. One is incorrect prediction of ToThis and another is incorrect
AI logic for Int52Rep.

This change dramatically improves kraken benchmarks' crypto-pbkdf2 and crypto-sha256-iterative
by 42.0% and 30.7%, respectively.

baseline patched

Kraken:
ai-astar 158.851+-4.132 ? 159.433+-5.176 ?
audio-beat-detection 53.193+-1.621 ? 53.391+-2.072 ?
audio-dft 103.589+-2.277 ? 104.902+-1.924 ? might be 1.0127x slower
audio-fft 40.491+-1.102 39.854+-0.755 might be 1.0160x faster
audio-oscillator 68.504+-1.721 ? 68.957+-1.725 ?
imaging-darkroom 118.367+-2.171 ? 119.581+-2.310 ? might be 1.0103x slower
imaging-desaturate 71.443+-1.461 ? 72.398+-1.918 ? might be 1.0134x slower
imaging-gaussian-blur 110.648+-4.035 109.184+-3.373 might be 1.0134x faster
json-parse-financial 60.363+-1.628 ? 61.936+-1.585 ? might be 1.0261x slower
json-stringify-tinderbox 37.903+-0.869 ? 39.559+-1.607 ? might be 1.0437x slower
stanford-crypto-aes 56.313+-1.512 ? 56.675+-1.715 ?
stanford-crypto-ccm 51.564+-1.900 ? 53.456+-2.548 ? might be 1.0367x slower
stanford-crypto-pbkdf2 129.546+-2.738 91.214+-2.027 definitely 1.4202x faster
stanford-crypto-sha256-iterative 43.515+-0.730 33.292+-0.653 definitely 1.3071x faster

<arithmetic> 78.878+-0.528 75.988+-0.621 definitely 1.0380x faster

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::addShouldSpeculateAnyInt):

  • dfg/DFGPredictionPropagationPhase.cpp:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):

6:25 AM Changeset in webkit [214788] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214290 - Dynamically applied :empty pseudo class with display:none does not get unapplied
https://bugs.webkit.org/show_bug.cgi?id=169907

Reviewed by Ryosuke Niwa.

Source/WebCore:

We improperly reset the styleAffectedByEmpty bit when removing the renderer when :empty starts
applying. We then fail to invalidate the style when the element becomes non-empty again.

Fix by resetting the style relation bits only when computing the style.

Test: fast/css/empty-display-none-invalidation.html

  • dom/Element.cpp:

(WebCore::Element::resetStyleRelations):

Expose this separately.

(WebCore::Element::clearStyleDerivedDataBeforeDetachingRenderer):

Don't reset style relation bits when removing renderers.

  • dom/Element.h:
  • dom/ElementRareData.h:

(WebCore::ElementRareData::resetComputedStyle):
(WebCore::ElementRareData::resetStyleRelations):

Reset all these bits in one function.

(WebCore::ElementRareData::resetDynamicRestyleObservations): Deleted.

  • style/StyleTreeResolver.cpp:

(WebCore::Style::resetStyleForNonRenderedDescendants):
(WebCore::Style::TreeResolver::resolveComposedTree):

Call the explicit style relation reset function when recomputing style.

LayoutTests:

  • fast/css/empty-display-none-invalidation-expected.html: Added.
  • fast/css/empty-display-none-invalidation.html: Added.
6:17 AM Changeset in webkit [214787] by pvollan@apple.com
  • 20 edits
    6 adds in trunk

Implement stroke-miterlimit.
https://bugs.webkit.org/show_bug.cgi?id=169078

Reviewed by Dean Jackson.

Source/WebCore:

Support stroke-miterlimit for text rendering, see https://drafts.fxtf.org/paint/.

Tests: fast/css/stroke-miterlimit-default.html

fast/css/stroke-miterlimit-large.html
fast/css/stroke-miterlimit-zero.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

  • css/CSSProperties.json:
  • css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::svgPropertyValue):

  • rendering/TextPaintStyle.cpp:

(WebCore::computeTextPaintStyle):
(WebCore::updateGraphicsContext):

  • rendering/TextPaintStyle.h:
  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::diff):

  • rendering/style/RenderStyle.h:

(WebCore::RenderStyle::strokeMiterLimit):
(WebCore::RenderStyle::setStrokeMiterLimit):
(WebCore::RenderStyle::initialStrokeMiterLimit):
(WebCore::RenderStyle::setStrokeDashOffset):

  • rendering/style/RenderStyleConstants.cpp:
  • rendering/style/RenderStyleConstants.h:
  • rendering/style/SVGRenderStyle.cpp:

(WebCore::SVGRenderStyle::diff):

  • rendering/style/SVGRenderStyle.h:

(WebCore::SVGRenderStyle::initialStrokeDashArray):
(WebCore::SVGRenderStyle::strokeDashArray):
(WebCore::SVGRenderStyle::initialStrokeMiterLimit): Deleted.
(WebCore::SVGRenderStyle::strokeMiterLimit): Deleted.
(WebCore::SVGRenderStyle::setStrokeMiterLimit): Deleted.

  • rendering/style/SVGRenderStyleDefs.cpp:

(WebCore::StyleStrokeData::StyleStrokeData):
(WebCore::StyleStrokeData::operator==):

  • rendering/style/SVGRenderStyleDefs.h:
  • rendering/style/StyleRareInheritedData.cpp:

(WebCore::StyleRareInheritedData::StyleRareInheritedData):
(WebCore::StyleRareInheritedData::operator==):

  • rendering/style/StyleRareInheritedData.h:
  • rendering/svg/RenderSVGShape.cpp:

(WebCore::RenderSVGShape::hasSmoothStroke):

  • rendering/svg/SVGRenderSupport.cpp:

(WebCore::SVGRenderSupport::applyStrokeStyleToContext):

  • rendering/svg/SVGRenderTreeAsText.cpp:

(WebCore::writeStyle):

LayoutTests:

  • fast/css/stroke-miterlimit-default-expected.html: Added.
  • fast/css/stroke-miterlimit-default.html: Added.
  • fast/css/stroke-miterlimit-large-expected-mismatch.html: Added.
  • fast/css/stroke-miterlimit-large.html: Added.
  • fast/css/stroke-miterlimit-zero-expected-mismatch.html: Added.
  • fast/css/stroke-miterlimit-zero.html: Added.
6:08 AM Changeset in webkit [214786] by Antti Koivisto
  • 2 edits in trunk/Source/WebKit2

Mutex may be freed too late in NetworkCache::Storage::traverse
https://bugs.webkit.org/show_bug.cgi?id=170400
<rdar://problem/30515865>

Reviewed by Carlos Garcia Campos and Andreas Kling.

Fix a race.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::traverse):

Ensure the mutex is not accessed after we dispatch to the main thread.
The main thread call deletes the owning TraverseOperation.

6:07 AM Changeset in webkit [214785] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214283 - [GTK] Honor GTK+ font settings
https://bugs.webkit.org/show_bug.cgi?id=82889

Reviewed by Carlos Garcia Campos.

After much discussion with Behdad and Martin (who is still not completely convinced I think
:) I want to merge cairo font options into the Fontconfig pattern used for rendering using
cairo_ft_font_options_substitute(). This is how the API was designed to be used anyway.
Fontconfig will still have final say over whether to actually respect the desktop settings
or not, so it can still choose to ignore the desktop's settings, but I don't think it makes
sense to have desktop-wide font settings and not tell Fontconfig about them, especially when
the whole point of WebKitGTK+ is desktop integration. This should also reduce complaints
that we're not following desktop settings and that we're drawing fonts differently than
Firefox.

  • PlatformGTK.cmake:
  • platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::getDefaultCairoFontOptions):

  • platform/graphics/cairo/CairoUtilities.h:
  • platform/graphics/freetype/FontCacheFreeType.cpp:

(WebCore::createFontConfigPatternForCharacters):
(WebCore::strongAliasesForFamily):
(WebCore::FontCache::createFontPlatformData):

  • platform/graphics/freetype/FontPlatformDataFreeType.cpp:

(WebCore::getDefaultFontconfigOptions):
(WebCore::getDefaultCairoFontOptions): Deleted.

