Timeline

View changes from
going back days
by author

Repository changesets Wiki changes

Aug 5, 2019:

11:47 PM Changeset in webkit [248291] by Fujii Hironori

• 5 edits in trunk

Source/WebKit:
[Win][MiniBrowser][WK2] Unhandled key events should be bubbled up to the parent window
​https://bugs.webkit.org/show_bug.cgi?id=200464

Reviewed by Ross Kirsling.

• UIProcess/API/C/WKNativeEvent.h: Define WKNativeEventPtr for WIN32.

Tools:
[MiniBrowser][WK2] Unhandled key events should be bubbled up to the parent window
​https://bugs.webkit.org/show_bug.cgi?id=200464

Reviewed by Ross Kirsling.

When WK2 WebView is focused, short cut keys (e.g. Alt-F to open File
menu, Alt-F4 to close window, and etc) don't work.

WK1 WebView doesn't have this issue because it processes key events
properly.

• MiniBrowser/win/WebKitBrowserWindow.cpp:

(WebKitBrowserWindow::WebKitBrowserWindow):
(WebKitBrowserWindow::didNotHandleKeyEvent): Added. Send the
unhandled key events to the main window.

• MiniBrowser/win/WebKitBrowserWindow.h:

10:20 PM Changeset in webkit [248290] by Alan Bujtas

• 13 edits in trunk/Source/WebCore

[LFC] Remove out-of-flow descendants from Container
​https://bugs.webkit.org/show_bug.cgi?id=200430
<rdar://problem/53923980>

Reviewed by Antti Koivisto.

The out-of-flow descendant list is the last "formatting context type" bit in the layout tree.
Let's cached them in the FormattingStates instead for now.

• layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):

• layout/FormattingContext.h:
• layout/FormattingState.h:

(WebCore::Layout::FormattingState::addOutOfFlowBox):
(WebCore::Layout::FormattingState::outOfFlowBoxes const):

• layout/LayoutState.cpp:

(WebCore::Layout::LayoutState::layoutFormattingContextSubtree):
(WebCore::Layout::LayoutState::createFormattingStateForFormattingRootIfNeeded):
(WebCore::Layout::LayoutState::run):

• layout/LayoutState.h:
• layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot const):

• layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layoutFormattingContextRoot const):

• layout/layouttree/LayoutBox.h:
• layout/layouttree/LayoutContainer.cpp:

(WebCore::Layout::Container::addOutOfFlowDescendant): Deleted.

• layout/layouttree/LayoutContainer.h:
• layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutTree):

• page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

10:04 PM Changeset in webkit [248289] by Devin Rousso

• 18 edits
  1 move in trunk

Web Inspector: Styles: show @supports CSS groupings
​https://bugs.webkit.org/show_bug.cgi?id=200419

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

• inspector/protocol/CSS.json:

Rename CSSMedia to Grouping and remove the sourceLine value, as it was never populated
and wasn't used by Web Inspector.

Source/WebCore:

Test: inspector/css/getMatchedStylesForNode.html

• inspector/InspectorStyleSheet.cpp:

(WebCore::buildArrayForGroupings): Added.
(WebCore::InspectorStyleSheet::buildObjectForRule):
(WebCore::buildMediaObject): Deleted.
(WebCore::fillMediaListChain): Deleted.

• css/MediaList.h:
• css/MediaList.cpp:

(WebCore::MediaQuerySet::MediaQuerySet):
Remove the lastLine as it was never set by anyone and wasn't used by Web Inspector.

Source/WebInspectorUI:

• UserInterface/Models/CSSGrouping.js: Renamed from Source/WebInspectorUI/UserInterface/Models/CSSMedia.js.

(WI.CSSGrouping):
(WI.CSSGrouping.prototype.get type):
(WI.CSSGrouping.prototype.get text):
(WI.CSSGrouping.prototype.get sourceCodeLocation):
(WI.CSSGrouping.prototype.get isMedia): Added.
(WI.CSSGrouping.prototype.get isSupports): Added.
(WI.CSSGrouping.prototype.get prefix): Added.

• UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.get groupings): Added.
(WI.CSSStyleDeclaration.prototype.generateCSSRuleString):
(WI.CSSStyleDeclaration.prototype.get mediaList): Deleted.

• UserInterface/Models/CSSRule.js:

(WI.CSSRule):
(WI.CSSRule.prototype.get groupings): Added.
(WI.CSSRule.prototype.update):
(WI.CSSRule.prototype._selectorResolved):
(WI.CSSRule.prototype.get mediaList): Deleted.

• UserInterface/Models/DOMNodeStyles.js:

(WI.DOMNodeStyles.prototype._parseRulePayload):
(WI.DOMNodeStyles.prototype.rulesForSelector): Deleted.

• UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype.initialLayout):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._handleEditorFilterApplied):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._createMediaHeader): Deleted.

• UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.css:

(.spreadsheet-css-declaration :matches(.header, .header-groupings)): Added.
(.spreadsheet-css-declaration :matches(.header, .header-groupings):first-child): Added.
(.spreadsheet-css-declaration .header-groupings > .grouping): Added.
(.spreadsheet-css-declaration .header-groupings + .header > .selector > .icon): Added.
(.spreadsheet-css-declaration :matches(.header, .header-media)): Deleted.
(.spreadsheet-css-declaration :matches(.header, .header-media):first-child): Deleted.
(.spreadsheet-css-declaration .media-label): Deleted.

• UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.protocolGroupingTypeToEnum): Added.
(WI.CSSManager.protocolMediaSourceToEnum): Deleted.

• UserInterface/Main.html:
• UserInterface/Test.html:

LayoutTests:

• inspector/css/getMatchedStylesForNode.html:
• inspector/css/getMatchedStylesForNode-expected.txt:

8:45 PM Changeset in webkit [248288] by youenn@apple.com

• 6 edits in trunk/Source

Make Logger::log thread safe so that it can be used from background threads
​https://bugs.webkit.org/show_bug.cgi?id=200448

Reviewed by Eric Carlson.

Source/WebCore:

No change of behavior.

• dom/Document.cpp:

(WebCore::crossThreadCopy):
(WebCore::Document::didLogMessage):
Make sure to hop to the main thread if needed.

• platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp:

(WebCore::RealtimeIncomingAudioSourceCocoa::OnData):
Remove hopping to the main thread.

• platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

(WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame):
Remove hopping to the main thread.

Source/WTF:

Add a lock to ensure calling log is thread-safe.

• wtf/Logger.h:

(WTF::Logger::addObserver):
(WTF::Logger::removeObserver):
(WTF::Logger::log):
(WTF::Logger::observerLock):

8:37 PM Changeset in webkit [248287] by Devin Rousso

• 34 edits
  2 adds in trunk

Can't use $0, $1 etc when inspecting Google Docs pages because the content uses these for function names
​https://bugs.webkit.org/show_bug.cgi?id=195834

Reviewed by Joseph Pecoraro.

Allow the user to alias saved results by providing a different prefix (e.g. "$") from within
Web Inspector. When changing the alias, all existing saved results will update to be
reference-able from the new alias.

Source/JavaScriptCore:

• inspector/protocol/Runtime.json:

Add setSavedResultAlias command.

• inspector/agents/InspectorRuntimeAgent.h:
• inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::setSavedResultAlias): Added.

• inspector/InjectedScriptHost.h:

(Inspector::InjectedScriptHost::setSavedResultAlias): Added.
(Inspector::InjectedScriptHost::savedResultAlias const): Added.

• inspector/JSInjectedScriptHost.h:
• inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::savedResultAlias const): Added.

• inspector/JSInjectedScriptHostPrototype.cpp:

(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeAttributeSavedResultAlias): Added.
Store the saved result alias on the InjectedScriptHost since it is a shared object among
all InjectedScript.

• inspector/InjectedScriptSource.js:

(BasicCommandLineAPI):

Source/WebCore:

Test: inspector/runtime/setSavedResultAlias.html

• inspector/CommandLineAPIModuleSource.js:

(CommandLineAPI):

Source/WebInspectorUI:

• UserInterface/Controllers/RuntimeManager.js:

(WI.RuntimeManager):
(WI.RuntimeManager.preferredSavedResultPrefix): Added.
(WI.RuntimeManager.prototype.initializeTarget):

• UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

• UserInterface/Base/Setting.js:
• UserInterface/Base/Main.js:

(WI.contentLoaded):
(WI.contentLoaded.updateConsoleSavedResultPrefixCSSVariable): Added.

• UserInterface/Views/ConsoleMessageView.js:

(WI.ConsoleMessageView.prototype.toClipboardString):
(WI.ConsoleMessageView.prototype.removeEventListeners): Added.
(WI.ConsoleMessageView.prototype._appendSavedResultIndex):
(WI.ConsoleMessageView.prototype._appendSavedResultIndex.updateSavedVariableText): Added.
(WI.ConsoleMessageView.prototype._rootPropertyPathForObject):
(WI.ConsoleMessageView.prototype._rootPropertyPathForObject.prefixSavedResultIndex): Added.

• UserInterface/Views/LogContentView.js:

(WI.LogContentView.prototype._sessionStarted):
(WI.LogContentView.prototype._logCleared):

• UserInterface/Views/DOMTreeOutline.css:

(.tree-outline.dom.show-last-selected li.last-selected > span::after):

• UserInterface/Views/QuickConsole.js:

(WI.QuickConsole):
(WI.QuickConsole.prototype.closed):
(WI.QuickConsole.prototype._updateAutomaticExecutionContextPathComponentTooltip): Added.
Listen for changes to the setting that holds the current saved result alias and update any
related UI accordingly.

• UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createConsoleSettingsView):

• UserInterface/Views/SettingsTabContentView.css:

(.content-view.settings > .settings-view > .container > .editor-group > .editor input[type="text"]): Added.

• UserInterface/Views/SettingsGroup.js:

(WI.SettingsGroup.prototype.addCustomEditor): Added.
Add an input to the Settings tab that controls the saved result prefix alias. Only allow
[a-zA-Z0-9_$] as values (but [0-9] cannot be used as the start).

• UserInterface/Models/PropertyPath.js:

(WI.PropertyPath.prototype.set pathComponent): Added.
Miscellaneous getters/setters.

• Localizations/en.lproj/localizedStrings.js:

• UserInterface/Test/TestHarness.js:

(TestHarness.prototype.newline): Added.
Convenience function for adding newlines to test results.

LayoutTests:

• inspector/runtime/setSavedResultAlias.html: Added.
• inspector/runtime/setSavedResultAlias-expected.txt: Added.
• http/tests/inspector/dom/cross-domain-inspected-node-access-expected.txt:
• inspector/console/command-line-api-expected.txt:
• inspector/console/command-line-api-exception.html:
• inspector/console/command-line-api-exception-expected.txt:
• inspector/console/command-line-api-exception-nested-catch.html:
• inspector/console/command-line-api-exception-nested-catch-expected.txt:

7:21 PM Changeset in webkit [248286] by Devin Rousso

• 27 edits in trunk

Web Inspector: Timelines: disable related agents when the tab is closed
​https://bugs.webkit.org/show_bug.cgi?id=200118

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

• inspector/protocol/Timeline.json:

Add enable/disable commands.

• inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::enable):
(Inspector::InspectorHeapAgent::disable):

Source/WebCore:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

• inspector/agents/InspectorTimelineAgent.h:
• inspector/agents/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
(WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorTimelineAgent::enable):
(WebCore::InspectorTimelineAgent::disable):
(WebCore::InspectorTimelineAgent::start):
(WebCore::InspectorTimelineAgent::stop):
(WebCore::InspectorTimelineAgent::internalStart):
(WebCore::InspectorTimelineAgent::internalStop):
(WebCore::InspectorTimelineAgent::startFromConsole):
(WebCore::InspectorTimelineAgent::stopFromConsole):
(WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
(WebCore::InspectorTimelineAgent::startProgrammaticCapture):
(WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
Rename m_enabled* to m_tracking* to match other timeline-related agents.

• inspector/agents/InspectorMemoryAgent.h:
• inspector/agents/InspectorMemoryAgent.cpp:

(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):

• inspector/InstrumentingAgents.h:

(WebCore::InstrumentingAgents::trackingInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::setTrackingInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::persistentInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::setPersistentInspectorTimelineAgent): Added.

• inspector/InstrumentingAgents.cpp:

(WebCore::InstrumentingAgents::reset):

• inspector/InspectorInstrumentation.h:
• inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didInstallTimerImpl):
(WebCore::InspectorInstrumentation::didRemoveTimerImpl):
(WebCore::InspectorInstrumentation::willCallFunctionImpl):
(WebCore::InspectorInstrumentation::willDispatchEventImpl):
(WebCore::InspectorInstrumentation::willDispatchEventOnWindowImpl):
(WebCore::InspectorInstrumentation::willEvaluateScriptImpl):
(WebCore::InspectorInstrumentation::willFireTimerImpl):
(WebCore::InspectorInstrumentation::didInvalidateLayoutImpl):
(WebCore::InspectorInstrumentation::willLayoutImpl):
(WebCore::InspectorInstrumentation::willCompositeImpl):
(WebCore::InspectorInstrumentation::didCompositeImpl):
(WebCore::InspectorInstrumentation::willPaintImpl):
(WebCore::InspectorInstrumentation::didPaintImpl):
(WebCore::InspectorInstrumentation::willRecalculateStyleImpl):
(WebCore::InspectorInstrumentation::didScheduleStyleRecalculationImpl):
(WebCore::InspectorInstrumentation::didCommitLoadImpl):
(WebCore::InspectorInstrumentation::frameStartedLoadingImpl):
(WebCore::InspectorInstrumentation::startConsoleTimingImpl):
(WebCore::InspectorInstrumentation::stopConsoleTimingImpl):
(WebCore::InspectorInstrumentation::consoleTimeStampImpl):
(WebCore::InspectorInstrumentation::startProfilingImpl):
(WebCore::InspectorInstrumentation::stopProfilingImpl):
(WebCore::InspectorInstrumentation::timelineAgentTracking): Added.
(WebCore::InspectorInstrumentation::didRequestAnimationFrameImpl):
(WebCore::InspectorInstrumentation::didCancelAnimationFrameImpl):
(WebCore::InspectorInstrumentation::willFireAnimationFrameImpl):
(WebCore::InspectorInstrumentation::willFireObserverCallbackImpl):
(WebCore::InspectorInstrumentation::retrieveTimelineAgent):
(WebCore::InspectorInstrumentation::timelineAgentEnabled): Deleted.

• bindings/js/JSExecStateInstrumentation.h:

(WebCore::JSExecState::instrumentFunctionInternal):
Rename for clarity/correctness:

• inspectorTimelineAgent => trackingInspectorTimelineAgent
• persistentInspectorTimelineAgent => inspectorTimelineAgent

Source/WebInspectorUI:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

• UserInterface/Controllers/TimelineManager.js:

(WI.TimelineManager):
(WI.TimelineManager.prototype.get domains): Added.
(WI.TimelineManager.prototype.activateExtraDomain): Added.
(WI.TimelineManager.prototype.initializeTarget):
(WI.TimelineManager.prototype.reset):
(WI.TimelineManager.prototype.set autoCaptureOnPageLoad):
(WI.TimelineManager.prototype.enable): Added.
(WI.TimelineManager.prototype.disable): Added.
(WI.TimelineManager.prototype.startCapturing):
(WI.TimelineManager.prototype.stopCapturing):
(WI.TimelineManager.prototype.async processJSON):
(WI.TimelineManager.prototype.capturingStarted):
(WI.TimelineManager.prototype.capturingStopped):
(WI.TimelineManager.prototype.autoCaptureStarted):
(WI.TimelineManager.prototype.eventRecorded):
(WI.TimelineManager.prototype.pageDOMContentLoadedEventFired):
(WI.TimelineManager.prototype.pageLoadEventFired):
(WI.TimelineManager.prototype.cpuProfilerTrackingUpdated):
(WI.TimelineManager.prototype.memoryTrackingUpdated):
(WI.TimelineManager.prototype.heapTrackingStarted):
(WI.TimelineManager.prototype.heapTrackingCompleted):
(WI.TimelineManager.prototype.heapSnapshotAdded):
(WI.TimelineManager.prototype._loadNewRecording):
(WI.TimelineManager.prototype._legacyAttemptStartAutoCapturingForFrame):
(WI.TimelineManager.prototype._provisionalLoadStarted):
(WI.TimelineManager.prototype._mainResourceDidChange):
(WI.TimelineManager.prototype._resourceWasAdded):
(WI.TimelineManager.prototype._garbageCollected):
(WI.TimelineManager.prototype._memoryPressure):
(WI.TimelineManager.prototype.scriptProfilerTrackingUpdated):
(WI.TimelineManager.prototype.scriptProfilerTrackingCompleted):
(WI.TimelineManager.prototype._updateAutoCaptureInstruments):
(WI.TimelineManager.prototype._handleDOMNodeDidFireEvent):
(WI.TimelineManager.prototype._handleDOMNodePowerEfficientPlaybackStateChanged):

• UserInterface/Models/Instrument.js:

(WI.Instrument.startLegacyTimelineAgent):
(WI.Instrument.stopLegacyTimelineAgent):

• UserInterface/Controllers/HeapManager.js:

(WI.HeapManager): Added.
(WI.HeapManager.prototype.get domains): Added.
(WI.HeapManager.prototype.activateExtraDomain): Added.
(WI.HeapManager.prototype.initializeTarget):
(WI.HeapManager.prototype.enable): Added.
(WI.HeapManager.prototype.disable): Added.
(WI.HeapManager.prototype.snapshot): Added.
(WI.HeapManager.prototype.getPreview): Added.
(WI.HeapManager.prototype.getRemoteObject): Added.
(WI.HeapManager.prototype.garbageCollected):

• UserInterface/Controllers/MemoryManager.js:

(WI.MemoryManager): Added.
(WI.MemoryManager.prototype.get domains): Added.
(WI.MemoryManager.prototype.activateExtraDomain): Added.
(WI.MemoryManager.prototype.initializeTarget):
(WI.MemoryManager.prototype.enable): Added.
(WI.MemoryManager.prototype.disable): Added.
(WI.MemoryManager.prototype.memoryPressure):

• UserInterface/Views/TimelineTabContentView.js:

(WI.TimelineTabContentView):
(WI.TimelineTabContentView.prototype.closed):

• UserInterface/Models/HeapAllocationsInstrument.js:

(WI.HeapAllocationsInstrument):
(WI.HeapAllocationsInstrument.prototype._takeHeapSnapshot):

• UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype._takeHeapSnapshotClicked):

• UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WI.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode):
(WI.HeapSnapshotInstanceDataGridNode.prototype._populatePreview):
(WI.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPathRow):
Go through the HeapManager for HeapAgent commands so it can better manage state.

• UserInterface/Test/Test.js:

(WI.contentLoaded):

LayoutTests:

• inspector/timeline/line-column.html:
• inspector/timeline/setInstruments-errors.html:
• inspector/timeline/setInstruments-programmatic-capture.html:

7:07 PM Changeset in webkit [248285] by Fujii Hironori

• 4 edits in trunk

[Win] Specifying huge font-size causes crashing
​https://bugs.webkit.org/show_bug.cgi?id=200340

Reviewed by Don Olmstead.

Source/WebCore:

Covered by existing tests.

• platform/graphics/win/FontPlatformDataWin.cpp:

(WebCore::FontPlatformData::FontPlatformData): Use GetTextFace to
get font face names instead of GetOutlineTextMetrics which returns
null for huge size fonts.

LayoutTests:

• platform/win/TestExpectations:

7:00 PM Changeset in webkit [248284] by Nikita Vasilyev

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: brotli-compressed resources have "Compressed: No" in Resources details sidebar
​https://bugs.webkit.org/show_bug.cgi?id=200452

Reviewed by Joseph Pecoraro.

• UserInterface/Models/Resource.js:

(WI.Resource.prototype.get compressed):
Add "br" - Brotli content encoding.

5:36 PM Changeset in webkit [248283] by youenn@apple.com

• 17 edits
  4 deletes in trunk

LayoutTests/imported/w3c:
Response constructor doesn't throw on disturbed ReadableStream
​https://bugs.webkit.org/show_bug.cgi?id=200130
<rdar://problem/53550351>

Reviewed by Alex Christensen.

Update test to use promise_rejects instead of assert_throws.

• web-platform-tests/fetch/api/request/request-init-stream.any-expected.txt:
• web-platform-tests/fetch/api/request/request-init-stream.any.js:

(async.assert_request):
(promise_test.async):

• web-platform-tests/fetch/api/request/request-init-stream.any.worker-expected.txt:
• web-platform-tests/fetch/api/response/response-from-stream.any-expected.txt:
• web-platform-tests/fetch/api/response/response-from-stream.any.worker-expected.txt:

Source/WebCore:
Response constructor doesn't throw on disturbed ReadableStream
​https://bugs.webkit.org/show_bug.cgi?id=200130
<rdar://problem/53550351>

Reviewed by Alex Christensen.

Make FetchBody::extract return an exception in error cases.
Update call sites accordingly.
Add the error case as per ​https://fetch.spec.whatwg.org/#concept-bodyinit-extract, ReadableStream handling.

Covered by updated and rebased tests.

• Modules/beacon/NavigatorBeacon.cpp:

(WebCore::NavigatorBeacon::sendBeacon):

• Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract):

• Modules/fetch/FetchBody.h:
• Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::extractBody):

• Modules/fetch/FetchBodyOwner.h:
• Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::initializeWith):
(WebCore::FetchRequest::setBody):

• Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::create):

• Modules/streams/ReadableStreamInternals.js:

(readableStreamPipeTo): fix a case where the promise would be unhandled and would show up in
unhandledrejectionhandler.

LayoutTests:
Support RTCRtpSender.dtmf
​https://bugs.webkit.org/show_bug.cgi?id=200431
<rdar://problem/53924833>

Reviewed by Alex Christensen.

Removed cache storage test which is no longer valid.
Removed WK1 expectation that is no longer needed.

• http/wpt/cache-storage/cache-put-stream.https.any.html: Removed.
• http/wpt/cache-storage/cache-put-stream.https.any.js: Removed.
• http/wpt/cache-storage/cache-put-stream.https.any.worker.html: Removed.
• platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/request/request-init-stream.any-expected.txt: Removed.
• platform/mac-wk2/TestExpectations:

5:34 PM Changeset in webkit [248282] by youenn@apple.com

• 26 edits
  2 copies
  1 add
  2 deletes in trunk

Support RTCRtpSender.dtmf
​https://bugs.webkit.org/show_bug.cgi?id=200431

Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

• web-platform-tests/webrtc/RTCDTMFSender-insertDTMF.https-expected.txt:
• web-platform-tests/webrtc/RTCDTMFSender-ontonechange-long.https-expected.txt:
• web-platform-tests/webrtc/RTCDTMFSender-ontonechange.https-expected.txt:

Source/WebCore:

Add a new backend interface to RTCDTMFSender and implementation of it using libwebrtc.
Update RTCDTMFSender to use that new backend and make RTCRtpSender return a RTCDTMFSender
conditionally on a newly added runtime flag.
Update RTCDTMFSender implementation based on ​https://w3c.github.io/webrtc-pc/#peer-to-peer-dtmf.

Covered by rebased tests.

• Modules/mediastream/PeerConnectionBackend.cpp:

(WebCore::PeerConnectionBackend::context const):
(WebCore::PeerConnectionBackend::transceiverFromSender):

• Modules/mediastream/PeerConnectionBackend.h:
• Modules/mediastream/RTCDTMFSender.cpp:

(WebCore::RTCDTMFSender::RTCDTMFSender):
(WebCore::RTCDTMFSender::canInsertDTMF const):
(WebCore::RTCDTMFSender::toneBuffer const):
(WebCore::isToneCharacterInvalid):
(WebCore::RTCDTMFSender::insertDTMF):
(WebCore::RTCDTMFSender::playNextTone):
(WebCore::RTCDTMFSender::onTonePlayed):
(WebCore::RTCDTMFSender::toneTimerFired):
(WebCore::RTCDTMFSender::stop):
(WebCore::RTCDTMFSender::activeDOMObjectName const):
(WebCore::RTCDTMFSender::canSuspendForDocumentSuspension const):

• Modules/mediastream/RTCDTMFSender.h:
• Modules/mediastream/RTCDTMFSender.idl:
• Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
• Modules/mediastream/RTCDTMFToneChangeEvent.h:
• Modules/mediastream/RTCDTMFToneChangeEvent.idl:
• Modules/mediastream/RTCRtpSender.cpp:

(WebCore::RTCRtpSender::dtmf):
(WebCore::RTCRtpSender::currentTransceiverDirection const):

• Modules/mediastream/RTCRtpSender.h:
• Modules/mediastream/RTCRtpSender.idl:
• Modules/mediastream/RTCRtpSenderBackend.h:
• Modules/mediastream/libwebrtc/LibWebRTCRtpSenderBackend.cpp:

(WebCore::LibWebRTCRtpSenderBackend::createDTMFBackend):

• Modules/mediastream/libwebrtc/LibWebRTCRtpSenderBackend.h:
• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• dom/EventNames.in:
• dom/EventTargetFactory.in:
• page/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::webRTCDTMFEnabled const):
(WebCore::RuntimeEnabledFeatures::setWebRTCDTMFEnabled):

• platform/mediastream/RTCDTMFSenderBackend.h: Added.
• platform/mediastream/RTCDTMFSenderHandler.h: Removed.
• platform/mediastream/RTCDTMFSenderHandlerClient.h: Removed.
• platform/mediastream/libwebrtc/LibWebRTCDTMFSenderBackend.cpp: Added.

(WebCore::toWTFString):
(WebCore::LibWebRTCDTMFSenderBackend::LibWebRTCDTMFSenderBackend):
(WebCore::LibWebRTCDTMFSenderBackend::~LibWebRTCDTMFSenderBackend):
(WebCore::LibWebRTCDTMFSenderBackend::canInsertDTMF):
(WebCore::LibWebRTCDTMFSenderBackend::playTone):
(WebCore::LibWebRTCDTMFSenderBackend::tones const):
(WebCore::LibWebRTCDTMFSenderBackend::duration const):
(WebCore::LibWebRTCDTMFSenderBackend::interToneGap const):
(WebCore::LibWebRTCDTMFSenderBackend::OnToneChange):
(WebCore::LibWebRTCDTMFSenderBackend::onTonePlayed):

• platform/mediastream/libwebrtc/LibWebRTCDTMFSenderBackend.h: Added.

Source/WebKit:

• Shared/WebPreferences.yaml:

5:31 PM Changeset in webkit [248281] by Simon Fraser

• 4 edits in trunk

iOS 13: Overflow:hidden on body prevents PDF scroll
​https://bugs.webkit.org/show_bug.cgi?id=200435
rdar://problem/53942888

Reviewed by Tim Horton.
Source/WebKit:

When we navigate from an overflow:hidden HTML page to a custom view (like PDF), we need
to make sure that the scroll view is scrollable.

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setHasCustomContentView:loadedMIMEType:]):

Tools:

When we navigate from an overflow:hidden HTML page to a custom view (like PDF), we need
to make sure that the scroll view is scrollable.

• TestWebKitAPI/Tests/ios/ScrollViewScrollabilityTests.mm:

(TestWebKitAPI::TEST):

5:03 PM Changeset in webkit [248280] by sbarati@apple.com

• 4 edits in trunk/Source/WebCore

[WHLSL] Inline all native function calls
​https://bugs.webkit.org/show_bug.cgi?id=200350

Reviewed by Robin Morisset.

Native functions calls tend to be really small. If we inline in the generated
Metal code, we end up with faster Metal compile times. On compute_boids, this
provides a ~10ms improvement.

• Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::sharedMetalFunctions):

• Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::inlineNativeFunction):
(WebCore::WHLSL::Metal::writeNativeFunction): Deleted.

• Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h:

4:40 PM Changeset in webkit [248279] by Devin Rousso

• 6 edits
  2 adds in trunk

Web Inspector: Styles: variable swatch not shown for var() with a fallback
​https://bugs.webkit.org/show_bug.cgi?id=200237

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

• UserInterface/Views/SpreadsheetStyleProperty.js:

(WI.SpreadsheetStyleProperty.prototype._createInlineSwatch):
(WI.SpreadsheetStyleProperty.prototype._replaceSpecialTokens): Added.
(WI.SpreadsheetStyleProperty.prototype._addGradientTokens):
(WI.SpreadsheetStyleProperty.prototype._addColorTokens):
(WI.SpreadsheetStyleProperty.prototype._addTimingFunctionTokens):
(WI.SpreadsheetStyleProperty.prototype._addVariableTokens):
Check to see if there's a fallback value in the var() and tokenize it if there is. Mark
the property as invalid if the var() doesn't end up resolving to anything.

• UserInterface/Views/InlineSwatch.js:

(WI.InlineSwatch):
(WI.InlineSwatch.prototype.get value):
(WI.InlineSwatch.prototype._updateSwatch):
(WI.InlineSwatch.prototype._handleContextMenuEvent):
(WI.InlineSwatch.prototype._getNextValidHEXFormat.hexMatchesCurrentColor):
(WI.InlineSwatch.prototype._getNextValidHEXFormat):
Allow the value to be a function. In that case, use the getter this.value instead of the
value this._value directly so that the function is invoked.
This is needed for variable swatches because the fallback value could change after the
swatch has been created (e.g. another swatch in a CSS property value that just modifies the
text, rather than re-renders the entire CSS property value).

• UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.resolveVariableValue): Added.
Follow the variable chain until an ultimate value is reached.

• UserInterface/Models/CSSKeywordCompletions.js:

(WI.CSSKeywordCompletions.isColorAwareProperty):
(WI.CSSKeywordCompletions.isTimingFunctionAwareProperty): Added.
Limit cubic-bezier and spring tokens to only be shown for timing function properties.

LayoutTests:

• inspector/css/resolve-variable-value.html: Added.
• inspector/css/resolve-variable-value-expected.txt: Added.

4:25 PM Changeset in webkit [248278] by youenn@apple.com

• 4 edits in trunk/Source/WebCore

RealtimeOutgoingAudioSource::pullAudioData is no longer needed
​https://bugs.webkit.org/show_bug.cgi?id=200450

Reviewed by Geoffrey Garen.

No change of behavior, removing base class method declaration.

• platform/mediastream/RealtimeOutgoingAudioSource.h:

(WebCore::RealtimeOutgoingAudioSource::pullAudioData): Deleted.

• platform/mediastream/gstreamer/RealtimeOutgoingAudioSourceLibWebRTC.h:
• platform/mediastream/mac/RealtimeOutgoingAudioSourceCocoa.h:

4:17 PM Changeset in webkit [248277] by sbarati@apple.com

• 4 edits in trunk/Source/WebCore

[WHLSL] Add compile time flag to dump metal compile times
​https://bugs.webkit.org/show_bug.cgi?id=200447

Reviewed by Myles C. Maxfield.

• Modules/webgpu/WHLSL/WHLSLPrepare.h:
• platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:

(WebCore::trySetFunctions):

• platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::trySetFunctions):

4:00 PM Changeset in webkit [248276] by Chris Dumez

• 23 edits
  4 adds in trunk

navigator.geolocation wrapper should not become GC-collectable once its frame is detached
​https://bugs.webkit.org/show_bug.cgi?id=200436

Reviewed by Darin Adler.

Source/WebCore:

navigator.geolocation wrapper should not become GC-collectable once its frame is detached, given
that it can outlive the frame. Instead, tie the navigator.geolocation wrapper's lifetime to its
Navigator's.

