Context Navigation

← Previous Period
Next Period →

Timeline

Aug 6, 2019:

11:53 PM Changeset in webkit [248361] by Kocsen Chung

5 edits
1 delete in branches/safari-608.1-branch

Cherry-pick r248037. rdar://problem/54018119

AX: Re-enable accessibility/set-selected-text-range-after-newline.html test.
https://bugs.webkit.org/show_bug.cgi?id=199431
<rdar://problem/52563340>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-31
Reviewed by Chris Fleizach.

Source/WebCore:

Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html.
Put back workaround in visiblePositionForIndexUsingCharacterIterator that is needed for several accessibility issues.
This workaround was rolled back because it was thought the cause of: https://bugs.webkit.org/show_bug.cgi?id=199434 It turned out that the actual cause of that hang was unrelated and was fixed in: https://bugs.webkit.org/show_bug.cgi?id=199845

editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator):

LayoutTests:

TestExpectations:
accessibility/ios-simulator/set-selected-text-range-after-newline.html: Removed because it was the same as the one in the parent accessibility directory, so enabling it for iOS in ios-wk2/TestExpectations.
platform/ios-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:53 PM Changeset in webkit [248360] by Kocsen Chung

4 edits in branches/safari-608.1-branch/Source

Cherry-pick r248330. rdar://problem/54018116

Context menu on a universal link produces a blank preview
https://bugs.webkit.org/show_bug.cgi?id=200485
<rdar://problem/53699620>

Reviewed by Dean Jackson.

Source/WebCore/PAL:

Define iTunesStoreURL from CoreServices.

pal/spi/cocoa/LaunchServicesSPI.h:

Source/WebKit:

If the context menu is activated on an iTunesStore URL, pass it
on to DataDetectors, who should know how to handle it.

Two drive-by fixes:

make it clear that early returns do not produce a value. Instead call the completion handler first, then return.
The new API DataDetectors case doesn't need to worry about hiding link previews as DataDetectors itself will handle that.

UIProcess/ios/WKContentViewInteraction.mm: If the URL is an iTunesStoreURL (as defined by CoreServices), let DataDetectors handle it. (-[WKContentView assignLegacyDataForContextMenuInteraction]): (-[WKContentView continueContextMenuInteraction:]): (-[WKContentView continueContextMenuInteractionWithDataDetectors:]): New method to use DataDetectors if possible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:53 PM Changeset in webkit [248359] by Kocsen Chung

7 edits
4 adds in branches/safari-608.1-branch

Cherry-pick r248265. rdar://problem/54017843

Ping loads should not prevent page caching
https://bugs.webkit.org/show_bug.cgi?id=200418
<rdar://problem/53901632>

Reviewed by Darin Adler.

Source/WebCore:

We normally prevent page caching if there were any pending subresource loads when navigating,
to avoid caching partial / broken content. However, this should not apply to Ping / Beacon
loads since those do not impact page rendering and can outlive the page.

Tests: http/tests/navigation/page-cache-pending-ping-load-cross-origin.html

http/tests/navigation/page-cache-pending-ping-load-same-origin.html

history/PageCache.cpp: (WebCore::PageCache::addIfCacheable): After we've fired the 'pagehide' event in each frame, stop all the loads again. This is needed since pages are allowed to start ping / beacon loads in their 'pagehide' handlers. If we do not stop those loads, then the next call to canCachePage() would fail because the DocumentLoader is still loading. Note that we're not actually preventing these ping loads from hitting the server since we never cancel page loads and those can outlive their page.

loader/DocumentLoader.cpp: (WebCore::shouldPendingCachedResourceLoadPreventPageCache): (WebCore::areAllLoadersPageCacheAcceptable): Make sure that Ping / Beacon / Prefetches / Icon loads do not prevent page caching.

(WebCore::DocumentLoader::addSubresourceLoader):
Tweak assertion that was incorrect since we actually allow ping / beacon loads when the
document is about to enter PageCache (while firing pagehide event).

Tools:

Add TestOption to enable PageCache at UIProcess-level so that we can test
page caching when navigating cross-origin with PSON enabled.

WebKitTestRunner/TestController.cpp: (WTR::TestController::resetPreferencesToConsistentValues): (WTR::updateTestOptionsFromTestHeader):
WebKitTestRunner/TestOptions.h: (WTR::TestOptions::hasSameInitializationOptions const):

LayoutTests:

Add layout test coverage.

http/tests/navigation/page-cache-pending-ping-load-cross-origin-expected.txt: Added.
http/tests/navigation/page-cache-pending-ping-load-cross-origin.html: Added.
http/tests/navigation/page-cache-pending-ping-load-same-origin-expected.txt: Added.
http/tests/navigation/page-cache-pending-ping-load-same-origin.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:53 PM Changeset in webkit [248358] by Kocsen Chung

5 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r248148. rdar://problem/54017841

Pages using MessagePorts should be PageCacheable
https://bugs.webkit.org/show_bug.cgi?id=200366
<rdar://problem/53837882>

Reviewed by Geoffrey Garen.

Source/WebCore:

Allow a page to enter PageCache, even if it has MessagePorts (potentially with
pending messages). If there are pending messages on the MessagePorts when
entering PageCache, those will get dispatched upon restoring from PageCache.

Test: fast/history/page-cache-MessagePort-pending-message.html

dom/MessagePort.cpp: (WebCore::MessagePort::messageAvailable): (WebCore::MessagePort::dispatchMessages): Do not dispatch messages while in PageCache.

(WebCore::MessagePort::canSuspendForDocumentSuspension const):
Allow pages with MessagePort objects to enter PageCache.

dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::resumeActiveDOMObjects): Make sure pending messages on MessagePorts get dispatched asynchronously after restoring from PageCache.

loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): Make sure only CachedResources that are still loading upon load cancelation prevent entering PageCache.

LayoutTests:

Add layout test coverage.

fast/history/page-cache-MessagePort-pending-message-expected.txt: Added.
fast/history/page-cache-MessagePort-pending-message.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248357] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r248085. rdar://problem/54017902

WKImagePreviewViewController not being autoreleased
https://bugs.webkit.org/show_bug.cgi?id=200325
<rdar://problem/53788214>

Reviewed by Wenson Hsieh.

Wenson noticed I wasn't autoreleasing the WKImagePreviewViewController.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView continueContextMenuInteraction:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248356] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebCore

Cherry-pick r248028. rdar://problem/54017896

ASSERTion failure under takeSnapshot after r247846

page/TextIndicator.cpp: (WebCore::takeSnapshots): We now sometimes inflate the scale factor; allow this.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248028 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248355] by Kocsen Chung

6 edits in branches/safari-608.1-branch/Source

Cherry-pick r248018. rdar://problem/54017893

REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold
https://bugs.webkit.org/show_bug.cgi?id=200065
<rdar://problem/50912757>

Reviewed by Simon Fraser.

Source/WebCore:

Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which
has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed,
so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an
800 weight. According to the CSS font selection algorithm, sites that request a weight of 700
would get the 800 weight instead of the 600 weight, which caused the text to look too heavy.
Therefore, the apparent visual change is from a weight change from 600 to 800.

In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight

Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests to give them a weight of 600 instead of 700. This way, the lighter font will be used.

No new tests because quirks cannot be tested.

css/CSSFontSelector.cpp: (WebCore::resolveGenericFamily): (WebCore::CSSFontSelector::fontRangesForFamily):
page/Quirks.cpp: (WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const):
page/Quirks.h:

Source/WTF:

wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248354] by Kocsen Chung

3 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r248015. rdar://problem/54017889

Can't scroll on yummly.co.uk recipe (scale(0) div covers the content and hit-tests)
https://bugs.webkit.org/show_bug.cgi?id=200263
rdar://problem/53679408

Reviewed by Antti Koivisto.

Source/WebKit:

The content on this page had a scale(0) div overlaying an overflow:scroll element,
and our UI-side hit-testing code would find this scale(0) element, because apparently
-[UIView convertPoint:fromView:] will happily work with non-invertible matrices, and
-[UIView pointInside:withEvent:] just compares the point with the view bounds.

Since the view frame takes the transform into account, we can look for an empty frame
to detect these non-invertible transforms.

UIProcess/RemoteLayerTree/ios/RemoteLayerTreeViews.mm: (WebKit::collectDescendantViewsAtPoint):

LayoutTests:

fast/scrolling/ios/non-invertible-transformed-over-scroller-expected.txt: Added.
fast/scrolling/ios/non-invertible-transformed-over-scroller.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248015 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248353] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247920. rdar://problem/54017883

Contextual menu does not present when holding an embedded photo but works with link and attachments
https://bugs.webkit.org/show_bug.cgi?id=200239
<rdar://problem/53318733>

Reviewed by Tim Horton.

If the user long-pressed on an image, and the client implemented the new API but did
not provide a configuration, we were not falling back to the default behaviour of
giving a menu allowing the user to copy/share/save the image.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView continueContextMenuInteraction:]): If we get through the delegates, and the element is an image, return the default configuration.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248352] by Kocsen Chung

17 edits
2 moves in branches/safari-608.1-branch

Cherry-pick r247868. rdar://problem/54017876

[iOS] WebPage::TouchEventSync() & WebPage::GetPositionInformation() sync IPC causes UIProcess hangs
https://bugs.webkit.org/show_bug.cgi?id=200138
<rdar://problem/52698157>

Reviewed by Geoffrey Garen.

Source/WebKit:

Revert most of r247822 and use an alternative approach to address hangs. In this patch, the proposal
is to add a SendSyncOption::ForceDispatchWhenDestinationIsWaitingForUnboundedSyncReply flag on the
WebPage::TouchEventSync() & WebPage::GetPositionInformation() sendSync() calls in the UIProcess.
Those will cause this IPCs to get dispatched right away in the WebContent process, even if the
WebContent process is itself currently stuck on unbounded (i.e. potentially slow) synchronous IPC
(JS alerts / prompts & sync XHR). Because re-entering WebCore on sync IPC is generally unsafe, this
patch also updates the WebPage::getPositionInformation() & WebPage::touchEventSync() to return early
(i.e. cancelled) if they get called while the WebContent process is stuck on a slow sendSync.

This approach should address the UIProcess hangs caused by the WebPage::TouchEventSync() and
WebPage::GetPositionInformation() sync IPC messages when the WebContent process is busy on a slow XHR
or a JS prompt / alert. It should be safe because we do not re-enter WebCore. The only drawback is that
those IPCs will be cancelled (early return with default value) when the WebContent process is busy.
However, I am being told that this is likely acceptable in practice.

Platform/IPC/Connection.cpp: (IPC::Connection::SyncMessageState::processIncomingMessage): (IPC::Connection::sendMessage): (IPC::Connection::sendSyncMessage): (IPC::Connection::dispatchMessage):
Platform/IPC/Connection.h: (IPC::UnboundedSynchronousIPCScope::UnboundedSynchronousIPCScope): (IPC::UnboundedSynchronousIPCScope::~UnboundedSynchronousIPCScope): (IPC::UnboundedSynchronousIPCScope::hasOngoingUnboundedSyncIPC):
Platform/IPC/Decoder.cpp: (IPC::Decoder::shouldDispatchMessageWhenWaitingForSyncReply const):
Platform/IPC/Decoder.h:
Platform/IPC/Encoder.cpp: (IPC::Encoder::shouldDispatchMessageWhenWaitingForSyncReply const): (IPC::Encoder::setShouldDispatchMessageWhenWaitingForSyncReply): (IPC::Encoder::wrapForTesting):
Platform/IPC/Encoder.h:
Platform/IPC/MessageFlags.h:
UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::handleTouchEventSynchronously):
UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView ensurePositionInformationIsUpToDate:]):
WebProcess/Network/WebLoaderStrategy.cpp: (WebKit::WebLoaderStrategy::loadResourceSynchronously):
WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): (WebKit::WebChromeClient::runJavaScriptAlert): (WebKit::WebChromeClient::runJavaScriptConfirm): (WebKit::WebChromeClient::runJavaScriptPrompt):
WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::layerVolatilityTimerFired): (WebKit::WebPage::markLayersVolatile): (WebKit::WebPage::cancelMarkLayersVolatile): (WebKit::WebPage::touchEventSync): (WebKit::WebPage::didCompletePageTransition): (WebKit::WebPage::updatePreferences): (WebKit::WebPage::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
WebProcess/WebPage/WebPage.h: (WebKit::WebPage::sendSyncWithDelayedReply):
WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::getPositionInformation):

LayoutTests:

Update existing layout test accordingly.

fast/misc/{testProcessIncomingSyncMessagesWhenWaitingForUnboundedReply-expected.txt: Renamed from LayoutTests/fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply-expected.txt.
fast/misc/{testProcessIncomingSyncMessagesWhenWaitingForUnboundedReply.html: Renamed from LayoutTests/fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247868 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248351] by Kocsen Chung

4 edits in branches/safari-608.1-branch/Source/WebCore

Cherry-pick r247846. rdar://problem/54017896

Subpixel fringes around TextIndicator snapshots at non-integral scale factors
https://bugs.webkit.org/show_bug.cgi?id=200145

Reviewed by Simon Fraser.

page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRectWithClip):
page/FrameSnapshotting.h:
page/TextIndicator.cpp: (WebCore::snapshotOptionsForTextIndicatorOptions): Round the scale factor up, and snappily enclose the clip rects.

TextIndicator doesn't require the use of the precise scale factor that
the page is painted at, but we want it to be sharp, so we overshoot!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247846 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248350] by Kocsen Chung

1 edit
2 adds in branches/safari-608.1-branch/LayoutTests

Cherry-pick r247824. rdar://problem/54017900

Adding iOS-specific expectations for fast/text-indicator/text-indicator-with-low-contrast-text.html.
https://bugs.webkit.org/show_bug.cgi?id=200064

Unreviewed Test Gardening.

platform/ios/fast/text-indicator/text-indicator-with-low-contrast-text-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248349] by Kocsen Chung

20 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r247822. rdar://problem/54017886

Avoid UI Process hangs when the WebContent process is showing JS prompts / alerts
https://bugs.webkit.org/show_bug.cgi?id=200107
<rdar://problem/53034592>

Reviewed by Geoffrey Garen.

Source/WebCore:

Add testing infrastructure for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply.

Test: fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html

page/ChromeClient.h:
testing/Internals.cpp: (WebCore::Internals::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
testing/Internals.h:
testing/Internals.idl:

Source/WebKit:

Platform/IPC/Connection.cpp: (IPC::Connection::SyncMessageState::incrementProcessIncomingSyncMessagesWhenWaitingForSyncReplyCount): (IPC::Connection::SyncMessageState::decrementProcessIncomingSyncMessagesWhenWaitingForSyncReplyCount): (IPC::Connection::SyncMessageState::processIncomingMessage): (IPC::Connection::sendSyncMessage):
Platform/IPC/Connection.h: Add support for new SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag to allow processing incoming sync messages while sending a particular sync IPC. This is the default behavior in all processes except in the WebContent process, where we try to avoid re-entering to prevent bugs. This flag allows the WebContent process to change its default behavior for some specific IPCs, where we know it is safe to re-enter and where it benefits performance to re-renter.

NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::didReceiveSyncMessage): (WebKit::NetworkProcessProxy::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
UIProcess/Network/NetworkProcessProxy.h:
UIProcess/Network/NetworkProcessProxy.messages.in:
WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
WebProcess/WebPage/WebPage.h: (WebKit::WebPage::sendSyncWithDelayedReply):
WebProcess/WebPage/WebPage.messages.in: SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply Add testing infrastructure for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag.

WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::runJavaScriptAlert): (WebKit::WebChromeClient::runJavaScriptConfirm): (WebKit::WebChromeClient::runJavaScriptPrompt): Use new SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply flag when sending the synchronous IPC for JS alerts / prompt / confirm. This allows the WebProcess to process incoming synchronous IPC for other processes (in particular the UIProcess) while it is blocked on those synchronous IPCs. It is safe to re-enter the WebContent process on these sync IPCs since they are triggered by JS and we return to JS right after. This should avoid UIProcess hangs when the UIProcess is sending a sync IPC to the WebContent process, which is itself stuck on the sync IPC to show a JS alert.

LayoutTests:

Add layout test coverage for SendSyncOption::ProcessIncomingSyncMessagesWhenWaitingForSyncReply.
Without the flag on the sendSync from the WebContent process of the
NetworkConnectionToWebProcess::TestProcessIncomingSyncMessagesWhenWaitingForSyncReply IPC, the
test would hang. This is because the WebContent process sends a sync IPC to the network process,
which in turns sends one to the UIProcess, which itself sends one back to the WebContent process.
This would attempt to re-enter the WebContent process which is currently sending a sync IPC, which
is not allowed by default.

fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply-expected.txt: Added.
fast/misc/testProcessIncomingSyncMessagesWhenWaitingForSyncReply.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248348] by Kocsen Chung

4 edits in branches/safari-608.1-branch/Source

Cherry-pick r247793. rdar://problem/54017899

Regression(r247400): Unable to log into AIB Mobile Banking App
https://bugs.webkit.org/show_bug.cgi?id=200094
<rdar://problem/52519818>

Reviewed by Brent Fulgham.

In r247400, a change was made to only set the 'app has universal sandbox access' flag
only when issueing the sandbox extension for / actually succeeded (it usually fails
in practice). Previously, AIB Mobile Banking app was relying on this behavior to
trigger a load for file:///login which is outside their container. However, now that
the 'app has universal sandbox access' flag is no longer set, it trips our security
checks and the load gets ignored.

To address the issue, apply only the 'app has universal sandbox access' flag fix with
a linked-on-after check.

UIProcess/Cocoa/VersionChecks.h:
UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248347] by Kocsen Chung

8 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r247792. rdar://problem/54017900

Daring Fireball long press highlights are unnecessarily inflated due to false illegibility
https://bugs.webkit.org/show_bug.cgi?id=200064

Reviewed by Geoff Garen.

Source/WebCore:

If we consider text illegible on the given estimated background color,
we bail from doing a tightly fitted selection-only TextIndicator and
instead just paint the page without modification into the indicator,
causing ugly overlap and an excessively inflated indicator.

Change the mechanism we use to determine illegibility to be based on
a standard, instead of a constant chosen by hand 13 years ago.

Test: fast/text-indicator/text-indicator-with-low-contrast-text.html

platform/graphics/ColorUtilities.cpp: (WebCore::luminance): Fix a typo.

(WebCore::contrastRatio):
Add a function that computes the contrast ratio given two colors using
the formula from WCAG.

platform/graphics/ColorUtilities.h:
rendering/TextPaintStyle.cpp: (WebCore::textColorIsLegibleAgainstBackgroundColor): Make use of WCAG's minimum legible contrast ratio instead of an arbitrary color difference cutoff for determining whether we consider text legible. It seems sensible and also considers the text on DF readable (which it seems to be to me!).

testing/Internals.cpp: (WebCore::Internals::TextIndicatorInfo::TextIndicatorInfo):
testing/Internals.h:
testing/Internals.idl: Expose all of the text rects to Internals, not just the bounding rect. Expose some more TextIndicator options to Internals so that we can turn on the legibility mechanism.

LayoutTests:

fast/text-indicator/text-indicator-with-low-contrast-text-expected.txt: Added.
fast/text-indicator/text-indicator-with-low-contrast-text.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248346] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebCore

Cherry-pick r247756. rdar://problem/54017897

Long press hint has half blue shape in Feedly.com
https://bugs.webkit.org/show_bug.cgi?id=200053
<rdar://problem/53323369>

Reviewed by Simon Fraser.

No new tests, because TextIndicator snapshots are not yet testable.

rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintForegroundForFragments): Paint ChildBlockBackgrounds when painting selection AND backgrounds; only exclude it when doing a selection-only paint.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247756 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248345] by Kocsen Chung

5 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r247730. rdar://problem/54017873

Long press hint of AirPods buy buttons are tall and narrow during animation
https://bugs.webkit.org/show_bug.cgi?id=200036
<rdar://problem/53145697>

Reviewed by Wenson Hsieh.

Source/WebCore:

New test: fast/text-indicator/text-indicator-with-tiny-child.html

dom/Range.cpp: (WebCore::Range::borderAndTextRects const):
dom/Range.h: Add a BoundingRectBehavior that ignores 1x1 and smaller rects.

page/TextIndicator.cpp: (WebCore::absoluteBoundingRectForRange): Enable IgnoreTinyRects.

LayoutTests:

fast/text-indicator/text-indicator-with-tiny-child-expected.txt: Added.
fast/text-indicator/text-indicator-with-tiny-child.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248344] by Kocsen Chung

10 edits
3 adds in branches/safari-608.1-branch

Cherry-pick r247720. rdar://problem/54017869

WebKit should strip away system font names from the pasted content
https://bugs.webkit.org/show_bug.cgi?id=199975
<rdar://problem/53336353>

Reviewed by Darin Adler.

Source/WebCore:

Cocoa HTML Writer sometimes generate system font names such as ".AppleSystemUIFont", ".SFUI-Regular", and ".SF UI Mono".
We need to strip away these font names upon paste to avoid these font names falling back to Times New Roman.

Added the code to strip these font names away in EditingStyle::mergeStyleFromRulesForSerialization, which is used by
StylizedMarkupAccumulator to generate HTML during copy. This works because WebContentReader::readWebArchive invokes
sanitizeMarkupWithArchive which inserts the pasteboard content into a temporary document then re-serializes back to HTML
using StylizedMarkupAccumulator before the actual pasting happens.

This approach has a few benefits over stripping away these font names in ReplaceSelectionCommand:

It would only affect clients that opts-in to copy & paste sanitization. e.g. it won't affect legacy WebKit clients and those that opt out of pasteboard content sanitization.

It preserves font names such as ".SF Blah" that a website may insert as some kind of house keeping purposes if ever. While we don't have any evidence that there is any such a website but it's a real risk nonetheless. The copy side fix would only affect cross-site and cross-app pasting, which is rare and less likely to affect real user scenarios.