  • platform/graphics/gtk/GdkCairoUtilities.cpp:

(getDefaultCairoFontOptions):

6:06 AM Changeset in webkit [214784] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Tools

Merge r214347 - Unreviewed. Fix GTK+ test /webkit2/WebKitWebView/javascript-dialogs after r214277.

Since r214277 beforeunload events are not fired unless there's some user interaction, so we need to simulate it
in our unit tests to work.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp:

(testWebViewJavaScriptDialogs):

6:06 AM Changeset in webkit [214783] by Carlos Garcia Campos
  • 12 edits
    6 adds in releases/WebKitGTK/webkit-2.16

Merge r214277 - WebKit should disallow beforeunload alerts from web pages users have never interacted with
https://bugs.webkit.org/show_bug.cgi?id=169936
<rdar://problem/23798897>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

  • web-platform-tests/html/browsers/browsing-the-web/unloading-documents/beforeunload-canceling-expected.txt:
  • web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:

Rebaseline now that the CONFIRM MESSAGE lines are now longer shown. This is because there is no user interaction
with the page.

Source/WebCore:

WebKit should disallow beforeunload alerts from web pages users have never interacted with.
This reduces the risk of annoyance to the user and is allowed by the specification:

which says:
"""
The user agent is encouraged to avoid asking the user for confirmation if it judges that doing
so would be annoying, deceptive, or pointless. A simple heuristic might be that if the user
has not interacted with the document, the user agent would not ask for confirmation before
unloading it.
"""

Firefox already implements this, Chrome does not.

Tests: fast/events/beforeunload-alert-no-user-interaction.html

fast/events/beforeunload-alert-user-interaction.html
fast/events/beforeunload-alert-user-interaction2.html

  • loader/FrameLoader.cpp:

(WebCore::shouldAskForNavigationConfirmation):
(WebCore::FrameLoader::dispatchBeforeUnloadEvent):

LayoutTests:

  • fast/events/before-unload-return-string-conversion-expected.txt:
  • fast/events/before-unload-returnValue-expected.txt:

Rebaseline now that the CONFIRM MESSAGE is no longer shown. This is because there is
no user interaction with the page.

  • fast/events/beforeunload-alert-no-user-interaction-expected.txt: Added.
  • fast/events/beforeunload-alert-no-user-interaction.html: Added.
  • fast/events/beforeunload-alert-user-interaction-expected.txt: Added.
  • fast/events/beforeunload-alert-user-interaction.html: Added.
  • fast/events/beforeunload-alert-user-interaction2-expected.txt: Added.
  • fast/events/beforeunload-alert-user-interaction2.html: Added.

Add layout test coverage.

  • fast/loader/form-submission-after-beforeunload-cancel.html:
  • fast/loader/show-only-one-beforeunload-dialog.html:
  • http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin.html:
  • http/tests/misc/iframe-beforeunload-dialog-not-matching-ancestor-securityorigin.html:

Simulate user interaction with the page so that the CONFIRM MESSAGE log lines are still
shown.

6:02 AM Changeset in webkit [214782] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214276 - ASan violation in IconLoader::stopLoading
https://bugs.webkit.org/show_bug.cgi?id=169960
<rdar://problem/30577691>

Reviewed by David Kilzer.

DocumentLoader::finishLoadingIcon handles the life cycle of the IconLoader. Once this method is called,
we should return immediately rather than attempt to make further modifications to the IconLoader.

No new tests due to lack of test features (see https://bugs.webkit.org/show_bug.cgi?id=164895). Easily
tested in MiniBrowser under ASan visiting websites with icons.

  • loader/icon/IconLoader.cpp:

(WebCore::IconLoader::notifyFinished):

6:00 AM Changeset in webkit [214781] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214272 - [JSC] Use jsNontrivialString for Number toString operations
https://bugs.webkit.org/show_bug.cgi?id=169965

Reviewed by Mark Lam.

JSTests:

  • stress/to-string-int32.js: Added.

(shouldBe):
(toString10):
(expected):

Source/JavaScriptCore:

After single character check, produced string is always longer than 1.
Thus, we can use jsNontrivialString.

  • runtime/NumberPrototype.cpp:

(JSC::int32ToStringInternal):

5:59 AM Changeset in webkit [214780] by Carlos Garcia Campos
  • 12 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214255 - Use AtomicString in RuleSet and RuleFeature
https://bugs.webkit.org/show_bug.cgi?id=119310
<rdar://problem/28214658>

Reviewed by Andreas Kling.

..instead of the plain AtomicStringImpl*. This introduces some ref churn but not too much.

  • css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::ancestorClassRules):
(WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):

  • css/DocumentRuleSets.h:
  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::collectMatchingRules):
(WebCore::ElementRuleCollector::collectMatchingShadowPseudoElementRules):

  • css/RuleFeature.cpp:

(WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
(WebCore::makeAttributeSelectorKey):
(WebCore::RuleFeatureSet::collectFeatures):

  • css/RuleFeature.h:
  • css/RuleSet.cpp:

(WebCore::RuleSet::addToRuleSet):
(WebCore::rulesCountForName):
(WebCore::RuleSet::addRule):

  • css/RuleSet.h:

(WebCore::RuleSet::idRules):
(WebCore::RuleSet::classRules):
(WebCore::RuleSet::shadowPseudoElementRules):
(WebCore::RuleSet::tagRules):

  • css/StyleResolver.h:

(WebCore::StyleResolver::hasSelectorForAttribute):
(WebCore::StyleResolver::hasSelectorForClass):
(WebCore::StyleResolver::hasSelectorForId):

  • style/AttributeChangeInvalidation.cpp:

(WebCore::Style::mayBeAffectedByAttributeChange):
(WebCore::Style::AttributeChangeInvalidation::invalidateStyle):

  • style/IdChangeInvalidation.cpp:

(WebCore::Style::mayBeAffectedByHostRules):
(WebCore::Style::mayBeAffectedBySlottedRules):
(WebCore::Style::IdChangeInvalidation::invalidateStyle):

  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::resolve):
(WebCore::Style::SharingResolver::canShareStyleWithElement):
(WebCore::Style::SharingResolver::classNamesAffectedByRules):

5:56 AM Changeset in webkit [214779] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.16

Merge r214254 - Safari sends empty "Access-Control-Request-Headers" in preflight request
https://bugs.webkit.org/show_bug.cgi?id=169851

Patch by Youenn Fablet <youenn@apple.com> on 2017-03-22
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

  • web-platform-tests/fetch/api/cors/cors-preflight-expected.txt:
  • web-platform-tests/fetch/api/cors/cors-preflight.js:

Source/WebCore:

Covered by updated test.

  • loader/CrossOriginAccessControl.cpp:

(WebCore::createAccessControlPreflightRequest): Not adding "Access-Control-Request-Headers" to
request header if value is empty.

5:39 AM Changeset in webkit [214778] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214246 - [Soup] "Only from websites I visit" cookie policy is broken
https://bugs.webkit.org/show_bug.cgi?id=168912

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Do not reset the first party for cookies on redirects. That's properly done for the main
resource in DocumentLoader::willSendRequest and, in the case of subresources, is absolutely
wrong (which is what we were doing since r143931).

The most notable effect was that subresources loaded via redirects were effectively
bypassing the "no third party" policy for cookies.

Test: http/tests/security/cookies/third-party-cookie-blocking-redirect.html

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect):

Source/WebKit2:

Do not reset the first party for cookies on redirects. That's properly done for the main
resource in DocumentLoader::willSendRequest and, in the case of subresources, is absolutely
wrong (which is what we were doing since r143931).

The most notable effect was that subresources loaded via redirects were effectively
bypassing the "no third party" policy for cookies.

  • NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::continueHTTPRedirection):

LayoutTests:

  • http/tests/security/cookies/third-party-cookie-blocking-redirect-expected.txt: Added.
  • http/tests/security/cookies/third-party-cookie-blocking-redirect.html: Added.
5:36 AM Changeset in webkit [214777] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214240 - The DFG Integer Check Combining phase should force an OSR exit for CheckInBounds on a negative constant min bound.
https://bugs.webkit.org/show_bug.cgi?id=169933
<rdar://problem/31105125>

Reviewed by Filip Pizlo and Geoffrey Garen.

Also fixed the bit-rotted RangeKey::dump() function.