Test: fast/dom/navigator-property-gc-after-frame-detach.html

• Modules/geolocation/Geolocation.cpp:

(WebCore::Geolocation::create):
(WebCore::Geolocation::Geolocation):
(WebCore::Geolocation::navigator):
(WebCore::Geolocation::frame const):

• Modules/geolocation/Geolocation.h:
• Modules/geolocation/Geolocation.idl:
• Modules/geolocation/NavigatorGeolocation.cpp:

(WebCore::NavigatorGeolocation::NavigatorGeolocation):
(WebCore::NavigatorGeolocation::from):
(WebCore::NavigatorGeolocation::geolocation):
(WebCore::NavigatorGeolocation::geolocation const):

• Modules/geolocation/NavigatorGeolocation.h:
• bindings/js/JSNavigatorCustom.cpp:

(WebCore::JSNavigator::visitAdditionalChildren):

• bindings/js/JSWorkerNavigatorCustom.cpp:

(WebCore::JSWorkerNavigator::visitAdditionalChildren):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

• bindings/scripts/IDLAttributes.json:
• page/Navigator.cpp:

(WebCore::Navigator::plugins):
(WebCore::Navigator::mimeTypes):

• page/NavigatorBase.h:
• plugins/DOMMimeTypeArray.cpp:

(WebCore::DOMMimeTypeArray::DOMMimeTypeArray):

• plugins/DOMMimeTypeArray.h:
• plugins/DOMMimeTypeArray.idl:
• plugins/DOMPluginArray.cpp:

(WebCore::DOMPluginArray::DOMPluginArray):

• plugins/DOMPluginArray.h:
• plugins/DOMPluginArray.idl:
• workers/service/ServiceWorkerContainer.h:
• workers/service/ServiceWorkerContainer.idl:

LayoutTests:

Add layout test coverage.

• fast/dom/navigator-property-gc-after-frame-detach-expected.txt: Added.
• fast/dom/navigator-property-gc-after-frame-detach.html: Added.

3:52 PM Changeset in webkit [248275] by aestes@apple.com

• 10 edits in trunk/Source/WebCore

[WebIDL] Support partial dictionaries and conditional dictionary members
​https://bugs.webkit.org/show_bug.cgi?id=200441

Reviewed by Alex Christensen.

Added new bindings tests.

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateDictionaryImplementationContent):

• bindings/scripts/IDLParser.pm:

(parsePartialDefinition):
(parsePartialInterface): Deleted.
(parsePartialDictionary): Deleted.

• bindings/scripts/generate-bindings.pl:

(generateBindings):

• bindings/scripts/preprocess-idls.pl:

(getPartialNamesFromIDL):
(getPartialInterfaceNameFromIDL): Deleted.

• bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::convertDictionary<TestEventConstructor::Init>):

• bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:

(WebCore::convertDictionary<DictionaryImplName>):
(WebCore::convertDictionaryToJS):

• bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
• bindings/scripts/test/TestStandaloneDictionary.idl:
• bindings/scripts/test/TestSupplemental.idl:

3:44 PM Changeset in webkit [248274] by Devin Rousso

• 25 edits in trunk

Web Inspector: rename "Stylesheet" to "Style Sheet" to match spec text
​https://bugs.webkit.org/show_bug.cgi?id=200422

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

• inspector/protocol/Page.json:

Source/WebCore:

No observable change in functionality.

• inspector/agents/InspectorPageAgent.h:
• inspector/agents/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::resourceTypeJSON):
(WebCore::InspectorPageAgent::inspectorResourceType):

Source/WebInspectorUI:

• Localizations/en.lproj/localizedStrings.js:

• UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.prototype._resourceAdded):
(WI.CSSManager.prototype._resourceTypeDidChange):
(WI.CSSManager.prototype._clearStyleSheetsForResource):
(WI.CSSManager.prototype._updateResourceContent.fetchedStyleSheetContent):

• UserInterface/Models/CSSStyleSheet.js:

(WI.CSSStyleSheet.prototype.get displayName):

• UserInterface/Models/CollectionTypes.js:

(WI.CSSStyleSheetCollection.prototype.get displayName):

• UserInterface/Models/Resource.js:

(WI.Resource.displayNameForType):
(WI.Resource.prototype.get syntheticMIMEType):

• UserInterface/Models/ResourceCollection.js:

(WI.ResourceCollection.prototype.objectIsRequiredType):

• UserInterface/Views/NetworkTableContentView.js:

(WI.NetworkTableContentView):
(WI.NetworkTableContentView.shortDisplayNameForResourceType):

• UserInterface/Views/ResourceClusterContentView.js:

(WI.ResourceClusterContentView.prototype._contentViewForResourceType):

• UserInterface/Views/ResourceSidebarPanel.js:

(WI.ResourceSidebarPanel.prototype.matchTreeElementAgainstCustomFilters.match):

• UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel.prototype.matchTreeElementAgainstCustomFilters.match):

• UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection.prototype._save):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._populateIconElementContextMenu):

• UserInterface/Views/StyleOriginView.js:

(WI.StyleOriginView.prototype.update):

• UserInterface/Views/TextResourceContentView.js:

(WI.TextResourceContentView.prototype._shouldBeEditable):

• UserInterface/Views/CSSStyleSheetTreeElement.js:

(WI.CSSStyleSheetTreeElement):

• UserInterface/Views/ResourceIcons.css:

(:matches(.resource-icon.resource-type-style-sheet, .style-sheet-icon) .icon): Added.
(.source-map-resource.resource-icon.resource-type-style-sheet .icon): Added.
(.large :matches(.resource-icon.resource-type-style-sheet, .style-sheet-icon) .icon): Added.
(.large .source-map-resource.resource-icon.resource-type-style-sheet .icon): Added.
(:matches(.resource-icon.resource-type-stylesheet, .stylesheet-icon) .icon): Deleted.
(.source-map-resource.resource-icon.resource-type-stylesheet .icon): Deleted.
(.large :matches(.resource-icon.resource-type-stylesheet, .stylesheet-icon) .icon): Deleted.
(.large .source-map-resource.resource-icon.resource-type-stylesheet .icon): Deleted.

LayoutTests:

• inspector/unit-tests/resource-collection.html:
• http/tests/inspector/network/resource-mime-type.html:
• http/tests/inspector/network/resource-mime-type-expected.txt:

2:33 PM Changeset in webkit [248273] by wilander@apple.com

• 7 edits
  2 moves in trunk

Resource Load Statistics: Re-introduce latch mode for subresource cookie blocking
​https://bugs.webkit.org/show_bug.cgi?id=200395
<rdar://problem/53869611>

Reviewed by Darin Adler.

Back when we had a relaxation of cookie blocking 24 hours after first-party user
interaction, we made sure cookie blocking could be turned on and off in subresource
redirect chains. The 24 hour window is now long gone. This patch simplifies the
cookie blocking so that once a subresource request is denied cookies, any
subsequent redirect of that request will also be denied cookies, regardless of the
classification status of the domains involved. I call it latch mode.

Source/WebKit:

• NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::blockCookies):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::applyCookieBlockingPolicy): Deleted.

LayoutTests:

• http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect-expected.txt.
• http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html.

Changed to expect no removal of blocking in the redirect and renamed accordingly.

• platform/ios/TestExpectations:

Renamed.

• platform/mac-wk2/TestExpectations:

Renamed.

• platform/wk2/TestExpectations:

Renamed.

2:24 PM Changeset in webkit [248272] by aakash_jain@apple.com

• 2 edits in trunk/Tools

New EWS:mac-wk2 status-bubble shows waiting to run tests for all recent bugs
​https://bugs.webkit.org/show_bug.cgi?id=200400

Reviewed by Jonathan Bedard.

• BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble._build_bubble):
(StatusBubble._queue_position):

1:02 PM Changeset in webkit [248271] by msaboff@apple.com

• 3 edits
  1 add in trunk

JSC: assertion failure in SpeculativeJIT::compileGetByValOnIntTypedArray
​https://bugs.webkit.org/show_bug.cgi?id=199997

Reviewed by Saam Barati.

JSTests:

New test.

• stress/typedarray-no-alreadyChecked-assert.js: Added.

(checkIntArray):
(checkFloatArray):

Source/JavaScriptCore:

No need to ASSERT(node->arrayMode().alreadyChecked(...)) in SpeculativeJIT::compileGetByValOnIntTypedArray()
and compileGetByValOnFloatTypedArray() as the abstract interpreter is conservative and can insert a
CheckStructureOrEmpty which will fail the ASSERT as it checks for the SpecType of the array
and not for SpecEmpty. If we added a check for the SpecEmpty in the ASSERT, there are cases where
it won't be set.

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):

9:42 AM Changeset in webkit [248270] by Jonathan Bedard

• 8 edits in trunk/Tools

run-webkit-tests asserts when the iPhone XR simulator is running
​https://bugs.webkit.org/show_bug.cgi?id=200404
<rdar://problem/53878739>

Reviewed by Dean Jackson.

Support unicode in all logging statements tied to device model.

• Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

• Scripts/webkitpy/layout_tests/views/printing.py:

(Printer.print_baseline_search_path):

• Scripts/webkitpy/port/device.py:

(Device.repr):

• Scripts/webkitpy/port/device_port.py:

(DevicePort._install):
(DevicePort.setup_test_run):
(DevicePort.clean_up_test_run):
(DevicePort.configuration_for_upload):

• Scripts/webkitpy/port/ios.py:

(IOSPort.default_baseline_search_path):

• Scripts/webkitpy/xcode/device_type.py:

(DeviceType.str):

• Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDeviceManager.populate_available_devices):
(SimulatedDeviceManager._find_available_name):
(SimulatedDeviceManager._get_device_identifier_for_type):
(SimulatedDeviceManager._create_or_find_device_for_request):
(SimulatedDeviceManager._does_fulfill_request):
(SimulatedDeviceManager._wait_until_device_in_state):
(SimulatedDeviceManager._wait_until_device_is_usable):
(SimulatedDeviceManager._boot_device):
(SimulatedDeviceManager.initialize_devices):
(SimulatedDeviceManager.max_supported_simulators):
(SimulatedDeviceManager.swap):
(SimulatedDevice.is_usable):
(SimulatedDevice._shut_down):
(SimulatedDevice._delete):
(SimulatedDevice.launch_app):
(SimulatedDevice.repr):

9:26 AM Changeset in webkit [248269] by youenn@apple.com

• 3 edits
  5 adds in trunk

Disable speculative loading if cache is not to be used for the load
​https://bugs.webkit.org/show_bug.cgi?id=199644

Reviewed by Alex Christensen.

Source/WebKit:

When the page is reloaded, loads are instructed to not use the cache.
It is therefore unneeded to do speculative revalidation.
Allow speculative revalidation if the cache policy is either the default HTTP policy or
if policy is to refresh all cache data.
Covered by added test.

• NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::cachePolicyValidForSpeculativeRevalidation):
(WebKit::NetworkCache::canRequestUseSpeculativeRevalidation):

LayoutTests:

• http/wpt/fetch/disable-speculative-for-reload-expected.txt: Added.
• http/wpt/fetch/disable-speculative-for-reload.html: Added.
• http/wpt/fetch/resources/iframe-with-image.py: Added.

(main):

• http/wpt/fetch/resources/image-load-count.py: Added.

(main):

• http/wpt/fetch/resources/image-load.py: Added.

(main):

12:34 AM Changeset in webkit [248268] by commit-queue@webkit.org

• 11 edits
  1 copy
  1 add in trunk

[Curl] implement CertificateInfo::summaryInfo
​https://bugs.webkit.org/show_bug.cgi?id=191498

Patch by Takashi Komori <​Takashi.Komori@sony.com> on 2019-08-05
Reviewed by Alex Christensen.

Source/WebCore:

Implement CertificaeInfo::SummaryInfo.
This patch makes WebInspector show summary of certificates.

Tests: http/tests/inspector/network/resource-security-certificate.html

http/tests/inspector/network/getSerializedCertificate.html

• platform/Curl.cmake:
• platform/network/curl/CertificateInfo.h:

(WTF::Persistence::Coder<WebCore::CertificateInfo>::encode):
(WTF::Persistence::Coder<WebCore::CertificateInfo>::decode):
(WebCore::CertificateInfo::summaryInfo const): Deleted.

• platform/network/curl/CertificateInfoCurl.cpp:

(WebCore::CertificateInfo::summaryInfo const):

• platform/network/curl/CurlSSLVerifier.cpp:

(WebCore::CurlSSLVerifier::collectInfo):
(WebCore::CurlSSLVerifier::verifyCallback):
(WebCore::StackOfX509::StackOfX509): Deleted.
(WebCore::StackOfX509::~StackOfX509): Deleted.
(WebCore::StackOfX509::count): Deleted.
(WebCore::StackOfX509::item): Deleted.
(): Deleted.
(WebCore::BIOHolder::BIOHolder): Deleted.
(WebCore::BIOHolder::~BIOHolder): Deleted.
(WebCore::BIOHolder::write): Deleted.
(WebCore::BIOHolder::asCertificate): Deleted.
(WebCore::pemDataFromCtx): Deleted.

• platform/network/curl/CurlSSLVerifier.h:
• platform/network/curl/OpenSSLHelper.cpp: Added.

(OpenSSL::deleter<X509>::operator()):
(OpenSSL::StackOfGeneralName::StackOfGeneralName):
(OpenSSL::StackOfGeneralName::~StackOfGeneralName):
(OpenSSL::StackOfGeneralName::operator bool):
(OpenSSL::StackOfGeneralName::count):
(OpenSSL::StackOfGeneralName::item):
(OpenSSL::StackOfX509::StackOfX509):
(OpenSSL::StackOfX509::~StackOfX509):
(OpenSSL::StackOfX509::count):
(OpenSSL::StackOfX509::item):
(OpenSSL::BIO::BIO):
(OpenSSL::BIO::~BIO):
(OpenSSL::BIO::getDataAsVector const):
(OpenSSL::BIO::getDataAsString const):
(OpenSSL::BIO::readX509):
(OpenSSL::BIO::get):
(OpenSSL::pemDataFromCtx):
(OpenSSL::createCertificateInfo):
(OpenSSL::toString):
(OpenSSL::getCommonName):
(OpenSSL::getSubjectName):
(OpenSSL::convertASN1TimeToSeconds):
(OpenSSL::getSubjectAltName):
(OpenSSL::createSummaryInfo):

• platform/network/curl/OpenSSLHelper.h: Copied from Source/WebCore/platform/network/curl/CertificateInfoCurl.cpp.

Source/WTF:

Fixed function template for encoding vector.

• wtf/persistence/PersistentCoders.h:

LayoutTests:

• platform/wincairo-wk1/TestExpectations:
• platform/wincairo/TestExpectations:

Aug 4, 2019:

11:54 PM Changeset in webkit [248267] by youenn@apple.com

• 3 edits
  2 adds in trunk

WebRTC: got incorrect this in negotiationneeded event
​https://bugs.webkit.org/show_bug.cgi?id=200427

Reviewed by Darin Adler.

Source/WebCore:

Make sure a dom object created through a JS built-in constructor is added to the wrapper cache.

Test: webrtc/onnegotiationneeded.html

• bindings/js/JSDOMBuiltinConstructor.h:

(WebCore::createJSObjectFromWrapper):
(WebCore::createJSObject):

LayoutTests:

• webrtc/onnegotiationneeded-expected.txt: Added.
• webrtc/onnegotiationneeded.html: Added.

8:26 PM Changeset in webkit [248266] by weinig@apple.com

• 14 edits
  1 add in trunk/Source/WebCore

Mangled WHLSL names don't need to allocate Strings
​https://bugs.webkit.org/show_bug.cgi?id=200429

Reviewed by Saam Barati.

To avoid allocating strings for each mangled name used to transform WHLSL to Metal, which we'd
like to avoid since it is both unnecessarily expensive in time and space, we can instead just
store the unique integer identifier that was being used to construct the String.

Since the existing mangled names were all of the form "prefix" + unsigned integer value (where
prefix could be "type", "enumerationMember", "structureElement", "variable" or "function") we
strongly type the integer by storing it in a struct (MangledVariableName, MangledTypeName, etc.)
When the full name is actually needed, StringTypeAdapter's specialized for the structs are
used to write directly into the preallocated buffers of StringBuilders or makeString().

• Modules/webgpu/WHLSL/Metal/WHLSLMangledNames.h: Added.

(WebCore::WHLSL::Metal::MangledVariableName):
(WebCore::WHLSL::Metal::MangledTypeName):
(WebCore::WHLSL::Metal::MangledStructureElementName):
(WebCore::WHLSL::Metal::MangledEnumerationMemberName):
(WebCore::WHLSL::Metal::MangledFunctionName):
Adds structs for each type of mangled name and StringTypeAdapter specializations for
each to allow their use in StringBuilder.flexibleAppend() or makeString().

Additionally, a Variant, MangledOrNativeTypeName, of MangledTypeName and String is
declared to allow for the few cases where a native type (e.g. float4) is needed. The
StringTypeAdapter for MangledOrNativeTypeName could be generalized for any Variant
in the future, but I left it non-general for now, as it is non-obvious if one would
want to store Variant<Types...>, and have each member function construct a temporary
StringTypeAdapter, or store a Variant<StringTypeAdapter<Types>...> and perform conversion
in the construction.

• Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:

(WebCore::WHLSL::Metal::EntryPointScaffolding::EntryPointScaffolding):
(WebCore::WHLSL::Metal::internalTypeForSemantic):
(WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledInputPath):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::VertexEntryPointScaffolding):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::FragmentEntryPointScaffolding):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::ComputeEntryPointScaffolding):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::pack):

• Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h:

(WebCore::WHLSL::Metal::EntryPointScaffolding::parameterVariables):

• Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDeclarationWriter::FunctionDeclarationWriter):
(WebCore::WHLSL::Metal::FunctionDeclarationWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::generateNextVariableName):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValueWithNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValueAndNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitLoop):
(WebCore::WHLSL::Metal::RenderFunctionDefinitionWriter::RenderFunctionDefinitionWriter):
(WebCore::WHLSL::Metal::RenderFunctionDefinitionWriter::createEntryPointScaffolding):
(WebCore::WHLSL::Metal::ComputeFunctionDefinitionWriter::ComputeFunctionDefinitionWriter):
(WebCore::WHLSL::Metal::ComputeFunctionDefinitionWriter::createEntryPointScaffolding):
(WebCore::WHLSL::Metal::sharedMetalFunctions):

• Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.h:
• Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.h:
• Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::writeNativeFunction):

• Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h:
• Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:

(WebCore::WHLSL::Metal::BaseTypeNameNode::BaseTypeNameNode):
(WebCore::WHLSL::Metal::BaseTypeNameNode::mangledName const):
(WebCore::WHLSL::Metal::ArrayTypeNameNode::ArrayTypeNameNode):
(WebCore::WHLSL::Metal::ArrayReferenceTypeNameNode::ArrayReferenceTypeNameNode):
(WebCore::WHLSL::Metal::PointerTypeNameNode::PointerTypeNameNode):
(WebCore::WHLSL::Metal::ReferenceTypeNameNode::ReferenceTypeNameNode):
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::MetalTypeDeclarationWriter):
(WebCore::WHLSL::Metal::TypeNamer::metalTypeDeclarations):
(WebCore::WHLSL::Metal::TypeNamer::emitNamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForType):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForEnumerationMember):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForStructureElement):

• Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.h:

(WebCore::WHLSL::Metal::TypeNamer::generateNextTypeName):
(WebCore::WHLSL::Metal::TypeNamer::generateNextStructureElementName):
(WebCore::WHLSL::Metal::TypeNamer::generateNextEnumerationMemberName):

• Modules/webgpu/WHLSL/WHLSLPrepare.h:

Replace uses of String with the appropriate mangled name type.

• WebCore.xcodeproj/project.pbxproj:

Add WHLSLMangledNames.h

• platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:

(WebCore::trySetFunctions):

• platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::trySetFunctions):
Convert the mangled names to Strings for passing to Metal API. NOTE: We could avoid having the
toString() member function on MangledFunctionName if we allowed makeString() to take a single
argument.

11:32 AM Changeset in webkit [248265] by Chris Dumez

• 7 edits
  4 adds in trunk

Ping loads should not prevent page caching
​https://bugs.webkit.org/show_bug.cgi?id=200418
<rdar://problem/53901632>

Reviewed by Darin Adler.

Source/WebCore:

We normally prevent page caching if there were any pending subresource loads when navigating,
to avoid caching partial / broken content. However, this should not apply to Ping / Beacon
loads since those do not impact page rendering and can outlive the page.

Tests: http/tests/navigation/page-cache-pending-ping-load-cross-origin.html

http/tests/navigation/page-cache-pending-ping-load-same-origin.html

• history/PageCache.cpp:

(WebCore::PageCache::addIfCacheable):
After we've fired the 'pagehide' event in each frame, stop all the loads again. This is needed
since pages are allowed to start ping / beacon loads in their 'pagehide' handlers. If we do not
stop those loads, then the next call to canCachePage() would fail because the DocumentLoader is
still loading. Note that we're not actually preventing these ping loads from hitting the server
since we never cancel page loads and those can outlive their page.

• loader/DocumentLoader.cpp:

(WebCore::shouldPendingCachedResourceLoadPreventPageCache):
(WebCore::areAllLoadersPageCacheAcceptable):
Make sure that Ping / Beacon / Prefetches / Icon loads do not prevent page caching.

(WebCore::DocumentLoader::addSubresourceLoader):
Tweak assertion that was incorrect since we actually allow ping / beacon loads when the
document is about to enter PageCache (while firing pagehide event).

Tools:

Add TestOption to enable PageCache at UIProcess-level so that we can test
page caching when navigating cross-origin with PSON enabled.

• WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):

• WebKitTestRunner/TestOptions.h:

(WTR::TestOptions::hasSameInitializationOptions const):

LayoutTests:

Add layout test coverage.

• http/tests/navigation/page-cache-pending-ping-load-cross-origin-expected.txt: Added.
• http/tests/navigation/page-cache-pending-ping-load-cross-origin.html: Added.
• http/tests/navigation/page-cache-pending-ping-load-same-origin-expected.txt: Added.
• http/tests/navigation/page-cache-pending-ping-load-same-origin.html: Added.

11:28 AM Changeset in webkit [248264] by Konstantin Tokarev

• 2 edits in trunk/Source/WebKit

Remove unused lambda capture in MemoryPressureMonitor
​https://bugs.webkit.org/show_bug.cgi?id=200420

Reviewed by Darin Adler.

• UIProcess/linux/MemoryPressureMonitor.cpp:

(WebKit::MemoryPressureMonitor::start):

6:59 AM Changeset in webkit [248263] by Alan Bujtas

• 2 edits in trunk/Source/WebCore

[LFC][TFC] Create formatting context/state.
​https://bugs.webkit.org/show_bug.cgi?id=200428
<rdar://problem/53913625>

Reviewed by Antti Koivisto.

• layout/LayoutState.cpp:

(WebCore::Layout::LayoutState::createFormattingStateForFormattingRootIfNeeded):
(WebCore::Layout::LayoutState::createFormattingContext):

3:16 AM Changeset in webkit [248262] by Alan Bujtas

• 12 edits in trunk/Source/WebCore

[LFC] Cleanup preferred width computation
​https://bugs.webkit.org/show_bug.cgi?id=200426
<rdar://problem/53912607>

Reviewed by Antti Koivisto.

The intrinsic width for a formatting root box has 2 sets of values now. One set(min/max) is stored in the established formatting context's state
while the other is in the formatting context's state where the box lives.

<div style="position: absolute"><div style="float: left; border: 1px solid green">foobar</div></div>

The float box participates in the formatting context established by the absolutely position box, but it also establishes an inline formatting context.
The min/max width pair in the established context is the width of the "foobar" (same value for min/max). This set is stored in the inline formatting state.
However the float box has horizontal border so the "final" min/max width pair is expanded by this border value and stored in the formatting state where
the box lives (which is different from the one it establishes).

This and the "remove the formatting context type classes from the tree" changes open up interesting optimization opportunities.
Here is a very simple case:
<div style="display: inline-block; width: auto;">

<div style="float: left">some text</div>
<div style="float: left">some super long .... text</div>
<div></div>

</div>
In order to lay out this content properly, we

1. Compute the min/max width of the first float (expensive text measuring)
2. Compute the min/max width of the second float (some more expensive text measuring)
3. Compute the min/max width of the inline-block (that is pretty much the 2 float's min/max)
4. Lay out the 2 floats, the empty div and the inline-block using these min/max width pairs.

Now if the inline-block box's display value is changed to "block" and the positioning is to absolute (style="display: box; position: absolute;")
we currently(on trunk) tear down the render tree, build a new one and run all the steps again from #1 to #4.

In LFC, we start with the following layout tree
<container> -> block formatting context

<container> -> inline formatting context

<anonymous inline box>

<container> -> inline formatting context

<anonymous inline box>

<container> -> inline formatting context

and when the style change happens, we don't need to tear down the tree at all. Not only that, but since every formatting contexts stay the same
we can just reuse their states and actually skip all the steps (even the positioning since the absolutely positioned container has static top/bottom/left/right).

Surprisingly the final layout produces the exact same "display boxes" as the original layout.

• layout/FormattingContext.h:

(WebCore::Layout::FormattingContext::IntrinsicWidthConstraints::expand):

• layout/FormattingContextGeometry.cpp:

(WebCore::Layout::FormattingContext::Geometry::shrinkToFitWidth):

• layout/FormattingState.h:

(WebCore::Layout::FormattingState::setIntrinsicWidthConstraints):
(WebCore::Layout::FormattingState::intrinsicWidthConstraints const):
(WebCore::Layout::FormattingState::setIntrinsicWidthConstraintsForBox):
(WebCore::Layout::FormattingState::clearIntrinsicWidthConstraints):
(WebCore::Layout::FormattingState::intrinsicWidthConstraintsForBox const):

• layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::computedIntrinsicWidthConstraints const):
(WebCore::Layout::BlockFormattingContext::computeIntrinsicWidthConstraints const): Deleted.

• layout/blockformatting/BlockFormattingContext.h:
• layout/blockformatting/BlockFormattingContextGeometry.cpp:

(WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraints):
(WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraintsNeedChildrenWidth): Deleted.

• layout/displaytree/DisplayBox.h:

(WebCore::Display::Box::horizontalMarginBorderAndPadding const):

• layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::nextInPreOrder):
(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFormattingRoot const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const): Deleted.
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFloatBox const): Deleted.
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForInlineBlock const): Deleted.

• layout/inlineformatting/InlineFormattingContext.h:
• layout/tableformatting/TableFormattingContext.cpp:

(WebCore::Layout::TableFormattingContext::computedIntrinsicWidthConstraints const):

• layout/tableformatting/TableFormattingContext.h:

Aug 3, 2019:

8:24 PM Changeset in webkit [248261] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248173 - Harden NodeRareData::m_connectedFrameCount
​https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

• dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

• dom/NodeRareData.h:

8:24 PM Changeset in webkit [248260] by Michael Catanzaro

• 4 edits
  2 adds in releases/WebKitGTK/webkit-2.24

Merge r248172 - Document::resume should delay resetting of form control elements.
​https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

• html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

• fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
• fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
• platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

8:24 PM Changeset in webkit [248259] by Michael Catanzaro

• 5 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r248149 - GetterSetter type confusion during DFG compilation
​https://bugs.webkit.org/show_bug.cgi?id=199903

Reviewed by Mark Lam.

JSTests:

• stress/cse-propagated-constant-may-not-follow-structure-restrictions.js: Added.

Source/JavaScriptCore:

In AI, we are strongly assuming that GetGetter's child constant value should be GetterSetter if it exists.
However, this can be wrong since nobody ensures that. AI assumed so because the control-flow and preceding
CheckStructure ensures that. But this preceding check can be eliminated if the node becomes (at runtime) unreachable.

Let's consider the following graph.

129:<!0:-> PutByOffset(KnownCell:@115, KnownCell:@115, Check:Untyped:@124, MustGen, id5{length}, 0, W:NamedProperties(5), ClobbersExit, bc#154, ExitValid)
130:<!0:-> PutStructure(KnownCell:@115, MustGen, %C8:Object -> %C3:Object, ID:7726, R:JSObject_butterfly, W:JSCell_indexingType,JSCell_structureID,JSCell_typeInfoFlags,JSCell_typeInfoType, ClobbersExit, bc#154, ExitInvalid)
...
158:<!0:-> GetLocal(Check:Untyped:@197, JS|MustGen|UseAsOther, Final, loc7(R<Final>/FlushedCell), R:Stack(-8), bc#187, ExitValid) predicting Final
210:< 1:-> DoubleRep(Check:NotCell:@158, Double|PureInt, BytecodeDouble, Exits, bc#187, ExitValid)
...
162:<!0:-> CheckStructure(Cell:@158, MustGen, [%Ad:Object], R:JSCell_structureID, Exits, bc#192, ExitValid)
163:< 1:-> GetGetterSetterByOffset(KnownCell:@158, KnownCell:@158, JS|UseAsOther, OtherCell, id5{length}, 0, R:NamedProperties(5), Exits, bc#192, ExitValid)
164:< 1:-> GetGetter(KnownCell:@163, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

At @163 and @164, AI proves that @158's AbstractValue is None because @210's edge filters out Cells @158 is a cell. But we do not invalidate graph status as "Invalid" even if edge filters out all possible value.
This is because the result of edge can be None in a valid program. For example, we can put a dependency edge between a consuming node and a producing node, where the producing node is just like a check and it
does not produce a value actually. So, @163 and @164 are not invalidated. This is totally fine in our compiler pipeline right now.

But after that, global CSE phase found that @115 and @158 are same and @129 dominates @158. As a result, we can replace GetGetter child's @163 with @124. Since CheckStructure is already removed (and now, at runtime,
@163 and @164 are never executed), we do not have any structure guarantee on @158 and the result of @163. This means that @163's CSE result can be non-GetterSetter value.

124:< 2:-> JSConstant(JS|UseAsOther, Final, Weak:Object: 0x1199e82a0 with butterfly 0x0 (Structure %B4:Object), StructureID: 49116, bc#0, ExitValid)
...
126:< 2:-> GetGetter(KnownCell:Kill:@124, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

AI filters out @124's non-cell values. But @126 can get non-GetterSetter cell at AI phase. But our AI code is like the following.

JSValue base = forNode(node->child1()).m_value;
if (base) {

GetterSetter* getterSetter = jsCast<GetterSetter*>(base);
...

Then, jsCast casts the above object with GetterSetter accidentally.

In general, DFG AI can get a proven constant value, which could not be shown at runtime. This happens if the processing node is unreachable at runtime while the graph is not invalid yet, because preceding edge
filters already filter out all the possible execution. DFG AI already considered about this possibility, and it attempts to fold a node into a constant only when the constant input matches against the expected one.
But several DFG nodes are not handling this correctly: GetGetter, GetSetter, and SkipScope.

In this patch, we use jsDynamicCast to ensure that the constant input matches against the expected (foldable) one, and fold it only when the expectation is met.
We also remove DFG::Node::castConstant and its use. We should not rely on the constant folded value based on graph's control-flow.