It avoids exposing bogus .Apple* or .SF* font names to websites that directly use event.clipboardData.getData. Indeed stripping away bogus markup like this is one of the key features / benefit of using copy & paste sanitization.

Test: editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts.html

editing/EditingStyle.cpp: (WebCore::usesForbiddenSystemFontAsOnlyFontFamilyName): Added. (WebCore::EditingStyle::mergeStyleFromRulesForSerialization): Added the code to remove font-family property when needed.
platform/graphics/FontCache.h:
platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::isSystemFont): Moved. (WebCore::FontCache::isSystemFontForbiddenForEditing): Added.
platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Added. Always returns false.
platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::isSystemFontForbiddenForEditing): Ditto.

Tools:

Added a test to strip away system font names such as ".AppleSystemUIFont", ".SFUI-Regular", and ".SF UI Mono".

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:
TestWebKitAPI/Tests/WebKitCocoa/cocoa-writer-markup-with-system-fonts.html: Added.

LayoutTests:

Added a test for ClipboardData.getData returning the original markup and execCommand('insertHTML', ~)
not stripping away system font names.

editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts-expected.txt: Added.
editing/pasteboard/paste-cocoa-writer-markup-with-system-fonts.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248343] by Kocsen Chung

8 edits in branches/safari-608.1-branch

Cherry-pick r247679. rdar://problem/54017903

[iOS] [WebKit2] Add limited support for -isPosition:atBoundary:inDirection: in WKContentView
https://bugs.webkit.org/show_bug.cgi?id=199993
<rdar://problem/49523528>

Reviewed by Beth Dakin.

Source/WebKit:

Add support for -isPosition:atBoundary:inDirection:, only in the cases where the given position is the start or
and position and the given granularity is UITextGranularityParagraph.

Test: EditorStateTests.ParagraphBoundary

Shared/EditorState.cpp: (WebKit::EditorState::PostLayoutData::encode const): (WebKit::EditorState::PostLayoutData::decode):
Shared/EditorState.h:

Add a couple of bits to indicate whether the selection start or end positions are at paragraph boundaries.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView isPosition:atBoundary:inDirection:]):

Implement this to return selectionStartIsAtParagraphBoundary or selectionEndIsAtParagraphBoundary.

WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformEditorState const):

Tools:

Add a new API test to verify the behavior of -isPosition:atBoundary:inDirection:.

TestWebKitAPI/Tests/WebKitCocoa/EditorStateTests.mm: (TestWebKitAPI::TEST):
TestWebKitAPI/cocoa/TestWKWebView.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247679 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248342] by Kocsen Chung

3 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247657. rdar://problem/54017957

Provide correct names for UIContextMenuInteraction API replacements
https://bugs.webkit.org/show_bug.cgi?id=199966

Reviewed by Tim Horton.

We had some old incorrect names for replacements to SPI. While
here, I reordered and expanded the documentation for the new API.

UIProcess/API/Cocoa/WKUIDelegate.h:
UIProcess/API/Cocoa/WKUIDelegatePrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247657 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:52 PM Changeset in webkit [248341] by Kocsen Chung

5 edits
2 adds in branches/safari-608.1-branch

Cherry-pick r247651. rdar://problem/54017866

[iOS] Entering 2FA code on idmsa.apple.com causes unexpected scrolling
https://bugs.webkit.org/show_bug.cgi?id=199949
<rdar://problem/49944428>

Reviewed by Tim Horton and Megan Gardner.

Source/WebKit:

Since at least iOS 11, -[UIScrollView _adjustForAutomaticKeyboardInfo:animated:lastAdjustment:] adjusts the
scroll view's content offset to account for updated keyboard bottom insets. In WebKit, we call this method
whenever keyboard geometry changes (based on system notifications, such as UIKeyboardWillHideNotification).

When switching between focused form fields, we hide the keyboard for the previous focused element prior to
showing the keyboard for the newly focused element. This means that we will actually dismiss the keyboard in the
process of changing the focused element, which posts keyboard geometry notifications, which causes us to scroll
WKScrollView.

On iOS 12, this would be immediately followed by re-presenting the keyboard for the new focused element, which
causes us to adjust the scroll view back to its original position right away; this means that the scrolling that
happens as a result of adjusting for the keyboard insets after dismissal doesn't result in any visible change.

However, on iOS 13, after r239441 and r244546, we now defer scrolling and zooming to reveal the focused element
until later; this means the scrolling that happens as a result of initially dismissing the keyboard now causes a
consistent jump in the scroll view's scroll position (whereas on iOS 12, this only happens rarely, and the jump
is also less noticeable).

To mitigate this, we detect the case where we're moving focus from one element to another; if we're about to
show a keyboard for the newly focused element, then we should avoid scrolling as a result of the impending
"keyboard will hide" notification.

Test: fast/forms/ios/no-scrolling-when-moving-focus-between-adjacent-fields.html

UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _keyboardChangedWithInfo:adjustScrollView:]): (-[WKWebView _keyboardWillHide:]):
UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm: (shouldShowKeyboardForElement):

Add a helper to determine whether we're focusing an element which presents a "keyboard" (i.e. a UIKit input
view, as opposed to modal select pickers, modal date pickers, or fields with inputmode="none", for which we
don't show an input view).

(-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]):
(-[WKContentView shouldIgnoreKeyboardWillHideNotification]):

LayoutTests:

Add a new layout test to verify that moving focus between horizontally adjacent form controls doesn't induce
vertical scrolling.

fast/forms/ios/no-scrolling-when-moving-focus-between-adjacent-fields-expected.txt: Added.
fast/forms/ios/no-scrolling-when-moving-focus-between-adjacent-fields.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247651 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:51 PM Changeset in webkit [248340] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247635. rdar://problem/54017879

Fix warning when importing WebKit in Swift
https://bugs.webkit.org/show_bug.cgi?id=199914
<rdar://problem/52854930>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-18
Reviewed by Wenson Hsieh.

UIProcess/API/Cocoa/NSAttributedString.h: Declare NSAttributedString and update a swift name. This fix was proposed by Argyrios Kyrtzidis.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247635 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9:17 PM Changeset in webkit [248339] by sbarati@apple.com

2 edits in trunk/Source/WebCore

[WHLSL] Make resolveFunction in Checker faster
https://bugs.webkit.org/show_bug.cgi?id=200287

Reviewed by Robin Morisset.

This patch makes compute_boids faster by making function overload
resolution faster inside the Checker. It's a ~6ms speedup in the
checker. The main idea is to limit the number of overloads we need
to look for by using a hash table that describes a function's type
instead of just using a hash table keyed by a function's name.

The interesting implementation detail here is we must construct entries
in the hash table such that they still allow constants to be resolved to
various types. This means that the key in the hash table must normalize
the vector of types it uses to express a function's identity. The normalization
rules are:

int => float
uint => float
T* => float*
T[] => float*

The first two rules are because int constants can be matched against
the float and uint types. The latter two rules are because the null
literal can be matched against any pointer or any array reference
(we pick float* arbitrarily). Even though it seems like these
normalization rules would drastically broaden the efficacy of the hash
table, we still see a 100x reduction in the number of overloads we must
resolve inside compute_boids. We go from having to resolve 400,000
overloads to just resolving 4,000.

Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::FunctionKey::FunctionKey):
(WebCore::WHLSL::FunctionKey::isEmptyValue const):
(WebCore::WHLSL::FunctionKey::isHashTableDeletedValue const):
(WebCore::WHLSL::FunctionKey::hash const):
(WebCore::WHLSL::FunctionKey::operator== const):
(WebCore::WHLSL::FunctionKey::Hash::hash):
(WebCore::WHLSL::FunctionKey::Hash::equal):
(WebCore::WHLSL::FunctionKey::Traits::isEmptyValue):
(WebCore::WHLSL::Checker::Checker):
(WebCore::WHLSL::Checker::wrappedFloatType):
(WebCore::WHLSL::Checker::genericPointerType):
(WebCore::WHLSL::Checker::normalizedTypeForFunctionKey):
(WebCore::WHLSL::Checker::resolveFunction):
(WebCore::WHLSL::Checker::finishVisiting):
(WebCore::WHLSL::Checker::visit):
(WebCore::WHLSL::resolveFunction): Deleted.

8:15 PM Changeset in webkit [248338] by rniwa@webkit.org

7 edits
2 adds
2 deletes in trunk

[iPadOS] slides.google.com: tapping near cursor in a slide title focuses the speaker notes
https://bugs.webkit.org/show_bug.cgi?id=200216

Reviewed by Wenson Hsieh.

Source/WebKit:

The bug was caused by a race condition between Google slides removing inputmode="none" from the hidden
content editable and updating the focused region upon receiving a pointerup event, which happens after
the Google slides had already updated its page layout & coordinates based on new visual viewport with
the software keyboard's boudning rect taken into account.

Delay bringing up the software keyboard for a inputmode change until all touches are released.

In the future, we could consider also delaying the software keyboard to be brought in general until
touchend / pointerup events are dispatched but this is rather risky since that could affact random
other websites while Google suites is the only major site to make use of inputmode="none".

This patch also reverts r243044, which was added for Google slides, since it's no longer needed and
interferes with this patch by adding another way to bring up the software keyboard.

Note: Adjusting touchend / pointerup coordinates while the keyboard is being brought up doesn't work
because the page had already updated the layout by then based on new visual viewport size.

Test: fast/forms/ios/inputmode-change-update-keyboard-after-pointerup.html

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::handleTouchEventSynchronously): Call didReleaseAllTouchPoints when all
touches are released.
(WebKit::WebPageProxy::handleTouchEventAsynchronously): Ditto.
(WebKit::WebPageProxy::handleTouchEvent): Ditto.

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::didReleaseAllTouchPoints): Added for non-iOS platforms.
(WebKit::WebPageProxy::m_pendingInputModeChange): Added. Used when inputmode is changed while
there is an on-going touch interaction.

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::elementDidFocus): Clear m_pendingInputModeChange when a new element is focused.
(WebKit::WebPageProxy::elementDidBlur): Ditto for bluring.
(WebKit::WebPageProxy::focusedElementDidChangeInputMode): Don't bring up the software keyboard now if
there are on-going touches by exiting early after setting m_pendingInputModeChange.
(WebKit::WebPageProxy::didReleaseAllTouchPoints): Bring up the software keyboard if inputmode
had changed from "none" to something else.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::dispatchTouchEvent): Removed the code added by r243044.

LayoutTests:

Added a new regression test and removed the one added for r243044.

fast/events/touch/ios/show-keyboard-after-preventing-touchstart-expected.txt: Removed.
fast/events/touch/ios/show-keyboard-after-preventing-touchstart.html: Removed.
fast/forms/ios/inputmode-change-update-keyboard-after-pointerup-expected.txt: Added.
fast/forms/ios/inputmode-change-update-keyboard-after-pointerup.html: Added.
fast/forms/ios/inputmode-change-update-keyboard.html: Fixed the test for manual testing.

7:48 PM Changeset in webkit [248337] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

[JSC] sampling-profiler can see garbage Wasm::Callee* pointer which is HashTable deleted / empty values
https://bugs.webkit.org/show_bug.cgi?id=200494

Reviewed by Saam Barati.

The sampling-profiler can see a garbage pointer which is like Wasm::Callee*. This can be filtered by HashSet<Callee*>.
But this is safe only when the garbage pointer is not deleted / empty values. We saw occasional crash with JetStream2/tsf-wasm.
This patch filters out these values with HashSet<Callee*>::isValidValue.

wasm/WasmCalleeRegistry.h:

(JSC::Wasm::CalleeRegistry::isValidCallee):

6:44 PM Changeset in webkit [248336] by Fujii Hironori

5 edits in trunk

ASSERTION FAILED: m_observers.isEmpty() if WKPageSetPageStateClient is used
https://bugs.webkit.org/show_bug.cgi?id=200465

Reviewed by Alex Christensen.

Source/WebKit:

PageLoadState::Observer should be removed before destructing
WebPageProxy.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::~WebPageProxy): Call
setPageLoadStateObserver with nullptr to remove
PageLoadState::Observer.

Tools:

TestWebKitAPI/Tests/WebKit/PageLoadState.cpp:

(TestWebKitAPI::WebKit.PageLoadState): Set PageStateClient before
finishing the test.

TestWebKitAPI/win/PlatformWebViewWin.cpp:

(TestWebKitAPI::PlatformWebView::~PlatformWebView): Release m_view.

6:16 PM Changeset in webkit [248335] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Fix 32-bit Linux build after r248282
https://bugs.webkit.org/show_bug.cgi?id=200491

Patch by Loïc Yhuel <loic.yhuel@softathome.com> on 2019-08-06
Reviewed by Youenn Fablet.

minInterToneGapMs must be a size_t like interToneGap for std::max call.
The other constants are updated for consistency, even if the compiler
was able to cast them automatically.

Modules/mediastream/RTCDTMFSender.cpp:

5:33 PM Changeset in webkit [248334] by Alan Coon

7 edits in branches/safari-608.1-branch/Source

Versioning.

5:33 PM Changeset in webkit [248333] by Chris Dumez

2 edits in trunk/Source/WebKit

Add release assertions to help catch a bug in our WebProcessCache implementation
https://bugs.webkit.org/show_bug.cgi?id=200483

Reviewed by Geoffrey Garen.

Add release assertions to help catch a bug in our WebProcessCache implementation. We
have evidence (rdar://problem/53962494) that we have processes with a page which
starts a provisional load while the process is in the WebProcessCache. This should
not be possible.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::setIsInProcessCache):
(WebKit::WebProcessProxy::addExistingWebPage):

5:31 PM Changeset in webkit [248332] by Alan Coon

7 edits in branches/safari-608-branch/Source

Versioning.

5:31 PM Changeset in webkit [248331] by Alan Coon

1 copy in tags/Safari-608.1.43

Tag Safari-608.1.43.

5:17 PM Changeset in webkit [248330] by dino@apple.com

4 edits in trunk/Source

Context menu on a universal link produces a blank preview
https://bugs.webkit.org/show_bug.cgi?id=200485
<rdar://problem/53699620>

Reviewed by Dean Jackson.

Source/WebCore/PAL:

Define iTunesStoreURL from CoreServices.

pal/spi/cocoa/LaunchServicesSPI.h:

Source/WebKit:

If the context menu is activated on an iTunesStore URL, pass it
on to DataDetectors, who should know how to handle it.

Two drive-by fixes:

make it clear that early returns do not produce a value. Instead call the completion handler first, then return.
The new API DataDetectors case doesn't need to worry about hiding link previews as DataDetectors itself will handle that.

UIProcess/ios/WKContentViewInteraction.mm: If the URL is an iTunesStoreURL

(as defined by CoreServices), let DataDetectors handle it.
(-[WKContentView assignLegacyDataForContextMenuInteraction]):
(-[WKContentView continueContextMenuInteraction:]):
(-[WKContentView continueContextMenuInteractionWithDataDetectors:]): New method to
use DataDetectors if possible.

5:06 PM Changeset in webkit [248329] by Chris Dumez

2 edits in trunk/Source/WebKit

Avoid unnecessary ResourceRequest copy under NetworkResourceLoader::isCrossOriginPrefetch()
https://bugs.webkit.org/show_bug.cgi?id=200478

Reviewed by Youenn Fablet.

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::isCrossOriginPrefetch const):

4:46 PM Changeset in webkit [248328] by Devin Rousso

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Show radius values in box model metrics view
https://bugs.webkit.org/show_bug.cgi?id=160993
<rdar://problem/27919035>

Reviewed by Brian Burg.

UserInterface/Views/BoxModelDetailsSectionRow.js:

(WI.BoxModelDetailsSectionRow.prototype._getPropertyValue): Added.
(WI.BoxModelDetailsSectionRow.prototype._getPropertyValueAsPx):
(WI.BoxModelDetailsSectionRow.prototype._getBox):
(WI.BoxModelDetailsSectionRow.prototype._getComponentPrefix): Added.
(WI.BoxModelDetailsSectionRow.prototype._getComponentSuffix):
(WI.BoxModelDetailsSectionRow.prototype._updateMetrics):
(WI.BoxModelDetailsSectionRow.prototype._updateMetrics.createBoxPartElement):
(WI.BoxModelDetailsSectionRow.prototype._updateMetrics.createContentAreaElement):
(WI.BoxModelDetailsSectionRow.prototype._applyUserInput):
(WI.BoxModelDetailsSectionRow.prototype._applyUserInput.inspectedPage_node_toggleInlineStyleProperty):

UserInterface/Views/BoxModelDetailsSectionRow.css:

(.details-section .row.box-model .box): Added.
(.details-section .row.box-model .box > .label): Added.
(.details-section .row.box-model .box.position): Added.
(.details-section .row.box-model .box.margin): Added.
(.details-section .row.box-model:not(.hovered) .box.margin, .details-section .row.box-model .box.margin.active): Added.
(.details-section .row.box-model .box.border): Added.
(.details-section .row.box-model:not(.hovered) .box.border, .details-section .row.box-model .box.border.active): Added.
(.details-section .row.box-model .box.border > .label): Added.
(.details-section .row.box-model .box.border.has-top-left-radius, .details-section .row.box-model .box.border.has-top-left-radius .box): Added.
(.details-section .row.box-model .box.border.has-top-right-radius, .details-section .row.box-model .box.border.has-top-right-radius .box): Added.
(.details-section .row.box-model .box.border.has-bottom-right-radius, .details-section .row.box-model .box.border.has-bottom-right-radius .box): Added.
(.details-section .row.box-model .box.border.has-bottom-left-radius, .details-section .row.box-model .box.border.has-bottom-left-radius .box): Added.
(.details-section .row.box-model .box.padding): Added.
(.details-section .row.box-model:not(.hovered) .box.padding, .details-section .row.box-model .box.padding.active): Added.
(.details-section .row.box-model .box.content): Added.
(.details-section .row.box-model:not(.hovered) .box.content, .details-section .row.box-model .box.content.active): Added.
(.details-section .row.box-model :matches(.top, .right, .bottom, .left)): Added.
(.details-section .row.box-model :matches(.top, .right, .bottom, .left):not(.editing), .details-section .row.box-model :matches(.top-left, .top-right, .bottom-right, .bottom-left)): Added.
(.details-section .row.box-model :matches(.top-left, .top-right, .bottom-right, .bottom-left)): Added.
(.details-section .row.box-model :matches(.top-left, .top-right)): Added.
(.details-section .row.box-model :matches(.bottom-left, .bottom-right):not(.editing)): Added.
(.details-section .row.box-model :matches(.bottom-left, .bottom-right).editing): Added.
(.details-section .row.box-model :matches(.top-left, .bottom-left):not(.editing)): Added.
(.details-section .row.box-model :matches(.top-left, .bottom-left).editing): Added.
(.details-section .row.box-model :matches(.top-right, .bottom-right):not(.editing)): Added.
(.details-section .row.box-model :matches(.top-right, .bottom-right).editing): Added.
(@media (prefers-color-scheme: dark) .details-section .row.box-model .box): Added.
(@media (prefers-color-scheme: dark) .details-section .row.box-model:not(.hovered) .box:matches(.margin, .border, .padding, .content), .details-section .row.box-model .box.active:matches(.margin, .border, .padding, .content)): Added.
(@media (prefers-color-scheme: dark) .details-section .row.box-model .box.margin): Added.
(@media (prefers-color-scheme: dark) .details-section .row.box-model .box.border): Added.
(.details-section .row.box-model :matches(.position, .margin, .border, .padding, .content)): Deleted.
(.details-section .row.box-model .position): Deleted.
(.details-section .row.box-model .margin): Deleted.
(.details-section .row.box-model:not(.hovered) .margin, .details-section .row.box-model .margin.active): Deleted.
(.details-section .row.box-model .border): Deleted.
(.details-section .row.box-model:not(.hovered) .border, .details-section .row.box-model .border.active): Deleted.
(.details-section .row.box-model .padding): Deleted.
(.details-section .row.box-model:not(.hovered) .padding, .details-section .row.box-model .padding.active): Deleted.
(.details-section .row.box-model .content): Deleted.
(.details-section .row.box-model:not(.hovered) .content, .details-section .row.box-model .content.active): Deleted.
(.details-section .row.box-model :matches(.content span, .top, .right, .bottom, .left)): Deleted.
(.details-section .row.box-model :matches(.right, .left)): Deleted.
(.details-section .row.box-model:not(.hovered) :matches(.margin, .border, .padding, .content), .details-section .row.box-model .active:matches(.margin, .border, .padding, .content)): Deleted.

UserInterface/Models/CSSProperty.js:

(WI.CSSProperty.prototype.update):
Ensure that the _value is updated whenever the _rawValue is updated.

4:38 PM Changeset in webkit [248327] by commit-queue@webkit.org

18 edits
1 move in trunk

Unreviewed, rolling out r248289.
https://bugs.webkit.org/show_bug.cgi?id=200488

Broke internal builds (Requested by drousso on #webkit).

Reverted changeset:

"Web Inspector: Styles: show @supports CSS groupings"
https://bugs.webkit.org/show_bug.cgi?id=200419
https://trac.webkit.org/changeset/248289

4:24 PM Changeset in webkit [248326] by msaboff@apple.com

5 edits
3 adds in trunk/PerformanceTests

Make JSC memory benchmark available on OpenSource
https://bugs.webkit.org/show_bug.cgi?id=195012

Reviewed by Saam Barati.

This patch upstreams the RAMification memory benchmark to open source.

The prior RAMification.py driver script in the Internal directory has been moved here
with the device execution code seperated out to a new Internal driver script.
As a result, command line argument parsing as well as acting on the resulting argument
values has changed. The remote device Runner creates an ArgumentParser object that is
passed through main(). In main(), if we have an ArgumentParser, we use it otherwise we
create one for benchmarking locally. The arguments object returned from argument
parsing is now passed to the Runner constructor so it can extract the settings appropriate
for that particular runner.

Added some sane argument default values for the JSC command patch and the JetStream2
source directory.

Updated the Lua tests to eliminate the testing harness and its overhead, matching what was
done in the Internal tree.