  • dfg/DFGIntegerCheckCombiningPhase.cpp:

(JSC::DFG::IntegerCheckCombiningPhase::handleBlock):

5:35 AM Changeset in webkit [214776] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.16

Merge r214237 - Disable all virtual tables.
<rdar://problem/31081972> and https://bugs.webkit.org/show_bug.cgi?id=169928
Source/WebCore:

Reviewed by Jer Noble.

No new tests (Covered by changes to existing test).

  • Modules/webdatabase/DatabaseAuthorizer.cpp:

(WebCore::DatabaseAuthorizer::createVTable):
(WebCore::DatabaseAuthorizer::dropVTable):

LayoutTests:

Reviewed by Jer Noble.

  • storage/websql/test-authorizer-expected.txt:
  • storage/websql/test-authorizer.js:

(createStatementsCallback):

5:34 AM Changeset in webkit [214775] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214232 - 2017-03-21 Zalan Bujtas <Alan Bujtas>

Tear down descendant renderers when <slot>'s display value is set to no "contents".
https://bugs.webkit.org/show_bug.cgi?id=169921
<rdar://problem/30336417>

Reviewed by Antti Koivisto.

Since "display: contents" does not generate a renderer, when an element's display value is
changed to something other than "contents", we not only create a renderer but also reparent its descendant
subtree (e.g from slot's parent to the newly constructed slot renderer). During this reparenting, we
need to tear down the descendant subtree tree and build it up again to reflect the new rendering context.

Test: fast/shadow-dom/slot-with-continuation-descendants.html

  • style/RenderTreeUpdater.cpp: (WebCore::RenderTreeUpdater::updateElementRenderer):
5:33 AM Changeset in webkit [214774] by Carlos Garcia Campos
  • 25 edits
    3 adds in releases/WebKitGTK/webkit-2.16

Merge r214219 - [JSC] Optimize Number.prototype.toString on Int32 / Int52 / Double
https://bugs.webkit.org/show_bug.cgi?id=167454

Reviewed by Saam Barati.

JSTests:

  • stress/number-to-string-abstract-operation.js: Added.

(shouldBe):
(int32ToString):
(shouldBe.int32ToString.new.Number.int52ToString):
(shouldBe.int32ToString.new.Number):
(shouldBe.doubleToString):

  • stress/number-to-string-radix.js: Added.

(shouldBe):
(int32ToString):
(shouldBe.int32ToString.new.Number.int52ToString):
(shouldBe.int32ToString.new.Number):
(shouldBe.doubleToString):

  • stress/number-to-string.js: Added.

(shouldBe):
(int32ToString):
(shouldBe.int32ToString.new.Number.int52ToString):
(shouldBe.int32ToString.new.Number):
(shouldBe.doubleToString):

Source/JavaScriptCore:

This patch improves Number.toString(radix) performance
by introducing NumberToStringWithRadix DFG node. It directly
calls the operation and it always returns String.

baseline patched

stanford-crypto-sha256-iterative 45.130+-0.928 44.032+-1.184 might be 1.0250x faster

5:32 AM Changeset in webkit [214773] by Carlos Garcia Campos
  • 28 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r212939 - Intrinsicify parseInt
https://bugs.webkit.org/show_bug.cgi?id=168627

Reviewed by Filip Pizlo.

JSTests:

  • stress/parse-int-intrinsic.js: Added.

(assert):
(testIntrinsic.let.s):
(testIntrinsic):
(testIntrinsic2.baz):
(testIntrinsic2):
(testIntrinsic3.foo):
(testIntrinsic3):
(testIntrinsic4.foo):
(testIntrinsic4):
(testIntrinsic5.foo):
(testIntrinsic5):
(testIntrinsic6.foo):
(testIntrinsic6):
(testIntrinsic7.foo):
(testIntrinsic7):

Source/JavaScriptCore:

This patch makes parseInt an intrinsic in the DFG and FTL.
We do our best to eliminate this node. If we speculate that
the first operand to the operation is an int32, and that there
isn't a second operand, we convert to the identity of the first
operand. That's because parseInt(someInt) === someInt.

If the first operand is proven to be an integer, and the second
operand is the integer 0 or the integer 10, we can eliminate the
node by making it an identity over its first operand. That's
because parseInt(someInt, 0) === someInt and parseInt(someInt, 10) === someInt.

If we are not able to constant fold the node away, we try to remove
checks. The most common use case of parseInt is that its first operand
is a proven string. The DFG might be able to remove type checks in this
case. We also set up CSE rules for parseInt(someString, someIntRadix)
because it's a "pure" operation (modulo resolving a rope).

This looks to be a 4% Octane/Box2D progression.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasHeapPrediction):

  • dfg/DFGNodeType.h:
  • dfg/DFGOperations.cpp:

(JSC::DFG::parseIntResult):

  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileParseInt):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileParseInt):

  • jit/JITOperations.h:
  • parser/Lexer.cpp:
  • runtime/ErrorInstance.cpp:
  • runtime/Intrinsic.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::toStringView): Deleted.
(JSC::isStrWhiteSpace): Deleted.
(JSC::parseDigit): Deleted.
(JSC::parseIntOverflow): Deleted.
(JSC::parseInt): Deleted.

  • runtime/JSGlobalObjectFunctions.h:
  • runtime/ParseInt.h: Added.

(JSC::parseDigit):
(JSC::parseIntOverflow):
(JSC::isStrWhiteSpace):
(JSC::parseInt):
(JSC::toStringView):

  • runtime/StringPrototype.cpp:
5:24 AM Changeset in webkit [214772] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[OWR] Fix class structure for the OWR mock classes after last modifications
https://bugs.webkit.org/show_bug.cgi?id=170173

Patch by Alejandro G. Castro <alex@igalia.com> on 2017-04-03
Reviewed by Youenn Fablet.

In case of OWR MockRealtimeMediaSource inherits from
RealtimeMediaSourceOwr, so we have to change some of the function
interfaces.

  • platform/mock/MockRealtimeMediaSource.h:
5:01 AM Changeset in webkit [214771] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.16

Merge r214194 - Prevent new navigations from onbeforeunload handler
https://bugs.webkit.org/show_bug.cgi?id=169891
<rdar://problem/31155736>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Ensure that all navigations initiated from an onbeforeunload handler are disallowed
regardless of how they were scheduled. Such navigations go against the expectation
of a user.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::isNavigationAllowed): Added.
(WebCore::FrameLoader::loadURL): Modified code to call FrameLoader::isNavigationAllowed().
(WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
(WebCore::FrameLoader::stopAllLoaders): Ditto.

  • loader/FrameLoader.h:

LayoutTests:

Update test to ensure that we disallow navigation initiated via a DOM click event from
an onbeforeunload handler.

  • fast/events/before-unload-forbidden-navigation.html:
4:25 AM Changeset in webkit [214770] by Carlos Garcia Campos
  • 42 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214173 - Move code out of renderer destructors into willBeDestroyed()
https://bugs.webkit.org/show_bug.cgi?id=169650

Reviewed by Antti Koivisto.

This is done for four reasons. First, code in willBeDestroyed() is able to call
virtual functions on derived classes. Second, this code will run before we've destroyed
the renderer's rareData, so can safely access it. Third, RenderWidget is special, and can have
its lifetime extended via manual ref-counting, and we want all cleanup to complete
before it goes into this weird zombie state. Fourth, in a shiny future where we have
ref-counted RenderObjects, we want cleanup code to be run explicitly and not tied
to object lifetime, and this is a step in that direction.

For all classes that derive from RenderObject, move code from the destructor into
willBeDestroyed(). New willBeDestroyed() implementations must call the base class.

RenderBlock and RenderBlockFlow are special; RenderBlockFlow::willBeDestroyed()
skips over RenderBlock::willBeDestroyed(), but they both need to run some code, which
I moved into RenderBlock::blockWillBeDestroyed().