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGNode.h:

(JSC::DFG::Node::castConstant): Deleted.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

8:24 PM Changeset in webkit [248258] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248009 - [GTK] Compilation errors when GL is disabled
​https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, fix build with -DENABLE_OPENGL=OFF.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

8:24 PM Changeset in webkit [248257] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247903 - REGRESSION(r243058): [GStreamer] WebKitWebSrc's internal queue can exhaust the WebProcess memory
​https://bugs.webkit.org/show_bug.cgi?id=199998

Reviewed by Xabier Rodriguez-Calvar.

With the webkitwebsrc rewrite the element lost its ability to tell
the resource loader when to pause and resume downloading because
we don't use appsrc and its enough-data/need-data signals anymore.
So new heuristics are introduced with this patch. Downloading of
resources bigger than 2MiB might pause when the internal adapter
has enough data (2% of the full resource) and resume when the
adapter size goes below 20% of those 2%.

No new tests, the media element spec doesn't clearly mandate how
the resource loading should behave when the element is paused or
how aggressively the resource should be downloaded during
playback.

This patch was functionally tested with a 1.3GiB resource loaded
over the local network, the resource was downloaded in ~30MiB
chunks, stopping and resuming every 20 seconds, approximately.

• platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_class_init):
(webKitWebSrcCreate):
(CachedResourceStreamingClient::responseReceived):
(CachedResourceStreamingClient::dataReceived):

8:24 PM Changeset in webkit [248256] by Michael Catanzaro

• 3 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r247778 - [GStreamer] Don't crash with empty video src
​https://bugs.webkit.org/show_bug.cgi?id=200081

LayoutTests/imported/w3c:

Reviewed by Philippe Normand.

• web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html: Added.

Source/WebCore:

When a <video> element is set to load empty or about:blank, a player is still
created, but no pipeline is loaded. This patch fixes some assertion errors that
manifested in that case.

Reviewed by Philippe Normand.

Test: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::loadFull):
(WebCore::MediaPlayerPrivateGStreamer::platformDuration const):
(WebCore::MediaPlayerPrivateGStreamer::paused const):

8:24 PM Changeset in webkit [248255] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247643 - [GStreamer] Flush get_range calls during PAUSED->READY in WebKitWebSource
​https://bugs.webkit.org/show_bug.cgi?id=199934

Reviewed by Xabier Rodriguez-Calvar.

Unit testing not applicable.

• platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcChangeState): A well-behaved element should unblock streaming threads
during a PAUSED->READY transition, so do that here.

8:24 PM Changeset in webkit [248254] by Michael Catanzaro

• 5 edits in releases/WebKitGTK/webkit-2.24

Merge r247533 - Web Inspector: application/xml content not shown
​https://bugs.webkit.org/show_bug.cgi?id=199861

Patch by Olivier Blin <Olivier Blin> on 2019-07-17
Reviewed by Devin Rousso.

Source/WebInspectorUI:

application/xml content from XHR requests was not shown in the
inspector, an error message was displayed instead.

application/xml content should be treated as text, since
application/xml is the standard mimetype for XML content.
Apache serves XML content with the application/xml mimetype by
default.

• UserInterface/Base/MIMETypeUtilities.js:

(WI.fileExtensionForMIMEType):
Report "xml" extension for "application/xml" mimetype.
(WI.shouldTreatMIMETypeAsText):
Treat XML files as text.

LayoutTests:

• inspector/unit-tests/mimetype-utilities-expected.txt:
• inspector/unit-tests/mimetype-utilities.html:

Test for shouldTreatMIMETypeAsText.

8:24 PM Changeset in webkit [248253] by Michael Catanzaro

• 6 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247508 - [WPE][GTK] UI process crash due to NULL dereference in webkitWebViewResourceLoadStarted()
​https://bugs.webkit.org/show_bug.cgi?id=199621

Reviewed by Michael Catanzaro.

Null-check frame received in injected bundle message to ensure the frame hasn't been destroyed.

• UIProcess/API/glib/WebKitInjectedBundleClient.cpp:
• UIProcess/API/glib/WebKitWebResource.cpp:

(webkitWebResourceCreate): Receive a reference to the frame instead of a pointer.

• UIProcess/API/glib/WebKitWebResourcePrivate.h:
• UIProcess/API/glib/WebKitWebView.cpp:

(webkitWebViewResourceLoadStarted): Ditto.

• UIProcess/API/glib/WebKitWebViewPrivate.h:

8:24 PM Changeset in webkit [248252] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247507 - [GTK][WPE] Do not assert when receiving invalid data in injected bundle messages
​https://bugs.webkit.org/show_bug.cgi?id=199830

Reviewed by Michael Catanzaro.

Just silently ignore them to avoid UI process crashes.

• UIProcess/API/glib/WebKitInjectedBundleClient.cpp:

8:24 PM Changeset in webkit [248251] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247427 - [GTK] GitHub breaks on FreeBSD because of "unsupported browser"
​https://bugs.webkit.org/show_bug.cgi?id=199745

Reviewed by Carlos Garcia Campos.

It's been a while since I last updated the fake version numbers in our user agent, both for
the user agent quirks for naughty websites and also the Safari version in our standard user
agent. Update them. This should fix github.com on FreeBSD at least. I also noticed some
wonkiness on Google Docs recently that I thought required this update, but I didn't do
anything about it at the time because I wasn't able to reproduce the issue when I tried
again later.

This could absolutely break websites, because the web is awful, but that's calculated risk.

• platform/UserAgentQuirks.cpp:

(WebCore::UserAgentQuirks::stringForQuirk):

• platform/glib/UserAgentGLib.cpp:

(WebCore::buildUserAgentString):

8:23 PM Changeset in webkit [248250] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247298 - [GStreamer] Protect against null samples and samples with null buffers
​https://bugs.webkit.org/show_bug.cgi?id=199619

Reviewed by Philippe Normand.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::GstVideoFrameHolder): Assert to enforce non-null samples.
(WebCore::GstVideoFrameHolder::updateTexture): Protect against null m_buffer and improperly mapped video frame.

8:23 PM Changeset in webkit [248249] by Michael Catanzaro

• 3 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r247215 - REGRESSION(r243197): [GStreamer] Web process hangs when scrolling twitter timeline which contains HLS videos
​https://bugs.webkit.org/show_bug.cgi?id=197558

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

Not covered, I have a test locally that would probably trigger the
deadlock if the network requests took a realistic amount of time,
but from a local webserver the window of time to hit this deadlock
is too narrow.

• platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_init): Make the websrc start asynchronously, this
allows the main thread to be free to complete resource loader
setup.
(webKitWebSrcCreate): Calling start() from the create() vfunc is a
recipe for deadlock, since BaseSrc holds the streaming lock during
seeks, and then calls create(). In these cases, we do not want to
notify async-completion, since we've already completed from the
necessarily preceeding start() vfunc, and calling it again would
require the stream-lock and deadlock us.
(webKitWebSrcStart): Refactor to use webKitWebSrcMakeRequest, but
ensuring that we do perform an async-complete notification.
(webKitWebSrcMakeRequest): What Start() used to be, but now can be
toggled when to notify of async-completion. Start() no longer
blocks, since the return value of initiating a resource loader is
of no interest to the callers.
(webKitWebSrcCloseSession): Similarly to Start(), we do not need
to wait for the completion of cancelled net requests.

Tools:

On shutdown we can easily deadlock the web process if we don't
ensure all network operations are completed before comitting state
changes. In HLS, make sure the network operations are cancelled,
and also prevent hlsdemux's retry logic from scuppering our
efforts.

• gstreamer/jhbuild.modules: Include the patch.
• gstreamer/patches/gst-plugins-bad-do-not-retry-downloads-during-shutdown.patch: Added.

8:23 PM Changeset in webkit [248248] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24/LayoutTests

Merge r247207 - [GStreamer] media/video-volume.html broken after switching from cubic to linear scaling
​https://bugs.webkit.org/show_bug.cgi?id=199505

Reviewed by Xabier Rodriguez-Calvar.

PulseAudio has a conversion process from volume's in
double-precision to uint32_t volumes. Depending on the environment
can introduce rounding errors. Be more lenient in our comparison
code.

• media/video-volume-expected.txt: Update baseline
• media/video-volume.html: Compare volume values within a

reasonable tolerance.

8:23 PM Changeset in webkit [248247] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247204 - [GStreamer] The CREATE_TRACK macro is messed up
​https://bugs.webkit.org/show_bug.cgi?id=199356

Reviewed by Xabier Rodriguez-Calvar.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix the
CREATE_TRACK macro for !VIDEO_TRACK builds.

8:23 PM Changeset in webkit [248246] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247121 - The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
​https://bugs.webkit.org/show_bug.cgi?id=199415

Reviewed by Simon Fraser.

After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.

We need to explicitly clear the composite animations before exiting the
destructor of CSSAnimationControllerPrivate.

• page/animation/CSSAnimationController.cpp:

(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):

8:23 PM Changeset in webkit [248245] by Michael Catanzaro

• 4 edits
  4 adds in releases/WebKitGTK/webkit-2.24

Merge r247025 - It should not be possible to trigger a load while in the middle of restoring a page in PageCache
​https://bugs.webkit.org/show_bug.cgi?id=199190
<rdar://problem/52114552>

Reviewed by Brady Eidson.

Source/WebCore:

Test: http/tests/security/navigate-when-restoring-cached-page.html

• history/CachedFrame.cpp:

(WebCore::CachedFrame::open):
Stop attaching the cached document before calling FrameLoader::open() given that the previous document
is still attached to the frame at this point. This avoids having 2 documents attached to the same frame
during a short period of time.

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::open):
We now attach the cached document to the frame *after* calling FrameLoader::clear(), which means that
the previous document now has been detached from this frame.

(WebCore::FrameLoader::detachChildren):
As per the HTML specification [1], an attempt to navigate should fail if the prompt to unload algorithm
is being run for the active document of browsingContext. Note that the "prompt to unload" algorithm [2]
includes firing the 'unload' event in the current document and in all the documents in the subframes.
As a result, FrameLoader::detachChildren() is the right prevent such navigations. We were actually trying
to do this via the SubframeLoadingDisabler stack variable inside detachChildren(). The issue is that this
only prevents navigation in the subframes (i.e. <iframe> elements), not the main frame. As a result,
script would be able to navigate the top-frame even though detachChildren() is being called on the top
frame. To address the issue, I now create a NavigationDisabler variable in the scope of detachChildren()
when detachChildren() is called on the top frame. NavigationDisabler prevents all navigations within the
page, including navigations on the main/top frame.

[1] ​https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate
[2] ​https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document

LayoutTests:

Add layout test coverage.

• http/tests/security/navigate-when-restoring-cached-page-expected.txt: Added.
• http/tests/security/navigate-when-restoring-cached-page.html: Added.
• http/tests/security/resources/navigate-when-restoring-cached-page-frame.html: Added.
• http/tests/security/resources/navigate-when-restoring-cached-page-victim.html: Added.

8:23 PM Changeset in webkit [248244] by Michael Catanzaro

• 6 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247017 - More judiciously handle clearing/creation of DOMWindows for new Documents.
<rdar://problem/51665406> and ​https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Chris Dumez.

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

• loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity.
(WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda.
(WebCore::DocumentWriter::replaceDocument): Deleted.

• loader/DocumentWriter.h:

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document.

• loader/FrameLoader.h:

8:23 PM Changeset in webkit [248243] by Michael Catanzaro

• 3 edits
  2 adds in releases/WebKitGTK/webkit-2.24

Merge r246868 - ReplacementFragment should not have script observable side effects
​https://bugs.webkit.org/show_bug.cgi?id=199147

Reviewed by Wenson Hsieh.

Source/WebCore:

Fixed the bug that ReplacementFragment has script observable side effects.

Use a brand new document for sanitization where the script is disabled for test rendering,
and remove style and script elements as well as event handlers before the test rendering
and the actual pasting.

Test: editing/pasteboard/paste-contents-with-side-effects.html

• editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplacementFragment::document): Deleted.
(WebCore::ReplacementFragment::ReplacementFragment): Use createPageForSanitizingWebContent
to create our own document for test rendering. We need to copy over the computed style
from the root editable element (editing host) to respect whitespace treatment, etc...
(WebCore::ReplacementFragment::removeContentsWithSideEffects): Moved from removeHeadContents.
Now removes event handlers and JavaScript URLs.
(WebCore::ReplacementFragment::insertFragmentForTestRendering): Renamed variable names.
(WebCore::ReplaceSelectionCommand::willApplyCommand): Create the plain text and HTML markup
for beforeinput and input events before ReplacementFragment removes contents with side effects.
(WebCore::ReplaceSelectionCommand::ensureReplacementFragment): The removal of head elements
is now done in ReplacementFragment's constructor.

LayoutTests:

Added regression tests.

• editing/pasteboard/paste-contents-with-side-effects-expected.txt: Added.
• editing/pasteboard/paste-contents-with-side-effects.html: Added.

8:23 PM Changeset in webkit [248242] by Michael Catanzaro

• 1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog

Merge r246808 - Add didBecomePrototype() calls to global context prototypes
​https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
​https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

• bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

• bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

• worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248241] by Michael Catanzaro

• 4 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246801 - Add didBecomePrototype() calls to global context prototypes
​https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
​https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

• bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

• bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

• worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248240] by Michael Catanzaro

• 5 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246801 - Structure::create should call didBecomePrototype()
​https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Filip Pizlo.

Structure::create should also assert that the indexing type makes sense
for the prototype being used.

• runtime/JSObject.h:
• runtime/Structure.cpp:

(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):

• runtime/Structure.h:

(JSC::Structure::create): Deleted.

• runtime/StructureInlines.h:

(JSC::Structure::create):
(JSC::Structure::setPrototypeWithoutTransition):

8:23 PM Changeset in webkit [248239] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r247426 - Concurrent GC should not rely on current phase to determine if it's safe to steal conn
​https://bugs.webkit.org/show_bug.cgi?id=199786
<rdar://problem/52505197>

Reviewed by Saam Barati.

In r246507, we fixed a race condition in the concurrent GC where the mutator might steal
the conn from the collector thread while it transitions from the End phase to NotRunning.
However, that fix was not sufficient. In the case that the mutator steals the conn, and the
execution interleaves long enough for the mutator to progress to a different collection phase,
the collector will resume in a phase other than NotRunning, and hence the check added to
NotRunning will not suffice. To fix that, we add a new variable to track whether the collector
thread is running (m_collectorThreadIsRunning) and use it to determine whether it's safe to
steal the conn, rather than relying on m_currentPhase.

• heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):
(JSC::Heap::requestCollection):

• heap/Heap.h:

8:23 PM Changeset in webkit [248238] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246507 - Concurrent GC should check the conn before starting a new collection cycle
​https://bugs.webkit.org/show_bug.cgi?id=198913
<rdar://problem/49515149>

Reviewed by Filip Pizlo.

Heap::requestCollection tries to steal the conn as an optimization to avoid waking up the collector
thread if it's idle. We determine if the collector is idle by ensuring that there are no pending collections
and that the current GC phase is NotRunning. However, that's not safe immediately after the concurrent
GC has finished processing the last pending request. The collector thread will runEndPhase and immediately
start runNotRunningPhase, without checking if it still has the conn. If the mutator has stolen the conn in
the mean time, this will lead to both threads collecting concurrently, and eventually we'll crash in checkConn,
since the collector is running but doesn't have the conn anymore.

To solve this, we check if we still have the conn after holding the lock in runNotRunningPhase, in case the mutator
has stolen the conn. Ideally, we wouldn't let the mutator steal the conn in the first place, but that doesn't seem
trivial to determine.

• heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):

8:23 PM Changeset in webkit [248237] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24

Merge r246505 - [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
​https://bugs.webkit.org/show_bug.cgi?id=197378

Reviewed by Saam Barati.

JSTests:

• stress/disposable-call-site-index-with-call-and-this.js: Added.

(foo):
(bar):

• stress/disposable-call-site-index.js: Added.

(foo):
(bar):

Source/JavaScriptCore:

Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
we will create a new CallSiteIndex continuously and leak memory.

The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
at runtime.

To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
enforce type-safety to some degree.

We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
(JSC::CodeBlock::removeExceptionHandlerForCallSite):

• bytecode/CodeBlock.h:
• bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
(JSC::PolymorphicAccess::regenerate):

• bytecode/PolymorphicAccess.h:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.

• dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addUniqueCallSiteIndex):
(JSC::DFG::CommonData::addDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeCallSiteIndex): Deleted.

• dfg/DFGCommonData.h:
• interpreter/CallFrame.h:

(JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
(JSC::DisposableCallSiteIndex::fromCallSiteIndex):

• jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):

• jit/GCAwareJITStubRoutine.h:
• jit/JITInlineCacheGenerator.h:

8:23 PM Changeset in webkit [248236] by Michael Catanzaro

• 7 edits
  4 adds in releases/WebKitGTK/webkit-2.24

Merge r246372 - [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call
​https://bugs.webkit.org/show_bug.cgi?id=198770

Reviewed by Saam Barati.

JSTests:

• stress/poly-call-stub-slow-path-should-restore-callee-saves-when-doing-tail-call.js: Added.

(test):

Source/JavaScriptCore:

Polymorphic call stub is a bit specially patched in JS call site. Typical JS call site for tail calls
are the following.

if (callee == patchableCallee) {

restore callee saves for tail call
prepare for tail call
jump to the target function

}
restore callee saves for slow path
call the slow path function

And linking patches patchableCallee, target function, and slow path function. But polymorphic call stub
patches the above if statement with the jump to the stub.

jump to the polymorphic call stub

This is because polymorphic call stub wants to use CallFrameShuffler to get scratch registers. As a result,
"restore callee saves for tail call" thing needs to be done in the polymorphic call stubs. While it is
correctly done for the major cases, we have slowPath skips, and that path missed restoring callee saves.
This skip happens if the callee is non JSCell or non JS function, so typically, InternalFunction is handled
in that path.

This patch does that skips after restoring callee saves.

• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):

• bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setUpCall):
(JSC::CallLinkInfo::calleeGPR):
(JSC::CallLinkInfo::setCalleeGPR): Deleted.

• jit/Repatch.cpp:

(JSC::revertCall):
(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

• jit/Repatch.h:
• jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

8:23 PM Changeset in webkit [248235] by Michael Catanzaro

• 3 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r246420 - Argument elimination should check transitive dependents for interference
​https://bugs.webkit.org/show_bug.cgi?id=198520
<rdar://problem/50863343>

Reviewed by Filip Pizlo.

JSTests:

• stress/argument-elimination-inline-rest-past-kill.js: Added.

(f2):
(f3):

Source/JavaScriptCore:

Consider the following program:

a: CreateRest
-->

b: CreateRest

<--
c: Spread(@a)
d: Spread(@b)
e: NewArrayWithSpread(@a, @b)
f: KillStack(locX)
g: LoadVarargs(@e)

Suppose @b reads locX, then we cannot transform @e to PhantomNewArraySpread, since that would
move the stack access from @b into @g, and that stack location is no longer valid at that point.

We fix that by computing a set of all inline call frames that any argument elimination candidate
depends on and checking each of them for interference in eliminateCandidatesThatInterfere.

• dfg/DFGArgumentsEliminationPhase.cpp:

8:23 PM Changeset in webkit [248234] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24

Merge r246071 - Argument elimination should check for negative indices in GetByVal
​https://bugs.webkit.org/show_bug.cgi?id=198302
<rdar://problem/51188095>

Reviewed by Filip Pizlo.

JSTests:

• stress/eliminate-arguments-negative-rest-access.js: Added.

(inlinee):
(opt):

Source/JavaScriptCore:

In DFG::ArgumentEliminationPhase, the index is treated as unsigned, but there's no check
for overflow in the addition. In compileGetMyArgumentByVal, there's a check for overflow,
but the index is treated as signed, resulting in an index lower than numberOfArgumentsToSkip.

• dfg/DFGArgumentsEliminationPhase.cpp:
• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):

8:23 PM Changeset in webkit [248233] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246084 - Unreviewed, update exception scope for putByIndexBeyondVectorLength
​https://bugs.webkit.org/show_bug.cgi?id=198477

• runtime/JSObject.cpp:

(JSC::JSObject::putByIndexBeyondVectorLength):

8:23 PM Changeset in webkit [248232] by Michael Catanzaro

• 4 edits
  3 adds in releases/WebKitGTK/webkit-2.24

Merge r246040 - [JSC] JSObject::attemptToInterceptPutByIndexOnHole should use getPrototype instead of getPrototypeDirect
​https://bugs.webkit.org/show_bug.cgi?id=198477
<rdar://problem/51299504>

Reviewed by Saam Barati.

Source/JavaScriptCore:

JSObject::attemptToInterceptPutByIndexOnHole uses getPrototypeDirect, but it should use getPrototype to
handle getPrototype methods in derived JSObject classes correctly.

• runtime/JSArrayInlines.h:

(JSC::JSArray::pushInline):

• runtime/JSObject.cpp:

(JSC::JSObject::putByIndex):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
(JSC::JSObject::attemptToInterceptPutByIndexOnHole):
(JSC::JSObject::putByIndexBeyondVectorLength):

LayoutTests:

Ensure that JSWindow::getPrototype is used.

• http/tests/security/cross-frame-access-object-getPrototypeOf-in-put-expected.txt: Added.
• http/tests/security/cross-frame-access-object-getPrototypeOf-in-put.html: Added.
• http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-in-put-test.html: Added.

8:23 PM Changeset in webkit [248231] by Michael Catanzaro

• 8 edits
  1 move
  1 add in releases/WebKitGTK/webkit-2.24

Merge r245908 - IsoHeaps don't notice uncommitted VA becoming the first eligible.
​https://bugs.webkit.org/show_bug.cgi?id=198301

Reviewed by Yusuke Suzuki.

Source/bmalloc:

IsoDirectory has a firstEligible member that is used as an
optimization to help find the first fit. However if the scavenger
decommitted a page before firstEligible then we wouldn't move
firstEligible. Thus, if no space is ever freed below firstEligible
we will never reused the decommitted memory (e.g. if the VA page
is decommitted). The fix is to make IsoDirectory::didDecommit move
the firstEligible page back if the decommitted page is smaller
than the current firstEligible. As such, this patch renames
firstEligible to firstEligibleOrDecommitted.

Also, this patch changes gigacageEnabledForProcess to check if the
process starts with Test rather than just test as TestWTF does.

Lastly, unbeknownst to me IsoHeaps are dependent on gigacage, so
by removing gigacage from arm64 I accidentally disabled
IsoHeaps...

• bmalloc.xcodeproj/project.pbxproj:
• bmalloc/IsoDirectory.h:
• bmalloc/IsoDirectoryInlines.h:

(bmalloc::passedNumPages>::takeFirstEligible):
(bmalloc::passedNumPages>::didBecome):
(bmalloc::passedNumPages>::didDecommit):

• bmalloc/IsoHeapImpl.h:
• bmalloc/IsoHeapImplInlines.h:

(bmalloc::IsoHeapImpl<Config>::takeFirstEligible):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligibleOrDecommited):
(bmalloc::IsoHeapImpl<Config>::didCommit):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligible): Deleted.

• bmalloc/IsoTLS.cpp:

(bmalloc::IsoTLS::determineMallocFallbackState):

• bmalloc/ProcessCheck.mm:

(bmalloc::gigacageEnabledForProcess):

Tools:

Move testbmalloc.cpp to TestWTF so it runs in automation.

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp: Renamed from Source/bmalloc/test/testbmalloc.cpp.

(TEST):

8:23 PM Changeset in webkit [248230] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246792 - REGRESSION(r245586): static assertion failed: Match result and EncodedMatchResult should be the same size
​https://bugs.webkit.org/show_bug.cgi?id=198518

Reviewed by Keith Miller.

r245586 made some bad assumptions about the size of size_t, which we can solve using the
CPU(ADDRESS32) guard that I didn't know about.

This solution was developed by Mark Lam and Keith Miller. I'm just preparing the patch.

• runtime/MatchResult.h:

8:23 PM Changeset in webkit [248229] by Michael Catanzaro

• 3 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r245815 - [YARR] Properly handle RegExp's that require large ParenContext space
​https://bugs.webkit.org/show_bug.cgi?id=198065

Reviewed by Keith Miller.

JSTests:

New test.

• stress/regexp-large-paren-context.js: Added.

(testLargeRegExp):

Source/JavaScriptCore:

Changed what happens when we exceed VM::patternContextBufferSize when compiling a RegExp
that needs ParenCOntextSpace to fail the RegExp JIT compilation and fall back to the YARR
interpreter. This can save large amounts of JIT memory for a
JIT'ed function that cannot ever succeed.

• yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):
(JSC::Yarr::YarrGenerator::compile):

8:23 PM Changeset in webkit [248228] by Michael Catanzaro

• 7 edits
  2 adds in releases/WebKitGTK/webkit-2.24

Merge r245926 - Cleanup Yarr regexp code around paren contexts.
​https://bugs.webkit.org/show_bug.cgi?id=198063

Reviewed by Yusuke Suzuki.

JSTests:

• stress/regexp-many-named-sequential-capture-groups.js: Added.

(i.s):

• stress/regexp-many-unnamed-sequential-capture-groups.js: Added.

Source/JavaScriptCore:

There are three refactoring changes around paren contexts:

1. Make EncodedMatchResult the same type as MatchResult on X86_64 and arm64 and uint64_t elsewhere.
2. All function pointer types for Yarr JIT generated code reserve space for paren contexts.
3. initParenContextFreeList should bail based on VM::patternContextBufferSize as that's the buffer size anyway.

• runtime/MatchResult.h:

(JSC::MatchResult::MatchResult):

• runtime/RegExpInlines.h:

(JSC::PatternContextBufferHolder::PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::~PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::size):
(JSC::RegExp::matchInline):

• runtime/VM.h:
• yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):

• yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::execute):

8:22 PM Changeset in webkit [248227] by Michael Catanzaro

• 5 edits
  2 adds in releases/WebKitGTK/webkit-2.24

Merge r245538 - Fix security check in ScriptController::canAccessFromCurrentOrigin()
​https://bugs.webkit.org/show_bug.cgi?id=196730
<rdar://problem/49731231>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Fix security check in ScriptController::canAccessFromCurrentOrigin() when there is no
current JS exec state. Instead of returning true unconditionally, we now fall back to
using the accessing document's origin for the security check. The new behavior is
aligned with Blink:
​https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_frame_element_base.cc?rcl=d3f22423d512b45466f1694020e20da9e0c6ee6a&l=62

This fix is based on a patch from Sergei Glazunov <​glazunov@google.com>.

Test: http/tests/security/showModalDialog-sync-cross-origin-page-load2.html

• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::canAccessFromCurrentOrigin):

• bindings/js/ScriptController.h:
• html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::isURLAllowed const):

LayoutTests:

Add layout test coverage.

• http/tests/security/showModalDialog-sync-cross-origin-page-load2-expected.txt: Added.
• http/tests/security/showModalDialog-sync-cross-origin-page-load2.html: Added.

8:22 PM Changeset in webkit [248226] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r244970 - Null check m_mainFrame in WebPageProxy.cpp
​https://bugs.webkit.org/show_bug.cgi?id=197618
<rdar://problem/47463054>

Patch by Alex Christensen <​achristensen@webkit.org> on 2019-05-06
Reviewed by Geoffrey Garen.

It's already null checked in some places, and the places where it isn't are causing crashes.
Let's fix all of them.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::createNewPage):

8:22 PM Changeset in webkit [248225] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r245298 - Crash under WebKit::WebProcessProxy::didBecomeUnresponsive()
​https://bugs.webkit.org/show_bug.cgi?id=197883
<rdar://problem/50665984>

Reviewed by Alex Christensen.

Protect |this| in didBecomeUnresponsive() and didExceedCPULimit() since we call client
delegates and those may cause |this| to get destroyed.

• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::didBecomeUnresponsive):
(WebKit::WebProcessProxy::didExceedCPULimit):

8:22 PM Changeset in webkit [248224] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r245190 - Gracefully handle inaccessible font face data
​https://bugs.webkit.org/show_bug.cgi?id=197762
<rdar://problem/50433861>

Reviewed by Per Arne Vollan.

Make sure CSS Font Face handling gracefully recovers from
missing font data.

Test: fast/text/missing-font-crash.html

• css/CSSFontFace.cpp:

(WebCore::CSSFontFace::fontLoadEventOccurred):
(WebCore::CSSFontFace::timeoutFired):
(WebCore::CSSFontFace::fontLoaded):
(WebCore::CSSFontFace::font):

8:22 PM Changeset in webkit [248223] by Michael Catanzaro

• 4 edits
  2 adds in releases/WebKitGTK/webkit-2.24

Merge r245158 - Do not mix inline and block level boxes.
​https://bugs.webkit.org/show_bug.cgi?id=197462
<rdar://problem/50369362>

Reviewed by Antti Koivisto.

Source/WebCore:

This patch tightens the remove-anonymous-wrappers logic by checking if the removal would
produce an inline-block sibling mix.
When a block level box is removed from the tree, we check if after the removal the anonymous sibling block
boxes are still needed or whether we can removed them as well (and have only inline level child boxes).
In addition to checking if the container is anonymous and is part of a continuation, we also need to check
if collapsing it (and by that moving its children one level up) would cause a inline-block box mix.

Test: fast/ruby/continuation-and-column-spanner-crash.html

• rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded):

• rendering/updating/RenderTreeBuilderContinuation.cpp:

(WebCore::RenderTreeBuilder::Continuation::cleanupOnDestroy):

LayoutTests:

• fast/ruby/continuation-and-column-spanner-crash-expected.txt: Added.
• fast/ruby/continuation-and-column-spanner-crash.html: Added.

8:22 PM Changeset in webkit [248222] by Michael Catanzaro

• 3 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r245071 - Invalid DFG JIT genereation in high CPU usage state
​https://bugs.webkit.org/show_bug.cgi?id=197453

Reviewed by Saam Barati.

JSTests:

• stress/string-ident-use-clears-abstract-value-if-rope-string-constant-is-held.js: Added.

(trigger):
(main):

Source/JavaScriptCore:

We have a DFG graph like this.

a: JSConstant(rope JSString)
b: CheckStringIdent(Check:StringUse:@a)
... AI think this is unreachable ...

When executing StringUse edge filter onto @a, AbstractValue::filterValueByType clears AbstractValue and makes it None.
This is because @a constant produces SpecString (SpecStringVar | SpecStringIdent) while StringUse edge filter requires
SpecStringIdent. AbstractValue::filterValueByType has an assumption that the JS constant always produces the same
SpeculatedType. So it clears AbstractValue completely.
But this assumption is wrong. JSString can produce SpecStringIdent later if the string is resolved to AtomicStringImpl.
AI think that we always fail. But once the string is resolved to AtomicStringImpl, we pass this check. So we execute
the breakpoint emitted by DFG since DFG think this is unreachable.

In this patch, we just clear the m_value if AbstractValue type filter fails with the held constant, since the constant
may produce a narrower type which can meet the type filter later.

• dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filterValueByType):

8:22 PM Changeset in webkit [248221] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecompiler

Merge r245403 from safari-607-branch

This fixes the build after the r245047 merge.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOpImpl):
(JSC::BytecodeGenerator::emitEqualityOp): Deleted.

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitEqualityOp):

8:22 PM Changeset in webkit [248220] by Michael Catanzaro

• 4 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r245047 - JSC: A bug in BytecodeGenerator::emitEqualityOpImpl
​https://bugs.webkit.org/show_bug.cgi?id=197479

Patch by Yusuke Suzuki <​ysuzuki@apple.com> on 2019-05-07
Reviewed by Saam Barati.