JetStream2/LuaJSFight/hello_world.js:

(Benchmark.prototype.runIteration): Deleted.
(Benchmark): Deleted.

JetStream2/LuaJSFight/list_search.js:

(run): Deleted.
(Benchmark.prototype.runIteration): Deleted.
(Benchmark): Deleted.

JetStream2/LuaJSFight/lists.js:

(): Deleted.
(Benchmark.prototype.runIteration): Deleted.
(Benchmark): Deleted.

JetStream2/LuaJSFight/richards.js: Added.

(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

JetStream2/LuaJSFight/string_lists.js:

(): Deleted.
(Benchmark.prototype.runIteration): Deleted.
(Benchmark): Deleted.

JetStream2/RAMification.py: Added.

(mean):
(geomean):
(frameworkPathFromExecutablePath):
(parseArgs):
(parseArgs.optStrToBool):
(BaseRunner):
(BaseRunner.init):
(BaseRunner.setup):
(BaseRunner.setEnv):
(BaseRunner.unsetEnv):
(BaseRunner.resetForTest):
(BaseRunner.processLine):
(BaseRunner.setReturnCode):
(BaseRunner.getResults):
(LocalRunner):
(LocalRunner.init):
(LocalRunner.runOneTest):
(main):
(main.runTestList):

JetStream2/init.py: Added.

4:20 PM Changeset in webkit [248325] by jiewen_tan@apple.com

2 edits in trunk/Tools

Unreviewed, a build fix after r248308

Don't use WK_ENGINEERING_CODE_SIGN_IDENTITY for Production build.

WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:

3:40 PM Changeset in webkit [248324] by jiewen_tan@apple.com

4 edits in trunk

Unreviewed, a build fix after r248319

Use HAVE(DATA_PROTECTION_KEYCHAIN) instead of HAVE_DATA_PROTECTION_KEYCHAIN.

Source/WebKit:

UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::makeCredential):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
(WebKit::LocalAuthenticator::getAssertion):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented):

Tools:

WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:
WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::addTestKeyToKeychain):
(WTR::TestController::cleanUpKeychain):
(WTR::TestController::keyExistsInKeychain):

3:28 PM Changeset in webkit [248323] by Alan Coon

1 copy in tags/Safari-608.2.3

Tag Safari-608.2.3.

3:27 PM Changeset in webkit [248322] by Alan Coon

1 delete in tags/Safari-608.2.3

Delete tag.

3:26 PM Changeset in webkit [248321] by Alan Coon

47 edits
1 add in branches/safari-608-branch

Apply patch. rdar://problem/53992160

3:20 PM Changeset in webkit [248320] by Devin Rousso

2 edits
2 adds in trunk/Source/JavaScriptCore

Web Inspector: allow comments in protocol JSON
https://bugs.webkit.org/show_bug.cgi?id=200104

Reviewed by Brian Burg.

inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification.load_specification):

inspector/scripts/tests/generic/should-strip-comments.json: Added.
inspector/scripts/tests/generic/expected/should-strip-comments.json-result: Added.

3:12 PM Changeset in webkit [248319] by jiewen_tan@apple.com

6 edits in trunk

Unreviewed, a build fix after r248308

Use kSecUseDataProtectionKeychain for iOS 13 and macOS Catalina or newer.

Source/WebKit:

UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

Source/WTF:

wtf/Platform.h:

Tools:

WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::addTestKeyToKeychain):
(WTR::TestController::cleanUpKeychain):
(WTR::TestController::keyExistsInKeychain):

3:04 PM Changeset in webkit [248318] by Chris Dumez

2 edits in trunk/Source/WebKit

Unreviewed, fix internal iOS build after r248308.

UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::makeCredential):

2:57 PM Changeset in webkit [248317] by Keith Rollin

2 edits in trunk/Tools

Enable XCBuild for make and build-webkit builds
https://bugs.webkit.org/show_bug.cgi?id=200476
<rdar://problem/50771065>

Reviewed by Jonathan Bedard.

All projects have now been tested under XCBuild and successfully
build. Enable the use of XCBuild when performing builds with make or
build-webkit and when using a sufficient version of Xcode. We set
this version to Xcode 11 since Xcode 10 -- even though it supports
XCBuild -- does not support a build facility needed to build WebKit
(Bug 197072, Bug 197116, Bug 197340).

Do not enable XCBuild in the Xcode projects themselves since these
projects may need to be used under older versions of Xcode and there's
no way to make those project changes sensitive to the version of Xcode
being used. This means that builds performed in the Xcode IDE will not
use XCBuild.

Scripts/webkitdirs.pm:

(canUseXCBuild):

2:45 PM Changeset in webkit [248316] by Chris Dumez

10 edits in trunk

Fix inefficiency in HTTPHeaderMap::set(CFStringRef, const String&)
https://bugs.webkit.org/show_bug.cgi?id=200475

Reviewed by Darin Adler.

Source/WebCore:

In the case where CFStringGetCStringPtr() succeeds in returning us a pointer
to the CFStringRef underlying characters but it is not a common header, we
would fall back to calling HTTPHeaderMap::set(const String&, const String&)
which would unecessarily call findHTTPHeaderName() again to try and determine
if it is a common header. Avoid this by introducing a new setUncommonHeader()
private method and calling this one instead. Also got rid of some code
duplication at the same time.

platform/network/HTTPHeaderMap.cpp:

(WebCore::HTTPHeaderMap::set):
(WebCore::HTTPHeaderMap::setUncommonHeader):

platform/network/HTTPHeaderMap.h:
platform/network/HTTPParsers.cpp:

(WebCore::parseHTTPHeader):

testing/MockCDMFactory.cpp:

(WebCore::MockCDMInstance::setServerCertificate):

Source/WTF:

Add convenience constuctor to StringView which takes in a const char*
and an unsigned length, similarly to what we already have for String.

wtf/URL.cpp:

(WTF::URL::protocolIs const):
(WTF::protocolIsInternal):

wtf/text/StringView.h:

(WTF::StringView::StringView):
(WTF::StringView::empty):

Tools:

TestWebKitAPI/Tests/WTF/StringView.cpp:

(TestWebKitAPI::stringViewFromLiteral):
(TestWebKitAPI::stringViewFromUTF8):

2:34 PM Changeset in webkit [248315] by clopez@igalia.com

2 edits in trunk/Tools

Update my status in contributors.json to reviewer.

Regained the status after following the procedure for inactive contributors.
See r247136 for further explanation.

Scripts/webkitpy/common/config/contributors.json:

2:28 PM Changeset in webkit [248314] by Alan Coon

1 copy in tags/Safari-608.2.3

Tag Safari-608.2.3.

2:25 PM Changeset in webkit [248313] by Alan Coon

7 edits in branches/safari-608-branch/Source

Versioning.

1:38 PM Changeset in webkit [248312] by russell_e@apple.com

3 edits in trunk/LayoutTests

Updating Test Expectations for <rdar://53957264>, <rdar://53946482>, <rdar://53866783>

Unreviewed Test Gardening.

platform/ios-12/TestExpectations:
platform/ios/TestExpectations:

1:33 PM Changeset in webkit [248311] by Nikita Vasilyev

3 edits in trunk/Source/WebInspectorUI

Web Inspector: RTL: go-to arrows and expand triangles in Computed panel should match their context
https://bugs.webkit.org/show_bug.cgi?id=200449

Reviewed by Joseph Pecoraro.

UserInterface/Views/ComputedStyleSection.css:

(body[dir=rtl] .computed-style-section .computed-property-item .disclosure-button): Deleted.

UserInterface/Views/Main.css:

(body[dir=rtl] [dir=ltr] .go-to-arrow): Added.
In the RTL mode, LTR "islands" should have their contents to be still LTR.

1:31 PM Changeset in webkit [248310] by sbarati@apple.com

5 edits
2 deletes in trunk/Source/WebCore

[WHLSL] Remove the auto initialize variables pass
https://bugs.webkit.org/show_bug.cgi?id=200472

Reviewed by Robin Morisset.

From a separation of concerns perspective, it's a bit nicer to make variables
without initializers call their default constructors as a transformation over the AST.
This removes the need for the lowering to need to worry about such things. However,
changing metal lowering to deal with this is trivial. It means we need to change one
line of code in Metal code generation, and we get to remove a ~50 LOC AST pass.
Also, in this case, it saves us from the compile time hit of having to run the
auto initialize variables phase, which takes ~1.2ms on compute_boids.

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):

Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp: Removed.
Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.h: Removed.
Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

(WebCore::WHLSL::prepareShared):

Sources.txt:
WebCore.xcodeproj/project.pbxproj:

1:18 PM Changeset in webkit [248309] by Justin Fan

7 edits
1 copy
4 adds in trunk/Websites/webkit.org

[WebGPU] Fix up demos on and add compute demo to webkit.org/demos
https://bugs.webkit.org/show_bug.cgi?id=200454

Reviewed by Jon Lee.

Add the compute-blur demo.
Ensure that WebGPU demos will work on upcoming STP release.

demos/webgpu/compute-blur.html: Added.
demos/webgpu/css/style.css: Sync with internal demo repository stylesheet.

(body):
(canvas):
(body.error img):
(body.error input):
(#error p):

demos/webgpu/hello-cube.html:
demos/webgpu/hello-triangle.html:
demos/webgpu/index.html:
demos/webgpu/resources/compute-blur.png: Added.
demos/webgpu/resources/hello-cube.png:
demos/webgpu/resources/textured-cube.png: Added.
demos/webgpu/scripts/compute-blur.js: Added.

(async.init):
(async.loadImage):
(setUpCompute):
(async.computeBlur):
(async.setUniforms):
(createShaderCode):

demos/webgpu/scripts/hello-triangle.js:

(async.helloTriangle):

demos/webgpu/textured-cube.html: Renmaed from Websites/webkit.org/demos/webgpu/hello-cube.html.

12:54 PM Changeset in webkit [248308] by jiewen_tan@apple.com

16 edits
1 add in trunk

[WebAuthN] Enable LocalAuthenticator for macOS
https://bugs.webkit.org/show_bug.cgi?id=182772
<rdar://problem/43347920>

Reviewed by Brent Fulgham.

Source/WebKit:

This patch enables LocalAuthenticator for macOS. The majority
of this patch is to tweak macOS keychain to use the modern one.

Configurations/WebKit.xcconfig:
Platform/spi/Cocoa/DeviceIdentitySPI.h:
UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticatorInternal::toVector):
(WebKit::LocalAuthenticator::makeCredential):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterUserConsented):
(WebKit::LocalAuthenticator::continueMakeCredentialAfterAttested):
(WebKit::LocalAuthenticator::getAssertion):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserConsented):

UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::getUserConsent const):
(WebKit::LocalConnection::getAttestation const):

UIProcess/WebAuthentication/Cocoa/LocalService.mm:

(WebKit::LocalService::isAvailable):

UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:

(WebKit::MockLocalConnection::getAttestation const):

config.h:

Source/WTF:

wtf/Platform.h:

Adds HAVE_DEVICE_IDENTITY.

wtf/spi/cocoa/SecuritySPI.h:

Adds a SPI for telling macOS keychain to use the modern one.

Tools:

Add an entitlement file to WebKitTestRunner such that it can access
the modern macOS keychain.

WebKitTestRunner/Configurations/WebKitTestRunner.entitlements: Added.
WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:
WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::addTestKeyToKeychain):
(WTR::TestController::cleanUpKeychain):
(WTR::TestController::keyExistsInKeychain):

LayoutTests:

Enable existing local authenticator tests for macOS. Since OpenSource bots
don't have the internal setting to include restricted entitlements, tests
will fail on OpenSource bots.

platform/mac-wk2/TestExpectations:

12:04 PM Changeset in webkit [248307] by weinig@apple.com

18 edits in trunk/Source/WebCore

WHLSL Metal code generation unnecessarily does string copies by passing partial results as Strings
https://bugs.webkit.org/show_bug.cgi?id=200471

Reviewed by Saam Barati.

Avoid string copies by passing a single StringBuilder all the way through Metal code
generation and only converting to a String when passing the constructed shader to Metal
API.

Where possible, use StringView in lieu of String for temporary strings being passed to
the StringBuilder to avoid the allocation overhead of StringImpl.

Modules/webgpu/WHLSL/AST/WHLSLAddressSpace.h:

(WebCore::WHLSL::AST::toString):
Switch to StringView.

Modules/webgpu/WHLSL/AST/WHLSLBuiltInSemantic.h:

(WebCore::WHLSL::AST::BuiltInSemantic::toString const):
Switch to StringView.

Modules/webgpu/WHLSL/AST/WHLSLEntryPointType.h:

(WebCore::WHLSL::AST::toString):
Switch to StringView.

Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:

Remove unnecessary "private:".

Modules/webgpu/WHLSL/AST/WHLSLResourceSemantic.h:

(WebCore::WHLSL::AST::ResourceSemantic::toString):
Switch to StringView.

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:

(WebCore::WHLSL::Metal::EntryPointScaffolding::emitResourceHelperTypes):
(WebCore::WHLSL::Metal::EntryPointScaffolding::emitResourceSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::emitBuiltInsSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::emitMangledInputPath):
(WebCore::WHLSL::Metal::EntryPointScaffolding::emitMangledOutputPath):
(WebCore::WHLSL::Metal::EntryPointScaffolding::emitUnpackResourcesAndNamedBuiltIns):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::emitHelperTypes):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::emitSignature):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::emitUnpack):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::emitPack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::emitHelperTypes):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::emitSignature):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::emitUnpack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::emitPack):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::emitHelperTypes):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::emitSignature):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::emitUnpack):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::emitPack):
(WebCore::WHLSL::Metal::EntryPointScaffolding::resourceHelperTypes): Deleted.
(WebCore::WHLSL::Metal::EntryPointScaffolding::resourceSignature): Deleted.
(WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature): Deleted.
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledInputPath): Deleted.
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledOutputPath): Deleted.
(WebCore::WHLSL::Metal::EntryPointScaffolding::unpackResourcesAndNamedBuiltIns): Deleted.
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::helperTypes): Deleted.
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::signature): Deleted.
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::unpack): Deleted.
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack): Deleted.
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::helperTypes): Deleted.
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::signature): Deleted.
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::unpack): Deleted.
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack): Deleted.
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::helperTypes): Deleted.
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature): Deleted.
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::unpack): Deleted.
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::pack): Deleted.

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h:

Rather than have scaffolding return strings, pass in StringBuilders everywhere.

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitConstantExpressionString):
(WebCore::WHLSL::Metal::generateMetalFunctionsMapping):
(WebCore::WHLSL::Metal::emitSharedMetalFunctions):
(WebCore::WHLSL::Metal::emitMetalFunctions):
(WebCore::WHLSL::Metal::FunctionDeclarationWriter::FunctionDeclarationWriter): Deleted.
(WebCore::WHLSL::Metal::FunctionDeclarationWriter::toString): Deleted.
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::toString): Deleted.
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::constantExpressionString): Deleted.
(WebCore::WHLSL::Metal::RenderFunctionDefinitionWriter::RenderFunctionDefinitionWriter): Deleted.
(WebCore::WHLSL::Metal::ComputeFunctionDefinitionWriter::ComputeFunctionDefinitionWriter): Deleted.
(WebCore::WHLSL::Metal::sharedMetalFunctions): Deleted.
(WebCore::WHLSL::Metal::metalFunctions): Deleted.

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.h:

Rather than returning Strings from function generation functions, pass in StringBuilders everywhere.

Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.cpp:

(WebCore::WHLSL::Metal::metalCodeProlog):
(WebCore::WHLSL::Metal::dumpMetalCodeIfNeeded):
(WebCore::WHLSL::Metal::generateMetalCode):
(WebCore::WHLSL::Metal::generateMetalCodeShared): Deleted.

Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.h:

Switch RenderMetalCode and ComputeMetalCode to contain StringBuilders to allow
delaying conversion to String to the latest point possible.

Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:

(WebCore::WHLSL::Metal::TypeNamer::emitMetalTypeDeclarations):
(WebCore::WHLSL::Metal::TypeNamer::emitUnnamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::emitNamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::emitAllUnnamedTypeDefinitions):
(WebCore::WHLSL::Metal::TypeNamer::emitMetalTypeDefinitions):
(WebCore::WHLSL::Metal::TypeNamer::emitMetalTypes):
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::MetalTypeDeclarationWriter): Deleted.
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::toString): Deleted.
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::visit): Deleted.
(WebCore::WHLSL::Metal::TypeNamer::metalTypeDeclarations): Deleted.
(WebCore::WHLSL::Metal::TypeNamer::metalTypeDefinitions): Deleted.
(WebCore::WHLSL::Metal::TypeNamer::metalTypes): Deleted.

Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.h:

Rather than returning Strings from function generation functions, pass in StringBuilders everywhere.

Modules/webgpu/WHLSL/WHLSLParser.cpp:

(WebCore::WHLSL::Parser::parseResourceSemantic):
Remove use of _str, which allocates a String, and just use a StringView directly.

Modules/webgpu/WHLSL/WHLSLPrepare.h:

Switch RenderPrepareResult and ComputePrepareResult to contain StringBuilders to allow
delaying conversion to String to the latest point possible.

platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:

(WebCore::trySetFunctions):

platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::trySetFunctions):
Convert StringBuilders to String at the last moment necessary. Adds a FIXME to improve
in the future by adding direct conversion from StringBuilder to NSString to avoid another
copy.

10:57 AM Changeset in webkit [248306] by Chris Dumez

2 edits in trunk/LayoutTests

Unreviewed, drop change to TestExpectations that landed accidentally with r248276.

platform/wk2/TestExpectations:

10:56 AM Changeset in webkit [248305] by commit-queue@webkit.org

5 edits in trunk/Tools

[results.webkit.org Timeline] Performance improvements
https://bugs.webkit.org/show_bug.cgi?id=200406

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-06
Reviewed by Jonathan Bedard.

Unhook the scroll event when a series/axis have been removed from the container
Fix the axis's cache data structure out of sync.
Use position:sticky to reduce the scrolling blink when update the presenter's transform
Use intersection observer to detect if the canvas on screen or not, if a canvas is not on the screen, we do nothing, this will eliminate render requests we send out.

resultsdbpy/resultsdbpy/view/static/library/js/Ref.js:

(Signal.prototype.removeListener):
(prototype.stopAction): Unregsiter an action handler
(Ref):
(Ref.prototype.apply):
(Ref.prototype.destory):

resultsdbpy/resultsdbpy/view/static/library/js/components/BaseComponents.js:

(ApplyNewChildren):

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(Timeline.CanvasSeriesComponent):

10:37 AM Changeset in webkit [248304] by pvollan@apple.com

7 edits in trunk/Source

[Win] Fix AppleWin build
https://bugs.webkit.org/show_bug.cgi?id=200455

Reviewed by Alex Christensen.

CMakeLists.txt:

Source/JavaScriptCore:

shell/CMakeLists.txt:

Source/WebKitLegacy:

PlatformWin.cmake:
WebKitLegacy.vcxproj/WebKitLegacy.proj:

10:37 AM Changeset in webkit [248303] by sbarati@apple.com

16 edits
2 copies in trunk/Source/WebCore

[WHLSL] Reduce the number of variables that make it into the global struct by skipping stdlib functions and internal uses of MakePointerExpression/MakeArrayReference
https://bugs.webkit.org/show_bug.cgi?id=200463

Reviewed by Myles C. Maxfield.

This patch makes it so that we put fewer variables in the global struct.
This decreases end-to-end running time in compute_boids by 30% (with p = 0.0001).

We achieve this in two ways:

We track if each function is user code or "standard library" code. We also

count native functions as the standard library. We know a priori that the
standard library never escapes any variables. So the preserve variable
lifetimes phase skips analyzing all standard library functions and also
skips passing the global struct to any standard library functions.

We internally emit MakePointerExpression/MakeArrayReferenceExpression nodes in

the compiler in various phases. We sometimes emit these nodes in such a way
that we know that this address-of expression does not cause the variable to
escape. We now mark each address-of expressions as either:

Conservatively escaping. We conservatively do this for all user code.
Not escaping. This means that this address-of operation definitely does

not escape the variable. If a variable never has an escaping use, we will
omit putting this variable in the struct.

Modules/webgpu/WHLSL/AST/WHLSLAddressEscapeMode.h: Added.
Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h:

(WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration):
(WebCore::WHLSL::AST::FunctionDeclaration::parsingMode const):

Modules/webgpu/WHLSL/AST/WHLSLMakeArrayReferenceExpression.h:

(WebCore::WHLSL::AST::MakeArrayReferenceExpression::MakeArrayReferenceExpression):
(WebCore::WHLSL::AST::MakeArrayReferenceExpression::mightEscape const):

Modules/webgpu/WHLSL/AST/WHLSLMakePointerExpression.h:

(WebCore::WHLSL::AST::MakePointerExpression::MakePointerExpression):
(WebCore::WHLSL::AST::MakePointerExpression::mightEscape const):

Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::resolveWithOperatorAnderIndexer):
(WebCore::WHLSL::resolveWithOperatorLength):
(WebCore::WHLSL::resolveWithReferenceComparator):

Modules/webgpu/WHLSL/WHLSLParser.cpp:

(WebCore::WHLSL::Parser::parse):
(WebCore::WHLSL::Parser::parseComputeFunctionDeclaration):
(WebCore::WHLSL::Parser::parseVertexOrFragmentFunctionDeclaration):
(WebCore::WHLSL::Parser::parseRegularFunctionDeclaration):
(WebCore::WHLSL::Parser::parseOperatorFunctionDeclaration):
(WebCore::WHLSL::Parser::parsePossiblePrefix):

Modules/webgpu/WHLSL/WHLSLParser.h:
Modules/webgpu/WHLSL/WHLSLParsingMode.h: Added.
Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

(WebCore::WHLSL::prepareShared):

Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:
Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp:

(WebCore::WHLSL::wrapAnderCallArgument):
(WebCore::WHLSL::modify):
(WebCore::WHLSL::PropertyResolver::visit):

Modules/webgpu/WHLSL/WHLSLStandardLibraryUtilities.cpp:

(WebCore::WHLSL::includeStandardLibrary):

Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp:

(WebCore::WHLSL::synthesizeArrayOperatorLength):

Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp:

(WebCore::WHLSL::synthesizeConstructors):

Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp:

(WebCore::WHLSL::synthesizeEnumerationFunctions):

Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp:

(WebCore::WHLSL::synthesizeStructureAccessors):

WebCore.xcodeproj/project.pbxproj:

10:34 AM Changeset in webkit [248302] by jer.noble@apple.com

7 edits
2 copies
1 add in trunk

Add test for behavior introduced in r248174
https://bugs.webkit.org/show_bug.cgi?id=200446

Reviewed by Eric Carlson.