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::~RenderBlock):
(WebCore::RenderBlock::willBeDestroyed):
(WebCore::RenderBlock::blockWillBeDestroyed):

  • rendering/RenderBlock.h:
  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::~RenderBlockFlow):
(WebCore::RenderBlockFlow::willBeDestroyed):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::~RenderBox):
(WebCore::RenderBox::willBeDestroyed):

  • rendering/RenderBox.h:
  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::~RenderBoxModelObject):

  • rendering/RenderCounter.cpp:

(WebCore::RenderCounter::~RenderCounter):
(WebCore::RenderCounter::willBeDestroyed):

  • rendering/RenderCounter.h:
  • rendering/RenderElement.cpp:

(WebCore::RenderElement::~RenderElement):
(WebCore::RenderElement::willBeDestroyed):

  • rendering/RenderEmbeddedObject.cpp:

(WebCore::RenderEmbeddedObject::~RenderEmbeddedObject):
(WebCore::RenderEmbeddedObject::willBeDestroyed):

  • rendering/RenderEmbeddedObject.h:
  • rendering/RenderImage.cpp:

(WebCore::RenderImage::~RenderImage):
(WebCore::RenderImage::willBeDestroyed):

  • rendering/RenderImage.h:
  • rendering/RenderLayerModelObject.cpp:

(WebCore::RenderLayerModelObject::~RenderLayerModelObject):
(WebCore::RenderLayerModelObject::willBeDestroyed):

  • rendering/RenderLayerModelObject.h:
  • rendering/RenderLineBreak.cpp:

(WebCore::RenderLineBreak::~RenderLineBreak):
(WebCore::RenderLineBreak::willBeDestroyed):

  • rendering/RenderLineBreak.h:
  • rendering/RenderListBox.cpp:

(WebCore::RenderListBox::~RenderListBox):
(WebCore::RenderListBox::willBeDestroyed):

  • rendering/RenderListBox.h:
  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::~RenderListItem):
(WebCore::RenderListItem::willBeDestroyed):

  • rendering/RenderListItem.h:
  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::~RenderListMarker):
(WebCore::RenderListMarker::willBeDestroyed):

  • rendering/RenderListMarker.h:
  • rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::~RenderMenuList):
(WebCore::RenderMenuList::willBeDestroyed):

  • rendering/RenderMenuList.h:
  • rendering/RenderNamedFlowThread.cpp:

(WebCore::RenderNamedFlowThread::~RenderNamedFlowThread):
(WebCore::RenderNamedFlowThread::willBeDestroyed):

  • rendering/RenderNamedFlowThread.h:
  • rendering/RenderObject.cpp:

(WebCore::RenderObject::willBeDestroyed):

  • rendering/RenderQuote.cpp:

(WebCore::RenderQuote::~RenderQuote):
(WebCore::RenderQuote::willBeDestroyed):

  • rendering/RenderQuote.h:
  • rendering/RenderSearchField.cpp:

(WebCore::RenderSearchField::~RenderSearchField):
(WebCore::RenderSearchField::willBeDestroyed):

  • rendering/RenderSearchField.h:
  • rendering/RenderSnapshottedPlugIn.cpp:

(WebCore::RenderSnapshottedPlugIn::~RenderSnapshottedPlugIn):
(WebCore::RenderSnapshottedPlugIn::willBeDestroyed):

  • rendering/RenderSnapshottedPlugIn.h:
  • rendering/RenderText.cpp:

(WebCore::RenderText::~RenderText):
(WebCore::RenderText::willBeDestroyed):

  • rendering/RenderTextControlMultiLine.cpp:

(WebCore::RenderTextControlMultiLine::~RenderTextControlMultiLine):
(WebCore::RenderTextControlMultiLine::willBeDestroyed):

  • rendering/RenderTextControlMultiLine.h:
  • rendering/RenderVideo.cpp:

(WebCore::RenderVideo::~RenderVideo):
(WebCore::RenderVideo::willBeDestroyed):

  • rendering/RenderVideo.h:
  • rendering/RenderWidget.h:
  • rendering/svg/RenderSVGImage.cpp:

(WebCore::RenderSVGImage::~RenderSVGImage):
(WebCore::RenderSVGImage::willBeDestroyed):

  • rendering/svg/RenderSVGImage.h:
  • rendering/svg/RenderSVGResourceContainer.cpp:

(WebCore::RenderSVGResourceContainer::~RenderSVGResourceContainer):
(WebCore::RenderSVGResourceContainer::willBeDestroyed):

4:11 AM Changeset in webkit [214769] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214162 - [Cairo] Ensure depth and stencil renderbuffers are created on GLESv2
https://bugs.webkit.org/show_bug.cgi?id=166643

Patch by Emanuele Aina <Emanuele Aina> on 2017-03-20
Reviewed by Darin Adler.

If the gfx device doesn't support GL_OES_packed_depth_stencil, the
separate depth and stencil buffers are not generated.

Copy what GraphicsContext3DEfl used to do and apply it in
GraphicsContext3DCairo.

The Intel gfx driver seem to tolerate unbound renderbuffers, but
enabling debugging in Mesa yields an error:

$ MESA_DEBUG=1 \

MESA_EXTENSION_OVERRIDE=-GL_OES_packed_depth_stencil
./bin/MiniBrowser http://webglsamples.org/aquarium/aquarium.html

Mesa: User error: GL_INVALID_OPERATION in glRenderbufferStorage(no renderbuffer bound)

  • platform/graphics/GraphicsContext3D.h:
  • platform/graphics/cairo/GraphicsContext3DCairo.cpp:

(WebCore::GraphicsContext3D::GraphicsContext3D):
Ensure separate depth and stencil renderbuffers are created.
(WebCore::GraphicsContext3D::~GraphicsContext3D):
Ensure separate depth and stencil renderbuffers are released.

4:09 AM Changeset in webkit [214768] by Carlos Garcia Campos
  • 9 edits
    5 adds in releases/WebKitGTK/webkit-2.16

Merge r214145 - const location = "foo" throws in a worker
https://bugs.webkit.org/show_bug.cgi?id=169839

Reviewed by Mark Lam.

JSTests:

  • ChakraCore/test/es6/letconst_global_shadow_builtins_nonconfigurable.baseline-jsc:

Update expected jsc result now that we throw a SyntaxError when trying to shadow undefined
with a let variable. We used not to throw because the value is undefined but this was not
as per EcmaScript. Both Firefox and Chrome throw in this case.

  • stress/global-lexical-redeclare-variable.js:

(catch):
Update test that defines a non-configurable 'zoo' property on the global object and then
expected shadowing it with a 'let zoo' variable to work because its value was undefined.
This was not as per EcmaScript spec and both Firefox and Chrome throw in this case.

Source/JavaScriptCore:

Our HasRestrictedGlobalProperty check in JSC was slightly wrong, causing us
to sometimes throw a Syntax exception when we shouldn't when declaring a
const/let variable and sometimes not throw an exception when we should have.

This aligns our behavior with ES6, Firefox and Chrome.

  • runtime/ProgramExecutable.cpp:

(JSC::hasRestrictedGlobalProperty):
(JSC::ProgramExecutable::initializeGlobalProperties):
Rewrite hasRestrictedGlobalProperty logic as per the EcmaScript spec:

In particular, they were 2 issues:

  • We should throw a SyntaxError if hasProperty() returned true but getOwnProperty() would fail to return a descriptor. This would happen for properties that are not OWN properties, but defined somewhere in the prototype chain. The spec does not say to use hasProperty(), only getOwnProperty() and says we should return false if getOwnProperty() does not return a descriptor. This is what we do now.
  • We would fail to throw when declaring a let/const variable that shadows an own property whose value is undefined. This is because the previous code was explicitly checking for this case. I believe this was a misinterpretation of ES6 which says: """ Let desc be O.GetOwnProperty?(P). If desc is undefined, return false. """ We should check that desc is undefined, not desc.value. This is now fixed.

LayoutTests:

  • fast/dom/window-const-variable-shadowing-expected.txt: Added.
  • fast/dom/window-const-variable-shadowing.html: Added.
  • fast/workers/const-location-variable-expected.txt: Added.
  • fast/workers/const-location-variable.html: Added.
  • fast/workers/resources/worker-const-location.js: Added.

Add layout test coverage for behavior changes. Those tests pass in Firefox and Chrome.

  • js/dom/const-expected.txt:
  • js/dom/const.html:

Update test which wrongly expected a let variable not to be able to shadow a
window named property. This test was failing in Chrome and Firefox. The reason
this does not throw is because window named properties are not on the window
object, they are on the WindowProperties object in the Window prototype chain.