JSTests:

• stress/do-not-perform-bytecode-peephole-optimization-in-jump-target.js: Added.

(shouldBe):

Source/JavaScriptCore:

Our peephole optimization in BytecodeGenerator is (1) rewinding the previous instruction and (2) emit optimized instruction instead.
If we have jump target between the previous instruction and the subsequent instruction, this peephole optimization breaks the jump target.
To prevent it, we had a mechanism disabling peephole optimization, setting m_lastOpcodeID = op_end and checking m_lastOpcodeID when performing
peephole optimization. However, BytecodeGenerator::emitEqualityOpImpl checks m_lastInstruction->is<OpTypeof> instead of m_lastOpcodeID == op_typeof,
and miss op_end case.

This patch makes the following changes.

1. Add canDoPeepholeOptimization method to clarify the intent of m_lastInstruction = op_end.
2. Check canDoPeepholeOptimization status before performing peephole optimization in emitJumpIfTrue, emitJumpIfFalse, and emitEqualityOpImpl.
3. Add ASSERT(canDoPeepholeOptimization()) in fuseCompareAndJump and fuseTestAndJmp to ensure that peephole optimization is allowed.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::fuseCompareAndJump):
(JSC::BytecodeGenerator::fuseTestAndJmp):
(JSC::BytecodeGenerator::emitJumpIfTrue):
(JSC::BytecodeGenerator::emitJumpIfFalse):
(JSC::BytecodeGenerator::emitEqualityOpImpl):

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::canDoPeepholeOptimization const):

8:22 PM Changeset in webkit [248219] by Michael Catanzaro

• 3 edits
  6 adds in releases/WebKitGTK/webkit-2.24

Merge r245018 - tryCachePutByID should not crash if target offset changes
​https://bugs.webkit.org/show_bug.cgi?id=197311
<rdar://problem/48033612>

Reviewed by Filip Pizlo.

JSTests:

Add a series of tests related tryCachePutByID. Two of these tests used to crash and were fixed
by this patch: cache-put-by-id-different-attributes.js and cache-put-by-id-different-offset.js

• stress/cache-put-by-id-delete-prototype.js: Added.

(A.prototype.set y):
(A):
(B.prototype.set y):
(B):
(C):

• stress/cache-put-by-id-different-proto.js: Added.

(A.prototype.set y):
(A):
(B1):
(B2.prototype.set y):
(B2):
(C):
(D):

• stress/cache-put-by-id-different-attributes.js: Added.

(Foo):
(set x):

• stress/cache-put-by-id-different-offset.js: Added.

(Foo):
(set x):

• stress/cache-put-by-id-insert-prototype.js: Added.

(A.prototype.set y):
(A):
(C):

• stress/cache-put-by-id-poly-proto.js: Added.

(Foo):
(set _):
(createBar.Bar):
(createBar):

Source/JavaScriptCore:

When tryCachePutID is called with a cacheable setter, if the target object where the setter was
found is still in the prototype chain and there's no poly protos in the chain, we use
generateConditionsForPrototypePropertyHit to validate that the target object remains the same.
It checks for the absence of the property in every object in the prototype chain from the base
down to the target object and checks that the property is still present in the target object. It
also bails if there are any uncacheable objects, proxies or dictionary objects in the prototype
chain. However, it does not consider two edge cases:

• It asserts that the property should still be at the same offset in the target object, but this

assertion does not hold if the setter deletes properties of the object and causes the structure
to be flattened after the deletion. Instead of asserting, we just use the updated offset.

• It does not check whether the new slot is also a setter, which leads to a crash in case it's not.

• jit/Repatch.cpp:

(JSC::tryCachePutByID):

8:22 PM Changeset in webkit [248218] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24

Merge r244996 - [JSC] We should check OOM for description string of Symbol
​https://bugs.webkit.org/show_bug.cgi?id=197634

Reviewed by Keith Miller.

JSTests:

• stress/check-symbol-description-oom.js: Added.

(shouldThrow):

Source/JavaScriptCore:

When resoling JSString for description of Symbol, we should check OOM error.
We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
without description, (1) to simplify the code and (2) give a way for JSC API
to create a symbol value without description.

• API/JSValueRef.cpp:

(JSValueMakeSymbol):

• API/tests/testapi.cpp:

(TestAPI::symbolsTypeof):
(TestAPI::symbolsDescription):
(testCAPIViaCpp):

• dfg/DFGOperations.cpp:
• runtime/Symbol.cpp:

(JSC::Symbol::createWithDescription):

• runtime/Symbol.h:
• runtime/SymbolConstructor.cpp:

(JSC::callSymbol):

8:22 PM Changeset in webkit [248217] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24

Merge r244950 - TypedArrays should not store properties that are canonical numeric indices
​https://bugs.webkit.org/show_bug.cgi?id=197228
<rdar://problem/49557381>

Patch by Tadeu Zagallo <Tadeu Zagallo> on 2019-05-04
Reviewed by Saam Barati.

JSTests:

• stress/array-species-config-array-constructor.js:

(test):

• stress/put-direct-index-broken-2.js:
• stress/typed-array-canonical-numeric-index-string.js: Added.

(makeTest.assert):
(makeTest):
(const.testInvalidIndices.makeTest.set assert):
(const.testInvalidIndices.makeTest):
(const.makeTestValidIndex.configurable.set assert):
(const.makeTestValidIndex.configurable):

• stress/typedarray-access-monomorphic-neutered.js:

(checkNoException):
(testNoException):
(testFTLNoException):

• stress/typedarray-access-neutered.js:

(testNoException):

• stress/typedarray-getownproperty-not-configurable.js:

(foo):

• test262/expectations.yaml:

Source/JavaScriptCore:

According to the spec[1]:

• TypedArrays should not perform an ordinary GetOwnProperty/SetOwnProperty if the index is a

CanonicalNumericIndexString, but invalid according to IntegerIndexedElementGet and similar
functions. I.e., there are a few properties that should not be set in a TypedArray, like NaN,
Infinity and -0.

• On DefineOwnProperty, the out-of-bounds check should be performed before validating the property

descriptor.

• On GetOwnProperty, the returned descriptor for numeric properties should have writable set to true.

[1]: ​https://www.ecma-international.org/ecma-262/9.0/index.html#sec-integer-indexed-exotic-objects-defineownproperty-p-desc

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):

• runtime/PropertyName.h:

(JSC::isCanonicalNumericIndexString):

LayoutTests:

• fast/canvas/canvas-ImageData-behaviour-expected.txt:
• fast/canvas/canvas-ImageData-behaviour.js:

8:22 PM Changeset in webkit [248216] by Michael Catanzaro

• 4 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r243966 - [JSC] CallLinkInfo should clear Callee or CodeBlock even if it is unlinked by jettison
​https://bugs.webkit.org/show_bug.cgi?id=196683

Reviewed by Saam Barati.

JSTests:

• stress/clear-callee-or-codeblock-in-calllinkinfo-even-cleared-by-jettison.js: Added.

(foo):

Source/JavaScriptCore:

In r243626, we stop repatching CallLinkInfo when the CallLinkInfo is held by jettisoned CodeBlock.
But we still need to clear the Callee or CodeBlock since they are now dead. Otherwise, CodeBlock's
visitWeak eventually accesses this dead cells and crashes because the owner CodeBlock of CallLinkInfo
can be still live.

We also move all repatching operations from CallLinkInfo.cpp to Repatch.cpp for consistency because the
other repatching operations in CallLinkInfo are implemented in Repatch.cpp side.

• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):

• jit/Repatch.cpp:

(JSC::linkFor):
(JSC::revertCall):

8:22 PM Changeset in webkit [248215] by Michael Catanzaro

• 6 edits
  1 add in releases/WebKitGTK/webkit-2.24

Merge r243626 - CodeBlock::jettison() should disallow repatching its own calls
​https://bugs.webkit.org/show_bug.cgi?id=196359
<rdar://problem/48973663>

Reviewed by Saam Barati.

JSTests:

• stress/call-link-info-osrexit-repatch.js: Added.

(foo):

Source/JavaScriptCore:

CodeBlock::jettison() calls CommonData::invalidate, which replaces the hlt
instruction with the jump to OSR exit. However, if the hlt was immediately
followed by a call to the CodeBlock being jettisoned, we would write over the
OSR exit address while unlinking all the incoming CallLinkInfos later in
CodeBlock::jettison().

Change it so that we set a flag, clearedByJettison, in all the CallLinkInfos
owned by the CodeBlock being jettisoned. If the flag is set, we will avoid
repatching the call during unlinking. This is safe because this call will never
be reachable again after the CodeBlock is jettisoned.

• bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):
(JSC::CallLinkInfo::setCodeBlock):
(JSC::CallLinkInfo::clearCodeBlock):

• bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::clearedByJettison):
(JSC::CallLinkInfo::setClearedByJettison):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

• jit/Repatch.cpp:

(JSC::revertCall):

8:22 PM Changeset in webkit [248214] by Michael Catanzaro

• 4 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r243237 - JSC test crash: stress/dont-strength-reduce-regexp-with-compile-error.js.default
​https://bugs.webkit.org/show_bug.cgi?id=195906

Reviewed by Mark Lam.

The problem here as that we may successfully parsed a RegExp without running out of stack,
but later run out of stack when trying to JIT compile the same expression.

Added a check for available stack space when we call into one of the parenthesis compilation
functions that recurse. When we don't have enough stack space to recurse, we fail the JIT
compilation and let the interpreter handle the expression.

From code inspection of the YARR interpreter it has the same issue, but I couldn't cause a failure.
Filed a new bug and added a FIXME comment for the Interpreter to have similar checks.
Given that we can reproduce a failure, this is sufficient for now.

This change is covered by the previously added failing test,
JSTests/stress/dont-strength-reduce-regexp-with-compile-error.js.

• yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::interpret):

• yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
(JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
(JSC::Yarr::YarrGenerator::opCompileBody):
(JSC::Yarr::dumpCompileFailure):

• yarr/YarrJIT.h:

8:22 PM Changeset in webkit [248213] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r242215 - cloop.rb shift mask should depend on the word size being shifted.
​https://bugs.webkit.org/show_bug.cgi?id=195181
<rdar://problem/48484164>

Reviewed by Yusuke Suzuki.

Previously, we're always masking the shift amount with 0x1f. This is only correct
for 32-bit words. For 64-bit words, the mask should be 0x3f. For pointer sized
shifts, the mask depends on sizeof(uintptr_t).

• offlineasm/cloop.rb:

8:22 PM Changeset in webkit [248212] by Michael Catanzaro

• 1 edit in releases/WebKitGTK/webkit-2.24/Source/WebKit/Shared/WebCoreArgumentCoders.cpp

Unreviewed, fix build warning in WebCoreArgumentCoders

• Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<Region::Span>::decode):

8:22 PM Changeset in webkit [248211] by Michael Catanzaro

• 1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/inspector/InspectorOverlay.cpp

Unreviewed, fix build warnings in InspectorOverlay.cpp

• inspector/InspectorOverlay.cpp:

(WebCore::buildArrayForRendererFragments):
(WebCore::buildObjectForShapeOutside):
(WebCore::buildObjectForElementData):
(WebCore::InspectorOverlay::buildHighlightObjectForNode const):

8:22 PM Changeset in webkit [248210] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r241995 - Unreviewed, fix -Wunused-param warning

• jsc.cpp:

8:22 PM Changeset in webkit [248209] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r245234 - Unreviewed, fix unused variable warnings in release builds

Source/WebKit:

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearWebProcessHasUploads):

Source/WTF:

• wtf/URLHelpers.cpp:

(WTF::URLHelpers::escapeUnsafeCharacters):

8:22 PM Changeset in webkit [248208] by Michael Catanzaro

• 2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r243115 - [WTF] Remove redundant std::move in StringConcatenate
​https://bugs.webkit.org/show_bug.cgi?id=195798

Patch by Xan Lopez <Xan Lopez> on 2019-03-18
Reviewed by Darin Adler.

Remove redundant calls to WTFMove in return values for this
method. C++ will already do an implicit move here since we are
returning a local value where copy/move elision is not applicable.

• wtf/text/StringConcatenate.h:

(WTF::tryMakeStringFromAdapters):

8:22 PM Changeset in webkit [248207] by Michael Catanzaro

• 4 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243204 - Remove copyRef() calls added in r243163
​https://bugs.webkit.org/show_bug.cgi?id=195962

Patch by Michael Catanzaro <Michael Catanzaro> on 2019-03-20
Reviewed by Chris Dumez.

Source/JavaScriptCore:

As best I can tell, may be a GCC 9 bug. It shouldn't warn about this case because the return
value is noncopyable and the WTFMove() is absolutely required. We can avoid the warning
without refcount churn by introducing an intermediate variable.

• inspector/scripts/codegen/cpp_generator_templates.py:

Source/WebCore:

The first two cases here can just directly return the RefPtr.

In the third case, we have to work around a GCC 6 bug because GCC 6 is unable to pick the
right constructor to use, unlike modern compilers.

• Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

8:22 PM Changeset in webkit [248206] by Michael Catanzaro

• 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r243203 - Unreviewed, drop invalid assertions landed in r243163.

Those assertions were causing some API tests to crash.
Also include some post-review suggestions from Darin.

• Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

• Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

8:22 PM Changeset in webkit [248205] by Michael Catanzaro

• 203 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243163 - Build cleanly with GCC 9
​https://bugs.webkit.org/show_bug.cgi?id=195920

Reviewed by Chris Dumez.

WebKit triggers three new GCC 9 warnings:

"""
-Wdeprecated-copy, implied by -Wextra, warns about the C++11 deprecation of implicitly
declared copy constructor and assignment operator if one of them is user-provided.
"""

Solution is to either add a copy constructor or copy assignment operator, if required, or
else remove one if it is redundant.

"""
-Wredundant-move, implied by -Wextra, warns about redundant calls to std::move.
-Wpessimizing-move, implied by -Wall, warns when a call to std::move prevents copy elision.
"""

These account for most of this patch. Solution is to just remove the bad WTFMove().

Additionally, -Wclass-memaccess has been enhanced to catch a few cases that GCC 8 didn't.
These are solved by casting nontrivial types to void* before using memcpy. (Of course, it
would be safer to not use memcpy on nontrivial types, but that's too complex for this
patch. Searching for memcpy used with static_cast<void*> will reveal other cases to fix.)

Source/JavaScriptCore:

• b3/B3ValueRep.h:
• bindings/ScriptValue.cpp:

(Inspector::jsToInspectorValue):

• bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::create):
(JSC::GetterSetterAccessCase::clone const):

• bytecode/InstanceOfAccessCase.cpp:

(JSC::InstanceOfAccessCase::clone const):

• bytecode/IntrinsicGetterAccessCase.cpp:

(JSC::IntrinsicGetterAccessCase::clone const):

• bytecode/ModuleNamespaceAccessCase.cpp:

(JSC::ModuleNamespaceAccessCase::clone const):

• bytecode/ProxyableAccessCase.cpp:

(JSC::ProxyableAccessCase::clone const):

• bytecode/StructureSet.h:
• debugger/Breakpoint.h:
• dfg/DFGRegisteredStructureSet.h:
• inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::buildDebuggerLocation):

• inspector/scripts/codegen/cpp_generator_templates.py:
• parser/UnlinkedSourceCode.h:
• wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::parseAndCompileAir):

• wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

• wasm/WasmNameSectionParser.cpp:

(JSC::Wasm::NameSectionParser::parse):

• wasm/WasmStreamingParser.cpp:

(JSC::Wasm::StreamingParser::consume):

Source/WebCore:

• Modules/encryptedmedia/CDM.cpp:

(WebCore::CDM::getSupportedConfiguration):

• Modules/encryptedmedia/MediaKeys.cpp:

(WebCore::MediaKeys::createSession):

• Modules/entriesapi/DOMFileSystem.cpp:

(WebCore::listDirectoryWithMetadata):
(WebCore::toFileSystemEntries):

• Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::fromFormData):
(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

• Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):

• Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::create):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::clone):

• Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::update):
(WebCore::IDBCursor::deleteFunction):

• Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::transaction):

• Modules/indexeddb/IDBDatabaseIdentifier.h:

(WebCore::IDBDatabaseIdentifier::decode):

• Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::decode):

• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::createIndex):
(WebCore::IDBObjectStore::index):

• Modules/indexeddb/IDBValue.h:

(WebCore::IDBValue::decode):

• Modules/indexeddb/shared/IDBError.cpp:

(WebCore::IDBError::operator=): Deleted.

• Modules/indexeddb/shared/IDBError.h:
• Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::decode):

• Modules/mediarecorder/MediaRecorder.cpp:

(WebCore::MediaRecorder::create):

• Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::addSourceBuffer):

• Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::iceServersFromConfiguration):
(WebCore::RTCPeerConnection::certificatesFromConfiguration):
(WebCore::certificateTypeFromAlgorithmIdentifier):

• Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::LibWebRTCMediaEndpoint::getStats):

• Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:

(WebCore::LibWebRTCPeerConnectionBackend::addTrack):
(WebCore::LibWebRTCPeerConnectionBackend::addUnifiedPlanTransceiver):

• Modules/webaudio/AudioBuffer.cpp:

(WebCore::AudioBuffer::create):

• Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::createMediaElementSource):
(WebCore::AudioContext::createMediaStreamSource):
(WebCore::AudioContext::createScriptProcessor):

• Modules/webaudio/OfflineAudioContext.cpp:

(WebCore::OfflineAudioContext::create):

• Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::tryToOpenDatabaseBackend):

• Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::canEstablishDatabase):
(WebCore::DatabaseTracker::retryCanEstablishDatabase):

• Modules/webdatabase/SQLResultSetRowList.cpp:

(WebCore::SQLResultSetRowList::item const):

• Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::create):

• accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):

• animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::create):
(WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const):

• bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElementWithFallback):

• bindings/js/JSDOMConvertVariadic.h:

(WebCore::VariadicConverter::convert):
(WebCore::convertVariadicArguments):

• bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::readDOMPointInit):
(WebCore::transferArrayBuffers):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackImplementationContent):

• bindings/scripts/test/JS/JSTestCallbackFunction.cpp:

(WebCore::JSTestCallbackFunction::handleEvent):

• bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:

(WebCore::JSTestCallbackFunctionRethrow::handleEvent):

• bindings/scripts/test/JS/JSTestCallbackInterface.cpp:

(WebCore::JSTestCallbackInterface::callbackWithAReturnValue):
(WebCore::JSTestCallbackInterface::callbackThatRethrowsExceptions):
(WebCore::JSTestCallbackInterface::callbackThatSkipsInvokeCheck):
(WebCore::JSTestCallbackInterface::callbackWithThisObject):

• contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getStringList):
(WebCore::ContentExtensions::loadTrigger):
(WebCore::ContentExtensions::loadEncodedRules):
(WebCore::ContentExtensions::parseRuleList):

• crypto/SubtleCrypto.cpp:

(WebCore::normalizeCryptoAlgorithmParameters):

• crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:

(WebCore::calculateSignature):

• crypto/keys/CryptoKeyEC.cpp:

(WebCore::CryptoKeyEC::exportJwk const):

• css/CSSComputedStyleDeclaration.cpp:

(WebCore::computedTransform):
(WebCore::ComputedStyleExtractor::valueForShadow):
(WebCore::ComputedStyleExtractor::valueForFilter):
(WebCore::specifiedValueForGridTrackSize):
(WebCore::valueForGridTrackList):
(WebCore::valueForGridPosition):
(WebCore::willChangePropertyValue):
(WebCore::fontVariantLigaturesPropertyValue):
(WebCore::fontVariantNumericPropertyValue):
(WebCore::fontVariantEastAsianPropertyValue):
(WebCore::touchActionFlagsToCSSValue):
(WebCore::renderTextDecorationFlagsToCSSValue):
(WebCore::renderEmphasisPositionFlagsToCSSValue):
(WebCore::speakAsToCSSValue):
(WebCore::hangingPunctuationToCSSValue):
(WebCore::fillRepeatToCSSValue):
(WebCore::fillSizeToCSSValue):
(WebCore::counterToCSSValue):
(WebCore::fontVariantFromStyle):
(WebCore::fontSynthesisFromStyle):
(WebCore::shapePropertyValue):
(WebCore::paintOrder):
(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor2SidesShorthand):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor4SidesShorthand):

• css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::matchingFacesExcludingPreinstalledFonts):

• css/CSSGradientValue.cpp:

(WebCore::CSSGradientValue::image):

• css/CSSStyleSheet.cpp:

(WebCore::CSSStyleSheet::rules):

• css/DOMMatrixReadOnly.cpp:

(WebCore::DOMMatrixReadOnly::parseStringIntoAbstractMatrix):

• css/FontFace.cpp:

(WebCore::FontFace::create):

• css/FontVariantBuilder.cpp:

(WebCore::computeFontVariant):

• css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::removeProperty):

• css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::strokeDashArrayToCSSValueList):
(WebCore::ComputedStyleExtractor::adjustSVGPaintForCurrentColor const):

• css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertReflection):

• css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::create):
(WebCore::WebKitCSSMatrix::multiply const):

• css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontVariationSettings):
(WebCore::consumeBasicShapePath):
(WebCore::consumeImplicitGridAutoFlow):

• cssjit/StackAllocator.h:
• dom/DOMImplementation.cpp:

(WebCore::DOMImplementation::createDocument):

• dom/Document.cpp:

(WebCore::Document::cloneNodeInternal):

• dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::cloneNodeInternal):

• dom/Element.cpp:

(WebCore::Element::setAttributeNode):
(WebCore::Element::setAttributeNodeNS):
(WebCore::Element::removeAttributeNode):
(WebCore::Element::parseAttributeName):
(WebCore::Element::animate):

• dom/MessagePort.cpp:

(WebCore::MessagePort::disentanglePorts):

• dom/NodeIterator.cpp:

(WebCore::NodeIterator::nextNode):
(WebCore::NodeIterator::previousNode):

• dom/Range.cpp:

(WebCore::Range::processContents):
(WebCore::processContentsBetweenOffsets):
(WebCore::processAncestorsAndTheirSiblings):

• dom/RangeBoundaryPoint.h:
• dom/ScriptDisallowedScope.h:

(WebCore::ScriptDisallowedScope::operator=):

• dom/Text.cpp:

(WebCore::Text::splitText):

• dom/TextDecoder.cpp:

(WebCore::TextDecoder::create):
(WebCore::TextDecoder::decode):

• editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::insertBlockPlaceholder):
(WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary):

• editing/Editing.cpp:

(WebCore::createTabSpanElement):

• editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleAtSelectionStart):

• editing/TextIterator.cpp:

(WebCore::TextIterator::rangeFromLocationAndLength):

• editing/VisibleSelection.cpp:

(WebCore::makeSearchRange):

• editing/markup.cpp:

(WebCore::styleFromMatchedRulesAndInlineDecl):
(WebCore::createFragmentForInnerOuterHTML):
(WebCore::createContextualFragment):

• html/FormController.cpp:

(WebCore::deserializeFormControlState):

• html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::captureStream):

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader):

• html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::createForJSConstructor):

• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::createElementRenderer):

• html/HTMLTableElement.cpp:

(WebCore::HTMLTableElement::createSharedCellStyle):

• html/HTMLTableRowElement.cpp:

(WebCore::HTMLTableRowElement::insertCell):

• html/ImageData.cpp:

(WebCore::ImageData::create):

• html/OffscreenCanvas.cpp:

(WebCore::OffscreenCanvas::transferToImageBitmap):

• html/canvas/CanvasRenderingContext2DBase.cpp:

(WebCore::CanvasRenderingContext2DBase::createLinearGradient):
(WebCore::CanvasRenderingContext2DBase::createRadialGradient):

• html/canvas/OESVertexArrayObject.cpp:

(WebCore::OESVertexArrayObject::createVertexArrayOES):

• html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::createBuffer):
(WebCore::WebGLRenderingContextBase::createFramebuffer):
(WebCore::WebGLRenderingContextBase::createTexture):
(WebCore::WebGLRenderingContextBase::createProgram):
(WebCore::WebGLRenderingContextBase::createRenderbuffer):
(WebCore::WebGLRenderingContextBase::createShader):
(WebCore::WebGLRenderingContextBase::getContextAttributes):
(WebCore::WebGLRenderingContextBase::getUniform):

• html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerContainer::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):

• html/track/BufferedLineReader.cpp:

(WebCore::BufferedLineReader::nextLine):

• html/track/VTTCue.cpp:

(WebCore::VTTCue::getCueAsHTML):
(WebCore::VTTCue::createCueRenderingTree):

• html/track/WebVTTElement.cpp:

(WebCore::WebVTTElement::cloneElementWithoutAttributesAndChildren):

• inspector/InspectorStyleSheet.cpp:

(WebCore::asCSSRuleList):
(WebCore::InspectorStyle::buildObjectForStyle const):
(WebCore::InspectorStyleSheet::buildObjectForStyleSheet):
(WebCore::InspectorStyleSheet::buildObjectForRule):

• inspector/agents/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):

• inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildArrayForPseudoElements):
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

• inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::buildObjectForResourceResponse):

• loader/FetchOptions.h:

(WebCore::FetchOptions::decode):

• loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::requestResource):

• loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::loadCache):
(WebCore::ApplicationCacheStorage::manifestURLs):

• loader/archive/mhtml/MHTMLParser.cpp:

(WebCore::MHTMLParser::parseArchiveWithHeader):

• loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

• page/DOMWindow.cpp:

(WebCore::DOMWindow::getMatchedCSSRules const):

• page/DragController.cpp:

(WebCore::documentFragmentFromDragData):

• page/EventSource.cpp:

(WebCore::EventSource::create):

• page/PerformanceUserTiming.cpp:

(WebCore::UserTiming::mark):
(WebCore::UserTiming::measure):

• page/SecurityOrigin.h:

(WebCore::SecurityOrigin::decode):

• page/scrolling/ScrollingConstraints.h:

(WebCore::FixedPositionViewportConstraints::FixedPositionViewportConstraints):
(WebCore::LayoutConstraints::LayoutConstraints): Deleted.

• platform/Length.h:

(WebCore::Length::Length):

• platform/animation/TimingFunction.cpp:

(WebCore::TimingFunction::createFromCSSText):

• platform/encryptedmedia/clearkey/CDMClearKey.cpp:

(WebCore::parseLicenseFormat):

• platform/graphics/FloatPoint3D.h:
• platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

• platform/graphics/GLContext.cpp:

(WebCore::GLContext::createContextForWindow):
(WebCore::GLContext::createSharingContext):

• platform/graphics/GraphicsContext.cpp:
• platform/graphics/HEVCUtilities.cpp:

(WebCore::parseHEVCCodecParameters):

• platform/graphics/gtk/ImageGtk.cpp:

(WebCore::loadImageFromGResource):
(WebCore::loadMissingImageIconFromTheme):

• platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):

• platform/mediastream/MediaConstraints.h:

(WebCore::MediaTrackConstraintSetMap::decode):

• platform/mediastream/MediaStreamRequest.h:

(WebCore::MediaStreamRequest::decode):

• platform/mediastream/gstreamer/GStreamerVideoFrameLibWebRTC.cpp:

(WebCore::GStreamerSampleFromLibWebRTCVideoFrame):

• platform/mediastream/gstreamer/RealtimeIncomingAudioSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingAudioSource::create):

• platform/mediastream/gstreamer/RealtimeIncomingVideoSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingVideoSource::create):

• platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::captureDeviceWithPersistentID):

• platform/mock/mediasource/MockSourceBufferPrivate.cpp:

(WebCore::MockMediaSample::createNonDisplayingCopy const):

• platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::createResourceHandle):

• platform/network/CookieRequestHeaderFieldProxy.h:

(WebCore::CookieRequestHeaderFieldProxy::decode):

• platform/network/FormData.h:

(WebCore::FormData::decode):

• platform/network/MIMEHeader.cpp:

(WebCore::MIMEHeader::parseHeader):

• platform/network/ResourceHandle.cpp:

(WebCore::ResourceHandle::create):

• platform/network/soup/DNSResolveQueueSoup.cpp:

(WebCore::DNSResolveQueueSoup::takeCompletionAndCancelHandlers):

• rendering/RenderElement.cpp:

(WebCore::RenderElement::createFor):

• rendering/shapes/Shape.cpp:

(WebCore::Shape::createRasterShape):
(WebCore::Shape::createBoxShape):

• rendering/style/BasicShapes.cpp:

(WebCore::BasicShapeCircle::blend const):
(WebCore::BasicShapeEllipse::blend const):
(WebCore::BasicShapePolygon::blend const):
(WebCore::BasicShapePath::blend const):
(WebCore::BasicShapeInset::blend const):

• rendering/style/BasicShapes.h:

(WebCore::BasicShapeRadius::BasicShapeRadius):

• rendering/style/ContentData.cpp:

(WebCore::ImageContentData::createContentRenderer const):
(WebCore::TextContentData::createContentRenderer const):
(WebCore::QuoteContentData::createContentRenderer const):

• rendering/style/ContentData.h:
• rendering/svg/RenderSVGInline.cpp:

(WebCore::RenderSVGInline::createInlineFlowBox):

• rendering/svg/RenderSVGInlineText.cpp:

(WebCore::RenderSVGInlineText::createTextBox):

• rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::createRootInlineBox):

• svg/SVGFEBlendElement.cpp:

(WebCore::SVGFEBlendElement::build):

• svg/SVGFEColorMatrixElement.cpp:

(WebCore::SVGFEColorMatrixElement::build):

• svg/SVGFEComponentTransferElement.cpp:

(WebCore::SVGFEComponentTransferElement::build):

• svg/SVGFECompositeElement.cpp:

(WebCore::SVGFECompositeElement::build):

• svg/SVGFEConvolveMatrixElement.cpp:

(WebCore::SVGFEConvolveMatrixElement::build):

• svg/SVGFEDiffuseLightingElement.cpp:

(WebCore::SVGFEDiffuseLightingElement::build):

• svg/SVGFEDisplacementMapElement.cpp:

(WebCore::SVGFEDisplacementMapElement::build):

• svg/SVGFEDropShadowElement.cpp:

(WebCore::SVGFEDropShadowElement::build):

• svg/SVGFEGaussianBlurElement.cpp:

(WebCore::SVGFEGaussianBlurElement::build):

• svg/SVGFEMergeElement.cpp:

(WebCore::SVGFEMergeElement::build):

• svg/SVGFEMorphologyElement.cpp:

(WebCore::SVGFEMorphologyElement::build):

• svg/SVGFEOffsetElement.cpp:

(WebCore::SVGFEOffsetElement::build):

• svg/SVGFESpecularLightingElement.cpp:

(WebCore::SVGFESpecularLightingElement::build):

• svg/SVGFETileElement.cpp:

(WebCore::SVGFETileElement::build):

• svg/SVGTransformList.h:
• svg/properties/SVGList.h:

(WebCore::SVGList::initialize):
(WebCore::SVGList::insertItemBefore):
(WebCore::SVGList::replaceItem):
(WebCore::SVGList::removeItem):
(WebCore::SVGList::appendItem):

• svg/properties/SVGListProperty.h:

(WebCore::SVGListProperty::initializeValuesAndWrappers):
(WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
(WebCore::SVGListProperty::replaceItemValuesAndWrappers):
(WebCore::SVGListProperty::removeItemValues):
(WebCore::SVGListProperty::appendItemValuesAndWrappers):

• svg/properties/SVGPrimitiveList.h:
• testing/Internals.cpp:

(WebCore::Internals::elementRenderTreeAsText):
(WebCore::parseFindOptions):

• workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL):

• workers/Worker.cpp:

(WebCore::Worker::create):

• workers/service/ServiceWorkerJobData.h:

(WebCore::ServiceWorkerJobData::decode):

• xml/DOMParser.cpp:

(WebCore::DOMParser::parseFromString):

• xml/XPathExpression.cpp:

(WebCore::XPathExpression::evaluate):

Source/WebKit:

• NetworkProcess/cache/CacheStorageEngineCache.cpp:

(WebKit::CacheStorage::Cache::decode):

• Platform/IPC/ArgumentCoders.h:
• Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

• Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

• Shared/Plugins/NPIdentifierData.cpp:

(WebKit::NPIdentifierData::decode):

• Shared/Plugins/NPVariantData.cpp:

(WebKit::NPVariantData::decode):

• Shared/Plugins/Netscape/NetscapePluginModule.cpp:

(WebKit::NetscapePluginModule::getOrCreate):

• Shared/RTCNetwork.cpp:

(WebKit::RTCNetwork::IPAddress::decode):

• Shared/SessionState.cpp:

(WebKit::HTTPBody::Element::decode):
(WebKit::FrameState::decode):
(WebKit::BackForwardListItemState::decode):

• Shared/WebCompiledContentRuleListData.cpp:

(WebKit::WebCompiledContentRuleListData::decode):

• Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<FloatPoint>::decode):
(IPC::ArgumentCoder<FloatRect>::decode):
(IPC::ArgumentCoder<FloatQuad>::decode):
(IPC::ArgumentCoder<ViewportArguments>::decode):
(IPC::ArgumentCoder<IntPoint>::decode):
(IPC::ArgumentCoder<IntRect>::decode):
(IPC::ArgumentCoder<IntSize>::decode):
(IPC::ArgumentCoder<MimeClassInfo>::decode):
(IPC::ArgumentCoder<PluginInfo>::decode):
(IPC::ArgumentCoder<SelectionRect>::decode):
(IPC::ArgumentCoder<CompositionUnderline>::decode):
(IPC::ArgumentCoder<BlobPart>::decode):
(IPC::ArgumentCoder<TextIndicatorData>::decode):
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode):
(IPC::ArgumentCoder<ScrollOffsetRange<float>>::decode):

• Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::decode):

• Shared/WebPlatformTouchPoint.cpp:

(WebKit::WebPlatformTouchPoint::decode):

• Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::Entry::decode):

• Shared/WebsiteDataStoreParameters.cpp:

(WebKit::WebsiteDataStoreParameters::decode):

• UIProcess/API/APIContentRuleListStore.cpp:

(API::decodeContentRuleListMetaData):

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::launchProcessForReload):
(WebKit::WebPageProxy::launchProcessWithItem):
(WebKit::WebPageProxy::loadRequest):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadData):
(WebKit::WebPageProxy::reload):

• UIProcess/WebProcessCache.cpp:

(WebKit::WebProcessCache::takeProcess):

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::findReusableSuspendedPageProcess):

• WebProcess/InjectedBundle/DOM/InjectedBundleCSSStyleDeclarationHandle.cpp:

(WebKit::InjectedBundleCSSStyleDeclarationHandle::getOrCreate):

• WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:

(WebKit::InjectedBundleRangeHandle::getOrCreate):

• WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::create):

• WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::tryLoadingSynchronouslyUsingURLSchemeHandler):

• WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:

(WebKit::CompositingCoordinator::createGraphicsLayer):

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::pdfSnapshotAtSize):
(WebKit::WebPage::createDocumentLoader):

• WebProcess/WebStorage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::copy):

Source/WTF:

• wtf/CheckedArithmetic.h:

(WTF::Checked::Checked):

• wtf/MetaAllocator.cpp:

(WTF::MetaAllocator::allocate):

• wtf/URLParser.cpp:

(WTF::CodePointIterator::operator!= const):
(WTF::CodePointIterator::operator=): Deleted.