Source/WebKit:

Add a new helper struct, FullscreenTouchSecheuristicParameters, and static getter,
iosParameters(), to allow the settings used by WKFullScreenViewController to be tested
in TestWebKitAPI. Make both of the Secheuristic classes privately exported as well.

UIProcess/ios/fullscreen/FullscreenTouchSecheuristic.cpp:

(WebKit::FullscreenTouchSecheuristic::scoreOfNextTouch):
(WebKit::FullscreenTouchSecheuristic::reset):
(WebKit::FullscreenTouchSecheuristic::distanceScore):
(WebKit::FullscreenTouchSecheuristic::attenuationFactor):

UIProcess/ios/fullscreen/FullscreenTouchSecheuristic.h:

(WebKit::FullscreenTouchSecheuristic::setParameters):
(WebKit::FullscreenTouchSecheuristic::requiredScore const):
(WebKit::FullscreenTouchSecheuristic::setRampUpSpeed):
(WebKit::FullscreenTouchSecheuristic::setRampDownSpeed):
(WebKit::FullscreenTouchSecheuristic::setXWeight):
(WebKit::FullscreenTouchSecheuristic::setYWeight):
(WebKit::FullscreenTouchSecheuristic::setGamma):
(WebKit::FullscreenTouchSecheuristic::setGammaCutoff):

UIProcess/ios/fullscreen/FullscreenTouchSecheuristicParameters.cpp: Copied from Source/WebKit/UIProcess/ios/fullscreen/FullscreenTouchSecheuristic.h.

(WebKit::FullscreenTouchSecheuristicParameters::iosParameters):

UIProcess/ios/fullscreen/FullscreenTouchSecheuristicParameters.h: Copied from Source/WebKit/UIProcess/ios/fullscreen/FullscreenTouchSecheuristic.h.
UIProcess/ios/fullscreen/WKFullScreenViewController.mm:

(-[WKFullScreenViewController initWithWebView:]):
(-[WKFullScreenViewController _touchDetected:]):

WebKit.xcodeproj/project.pbxproj:

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/ios/FullscreenTouchSecheuristicTests.cpp: Added.

(WebKit::configureSecheuristic):
(WebKit::TEST):

10:05 AM Changeset in webkit [248301] by jer.noble@apple.com

12 edits
2 adds in trunk

Adopt -expectMinimumUpcomingSampleBufferPresentationTime:
https://bugs.webkit.org/show_bug.cgi?id=200457
<rdar://problem/53961130>

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/media-source/media-source-minimumupcomingpresentationtime.html

Adopt a new API vended by AVSampleBufferDisplayLayer, piped from SourceBuffer down
through SourceBufferPrivate to SourceBufferPrivateAVFObjC. This value should be
reset and updated when new samples are appended.

Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
(WebCore::SourceBuffer::provideMediaData):
(WebCore::SourceBuffer::updateMinimumUpcomingPresentationTime):
(WebCore::SourceBuffer::resetMinimumUpcomingPresentationTime):
(WebCore::SourceBuffer::minimumUpcomingPresentationTimeForTrackID):
(WebCore::SourceBuffer::setMaximumQueueDepthForTrackID):

Modules/mediasource/SourceBuffer.h:
platform/graphics/SourceBufferPrivate.h:

(WebCore::SourceBufferPrivate::canSetMinimumUpcomingPresentationTime const):
(WebCore::SourceBufferPrivate::setMinimumUpcomingPresentationTime):
(WebCore::SourceBufferPrivate::clearMinimumUpcomingPresentationTime):
(WebCore::SourceBufferPrivate::enqueuedSamplesForTrackID):
(WebCore::SourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID):
(WebCore::SourceBufferPrivate::setMaximumQueueDepthForTrackID):

platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::canSetMinimumUpcomingPresentationTime const):
(WebCore::SourceBufferPrivateAVFObjC::setMinimumUpcomingPresentationTime):
(WebCore::SourceBufferPrivateAVFObjC::clearMinimumUpcomingPresentationTime):

platform/mock/mediasource/MockSourceBufferPrivate.cpp:

(WebCore::MockSourceBufferPrivate::minimumUpcomingPresentationTimeForTrackID):
(WebCore::MockSourceBufferPrivate::setMaximumQueueDepthForTrackID):
(WebCore::MockSourceBufferPrivate::canSetMinimumUpcomingPresentationTime const):
(WebCore::MockSourceBufferPrivate::setMinimumUpcomingPresentationTime):
(WebCore::MockSourceBufferPrivate::clearMinimumUpcomingPresentationTime):

platform/mock/mediasource/MockSourceBufferPrivate.h:
testing/Internals.cpp:

(WebCore::Internals::minimumUpcomingPresentationTimeForTrackID):
(WebCore::Internals::setMaximumQueueDepthForTrackID):

testing/Internals.h:
testing/Internals.idl:

LayoutTests:

media/media-source/media-source-minimumupcomingpresentationtime-expected.txt: Added.
media/media-source/media-source-minimumupcomingpresentationtime.html: Added.

9:30 AM Changeset in webkit [248300] by russell_e@apple.com

2 edits in trunk/LayoutTests

[iPad] editing/selection/character-granularity-rect.html is now passing.
<rdar://53468934>

Unreviewed Test Gardening.

platform/ipad/TestExpectations: Removed expectation for passing test, editing/selection/character-granularity-rect.html

9:26 AM Changeset in webkit [248299] by Kocsen Chung

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247838. rdar://problem/53973599

WebKit/UIProcess/ios/WKContentViewInteraction.mm: error: implementing deprecated method contextMenuInteractionWillPresent
https://bugs.webkit.org/show_bug.cgi?id=200136
<rdar://problem/53547698>

Reviewed by Wenson Hsieh.

Ignore deprecation warnings for these UIContextMenuInteraction delegates.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView contextMenuInteractionWillPresent:]): (-[WKContentView contextMenuInteraction:willCommitWithAnimator:]): (-[WKContentView contextMenuInteractionDidEnd:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9:26 AM Changeset in webkit [248298] by Kocsen Chung

30 edits in branches/safari-608.1-branch/Source

Cherry-pick r247837. rdar://problem/53973599

Add helper for ignoring deprecated implementation warnings
https://bugs.webkit.org/show_bug.cgi?id=200135

Reviewed by Wenson Hsieh.

Add ALLOW_DEPRECATED_IMPLEMENTATIONS_BEGIN/END macro which
is IGNORE_WARNINGS_BEGIN("deprecated-implementations")

Source/WebCore:

accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]): (-[WebAccessibilityObjectWrapper accessibilityIsAttributeSettable:]): (-[WebAccessibilityObjectWrapper accessibilityPerformAction:]): (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper accessibilityActionDescription:]): (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]): (-[WebAccessibilityObjectWrapper IGNORE_WARNINGS_END]): Deleted.
platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]): (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveAuthenticationChallenge:]): (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):

Source/WebKit:

UIProcess/API/Cocoa/LegacyBundleForClass.mm:
UIProcess/API/Cocoa/WKBrowsingContextController.mm: (IGNORE_WARNINGS_BEGIN): Deleted.
UIProcess/API/Cocoa/WKBrowsingContextGroup.mm: (IGNORE_WARNINGS_BEGIN): Deleted.
UIProcess/API/Cocoa/WKConnection.mm: (IGNORE_WARNINGS_BEGIN): Deleted.
UIProcess/API/Cocoa/WKPreviewElementInfo.mm:
UIProcess/API/Cocoa/WKProcessGroup.mm: (IGNORE_WARNINGS_BEGIN): Deleted.
UIProcess/API/Cocoa/WKTypeRefWrapper.mm:
UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKWebView draggedImage:endedAt:operation:]): (-[WKWebView accessibilityAttributeValue:]): (-[WKWebView accessibilityAttributeValue:forParameter:]): (-[WKWebView namesOfPromisedFilesDroppedAtDestination:]): (-[WKWebView IGNORE_WARNINGS_END]): Deleted.
UIProcess/API/Cocoa/WKWebViewConfiguration.mm: (-[WKWebViewConfiguration ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKWebViewConfiguration _setWebsiteDataStore:]): (-[WKWebViewConfiguration IGNORE_WARNINGS_END]): Deleted.
UIProcess/API/Cocoa/_WKWebsiteDataStore.mm:
UIProcess/API/mac/WKView.mm: (-[WKView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKView draggedImage:endedAt:operation:]): (-[WKView accessibilityAttributeValue:]): (-[WKView accessibilityAttributeValue:forParameter:]): (-[WKView namesOfPromisedFilesDroppedAtDestination:]): (-[WKView IGNORE_WARNINGS_END]): Deleted.
UIProcess/WKImagePreviewViewController.mm: (-[WKImagePreviewViewController ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKImagePreviewViewController IGNORE_WARNINGS_END]): Deleted.
UIProcess/ios/forms/WKAirPlayRoutePicker.mm: (-[WKAirPlayRoutePicker popoverControllerDidDismissPopover:]):
UIProcess/ios/forms/WKFileUploadPanel.mm: (-[WKFileUploadPanel popoverControllerDidDismissPopover:]):
UIProcess/ios/forms/WKFormPopover.mm: (-[WKRotatingPopover popoverControllerDidDismissPopover:]):
WebProcess/Plugins/PDF/PDFPlugin.mm: (-[WKPDFPluginAccessibilityObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:]): (-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:forParameter:]): (-[WKPDFPluginAccessibilityObject accessibilityPerformAction:]): (-[WKPDFPluginAccessibilityObject accessibilityIsAttributeSettable:]): (-[WKPDFPluginAccessibilityObject accessibilitySetValue:forAttribute:]): (-[WKPDFPluginAccessibilityObject IGNORE_WARNINGS_END]): Deleted.
WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm: (-[WKAccessibilityWebPageObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WKAccessibilityWebPageObject accessibilityIsAttributeSettable:]): (-[WKAccessibilityWebPageObject accessibilitySetValue:forAttribute:]): (-[WKAccessibilityWebPageObject accessibilityAttributeValue:]): (-[WKAccessibilityWebPageObject accessibilityAttributeValue:forParameter:]): (-[WKAccessibilityWebPageObject IGNORE_WARNINGS_END]): Deleted.

Source/WebKitLegacy/mac:

Misc/WebDownload.mm: (-[WebDownload initWithRequest:delegate:]):
Misc/WebIconDatabase.mm:
Plugins/WebBaseNetscapePluginView.mm: (-[WebBaseNetscapePluginView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebBaseNetscapePluginView IGNORE_WARNINGS_END]): Deleted.
WebView/WebDynamicScrollBarsView.mm: (-[WebDynamicScrollBarsView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebDynamicScrollBarsView IGNORE_WARNINGS_END]): Deleted.
WebView/WebHTMLView.mm: (-[WebHTMLView draggingSourceOperationMaskForLocal:]): (-[WebHTMLView draggedImage:endedAt:operation:]): (-[WebHTMLView namesOfPromisedFilesDroppedAtDestination:]): (-[WebHTMLView accessibilityAttributeValue:]): (-[WebHTMLView ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (-[WebHTMLView characterIndexForPoint:]): (-[WebHTMLView firstRectForCharacterRange:]): (-[WebHTMLView attributedSubstringFromRange:]): (-[WebHTMLView setMarkedText:selectedRange:]): (-[WebHTMLView doCommandBySelector:]): (-[WebHTMLView insertText:]): (-[WebHTMLView IGNORE_WARNINGS_END]): Deleted.

Source/WTF:

wtf/Compiler.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247837 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9:18 AM Changeset in webkit [248297] by Antti Koivisto

5 edits in trunk/Source/WebCore

Add release assert against InvalidationRuleSet mutation during invalidation
https://bugs.webkit.org/show_bug.cgi?id=200467

Reviewed by Chris Dumez.

Try to get a more informative stack for rdar://problem/53413013

css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::~DocumentRuleSets):
(WebCore::DocumentRuleSets::collectFeatures const):

css/DocumentRuleSets.h:
style/AttributeChangeInvalidation.cpp:

(WebCore::Style::AttributeChangeInvalidation::invalidateStyleWithRuleSets):

style/ClassChangeInvalidation.cpp:

(WebCore::Style::ClassChangeInvalidation::invalidateStyleWithRuleSets):

9:08 AM Changeset in webkit [248296] by Kocsen Chung

7 edits in branches/safari-608.1-branch/Source

Versioning.

8:37 AM Changeset in webkit [248295] by Antti Koivisto

2 edits in trunk/Source/WebCore

REGRESSION: Cannot tap on any buttons on m.naver.com home screen on iPad
https://bugs.webkit.org/show_bug.cgi?id=200466

Reviewed by Zalan Bujtas.

The page calls preventDefault() for a mouse event generated by a site specific quirk.

page/Quirks.cpp:

(WebCore::Quirks::shouldDispatchSimulatedMouseEvents const):

Disable the quirk for the "m." subdomain. This is a mobile site that don't need or expect them.

8:01 AM Changeset in webkit [248294] by Claudio Saavedra

2 edits in trunk/Source/WTF

FileSystem: silent build warning

Unreviewed compilation warning fix.

Remove unused parameter in empty method

wtf/FileSystem.cpp:

(WTF::FileSystemImpl::createTemporaryZipArchive):

7:59 AM Changeset in webkit [248293] by Claudio Saavedra

2 edits in trunk/Source/WebKit

[GLIB] Fix documentation typo

Unreviewed.

UIProcess/API/glib/WebKitWebsiteDataManager.cpp:

7:49 AM Changeset in webkit [248292] by Wenson Hsieh

4 edits
6 adds in trunk

[iPadOS] Unable to increase zoom level on Google using the Aa menu
https://bugs.webkit.org/show_bug.cgi?id=200453
<rdar://problem/52278579>

Reviewed by Tim Horton.

Source/WebCore:

Makes a couple of minor adjustments to how layout size scale factor is handled in ViewportConfiguration, to
address some scenarios in which adjusting WKWebView's _viewScale does not have any apparent effect on the page.
See changes below for more detail.

Tests: fast/viewport/ios/non-responsive-viewport-after-changing-view-scale.html

fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale.html

page/ViewportConfiguration.cpp:

(WebCore::ViewportConfiguration::initialScaleFromSize const):

When the page is either zoomed in or zoomed out using _viewScale, let the specified initial scale take
precedence over the scale computed by fitting the content width to the view width, or the scale computed by
fitting the content height to the view height.

This avoids a scenario in which nothing happens when increasing view scale in a responsively designed web page
that has a fixed minimum width. Before this change, when computing the initial scale at a view scale that would
not allow the entire content width of the page to fit within the viewport, the new initial scale would remain
unchanged if the initial scale in the meta viewport is not also set to 1, because a new initial scale would be
computed in ViewportConfiguration::initialScaleFromSize to accomodate for the entire content width.

Our new behavior allows us to zoom into the page, even if doing so would cause horizontal scrolling.

(WebCore::ViewportConfiguration::updateConfiguration):

When the page is either zoomed in or zoomed out using _viewScale and the default viewport configuration has a
fixed width (e.g. on iPhone), then adjust the width of the default viewport configuration to account for the
_viewScale. For example, the default width of a viewport-less web page is 980px on iPhone; at a view scale of 2,
this would become 490px instead, and at 0.5 view scale, it would become 1960px.

This ensures that on iPhone, for web pages without a meta viewport, changing the view scale still changes the
layout and initial scale of the web page.

page/ViewportConfiguration.h:

(WebCore::ViewportConfiguration::layoutSizeIsExplicitlyScaled const):

LayoutTests:

Adds a couple of layout tests (with device-specific expectations) to verify that the two scenarios targeted by
this change are fixed.

fast/viewport/ios/non-responsive-viewport-after-changing-view-scale-expected.txt: Added.
fast/viewport/ios/non-responsive-viewport-after-changing-view-scale.html: Added.

Verifies that, for a page with no viewport meta tag (where we fall back to a fixed 980px viewport on iPhone),
changing view scale still changes page scale and window size.

fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale-expected.txt: Added.
fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale.html: Added.

Verifies that, for a page with a responsive meta viewport tag containing a fixed-width element that forces a
minimum width for the page, setting the view scale such that the page scrolls horizontally (2.5) doesn't result
in the initial scale being adjusted back to the maximum scale that would accomodate the full contents of the
page (2).

platform/ipad/fast/viewport/ios/non-responsive-viewport-after-changing-view-scale-expected.txt: Added.
platform/ipad/fast/viewport/ios/responsive-viewport-with-minimum-width-after-changing-view-scale-expected.txt: Added.

Aug 5, 2019:

11:47 PM Changeset in webkit [248291] by Fujii Hironori

5 edits in trunk

Source/WebKit:
[Win][MiniBrowser][WK2] Unhandled key events should be bubbled up to the parent window
https://bugs.webkit.org/show_bug.cgi?id=200464

Reviewed by Ross Kirsling.

UIProcess/API/C/WKNativeEvent.h: Define WKNativeEventPtr for WIN32.

Tools:
[MiniBrowser][WK2] Unhandled key events should be bubbled up to the parent window
https://bugs.webkit.org/show_bug.cgi?id=200464

Reviewed by Ross Kirsling.

When WK2 WebView is focused, short cut keys (e.g. Alt-F to open File
menu, Alt-F4 to close window, and etc) don't work.

WK1 WebView doesn't have this issue because it processes key events
properly.

MiniBrowser/win/WebKitBrowserWindow.cpp:

(WebKitBrowserWindow::WebKitBrowserWindow):
(WebKitBrowserWindow::didNotHandleKeyEvent): Added. Send the
unhandled key events to the main window.

MiniBrowser/win/WebKitBrowserWindow.h:

10:20 PM Changeset in webkit [248290] by Alan Bujtas

13 edits in trunk/Source/WebCore

[LFC] Remove out-of-flow descendants from Container
https://bugs.webkit.org/show_bug.cgi?id=200430
<rdar://problem/53923980>

Reviewed by Antti Koivisto.

The out-of-flow descendant list is the last "formatting context type" bit in the layout tree.
Let's cached them in the FormattingStates instead for now.

layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):

layout/FormattingContext.h:
layout/FormattingState.h:

(WebCore::Layout::FormattingState::addOutOfFlowBox):
(WebCore::Layout::FormattingState::outOfFlowBoxes const):

layout/LayoutState.cpp:

(WebCore::Layout::LayoutState::layoutFormattingContextSubtree):
(WebCore::Layout::LayoutState::createFormattingStateForFormattingRootIfNeeded):
(WebCore::Layout::LayoutState::run):

layout/LayoutState.h:
layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot const):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layoutFormattingContextRoot const):

layout/layouttree/LayoutBox.h:
layout/layouttree/LayoutContainer.cpp:

(WebCore::Layout::Container::addOutOfFlowDescendant): Deleted.

layout/layouttree/LayoutContainer.h:
layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutTree):

page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

10:04 PM Changeset in webkit [248289] by Devin Rousso

18 edits
1 move in trunk

Web Inspector: Styles: show @supports CSS groupings
https://bugs.webkit.org/show_bug.cgi?id=200419

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

inspector/protocol/CSS.json:

Rename CSSMedia to Grouping and remove the sourceLine value, as it was never populated
and wasn't used by Web Inspector.

Source/WebCore:

Test: inspector/css/getMatchedStylesForNode.html

inspector/InspectorStyleSheet.cpp:

(WebCore::buildArrayForGroupings): Added.
(WebCore::InspectorStyleSheet::buildObjectForRule):
(WebCore::buildMediaObject): Deleted.
(WebCore::fillMediaListChain): Deleted.

css/MediaList.h:
css/MediaList.cpp:

(WebCore::MediaQuerySet::MediaQuerySet):
Remove the lastLine as it was never set by anyone and wasn't used by Web Inspector.

Source/WebInspectorUI:

UserInterface/Models/CSSGrouping.js: Renamed from Source/WebInspectorUI/UserInterface/Models/CSSMedia.js.

(WI.CSSGrouping):
(WI.CSSGrouping.prototype.get type):
(WI.CSSGrouping.prototype.get text):
(WI.CSSGrouping.prototype.get sourceCodeLocation):
(WI.CSSGrouping.prototype.get isMedia): Added.
(WI.CSSGrouping.prototype.get isSupports): Added.
(WI.CSSGrouping.prototype.get prefix): Added.

UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.get groupings): Added.
(WI.CSSStyleDeclaration.prototype.generateCSSRuleString):
(WI.CSSStyleDeclaration.prototype.get mediaList): Deleted.

UserInterface/Models/CSSRule.js:

(WI.CSSRule):
(WI.CSSRule.prototype.get groupings): Added.
(WI.CSSRule.prototype.update):
(WI.CSSRule.prototype._selectorResolved):
(WI.CSSRule.prototype.get mediaList): Deleted.

UserInterface/Models/DOMNodeStyles.js:

(WI.DOMNodeStyles.prototype._parseRulePayload):
(WI.DOMNodeStyles.prototype.rulesForSelector): Deleted.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype.initialLayout):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._handleEditorFilterApplied):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._createMediaHeader): Deleted.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.css:

(.spreadsheet-css-declaration :matches(.header, .header-groupings)): Added.
(.spreadsheet-css-declaration :matches(.header, .header-groupings):first-child): Added.
(.spreadsheet-css-declaration .header-groupings > .grouping): Added.
(.spreadsheet-css-declaration .header-groupings + .header > .selector > .icon): Added.
(.spreadsheet-css-declaration :matches(.header, .header-media)): Deleted.
(.spreadsheet-css-declaration :matches(.header, .header-media):first-child): Deleted.
(.spreadsheet-css-declaration .media-label): Deleted.

UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.protocolGroupingTypeToEnum): Added.
(WI.CSSManager.protocolMediaSourceToEnum): Deleted.

UserInterface/Main.html:
UserInterface/Test.html:

LayoutTests:

inspector/css/getMatchedStylesForNode.html:
inspector/css/getMatchedStylesForNode-expected.txt:

8:45 PM Changeset in webkit [248288] by youenn@apple.com

6 edits in trunk/Source

Make Logger::log thread safe so that it can be used from background threads
https://bugs.webkit.org/show_bug.cgi?id=200448

Reviewed by Eric Carlson.

Source/WebCore:

No change of behavior.

dom/Document.cpp:

(WebCore::crossThreadCopy):
(WebCore::Document::didLogMessage):
Make sure to hop to the main thread if needed.

platform/mediastream/mac/RealtimeIncomingAudioSourceCocoa.cpp:

(WebCore::RealtimeIncomingAudioSourceCocoa::OnData):
Remove hopping to the main thread.

platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

(WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame):
Remove hopping to the main thread.

Source/WTF:

Add a lock to ensure calling log is thread-safe.

wtf/Logger.h:

(WTF::Logger::addObserver):
(WTF::Logger::removeObserver):
(WTF::Logger::log):
(WTF::Logger::observerLock):

8:37 PM Changeset in webkit [248287] by Devin Rousso

34 edits
2 adds in trunk

Can't use $0, $1 etc when inspecting Google Docs pages because the content uses these for function names
https://bugs.webkit.org/show_bug.cgi?id=195834

Reviewed by Joseph Pecoraro.

Allow the user to alias saved results by providing a different prefix (e.g. "$") from within
Web Inspector. When changing the alias, all existing saved results will update to be
reference-able from the new alias.

Source/JavaScriptCore:

inspector/protocol/Runtime.json:

Add setSavedResultAlias command.

inspector/agents/InspectorRuntimeAgent.h:
inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::setSavedResultAlias): Added.

inspector/InjectedScriptHost.h:

(Inspector::InjectedScriptHost::setSavedResultAlias): Added.
(Inspector::InjectedScriptHost::savedResultAlias const): Added.

inspector/JSInjectedScriptHost.h:
inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::savedResultAlias const): Added.

inspector/JSInjectedScriptHostPrototype.cpp:

(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeAttributeSavedResultAlias): Added.
Store the saved result alias on the InjectedScriptHost since it is a shared object among
all InjectedScript.

inspector/InjectedScriptSource.js:

(BasicCommandLineAPI):

Source/WebCore:

Test: inspector/runtime/setSavedResultAlias.html

inspector/CommandLineAPIModuleSource.js:

(CommandLineAPI):

Source/WebInspectorUI:

UserInterface/Controllers/RuntimeManager.js:

(WI.RuntimeManager):
(WI.RuntimeManager.preferredSavedResultPrefix): Added.
(WI.RuntimeManager.prototype.initializeTarget):

UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

UserInterface/Base/Setting.js:
UserInterface/Base/Main.js:

(WI.contentLoaded):
(WI.contentLoaded.updateConsoleSavedResultPrefixCSSVariable): Added.

UserInterface/Views/ConsoleMessageView.js:

(WI.ConsoleMessageView.prototype.toClipboardString):
(WI.ConsoleMessageView.prototype.removeEventListeners): Added.
(WI.ConsoleMessageView.prototype._appendSavedResultIndex):
(WI.ConsoleMessageView.prototype._appendSavedResultIndex.updateSavedVariableText): Added.
(WI.ConsoleMessageView.prototype._rootPropertyPathForObject):
(WI.ConsoleMessageView.prototype._rootPropertyPathForObject.prefixSavedResultIndex): Added.

UserInterface/Views/LogContentView.js:

(WI.LogContentView.prototype._sessionStarted):
(WI.LogContentView.prototype._logCleared):

UserInterface/Views/DOMTreeOutline.css:

(.tree-outline.dom.show-last-selected li.last-selected > span::after):

UserInterface/Views/QuickConsole.js:

(WI.QuickConsole):
(WI.QuickConsole.prototype.closed):
(WI.QuickConsole.prototype._updateAutomaticExecutionContextPathComponentTooltip): Added.
Listen for changes to the setting that holds the current saved result alias and update any
related UI accordingly.

UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createConsoleSettingsView):

UserInterface/Views/SettingsTabContentView.css:

(.content-view.settings > .settings-view > .container > .editor-group > .editor input[type="text"]): Added.

UserInterface/Views/SettingsGroup.js:

(WI.SettingsGroup.prototype.addCustomEditor): Added.
Add an input to the Settings tab that controls the saved result prefix alias. Only allow
[a-zA-Z0-9_$] as values (but [0-9] cannot be used as the start).

UserInterface/Models/PropertyPath.js:

(WI.PropertyPath.prototype.set pathComponent): Added.
Miscellaneous getters/setters.

Localizations/en.lproj/localizedStrings.js:

UserInterface/Test/TestHarness.js:

(TestHarness.prototype.newline): Added.
Convenience function for adding newlines to test results.

LayoutTests:

inspector/runtime/setSavedResultAlias.html: Added.
inspector/runtime/setSavedResultAlias-expected.txt: Added.
http/tests/inspector/dom/cross-domain-inspected-node-access-expected.txt:
inspector/console/command-line-api-expected.txt:
inspector/console/command-line-api-exception.html:
inspector/console/command-line-api-exception-expected.txt:
inspector/console/command-line-api-exception-nested-catch.html:
inspector/console/command-line-api-exception-nested-catch-expected.txt:

7:21 PM Changeset in webkit [248286] by Devin Rousso

27 edits in trunk

Web Inspector: Timelines: disable related agents when the tab is closed
https://bugs.webkit.org/show_bug.cgi?id=200118

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

inspector/protocol/Timeline.json:

Add enable/disable commands.

inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::enable):
(Inspector::InspectorHeapAgent::disable):

Source/WebCore:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

inspector/agents/InspectorTimelineAgent.h:
inspector/agents/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend):
(WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorTimelineAgent::enable):
(WebCore::InspectorTimelineAgent::disable):
(WebCore::InspectorTimelineAgent::start):
(WebCore::InspectorTimelineAgent::stop):
(WebCore::InspectorTimelineAgent::internalStart):
(WebCore::InspectorTimelineAgent::internalStop):
(WebCore::InspectorTimelineAgent::startFromConsole):
(WebCore::InspectorTimelineAgent::stopFromConsole):
(WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
(WebCore::InspectorTimelineAgent::startProgrammaticCapture):
(WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
Rename m_enabled* to m_tracking* to match other timeline-related agents.

inspector/agents/InspectorMemoryAgent.h:
inspector/agents/InspectorMemoryAgent.cpp:

(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):

inspector/InstrumentingAgents.h:

(WebCore::InstrumentingAgents::trackingInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::setTrackingInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::persistentInspectorTimelineAgent): Added.
(WebCore::InstrumentingAgents::setPersistentInspectorTimelineAgent): Added.

inspector/InstrumentingAgents.cpp:

(WebCore::InstrumentingAgents::reset):

inspector/InspectorInstrumentation.h:
inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didInstallTimerImpl):
(WebCore::InspectorInstrumentation::didRemoveTimerImpl):
(WebCore::InspectorInstrumentation::willCallFunctionImpl):
(WebCore::InspectorInstrumentation::willDispatchEventImpl):
(WebCore::InspectorInstrumentation::willDispatchEventOnWindowImpl):
(WebCore::InspectorInstrumentation::willEvaluateScriptImpl):
(WebCore::InspectorInstrumentation::willFireTimerImpl):
(WebCore::InspectorInstrumentation::didInvalidateLayoutImpl):
(WebCore::InspectorInstrumentation::willLayoutImpl):
(WebCore::InspectorInstrumentation::willCompositeImpl):
(WebCore::InspectorInstrumentation::didCompositeImpl):
(WebCore::InspectorInstrumentation::willPaintImpl):
(WebCore::InspectorInstrumentation::didPaintImpl):
(WebCore::InspectorInstrumentation::willRecalculateStyleImpl):
(WebCore::InspectorInstrumentation::didScheduleStyleRecalculationImpl):
(WebCore::InspectorInstrumentation::didCommitLoadImpl):
(WebCore::InspectorInstrumentation::frameStartedLoadingImpl):
(WebCore::InspectorInstrumentation::startConsoleTimingImpl):
(WebCore::InspectorInstrumentation::stopConsoleTimingImpl):
(WebCore::InspectorInstrumentation::consoleTimeStampImpl):
(WebCore::InspectorInstrumentation::startProfilingImpl):
(WebCore::InspectorInstrumentation::stopProfilingImpl):
(WebCore::InspectorInstrumentation::timelineAgentTracking): Added.
(WebCore::InspectorInstrumentation::didRequestAnimationFrameImpl):
(WebCore::InspectorInstrumentation::didCancelAnimationFrameImpl):
(WebCore::InspectorInstrumentation::willFireAnimationFrameImpl):
(WebCore::InspectorInstrumentation::willFireObserverCallbackImpl):
(WebCore::InspectorInstrumentation::retrieveTimelineAgent):
(WebCore::InspectorInstrumentation::timelineAgentEnabled): Deleted.

bindings/js/JSExecStateInstrumentation.h:

(WebCore::JSExecState::instrumentFunctionInternal):
Rename for clarity/correctness:

inspectorTimelineAgent => trackingInspectorTimelineAgent
persistentInspectorTimelineAgent => inspectorTimelineAgent

Source/WebInspectorUI:

Rework how enable/disable is used for timeline-related agents so that events are not sent
and data isn't kept alive when the Timelines tab isn't enabled.

UserInterface/Controllers/TimelineManager.js:

(WI.TimelineManager):
(WI.TimelineManager.prototype.get domains): Added.
(WI.TimelineManager.prototype.activateExtraDomain): Added.
(WI.TimelineManager.prototype.initializeTarget):
(WI.TimelineManager.prototype.reset):
(WI.TimelineManager.prototype.set autoCaptureOnPageLoad):
(WI.TimelineManager.prototype.enable): Added.
(WI.TimelineManager.prototype.disable): Added.
(WI.TimelineManager.prototype.startCapturing):
(WI.TimelineManager.prototype.stopCapturing):
(WI.TimelineManager.prototype.async processJSON):
(WI.TimelineManager.prototype.capturingStarted):
(WI.TimelineManager.prototype.capturingStopped):
(WI.TimelineManager.prototype.autoCaptureStarted):
(WI.TimelineManager.prototype.eventRecorded):
(WI.TimelineManager.prototype.pageDOMContentLoadedEventFired):
(WI.TimelineManager.prototype.pageLoadEventFired):
(WI.TimelineManager.prototype.cpuProfilerTrackingUpdated):
(WI.TimelineManager.prototype.memoryTrackingUpdated):
(WI.TimelineManager.prototype.heapTrackingStarted):
(WI.TimelineManager.prototype.heapTrackingCompleted):
(WI.TimelineManager.prototype.heapSnapshotAdded):
(WI.TimelineManager.prototype._loadNewRecording):
(WI.TimelineManager.prototype._legacyAttemptStartAutoCapturingForFrame):
(WI.TimelineManager.prototype._provisionalLoadStarted):
(WI.TimelineManager.prototype._mainResourceDidChange):
(WI.TimelineManager.prototype._resourceWasAdded):
(WI.TimelineManager.prototype._garbageCollected):
(WI.TimelineManager.prototype._memoryPressure):
(WI.TimelineManager.prototype.scriptProfilerTrackingUpdated):
(WI.TimelineManager.prototype.scriptProfilerTrackingCompleted):
(WI.TimelineManager.prototype._updateAutoCaptureInstruments):
(WI.TimelineManager.prototype._handleDOMNodeDidFireEvent):
(WI.TimelineManager.prototype._handleDOMNodePowerEfficientPlaybackStateChanged):

UserInterface/Models/Instrument.js:

(WI.Instrument.startLegacyTimelineAgent):
(WI.Instrument.stopLegacyTimelineAgent):

UserInterface/Controllers/HeapManager.js:

(WI.HeapManager): Added.
(WI.HeapManager.prototype.get domains): Added.
(WI.HeapManager.prototype.activateExtraDomain): Added.
(WI.HeapManager.prototype.initializeTarget):
(WI.HeapManager.prototype.enable): Added.
(WI.HeapManager.prototype.disable): Added.
(WI.HeapManager.prototype.snapshot): Added.
(WI.HeapManager.prototype.getPreview): Added.
(WI.HeapManager.prototype.getRemoteObject): Added.
(WI.HeapManager.prototype.garbageCollected):

UserInterface/Controllers/MemoryManager.js:

(WI.MemoryManager): Added.
(WI.MemoryManager.prototype.get domains): Added.
(WI.MemoryManager.prototype.activateExtraDomain): Added.
(WI.MemoryManager.prototype.initializeTarget):
(WI.MemoryManager.prototype.enable): Added.
(WI.MemoryManager.prototype.disable): Added.
(WI.MemoryManager.prototype.memoryPressure):

UserInterface/Views/TimelineTabContentView.js:

(WI.TimelineTabContentView):
(WI.TimelineTabContentView.prototype.closed):

UserInterface/Models/HeapAllocationsInstrument.js:

(WI.HeapAllocationsInstrument):
(WI.HeapAllocationsInstrument.prototype._takeHeapSnapshot):

UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype._takeHeapSnapshotClicked):

UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WI.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode):
(WI.HeapSnapshotInstanceDataGridNode.prototype._populatePreview):
(WI.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPathRow):
Go through the HeapManager for HeapAgent commands so it can better manage state.

UserInterface/Test/Test.js:

(WI.contentLoaded):

LayoutTests:

inspector/timeline/line-column.html:
inspector/timeline/setInstruments-errors.html:
inspector/timeline/setInstruments-programmatic-capture.html:

7:07 PM Changeset in webkit [248285] by Fujii Hironori

4 edits in trunk

[Win] Specifying huge font-size causes crashing
https://bugs.webkit.org/show_bug.cgi?id=200340

Reviewed by Don Olmstead.

Source/WebCore:

Covered by existing tests.

platform/graphics/win/FontPlatformDataWin.cpp:

(WebCore::FontPlatformData::FontPlatformData): Use GetTextFace to
get font face names instead of GetOutlineTextMetrics which returns
null for huge size fonts.

LayoutTests:

platform/win/TestExpectations:

7:00 PM Changeset in webkit [248284] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: brotli-compressed resources have "Compressed: No" in Resources details sidebar
https://bugs.webkit.org/show_bug.cgi?id=200452

Reviewed by Joseph Pecoraro.

UserInterface/Models/Resource.js:

(WI.Resource.prototype.get compressed):
Add "br" - Brotli content encoding.

5:36 PM Changeset in webkit [248283] by youenn@apple.com

17 edits
4 deletes in trunk

LayoutTests/imported/w3c:
Response constructor doesn't throw on disturbed ReadableStream
https://bugs.webkit.org/show_bug.cgi?id=200130
<rdar://problem/53550351>

Reviewed by Alex Christensen.

Update test to use promise_rejects instead of assert_throws.

web-platform-tests/fetch/api/request/request-init-stream.any-expected.txt:
web-platform-tests/fetch/api/request/request-init-stream.any.js:

(async.assert_request):
(promise_test.async):

web-platform-tests/fetch/api/request/request-init-stream.any.worker-expected.txt:
web-platform-tests/fetch/api/response/response-from-stream.any-expected.txt:
web-platform-tests/fetch/api/response/response-from-stream.any.worker-expected.txt:

Source/WebCore:
Response constructor doesn't throw on disturbed ReadableStream
https://bugs.webkit.org/show_bug.cgi?id=200130
<rdar://problem/53550351>

Reviewed by Alex Christensen.

Make FetchBody::extract return an exception in error cases.
Update call sites accordingly.
Add the error case as per https://fetch.spec.whatwg.org/#concept-bodyinit-extract, ReadableStream handling.

Covered by updated and rebased tests.

Modules/beacon/NavigatorBeacon.cpp:

(WebCore::NavigatorBeacon::sendBeacon):

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract):

Modules/fetch/FetchBody.h:
Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::extractBody):

Modules/fetch/FetchBodyOwner.h:
Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::initializeWith):
(WebCore::FetchRequest::setBody):

Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::create):

Modules/streams/ReadableStreamInternals.js:

(readableStreamPipeTo): fix a case where the promise would be unhandled and would show up in
unhandledrejectionhandler.

LayoutTests:
Support RTCRtpSender.dtmf
https://bugs.webkit.org/show_bug.cgi?id=200431
<rdar://problem/53924833>

Reviewed by Alex Christensen.

Removed cache storage test which is no longer valid.
Removed WK1 expectation that is no longer needed.

http/wpt/cache-storage/cache-put-stream.https.any.html: Removed.
http/wpt/cache-storage/cache-put-stream.https.any.js: Removed.
http/wpt/cache-storage/cache-put-stream.https.any.worker.html: Removed.
platform/mac-wk1/imported/w3c/web-platform-tests/fetch/api/request/request-init-stream.any-expected.txt: Removed.
platform/mac-wk2/TestExpectations:

5:34 PM Changeset in webkit [248282] by youenn@apple.com

26 edits
2 copies
1 add
2 deletes in trunk

Support RTCRtpSender.dtmf
https://bugs.webkit.org/show_bug.cgi?id=200431

Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

web-platform-tests/webrtc/RTCDTMFSender-insertDTMF.https-expected.txt:
web-platform-tests/webrtc/RTCDTMFSender-ontonechange-long.https-expected.txt:
web-platform-tests/webrtc/RTCDTMFSender-ontonechange.https-expected.txt:

Source/WebCore:

Add a new backend interface to RTCDTMFSender and implementation of it using libwebrtc.
Update RTCDTMFSender to use that new backend and make RTCRtpSender return a RTCDTMFSender
conditionally on a newly added runtime flag.
Update RTCDTMFSender implementation based on https://w3c.github.io/webrtc-pc/#peer-to-peer-dtmf.

Covered by rebased tests.

Modules/mediastream/PeerConnectionBackend.cpp:

(WebCore::PeerConnectionBackend::context const):
(WebCore::PeerConnectionBackend::transceiverFromSender):

Modules/mediastream/PeerConnectionBackend.h:
Modules/mediastream/RTCDTMFSender.cpp:

(WebCore::RTCDTMFSender::RTCDTMFSender):
(WebCore::RTCDTMFSender::canInsertDTMF const):
(WebCore::RTCDTMFSender::toneBuffer const):
(WebCore::isToneCharacterInvalid):
(WebCore::RTCDTMFSender::insertDTMF):
(WebCore::RTCDTMFSender::playNextTone):
(WebCore::RTCDTMFSender::onTonePlayed):
(WebCore::RTCDTMFSender::toneTimerFired):
(WebCore::RTCDTMFSender::stop):
(WebCore::RTCDTMFSender::activeDOMObjectName const):
(WebCore::RTCDTMFSender::canSuspendForDocumentSuspension const):

Modules/mediastream/RTCDTMFSender.h:
Modules/mediastream/RTCDTMFSender.idl:
Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
Modules/mediastream/RTCDTMFToneChangeEvent.h:
Modules/mediastream/RTCDTMFToneChangeEvent.idl:
Modules/mediastream/RTCRtpSender.cpp:

(WebCore::RTCRtpSender::dtmf):
(WebCore::RTCRtpSender::currentTransceiverDirection const):

Modules/mediastream/RTCRtpSender.h:
Modules/mediastream/RTCRtpSender.idl:
Modules/mediastream/RTCRtpSenderBackend.h:
Modules/mediastream/libwebrtc/LibWebRTCRtpSenderBackend.cpp:

(WebCore::LibWebRTCRtpSenderBackend::createDTMFBackend):

Modules/mediastream/libwebrtc/LibWebRTCRtpSenderBackend.h:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
dom/EventNames.in:
dom/EventTargetFactory.in:
page/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::webRTCDTMFEnabled const):
(WebCore::RuntimeEnabledFeatures::setWebRTCDTMFEnabled):

platform/mediastream/RTCDTMFSenderBackend.h: Added.
platform/mediastream/RTCDTMFSenderHandler.h: Removed.
platform/mediastream/RTCDTMFSenderHandlerClient.h: Removed.
platform/mediastream/libwebrtc/LibWebRTCDTMFSenderBackend.cpp: Added.

(WebCore::toWTFString):
(WebCore::LibWebRTCDTMFSenderBackend::LibWebRTCDTMFSenderBackend):
(WebCore::LibWebRTCDTMFSenderBackend::~LibWebRTCDTMFSenderBackend):
(WebCore::LibWebRTCDTMFSenderBackend::canInsertDTMF):
(WebCore::LibWebRTCDTMFSenderBackend::playTone):
(WebCore::LibWebRTCDTMFSenderBackend::tones const):
(WebCore::LibWebRTCDTMFSenderBackend::duration const):
(WebCore::LibWebRTCDTMFSenderBackend::interToneGap const):
(WebCore::LibWebRTCDTMFSenderBackend::OnToneChange):
(WebCore::LibWebRTCDTMFSenderBackend::onTonePlayed):

platform/mediastream/libwebrtc/LibWebRTCDTMFSenderBackend.h: Added.

Source/WebKit:

Shared/WebPreferences.yaml:

5:31 PM Changeset in webkit [248281] by Simon Fraser

4 edits in trunk

iOS 13: Overflow:hidden on body prevents PDF scroll
https://bugs.webkit.org/show_bug.cgi?id=200435
rdar://problem/53942888

Reviewed by Tim Horton.
Source/WebKit:

When we navigate from an overflow:hidden HTML page to a custom view (like PDF), we need
to make sure that the scroll view is scrollable.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setHasCustomContentView:loadedMIMEType:]):

Tools:

When we navigate from an overflow:hidden HTML page to a custom view (like PDF), we need
to make sure that the scroll view is scrollable.