4:07 AM Changeset in webkit [214767] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214143 - import(arg) crashes when ToString(arg) throws
https://bugs.webkit.org/show_bug.cgi?id=169778

Reviewed by Saam Barati.

JSTests:

  • stress/import-reject-with-exception.js: Added.

(shouldBe):
(let.x.get toString):

Source/JavaScriptCore:

JSPromiseDeferred should not be rejected with Exception*.

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncImportModule):

4:03 AM Changeset in webkit [214766] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214126 - Disable per-region boxes for multicolumn
https://bugs.webkit.org/show_bug.cgi?id=169830

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: fast/multicol/float-adjacent-to-overflow-block.html

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::determineLogicalLeftPositionForChild):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::renderBoxRegionInfo):
Limit all of the per-region box code to RenderNamedFlowThreads.
This code should never be used by multicolumn layout.

LayoutTests:

  • fast/multicol/float-adjacent-to-overflow-block-expected.html: Added.
  • fast/multicol/float-adjacent-to-overflow-block.html: Added.
4:02 AM Changeset in webkit [214765] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.16/Source

Merge r214125 - Time channel attack on SVG Filters
https://bugs.webkit.org/show_bug.cgi?id=118689

Reviewed by Simon Fraser.

Source/WebCore:

The time channel attack can happen if the attacker applies FEColorMatrix
or FEConvolveMatrix and provides a matrix which is filled with subnormal
floating point values. Performing floating-point operations on subnormals
is very expensive unless the pixel in the source graphics is black (or
zero). By measuring the time a filter takes to be applied, the attacker
can know whether the pixel he wants to steal from an iframe is black or
white. By repeating the same process on all the pixels in the iframe, the
attacker can reconstruct the whole page of the iframe.

To fix this issue, the values in the matrices of these filters will clamped
to FLT_MIN. We do not want to consume too much time calculating filtered
pixels because of such tiny values. The difference between applying FLT_MIN
and applying a subnormal should not be even noticeable. Normalizing the
floating-point matrices should happen only at the beginning of the filter
platformApplySoftware().

  • platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::FEColorMatrix::platformApplySoftware):

  • platform/graphics/filters/FEConvolveMatrix.cpp:

(WebCore::FEConvolveMatrix::fastSetInteriorPixels):
(WebCore::FEConvolveMatrix::fastSetOuterPixels):
(WebCore::FEConvolveMatrix::platformApplySoftware):

  • platform/graphics/filters/FEConvolveMatrix.h:
  • platform/graphics/filters/FilterEffect.h:

(WebCore::FilterEffect::normalizedFloats):

Source/WTF:

Performing arithmetic operations on subnormal floating-point numbers is
very expensive. Normalizing the floating-point number to the minimum normal
value should accelerate the calculations and there won't be a noticeable
difference in the result since all the subnormal values and the minimum
normal value are all very close to zero.

  • wtf/MathExtras.h:

(normalizedFloat):

3:32 AM Changeset in webkit [214764] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214119 - Fix the flow thread state on the descendants of out of flow positioned replaced elements.
https://bugs.webkit.org/show_bug.cgi?id=169821
<rdar://problem/30964017>

Reviewed by Simon Fraser.

Source/WebCore:

Descendants of a replaced out of flow elmement should inherit the flowthread state
from the replaced element and not from the replaced element's parent.

Test: fast/multicol/fix-inherit-when-container-is-replaced.html

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::computedFlowThreadState):

LayoutTests:

  • fast/multicol/fix-inherit-when-container-is-replaced-expected.txt: Added.
  • fast/multicol/fix-inherit-when-container-is-replaced.html: Added.
3:29 AM Changeset in webkit [214763] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214100 - [Cairo] Handle the blend mode in GraphicsContext::drawPattern
https://bugs.webkit.org/show_bug.cgi?id=169746

Reviewed by Žan Doberšek.

We are not taking into account the blend mode when passing the cairo operator to drawPatternToCairoContext().
This is based on patch by Žan Doberšek, just adding the toCairoOperator changes to make it easier to handle
it. Instead of checking everywhere if blend mode is Normal to decide whether to use toCairoOperator with
CompositeOperator or BlendMode, there's no a single toCairoOperator that receives both parameters, but BlendMode
is optional and defaults to Normal.

  • platform/graphics/cairo/CairoUtilities.cpp:

(WebCore::toCairoCompositeOperator):
(WebCore::toCairoOperator):

  • platform/graphics/cairo/CairoUtilities.h:
  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::setPlatformCompositeOperation):
(WebCore::GraphicsContext::drawPattern):

3:28 AM Changeset in webkit [214762] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214085 - Fix exception scope verification failures in GenericArgumentsInlines.h.
https://bugs.webkit.org/show_bug.cgi?id=165012

Reviewed by Saam Barati.

  • runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::defineOwnProperty):

3:27 AM Changeset in webkit [214761] by Carlos Garcia Campos
  • 29 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214082 - RenderView::documentBeingDestroyed() needs a new name.
https://bugs.webkit.org/show_bug.cgi?id=166727

Reviewed by Andreas Kling.

Now that we destroy the render tree for documents going into the page cache, RenderView::documentBeingDestroyed()
is misleadingly named. Rename it to renderTreeBeingDestroyed() and fix all callers.

  • page/FrameView.cpp:

(WebCore::FrameView::scheduleRelayoutOfSubtree):

  • page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):

  • rendering/CounterNode.cpp:

(WebCore::CounterNode::resetRenderers):

  • rendering/ImageQualityController.cpp:

(WebCore::ImageQualityController::highQualityRepaintTimerFired):

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::willBeDestroyed):
(WebCore::canMergeContiguousAnonymousBlocks):
(WebCore::RenderBlock::removeChild):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::willBeDestroyed):
(WebCore::RenderBlockFlow::removeChild):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):
(WebCore::RenderBox::deleteLineBoxWrapper):

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::willBeDestroyed):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::insertChildInternal):
(WebCore::RenderElement::removeChildInternal):
(WebCore::RenderElement::clearLayoutRootIfNeeded):
(WebCore::RenderElement::willBeDestroyed):

  • rendering/RenderImage.cpp:

(WebCore::RenderImage::imageChanged):
(WebCore::RenderImage::notifyFinished):

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::willBeDestroyed):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::removeChild):
(WebCore::RenderLayer::calculateClipRects):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::notifyFlushRequired):

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::layerWillBeRemoved):
(WebCore::RenderLayerCompositor::fixedRootBackgroundLayerChanged):

  • rendering/RenderLineBreak.cpp:

(WebCore::RenderLineBreak::deleteInlineBoxWrapper):

  • rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::attachRegion):

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::resetFlowThreadStateOnRemoval):
(WebCore::RenderObject::willBeDestroyed):
(WebCore::RenderObject::destroyAndCleanupAnonymousWrappers):

  • rendering/RenderObject.h:

(WebCore::RenderObject::renderTreeBeingDestroyed):
(WebCore::RenderObject::documentBeingDestroyed): Deleted.

  • rendering/RenderQuote.cpp:

(WebCore::RenderQuote::detachQuote):

  • rendering/RenderRegion.cpp:

(WebCore::RenderRegion::attachRegion):

  • rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::willBeDestroyed):

  • rendering/RenderRubyRun.cpp:

(WebCore::RenderRubyRun::removeChild):

  • rendering/RenderTable.h:

(WebCore::RenderTable::setNeedsSectionRecalc):

  • rendering/RenderText.cpp:

(WebCore::RenderText::removeAndDestroyTextBoxes):

  • rendering/RenderVideo.cpp:

(WebCore::RenderVideo::updatePlayer):

  • rendering/svg/RenderSVGResource.cpp:

(WebCore::RenderSVGResource::markForLayoutAndParentResourceInvalidation):

  • rendering/svg/RenderSVGResourceContainer.cpp:

(WebCore::RenderSVGResourceContainer::markClientForInvalidation):

  • rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::subtreeChildWasAdded):
(WebCore::RenderSVGText::subtreeChildWillBeRemoved):
(WebCore::RenderSVGText::subtreeChildWasRemoved):
(WebCore::RenderSVGText::subtreeStyleDidChange):

3:12 AM Changeset in webkit [214760] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214079 - Array concat operation should check for length overflows.
https://bugs.webkit.org/show_bug.cgi?id=169796
<rdar://problem/31095276>

Reviewed by Keith Miller.