• wtf/text/StringView.h:

(WTF::StringView::CodePoints::Iterator::operator=): Deleted.

7:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

(diff)

4:14 PM Changeset in webkit [248204] by Devin Rousso

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Elements: Styles: move psuedo-selector rules before inherited rules
​https://bugs.webkit.org/show_bug.cgi?id=199950

Reviewed by Joseph Pecoraro.

Since pseudo-selector rules (usually) affect the selected element, or are related to its
content, it's more useful to have them near that element's rules instead of after all of
it's inherited rules.

• UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):

1:32 PM Changeset in webkit [248203] by Konstantin Tokarev

• 2 edits in trunk/Source/WebKit

Fix compilation with disabled WebGL
​https://bugs.webkit.org/show_bug.cgi?id=200421

Reviewed by Wenson Hsieh.

After r247452 webGLStateTracker is guarded with #if ENABLE(WEBGL)

• WebProcess/WebPage/WebPage.cpp:

(WebKit::m_textAutoSizingAdjustmentTimer):

12:36 PM Changeset in webkit [248202] by Devin Rousso

• 14 edits
  1 copy
  5 adds in trunk

Web Inspector: Elements: Styles: add icons for various CSS rule types
​https://bugs.webkit.org/show_bug.cgi?id=199946

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

• UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.displayNameForPseudoId):
Add hardcoded pseudo-selector identifiers for older backends.

• UserInterface/Models/CSSSelector.js:

(WI.CSSSelector.prototype.isPseudoSelector): Added.
(WI.CSSSelector.prototype.isPseudoElementSelector): Deleted.
There are more types of pseudo-selectors than just :{before|after}.

• UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.generateCSSRuleString): Added.

• UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.spreadsheetCSSStyleDeclarationSectionAddNewRule): Added.
(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):
Provide a delegate method for adding a new rule, so the WI.SpreadsheetRulesStyleDetailsPanel
can know what selector to focus once the new rule gets added.

• UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection.prototype.initialLayout):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._renderSelector):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._populateIconElementContextMenu): Added.

• UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.css:

(.spreadsheet-css-declaration .header.editing-selector .selector): Added.
(.spreadsheet-css-declaration .selector > .icon): Added.
(.spreadsheet-css-declaration .selector > .icon + *): Added.
(.spreadsheet-css-declaration .selector.style-attribute > span): Added.
When "mousedown" (or "contextmenu") on the icon, show a context menu with helpful actions:

• Copy Rule
• {Disable|Enable} Rule
• Duplicate Selector
• Add :{active|focus|hover|visited} Rule
• Create ::{before|after} Rule
• Reveal in {Resources Tab|Sources Tab|Stylesheet}

Drive-by: add an extra 0.5px of initial margin before the Style Attribute selector (which is
sans-serif) so it properly aligns with the other selectors (which are monospaced).

• UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.js:

(WI.SpreadsheetCSSStyleDeclarationEditor.prototype.layout):

• UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.css:

(.spreadsheet-style-declaration-editor:empty): Added.
(.spreadsheet-style-declaration-editor.no-properties): Deleted.
Add some extra space when there's no inline style so it looks a bit less cramped.

• UserInterface/Main.html:
• UserInterface/Views/StyleRuleIcons.css: Added.

(.author-style-rule-icon .icon):
(.author-style-rule-icon.pseudo-selector .icon):
(.user-style-rule-icon .icon):
(.user-style-rule-icon.pseudo-selector .icon):
(.user-agent-style-rule-icon .icon):
(.user-agent-style-rule-icon.pseudo-selector .icon):
(.inspector-style-rule-icon .icon):
(.inspector-style-rule-icon.pseudo-selector .icon):
(.inherited-style-rule-icon .icon):
(.inherited-element-style-rule-icon .icon):

• UserInterface/Images/StyleRule.svg: Added.
• UserInterface/Images/StyleRuleInheritedElement.svg: Added.
• UserInterface/Images/StyleRulePseudo.svg: Added.

Add generic icon classes for style rule icons.

• UserInterface/Base/Setting.js:
• UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createExperimentalSettingsView):
Add experimental setting.

• Localizations/en.lproj/localizedStrings.js:

LayoutTests:

• inspector/css/generateCSSRuleString.html: Added.
• inspector/css/generateCSSRuleString-expected.txt: Added.

12:00 PM Changeset in webkit [248201] by Devin Rousso

• 28 edits
  1 move
  5 adds
  2 deletes in trunk

Web Inspector: DOM: add a special breakpoint for "All Events"
​https://bugs.webkit.org/show_bug.cgi?id=200285

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Similar to the existing "All Requests" breakpoint, there should be a way to set a breakpoint
that would pause for any DOM event, regardless of the event's name. This is useful for
situations where the event name isn't known, or where one simply wants to pause on the next
entry to the event loop.

Along these lines, make the "requestAnimationFrame", "setTimeout", and "setInterval"
event breakpoints into special breakpoints that can be added/removed via the create
breakpoint context menu. This simplifies the process for setting these breakpoints, and also
makes them more discoverable (most people wouldn't consider them to be "events").

• inspector/protocol/Debugger.json:
  • Rename the EventListener pause reason to Listener.
  • Split the Timer pause reason into Interval and Timeout.

• inspector/protocol/DOMDebugger.json:
  • Split the timer type into interval and timeout.
  • Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted, the corresponding breakpoint that is added/removed is treated as a global breakpoint that applies to all events of that type (e.g. a global listener breakpoint would pause for any event that is fired).

Source/WebCore:

Similar to the existing "All Requests" breakpoint, there should be a way to set a breakpoint
that would pause for any DOM event, regardless of the event's name. This is useful for
situations where the event name isn't known, or where one simply want's to pause on the next
entry to the event loop.

Along these lines, make the "requestAnimationFrame", "setTimeout", and "setInterval"
event breakpoints into special breakpoints that can be added/removed via the create
breakpoint context menu. This simplifies the process for setting these breakpoints, and also
makes them more discoverable (most people wouldn't consider them to be "events").

Tests: inspector/dom/breakpoint-for-event-listener.html

inspector/dom-debugger/event-animation-frame-breakpoints.html
inspector/dom-debugger/event-breakpoint-with-navigation.html
inspector/dom-debugger/event-interval-breakpoints.html
inspector/dom-debugger/event-listener-breakpoints.html
inspector/dom-debugger/event-timeout-breakpoints.html

• inspector/agents/InspectorDOMDebuggerAgent.h:
• inspector/agents/InspectorDOMDebuggerAgent.cpp:

(WebCore::InspectorDOMDebuggerAgent::disable):
(WebCore::InspectorDOMDebuggerAgent::frameDocumentUpdated):
(WebCore::InspectorDOMDebuggerAgent::setEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::removeEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::willHandleEvent):
(WebCore::InspectorDOMDebuggerAgent::willFireTimer):
(WebCore::InspectorDOMDebuggerAgent::willFireAnimationFrame):
(WebCore::InspectorDOMDebuggerAgent::discardBindings): Deleted.
Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted,
the corresponding breakpoint that is added/removed is treated as a global breakpoint that
applies to all events of that type (e.g. a global listener breakpoint would pause for any
event that is fired).

Source/WebInspectorUI:

Similar to the existing "All Requests" breakpoint, there should be a way to set a breakpoint
that would pause for any DOM event, regardless of the event's name. This is useful for
situations where the event name isn't known, or where one simply want's to pause on the next
entry to the event loop.

Along these lines, make the "requestAnimationFrame", "setTimeout", and "setInterval"
event breakpoints into special breakpoints that can be added/removed via the create
breakpoint context menu. This simplifies the process for setting these breakpoints, and also
makes them more discoverable (most people wouldn't consider them to be "events").

• UserInterface/Models/EventBreakpoint.js:

(WI.EventBreakpoint):
(WI.EventBreakpoint.deserialize):
(WI.EventBreakpoint.prototype.saveIdentityToCookie):
(WI.EventBreakpoint.prototype.toJSON):

• UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager.prototype._pauseReasonFromPayload):

• UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):
(WI.DOMDebuggerManager.prototype.initializeTarget):
(WI.DOMDebuggerManager.supportsDOMBreakpoints): Added.
(WI.DOMDebuggerManager.supportsEventBreakpoints):
(WI.DOMDebuggerManager.supportsEventListenerBreakpoints): Added.
(WI.DOMDebuggerManager.supportsURLBreakpoints):
(WI.DOMDebuggerManager.supportsXHRBreakpoints): Added.
(WI.DOMDebuggerManager.supportsAllListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allAnimationFramesBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allIntervalsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allTimeoutsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get listenerBreakpoints): Added.
(WI.DOMDebuggerManager.prototype.isBreakpointSpecial):
(WI.DOMDebuggerManager.prototype.listenerBreakpointForEventName): Added.
(WI.DOMDebuggerManager.prototype.addEventBreakpoint):
(WI.DOMDebuggerManager.prototype.removeEventBreakpoint):
(WI.DOMDebuggerManager.prototype.addURLBreakpoint):
(WI.DOMDebuggerManager.prototype._resolveDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateEventBreakpoint):
(WI.DOMDebuggerManager.prototype._updateURLBreakpoint):
(WI.DOMDebuggerManager.prototype._handleDOMBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleEventBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleURLBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype.get eventBreakpoints): Deleted.
(WI.DOMDebuggerManager.prototype.eventBreakpointForTypeAndEventName): Deleted.
Add additional target compatibility checks.

• UserInterface/Views/EventBreakpointPopover.js:

(WI.EventBreakpointPopover.prototype.show):
(WI.EventBreakpointPopover.prototype.dismiss):
(WI.EventBreakpointPopover.prototype._handleTypeSelectChange): Deleted.

• UserInterface/Views/EventBreakpointPopover.css:

(.popover .event-breakpoint-content > input): Added.
(.popover .event-breakpoint-content > input::placeholder): Added.
(.popover .event-breakpoint-content > .event-type): Deleted.
(.popover .event-breakpoint-content > .event-type > input): Deleted.
(.popover .event-breakpoint-content > .event-type > input::placeholder): Deleted.

• UserInterface/Views/EventBreakpointTreeElement.css:

(.breakpoint.event.breakpoint-for-interval:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timeout:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timer:not(.breakpoint-paused-icon) .icon): Deleted.

• UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel):
(WI.DebuggerSidebarPanel.prototype.saveStateToCookie):
(WI.DebuggerSidebarPanel.prototype.restoreStateFromCookie):
(WI.DebuggerSidebarPanel.prototype._addBreakpoint):
(WI.DebuggerSidebarPanel.prototype._addTreeElement):
(WI.DebuggerSidebarPanel.prototype._updatePauseReasonSection):
(WI.DebuggerSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu):

• UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel):
(WI.SourcesNavigationSidebarPanel.prototype._insertDebuggerTreeElement):
(WI.SourcesNavigationSidebarPanel.prototype._addBreakpoint):
(WI.SourcesNavigationSidebarPanel.prototype._updatePauseReasonSection):
(WI.SourcesNavigationSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu):
Add create breakpoint context menu items (also sort the breakpoints in this order):

• "All Animation Frames" => [A] All Animation Frames
• "All Timeouts" => [T] All Timeouts
• "All Intervals" => [I] All Intervals
• "All Events" => [E] All Events

• UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

• UserInterface/Base/Setting.js:
• UserInterface/Images/EventBreakpointInterval.svg: Added.
• UserInterface/Images/EventBreakpointTimeout.svg: Renamed from Source/WebInspectorUI/UserInterface/Images/EventBreakpointTimer.svg.
• Localizations/en.lproj/localizedStrings.js:

LayoutTests:

• inspector/dom/breakpoint-for-event-listener.html:
• inspector/dom/breakpoint-for-event-listener-expected.txt:

• inspector/dom-debugger/event-animation-frame-breakpoints.html:
• inspector/dom-debugger/event-animation-frame-breakpoints-expected.txt:
• inspector/dom-debugger/event-breakpoint-with-navigation.html:
• inspector/dom-debugger/event-breakpoint-with-navigation-expected.txt:
• inspector/dom-debugger/event-interval-breakpoints.html: Added.
• inspector/dom-debugger/event-interval-breakpoints-expected.txt: Added.
• inspector/dom-debugger/event-listener-breakpoints.html:
• inspector/dom-debugger/event-listener-breakpoints-expected.txt:
• inspector/dom-debugger/event-timeout-breakpoints.html: Added.
• inspector/dom-debugger/event-timeout-breakpoints-expected.txt: Added.

• inspector/dom-debugger/resources/event-breakpoint-utilities.js:

(TestPage.registerInitializer.InspectorTest.EventBreakpoint.teardown):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.failOnPause):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.createBreakpoint): Added.
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.addBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.removeBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.disableBreakpoint):

• inspector/dom-debugger/event-timer-breakpoints.html: Removed.
• inspector/dom-debugger/event-timer-breakpoints-expected.txt: Removed.

9:09 AM Changeset in webkit [248200] by Alan Bujtas

• 19 edits
  4 deletes in trunk

[LFC] Remove formatting context type leaf classes
​https://bugs.webkit.org/show_bug.cgi?id=200224
<rdar://problem/53661907>

Reviewed by Antti Koivisto.

Let's keep the layout tree formatting context type independent.

• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const):
(WebCore::Layout::InlineFormattingContext::initializeMarginBorderAndPaddingForGenericInlineBox const):
(WebCore::Layout::InlineFormattingContext::collectInlineContent const):

• layout/inlineformatting/InlineFormattingContext.h:
• layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::inlineItemWidth):
(WebCore::Layout::LineLayout::placeInlineItem):

• layout/inlineformatting/InlineItem.h:
• layout/inlineformatting/InlineTextItem.cpp:

(WebCore::Layout::InlineTextItem::createAndAppendTextItems):
(WebCore::Layout::InlineTextItem::InlineTextItem):
(WebCore::Layout::InlineTextItem::split const):

• layout/inlineformatting/InlineTextItem.h:

(WebCore::Layout::InlineTextItem::inlineBox const): Deleted.

• layout/inlineformatting/text/TextUtil.cpp:

(WebCore::Layout::TextUtil::width):
(WebCore::Layout::TextUtil::split):

• layout/inlineformatting/text/TextUtil.h:
• layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::Box):
(WebCore::Layout::Box::~Box):
(WebCore::Layout::Box::formattingContextRoot const):
(WebCore::Layout::Box::setTextContent):
(WebCore::Layout::Box::hasTextContent const):
(WebCore::Layout::Box::textContent const):
(WebCore::Layout::Box::replaced const):
(WebCore::Layout::Box::replaced):
(WebCore::Layout::Box::rareDataMap):
(WebCore::Layout::Box::rareData const):
(WebCore::Layout::Box::ensureRareData):
(WebCore::Layout::Box::removeRareData):

• layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isLineBreakBox const):
(WebCore::Layout::Box::hasRareData const):
(WebCore::Layout::Box::setHasRareData):
(WebCore::Layout::Box::isInlineBox const): Deleted.
(WebCore::Layout::Box::replaced const): Deleted.
(WebCore::Layout::Box::replaced): Deleted.

• layout/layouttree/LayoutContainer.h:

(WebCore::Layout::Container::firstChild const): Deleted.
(WebCore::Layout::Container::lastChild const): Deleted.
(WebCore::Layout::Container::hasChild const): Deleted.
(WebCore::Layout::Container::hasInFlowChild const): Deleted.
(WebCore::Layout::Container::hasInFlowOrFloatingChild const): Deleted.
(WebCore::Layout::Container::outOfFlowDescendants const): Deleted.

• layout/layouttree/LayoutInlineBox.cpp: Removed.
• layout/layouttree/LayoutInlineBox.h: Removed.
• layout/layouttree/LayoutLineBreakBox.cpp: Removed.
• layout/layouttree/LayoutLineBreakBox.h: Removed.
• layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::outputLayoutBox):

7:01 AM Changeset in webkit [248199] by Alan Bujtas

• 13 edits
  4 deletes in trunk/Source/WebCore

[LFC] Remove formatting context type container classes.
​https://bugs.webkit.org/show_bug.cgi?id=200202

Reviewed by Antti Koivisto.

These are formatting context specific classes. Let's try to have a layout tree without such types.

• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::computeIntrinsicWidthConstraints const):

• layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeMarginBorderAndPaddingForInlineContainer const):

• layout/inlineformatting/InlineFormattingContext.h:
• layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::layout const):

• layout/inlineformatting/InlineLine.cpp:

(WebCore::Layout::Line::appendTextContent):

• layout/layouttree/LayoutBlockContainer.cpp: Removed.
• layout/layouttree/LayoutBlockContainer.h: Removed.
• layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::establishesInlineFormattingContext const):
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const):
(WebCore::Layout::Box::formattingContextRoot const):

• layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isBlockContainer const):
(WebCore::Layout::Box::isInlineContainer const):
(WebCore::Layout::Box::isInlineBox const):
(WebCore::Layout::Box::establishesInlineFormattingContext const): Deleted.
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const): Deleted.

• layout/layouttree/LayoutInlineContainer.cpp: Removed.
• layout/layouttree/LayoutInlineContainer.h: Removed.
• layout/layouttree/LayoutIterator.h:

(WebCore::Layout::LayoutBoxTraversal::firstChild):

• layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutTree):
(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::TreeBuilder::createTableStructure):
(WebCore::Layout::outputLayoutBox):

• layout/layouttree/LayoutTreeBuilder.h:
• page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

1:56 AM Changeset in webkit [248198] by Devin Rousso

• 9 edits in trunk/Source/WebInspectorUI

Web Inspector: Heap Snapshot Views should be searchable
​https://bugs.webkit.org/show_bug.cgi?id=157582
<rdar://problem/26228629>

Reviewed by Joseph Pecoraro.

Without the ability to filter/search, it's far more difficult to find objects of interest.
Rather than spending time scrolling through the entire heap snapshot or sorting by "Name",
a simple filter/search (which also uses the global search settings) is almost instant.

• UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype.updateFilter): Addded.
(WI.HeapAllocationsTimelineView.prototype.get showsFilterBar): Deleted.

• UserInterface/Views/HeapSnapshotClusterContentView.js:

(WI.HeapSnapshotClusterContentView.prototype.updateFilter): Added.

• UserInterface/Views/HeapSnapshotContentView.js:

(WI.HeapSnapshotContentView):
(WI.HeapSnapshotContentView.prototype.updateFilter): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchNodeAgainstCustomFilters): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchShouldPopulateWhenFilteringNode): Added.

• UserInterface/Views/DataGrid.js:

(WI.DataGrid.prototype._updateFilter.createIteratorForNodesToBeFiltered):
Don't attempt to populate each heap snapshot WI.DataGridNode when filtering, as that can
quickly exhaust memory due to the sheer size of a heap snapshot.

• UserInterface/Base/Main.js:

(WI._find):

• UserInterface/Views/TimelineTabContentView.js:

(WI.TimelineTabContentView.prototype.get canHandleFindEvent): Added.
(WI.TimelineTabContentView.prototype.handleFindEvent): Added.

• UserInterface/Views/TimelineRecordingContentView.js:

(WI.TimelineRecordingContentView.prototype.get canFocusFilterBar): Added.
(WI.TimelineRecordingContentView.prototype.focusFilterBar): Added.

• UserInterface/Views/FilterBar.js:

(WI.FilterBar.prototype.focus): Added.
Allow the current tab to intercept the find shortcut and do something custom. In the case
of a WI.TimelineTabContentView, declare that it can handle the find event if the displayed
content view (WI.TimelineRecordingContentView) can focus it's filter bar. If so, when the
find shortcut is triggered, focus the filter bar.

1:52 AM Changeset in webkit [248197] by Devin Rousso

• 6 edits
  2 adds in trunk

Web Inspector: CSS Formatter: comments with an escape character aren't formatted
​https://bugs.webkit.org/show_bug.cgi?id=200168

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Don't allow escaping of the "*" in CSS comments (e.g. \*/).

Add additional pretty printing rules for comments so that there's always some space between
them and the surrounding text. This ensures that they don't interfere with readability.

• UserInterface/Workers/Formatter/CSSFormatter.js:

(CSSFormatter.prototype._format):

• UserInterface/Workers/Formatter/FormatterContentBuilder.js:

(FormatterContentBuilder.prototype.get indented): Added.

LayoutTests:

• inspector/formatting/formatting-css.html:
• inspector/formatting/formatting-css-expected.txt:
• inspector/formatting/resources/css-tests/comment.css: Added.
• inspector/formatting/resources/css-tests/comment-expected.css: Added.

12:37 AM Changeset in webkit [248196] by Devin Rousso

• 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: execution context picker doesn't update when switching to the inferred context from auto
​https://bugs.webkit.org/show_bug.cgi?id=200279

Reviewed by Joseph Pecoraro.

The representedObject of the "auto" execution context path component is shared with that
execution context's actual path component, meaning that if the user switches from "auto" to
that execution context's path component, the underlying representedObject wouldn't change,
and therfore the RuntimeManager.Event.ActiveExecutionContextChanged wouldn't fire. In this
case, update the visible ("selected") execution context path component manually.

• UserInterface/Views/QuickConsole.js:

(WI.QuickConsole.prototype._selectExecutionContext):
(WI.QuickConsole.prototype._pathComponentSelected):

Aug 2, 2019:

9:01 PM Changeset in webkit [248195] by keith_miller@apple.com

• 5 edits in trunk/Source/JavaScriptCore

Address comments on r248178
​https://bugs.webkit.org/show_bug.cgi?id=200411

Reviewed by Saam Barati.

• b3/B3Opcode.h:
• b3/B3Procedure.h:

(JSC::B3::Procedure::tuples const):

• b3/B3Validate.cpp:
• b3/testb3_1.cpp:

(main):

6:10 PM Changeset in webkit [248194] by rmorisset@apple.com

• 2 edits in trunk/Source/WebCore

[WHLSL] Avoid visiting the full AST in computeDimensions
​https://bugs.webkit.org/show_bug.cgi?id=200410

Reviewed by Myles C. Maxfield.

Avoid visiting the full AST in computeDimensions
This cuts the time spent in computeDimensions on compute_boids.html from about 2ms to about 0.002ms.

No new tests as there is no functional change intended.

• Modules/webgpu/WHLSL/WHLSLComputeDimensions.cpp:

(WebCore::WHLSL::computeDimensions):

• Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

5:49 PM Changeset in webkit [248193] by rniwa@webkit.org

• 2 edits in trunk/Source/WebCore

Ref Frame in DOMWindow::screen* functions
​https://bugs.webkit.org/show_bug.cgi?id=200409

Reviewed by Simon Fraser.

Ref Frame in the following functions.

• page/DOMWindow.cpp:

(WebCore::DOMWindow::innerHeight const):
(WebCore::DOMWindow::innerWidth const):
(WebCore::DOMWindow::screenX const):
(WebCore::DOMWindow::screenY const):
(WebCore::DOMWindow::scrollX const):
(WebCore::DOMWindow::scrollY const):

5:31 PM Changeset in webkit [248192] by mark.lam@apple.com

• 13 edits in trunk/Source

[ARM64E] Harden the diversity of the DOMJIT::Signature::unsafeFunction pointer.
​https://bugs.webkit.org/show_bug.cgi?id=200292
<rdar://problem/53706881>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Previously, DOMJIT::Signature::functionWithoutTypeCheck was signed as a C function
pointer. We can do better by signing it like a vtbl function pointer.

No new tests needed. The DOMJIT mechanism is covered by existing tests.

I also manually confirmed that DOMJIT::Signature::functionWithoutTypeCheck is signed
exactly as expected by reading its bits out of memory (not letting Clang have a
chance to resign it into a C function pointer) and comparing it against manually
signed bits with the expected diversifier.

• assembler/MacroAssemblerCodeRef.h:

(JSC::CFunctionPtr::CFunctionPtr):
(JSC::CFunctionPtr::get const):
(JSC::CFunctionPtr::address const):
(JSC::CFunctionPtr::operator bool const):
(JSC::CFunctionPtr::operator! const):
(JSC::CFunctionPtr::operator== const):
(JSC::CFunctionPtr::operator!= const):

• Introduce a CFunctionPtr abstraction that is used to hold pointers to C functions. It can instantiated in 4 ways:

1. The default constructor.
2. A constructor that takes a nullptr_t.

These 2 forms will instantiate a CFunctionPtr with a nullptr.

3. A constructor that takes the name of a function.
4. A constructor that takes a function pointer.

Form 3 already knows that we're initializing with a real function, and
that Clang will give it to use signed as a C function pointer. So, it
doesn't do any assertions. This form is useful for initializing CFunctionPtrs
embedded in const data structures.

Form 4 is an explicit constructor that takes an arbitrary function
pointer, but does not know if that pointer is already signed as a C function
pointer. Hence, this form will do a RELEASE_ASSERT that the given function
pointer is actually signed as a C function pointer.

Once instantiated, we are guaranteed that a C function pointer is either null
or contains a signed C function pointer.

• domjit/DOMJITSignature.h:

(JSC::DOMJIT::Signature::Signature):

• Sign functionWithoutTypeCheck as WTF_VTBL_FUNCPTR_PTRAUTH(DOMJITFunctionPtrTag).

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOM):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):

• Use the new CFunctionPtr to document that the retrieved signature->functionWithoutTypeCheck is signed as a C function pointer.

• runtime/ClassInfo.h:
• Update MethodTable to sign its function pointers using the new WTF_VTBL_FUNCPTR_PTRAUTH_STR to be consistent. No longer need to roll its own PTRAUTH macro.

• runtime/JSCPtrTag.h:
• Add DOMJITFunctionPtrTag.

• tools/JSDollarVM.cpp:
• Update to work with the new DOMJIT::Signature constructor.

Source/WebCore:

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

• Update to work with the new DOMJIT::Signature constructor.

• bindings/scripts/test/JS/JSTestDOMJIT.cpp:
• Re-base test results.

Source/WTF:

• wtf/PtrTag.h:
• Introducing WTF_VTBL_FUNCPTR_PTRAUTH and WTF_VTBL_FUNCPTR_PTRAUTH_STR macros for defining vtbl function pointer style pointer signing modifier.

5:09 PM Changeset in webkit [248191] by Alan Coon

• 1 copy in tags/Safari-608.1.42

Tag Safari-608.1.42.

4:44 PM Changeset in webkit [248190] by Keith Rollin

• 24 edits in trunk

Consistently use Obj-C boolean literals
​https://bugs.webkit.org/show_bug.cgi?id=200405
<rdar://problem/53880043>

Reviewed by Simon Fraser, Joseph Pecoraro.

There are places where we use equivalent but different expressions for
Obj-C boolean objects. For example, we use both [NSNumber
numberWithBool:YES] and @YES. There are places where both are used in
the same function, such as -[WebPreferences initialize]. The boolean
literal is in greater use and is more succinct, so standardize on
that. Also, change @(YES/NO) to @YES/NO.

Examples:

• NetscapeCoreAnimationMoviePlugin/main.m:

(NPP_GetValue):

Source/WebCore:

No new tests -- no new or changed functionality.

• platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::enqueueSample):

• platform/graphics/cv/ImageTransferSessionVT.mm:

(WebCore::ImageTransferSessionVT::ImageTransferSessionVT):
(WebCore::ImageTransferSessionVT::setSize):
(WebCore::ImageTransferSessionVT::ioSurfacePixelBufferCreationOptions):

• platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

(WebCore::RealtimeIncomingVideoSourceCocoa::pixelBufferPool):

• platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:

(WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):

• platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::applySniffingPoliciesIfNeeded):

Source/WebKit:

• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

• UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::getAttestation const):

Source/WebKitLegacy/mac:

• History/WebHistoryItem.mm:
• WebView/WebFrame.mm:

(-[WebFrame _cacheabilityDictionary]):

• WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Tools:

• DumpRenderTree/mac/ObjCController.m:

(-[ObjCController objectOfClass:]):

• TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm:

(TEST):

• TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(overrideAddObserverForName):

• TestWebKitAPI/ios/mainIOS.mm:

(main):

• TestWebKitAPI/mac/InjectedBundleControllerMac.mm:

(TestWebKitAPI::InjectedBundleController::platformInitialize):

• TestWebKitAPI/mac/mainMac.mm:

(main):

• WebKitLauncher/WebKitNightlyEnabler.m:

(enableWebKitNightlyBehaviour):

4:20 PM Changeset in webkit [248189] by commit-queue@webkit.org

• 2 edits in trunk/LayoutTests

[ Mac ] Layout Test accessibility/mac/press-not-work-for-disabled-menu-list.html is a flaky failure
​https://bugs.webkit.org/show_bug.cgi?id=196505
<rdar://problem/49532620>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Re-wrote test in a timing independent way. This should fix the intermittent failures.

• accessibility/mac/press-not-work-for-disabled-menu-list.html:

4:03 PM Changeset in webkit [248188] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
​https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Explicitly returning BOOL to avoid error in some compiler configurations.

• accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

3:58 PM Changeset in webkit [248187] by ysuzuki@apple.com

• 18 edits
  4 copies
  5 adds in trunk

[JSC] Support WebAssembly in SamplingProfiler
​https://bugs.webkit.org/show_bug.cgi?id=200329

Reviewed by Saam Barati.

JSTests:

• stress/sampling-profiler-wasm-name-section.js: Added.

(const.compile):
(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

• stress/sampling-profiler-wasm.js: Added.

(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

• stress/sampling-profiler/loop.wasm: Added.
• stress/sampling-profiler/loop.wast: Added.
• stress/sampling-profiler/nameSection.wasm: Added.

Source/JavaScriptCore:

The sampling profiler support is critical to investigate what is actually time-consuming. This patch adds the sampling profiler support for Wasm functions
to list up hot Wasm functions with compilation mode (BBQ or OMG). This allows us to investigate the hot functions in JetStream2 wasm tests.

In order to retrieve wasm function information from the sampling profiler safely, we need to know whether the given Wasm CalleeBits is valid in the call frame.
To achieve this, we start collecting valid Wasm::Callee pointers in a global hash set. Previously, each Wasm::Callee registered its code region to a hash set
for wasm fault signal handler to know whether the faulted program-counter is in wasm region. We reuse and change this mechanism. Instead of registering code region,
we register Wasm::Callee* to a hash set. The sampling profiler reuses this hash set to determine whether the given bits is a valid Wasm::Callee.

The sampling profiler retrieves the information safely from valid Wasm::Callee* pointer. It is possible that this Wasm::Callee is about to be dead: ref-count is 0,
now in the middle of the destructor of Wasm::Callee. Even in that case, fields of Wasm::Callee are still valid and can be accessed since destroying these fields happens
after we unregister Wasm::Callee from the global hash set.

We retrieve Wasm::IndexOrName and Wasm::CompilationMode. Copying them does not involve any allocations, locking etc. So we can safely copy them while some of threads are suspended.

This patch also fixes the issue that we never called unregisterCode while every Wasm::Calllee registers its code region through registerCode.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

• runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::FrameWalker):
(JSC::FrameWalker::recordJSFrame):
(JSC::CFrameWalker::CFrameWalker):
(JSC::SamplingProfiler::takeSample):
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::displayName):
(JSC::SamplingProfiler::StackFrame::displayNameForJSONTests):
(JSC::SamplingProfiler::StackFrame::functionStartLine):
(JSC::SamplingProfiler::StackFrame::functionStartColumn):
(JSC::SamplingProfiler::StackFrame::sourceID):
(JSC::SamplingProfiler::StackFrame::url):
(JSC::SamplingProfiler::reportTopBytecodes):
(WTF::printInternal):

• runtime/SamplingProfiler.h:
• tools/JSDollarVM.cpp:

(JSC::functionIsWasmSupported):
(JSC::JSDollarVM::finishCreation):

• wasm/WasmB3IRGenerator.h:
• wasm/WasmBBQPlan.cpp:

(JSC::Wasm::BBQPlan::complete):

• wasm/WasmBBQPlanInlines.h:

(JSC::Wasm::BBQPlan::initializeCallees):

• wasm/WasmCallee.cpp:

(JSC::Wasm::Callee::Callee):
(JSC::Wasm::Callee::~Callee):

• wasm/WasmCallee.h:

(JSC::Wasm::Callee::create): Deleted.
(JSC::Wasm::Callee::entrypoint const): Deleted.
(JSC::Wasm::Callee::calleeSaveRegisters): Deleted.
(JSC::Wasm::Callee::indexOrName const): Deleted.

• wasm/WasmCalleeRegistry.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::CalleeRegistry::initialize):
(JSC::Wasm::CalleeRegistry::singleton):

• wasm/WasmCalleeRegistry.h: Copied from Source/JavaScriptCore/wasm/WasmCallee.cpp.

(JSC::Wasm::CalleeRegistry::getLock):
(JSC::Wasm::CalleeRegistry::registerCallee):
(JSC::Wasm::CalleeRegistry::unregisterCallee):
(JSC::Wasm::CalleeRegistry::isValidCallee):

• wasm/WasmCompilationMode.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::makeString):

• wasm/WasmCompilationMode.h: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.
• wasm/WasmFaultSignalHandler.cpp:

(JSC::Wasm::trapHandler):
(JSC::Wasm::enableFastMemory):
(JSC::Wasm::registerCode): Deleted.
(JSC::Wasm::unregisterCode): Deleted.

• wasm/WasmFaultSignalHandler.h:
• wasm/WasmIndexOrName.h:
• wasm/WasmOMGPlan.cpp:

(JSC::Wasm::OMGPlan::work):

3:57 PM Changeset in webkit [248186] by Wenson Hsieh

• 3 edits in trunk/Tools

TextAutosizingBoost.ChangeAutosizingBoostAtRuntime fails on iPad Simulator
​https://bugs.webkit.org/show_bug.cgi?id=200402
<rdar://problem/53823368>

Reviewed by Tim Horton.

Make it possible to run this test using the iPad simulator.

• TestWebKitAPI/Tests/ios/TextAutosizingBoost.mm:

Two adjustments: (1) override the screen size to be 320 by 568 (so that the legacy text autosizing heuristic
doesn't avoid boosting this text), and (2) force text autosizing on, but disable idempotent text autosizing,
since this would result in differently sized text.

(mainScreenReferenceBoundsOverride):

• TestWebKitAPI/ios/UIKitSPI.h:

3:20 PM Changeset in webkit [248185] by ysuzuki@apple.com

• 3 edits
  1 add in trunk

[JSC] LazyJSValue should be robust for empty JSValue
​https://bugs.webkit.org/show_bug.cgi?id=200388

Reviewed by Saam Barati.

JSTests:

• stress/switch-constant-child-becomes-empty.js: Added.

(foo):

Source/JavaScriptCore:

If the Switch DFG node is preceded by ForceOSRExit or something that invalidates the basic block,
it can take a FrozenValue as a child which includes empty value instead of string, number etc.
If this Switch node is kept and we reached to DFGCFGSimplificationPhase, it will use this FrozenValue.
However, LazyJSValue using this FrozenValue strongly assumes that FrozenValue is never holding empty value.
But this assumption is wrong. This patch makes LazyJSValue robust for empty value.

• dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::tryGetStringImpl const):
(JSC::DFG::LazyJSValue::tryGetString const):
(JSC::DFG::LazyJSValue::strictEqual const):
(JSC::DFG::LazyJSValue::switchLookupValue const):

3:14 PM Changeset in webkit [248184] by Devin Rousso

• 2 edits in trunk/Source/WebCore

Web Inspector: fix inverted check in InspectorDOMStorageAgent::enable
Followup to r248179.

Rubber-stamped by Joseph Pecoraro.

• inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):

3:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

Reviewed safari-607-branch backports through r247496 and resolved … (diff)

2:54 PM Changeset in webkit [248183] by eric.carlson@apple.com

• 2 edits in trunk/Source/WTF

uniqueLogIdentifier() should generate a 64-bit identifier
​https://bugs.webkit.org/show_bug.cgi?id=200403
<rdar://problem/53878447>

Reviewed by Youenn Fablet.

• wtf/LoggerHelper.h:

(WTF::LoggerHelper::childLogIdentifier const): Use uint64_t masks.
(WTF::LoggerHelper::uniqueLogIdentifier): cryptographicallyRandomNumber returns a
uint32_t so use two to generate a 64-bit identifier.

2:32 PM Changeset in webkit [248182] by Fujii Hironori

• 3 edits in trunk/Source/WebCore

[Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
​https://bugs.webkit.org/show_bug.cgi?id=200378

Reviewed by Ross Kirsling.

URL::isolatedCopy() is called in the worker thread. URL is using a
thread-unsafe ref-counter. It should be called in the main thread.

Covered by existing tests.

• platform/network/curl/SocketStreamHandleImpl.h:
• platform/network/curl/SocketStreamHandleImplCurl.cpp:

(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
(WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.

2:19 PM Changeset in webkit [248181] by sihui_liu@apple.com

• 16 edits in trunk

API tests using permanent credentials should clear credentials left by previous tests
​https://bugs.webkit.org/show_bug.cgi?id=199729

Reviewed by Alex Christensen.

Source/WebCore:

Update existing API tests.

• platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::clearSessionCredentials):
(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

• platform/network/CredentialStorage.h:
• platform/network/mac/CredentialStorageMac.mm:

(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

Source/WebKit:

Permanent password credentials currently are shared across processes, so we don't need to clear them from
network process.

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::clearPermanentCredentialsForProtectionSpace): Deleted.

• NetworkProcess/NetworkProcess.h:
• NetworkProcess/NetworkProcess.messages.in:
• UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:]):
(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:completionHandler:]): Deleted.

• UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
• UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace):

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace): Deleted.

• UIProcess/WebProcessPool.h:

Tools:

We used to clear the permanent credentials created by API tests at the end of the API tests, to ensure those
credentials will not affect tests running after. There is a case where permanent credentials were left on the
system, so those API tests were timing out themselves before reaching to the cleanup, which caused cascading
failure. To prevent this from happening again, add cleanup at the begining of the tests.

• TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:

(TEST):

• TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:

(TestWebKitAPI::TEST):

2:07 PM Changeset in webkit [248180] by Devin Rousso

• 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: all navigation items should be shown in the split console
​https://bugs.webkit.org/show_bug.cgi?id=200280

Reviewed by Joseph Pecoraro.

• UserInterface/Views/LogContentView.js:

(WI.LogContentView):
(WI.LogContentView.prototype.get navigationItems):
Adjust the visibilityPriority of each navigationItems so that the filter/scope bars are
kept visible for longer than the "Preserve Log"/"Emulate User Gesture" toggles.

• UserInterface/Views/FindBanner.js:

(WI.FindBanner):

• UserInterface/Views/FindBanner.css:

(.find-banner.console-find-banner > input[type="search"]):
(.find-banner.console-find-banner > :matches(input[type="search"], button)):
(.find-banner.console-find-banner > input[type="search"]:focus, .find-banner.console-find-banner > input[type="search"]:focus ~ button, .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown), .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown) ~ button ): Added.
(.find-banner.console-find-banner > input[type="search"]::placeholder): Deleted.
(.find-banner.console-find-banner > input[type="search"]:focus): Deleted.
(.find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown)): Deleted.
(@media (prefers-color-scheme: dark) .find-banner.console-find-banner > input[type=search]:not(:placeholder-shown)): Deleted.
Make the WI.FindBanner blend in with the surrounding content when it's not focused or has
no content.

2:05 PM Changeset in webkit [248179] by Devin Rousso

• 17 edits in trunk/Source

Web Inspector: Storage: disable related agents when the tab is closed
​https://bugs.webkit.org/show_bug.cgi?id=200117

Reviewed by Joseph Pecoraro.

Rework how enable/disable is used for storage-related agents so that events are not sent
and data isn't kept alive when the Storage tab isn't enabled.

Source/JavaScriptCore:

• inspector/protocol/ApplicationCache.json:

Add disable command.

Source/WebCore:

Covered by existing tests.

• inspector/agents/InspectorApplicationCacheAgent.h:
• inspector/agents/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorApplicationCacheAgent::enable):
(WebCore::InspectorApplicationCacheAgent::disable): Added.

• inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):
(WebCore::InspectorDOMStorageAgent::disable):

• inspector/agents/InspectorDatabaseAgent.cpp:

(WebCore::InspectorDatabaseAgent::enable):
(WebCore::InspectorDatabaseAgent::disable):

Source/WebInspectorUI:

• UserInterface/Controllers/ApplicationCacheManager.js:

(WI.ApplicationCacheManager):
(WI.ApplicationCacheManage.prototype.get domains): Added.
(WI.ApplicationCacheManage.prototype.activateExtraDomain): Added.
(WI.ApplicationCacheManager.prototype.initializeTarget):
(WI.ApplicationCacheManager.prototype.enable): Added.
(WI.ApplicationCacheManager.prototype.disable): Added.
(WI.ApplicationCacheManager.prototype.networkStateUpdated):
(WI.ApplicationCacheManager.prototype.applicationCacheStatusUpdated):
(WI.ApplicationCacheManager.prototype._reset): Added.
(WI.ApplicationCacheManager.prototype._mainResourceDidChange):
(WI.ApplicationCacheManager.prototype._manifestForFrameLoaded):
(WI.ApplicationCacheManager.prototype._framesWithManifestsLoaded):
(WI.ApplicationCacheManager.prototype.initialize): Deleted.

• UserInterface/Controllers/DOMStorageManager.js:

(WI.DOMStorageManager):
(WI.DOMStorageManager.prototype.get domains): Added.
(WI.DOMStorageManager.prototype.activateExtraDomain): Added.
(WI.DOMStorageManager.prototype.initializeTarget):
(WI.DOMStorageManager.prototype.enable): Added.
(WI.DOMStorageManager.prototype.disable): Added.
(WI.DOMStorageManager.prototype.itemsCleared):
(WI.DOMStorageManager.prototype.itemRemoved):
(WI.DOMStorageManager.prototype.itemAdded):
(WI.DOMStorageManager.prototype.itemUpdated):
(WI.DOMStorageManager.prototype.inspectDOMStorage):
(WI.DOMStorageManager.prototype._reset): Added.
(WI.DOMStorageManager.prototype._addDOMStorageIfNeeded):
(WI.DOMStorageManager.prototype._addCookieStorageIfNeeded):
(WI.DOMStorageManager.prototype._mainResourceDidChange):
(WI.DOMStorageManager.prototype.initialize): Deleted.
(WI.DOMStorageManager.prototype.domStorageWasAdded): Deleted.

• UserInterface/Controllers/DatabaseManager.js:

(WI.DatabaseManager):
(WI.DatabaseManager.prototype.get domains): Added.
(WI.DatabaseManager.prototype.activateExtraDomain): Added.
(WI.DatabaseManager.prototype.initializeTarget):
(WI.DatabaseManager.prototype.enable): Added.
(WI.DatabaseManager.prototype.disable): Added.
(WI.DatabaseManager.prototype.databaseWasAdded):
(WI.DatabaseManager.prototype.inspectDatabase):
(WI.DatabaseManager.prototype._reset): Added.
(WI.DatabaseManager.prototype._mainResourceDidChange):
(WI.DatabaseManager.prototype.initialize): Deleted.

• UserInterface/Controllers/IndexedDBManager.js:

(WI.IndexedDBManager):
(WI.IndexedDBManager.prototype.get domains): Added.
(WI.IndexedDBManager.prototype.activateExtraDomain): Added.
(WI.IndexedDBManager.prototype.initializeTarget):
(WI.IndexedDBManager.prototype.enable): Added.
(WI.IndexedDBManager.prototype.disable): Added.
(WI.IndexedDBManager.prototype.clearObjectStore):
(WI.IndexedDBManager.prototype._reset): Added.
(WI.IndexedDBManager.prototype._mainResourceDidChange):
(WI.IndexedDBManager.prototype.initialize): Deleted.

• UserInterface/Controllers/AppController.js:

(WI.AppController.prototype.activateExtraDomains):

• UserInterface/Controllers/CanvasManager.js:

(WI.CanvasManager.prototype.get domains): Added.
(WI.CanvasManager.prototype.activateExtraDomain): Added.
Only call enable on any extra agents if the domain is not controlled by a manager.

• UserInterface/Views/StorageTabContentView.js:

(WI.StorageTabContentView):
(WI.StorageTabContentView.static isTabAllowed):
(WI.StorageTabContentView.prototype.canShowRepresentedObject):
(WI.StorageTabContentView.prototype.closed): Added.

• UserInterface/Test.html:
• UserInterface/Test/Test.js:

(WI.loaded):
(WI.contentLoaded):

2:02 PM Changeset in webkit [248178] by keith_miller@apple.com

• 49 edits
  2 copies in trunk/Source/JavaScriptCore

B3 should support tuple types
​https://bugs.webkit.org/show_bug.cgi?id=200327

Reviewed by Filip Pizlo.

As part of the Wasm multi-value proposal, we need to teach B3 that
patchpoints can return more than one value. This is done by
adding a new B3::Type called Tuple. Unlike, other B3 types Tuple
is actually an encoded index into a numeric B3::Type vector on the
procedure. This lets us distinguish any two tuples from each
other, moreover, it's possible to get the vector of types with
just the B3::Tuple type and the procedure.

Since most B3 operations only expect to see a single numeric child
there is a new Opcode, Extract, that takes yields the some, fixed,
entry from a tuple value. Extract would be the only other change
needed to make tuples work in B3 except that some optimizations
expect to be able to take any non-Void value and stick it into a
Variable of the same type. This means both Get/Set from a variable
have to support Tuples as well. For simplicity and consistency,
the ability to accept tuples is also applied to Phi and Upsilon.

In order to lower a Tuple, B3Lowering needs to have a Tmp for each
nested type in a Tuple. While we could reuse the existing
IndexedTables to hold the extra information we need to lower
Tuples, we instead use a two new HashTables for Value->Tmp(s) and
Phi->Tmp(s). It's expected that Tuples will be sufficiently
uncommon the overhead of tracking everything together would be
prohibitive. On the other hand, we don't worry about this for
Variables because we don't expect those to make it to lowering.

• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• b3/B3Bank.h:

(JSC::B3::bankForType):

• b3/B3CheckValue.cpp:

(JSC::B3::CheckValue::CheckValue):

• b3/B3ExtractValue.cpp: Copied from Source/JavaScriptCore/b3/B3ProcedureInlines.h.

(JSC::B3::ExtractValue::~ExtractValue):
(JSC::B3::ExtractValue::dumpMeta const):

• b3/B3ExtractValue.h: Copied from Source/JavaScriptCore/b3/B3FixSSA.h.
• b3/B3FixSSA.h:
• b3/B3LowerMacros.cpp:
• b3/B3LowerMacrosAfterOptimizations.cpp:
• b3/B3LowerToAir.cpp:
• b3/B3NativeTraits.h:
• b3/B3Opcode.cpp:

(JSC::B3::invertedCompare):
(WTF::printInternal):

• b3/B3Opcode.h:

(JSC::B3::opcodeForConstant):

• b3/B3PatchpointSpecial.cpp:

(JSC::B3::PatchpointSpecial::forEachArg):
(JSC::B3::PatchpointSpecial::isValid):
(JSC::B3::PatchpointSpecial::admitsStack):
(JSC::B3::PatchpointSpecial::generate):

• b3/B3PatchpointValue.cpp:

(JSC::B3::PatchpointValue::dumpMeta const):
(JSC::B3::PatchpointValue::PatchpointValue):

• b3/B3PatchpointValue.h:
• b3/B3Procedure.cpp:

(JSC::B3::Procedure::addTuple):
(JSC::B3::Procedure::isValidTuple const):
(JSC::B3::Procedure::tupleForType const):
(JSC::B3::Procedure::addIntConstant):
(JSC::B3::Procedure::addConstant):

• b3/B3Procedure.h:

(JSC::B3::Procedure::returnCount const):

• b3/B3ProcedureInlines.h:

(JSC::B3::Procedure::extractFromTuple const):

• b3/B3ReduceStrength.cpp:
• b3/B3StackmapSpecial.cpp:

(JSC::B3::StackmapSpecial::isValidImpl):
(JSC::B3::StackmapSpecial::isArgValidForType):
(JSC::B3::StackmapSpecial::isArgValidForRep):
(JSC::B3::StackmapSpecial::isArgValidForValue): Deleted.

• b3/B3StackmapSpecial.h:
• b3/B3StackmapValue.h:
• b3/B3Type.cpp:

(WTF::printInternal):

• b3/B3Type.h:

(JSC::B3::Type::Type):
(JSC::B3::Type::tupleFromIndex):
(JSC::B3::Type::kind const):
(JSC::B3::Type::tupleIndex const):
(JSC::B3::Type::hash const):
(JSC::B3::Type::operator== const):
(JSC::B3::Type::operator!= const):
(JSC::B3::Type::isInt const):
(JSC::B3::Type::isFloat const):
(JSC::B3::Type::isNumeric const):
(JSC::B3::Type::isTuple const):
(JSC::B3::sizeofType):
(JSC::B3::isInt): Deleted.
(JSC::B3::isFloat): Deleted.

• b3/B3TypeMap.h:

(JSC::B3::TypeMap::at):

• b3/B3Validate.cpp:
• b3/B3Value.cpp:

(JSC::B3::Value::isRounded const):
(JSC::B3::Value::effects const):
(JSC::B3::Value::typeFor):

• b3/B3Value.h:
• b3/B3ValueInlines.h:
• b3/B3ValueKey.cpp:

(JSC::B3::ValueKey::intConstant):

• b3/B3ValueKey.h:

(JSC::B3::ValueKey::hash const):

• b3/B3ValueRep.h:
• b3/B3Width.h:

(JSC::B3::widthForType):

• b3/air/AirArg.cpp:

(JSC::B3::Air::Arg::canRepresent const):

• b3/air/AirArg.h:
• b3/air/AirCCallingConvention.cpp:

(JSC::B3::Air::cCallResult):

• b3/air/AirLowerMacros.cpp:

(JSC::B3::Air::lowerMacros):

• b3/testb3.h:

(populateWithInterestingValues):

• b3/testb3_1.cpp:

(run):

• b3/testb3_3.cpp:

(testStorePartial8BitRegisterOnX86):

• b3/testb3_5.cpp:

(testPatchpointWithRegisterResult):
(testPatchpointWithStackArgumentResult):
(testPatchpointWithAnyResult):

• b3/testb3_6.cpp:

(testPatchpointDoubleRegs):
(testSomeEarlyRegister):

• b3/testb3_7.cpp:

(testShuffleDoesntTrashCalleeSaves):
(testReportUsedRegistersLateUseFollowedByEarlyDefDoesNotMarkUseAsDead):
(testSimpleTuplePair):
(testSimpleTuplePairUnused):
(testSimpleTuplePairStack):
(tailDupedTuplePair):
(tuplePairVariableLoop):
(tupleNestedLoop):
(addTupleTests):

• b3/testb3_8.cpp:

(testLoad):
(addLoadTests):

• ftl/FTLAbbreviatedTypes.h:
• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
(JSC::FTL::DFG::LowerDFGToB3::compileCPUIntrinsic):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
(JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitRightShiftSnippet):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):

• wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::AirIRGenerator::emitPatchpoint):

• wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):

• wasm/WasmCallingConvention.h:

(JSC::Wasm::CallingConvention::marshallArgument const):
(JSC::Wasm::CallingConvention::setupFrameInPrologue const):
(JSC::Wasm::CallingConvention::setupCall const):
(JSC::Wasm::CallingConventionAir::setupCall const):

1:39 PM Changeset in webkit [248177] by Devin Rousso

• 22 edits in trunk/Source

Web Inspector: Timelines: Develop > Start Timeline Recording doesn't work when focused on a detached inspector window
​https://bugs.webkit.org/show_bug.cgi?id=200125
<rdar://problem/53543008>

Reviewed by Brian Burg.

Always show the Timelines tab in Web Inspector whenever timeline recording starts/stops.
Notify the UIProcess whenever the timeline recording state changes.

Source/WebCore:

• inspector/InspectorClient.h:

(WebCore::InspectorClient::timelineRecordingChanged): Added.

• inspector/agents/InspectorTimelineAgent.h:
• inspector/agents/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
(WebCore::InspectorTimelineAgent::internalStart):
(WebCore::InspectorTimelineAgent::internalStop):

Source/WebInspectorUI:

• UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setTimelineProfilingEnabled):

Source/WebKit:

• WebProcess/WebPage/WebInspector.messages.in:
• WebProcess/WebPage/WebInspector.h:
• WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::startPageProfiling):
(WebKit::WebInspector::stopPageProfiling):
(WebKit::WebInspector::timelineRecordingChanged): Added.
(WebKit::WebInspector::showTimelines): Deleted.

• WebProcess/WebPage/WebInspectorUI.messages.in:
• WebProcess/WebPage/WebInspectorUI.h:
• WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showTimelines): Deleted.

• WebProcess/WebCoreSupport/WebInspectorClient.h:
• WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::timelineRecordingChanged): Added.

• UIProcess/WebInspectorProxy.messages.in:
• UIProcess/WebInspectorProxy.h:
• UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::togglePageProfiling):
(WebKit::WebInspectorProxy::timelineRecordingChanged): Added.
(WebKit::WebInspectorProxy::showTimelines): Deleted.

• UIProcess/API/C/WKInspector.cpp:

(WKInspectorTogglePageProfiling):

• UIProcess/API/Cocoa/_WKInspector.h:
• UIProcess/API/Cocoa/_WKInspector.mm:

(-[_WKInspector showTimelines]): Deleted.

• WebProcess/InjectedBundle/API/c/WKBundleInspector.cpp:

(WKBundleInspectorSetPageProfilingEnabled):

1:25 PM Changeset in webkit [248176] by Devin Rousso

• 4 edits in trunk/Source/WebInspectorUI

Web Inspector: "Inspector.initialized" happens before breakpoints are set
​https://bugs.webkit.org/show_bug.cgi?id=200364

Reviewed by Joseph Pecoraro.

Allow managers to register a promise that will delay Inspector.initialized. This is needed
when restoring breakpoints so that "Automatically Show Web Inspector for JSContexts" can set
them before any scripts have evaluated, ensuring that no breakpoints are "skipped".

• UserInterface/Protocol/Target.js:

(WI.Target.prototype.initialize):
(WI.Target.registerInitializationPromise): Added.

• UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):

• UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager):

1:22 PM Changeset in webkit [248175] by commit-queue@webkit.org

• 4 edits
  2 adds in trunk

Web Inspector: Crash when interacting with Template Content in Console
​https://bugs.webkit.org/show_bug.cgi?id=196280

Patch by Yury Semikhatsky <​yurys@chromium.org> on 2019-08-02
Reviewed by Joseph Pecoraro.

Source/WebCore:

Test: inspector/dom/inspect-template-node.html

• bindings/js/JSDOMBindingSecurity.cpp:

(WebCore::canAccessDocument): if target element is from a
<template> use its host document to check the access. Elements
from the host document always have access to its template elements content.

• inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::resolveNode): templates are created in
special template document which doesn't have a frame, in such case get
the frame from the host document.

LayoutTests:

• inspector/dom/inspect-template-node-expected.txt: Added.
• inspector/dom/inspect-template-node.html: Added.

1:09 PM Changeset in webkit [248174] by jer.noble@apple.com

• 2 edits in trunk/Source/WebKit

[iPadOS] slides.google.com: Full Screen API warning is presented when swiping through slides
​https://bugs.webkit.org/show_bug.cgi?id=200313
<rdar://problem/53777001>

Reviewed by Eric Carlson.

Only run the secheuristic scoring during UIGestureRecognizerStateEnded, rather than both
UIGestureRecognizerStateEnded and UIGestureRecognizerStateBegan. The goal of the heuristic is
to detect fake on-screen keyboards by detecting gestures that look like "typing". Using only
UIGestureRecognizerStateEnded still allows us to do this (as typing will usually have identical
geometries for both Ended and Began) without generating false-positives during swipe gestures.

• UIProcess/ios/fullscreen/WKFullScreenViewController.mm:

(-[WKFullScreenViewController _touchDetected:]):

1:07 PM Changeset in webkit [248173] by rniwa@webkit.org

• 3 edits in trunk/Source/WebCore

Harden NodeRareData::m_connectedFrameCount
​https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

• dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

• dom/NodeRareData.h:

12:58 PM Changeset in webkit [248172] by rniwa@webkit.org

• 5 edits
  2 adds in trunk

Document::resume should delay resetting of form control elements.
​https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

• html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

• html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

• fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
• fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
• platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

12:46 PM Changeset in webkit [248171] by ysuzuki@apple.com

• 3 edits in trunk/Source/JavaScriptCore

[JSC] Use "destroy" function directly for JSWebAssemblyCodeBlock and WebAssemblyFunction
​https://bugs.webkit.org/show_bug.cgi?id=200385

Reviewed by Mark Lam.

These CellTypes are not using classInfo stored in the cells, so we can just call JSWebAssemblyCodeBlock::destroy
and WebAssemblyFunction::destroy directly.

• wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:

(JSC::JSWebAssemblyCodeBlockDestroyFunc::operator() const):

• wasm/js/WebAssemblyFunctionHeapCellType.cpp:

(JSC::WebAssemblyFunctionDestroyFunc::operator() const):

12:17 PM Changeset in webkit [248170] by youenn@apple.com

• 2 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
​https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Unreviewed.
Build fix by guarding with MEDIA_STREAM in addition to IOS.

• dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

12:10 PM Changeset in webkit [248169] by commit-queue@webkit.org

• 8 edits
  2 adds in trunk

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
​https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/ios-simulator/element-in-table-cell.html

Added _accessibilityIsInTableCell needed for iOS accessibility client.

• accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

Tools:

Glue code to exercise new method [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

• WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::isInTableCell const):

• WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
• WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
• WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::isInTableCell const):

LayoutTests:

New test that exercises [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

• accessibility/ios-simulator/element-in-table-cell-expected.txt: Added.
• accessibility/ios-simulator/element-in-table-cell.html: Added.

12:03 PM Changeset in webkit [248168] by commit-queue@webkit.org

• 2 edits in trunk/Tools

[results.webkit.org Timeline] Using transform matrix to calculate the tag rotation position
​https://bugs.webkit.org/show_bug.cgi?id=200397

Patch by Zhifei Fang <​zhifei_fang@apple.com> on 2019-08-02
Reviewed by Jonathan Bedard.

• resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

11:58 AM Changeset in webkit [248167] by eric.carlson@apple.com

• 2 edits in trunk/Source/WebCore

[macOS, iOS] webaudio/silent-audio-interrupted-in-background.html sometimes crashes
​https://bugs.webkit.org/show_bug.cgi?id=200396
<rdar://problem/53819720>

Reviewed by Youenn Fablet.

No new test, this fixes an existing test.

• platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:

(WebCore::AudioSourceProviderAVFObjC::~AudioSourceProviderAVFObjC): Drop the
lock before clearing m_tapStorage.

11:49 AM Changeset in webkit [248166] by Wenson Hsieh

• 6 edits in trunk

[macOS 10.15] Image dragged from Safari does not appear in Notes
​https://bugs.webkit.org/show_bug.cgi?id=188490
<rdar://problem/39462717>

Reviewed by Andy Estes.