TestWebKitAPI/Tests/ios/ScrollViewScrollabilityTests.mm:

(TestWebKitAPI::TEST):

5:03 PM Changeset in webkit [248280] by sbarati@apple.com

4 edits in trunk/Source/WebCore

[WHLSL] Inline all native function calls
https://bugs.webkit.org/show_bug.cgi?id=200350

Reviewed by Robin Morisset.

Native functions calls tend to be really small. If we inline in the generated
Metal code, we end up with faster Metal compile times. On compute_boids, this
provides a ~10ms improvement.

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::sharedMetalFunctions):

Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::inlineNativeFunction):
(WebCore::WHLSL::Metal::writeNativeFunction): Deleted.

Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h:

4:40 PM Changeset in webkit [248279] by Devin Rousso

6 edits
2 adds in trunk

Web Inspector: Styles: variable swatch not shown for var() with a fallback
https://bugs.webkit.org/show_bug.cgi?id=200237

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

UserInterface/Views/SpreadsheetStyleProperty.js:

(WI.SpreadsheetStyleProperty.prototype._createInlineSwatch):
(WI.SpreadsheetStyleProperty.prototype._replaceSpecialTokens): Added.
(WI.SpreadsheetStyleProperty.prototype._addGradientTokens):
(WI.SpreadsheetStyleProperty.prototype._addColorTokens):
(WI.SpreadsheetStyleProperty.prototype._addTimingFunctionTokens):
(WI.SpreadsheetStyleProperty.prototype._addVariableTokens):
Check to see if there's a fallback value in the var() and tokenize it if there is. Mark
the property as invalid if the var() doesn't end up resolving to anything.

UserInterface/Views/InlineSwatch.js:

(WI.InlineSwatch):
(WI.InlineSwatch.prototype.get value):
(WI.InlineSwatch.prototype._updateSwatch):
(WI.InlineSwatch.prototype._handleContextMenuEvent):
(WI.InlineSwatch.prototype._getNextValidHEXFormat.hexMatchesCurrentColor):
(WI.InlineSwatch.prototype._getNextValidHEXFormat):
Allow the value to be a function. In that case, use the getter this.value instead of the
value this._value directly so that the function is invoked.
This is needed for variable swatches because the fallback value could change after the
swatch has been created (e.g. another swatch in a CSS property value that just modifies the
text, rather than re-renders the entire CSS property value).

UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.resolveVariableValue): Added.
Follow the variable chain until an ultimate value is reached.

UserInterface/Models/CSSKeywordCompletions.js:

(WI.CSSKeywordCompletions.isColorAwareProperty):
(WI.CSSKeywordCompletions.isTimingFunctionAwareProperty): Added.
Limit cubic-bezier and spring tokens to only be shown for timing function properties.

LayoutTests:

inspector/css/resolve-variable-value.html: Added.
inspector/css/resolve-variable-value-expected.txt: Added.

4:25 PM Changeset in webkit [248278] by youenn@apple.com

4 edits in trunk/Source/WebCore

RealtimeOutgoingAudioSource::pullAudioData is no longer needed
https://bugs.webkit.org/show_bug.cgi?id=200450

Reviewed by Geoffrey Garen.

No change of behavior, removing base class method declaration.

platform/mediastream/RealtimeOutgoingAudioSource.h:

(WebCore::RealtimeOutgoingAudioSource::pullAudioData): Deleted.

platform/mediastream/gstreamer/RealtimeOutgoingAudioSourceLibWebRTC.h:
platform/mediastream/mac/RealtimeOutgoingAudioSourceCocoa.h:

4:17 PM Changeset in webkit [248277] by sbarati@apple.com

4 edits in trunk/Source/WebCore

[WHLSL] Add compile time flag to dump metal compile times
https://bugs.webkit.org/show_bug.cgi?id=200447

Reviewed by Myles C. Maxfield.

Modules/webgpu/WHLSL/WHLSLPrepare.h:
platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:

(WebCore::trySetFunctions):

platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::trySetFunctions):

4:00 PM Changeset in webkit [248276] by Chris Dumez

23 edits
4 adds in trunk

navigator.geolocation wrapper should not become GC-collectable once its frame is detached
https://bugs.webkit.org/show_bug.cgi?id=200436

Reviewed by Darin Adler.

Source/WebCore:

navigator.geolocation wrapper should not become GC-collectable once its frame is detached, given
that it can outlive the frame. Instead, tie the navigator.geolocation wrapper's lifetime to its
Navigator's.

Test: fast/dom/navigator-property-gc-after-frame-detach.html

Modules/geolocation/Geolocation.cpp:

(WebCore::Geolocation::create):
(WebCore::Geolocation::Geolocation):
(WebCore::Geolocation::navigator):
(WebCore::Geolocation::frame const):

Modules/geolocation/Geolocation.h:
Modules/geolocation/Geolocation.idl:
Modules/geolocation/NavigatorGeolocation.cpp:

(WebCore::NavigatorGeolocation::NavigatorGeolocation):
(WebCore::NavigatorGeolocation::from):
(WebCore::NavigatorGeolocation::geolocation):
(WebCore::NavigatorGeolocation::geolocation const):

Modules/geolocation/NavigatorGeolocation.h:
bindings/js/JSNavigatorCustom.cpp:

(WebCore::JSNavigator::visitAdditionalChildren):

bindings/js/JSWorkerNavigatorCustom.cpp:

(WebCore::JSWorkerNavigator::visitAdditionalChildren):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/IDLAttributes.json:
page/Navigator.cpp:

(WebCore::Navigator::plugins):
(WebCore::Navigator::mimeTypes):

page/NavigatorBase.h:
plugins/DOMMimeTypeArray.cpp:

(WebCore::DOMMimeTypeArray::DOMMimeTypeArray):

plugins/DOMMimeTypeArray.h:
plugins/DOMMimeTypeArray.idl:
plugins/DOMPluginArray.cpp:

(WebCore::DOMPluginArray::DOMPluginArray):

plugins/DOMPluginArray.h:
plugins/DOMPluginArray.idl:
workers/service/ServiceWorkerContainer.h:
workers/service/ServiceWorkerContainer.idl:

LayoutTests:

Add layout test coverage.

fast/dom/navigator-property-gc-after-frame-detach-expected.txt: Added.
fast/dom/navigator-property-gc-after-frame-detach.html: Added.

3:52 PM Changeset in webkit [248275] by aestes@apple.com

10 edits in trunk/Source/WebCore

[WebIDL] Support partial dictionaries and conditional dictionary members
https://bugs.webkit.org/show_bug.cgi?id=200441

Reviewed by Alex Christensen.

Added new bindings tests.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateDictionaryImplementationContent):

bindings/scripts/IDLParser.pm:

(parsePartialDefinition):
(parsePartialInterface): Deleted.
(parsePartialDictionary): Deleted.

bindings/scripts/generate-bindings.pl:

(generateBindings):

bindings/scripts/preprocess-idls.pl:

(getPartialNamesFromIDL):
(getPartialInterfaceNameFromIDL): Deleted.

bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::convertDictionary<TestEventConstructor::Init>):

bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:

(WebCore::convertDictionary<DictionaryImplName>):
(WebCore::convertDictionaryToJS):

bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
bindings/scripts/test/TestStandaloneDictionary.idl:
bindings/scripts/test/TestSupplemental.idl:

3:44 PM Changeset in webkit [248274] by Devin Rousso

25 edits in trunk

Web Inspector: rename "Stylesheet" to "Style Sheet" to match spec text
https://bugs.webkit.org/show_bug.cgi?id=200422

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

inspector/protocol/Page.json:

Source/WebCore:

No observable change in functionality.

inspector/agents/InspectorPageAgent.h:
inspector/agents/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::resourceTypeJSON):
(WebCore::InspectorPageAgent::inspectorResourceType):

Source/WebInspectorUI:

Localizations/en.lproj/localizedStrings.js:

UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.prototype._resourceAdded):
(WI.CSSManager.prototype._resourceTypeDidChange):
(WI.CSSManager.prototype._clearStyleSheetsForResource):
(WI.CSSManager.prototype._updateResourceContent.fetchedStyleSheetContent):

UserInterface/Models/CSSStyleSheet.js:

(WI.CSSStyleSheet.prototype.get displayName):

UserInterface/Models/CollectionTypes.js:

(WI.CSSStyleSheetCollection.prototype.get displayName):

UserInterface/Models/Resource.js:

(WI.Resource.displayNameForType):
(WI.Resource.prototype.get syntheticMIMEType):

UserInterface/Models/ResourceCollection.js:

(WI.ResourceCollection.prototype.objectIsRequiredType):

UserInterface/Views/NetworkTableContentView.js:

(WI.NetworkTableContentView):
(WI.NetworkTableContentView.shortDisplayNameForResourceType):

UserInterface/Views/ResourceClusterContentView.js:

(WI.ResourceClusterContentView.prototype._contentViewForResourceType):

UserInterface/Views/ResourceSidebarPanel.js:

(WI.ResourceSidebarPanel.prototype.matchTreeElementAgainstCustomFilters.match):

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel.prototype.matchTreeElementAgainstCustomFilters.match):

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection.prototype._save):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._populateIconElementContextMenu):

UserInterface/Views/StyleOriginView.js:

(WI.StyleOriginView.prototype.update):

UserInterface/Views/TextResourceContentView.js:

(WI.TextResourceContentView.prototype._shouldBeEditable):

UserInterface/Views/CSSStyleSheetTreeElement.js:

(WI.CSSStyleSheetTreeElement):

UserInterface/Views/ResourceIcons.css:

(:matches(.resource-icon.resource-type-style-sheet, .style-sheet-icon) .icon): Added.
(.source-map-resource.resource-icon.resource-type-style-sheet .icon): Added.
(.large :matches(.resource-icon.resource-type-style-sheet, .style-sheet-icon) .icon): Added.
(.large .source-map-resource.resource-icon.resource-type-style-sheet .icon): Added.
(:matches(.resource-icon.resource-type-stylesheet, .stylesheet-icon) .icon): Deleted.
(.source-map-resource.resource-icon.resource-type-stylesheet .icon): Deleted.
(.large :matches(.resource-icon.resource-type-stylesheet, .stylesheet-icon) .icon): Deleted.
(.large .source-map-resource.resource-icon.resource-type-stylesheet .icon): Deleted.

LayoutTests:

inspector/unit-tests/resource-collection.html:
http/tests/inspector/network/resource-mime-type.html:
http/tests/inspector/network/resource-mime-type-expected.txt:

2:33 PM Changeset in webkit [248273] by wilander@apple.com

7 edits
2 moves in trunk

Resource Load Statistics: Re-introduce latch mode for subresource cookie blocking
https://bugs.webkit.org/show_bug.cgi?id=200395
<rdar://problem/53869611>

Reviewed by Darin Adler.

Back when we had a relaxation of cookie blocking 24 hours after first-party user
interaction, we made sure cookie blocking could be turned on and off in subresource
redirect chains. The 24 hour window is now long gone. This patch simplifies the
cookie blocking so that once a subresource request is denied cookies, any
subsequent redirect of that request will also be denied cookies, regardless of the
classification status of the domains involved. I call it latch mode.

Source/WebKit:

NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::blockCookies):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::applyCookieBlockingPolicy): Deleted.

LayoutTests:

http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect-expected.txt: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect-expected.txt.
http/tests/resourceLoadStatistics/do-not-remove-blocking-in-redirect.html: Renamed from LayoutTests/http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html.

Changed to expect no removal of blocking in the redirect and renamed accordingly.

platform/ios/TestExpectations:

Renamed.

platform/mac-wk2/TestExpectations:

Renamed.

platform/wk2/TestExpectations:

Renamed.

2:24 PM Changeset in webkit [248272] by aakash_jain@apple.com

2 edits in trunk/Tools

New EWS:mac-wk2 status-bubble shows waiting to run tests for all recent bugs
https://bugs.webkit.org/show_bug.cgi?id=200400

Reviewed by Jonathan Bedard.

BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble._build_bubble):
(StatusBubble._queue_position):

1:02 PM Changeset in webkit [248271] by msaboff@apple.com

3 edits
1 add in trunk

JSC: assertion failure in SpeculativeJIT::compileGetByValOnIntTypedArray
https://bugs.webkit.org/show_bug.cgi?id=199997

Reviewed by Saam Barati.

JSTests:

New test.

stress/typedarray-no-alreadyChecked-assert.js: Added.

(checkIntArray):
(checkFloatArray):

Source/JavaScriptCore:

No need to ASSERT(node->arrayMode().alreadyChecked(...)) in SpeculativeJIT::compileGetByValOnIntTypedArray()
and compileGetByValOnFloatTypedArray() as the abstract interpreter is conservative and can insert a
CheckStructureOrEmpty which will fail the ASSERT as it checks for the SpecType of the array
and not for SpecEmpty. If we added a check for the SpecEmpty in the ASSERT, there are cases where
it won't be set.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):

9:42 AM Changeset in webkit [248270] by Jonathan Bedard

8 edits in trunk/Tools

run-webkit-tests asserts when the iPhone XR simulator is running
https://bugs.webkit.org/show_bug.cgi?id=200404
<rdar://problem/53878739>

Reviewed by Dean Jackson.

Support unicode in all logging statements tied to device model.

Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager.run):

Scripts/webkitpy/layout_tests/views/printing.py:

(Printer.print_baseline_search_path):

Scripts/webkitpy/port/device.py:

(Device.repr):

Scripts/webkitpy/port/device_port.py:

(DevicePort._install):
(DevicePort.setup_test_run):
(DevicePort.clean_up_test_run):
(DevicePort.configuration_for_upload):

Scripts/webkitpy/port/ios.py:

(IOSPort.default_baseline_search_path):

Scripts/webkitpy/xcode/device_type.py:

(DeviceType.str):

Scripts/webkitpy/xcode/simulated_device.py:

(SimulatedDeviceManager.populate_available_devices):
(SimulatedDeviceManager._find_available_name):
(SimulatedDeviceManager._get_device_identifier_for_type):
(SimulatedDeviceManager._create_or_find_device_for_request):
(SimulatedDeviceManager._does_fulfill_request):
(SimulatedDeviceManager._wait_until_device_in_state):
(SimulatedDeviceManager._wait_until_device_is_usable):
(SimulatedDeviceManager._boot_device):
(SimulatedDeviceManager.initialize_devices):
(SimulatedDeviceManager.max_supported_simulators):
(SimulatedDeviceManager.swap):
(SimulatedDevice.is_usable):
(SimulatedDevice._shut_down):
(SimulatedDevice._delete):
(SimulatedDevice.launch_app):
(SimulatedDevice.repr):

9:26 AM Changeset in webkit [248269] by youenn@apple.com

3 edits
5 adds in trunk

Disable speculative loading if cache is not to be used for the load
https://bugs.webkit.org/show_bug.cgi?id=199644

Reviewed by Alex Christensen.

Source/WebKit:

When the page is reloaded, loads are instructed to not use the cache.
It is therefore unneeded to do speculative revalidation.
Allow speculative revalidation if the cache policy is either the default HTTP policy or
if policy is to refresh all cache data.
Covered by added test.

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::cachePolicyValidForSpeculativeRevalidation):
(WebKit::NetworkCache::canRequestUseSpeculativeRevalidation):

LayoutTests:

http/wpt/fetch/disable-speculative-for-reload-expected.txt: Added.
http/wpt/fetch/disable-speculative-for-reload.html: Added.
http/wpt/fetch/resources/iframe-with-image.py: Added.

(main):

http/wpt/fetch/resources/image-load-count.py: Added.

(main):

http/wpt/fetch/resources/image-load.py: Added.

(main):

12:34 AM Changeset in webkit [248268] by commit-queue@webkit.org

11 edits
1 copy
1 add in trunk

[Curl] implement CertificateInfo::summaryInfo
https://bugs.webkit.org/show_bug.cgi?id=191498

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-08-05
Reviewed by Alex Christensen.

Source/WebCore:

Implement CertificaeInfo::SummaryInfo.
This patch makes WebInspector show summary of certificates.

Tests: http/tests/inspector/network/resource-security-certificate.html

http/tests/inspector/network/getSerializedCertificate.html

platform/Curl.cmake:
platform/network/curl/CertificateInfo.h:

(WTF::Persistence::Coder<WebCore::CertificateInfo>::encode):
(WTF::Persistence::Coder<WebCore::CertificateInfo>::decode):
(WebCore::CertificateInfo::summaryInfo const): Deleted.

platform/network/curl/CertificateInfoCurl.cpp:

(WebCore::CertificateInfo::summaryInfo const):

platform/network/curl/CurlSSLVerifier.cpp:

(WebCore::CurlSSLVerifier::collectInfo):
(WebCore::CurlSSLVerifier::verifyCallback):
(WebCore::StackOfX509::StackOfX509): Deleted.
(WebCore::StackOfX509::~StackOfX509): Deleted.
(WebCore::StackOfX509::count): Deleted.
(WebCore::StackOfX509::item): Deleted.
(): Deleted.
(WebCore::BIOHolder::BIOHolder): Deleted.
(WebCore::BIOHolder::~BIOHolder): Deleted.
(WebCore::BIOHolder::write): Deleted.
(WebCore::BIOHolder::asCertificate): Deleted.
(WebCore::pemDataFromCtx): Deleted.

platform/network/curl/CurlSSLVerifier.h:
platform/network/curl/OpenSSLHelper.cpp: Added.

(OpenSSL::deleter<X509>::operator()):
(OpenSSL::StackOfGeneralName::StackOfGeneralName):
(OpenSSL::StackOfGeneralName::~StackOfGeneralName):
(OpenSSL::StackOfGeneralName::operator bool):
(OpenSSL::StackOfGeneralName::count):
(OpenSSL::StackOfGeneralName::item):
(OpenSSL::StackOfX509::StackOfX509):
(OpenSSL::StackOfX509::~StackOfX509):
(OpenSSL::StackOfX509::count):
(OpenSSL::StackOfX509::item):
(OpenSSL::BIO::BIO):
(OpenSSL::BIO::~BIO):
(OpenSSL::BIO::getDataAsVector const):
(OpenSSL::BIO::getDataAsString const):
(OpenSSL::BIO::readX509):
(OpenSSL::BIO::get):
(OpenSSL::pemDataFromCtx):
(OpenSSL::createCertificateInfo):
(OpenSSL::toString):
(OpenSSL::getCommonName):
(OpenSSL::getSubjectName):
(OpenSSL::convertASN1TimeToSeconds):
(OpenSSL::getSubjectAltName):
(OpenSSL::createSummaryInfo):

platform/network/curl/OpenSSLHelper.h: Copied from Source/WebCore/platform/network/curl/CertificateInfoCurl.cpp.

Source/WTF:

Fixed function template for encoding vector.

wtf/persistence/PersistentCoders.h:

LayoutTests:

platform/wincairo-wk1/TestExpectations:
platform/wincairo/TestExpectations:

Aug 4, 2019:

11:54 PM Changeset in webkit [248267] by youenn@apple.com

3 edits
2 adds in trunk

WebRTC: got incorrect this in negotiationneeded event
https://bugs.webkit.org/show_bug.cgi?id=200427

Reviewed by Darin Adler.

Source/WebCore:

Make sure a dom object created through a JS built-in constructor is added to the wrapper cache.

Test: webrtc/onnegotiationneeded.html

bindings/js/JSDOMBuiltinConstructor.h:

(WebCore::createJSObjectFromWrapper):
(WebCore::createJSObject):

LayoutTests:

webrtc/onnegotiationneeded-expected.txt: Added.
webrtc/onnegotiationneeded.html: Added.

8:26 PM Changeset in webkit [248266] by weinig@apple.com

14 edits
1 add in trunk/Source/WebCore

Mangled WHLSL names don't need to allocate Strings
https://bugs.webkit.org/show_bug.cgi?id=200429

Reviewed by Saam Barati.

To avoid allocating strings for each mangled name used to transform WHLSL to Metal, which we'd
like to avoid since it is both unnecessarily expensive in time and space, we can instead just
store the unique integer identifier that was being used to construct the String.

Since the existing mangled names were all of the form "prefix" + unsigned integer value (where
prefix could be "type", "enumerationMember", "structureElement", "variable" or "function") we
strongly type the integer by storing it in a struct (MangledVariableName, MangledTypeName, etc.)
When the full name is actually needed, StringTypeAdapter's specialized for the structs are
used to write directly into the preallocated buffers of StringBuilders or makeString().

Modules/webgpu/WHLSL/Metal/WHLSLMangledNames.h: Added.

(WebCore::WHLSL::Metal::MangledVariableName):
(WebCore::WHLSL::Metal::MangledTypeName):
(WebCore::WHLSL::Metal::MangledStructureElementName):
(WebCore::WHLSL::Metal::MangledEnumerationMemberName):
(WebCore::WHLSL::Metal::MangledFunctionName):
Adds structs for each type of mangled name and StringTypeAdapter specializations for
each to allow their use in StringBuilder.flexibleAppend() or makeString().

Additionally, a Variant, MangledOrNativeTypeName, of MangledTypeName and String is
declared to allow for the few cases where a native type (e.g. float4) is needed. The
StringTypeAdapter for MangledOrNativeTypeName could be generalized for any Variant
in the future, but I left it non-general for now, as it is non-obvious if one would
want to store Variant<Types...>, and have each member function construct a temporary
StringTypeAdapter, or store a Variant<StringTypeAdapter<Types>...> and perform conversion
in the construction.