  • runtime/ArrayPrototype.cpp:

(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncConcatMemcpy):

3:11 AM Changeset in webkit [214759] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214071 - The new array with spread operation needs to check for length overflows.
https://bugs.webkit.org/show_bug.cgi?id=169780
<rdar://problem/31072182>

Reviewed by Filip Pizlo.

  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • llint/LLIntSlowPaths.cpp:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/JSGlobalObject.cpp:
3:08 AM Changeset in webkit [214758] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214059 - Stay inside the continuation while searching for a candidate ancestor for insertion.
https://bugs.webkit.org/show_bug.cgi?id=169768
<rdar://problem/30959936>

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/inline/continuation-crash-with-anon-ancestors.html

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::addChildToContinuation):

LayoutTests:

  • fast/inline/continuation-crash-with-anon-ancestors-expected.txt: Added.
  • fast/inline/continuation-crash-with-anon-ancestors.html: Added.
3:06 AM Changeset in webkit [214757] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214041 - Unreviewed, copy m_numberOfArgumentsToSkip
https://bugs.webkit.org/show_bug.cgi?id=164582

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):

3:05 AM Changeset in webkit [214756] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214039 - [css-grid] Crash on debug removing a positioned child
https://bugs.webkit.org/show_bug.cgi?id=169739

Reviewed by Sergio Villar Senin.

Source/WebCore:

When we add or remove a positioned item we don't need to mark
the grid as dirty, because positioned items do not affect the layout
of the grid at all.

This was causing a crash when a positioned item was removed
after a layout. As after the positioned item was removed,
the method RenderGrid::layoutBlock() was not called,
so when the grid was repainted we got a crash.

Test: fast/css-grid-layout/grid-crash-remove-positioned-item.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::addChild): Add early return to avoid marking
the grid as dirty for positioned grid items.
(WebCore::RenderGrid::removeChild): Ditto.

LayoutTests:

Add new test that checks that adding and removing a positioned grid item
doesn't cause any crashes.

  • fast/css-grid-layout/grid-crash-remove-positioned-item-expected.txt: Added.
  • fast/css-grid-layout/grid-crash-remove-positioned-item.html: Added.
2:59 AM Changeset in webkit [214755] by Carlos Garcia Campos
  • 2 edits
    1 move
    1 add
    1 delete in releases/WebKitGTK/webkit-2.16/Source/WTF

Merge r214036 - [UNIX] Implement currentSearchLocaleID() and currentTextBreakLocaleID()
https://bugs.webkit.org/show_bug.cgi?id=169745

Reviewed by Yusuke Suzuki.

Add a common implementation for Unix based ports using setlocale.

  • wtf/PlatformGTK.cmake:
  • wtf/PlatformJSCOnly.cmake:
  • wtf/text/gtk/TextBreakIteratorInternalICUGtk.cpp: Removed.
  • wtf/text/unix/TextBreakIteratorInternalICUUnix.cpp: Renamed from Source/WTF/wtf/text/jsconly/TextBreakIteratorInternalICUJSCOnly.cpp.

(WTF::currentSearchLocaleID):
(WTF::currentTextBreakLocaleID):

2:59 AM Changeset in webkit [214754] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214040 - Unreviewed, fix numParameter() - 1 OSRExit materialization
https://bugs.webkit.org/show_bug.cgi?id=164582

When materializing rest parameters, we rely on that numParameter() - 1 equals to
the numberOfArgumentsToSkip. But this assumption is broken in r214029.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::numberOfArgumentsToSkip):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

2:59 AM Changeset in webkit [214753] by Carlos Garcia Campos
  • 16 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214029 - [JSC] Default parameter part should be retrieved by op_get_argument opcode instead of changing arity
https://bugs.webkit.org/show_bug.cgi?id=164582

Reviewed by Saam Barati.

JSTests:

  • stress/function-with-defaults-inlining.js: Added.

(shouldBe):
(ok):
(a):

  • stress/function-with-defaults-non-inlining.js: Added.

(shouldBe):
(ok):
(a):

Source/JavaScriptCore:

Previously we implement the default parameters as follows.

  1. We count the default parameters as the usual parameters.
  2. We just get the argument register.
  3. Check it with op_is_undefined.
  4. And fill the binding with either the argument register or default value.

The above is simple. However, it has the side effect that it always increase the arity of the function.
While function.length does not increase, internally, the number of parameters of CodeBlock increases.
This effectively prevent our DFG / FTL to perform inlining: currently we only allows DFG to inline
the function with the arity less than or equal the number of passing arguments. It is OK. But when using
default parameters, we frequently do not pass the argument for the parameter with the default value.
Thus, in our current implementation, we frequently need to fixup the arity. And we frequently fail
to inline the function.

This patch fixes the above problem by not increasing the arity of the function. When we encounter the
parameter with the default value, we use op_argument to get the argument instead of using the argument
registers.

This improves six-speed defaults.es6 performance by 4.45x.

defaults.es6 968.4126+-101.2350 217.6602+-14.8831 definitely 4.4492x faster

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedFunctionExecutable.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
(JSC::BytecodeGenerator::initializeNextParameter):
(JSC::BytecodeGenerator::initializeParameters):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::FunctionNode::emitBytecode):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::inliningCost):

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createFunctionMetadata):

  • parser/Nodes.cpp:

(JSC::FunctionMetadataNode::FunctionMetadataNode):

  • parser/Nodes.h:

(JSC::FunctionParameters::size):
(JSC::FunctionParameters::at):
(JSC::FunctionParameters::append):
(JSC::FunctionParameters::isSimpleParameterList):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::isArrowFunctionParameters):
(JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
(JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::Parser<LexerType>::parseFunctionBody):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):

  • parser/Parser.h:
  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createFunctionMetadata):

  • runtime/FunctionExecutable.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::createBuiltinFunction):
(JSC::JSFunction::reifyLength):

1:15 AM Changeset in webkit [214752] by Carlos Garcia Campos
  • 10 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214028 - [DFG] ToString operation should have fixup for primitives to say this node does not have side effects
https://bugs.webkit.org/show_bug.cgi?id=169544

Reviewed by Saam Barati.

JSTests:

  • microbenchmarks/template-string-array.js: Added.

(test):

  • stress/to-string-non-cell-use.js: Added.

(shouldBe):
(shouldThrow):

Source/JavaScriptCore:

Our DFG ToString only considers well about String operands. While ToString(non cell operand) does not have
any side effect, it is not modeled well in DFG.

This patch introduces a fixup for ToString with NonCellUse edge. If this edge is set, ToString does not
clobber things (like ToLowerCase, producing String). And ToString(NonCellUse) allows us to perform CSE!

Our microbenchmark shows 32.9% improvement due to dropped GetButterfly and CSE for ToString().

baseline patched

template-string-array 12.6284+-0.2766 9.4998+-0.2295 definitely 1.3293x faster

And SixSpeed template_string.es6 shows 16.68x performance improvement due to LICM onto this non-side-effectful ToString().

baseline patched

template_string.es6 3229.7343+-40.5705 193.6077+-36.3349 definitely 16.6818x faster

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
(JSC::DFG::SpeculativeJIT::speculateNotCell):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
(JSC::FTL::DFG::LowerDFGToB3::lowNotCell):
(JSC::FTL::DFG::LowerDFGToB3::speculateNotCell):

1:03 AM Changeset in webkit [214751] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214023 - Do not reparent floating object until after intruding/overhanging dependency is cleared.
https://bugs.webkit.org/show_bug.cgi?id=169711
<rdar://problem/30959743>

Reviewed by Simon Fraser.

Source/WebCore:

This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float.

Test: fast/block/float/inline-becomes-float-and-moves-around.html

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::styleDidChange):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::styleDidChange):

  • rendering/RenderElement.h:

(WebCore::RenderElement::noLongerAffectsParentBlock):

LayoutTests:

  • fast/block/float/inline-becomes-float-and-moves-around-expected.txt: Added.
  • fast/block/float/inline-becomes-float-and-moves-around.html: Added.
12:58 AM Changeset in webkit [214750] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

[jsc] Add patchableJumpSize() for MIPS
https://bugs.webkit.org/show_bug.cgi?id=169716

Patch by Zan Dobersek <zdobersek@igalia.com> on 2017-04-03
Reviewed by Yusuke Suzuki.