Source/WebKit:

Removes some logic that clears out the cached promised drag image in the UI process when WebKit is asked to
provide TIFF image data. This prevents the drop destination from asking for promised image data, if anything
else (e.g. the system) also asks the web view to provide the same data. Additionally, this logic didn't
previously guarantee that the promised image would be cleared anyways, since it is dependent on the drop target
actually requesting the promised image in order to perform the cleanup.

In lieu of clearing the promised drag image when it's requested, we instead clear it out upon mainframe
navigation, in PageClientImpl::didCommitLoadForMainFrame.

Test: DragAndDropTests.MultiplePromisedImageDataRequests

• UIProcess/Cocoa/WebViewImpl.h:
• UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::clearPromisedDragImage):
(WebKit::WebViewImpl::pasteboardChangedOwner):
(WebKit::WebViewImpl::provideDataForPasteboard):

Fix the bug by not immediately clearing out the promised drag image.

• UIProcess/mac/PageClientImplMac.mm:

(WebKit::PageClientImpl::didCommitLoadForMainFrame):

Tools:

Add a test to verify that promised image data can be delivered to multiple pasteboards when performing a drop.

• TestWebKitAPI/Tests/mac/DragAndDropTestsMac.mm:

11:47 AM Changeset in webkit [248165] by youenn@apple.com

• 2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
​https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

• libwebrtc.xcodeproj/project.pbxproj:

11:39 AM Changeset in webkit [248164] by Keith Rollin

• 9 edits
  5 deletes in trunk/Source/WebKit

macCatalyst build fails the first attempt, requires a second build
​https://bugs.webkit.org/show_bug.cgi?id=200242
<rdar://problem/53678481>

macCatalyst builds fail the first time with an error like:

Code Signing Error: The file
"/Users/tim_cook/Build/Debug-maccatalyst/DerivedSources/WebKit2/WebContent-macCatalyst-no-sandbox.entitlements"
could not be opened. Verify the value of the
CODE_SIGN_ENTITLEMENTS build setting for target "WebContent" is
correct and that the file exists on disk.

This problem is caused by the file referenced by
CODE_SIGN_ENTITLEMENTS changing during the build process. For
macCatalyst builds, we start with the iOS entitlements files and then
tweak them for macCatalyst. When this occurs during a clean build,
Xcode sees the entitlements file being generated and complains about
it. Restarting the build does so with the file already existing, and
so Xcode does not complain about it.

The approach of generating or tweaking entitlement files may have
worked in the past, but the fact is that Xcode doesn't support it.

We had a similar problem with macOS builds. The entitlements files
used to be generated on the fly with scripts like
WebKit/Scripts/process-network-sandbox-entitlements.sh. That process
was reworked to avoid the issue with Xcode not allowing the files to
be generated (see r241135). In short:

o The various process-*-entitlements.sh scripts were consolidated into

a single process-entitlements file

o CODE_SIGN_ENTITLEMENTS, which contains the name of the entitlements

file to use, was de-initialized so that Xcode would not try to
access our generated entitlements file

o CODE_SIGN_INJECT_BASE_ENTITLEMENTS (which injects some base

entitlements) was set to NO. If it were left set to YES, Xcode would
create its own entitlements file and use it as if it were specified
in CODE_SIGN_ENTITLEMENTS

o WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was updated with an

"--entitlements <generated_file>" option.
WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was then used to initialize
OTHER_CODE_SIGN_FLAGS. By specifying the entitlements file this way,
we avoid Xcode complaining about it.

This approach works well for macOS, and so we now also use it to
address the issue with macCatalyst. While we're at it, convert the
rest of the platforms to use the same approach and also generate their
entitlements from the process-entitlements script.

The new process was validated by performing a build with the old
process and the new process, and then comparing the entitlements of
the resulting XPC services to make sure they were the same. Builds
were performed for all platforms, and for Engineering and Production
builds.

Reviewed by Brent Fulgham.

• Configurations/BaseXPCService.xcconfig:
• Configurations/Network-iOS.entitlements: Removed.
• Configurations/Network-macCatalyst.entitlements: Removed.
• Configurations/NetworkService.xcconfig:
• Configurations/PluginService.64.xcconfig:
• Configurations/PluginService.entitlements: Removed.
• Configurations/WebContent-iOS.entitlements: Removed.
• Configurations/WebContent-macCatalyst.entitlements: Removed.
• Configurations/WebContentService.Development.xcconfig:
• Configurations/WebContentService.xcconfig:
• Scripts/copy-webcontent-resources-to-private-headers.sh:
• Scripts/process-entitlements.sh:
• WebKit.xcodeproj/project.pbxproj:

11:27 AM Changeset in webkit [248163] by achristensen@apple.com

• 2 edits in trunk/Tools

Fix API test after r248139
​https://bugs.webkit.org/show_bug.cgi?id=200102

• TestWebKitAPI/Tests/WebKitCocoa/AdditionalReadAccessAllowedURLsPlugin.mm:

(-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
This was supposed to be removed as part of reverting r245322.

11:16 AM Changeset in webkit [248162] by mark.lam@apple.com

• 2 edits in trunk/Source/JavaScriptCore

Gardening: build fix.
​https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Not reviewed.

• assembler/CPU.cpp:

(JSC::hwPhysicalCPUMax):

10:34 AM Changeset in webkit [248161] by youenn@apple.com

• 4 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
​https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Reviewed by Eric Carlson.

Instead of registering a MediaStreamTrack as a media producer to compute capture state,
go directly to the sources from the RealtimeMediaSourceCenter.
Do the same when requested to mute capture tracks.

No observable change of behavior.
Covered by manual test on iOS and existing tests.

• Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::MediaStreamTrack):
(WebCore::MediaStreamTrack::~MediaStreamTrack):
(WebCore::MediaStreamTrack::mediaState const):
(WebCore::sourceCaptureState):
(WebCore::MediaStreamTrack::captureState):
(WebCore::MediaStreamTrack::muteCapture):

• Modules/mediastream/MediaStreamTrack.h:
• dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

10:33 AM Changeset in webkit [248160] by commit-queue@webkit.org

• 2 edits in trunk/Source/ThirdParty/libwebrtc

Unreviewed, rolling out r248156.
​https://bugs.webkit.org/show_bug.cgi?id=200393

It broke internal bots (Requested by youenn on #webkit).

Reverted changeset:

"Add build check for libwebrtc ObjectiveC names"
​https://bugs.webkit.org/show_bug.cgi?id=200365
​https://trac.webkit.org/changeset/248156

10:30 AM Changeset in webkit [248159] by achristensen@apple.com

• 2 edits in trunk/Source/WTF

Fix an internal build after r248139
​https://bugs.webkit.org/show_bug.cgi?id=200102

• wtf/cocoa/FileSystemCocoa.mm:

Some internal builds couldn't find BOM framework headers.
No problem. They're not needed. Just remove references to them.

10:09 AM Changeset in webkit [248158] by Alan Coon

• 2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247875. rdar://problem/53841460

[iOS] REGRESSION: Keyboard dismisses and reappears when typing 2FA pin on appleid.apple.com
​https://bugs.webkit.org/show_bug.cgi?id=200171
<rdar://problem/50245251>

Reviewed by Wenson Hsieh.

Take out an InputViewUpdateDeferrer token (if we don't already have one) to temporarily defer
tearing down the input view (keyboard) before bluring the previously focused element as part
of switching between focused elements. This avoid a noticeable flash caused by UIKit animating
out and animating in the keyboard should the newly focused element require the keyboard. We
only take out the InputViewUpdateDeferrer until we fall off the end of _elementDidFocus: (or
bail early). Once we fall of the end UIKit will update input view UI.

• UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@247875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:06 AM Changeset in webkit [248157] by Alan Coon

• 7 edits in branches/safari-608.1-branch/Source

Versioning.

10:04 AM Changeset in webkit [248156] by youenn@apple.com

• 2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
​https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

• libwebrtc.xcodeproj/project.pbxproj:

9:43 AM Changeset in webkit [248155] by Chris Dumez

• 17 edits
  2 adds in trunk

DOMWindow properties may get GC'd before their Window object
​https://bugs.webkit.org/show_bug.cgi?id=200359

Reviewed by Ryosuke Niwa.

Source/WebCore:

DOMWindow properties may get GC'd before their Window object once their frame is detached. This
is unexpected behavior given that these properties persist on the Window after the frame is
detached. This patch thus updates their bindings so that they live as long as their window, not
their frame.

Note that this also fixes a thread-safety issue since DOMWindowProperty::frame() would get called
from GC threads, although its implementation looks like:
"""

return m_window ? m_window->frame() : nullptr;

"""

Because m_window is a WeakPtr<DOMWindow> and because windows get destroyed on the main thread,
we could in theory crash when dereferencing m_window->frame() from the GC thread.

Test: fast/dom/dom-window-property-gc-after-frame-detach.html

• bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::visitAdditionalChildren):

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

• bindings/scripts/IDLAttributes.json:
• css/StyleMedia.idl:
• loader/appcache/DOMApplicationCache.idl:
• page/BarProp.idl:
• page/DOMSelection.idl:
• page/History.idl:
• page/Location.idl:
• page/Navigator.idl:
• page/Screen.idl:
• page/VisualViewport.idl:
• plugins/DOMMimeTypeArray.idl:
• plugins/DOMPluginArray.idl:
• storage/Storage.idl:

LayoutTests:

Add layout test coverage.

• fast/dom/dom-window-property-gc-after-frame-detach-expected.txt: Added.
• fast/dom/dom-window-property-gc-after-frame-detach.html: Added.

6:23 AM Changeset in webkit [248154] by Carlos Garcia Campos

• 1 copy in releases/WebKitGTK/webkit-2.25.4

WebKitGTK 2.25.4

6:22 AM Changeset in webkit [248153] by Carlos Garcia Campos

• 4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.25.4 release

.:

• Source/cmake/OptionsGTK.cmake: Bump version numbers

Source/WebKit:

• gtk/NEWS: Add release notes for 2.25.4.

3:20 AM Changeset in webkit [248152] by Konstantin Tokarev

• 3 edits in trunk/Source/WebCore

Remove constructors and operators of FontPlatformData defined only for Freetype
​https://bugs.webkit.org/show_bug.cgi?id=200379

Reviewed by Carlos Garcia Campos.

These methods only make maintenance harder, as all data fields are
trivially copyable. Constructors generated by compiler should be used
instead.

• platform/graphics/FontPlatformData.h:
• platform/graphics/freetype/FontPlatformDataFreeType.cpp:

1:58 AM Changeset in webkit [248151] by Konstantin Tokarev

• 2 edits in trunk/Source/WebCore

Remove unused constructor declaration from FontPlatformData
​https://bugs.webkit.org/show_bug.cgi?id=200371

Reviewed by Carlos Garcia Campos.

It is not implemented by any port.

• platform/graphics/FontPlatformData.h:

1:56 AM Changeset in webkit [248150] by commit-queue@webkit.org

• 5 edits in trunk

[SOUP] WebSockets: use SOUP_WEBSOCKET_CLOSE_NO_STATUS when closing with no status
​https://bugs.webkit.org/show_bug.cgi?id=200338

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2019-08-02
Reviewed by Alex Christensen.

Source/WebKit:

• NetworkProcess/soup/WebSocketTaskSoup.cpp:

(WebKit::WebSocketTask::close):

LayoutTests:

Remove failure expectation for http/tests/websocket/tests/hybi/client-close.html

• platform/gtk/TestExpectations:
• platform/wpe/TestExpectations:

Aug 1, 2019:

10:58 PM Changeset in webkit [248149] by ysuzuki@apple.com

• 5 edits
  1 add in trunk

GetterSetter type confusion during DFG compilation
​https://bugs.webkit.org/show_bug.cgi?id=199903

Reviewed by Mark Lam.

JSTests:

• stress/cse-propagated-constant-may-not-follow-structure-restrictions.js: Added.

Source/JavaScriptCore:

In AI, we are strongly assuming that GetGetter's child constant value should be GetterSetter if it exists.
However, this can be wrong since nobody ensures that. AI assumed so because the control-flow and preceding
CheckStructure ensures that. But this preceding check can be eliminated if the node becomes (at runtime) unreachable.

Let's consider the following graph.

129:<!0:-> PutByOffset(KnownCell:@115, KnownCell:@115, Check:Untyped:@124, MustGen, id5{length}, 0, W:NamedProperties(5), ClobbersExit, bc#154, ExitValid)
130:<!0:-> PutStructure(KnownCell:@115, MustGen, %C8:Object -> %C3:Object, ID:7726, R:JSObject_butterfly, W:JSCell_indexingType,JSCell_structureID,JSCell_typeInfoFlags,JSCell_typeInfoType, ClobbersExit, bc#154, ExitInvalid)
...
158:<!0:-> GetLocal(Check:Untyped:@197, JS|MustGen|UseAsOther, Final, loc7(R<Final>/FlushedCell), R:Stack(-8), bc#187, ExitValid) predicting Final
210:< 1:-> DoubleRep(Check:NotCell:@158, Double|PureInt, BytecodeDouble, Exits, bc#187, ExitValid)
...
162:<!0:-> CheckStructure(Cell:@158, MustGen, [%Ad:Object], R:JSCell_structureID, Exits, bc#192, ExitValid)
163:< 1:-> GetGetterSetterByOffset(KnownCell:@158, KnownCell:@158, JS|UseAsOther, OtherCell, id5{length}, 0, R:NamedProperties(5), Exits, bc#192, ExitValid)
164:< 1:-> GetGetter(KnownCell:@163, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

At @163 and @164, AI proves that @158's AbstractValue is None because @210's edge filters out Cells @158 is a cell. But we do not invalidate graph status as "Invalid" even if edge filters out all possible value.
This is because the result of edge can be None in a valid program. For example, we can put a dependency edge between a consuming node and a producing node, where the producing node is just like a check and it
does not produce a value actually. So, @163 and @164 are not invalidated. This is totally fine in our compiler pipeline right now.

But after that, global CSE phase found that @115 and @158 are same and @129 dominates @158. As a result, we can replace GetGetter child's @163 with @124. Since CheckStructure is already removed (and now, at runtime,
@163 and @164 are never executed), we do not have any structure guarantee on @158 and the result of @163. This means that @163's CSE result can be non-GetterSetter value.

124:< 2:-> JSConstant(JS|UseAsOther, Final, Weak:Object: 0x1199e82a0 with butterfly 0x0 (Structure %B4:Object), StructureID: 49116, bc#0, ExitValid)
...
126:< 2:-> GetGetter(KnownCell:Kill:@124, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

AI filters out @124's non-cell values. But @126 can get non-GetterSetter cell at AI phase. But our AI code is like the following.

JSValue base = forNode(node->child1()).m_value;
if (base) {

GetterSetter* getterSetter = jsCast<GetterSetter*>(base);
...

Then, jsCast casts the above object with GetterSetter accidentally.

In general, DFG AI can get a proven constant value, which could not be shown at runtime. This happens if the processing node is unreachable at runtime while the graph is not invalid yet, because preceding edge
filters already filter out all the possible execution. DFG AI already considered about this possibility, and it attempts to fold a node into a constant only when the constant input matches against the expected one.
But several DFG nodes are not handling this correctly: GetGetter, GetSetter, and SkipScope.

In this patch, we use jsDynamicCast to ensure that the constant input matches against the expected (foldable) one, and fold it only when the expectation is met.
We also remove DFG::Node::castConstant and its use. We should not rely on the constant folded value based on graph's control-flow.

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGNode.h:

(JSC::DFG::Node::castConstant): Deleted.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

10:46 PM Changeset in webkit [248148] by Chris Dumez

• 5 edits
  2 adds in trunk

Pages using MessagePorts should be PageCacheable
​https://bugs.webkit.org/show_bug.cgi?id=200366
<rdar://problem/53837882>

Reviewed by Geoffrey Garen.

Source/WebCore:

Allow a page to enter PageCache, even if it has MessagePorts (potentially with
pending messages). If there are pending messages on the MessagePorts when
entering PageCache, those will get dispatched upon restoring from PageCache.

Test: fast/history/page-cache-MessagePort-pending-message.html

• dom/MessagePort.cpp:

(WebCore::MessagePort::messageAvailable):
(WebCore::MessagePort::dispatchMessages):
Do not dispatch messages while in PageCache.

(WebCore::MessagePort::canSuspendForDocumentSuspension const):
Allow pages with MessagePort objects to enter PageCache.

• dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
Make sure pending messages on MessagePorts get dispatched asynchronously after restoring
from PageCache.

• loader/DocumentLoader.cpp:

(WebCore::areAllLoadersPageCacheAcceptable):
Make sure only CachedResources that are still loading upon load cancelation prevent
entering PageCache.

LayoutTests:

Add layout test coverage.

• fast/history/page-cache-MessagePort-pending-message-expected.txt: Added.
• fast/history/page-cache-MessagePort-pending-message.html: Added.

9:30 PM Changeset in webkit [248147] by Konstantin Tokarev

• 2 edits in trunk/Source/WebCore

Fix compilation of PageConsoleClient with !ENABLE(VIDEO)
​https://bugs.webkit.org/show_bug.cgi?id=200380

Reviewed by Joseph Pecoraro.

• page/PageConsoleClient.cpp:

(WebCore::PageConsoleClient::screenshot):

8:50 PM Changeset in webkit [248146] by commit-queue@webkit.org

• 2 edits in trunk/Tools

results.webkit.org: Force update cache when timeline updated
​https://bugs.webkit.org/show_bug.cgi?id=200363

Patch by Zhifei Fang <​zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

• resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(offscreenCachedRenderFactory): Add ability to force the redraw.
(Timeline.CanvasSeriesComponent): Force redraw when scales or dots are updated.
(Timeline.CanvasXAxisComponent): Force redraw when scales are updated. Add missing exporter for export scales update API

8:45 PM Changeset in webkit [248145] by Chris Dumez

• 2 edits in trunk/LayoutTests

fast/forms/ios/file-upload-panel.html is flaky on iOS 13
​https://bugs.webkit.org/show_bug.cgi?id=200357
<rdar://problem/53028551>

Reviewed by Zalan Bujtas.

Use UIHelper.activateElementAtHumanSpeed() instead of UIHelper.activateElement()
to address flakiness. If the button taps are issued to quickly, some of them
get swallowed.

• fast/forms/ios/file-upload-panel.html:

6:59 PM Changeset in webkit [248144] by commit-queue@webkit.org

• 16 edits in trunk

Do not send NetworkProcessProxy::LogTestingEvent message if we are not testing
​https://bugs.webkit.org/show_bug.cgi?id=200360

Patch by Alex Christensen <​achristensen@webkit.org> on 2019-08-01
Reviewed by Tim Horton.

Source/WebKit:

Sending this message causes instantiation of the default WebsiteDataStore in the UIProcess,
which causes more memory to be used than is needed if we are browsing without the default WebsiteDataStore.

Covered by an API test.

• NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::logTestingEvent):

• NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::NetworkSession):

• NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::enableResourceLoadStatisticsLogTestingEvent const):

• NetworkProcess/NetworkSessionCreationParameters.cpp:

(WebKit::NetworkSessionCreationParameters::encode const):
(WebKit::NetworkSessionCreationParameters::decode):

• NetworkProcess/NetworkSessionCreationParameters.h:
• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess):

• UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::parameters):

• UIProcess/WebsiteData/WebsiteDataStore.h:

(WebKit::WebsiteDataStore::hasStatisticsTestingCallback const):

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm:

(cleanupITPDatabase):
(TEST):

6:58 PM Changeset in webkit [248143] by mark.lam@apple.com

• 20 edits in trunk/Source

Add crash diagnostics for debugging unexpected zapped cells.
​https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

Add a check for zapped cells in SlotVisitor::appendToMarkStack() and
SlotVisitor::visitChildren(). If a zapped cell is detected, we will crash with
some diagnostic info.

To facilitate this, we've made the following changes:

1. Changed FreeCell to preserve the 1st 8 bytes. This is fine to do because all cells are at least 16 bytes long.
2. Changed HeapCell::zap() to only zap the structureID. Leave the rest of the cell header info intact (including the cell JSType).
3. Changed HeapCell::zap() to record the reason for zapping the cell. We stash the reason immediately after the first 8 bytes. This is the same location as FreeCell::scrambledNext. However, since a cell is not expected to be zapped and on the free list at the same time, it is also fine to do this.
4. Added a few utility functions to MarkedBlock for checking if a cell points into the block.
5. Added VMInspector and JSDollarVM utilities to dump in-use subspace hashes.
6. Added some comments to document the hashes of known subspaces.
7. Added Options::dumpZappedCellCrashData() to make this check conditional. We use this option to disable this check for slower machines so that their PLT5 performance is not impacted.

• assembler/CPU.cpp:

(JSC::hwL3CacheSize):
(JSC::hwPhysicalCPUMax):

• assembler/CPU.h:

(JSC::hwL3CacheSize):
(JSC::hwPhysicalCPUMax):

• heap/FreeList.h:

(JSC::FreeCell::offsetOfScrambledNext):

• heap/HeapCell.h:

(JSC::HeapCell::zap):
(JSC::HeapCell::isZapped const):

• heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::stopAllocating):

• heap/MarkedBlock.h:

(JSC::MarkedBlock::Handle::start const):
(JSC::MarkedBlock::Handle::end const):
(JSC::MarkedBlock::Handle::contains const):

• heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::specializedSweep):

• heap/MarkedSpace.h:

(JSC::MarkedSpace::forEachSubspace):

• heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::reportZappedCellAndCrash):

• heap/SlotVisitor.h:
• jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):

• runtime/Options.cpp:

(JSC::Options::initialize):

• runtime/Options.h:
• runtime/VM.cpp:

(JSC::VM::VM):

• tools/JSDollarVM.cpp:

(JSC::functionDumpSubspaceHashes):
(JSC::JSDollarVM::finishCreation):

• tools/VMInspector.cpp:

(JSC::VMInspector::dumpSubspaceHashes):

• tools/VMInspector.h:

Source/WebCore:

No new tests because this is a feature for debugging crashes. It has been tested
manually by modifying the code to force a crash at the point of interest.

Added some comments to document the hashes of known subspaces.

• bindings/js/WebCoreJSClientData.cpp:

(WebCore::JSVMClientData::JSVMClientData):

5:03 PM Changeset in webkit [248142] by Devin Rousso

• 3 edits in trunk/Source/WebInspectorUI

Unreviewed, remove emulateUserGesture parameter from Debugger.evaluateOnCallFrame for iOS 13

Rubber-stamped by Joseph Pecoraro.

• UserInterface/Protocol/Legacy/13.0/InspectorBackendCommands.js:
• Versions/Inspector-iOS-13.0.json:

The iOS 13 protocol has already been decided, so these shouldn't have been added unless they
were cherry-picked in.

4:13 PM Changeset in webkit [248141] by sbarati@apple.com

• 2 edits in trunk/Source/WebCore

[WHLSL] Do simple nullptr check elimination using basic data flow analysis when generating metal code
​https://bugs.webkit.org/show_bug.cgi?id=200352

Reviewed by Myles C. Maxfield.

When doing metal code generation, we frequently know whether something
is null or not. This patch does a basic propagation of this information
to avoid emitting excessive null checks in the generated Metal code.
This is a 6% speedup (with a p value of 0.0001) in Metal compile times
on compute_boids.

An example of a null check we now eliminate is:
`
int x;
thread int* ptr = &x; We know that the lvalue for "x" is non-null, so we produce a non-null rvalue here.
*ptr = 42; We know that the "ptr" rvalue is non-null, so we omit the null check.
`

• Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValueWithNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValueAndNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):

4:10 PM Changeset in webkit [248140] by Alan Coon

• 1 copy in tags/Safari-608.1.41

Tag Safari-608.1.41.

3:29 PM Changeset in webkit [248139] by commit-queue@webkit.org

• 35 edits
  1 add in trunk

Move FormData zip file generation to NetworkProcess and enable it for all WebKit clients for uploading directories
​https://bugs.webkit.org/show_bug.cgi?id=200102
<rdar://problem/53275114>

Patch by Alex Christensen <​achristensen@webkit.org> on 2019-08-01
Reviewed by Darin Adler.

Source/WebCore:

To enable directory uploading in WebKit2, we extended WebKit1's model of asking the application to generate a file for uploading.
This means the WebProcess needed access to everything necessary to zip a whole directory, and clients that have not implemented
the strange WKBundlePageUIClient callbacks won't be able to upload directories. Safari's implementation had already been copied
to BlobDataFileReference::generateReplacementFile, so I reused that code to do the zipping. Instead of a complicated model of
keeping track of a filename, possibly a generated filename, and whether we think we own the file or not and having nobody clean up,
we now do the generation, use, and cleaning up in the network process starting with a new function generateFilesForUpload.
This removes unimplemented SPI in WebUIDelegatePrivate in WebKitLegacy and stops calling the WKBundlePageUIClient related to upload
file generation and replaces them with automatic behavior equivalent to Safari's implementation of the WKBundlePageUIClient calls.
Since we no longer need to do these file operations in the WebProcess, I am also reverting r245322 and r246077 which tightens the sandbox.

Covered by an API test.

• Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract):
(WebCore::FetchBody::bodyAsFormData const):

• loader/FormSubmission.cpp:

(WebCore::FormSubmission::create):

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::submitForm):
(WebCore::FrameLoader::loadDifferentDocumentItem):

• loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveResponse):
(WebCore::ResourceLoader::cleanupForError):

• page/Chrome.cpp:

(WebCore::ChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebCore::ChromeClient::generateReplacementFile): Deleted.

• page/ChromeClient.h:
• platform/network/FormData.cpp:

(WebCore::FormData::FormData):
(WebCore::FormData::~FormData):
(WebCore::FormData::createMultiPart):
(WebCore::FormDataElement::lengthInBytes const):
(WebCore::FormData::appendFile):
(WebCore::FormData::appendFileRange):
(WebCore::FormData::appendMultiPartFileValue):
(WebCore::FormData::appendMultiPartKeyValuePairItems):
(WebCore::FormData::resolveBlobReferences):
(WebCore::generateFileForUpload):
(WebCore::FormData::generateFilesForUpload):
(WebCore::FormData::generateFiles): Deleted.
(WebCore::FormData::hasGeneratedFiles const): Deleted.
(WebCore::FormData::hasOwnedGeneratedFiles const): Deleted.
(WebCore::FormData::removeGeneratedFilesIfNeeded): Deleted.

• platform/network/FormData.h:

(WebCore::FormDataElement::FormDataElement):
(WebCore::FormDataElement::EncodedFileData::isolatedCopy const):
(WebCore::FormDataElement::EncodedFileData::operator== const):
(WebCore::FormDataElement::EncodedFileData::encode const):
(WebCore::FormDataElement::EncodedFileData::decode):

• platform/network/cf/FormDataStreamCFNet.cpp:

(WebCore::advanceCurrentStream):
(WebCore::formCreate):
(WebCore::formFinalize):
(WebCore::createHTTPBodyCFReadStream):

• platform/network/mac/BlobDataFileReferenceMac.mm:

(WebCore::generateFileForUpload):
(WebCore::BlobDataFileReference::generateReplacementFile):

• xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::send):

Source/WebKit:

• NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::encode const):

• Platform/IPC/FormDataReference.h:

(IPC::FormDataReference::encode const):

• Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
• WebProcess/InjectedBundle/API/APIInjectedBundlePageUIClient.h:

(API::InjectedBundle::PageUIClient::shouldGenerateFileForUpload): Deleted.
(API::InjectedBundle::PageUIClient::generateFileForUpload): Deleted.

• WebProcess/InjectedBundle/InjectedBundlePageUIClient.cpp:

(WebKit::InjectedBundlePageUIClient::shouldGenerateFileForUpload): Deleted.
(WebKit::InjectedBundlePageUIClient::generateFileForUpload): Deleted.

• WebProcess/InjectedBundle/InjectedBundlePageUIClient.h:
• WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebKit::WebChromeClient::generateReplacementFile): Deleted.

• WebProcess/WebCoreSupport/WebChromeClient.h:
• WebProcess/com.apple.WebProcess.sb.in:

Source/WebKitLegacy/mac:

• DefaultDelegates/WebDefaultUIDelegate.mm:

(-[WebDefaultUIDelegate webView:shouldReplaceUploadFile:usingGeneratedFilename:]): Deleted.
(-[WebDefaultUIDelegate webView:generateReplacementFile:]): Deleted.

• WebCoreSupport/WebChromeClient.h:
• WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebChromeClient::generateReplacementFile): Deleted.

• WebView/WebUIDelegatePrivate.h:

Source/WTF:

Move code from BlobDataFileReference::generateReplacementFile to FileSystem::createZipArchive.

• wtf/FileSystem.cpp:

(WTF::FileSystemImpl::createZipArchive):

• wtf/FileSystem.h:
• wtf/cocoa/FileSystemCocoa.mm:

(WTF::FileSystemImpl::createZipArchive):

Tools:

Add an API test that is Mac-only right now because runOpenPanelWithParameters is only supported on Mac for some reason
and because clicking on a TestWKWebView only works on Mac.

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm: Added.

(-[UploadDelegate initWithDirectory:]):
(-[UploadDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]):
(-[UploadDelegate sentDirectory]):
(TEST):

• TestWebKitAPI/cocoa/TestWKWebView.h:
• TestWebKitAPI/cocoa/TestWKWebView.mm:

(-[TestWKWebView sendClickAtPoint:]):

3:27 PM Changeset in webkit [248138] by Alan Coon

• 1 copy in tags/Safari-608.2.2

Tag Safari-608.2.2.

3:26 PM Changeset in webkit [248137] by Alan Coon

• 1 delete in tags/Safari-608.2.2

Delete tag.

3:18 PM Changeset in webkit [248136] by Alan Coon

• 7 edits in branches/safari-608-branch

Apply patch. rdar://problem/53764238

3:10 PM Changeset in webkit [248135] by Alan Coon

• 1 copy in tags/Safari-608.2.2

Tag Safari-608.2.2.

2:45 PM Changeset in webkit [248134] by commit-queue@webkit.org

• 2 edits in trunk/Tools

[results.webkit.org] Timeline.CanvasXAxisComponent height should be defined by option
​https://bugs.webkit.org/show_bug.cgi?id=200321

Patch by Zhifei Fang <​zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

*resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:
Let the axis' height be defined in the option. Timeine component will use this value as
padding-top for headers which allows headers start in the right position, even with multiple
top axises.
(Timeline.CanvasSeriesComponent):
(prototype.Timeline.CanvasContainer):

2:30 PM Changeset in webkit [248133] by keith_miller@apple.com

• 3 edits in trunk/Source/JavaScriptCore

Fix bug in testMulImm32SignExtend
​https://bugs.webkit.org/show_bug.cgi?id=200358

Reviewed by Mark Lam.

Also, have it run in more configurations.

• b3/testb3_2.cpp:

(testMulImm32SignExtend):

• b3/testb3_3.cpp:

(addArgTests):

1:35 PM Changeset in webkit [248132] by Ryan Haddad

• 3 edits in branches/safari-608-branch/LayoutTests

Cherry-pick r248111. rdar://problem/53829560

Removing expectations for tests that are now consistently passing

Unreviewed test gardening.

• platform/mac-wk1/TestExpectations:
• platform/mac/TestExpectations:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248111 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:27 PM Changeset in webkit [248131] by Ryan Haddad

• 3 edits in branches/safari-608.1-branch/LayoutTests

Cherry-pick r247919. rdar://problem/48616298

Unreviewed test gardening, update expectations for rdar://problem/48616298.