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:

(WebCore::WHLSL::Metal::EntryPointScaffolding::EntryPointScaffolding):
(WebCore::WHLSL::Metal::internalTypeForSemantic):
(WebCore::WHLSL::Metal::EntryPointScaffolding::builtInsSignature):
(WebCore::WHLSL::Metal::EntryPointScaffolding::mangledInputPath):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::VertexEntryPointScaffolding):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::FragmentEntryPointScaffolding):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::pack):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::ComputeEntryPointScaffolding):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::signature):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::pack):

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h:

(WebCore::WHLSL::Metal::EntryPointScaffolding::parameterVariables):

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDeclarationWriter::FunctionDeclarationWriter):
(WebCore::WHLSL::Metal::FunctionDeclarationWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::generateNextVariableName):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValueWithNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValueAndNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::emitLoop):
(WebCore::WHLSL::Metal::RenderFunctionDefinitionWriter::RenderFunctionDefinitionWriter):
(WebCore::WHLSL::Metal::RenderFunctionDefinitionWriter::createEntryPointScaffolding):
(WebCore::WHLSL::Metal::ComputeFunctionDefinitionWriter::ComputeFunctionDefinitionWriter):
(WebCore::WHLSL::Metal::ComputeFunctionDefinitionWriter::createEntryPointScaffolding):
(WebCore::WHLSL::Metal::sharedMetalFunctions):

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.h:
Modules/webgpu/WHLSL/Metal/WHLSLMetalCodeGenerator.h:
Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::writeNativeFunction):

Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h:
Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:

(WebCore::WHLSL::Metal::BaseTypeNameNode::BaseTypeNameNode):
(WebCore::WHLSL::Metal::BaseTypeNameNode::mangledName const):
(WebCore::WHLSL::Metal::ArrayTypeNameNode::ArrayTypeNameNode):
(WebCore::WHLSL::Metal::ArrayReferenceTypeNameNode::ArrayReferenceTypeNameNode):
(WebCore::WHLSL::Metal::PointerTypeNameNode::PointerTypeNameNode):
(WebCore::WHLSL::Metal::ReferenceTypeNameNode::ReferenceTypeNameNode):
(WebCore::WHLSL::Metal::MetalTypeDeclarationWriter::MetalTypeDeclarationWriter):
(WebCore::WHLSL::Metal::TypeNamer::metalTypeDeclarations):
(WebCore::WHLSL::Metal::TypeNamer::emitNamedTypeDefinition):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForType):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForEnumerationMember):
(WebCore::WHLSL::Metal::TypeNamer::mangledNameForStructureElement):

Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.h:

(WebCore::WHLSL::Metal::TypeNamer::generateNextTypeName):
(WebCore::WHLSL::Metal::TypeNamer::generateNextStructureElementName):
(WebCore::WHLSL::Metal::TypeNamer::generateNextEnumerationMemberName):

Modules/webgpu/WHLSL/WHLSLPrepare.h:

Replace uses of String with the appropriate mangled name type.

WebCore.xcodeproj/project.pbxproj:

Add WHLSLMangledNames.h

platform/graphics/gpu/cocoa/GPUComputePipelineMetal.mm:

(WebCore::trySetFunctions):

platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::trySetFunctions):
Convert the mangled names to Strings for passing to Metal API. NOTE: We could avoid having the
toString() member function on MangledFunctionName if we allowed makeString() to take a single
argument.

11:32 AM Changeset in webkit [248265] by Chris Dumez

7 edits
4 adds in trunk

Ping loads should not prevent page caching
https://bugs.webkit.org/show_bug.cgi?id=200418
<rdar://problem/53901632>

Reviewed by Darin Adler.

Source/WebCore:

We normally prevent page caching if there were any pending subresource loads when navigating,
to avoid caching partial / broken content. However, this should not apply to Ping / Beacon
loads since those do not impact page rendering and can outlive the page.

Tests: http/tests/navigation/page-cache-pending-ping-load-cross-origin.html

http/tests/navigation/page-cache-pending-ping-load-same-origin.html

history/PageCache.cpp:

(WebCore::PageCache::addIfCacheable):
After we've fired the 'pagehide' event in each frame, stop all the loads again. This is needed
since pages are allowed to start ping / beacon loads in their 'pagehide' handlers. If we do not
stop those loads, then the next call to canCachePage() would fail because the DocumentLoader is
still loading. Note that we're not actually preventing these ping loads from hitting the server
since we never cancel page loads and those can outlive their page.

loader/DocumentLoader.cpp:

(WebCore::shouldPendingCachedResourceLoadPreventPageCache):
(WebCore::areAllLoadersPageCacheAcceptable):
Make sure that Ping / Beacon / Prefetches / Icon loads do not prevent page caching.

(WebCore::DocumentLoader::addSubresourceLoader):
Tweak assertion that was incorrect since we actually allow ping / beacon loads when the
document is about to enter PageCache (while firing pagehide event).

Tools:

Add TestOption to enable PageCache at UIProcess-level so that we can test
page caching when navigating cross-origin with PSON enabled.

WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):

WebKitTestRunner/TestOptions.h:

(WTR::TestOptions::hasSameInitializationOptions const):

LayoutTests:

Add layout test coverage.

http/tests/navigation/page-cache-pending-ping-load-cross-origin-expected.txt: Added.
http/tests/navigation/page-cache-pending-ping-load-cross-origin.html: Added.
http/tests/navigation/page-cache-pending-ping-load-same-origin-expected.txt: Added.
http/tests/navigation/page-cache-pending-ping-load-same-origin.html: Added.

11:28 AM Changeset in webkit [248264] by Konstantin Tokarev

2 edits in trunk/Source/WebKit

Remove unused lambda capture in MemoryPressureMonitor
https://bugs.webkit.org/show_bug.cgi?id=200420

Reviewed by Darin Adler.

UIProcess/linux/MemoryPressureMonitor.cpp:

(WebKit::MemoryPressureMonitor::start):

6:59 AM Changeset in webkit [248263] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][TFC] Create formatting context/state.
https://bugs.webkit.org/show_bug.cgi?id=200428
<rdar://problem/53913625>

Reviewed by Antti Koivisto.

layout/LayoutState.cpp:

(WebCore::Layout::LayoutState::createFormattingStateForFormattingRootIfNeeded):
(WebCore::Layout::LayoutState::createFormattingContext):

3:16 AM Changeset in webkit [248262] by Alan Bujtas

12 edits in trunk/Source/WebCore

[LFC] Cleanup preferred width computation
https://bugs.webkit.org/show_bug.cgi?id=200426
<rdar://problem/53912607>

Reviewed by Antti Koivisto.

The intrinsic width for a formatting root box has 2 sets of values now. One set(min/max) is stored in the established formatting context's state
while the other is in the formatting context's state where the box lives.

<div style="position: absolute"><div style="float: left; border: 1px solid green">foobar</div></div>

The float box participates in the formatting context established by the absolutely position box, but it also establishes an inline formatting context.
The min/max width pair in the established context is the width of the "foobar" (same value for min/max). This set is stored in the inline formatting state.
However the float box has horizontal border so the "final" min/max width pair is expanded by this border value and stored in the formatting state where
the box lives (which is different from the one it establishes).

This and the "remove the formatting context type classes from the tree" changes open up interesting optimization opportunities.
Here is a very simple case:
<div style="display: inline-block; width: auto;">

<div style="float: left">some text</div>
<div style="float: left">some super long .... text</div>
<div></div>

</div>
In order to lay out this content properly, we

Compute the min/max width of the first float (expensive text measuring)
Compute the min/max width of the second float (some more expensive text measuring)
Compute the min/max width of the inline-block (that is pretty much the 2 float's min/max)
Lay out the 2 floats, the empty div and the inline-block using these min/max width pairs.

Now if the inline-block box's display value is changed to "block" and the positioning is to absolute (style="display: box; position: absolute;")
we currently(on trunk) tear down the render tree, build a new one and run all the steps again from #1 to #4.

In LFC, we start with the following layout tree
<container> -> block formatting context

<container> -> inline formatting context

<anonymous inline box>

<container> -> inline formatting context

<anonymous inline box>

<container> -> inline formatting context

and when the style change happens, we don't need to tear down the tree at all. Not only that, but since every formatting contexts stay the same
we can just reuse their states and actually skip all the steps (even the positioning since the absolutely positioned container has static top/bottom/left/right).

Surprisingly the final layout produces the exact same "display boxes" as the original layout.

layout/FormattingContext.h:

(WebCore::Layout::FormattingContext::IntrinsicWidthConstraints::expand):

layout/FormattingContextGeometry.cpp:

(WebCore::Layout::FormattingContext::Geometry::shrinkToFitWidth):

layout/FormattingState.h:

(WebCore::Layout::FormattingState::setIntrinsicWidthConstraints):
(WebCore::Layout::FormattingState::intrinsicWidthConstraints const):
(WebCore::Layout::FormattingState::setIntrinsicWidthConstraintsForBox):
(WebCore::Layout::FormattingState::clearIntrinsicWidthConstraints):
(WebCore::Layout::FormattingState::intrinsicWidthConstraintsForBox const):

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::computedIntrinsicWidthConstraints const):
(WebCore::Layout::BlockFormattingContext::computeIntrinsicWidthConstraints const): Deleted.

layout/blockformatting/BlockFormattingContext.h:
layout/blockformatting/BlockFormattingContextGeometry.cpp:

(WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraints):
(WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraintsNeedChildrenWidth): Deleted.

layout/displaytree/DisplayBox.h:

(WebCore::Display::Box::horizontalMarginBorderAndPadding const):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::nextInPreOrder):
(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFormattingRoot const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const): Deleted.
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFloatBox const): Deleted.
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForInlineBlock const): Deleted.

layout/inlineformatting/InlineFormattingContext.h:
layout/tableformatting/TableFormattingContext.cpp:

(WebCore::Layout::TableFormattingContext::computedIntrinsicWidthConstraints const):

layout/tableformatting/TableFormattingContext.h:

Aug 3, 2019:

8:24 PM Changeset in webkit [248261] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248173 - Harden NodeRareData::m_connectedFrameCount
https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

dom/NodeRareData.h:

8:24 PM Changeset in webkit [248260] by Michael Catanzaro

4 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r248172 - Document::resume should delay resetting of form control elements.
https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

8:24 PM Changeset in webkit [248259] by Michael Catanzaro

5 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r248149 - GetterSetter type confusion during DFG compilation
https://bugs.webkit.org/show_bug.cgi?id=199903

Reviewed by Mark Lam.

JSTests:

stress/cse-propagated-constant-may-not-follow-structure-restrictions.js: Added.

Source/JavaScriptCore:

In AI, we are strongly assuming that GetGetter's child constant value should be GetterSetter if it exists.
However, this can be wrong since nobody ensures that. AI assumed so because the control-flow and preceding
CheckStructure ensures that. But this preceding check can be eliminated if the node becomes (at runtime) unreachable.

Let's consider the following graph.

129:<!0:-> PutByOffset(KnownCell:@115, KnownCell:@115, Check:Untyped:@124, MustGen, id5{length}, 0, W:NamedProperties(5), ClobbersExit, bc#154, ExitValid)
130:<!0:-> PutStructure(KnownCell:@115, MustGen, %C8:Object -> %C3:Object, ID:7726, R:JSObject_butterfly, W:JSCell_indexingType,JSCell_structureID,JSCell_typeInfoFlags,JSCell_typeInfoType, ClobbersExit, bc#154, ExitInvalid)
...
158:<!0:-> GetLocal(Check:Untyped:@197, JS|MustGen|UseAsOther, Final, loc7(R<Final>/FlushedCell), R:Stack(-8), bc#187, ExitValid) predicting Final
210:< 1:-> DoubleRep(Check:NotCell:@158, Double|PureInt, BytecodeDouble, Exits, bc#187, ExitValid)
...
162:<!0:-> CheckStructure(Cell:@158, MustGen, [%Ad:Object], R:JSCell_structureID, Exits, bc#192, ExitValid)
163:< 1:-> GetGetterSetterByOffset(KnownCell:@158, KnownCell:@158, JS|UseAsOther, OtherCell, id5{length}, 0, R:NamedProperties(5), Exits, bc#192, ExitValid)
164:< 1:-> GetGetter(KnownCell:@163, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

At @163 and @164, AI proves that @158's AbstractValue is None because @210's edge filters out Cells @158 is a cell. But we do not invalidate graph status as "Invalid" even if edge filters out all possible value.
This is because the result of edge can be None in a valid program. For example, we can put a dependency edge between a consuming node and a producing node, where the producing node is just like a check and it
does not produce a value actually. So, @163 and @164 are not invalidated. This is totally fine in our compiler pipeline right now.

But after that, global CSE phase found that @115 and @158 are same and @129 dominates @158. As a result, we can replace GetGetter child's @163 with @124. Since CheckStructure is already removed (and now, at runtime,
@163 and @164 are never executed), we do not have any structure guarantee on @158 and the result of @163. This means that @163's CSE result can be non-GetterSetter value.

124:< 2:-> JSConstant(JS|UseAsOther, Final, Weak:Object: 0x1199e82a0 with butterfly 0x0 (Structure %B4:Object), StructureID: 49116, bc#0, ExitValid)
...
126:< 2:-> GetGetter(KnownCell:Kill:@124, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

AI filters out @124's non-cell values. But @126 can get non-GetterSetter cell at AI phase. But our AI code is like the following.

JSValue base = forNode(node->child1()).m_value;
if (base) {

GetterSetter* getterSetter = jsCast<GetterSetter*>(base);
...

Then, jsCast casts the above object with GetterSetter accidentally.

In general, DFG AI can get a proven constant value, which could not be shown at runtime. This happens if the processing node is unreachable at runtime while the graph is not invalid yet, because preceding edge
filters already filter out all the possible execution. DFG AI already considered about this possibility, and it attempts to fold a node into a constant only when the constant input matches against the expected one.
But several DFG nodes are not handling this correctly: GetGetter, GetSetter, and SkipScope.

In this patch, we use jsDynamicCast to ensure that the constant input matches against the expected (foldable) one, and fold it only when the expectation is met.
We also remove DFG::Node::castConstant and its use. We should not rely on the constant folded value based on graph's control-flow.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGNode.h:

(JSC::DFG::Node::castConstant): Deleted.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

8:24 PM Changeset in webkit [248258] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248009 - [GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, fix build with -DENABLE_OPENGL=OFF.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

8:24 PM Changeset in webkit [248257] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247903 - REGRESSION(r243058): [GStreamer] WebKitWebSrc's internal queue can exhaust the WebProcess memory
https://bugs.webkit.org/show_bug.cgi?id=199998

Reviewed by Xabier Rodriguez-Calvar.

With the webkitwebsrc rewrite the element lost its ability to tell
the resource loader when to pause and resume downloading because
we don't use appsrc and its enough-data/need-data signals anymore.
So new heuristics are introduced with this patch. Downloading of
resources bigger than 2MiB might pause when the internal adapter
has enough data (2% of the full resource) and resume when the
adapter size goes below 20% of those 2%.

No new tests, the media element spec doesn't clearly mandate how
the resource loading should behave when the element is paused or
how aggressively the resource should be downloaded during
playback.

This patch was functionally tested with a 1.3GiB resource loaded
over the local network, the resource was downloaded in ~30MiB
chunks, stopping and resuming every 20 seconds, approximately.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_class_init):
(webKitWebSrcCreate):
(CachedResourceStreamingClient::responseReceived):
(CachedResourceStreamingClient::dataReceived):

8:24 PM Changeset in webkit [248256] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r247778 - [GStreamer] Don't crash with empty video src
https://bugs.webkit.org/show_bug.cgi?id=200081

LayoutTests/imported/w3c:

Reviewed by Philippe Normand.

web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html: Added.

Source/WebCore:

When a <video> element is set to load empty or about:blank, a player is still
created, but no pipeline is loaded. This patch fixes some assertion errors that
manifested in that case.

Reviewed by Philippe Normand.

Test: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::loadFull):
(WebCore::MediaPlayerPrivateGStreamer::platformDuration const):
(WebCore::MediaPlayerPrivateGStreamer::paused const):

8:24 PM Changeset in webkit [248255] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247643 - [GStreamer] Flush get_range calls during PAUSED->READY in WebKitWebSource
https://bugs.webkit.org/show_bug.cgi?id=199934

Reviewed by Xabier Rodriguez-Calvar.

Unit testing not applicable.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcChangeState): A well-behaved element should unblock streaming threads
during a PAUSED->READY transition, so do that here.

8:24 PM Changeset in webkit [248254] by Michael Catanzaro

5 edits in releases/WebKitGTK/webkit-2.24

Merge r247533 - Web Inspector: application/xml content not shown
https://bugs.webkit.org/show_bug.cgi?id=199861

Patch by Olivier Blin <Olivier Blin> on 2019-07-17
Reviewed by Devin Rousso.

Source/WebInspectorUI:

application/xml content from XHR requests was not shown in the
inspector, an error message was displayed instead.

application/xml content should be treated as text, since
application/xml is the standard mimetype for XML content.
Apache serves XML content with the application/xml mimetype by
default.

UserInterface/Base/MIMETypeUtilities.js:

(WI.fileExtensionForMIMEType):
Report "xml" extension for "application/xml" mimetype.
(WI.shouldTreatMIMETypeAsText):
Treat XML files as text.

LayoutTests:

inspector/unit-tests/mimetype-utilities-expected.txt:
inspector/unit-tests/mimetype-utilities.html:

Test for shouldTreatMIMETypeAsText.

8:24 PM Changeset in webkit [248253] by Michael Catanzaro

6 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247508 - [WPE][GTK] UI process crash due to NULL dereference in webkitWebViewResourceLoadStarted()
https://bugs.webkit.org/show_bug.cgi?id=199621

Reviewed by Michael Catanzaro.

Null-check frame received in injected bundle message to ensure the frame hasn't been destroyed.

UIProcess/API/glib/WebKitInjectedBundleClient.cpp:
UIProcess/API/glib/WebKitWebResource.cpp:

(webkitWebResourceCreate): Receive a reference to the frame instead of a pointer.

UIProcess/API/glib/WebKitWebResourcePrivate.h:
UIProcess/API/glib/WebKitWebView.cpp:

(webkitWebViewResourceLoadStarted): Ditto.

UIProcess/API/glib/WebKitWebViewPrivate.h:

8:24 PM Changeset in webkit [248252] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247507 - [GTK][WPE] Do not assert when receiving invalid data in injected bundle messages
https://bugs.webkit.org/show_bug.cgi?id=199830

Reviewed by Michael Catanzaro.

Just silently ignore them to avoid UI process crashes.

UIProcess/API/glib/WebKitInjectedBundleClient.cpp:

8:24 PM Changeset in webkit [248251] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247427 - [GTK] GitHub breaks on FreeBSD because of "unsupported browser"
https://bugs.webkit.org/show_bug.cgi?id=199745

Reviewed by Carlos Garcia Campos.

It's been a while since I last updated the fake version numbers in our user agent, both for
the user agent quirks for naughty websites and also the Safari version in our standard user
agent. Update them. This should fix github.com on FreeBSD at least. I also noticed some
wonkiness on Google Docs recently that I thought required this update, but I didn't do
anything about it at the time because I wasn't able to reproduce the issue when I tried
again later.

This could absolutely break websites, because the web is awful, but that's calculated risk.

platform/UserAgentQuirks.cpp:

(WebCore::UserAgentQuirks::stringForQuirk):

platform/glib/UserAgentGLib.cpp:

(WebCore::buildUserAgentString):

8:23 PM Changeset in webkit [248250] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247298 - [GStreamer] Protect against null samples and samples with null buffers
https://bugs.webkit.org/show_bug.cgi?id=199619

Reviewed by Philippe Normand.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::GstVideoFrameHolder): Assert to enforce non-null samples.
(WebCore::GstVideoFrameHolder::updateTexture): Protect against null m_buffer and improperly mapped video frame.

8:23 PM Changeset in webkit [248249] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r247215 - REGRESSION(r243197): [GStreamer] Web process hangs when scrolling twitter timeline which contains HLS videos
https://bugs.webkit.org/show_bug.cgi?id=197558

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

Not covered, I have a test locally that would probably trigger the
deadlock if the network requests took a realistic amount of time,
but from a local webserver the window of time to hit this deadlock
is too narrow.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_init): Make the websrc start asynchronously, this
allows the main thread to be free to complete resource loader
setup.
(webKitWebSrcCreate): Calling start() from the create() vfunc is a
recipe for deadlock, since BaseSrc holds the streaming lock during
seeks, and then calls create(). In these cases, we do not want to
notify async-completion, since we've already completed from the
necessarily preceeding start() vfunc, and calling it again would
require the stream-lock and deadlock us.
(webKitWebSrcStart): Refactor to use webKitWebSrcMakeRequest, but
ensuring that we do perform an async-complete notification.
(webKitWebSrcMakeRequest): What Start() used to be, but now can be
toggled when to notify of async-completion. Start() no longer
blocks, since the return value of initiating a resource loader is
of no interest to the callers.
(webKitWebSrcCloseSession): Similarly to Start(), we do not need
to wait for the completion of cancelled net requests.

Tools:

On shutdown we can easily deadlock the web process if we don't
ensure all network operations are completed before comitting state
changes. In HLS, make sure the network operations are cancelled,
and also prevent hlsdemux's retry logic from scuppering our
efforts.

gstreamer/jhbuild.modules: Include the patch.
gstreamer/patches/gst-plugins-bad-do-not-retry-downloads-during-shutdown.patch: Added.

8:23 PM Changeset in webkit [248248] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/LayoutTests

Merge r247207 - [GStreamer] media/video-volume.html broken after switching from cubic to linear scaling
https://bugs.webkit.org/show_bug.cgi?id=199505

Reviewed by Xabier Rodriguez-Calvar.

PulseAudio has a conversion process from volume's in
double-precision to uint32_t volumes. Depending on the environment
can introduce rounding errors. Be more lenient in our comparison
code.

media/video-volume-expected.txt: Update baseline
media/video-volume.html: Compare volume values within a

reasonable tolerance.

8:23 PM Changeset in webkit [248247] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247204 - [GStreamer] The CREATE_TRACK macro is messed up
https://bugs.webkit.org/show_bug.cgi?id=199356

Reviewed by Xabier Rodriguez-Calvar.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix the
CREATE_TRACK macro for !VIDEO_TRACK builds.