  • assembler/MIPSAssembler.h:

(JSC::MIPSAssembler::patchableJumpSize): Added.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::patchableJumpSize): Added.

12:51 AM Changeset in webkit [214749] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214020 - Switch back to ISO 4217 for Intl CurrencyDigits data
https://bugs.webkit.org/show_bug.cgi?id=169182

Previously, a patch switched Intl.NumberFormat to use CLDR data through
ICU to get the default number of decimal digits for a currency.
However, that change actually violated the ECMA 402 specification,
which references ISO 4217 as the data source. This patch reverts to
an in-line implementation of that data.

Patch by Daniel Ehrenberg <littledan@chromium.org> on 2017-03-15
Reviewed by Saam Barati.

  • runtime/IntlNumberFormat.cpp:

(JSC::computeCurrencySortKey):
(JSC::extractCurrencySortKey):
(JSC::computeCurrencyDigits):

12:50 AM Changeset in webkit [214748] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.16

Merge r214019 - Null deref under callAfterNextPresentationUpdate
https://bugs.webkit.org/show_bug.cgi?id=169710
<rdar://problem/30987863>

Patch by Tim Horton <timothy_horton@apple.com> on 2017-03-15
Reviewed by Simon Fraser.

Source/WebKit2:

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::callAfterNextPresentationUpdate):
Call the callback with an error if we don't have a web process or drawing area.

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/DoAfterNextPresentationUpdateAfterCrash.mm: Added.

(TEST):

12:46 AM Changeset in webkit [214747] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214392 - media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure
https://bugs.webkit.org/show_bug.cgi?id=170087
<rdar://problem/31254822>

Reviewed by Simon Fraser.

Reduce the scope of code that should never dispatch DOM events so as to allow updating contents size
after restoring a page from the page cache.

In r214014 we instantiate a NoEventDispatchAssertion in FrameLoader::commitProvisionalLoad()
around the call to CachedPage::restore() to assert when a DOM event is dispatched during
page restoration as such events can cause re-entrancy into the page cache. As it turns out
it is sufficient to ensure that no DOM events are dispatched after restoring all cached frames
as opposed to after CachedPage::restore() returns.

Also rename Document::enqueue{Pageshow, Popstate}Event() to dispatch{Pageshow, Popstate}Event(),
respectively, since they synchronously dispatch events :(. We hope in the future to make them
asynchronously dispatch events.

  • dom/Document.cpp:

(WebCore::Document::implicitClose): Update for renaming.
(WebCore::Document::statePopped): Ditto.
(WebCore::Document::dispatchPageshowEvent): Renamed; formerly named enqueuePageshowEvent().
(WebCore::Document::dispatchPopstateEvent): Renamed; formerly named enqueuePopstateEvent().
(WebCore::Document::enqueuePageshowEvent): Deleted.
(WebCore::Document::enqueuePopstateEvent): Deleted.

  • dom/Document.h:
  • history/CachedPage.cpp:

(WebCore::firePageShowAndPopStateEvents): Moved logic from FrameLoader::didRestoreFromCachedPage() to here.
(WebCore::CachedPage::restore): Modified to call firePageShowAndPopStateEvents().

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad): Removed use of NoEventDispatchAssertion RAII object. We
will instantiate it in CachedPage::restore() with a smaller scope.
(WebCore::FrameLoader::didRestoreFromCachedPage): Deleted; moved logic from here to WebCore::firePageShowAndPopStateEvents().

  • loader/FrameLoader.h:
12:46 AM Changeset in webkit [214746] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r214014 - Iteratively dispatch DOM events after restoring a cached page
https://bugs.webkit.org/show_bug.cgi?id=169703
<rdar://problem/31075903>

Reviewed by Brady Eidson.

Make dispatching of DOM events when restoring a page from the page cache symmetric with
dispatching of events when saving a page to the page cache.

  • history/CachedFrame.cpp:

(WebCore::CachedFrameBase::restore): Move code to dispatch events from here to FrameLoader::didRestoreFromCachedPage().

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad): Ensure that no DOM events are dispatched during
restoration of a cached page. Call didRestoreFromCachedPage() after restoring the page to
dispatch DOM events on the restored frames.
(WebCore::FrameLoader::willRestoreFromCachedPage): Renamed; formerly named prepareForCachedPageRestore().
(WebCore::FrameLoader::didRestoreFromCachedPage): Added.
(WebCore::FrameLoader::prepareForCachedPageRestore): Renamed to willRestoreFromCachedPage().

  • loader/FrameLoader.h:
  • page/FrameTree.cpp:

(WebCore::FrameTree::traverseNextInPostOrderWithWrap): Returns the next Frame* in a post-order
traversal of the frame tree optionally wrapping around to the deepest first child in the tree.
(WebCore::FrameTree::deepFirstChild): Added.

  • page/FrameTree.h:
12:43 AM Changeset in webkit [214745] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[jsc] implement MIPSAssembler::relinkJumpToNop()
https://bugs.webkit.org/show_bug.cgi?id=169720

Patch by Guillaume Emont <guijemont@igalia.com> on 2017-04-03
Reviewed by Yusuke Suzuki.

  • assembler/MIPSAssembler.h:

(JSC::MIPSAssembler::relinkJumpToNop): Added.

12:29 AM Changeset in webkit [214744] by Carlos Garcia Campos
  • 10 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r214010 - Positioned SVG not sized correctly
https://bugs.webkit.org/show_bug.cgi?id=169693
<rdar://problem/30996893>

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: svg/in-html/rect-positioned.html

Change computeReplacedLogicalHeight to take an estimatedUsedWidth. This
value is used instead of the available logical width to resolve replaced
elements without intrinsic sizes but with aspect ratios set.

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::computeReplacedLogicalHeight):

  • rendering/RenderBox.h:
  • rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::computeConstrainedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):

  • rendering/RenderReplaced.h:
  • rendering/RenderVideo.cpp:

(WebCore::RenderVideo::computeReplacedLogicalHeight): Deleted.

  • rendering/RenderVideo.h:
  • rendering/svg/RenderSVGRoot.cpp:

(WebCore::RenderSVGRoot::computeReplacedLogicalWidth):
(WebCore::RenderSVGRoot::computeReplacedLogicalHeight):

  • rendering/svg/RenderSVGRoot.h:

LayoutTests:

  • svg/in-html/rect-positioned-expected.html: Added.
  • svg/in-html/rect-positioned.html: Added.
12:23 AM Changeset in webkit [214743] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r214005 - Fix missing exception checks in Interpreter.cpp.
https://bugs.webkit.org/show_bug.cgi?id=164964

Reviewed by Saam Barati.

  • interpreter/Interpreter.cpp:

(JSC::eval):
(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
(JSC::Interpreter::execute):

12:21 AM Changeset in webkit [214742] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r213990 - [GTK] Initialize m_button, m_clickCount members in PlatformMouseEvent constructors
https://bugs.webkit.org/show_bug.cgi?id=169666

Reviewed by Michael Catanzaro.

Initialize the m_button and m_clickCount class members in the GTK+-specific
implementation of PlatformMouseEvent constructors to NoButton and 0,
respectively. The constructors expect to operate on passed-in GTK+ events
that will be able to initialize those two members to some valid values, but
this is not guaranteed.

  • platform/gtk/PlatformMouseEventGtk.cpp:

(WebCore::PlatformMouseEvent::PlatformMouseEvent):

12:20 AM Changeset in webkit [214741] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r213989 - [TexMap] Add missing class member initializations
https://bugs.webkit.org/show_bug.cgi?id=169665

Reviewed by Michael Catanzaro.

Zero-initialize the members in various TextureMapper classes
that are missing the proper initialization, as reported by
the Coverity tool.

  • platform/graphics/texmap/BitmapTexturePool.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h:

(WebCore::CoordinatedGraphicsLayerState::CoordinatedGraphicsLayerState):

  • platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:
12:18 AM Changeset in webkit [214740] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r213973 - Wrong condition in offlineasm/risc.rb
https://bugs.webkit.org/show_bug.cgi?id=169597

Reviewed by Mark Lam.