• platform/ios-wk2/TestExpectations: The fast/viewport/ios directory is marked as passing in this file, which was overriding the entries in the 'ios' file.
• platform/ios/TestExpectations:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@247919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:26 PM Changeset in webkit [248130] by Ryan Haddad

• 3 edits in branches/safari-608-branch/LayoutTests

Cherry-pick r247919. rdar://problem/48616298

Unreviewed test gardening, update expectations for rdar://problem/48616298.

• platform/ios-wk2/TestExpectations: The fast/viewport/ios directory is marked as passing in this file, which was overriding the entries in the 'ios' file.
• platform/ios/TestExpectations:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@247919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:23 PM Changeset in webkit [248129] by timothy_horton@apple.com

• 2 edits in trunk/Source/WebKit

REGRESSION: HSBC Personal Banking download/print dialog is usually positioned off screen on iPad
​https://bugs.webkit.org/show_bug.cgi?id=200356
<rdar://problem/51885199>

Reviewed by Beth Dakin.

• UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::desktopClassBrowsingRecommendedForRequest):
Add HSBC domains to the list of sites that recommend mobile mode by default.

1:23 PM Changeset in webkit [248128] by Ryan Haddad

• 2 edits in branches/safari-608-branch/Tools

Cherry-pick r248116. rdar://problem/53829168

Improve flakiness of SOAuthorizationRedirect tests
​https://bugs.webkit.org/show_bug.cgi?id=200320
<rdar://problem/53767057>

Reviewed by Alex Christensen.

This patch replaces Util::sleep(0.5) in tests that expect a SOAuthorization session to wait when the corresponding WKWebView
is out of the window with a more precise boolean indicator: navigationPolicyDecided. The new boolean indicator is working and
better because the authorizationPerformed should be set in the same runloop when NavigationState::decidePolicyForNavigationAction
is executed.

• TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm: (-[TestSOAuthorizationDelegate webView:decidePolicyForNavigationAction:decisionHandler:]): (resetState): (TestWebKitAPI::TEST):

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:17 PM Changeset in webkit [248127] by Ryan Haddad

• 2 edits in branches/safari-608.1-branch/Tools

Cherry-pick r248072. rdar://problem/52355829

Unreviewed test gardening, disable failing test for rdar://52355829.

• TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm: (TEST):

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:17 PM Changeset in webkit [248126] by Ryan Haddad

• 2 edits in branches/safari-608.1-branch/Tools

Cherry-pick r248082. rdar://problem/51752593

Unreviewed test gardening, disable failing test for rdar://51752593.

• TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:15 PM Changeset in webkit [248125] by Ryan Haddad

• 2 edits in branches/safari-608-branch/Tools

Cherry-pick r248072. rdar://problem/52355829

Unreviewed test gardening, disable failing test for rdar://52355829.

• TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm: (TEST):

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:14 PM Changeset in webkit [248124] by Ryan Haddad

• 2 edits in branches/safari-608-branch/Tools

Cherry-pick r248082. rdar://problem/51752593

Unreviewed test gardening, disable failing test for rdar://51752593.

• TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:12 PM Changeset in webkit [248123] by Ryan Haddad

• 8 edits
  7 copies
  53 adds in branches/safari-608.1-branch/LayoutTests

Cherry-pick r248017. rdar://problem/52956165

Add test expectations and baselines for iPad
​https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

• platform/ipad-12/TestExpectations: Added.
• platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
• platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
• platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
• platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
• platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
• platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
• platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
• platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
• platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
• platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
• platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
• platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
• platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
• platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
• platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
• platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
• platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
• platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:09 PM Changeset in webkit [248122] by Ryan Haddad

• 8 edits
  7 copies
  53 adds in branches/safari-608-branch/LayoutTests

Cherry-pick r248017. rdar://problem/52956165

Add test expectations and baselines for iPad
​https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

• platform/ipad-12/TestExpectations: Added.
• platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
• platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
• platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
• platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
• platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
• platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
• platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
• platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
• platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
• platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
• platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
• platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
• platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
• platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
• platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
• platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
• platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
• platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
• platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
• platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
• platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

git-svn-id: ​http://svn.webkit.org/repository/webkit/trunk@248017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12:53 PM Changeset in webkit [248121] by Chris Dumez

• 5 edits in trunk/Source/WebKit

Crash under WebProcessProxy::didBecomeUnresponsive()
​https://bugs.webkit.org/show_bug.cgi?id=200346
<rdar://problem/53795984>

Reviewed by Geoffrey Garen.

Make sure the BackgroundProcessResponsivenessTimer / ResponsivenessTimer ref their client
while they call mayBecomeUnresponsive() / willChangeIsResponsive() / didChangeIsResponsive()
/ didBecomeUnresponsive() on their client, in case calling one of these ends up destroying
the client.

• UIProcess/BackgroundProcessResponsivenessTimer.cpp:

(WebKit::BackgroundProcessResponsivenessTimer::setResponsive):

• UIProcess/ResponsivenessTimer.cpp:

(WebKit::ResponsivenessTimer::timerFired):

• UIProcess/ResponsivenessTimer.h:
• UIProcess/WebProcessProxy.h:

12:52 PM Changeset in webkit [248120] by Ryan Haddad

• 6 edits in branches/safari-608.1-branch/LayoutTests

Cherry-pick layout test changes for r247866. rdar://problem/53648067

Unable to tap/double tap to open files/folders in Google Drive in Safari
​https://bugs.webkit.org/show_bug.cgi?id=200096
<rdar://problem/52748552>

Reviewed by Wenson Hsieh.

1. Rebaseline (progression).
2. Payment request tests activate elements by tapping on them at a high speed, triggering double clicks instead. Let's slow them down a bit.

• fast/events/touch/ios/double-tap-for-double-click3-expected.txt:
• http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
• http/tests/resources/payment-request.js: (activateThen):
• resources/ui-helper.js: (window.UIHelper.activateElementAtHumanSpeed.return.new.Promise): (window.UIHelper.activateElementAtHumanSpeed):
• tests-options.json:

12:50 PM Changeset in webkit [248119] by Ryan Haddad

• 6 edits in branches/safari-608-branch/LayoutTests

Cherry-pick layout test changes for r247866. rdar://problem/53648067

Unable to tap/double tap to open files/folders in Google Drive in Safari
​https://bugs.webkit.org/show_bug.cgi?id=200096
<rdar://problem/52748552>

Reviewed by Wenson Hsieh.

1. Rebaseline (progression).
2. Payment request tests activate elements by tapping on them at a high speed, triggering double clicks instead. Let's slow them down a bit.

• fast/events/touch/ios/double-tap-for-double-click3-expected.txt:
• http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
• http/tests/resources/payment-request.js: (activateThen):
• resources/ui-helper.js: (window.UIHelper.activateElementAtHumanSpeed.return.new.Promise): (window.UIHelper.activateElementAtHumanSpeed):
• tests-options.json:

12:43 PM Changeset in webkit [248118] by pvollan@apple.com

• 2 edits in trunk/Source/WTF

Initialize memory pressure flag in MemoryPressureHandler
​https://bugs.webkit.org/show_bug.cgi?id=200353

Reviewed by Geoffrey Garen.

The flag 'm_underMemoryPressure' in MemoryPressureHandler should be initialized to 'false'.

• wtf/MemoryPressureHandler.h:

12:43 PM Changeset in webkit [248117] by commit-queue@webkit.org

• 2 edits in trunk/Tools

results.webkit.org: Collision detection for dots is off by 2 * dotMargin
​https://bugs.webkit.org/show_bug.cgi?id=200347

Patch by Zhifei Fang <​zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

• resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(Timeline.CanvasSeriesComponent): Need to change it to dotMargin + radius other than use a fixed 3 * radius, which is for the old wide timeline

12:32 PM Changeset in webkit [248116] by jiewen_tan@apple.com

• 2 edits in trunk/Tools

Improve flakiness of SOAuthorizationRedirect tests
​https://bugs.webkit.org/show_bug.cgi?id=200320
<rdar://problem/53767057>

Reviewed by Alex Christensen.

This patch replaces Util::sleep(0.5) in tests that expect a SOAuthorization session to wait when the corresponding WKWebView
is out of the window with a more precise boolean indicator: navigationPolicyDecided. The new boolean indicator is working and
better because the authorizationPerformed should be set in the same runloop when NavigationState::decidePolicyForNavigationAction
is executed.

• TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(-[TestSOAuthorizationDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(resetState):
(TestWebKitAPI::TEST):

12:12 PM Changeset in webkit [248115] by Ross Kirsling

• 39 edits
  31 copies
  58 moves
  234 adds in trunk/JSTests

Update Test262 (2019.08.01)
​https://bugs.webkit.org/show_bug.cgi?id=200351

Reviewed by Keith Miller.

• test262/expectations.yaml:
• test262/harness/testIntl.js:
• test262/latest-changes-summary.txt:
• test262/test/:
• test262/test262-Revision.txt:

12:03 PM Changeset in webkit [248114] by Alan Coon

• 2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r248085. rdar://problem/53825741

WKImagePreviewViewController not being autoreleased
​https://bugs.webkit.org/show_bug.cgi?id=200325
<rdar://problem/53788214>

Reviewed by Wenson Hsieh.

Wenson noticed I wasn't autoreleasing the WKImagePreviewViewController.

• UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView continueContextMenuInteraction:]):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@248085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:38 AM Changeset in webkit [248113] by Chris Dumez

• 2 edits in trunk/Source/WTF

Add threading assertion to WeakPtr's operator->()
​https://bugs.webkit.org/show_bug.cgi?id=199922

Reviewed by Ryosuke Niwa.

Add threading assertion to WeakPtr's operator->() to make sure that the WeakPtr
always gets dereferenced on the same thread it was constructed on.

• wtf/WeakPtr.h:

(WTF::WeakPtrImpl::get):
(WTF::WeakPtrImpl::WeakPtrImpl):

11:32 AM Changeset in webkit [248112] by Wenson Hsieh

• 8 edits
  2 adds in trunk

[Text autosizing] [iPadOS] Add targeted hacks to address some remaining text autosizing issues
​https://bugs.webkit.org/show_bug.cgi?id=200271
<rdar://problem/51734741>

Reviewed by Zalan Bujtas.

Source/WebCore:

Makes some targeted adjustments to the text autosizing heuristic, to ensure compatibility with several high-
profile websites. See changes below for more detail.

Tests: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html

fast/text-autosizing/ios/idempotentmode/line-height-boosting.html

• css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyleForTextAutosizing):

Avoid clipped sidebar links on sohu.com by not performing line-height boosting in the case where the element
probably has a small, fixed number of lines. See below for more detail. Additionally, don't attempt to adjust
the line height using the boosted font size, in the case where the element is not a candidate for idempotent
text autosizing.

• rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const):

Make various targeted hacks to fix a few websites:

• Add a special case for top navigation bar links on yandex.ru, where line height greatly exceeds the

specified font size.

• Avoid boosting some related video links on v.youku.com by considering the line-clamp CSS property when

determining the maximum number of lines of text an element is expected to contain.

• Avoid boosting some front page links on asahi.com, which have non-repeating background images.

• Add several other adjustments to more aggressively boost pieces of text on Google search results, such as

taking the word-break CSS property into account.

The bottom few pixels of sidebar links on naver.com are also no longer clipped after these changes.

• rendering/style/TextSizeAdjustment.cpp:

(WebCore::AutosizeStatus::probablyContainsASmallFixedNumberOfLines):

Pulls out a piece of the heuristic added to fix sephora.com in r247467 out into a separate helper method. To
recap, this heuristic identifies elements with both a fixed height and fixed line height, for which the fixed
height is close to an integer multiple of the line height.

Also makes several small tweaks in the process: (1) change the max difference between fixed line height and
font size from 6 to 5 to ensure that some multiline caption text on Google search results is boosted, and (2)
replace usages of lineHeight() with specifiedLineHeight(), which current prevents this function from being
truly idempotent.

(WebCore::AutosizeStatus::updateStatus):

• rendering/style/TextSizeAdjustment.h:

LayoutTests:

Add tests to cover some changes to line height boosting and the idempotent text autosizing candidate heuristic.

• fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases-expected.txt: Added.
• fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html: Added.
• fast/text-autosizing/ios/idempotentmode/line-height-boosting-expected.txt:
• fast/text-autosizing/ios/idempotentmode/line-height-boosting.html:

11:29 AM Changeset in webkit [248111] by Truitt Savell

• 3 edits in trunk/LayoutTests

Removing expectations for tests that are now consistently passing

Unreviewed test gardening.

• platform/mac-wk1/TestExpectations:
• platform/mac/TestExpectations:

11:02 AM Changeset in webkit [248110] by Dewei Zhu

• 2 edits in trunk/Websites/perf.webkit.org

Dashboard should defaults to first dashboard page when summary page is not available.
​https://bugs.webkit.org/show_bug.cgi?id=200180

Reviewed by Ryosuke Niwa.

Fix a bug that charts page will become the default when there is no summary page but there
is at least one dashboard page.

• public/v3/main.js: Charts page and analysis category page should not be considered as summay pages.

(main):

10:55 AM Changeset in webkit [248109] by Alan Coon

• 6 edits
  1 move in branches/safari-608.1-branch

Cherry-pick r248095. rdar://problem/53820663

REGRESSION (r240942): first visually non-empty layout milestone is not reached in media documents until after the video finishes loading
​https://bugs.webkit.org/show_bug.cgi?id=200293
<rdar://problem/52937749>

Reviewed by Alex Christensen.

Source/WebCore:

r240942 changed FrameView::qualifiesAsVisuallyNonEmpty() to consider only documents in the
Interactive or Complete ready states as "finished parsing". Documents considered finished
parsing can qualify as visually non-empty even without exceeding the visual character or
pixel thresholds, but documents considered not finished must first exceed one of these
thresholds in order to qualify as visually non-empty.

HTMLDocuments are placed in the Interactive ready state by their HTMLDocumentParsers.
However, HTMLDocument subclasses like ImageDocument and MediaDocument use their own custom
parsers that never set the Interactive ready state on their documents; these documents go
from Loading directly to Complete.

In order for these HTMLDocument subclasses to be considered visually non-empty before they
finish loading they must render something that exceeds the visual character or pixel
thresholds. For image documents, rendering the image is usually enough to cross the
threshold, but for media documents the visual pixel threshold was never crossed because
videos did not contribute to the visually non-empty pixel count.

As a result, media documents are not considered visually non-empty until the main resource
finishes loading. On iOS this means that the layer tree remains frozen until this point,
even though the media might have started autoplaying with audio long before it finished
loading.

Fix this by teaching RenderVideo to contribute the video player's size to FrameView's
visually non-empty pixel count once the video player has loaded enough data to determine its
intrinsic size. Videos that render more than 1024 pixels will qualify a media document as
visually non-empty even when it is still loading its main resource.

Added a new API test.

• rendering/RenderImage.cpp: (WebCore::RenderImage::imageChanged): (WebCore::RenderImage::incrementVisuallyNonEmptyPixelCountIfNeeded):
• rendering/RenderImage.h:
• rendering/RenderVideo.cpp: (WebCore::RenderVideo::updateIntrinsicSize):

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/FirstVisuallyNonEmptyMilestone.mm: Renamed from Tools/TestWebKitAPI/Tests/WebKit/FirstVisuallyNonEmptyMilestoneWithDeferredScript.mm. (-[FirstPaintMessageHandler userContentController:didReceiveScriptMessage:]): (-[RenderingProgressNavigationDelegate _webView:renderingProgressDidChange:]): (-[RenderingProgressNavigationDelegate webView:didFinishNavigation:]): (TEST):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@248095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:55 AM Changeset in webkit [248108] by Alan Coon

• 2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247905. rdar://problem/53820893

Possible use-after-move under NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated()
​https://bugs.webkit.org/show_bug.cgi?id=200225

Reviewed by Brent Fulgham.

The code was WTFMove()-ing the method parameter inside of a loop, which means that it could
move it several times. Instead of copying the parameters, I opted into sending the statistics
only to the network session that matches this WebProcess connection.

• NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@247905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:55 AM Changeset in webkit [248107] by Alan Coon

• 5 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247784. rdar://problem/53820819

Crash under WebKit:WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsMemoryStore::updateCookieBlocking(WTF::CompletionHandler<void ()>&&)::$_32::operator()()::'lambda'(), void>::call
​https://bugs.webkit.org/show_bug.cgi?id=200071
<rdar://problem/53335583>

Reviewed by Brent Fulgham and Youenn Fablet.

The WebResourceLoadStatisticsStore is a main thread object. In its destructor, it was dispatching
to the background queue to destroy the m_statisticsStore / m_persistentStorage data members, which
live on the background queue. It would then synchronously wait for the background queue to finish
destroying them. The idea was to guarantee that the ResourceLoadStatisticsMemoryStore and the
ResourceLoadStatisticsPersistentStorage would never outlive the WebResourceLoadStatisticsStore,
given that they keep a raw pointer back to the WebResourceLoadStatisticsStore (via m_store data
member).

The issue is that *while* the WebResourceLoadStatisticsStore destructor is running on the main
thread, the background queue may be running code in ResourceLoadStatisticsMemoryStore or
ResourceLoadStatisticsPersistentStorage which refs the WebResourceLoadStatisticsStore, even
though its ref count has already reached 0. It is actually a common pattern in
ResourceLoadStatisticsMemoryStore to call RunLoop::main().dispatch() and ref their m_store in
the lambda, so that they can interact with the WebResourceLoadStatisticsStore.

To address the issue, we now destroy m_statisticsStore / m_persistentStorage *before* the
WebResourceLoadStatisticsStore destructor runs. The NetworkSession destructor now calls
WebResourceLoadStatisticsStore::didDestroyNetworkSession() which takes care of destroying
m_statisticsStore / m_persistentStorage on the background queue, synchronously. The
WebResourceLoadStatisticsStore destructor will only run later, once all remaining references
to it are gone.

• NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp: (WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): (WebKit::WebResourceLoadStatisticsStore::didDestroyNetworkSession):
• NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
• NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::~NetworkSession):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@247784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:52 AM Changeset in webkit [248106] by Keith Rollin

• 4 edits
  2 adds in trunk/Tools

Update TestWebKitAPI for XCBuild
​https://bugs.webkit.org/show_bug.cgi?id=200311
<rdar://problem/53773804>

Reviewed by Alex Christensen.

Bug 199728 (svn 247402) updated TestWebKitAPI to use the unified-build
technique. Now update WebKitLegacy to build under XCBuild after those
changes. This work involves adding an "Apply Configuration to
XCFileLists" build target, adding a check-xcfilelists.sh script,
adding a "Check xcfilelists" build phase that calls that script,
adding knowledge of the project to the generate-xcfilelists script,
creating new .xcfilelist files, and adding those to the project.

• Scripts/webkitpy/generate_xcfilelists_lib/application.py:

(Application.init):

• Scripts/webkitpy/generate_xcfilelists_lib/generators.py:

(WebKitTestRunnerGenerator._get_generate_derived_sources_script):
(TestWebKitAPIGenerator):
(TestWebKitAPIGenerator._get_project_file_path):
(TestWebKitAPIGenerator._get_generate_unified_sources_script):

• TestWebKitAPI/Scripts/check-xcfilelists.sh: Added.
• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/UnifiedSources-output.xcfilelist: Added.

10:13 AM Changeset in webkit [248105] by mark.lam@apple.com

• 8 edits in trunk/Source

Rename DOMJIT safe/unsafeFunction to functionWithTypeChecks and functionWithoutTypeChecks.
​https://bugs.webkit.org/show_bug.cgi?id=200323

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

The DOMJIT has a notion of a safeFunction and an unsafeFunction. The safeFunction
is effectively the same as the unsafeFunction with added type check. The DFG/FTL
will emit code to call the unsafeFunction if it has already emitted the needed
type check or proven that it isn't needed. Otherwise, the DFG/FTL will emit
code to call the safeFunction (which does its own type check) instead.

This patch renames these functions to better describe their difference.

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOM):

• domjit/DOMJITSignature.h:

(JSC::DOMJIT::Signature::Signature):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):

• tools/JSDollarVM.cpp:

(JSC::DOMJITFunctionObject::functionWithTypeCheck):
(JSC::DOMJITFunctionObject::functionWithoutTypeCheck):
(JSC::DOMJITFunctionObject::finishCreation):
(JSC::DOMJITCheckSubClassObject::functionWithTypeCheck):
(JSC::DOMJITCheckSubClassObject::functionWithoutTypeCheck):
(JSC::DOMJITCheckSubClassObject::finishCreation):
(JSC::DOMJITFunctionObject::safeFunction): Deleted.
(JSC::DOMJITFunctionObject::unsafeFunction): Deleted.
(JSC::DOMJITCheckSubClassObject::safeFunction): Deleted.
(JSC::DOMJITCheckSubClassObject::unsafeFunction): Deleted.

Source/WebCore:

No new tests. This is just a refactoring exercise.

• bindings/scripts/CodeGeneratorJS.pm:

(GetArgumentTypeForFunctionWithoutTypeCheck):
(GenerateImplementation):
(GenerateOperationDefinition):
(ToNativeForFunctionWithoutTypeCheck):
(GetUnsafeArgumentType): Deleted.
(UnsafeToNative): Deleted.

• bindings/scripts/test/JS/JSTestDOMJIT.cpp:

(WebCore::jsTestDOMJITPrototypeFunctionGetAttributeWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionItemWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionHasAttributeWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementByIdWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementsByNameWithoutTypeCheck):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetAttribute): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionItem): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionHasAttribute): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementById): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementsByName): Deleted.

9:17 AM Changeset in webkit [248104] by youenn@apple.com

• 8 edits
  3 adds in trunk

UserMediaPermissionRequestManagerProxy should not use audio+video denied requests to deny audio-only or video-only requests
​https://bugs.webkit.org/show_bug.cgi?id=200317

Reviewed by Eric Carlson.

Source/WebKit:

Only match audio+video denied requests with new audio+video requests.
That will ensure that audio can still be captured if user denied access to the camera through preferences
and website started with a getUserMedia({audio: true, video: true}) call.
Covered by added API test.

• UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::wasRequestDenied):

Tools:

• TestWebKitAPI/Tests/WebKit/getUserMediaAudioVideoCapture.html: Added
• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKit/GetUserMediaReprompt.mm:

(-[GetUserMediaOnlyAudioUIDelegate _webView:requestMediaCaptureAuthorization:decisionHandler:]):
(-[GetUserMediaOnlyAudioUIDelegate _webView:checkUserMediaPermissionForURL:mainFrameURL:frameIdentifier:decisionHandler:]):
(TestWebKitAPI::TEST):

LayoutTests:

Update existing test with new behavior.
Added new test for the case where video is blocked but not audio.

• fast/mediastream/getUserMedia-deny-persistency3-expected.txt:
• fast/mediastream/getUserMedia-deny-persistency3.html:
• fast/mediastream/getUserMedia-deny-persistency4-expected.txt: Added.
• fast/mediastream/getUserMedia-deny-persistency4.html: Added.

8:14 AM Changeset in webkit [248103] by aakash_jain@apple.com

• 2 edits in trunk/Tools

New EWS: Cannot see build status page when patch is waiting for tester
​https://bugs.webkit.org/show_bug.cgi?id=200333

Reviewed by Jonathan Bedard.

• BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble): While patch hasn't started processing on tester queue, display build information from builder queue.

7:21 AM Changeset in webkit [248102] by Carlos Garcia Campos

• 15 edits
  38 adds in trunk

[SOUP] WebSockets: add support for extensions when using web sockets libsoup API
​https://bugs.webkit.org/show_bug.cgi?id=199943

Reviewed by Alex Christensen.

Source/WebCore:

Add SOUP_TYPE_WEBSOCKET_EXTENSION_MANAGER feature to the soup session to enable WebSocket extensions.

Tests: http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff.html

http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits.html

• platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

Source/WebKit:

• NetworkProcess/NetworkSocketChannel.cpp:

(WebKit::NetworkSocketChannel::didConnect): Add extensions parameter and pass it to the IPC message.

• NetworkProcess/NetworkSocketChannel.h:
• NetworkProcess/cocoa/WebSocketTaskCocoa.mm:

(WebKit::WebSocketTask::didConnect): Pass empty extensions string.

• NetworkProcess/soup/WebSocketTaskSoup.cpp:

(WebKit::WebSocketTask::acceptedExtensions const): Build the accepted extensions string.
(WebKit::WebSocketTask::didConnect): Pass accepted extensions to NetworkSocketChannel::didConnect().

• NetworkProcess/soup/WebSocketTaskSoup.h:
• WebProcess/Network/WebSocketChannel.cpp:

(WebKit::WebSocketChannel::extensions): Return the extensions string received from the network process.
(WebKit::WebSocketChannel::didConnect): Save the extensions string.

• WebProcess/Network/WebSocketChannel.h:
• WebProcess/Network/WebSocketChannel.messages.in:

LayoutTests:

Add new tests for permessage-deflate imported from blink and rebaseline existing tests.

• TestExpectations: Skip permessage-deflate tests by default.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter_wsh.py: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-manual_wsh.py: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames_wsh.py: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response_wsh.py: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits.html: Added.
• http/tests/websocket/tests/hybi/imported/blink/permessage-deflate_wsh.py: Added.
• platform/gtk/TestExpectations: Enable permessage-deflate tests.
• platform/gtk/http/tests/websocket/tests/hybi/deflate-frame-invalid-parameter-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/deflate-frame-parameter-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/extensions-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits-expected.txt: Added.
• platform/wpe/TestExpectations: Enable permessage-deflate tests.
• platform/wpe/http/tests/websocket/tests/hybi/deflate-frame-invalid-parameter-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/deflate-frame-parameter-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/extensions-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits-expected.txt: Added.

7:05 AM Changeset in webkit [248101] by Chris Dumez

• 2 edits in trunk/Source/WebCore

[iOS][WK1] Unsafe unsafe of WeakPtr<Document> from UIThread under PlaybackSessionInterfaceAVKit::PlaybackSessionInterfaceAVKit()
​https://bugs.webkit.org/show_bug.cgi?id=200324

Reviewed by Ryosuke Niwa.

The Document is a WebThread object, but a WeakPtr<Document> was dereferenced from the
UIThread in HTMLMediaElement::supportsSeeking(), from the PlaybackSessionInterfaceAVKit
constructor. To address the issue we now grab the WebThread lock before constructing
the PlaybackSessionInterfaceAVKit.

• platform/ios/WebVideoFullscreenControllerAVKit.mm:

(VideoFullscreenControllerContext::setUpFullscreen):

6:36 AM Changeset in webkit [248100] by commit-queue@webkit.org

• 2 edits in trunk/Source/ThirdParty/libwebrtc

Fix libwebrtc build with Linux 5.2 headers
​https://bugs.webkit.org/show_bug.cgi?id=200342

Patch by Loïc Yhuel <​loic.yhuel@softathome.com> on 2019-08-01
Reviewed by Eric Carlson.

We need to include linux/sockios.h for SIOCGSTAMP.
Take upstream fix from ​https://bugs.chromium.org/p/webrtc/issues/detail?id=10677.

• Source/webrtc/rtc_base/physicalsocketserver.cc:

4:46 AM Changeset in webkit [248099] by Carlos Garcia Campos

• 14 edits
  176 adds
  4 deletes in trunk

[SOUP] Switch to use libsoup WebSockets API
​https://bugs.webkit.org/show_bug.cgi?id=200162

Reviewed by Michael Catanzaro.

Source/WebCore:

Use the libsoup WebSockets API unconditionally for libsoup based ports.

• Modules/websockets/ThreadableWebSocketChannel.cpp:

(WebCore::ThreadableWebSocketChannel::create): Do not check the env var anymore.

• platform/SourcesSoup.txt:
• platform/network/SocketStreamHandleImpl.cpp:
• platform/network/StorageSessionProvider.h:
• platform/network/soup/SocketStreamHandleImpl.h:
• platform/network/soup/SocketStreamHandleImplSoup.cpp: Removed.

Source/WebKit:

Remove temporary method added for old WebSockets implementation.

• NetworkProcess/NetworkStorageSessionProvider.h:

Tools:

Update libsoup version to 2.67.90.

• gtk/jhbuild.modules:
• wpe/jhbuild.modules:

LayoutTests:

• platform/gtk/TestExpectations:
• platform/gtk/http/tests/websocket/tests/hybi/broken-utf8-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/close-before-open-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/close-code-and-reason-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/close-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/compressed-control-frame-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/fragmented-control-frame-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-error-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/interleaved-fragments-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/invalid-continuation-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/invalid-encode-length-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/invalid-masked-frames-from-server-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/long-control-frame-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/long-invalid-header-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/network-process-crash-error-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/reserved-bits-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/reserved-opcodes-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/secure-cookie-secure-connection-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/send-object-tostring-check-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/too-long-payload-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/websocket-allowed-setting-cookie-as-third-party-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/websocket-event-target-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/workers/close-code-and-reason-expected.txt: Added.
• platform/gtk/http/tests/websocket/tests/hybi/workers/close-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt: Removed.
• platform/gtk/imported/w3c/web-platform-tests/pointerevents/pointerevent_touch-action-illegal-expected.txt: Removed.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any.worker-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Send-65K-data.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Send-binary-65K-arraybuffer.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Send-binary-arraybuffer.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Send-data.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/Send-paired-surrogates.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/basic-auth.any-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/basic-auth.any.worker-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/closing-handshake/003-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/cookies/004-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-arraybuffer-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-blob-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-deleting-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-large-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-unicode-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-multiple-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-nested-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-return-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/017-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/018-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/019-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/readyState/003-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/001-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/003-sets-origin.worker-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/005-expected.txt: Added.
• platform/gtk/imported/w3c/web-platform-tests/websockets/security/001-expected.txt: Added.
• platform/gtk/js/intl-datetimeformat-expected.txt: Removed.
• platform/wpe/TestExpectations:
• platform/wpe/http/tests/websocket/tests/hybi/broken-utf8-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/close-before-open-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/close-code-and-reason-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/close-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/compressed-control-frame-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/fragmented-control-frame-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-error-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/interleaved-fragments-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/invalid-continuation-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/invalid-encode-length-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/invalid-masked-frames-from-server-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/long-control-frame-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/long-invalid-header-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/network-process-crash-error-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/reserved-bits-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/reserved-opcodes-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/secure-cookie-secure-connection-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/send-object-tostring-check-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/too-long-payload-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/websocket-allowed-setting-cookie-as-third-party-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/websocket-event-target-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/workers/close-code-and-reason-expected.txt: Added.
• platform/wpe/http/tests/websocket/tests/hybi/workers/close-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any.worker-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Send-65K-data.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Send-binary-65K-arraybuffer.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Send-binary-arraybuffer.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Send-data.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/Send-paired-surrogates.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/basic-auth.any-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/basic-auth.any.worker-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/closing-handshake/003-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/cookies/004-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-arraybuffer-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-blob-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-deleting-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-large-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-unicode-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-multiple-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-nested-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-return-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/017-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/018-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/019-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/readyState/003-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/001-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/003-sets-origin.worker-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/005-expected.txt: Added.
• platform/wpe/imported/w3c/web-platform-tests/websockets/security/001-expected.txt: Added.