It's missing the 'and' operator between the conditions.

  • offlineasm/risc.rb:
12:17 AM Changeset in webkit [214739] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r213967 - RenderElements should unregister for viewport visibility callbacks when they are destroyed
https://bugs.webkit.org/show_bug.cgi?id=169521
<rdar://problem/30959545>

Reviewed by Simon Fraser.

Source/WebCore:

When registering a RenderElement for viewport visibility callbacks, we always need to make sure that it is unregistered
before it is destroyed. While we account for this in the destructor of RenderElement, we only unregister in the destructor
if we are already registered for visibility callbacks. In the call to RenderObject::willBeDestroyed(), we clear out rare
data, which holds RenderElement's viewport callback registration state, so upon entering the destructor of RenderElement,
we skip unregistration because RenderElement thinks that it is not registered.

We can mitigate this by unregistering the RenderElement earlier, in RenderElement::willBeDestroyed, prior to clearing out
the rare data. However, we'd ideally want to move the cleanup logic out of the destructor altogether and into willBeDestroyed
(see https://bugs.webkit.org/show_bug.cgi?id=169650).

Test: fast/media/video-element-in-details-collapse.html

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::willBeDestroyed):

LayoutTests:

Adds a new layout test covering this regression. See WebCore ChangeLog for more details.

  • fast/media/video-element-in-details-collapse-expected.txt: Added.
  • fast/media/video-element-in-details-collapse.html: Added.
12:16 AM Changeset in webkit [214738] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r213966 - BytecodeGenerator should use the same function to determine if it needs to store the DerivedConstructor in an ArrowFunction lexical environment.
https://bugs.webkit.org/show_bug.cgi?id=169647
<rdar://problem/31051832>

Reviewed by Michael Saboff.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::usesDerivedConstructorInArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
(JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):

  • bytecompiler/BytecodeGenerator.h:
12:15 AM Changeset in webkit [214737] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.16

Merge r213944 - Simple line layout: Adjust hyphenation constrains based on the normal line layout line-breaking logic.
https://bugs.webkit.org/show_bug.cgi?id=169617

Source/WebCore:

Reviewed by Antti Koivisto.

This patch ensures that simple line layout ends up with the same hyphenation context as normal line layout.

Test: fast/text/simple-line-layout-hyphenation-constrains.html

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::hyphenPositionForFragment): see webkit.org/b/169613
(WebCore::SimpleLineLayout::splitFragmentToFitLine):

  • rendering/line/BreakingContext.h: Integral -> fractional.

(WebCore::tryHyphenating):

LayoutTests:

Reviewed by Antti Koivisto.

  • fast/text/simple-line-layout-hyphenation-constrains-expected.html: Added.
  • fast/text/simple-line-layout-hyphenation-constrains.html: Added.
12:12 AM Changeset in webkit [214736] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/WebCore

Merge r213923 - Remove redundant check for "firstLine" in RenderBlock::lineHeight()
https://bugs.webkit.org/show_bug.cgi?id=169610

Patch by Adrian Perez de Castro <Adrian Perez de Castro> on 2017-03-14
Reviewed by Michael Catanzaro.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::lineHeight): Remove test of "firstLine" that
was already checked in the condition for the enclosing if-clause.

12:09 AM Changeset in webkit [214735] by Carlos Garcia Campos
  • 7 edits
    3 adds in releases/WebKitGTK/webkit-2.16

Merge r213897 - Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView
https://bugs.webkit.org/show_bug.cgi?id=168480
<rdar://problem/30566976>

Reviewed by Antti Koivisto.

Source/WebCore:

Implements two mitigations to prevent the symptoms of the bug from occurring (see the bugzilla for more details).

Test: editing/execCommand/show-modal-dialog-during-execCommand.html

  • editing/EditorCommand.cpp:

(WebCore::Editor::Command::execute):

Do not allow edit commands to execute if the frame's document before and after layout differ (that is, edit commands
triggered by a certain document should not run on a different document).

  • rendering/RenderView.cpp:

(WebCore::RenderView::RenderView):
(WebCore::RenderView::RepaintRegionAccumulator::RepaintRegionAccumulator):

Turns RepaintRegionAccumulator's reference to its root RenderView into a WeakPtr to gracefully handle the case
where its RenderView is destroyed before RepaintRegionAccumulator's destructor gets a chance to flush the
RenderView's repaint regions.

  • rendering/RenderView.h:

LayoutTests:

Introduces a new layout test. See WebCore ChangeLog for more details.

  • TestExpectations:
  • editing/execCommand/show-modal-dialog-during-execCommand-expected.txt: Added.
  • editing/execCommand/show-modal-dialog-during-execCommand.html: Added.
  • editing/execCommand/resources/self-closing-modal-dialog.html: Added.
  • platform/mac-wk1/TestExpectations:
12:03 AM Changeset in webkit [214734] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

Merge r213876 - FTL should not flush strict arguments unless it really needs to
https://bugs.webkit.org/show_bug.cgi?id=169519

Reviewed by Mark Lam.

This is a refinement that we should have done ages ago. This kills some pointless PutStacks
in DFG SSA IR. It can sometimes unlock other optimizations.

Relanding after I fixed the special cases for CreateArguments-style nodes.

  • dfg/DFGPreciseLocalClobberize.h:

(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

Apr 2, 2017:

11:51 PM Changeset in webkit [214733] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.16

Merge r213850 - [JSC] It should be possible create a label named let when parsing Statement in non strict mode
https://bugs.webkit.org/show_bug.cgi?id=168684

Patch by Caio Lima <Caio Lima> on 2017-03-13
Reviewed by Saam Barati.

JSTests:

  • ChakraCore/test/LetConst/DeclOutofBlock.baseline-jsc:

Source/JavaScriptCore:

This patch is fixing a Parser bug to allow define a label named
let in sloppy mode when parsing a Statement.

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseStatement):

LayoutTests:

  • js/let-syntax-expected.txt:
  • js/script-tests/let-syntax.js:

(shouldNotHaveSyntaxErrorSloopyOnly):

10:41 PM Changeset in webkit [214732] by Carlos Garcia Campos
  • 3 edits in trunk/Source/JavaScriptCore

Share implementation of JSRunLoopTimer::timerDidFire
https://bugs.webkit.org/show_bug.cgi?id=170392

Reviewed by Michael Catanzaro.

The code is cross-platform but it's duplicated in CF and GLib implementations, it could be shared instead.

  • runtime/JSRunLoopTimer.cpp:

(JSC::JSRunLoopTimer::timerDidFire): Move common implementation here.
(JSC::JSRunLoopTimer::setRunLoop): Use timerDidFireCallback.
(JSC::JSRunLoopTimer::timerDidFireCallback): Call JSRunLoopTimer::timerDidFire().

  • runtime/JSRunLoopTimer.h:
8:30 PM Changeset in webkit [214731] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Remove accidentally added DumpJSConsoleLogInStdErr from http/tests/fetch/fetch-in-worker-crash.html expectation.

8:13 PM Changeset in webkit [214730] by ap@apple.com
  • 4 edits in trunk

Build fix for
Add missing text styles
https://bugs.webkit.org/show_bug.cgi?id=170295

Source/WebCore:

  • rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::cachedSystemFontDescription):
(WebCore::RenderThemeIOS::updateCachedSystemFontDescription):

LayoutTests:

  • platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
7:50 PM Changeset in webkit [214729] by jmarcell@apple.com
  • 2 edits in branches/safari-603-branch/Source/WebKit2

Cherry-pick r214559. rdar://problem/31371683

6:26 PM Changeset in webkit [214728] by ap@apple.com
  • 6 edits in trunk/LayoutTests

Fix lint errors.

  • TestExpectations:
  • platform/ios-wk1/TestExpectations:
  • platform/ios-wk2/TestExpectations:
  • platform/ios/TestExpectations:
  • platform/mac-wk1/TestExpectations:
11:55 AM Changeset in webkit [214727] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark http/tests/fetch/fetch-in-worker-crash.html and imported/w3c/web-platform-tests/fetch/api/cors/cors-preflight-status.html as flaky.

For https://bugs.webkit.org/show_bug.cgi?id=170395
rdar://problem/30975761, rdar://problem/31394017

Note: See TracTimeline for information about the timeline view.