8:23 PM Changeset in webkit [248246] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247121 - The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
https://bugs.webkit.org/show_bug.cgi?id=199415

Reviewed by Simon Fraser.

After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.

We need to explicitly clear the composite animations before exiting the
destructor of CSSAnimationControllerPrivate.

page/animation/CSSAnimationController.cpp:

(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):

8:23 PM Changeset in webkit [248245] by Michael Catanzaro

4 edits
4 adds in releases/WebKitGTK/webkit-2.24

Merge r247025 - It should not be possible to trigger a load while in the middle of restoring a page in PageCache
https://bugs.webkit.org/show_bug.cgi?id=199190
<rdar://problem/52114552>

Reviewed by Brady Eidson.

Source/WebCore:

Test: http/tests/security/navigate-when-restoring-cached-page.html

history/CachedFrame.cpp:

(WebCore::CachedFrame::open):
Stop attaching the cached document before calling FrameLoader::open() given that the previous document
is still attached to the frame at this point. This avoids having 2 documents attached to the same frame
during a short period of time.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::open):
We now attach the cached document to the frame *after* calling FrameLoader::clear(), which means that
the previous document now has been detached from this frame.

(WebCore::FrameLoader::detachChildren):
As per the HTML specification [1], an attempt to navigate should fail if the prompt to unload algorithm
is being run for the active document of browsingContext. Note that the "prompt to unload" algorithm [2]
includes firing the 'unload' event in the current document and in all the documents in the subframes.
As a result, FrameLoader::detachChildren() is the right prevent such navigations. We were actually trying
to do this via the SubframeLoadingDisabler stack variable inside detachChildren(). The issue is that this
only prevents navigation in the subframes (i.e. <iframe> elements), not the main frame. As a result,
script would be able to navigate the top-frame even though detachChildren() is being called on the top
frame. To address the issue, I now create a NavigationDisabler variable in the scope of detachChildren()
when detachChildren() is called on the top frame. NavigationDisabler prevents all navigations within the
page, including navigations on the main/top frame.

[1] https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate
[2] https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document

LayoutTests:

Add layout test coverage.

http/tests/security/navigate-when-restoring-cached-page-expected.txt: Added.
http/tests/security/navigate-when-restoring-cached-page.html: Added.
http/tests/security/resources/navigate-when-restoring-cached-page-frame.html: Added.
http/tests/security/resources/navigate-when-restoring-cached-page-victim.html: Added.

8:23 PM Changeset in webkit [248244] by Michael Catanzaro

6 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247017 - More judiciously handle clearing/creation of DOMWindows for new Documents.
<rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Chris Dumez.

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity.
(WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda.
(WebCore::DocumentWriter::replaceDocument): Deleted.

loader/DocumentWriter.h:

loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document.

loader/FrameLoader.h:

8:23 PM Changeset in webkit [248243] by Michael Catanzaro

3 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r246868 - ReplacementFragment should not have script observable side effects
https://bugs.webkit.org/show_bug.cgi?id=199147

Reviewed by Wenson Hsieh.

Source/WebCore:

Fixed the bug that ReplacementFragment has script observable side effects.

Use a brand new document for sanitization where the script is disabled for test rendering,
and remove style and script elements as well as event handlers before the test rendering
and the actual pasting.

Test: editing/pasteboard/paste-contents-with-side-effects.html

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplacementFragment::document): Deleted.
(WebCore::ReplacementFragment::ReplacementFragment): Use createPageForSanitizingWebContent
to create our own document for test rendering. We need to copy over the computed style
from the root editable element (editing host) to respect whitespace treatment, etc...
(WebCore::ReplacementFragment::removeContentsWithSideEffects): Moved from removeHeadContents.
Now removes event handlers and JavaScript URLs.
(WebCore::ReplacementFragment::insertFragmentForTestRendering): Renamed variable names.
(WebCore::ReplaceSelectionCommand::willApplyCommand): Create the plain text and HTML markup
for beforeinput and input events before ReplacementFragment removes contents with side effects.
(WebCore::ReplaceSelectionCommand::ensureReplacementFragment): The removal of head elements
is now done in ReplacementFragment's constructor.

LayoutTests:

Added regression tests.

editing/pasteboard/paste-contents-with-side-effects-expected.txt: Added.
editing/pasteboard/paste-contents-with-side-effects.html: Added.

8:23 PM Changeset in webkit [248242] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog

Merge r246808 - Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248241] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246801 - Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248240] by Michael Catanzaro

5 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246801 - Structure::create should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Filip Pizlo.

Structure::create should also assert that the indexing type makes sense
for the prototype being used.

runtime/JSObject.h:
runtime/Structure.cpp:

(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):

runtime/Structure.h:

(JSC::Structure::create): Deleted.

runtime/StructureInlines.h:

(JSC::Structure::create):
(JSC::Structure::setPrototypeWithoutTransition):

8:23 PM Changeset in webkit [248239] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r247426 - Concurrent GC should not rely on current phase to determine if it's safe to steal conn
https://bugs.webkit.org/show_bug.cgi?id=199786
<rdar://problem/52505197>

Reviewed by Saam Barati.

In r246507, we fixed a race condition in the concurrent GC where the mutator might steal
the conn from the collector thread while it transitions from the End phase to NotRunning.
However, that fix was not sufficient. In the case that the mutator steals the conn, and the
execution interleaves long enough for the mutator to progress to a different collection phase,
the collector will resume in a phase other than NotRunning, and hence the check added to
NotRunning will not suffice. To fix that, we add a new variable to track whether the collector
thread is running (m_collectorThreadIsRunning) and use it to determine whether it's safe to
steal the conn, rather than relying on m_currentPhase.

heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):
(JSC::Heap::requestCollection):

heap/Heap.h:

8:23 PM Changeset in webkit [248238] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246507 - Concurrent GC should check the conn before starting a new collection cycle
https://bugs.webkit.org/show_bug.cgi?id=198913
<rdar://problem/49515149>

Reviewed by Filip Pizlo.

Heap::requestCollection tries to steal the conn as an optimization to avoid waking up the collector
thread if it's idle. We determine if the collector is idle by ensuring that there are no pending collections
and that the current GC phase is NotRunning. However, that's not safe immediately after the concurrent
GC has finished processing the last pending request. The collector thread will runEndPhase and immediately
start runNotRunningPhase, without checking if it still has the conn. If the mutator has stolen the conn in
the mean time, this will lead to both threads collecting concurrently, and eventually we'll crash in checkConn,
since the collector is running but doesn't have the conn anymore.

To solve this, we check if we still have the conn after holding the lock in runNotRunningPhase, in case the mutator
has stolen the conn. Ideally, we wouldn't let the mutator steal the conn in the first place, but that doesn't seem
trivial to determine.

heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):

8:23 PM Changeset in webkit [248237] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r246505 - [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
https://bugs.webkit.org/show_bug.cgi?id=197378

Reviewed by Saam Barati.

JSTests:

stress/disposable-call-site-index-with-call-and-this.js: Added.

(foo):
(bar):

stress/disposable-call-site-index.js: Added.

(foo):
(bar):

Source/JavaScriptCore:

Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
we will create a new CallSiteIndex continuously and leak memory.

The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
at runtime.

To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
enforce type-safety to some degree.

We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
(JSC::CodeBlock::removeExceptionHandlerForCallSite):

bytecode/CodeBlock.h:
bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
(JSC::PolymorphicAccess::regenerate):

bytecode/PolymorphicAccess.h:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.

dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addUniqueCallSiteIndex):
(JSC::DFG::CommonData::addDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeCallSiteIndex): Deleted.

dfg/DFGCommonData.h:
interpreter/CallFrame.h:

(JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
(JSC::DisposableCallSiteIndex::fromCallSiteIndex):

jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):

jit/GCAwareJITStubRoutine.h:
jit/JITInlineCacheGenerator.h:

8:23 PM Changeset in webkit [248236] by Michael Catanzaro

7 edits
4 adds in releases/WebKitGTK/webkit-2.24

Merge r246372 - [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call
https://bugs.webkit.org/show_bug.cgi?id=198770

Reviewed by Saam Barati.

JSTests:

stress/poly-call-stub-slow-path-should-restore-callee-saves-when-doing-tail-call.js: Added.

(test):

Source/JavaScriptCore:

Polymorphic call stub is a bit specially patched in JS call site. Typical JS call site for tail calls
are the following.

if (callee == patchableCallee) {

restore callee saves for tail call
prepare for tail call
jump to the target function

}
restore callee saves for slow path
call the slow path function

And linking patches patchableCallee, target function, and slow path function. But polymorphic call stub
patches the above if statement with the jump to the stub.

jump to the polymorphic call stub

This is because polymorphic call stub wants to use CallFrameShuffler to get scratch registers. As a result,
"restore callee saves for tail call" thing needs to be done in the polymorphic call stubs. While it is
correctly done for the major cases, we have slowPath skips, and that path missed restoring callee saves.
This skip happens if the callee is non JSCell or non JS function, so typically, InternalFunction is handled
in that path.

This patch does that skips after restoring callee saves.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setUpCall):
(JSC::CallLinkInfo::calleeGPR):
(JSC::CallLinkInfo::setCalleeGPR): Deleted.

jit/Repatch.cpp:

(JSC::revertCall):
(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

jit/Repatch.h:
jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

8:23 PM Changeset in webkit [248235] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r246420 - Argument elimination should check transitive dependents for interference
https://bugs.webkit.org/show_bug.cgi?id=198520
<rdar://problem/50863343>

Reviewed by Filip Pizlo.

JSTests:

stress/argument-elimination-inline-rest-past-kill.js: Added.

(f2):
(f3):

Source/JavaScriptCore:

Consider the following program:

a: CreateRest
-->

b: CreateRest

<--
c: Spread(@a)
d: Spread(@b)
e: NewArrayWithSpread(@a, @b)
f: KillStack(locX)
g: LoadVarargs(@e)

Suppose @b reads locX, then we cannot transform @e to PhantomNewArraySpread, since that would
move the stack access from @b into @g, and that stack location is no longer valid at that point.

We fix that by computing a set of all inline call frames that any argument elimination candidate
depends on and checking each of them for interference in eliminateCandidatesThatInterfere.

dfg/DFGArgumentsEliminationPhase.cpp:

8:23 PM Changeset in webkit [248234] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r246071 - Argument elimination should check for negative indices in GetByVal
https://bugs.webkit.org/show_bug.cgi?id=198302
<rdar://problem/51188095>

Reviewed by Filip Pizlo.

JSTests:

stress/eliminate-arguments-negative-rest-access.js: Added.

(inlinee):
(opt):

Source/JavaScriptCore:

In DFG::ArgumentEliminationPhase, the index is treated as unsigned, but there's no check
for overflow in the addition. In compileGetMyArgumentByVal, there's a check for overflow,
but the index is treated as signed, resulting in an index lower than numberOfArgumentsToSkip.

dfg/DFGArgumentsEliminationPhase.cpp:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):

8:23 PM Changeset in webkit [248233] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246084 - Unreviewed, update exception scope for putByIndexBeyondVectorLength
https://bugs.webkit.org/show_bug.cgi?id=198477

runtime/JSObject.cpp:

(JSC::JSObject::putByIndexBeyondVectorLength):

8:23 PM Changeset in webkit [248232] by Michael Catanzaro

4 edits
3 adds in releases/WebKitGTK/webkit-2.24

Merge r246040 - [JSC] JSObject::attemptToInterceptPutByIndexOnHole should use getPrototype instead of getPrototypeDirect
https://bugs.webkit.org/show_bug.cgi?id=198477
<rdar://problem/51299504>

Reviewed by Saam Barati.

Source/JavaScriptCore:

JSObject::attemptToInterceptPutByIndexOnHole uses getPrototypeDirect, but it should use getPrototype to
handle getPrototype methods in derived JSObject classes correctly.

runtime/JSArrayInlines.h:

(JSC::JSArray::pushInline):

runtime/JSObject.cpp:

(JSC::JSObject::putByIndex):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
(JSC::JSObject::attemptToInterceptPutByIndexOnHole):
(JSC::JSObject::putByIndexBeyondVectorLength):

LayoutTests:

Ensure that JSWindow::getPrototype is used.

http/tests/security/cross-frame-access-object-getPrototypeOf-in-put-expected.txt: Added.
http/tests/security/cross-frame-access-object-getPrototypeOf-in-put.html: Added.
http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-in-put-test.html: Added.

8:23 PM Changeset in webkit [248231] by Michael Catanzaro

8 edits
1 move
1 add in releases/WebKitGTK/webkit-2.24

Merge r245908 - IsoHeaps don't notice uncommitted VA becoming the first eligible.
https://bugs.webkit.org/show_bug.cgi?id=198301

Reviewed by Yusuke Suzuki.

Source/bmalloc:

IsoDirectory has a firstEligible member that is used as an
optimization to help find the first fit. However if the scavenger
decommitted a page before firstEligible then we wouldn't move
firstEligible. Thus, if no space is ever freed below firstEligible
we will never reused the decommitted memory (e.g. if the VA page
is decommitted). The fix is to make IsoDirectory::didDecommit move
the firstEligible page back if the decommitted page is smaller
than the current firstEligible. As such, this patch renames
firstEligible to firstEligibleOrDecommitted.

Also, this patch changes gigacageEnabledForProcess to check if the
process starts with Test rather than just test as TestWTF does.

Lastly, unbeknownst to me IsoHeaps are dependent on gigacage, so
by removing gigacage from arm64 I accidentally disabled
IsoHeaps...

bmalloc.xcodeproj/project.pbxproj:
bmalloc/IsoDirectory.h:
bmalloc/IsoDirectoryInlines.h:

(bmalloc::passedNumPages>::takeFirstEligible):
(bmalloc::passedNumPages>::didBecome):
(bmalloc::passedNumPages>::didDecommit):

bmalloc/IsoHeapImpl.h:
bmalloc/IsoHeapImplInlines.h:

(bmalloc::IsoHeapImpl<Config>::takeFirstEligible):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligibleOrDecommited):
(bmalloc::IsoHeapImpl<Config>::didCommit):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligible): Deleted.

bmalloc/IsoTLS.cpp:

(bmalloc::IsoTLS::determineMallocFallbackState):

bmalloc/ProcessCheck.mm:

(bmalloc::gigacageEnabledForProcess):

Tools:

Move testbmalloc.cpp to TestWTF so it runs in automation.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp: Renamed from Source/bmalloc/test/testbmalloc.cpp.

(TEST):

8:23 PM Changeset in webkit [248230] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246792 - REGRESSION(r245586): static assertion failed: Match result and EncodedMatchResult should be the same size
https://bugs.webkit.org/show_bug.cgi?id=198518

Reviewed by Keith Miller.

r245586 made some bad assumptions about the size of size_t, which we can solve using the
CPU(ADDRESS32) guard that I didn't know about.

This solution was developed by Mark Lam and Keith Miller. I'm just preparing the patch.

runtime/MatchResult.h:

8:23 PM Changeset in webkit [248229] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245815 - [YARR] Properly handle RegExp's that require large ParenContext space
https://bugs.webkit.org/show_bug.cgi?id=198065

Reviewed by Keith Miller.

JSTests:

New test.

stress/regexp-large-paren-context.js: Added.

(testLargeRegExp):

Source/JavaScriptCore:

Changed what happens when we exceed VM::patternContextBufferSize when compiling a RegExp
that needs ParenCOntextSpace to fail the RegExp JIT compilation and fall back to the YARR
interpreter. This can save large amounts of JIT memory for a
JIT'ed function that cannot ever succeed.

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):
(JSC::Yarr::YarrGenerator::compile):

8:23 PM Changeset in webkit [248228] by Michael Catanzaro

7 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245926 - Cleanup Yarr regexp code around paren contexts.
https://bugs.webkit.org/show_bug.cgi?id=198063

Reviewed by Yusuke Suzuki.

JSTests:

stress/regexp-many-named-sequential-capture-groups.js: Added.

(i.s):

stress/regexp-many-unnamed-sequential-capture-groups.js: Added.

Source/JavaScriptCore:

There are three refactoring changes around paren contexts:

Make EncodedMatchResult the same type as MatchResult on X86_64 and arm64 and uint64_t elsewhere.
All function pointer types for Yarr JIT generated code reserve space for paren contexts.
initParenContextFreeList should bail based on VM::patternContextBufferSize as that's the buffer size anyway.

runtime/MatchResult.h:

(JSC::MatchResult::MatchResult):

runtime/RegExpInlines.h:

(JSC::PatternContextBufferHolder::PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::~PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::size):
(JSC::RegExp::matchInline):

runtime/VM.h:
yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):

yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::execute):

8:22 PM Changeset in webkit [248227] by Michael Catanzaro

5 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245538 - Fix security check in ScriptController::canAccessFromCurrentOrigin()
https://bugs.webkit.org/show_bug.cgi?id=196730
<rdar://problem/49731231>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Fix security check in ScriptController::canAccessFromCurrentOrigin() when there is no
current JS exec state. Instead of returning true unconditionally, we now fall back to
using the accessing document's origin for the security check. The new behavior is
aligned with Blink:
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_frame_element_base.cc?rcl=d3f22423d512b45466f1694020e20da9e0c6ee6a&l=62

This fix is based on a patch from Sergei Glazunov <glazunov@google.com>.

Test: http/tests/security/showModalDialog-sync-cross-origin-page-load2.html

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::canAccessFromCurrentOrigin):

bindings/js/ScriptController.h:
html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::isURLAllowed const):

LayoutTests:

Add layout test coverage.

http/tests/security/showModalDialog-sync-cross-origin-page-load2-expected.txt: Added.
http/tests/security/showModalDialog-sync-cross-origin-page-load2.html: Added.

8:22 PM Changeset in webkit [248226] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r244970 - Null check m_mainFrame in WebPageProxy.cpp
https://bugs.webkit.org/show_bug.cgi?id=197618
<rdar://problem/47463054>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-05-06
Reviewed by Geoffrey Garen.

It's already null checked in some places, and the places where it isn't are causing crashes.
Let's fix all of them.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::createNewPage):

8:22 PM Changeset in webkit [248225] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r245298 - Crash under WebKit::WebProcessProxy::didBecomeUnresponsive()
https://bugs.webkit.org/show_bug.cgi?id=197883
<rdar://problem/50665984>

Reviewed by Alex Christensen.

Protect |this| in didBecomeUnresponsive() and didExceedCPULimit() since we call client
delegates and those may cause |this| to get destroyed.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::didBecomeUnresponsive):
(WebKit::WebProcessProxy::didExceedCPULimit):

8:22 PM Changeset in webkit [248224] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r245190 - Gracefully handle inaccessible font face data
https://bugs.webkit.org/show_bug.cgi?id=197762
<rdar://problem/50433861>

Reviewed by Per Arne Vollan.

Make sure CSS Font Face handling gracefully recovers from
missing font data.

Test: fast/text/missing-font-crash.html

css/CSSFontFace.cpp:

(WebCore::CSSFontFace::fontLoadEventOccurred):
(WebCore::CSSFontFace::timeoutFired):
(WebCore::CSSFontFace::fontLoaded):
(WebCore::CSSFontFace::font):

8:22 PM Changeset in webkit [248223] by Michael Catanzaro

4 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245158 - Do not mix inline and block level boxes.
https://bugs.webkit.org/show_bug.cgi?id=197462
<rdar://problem/50369362>

Reviewed by Antti Koivisto.

Source/WebCore:

This patch tightens the remove-anonymous-wrappers logic by checking if the removal would
produce an inline-block sibling mix.
When a block level box is removed from the tree, we check if after the removal the anonymous sibling block
boxes are still needed or whether we can removed them as well (and have only inline level child boxes).
In addition to checking if the container is anonymous and is part of a continuation, we also need to check
if collapsing it (and by that moving its children one level up) would cause a inline-block box mix.

Test: fast/ruby/continuation-and-column-spanner-crash.html

rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded):

rendering/updating/RenderTreeBuilderContinuation.cpp:

(WebCore::RenderTreeBuilder::Continuation::cleanupOnDestroy):

LayoutTests:

fast/ruby/continuation-and-column-spanner-crash-expected.txt: Added.
fast/ruby/continuation-and-column-spanner-crash.html: Added.

8:22 PM Changeset in webkit [248222] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245071 - Invalid DFG JIT genereation in high CPU usage state
https://bugs.webkit.org/show_bug.cgi?id=197453

Reviewed by Saam Barati.

JSTests:

stress/string-ident-use-clears-abstract-value-if-rope-string-constant-is-held.js: Added.

(trigger):
(main):

Source/JavaScriptCore:

We have a DFG graph like this.

a: JSConstant(rope JSString)
b: CheckStringIdent(Check:StringUse:@a)
... AI think this is unreachable ...

When executing StringUse edge filter onto @a, AbstractValue::filterValueByType clears AbstractValue and makes it None.
This is because @a constant produces SpecString (SpecStringVar | SpecStringIdent) while StringUse edge filter requires
SpecStringIdent. AbstractValue::filterValueByType has an assumption that the JS constant always produces the same
SpeculatedType. So it clears AbstractValue completely.
But this assumption is wrong. JSString can produce SpecStringIdent later if the string is resolved to AtomicStringImpl.
AI think that we always fail. But once the string is resolved to AtomicStringImpl, we pass this check. So we execute
the breakpoint emitted by DFG since DFG think this is unreachable.

In this patch, we just clear the m_value if AbstractValue type filter fails with the held constant, since the constant
may produce a narrower type which can meet the type filter later.

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filterValueByType):

8:22 PM Changeset in webkit [248221] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecompiler

Merge r245403 from safari-607-branch

This fixes the build after the r245047 merge.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOpImpl):
(JSC::BytecodeGenerator::emitEqualityOp): Deleted.

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitEqualityOp):

8:22 PM Changeset in webkit [248220] by Michael Catanzaro

4 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245047 - JSC: A bug in BytecodeGenerator::emitEqualityOpImpl
https://bugs.webkit.org/show_bug.cgi?id=197479

Patch by Yusuke Suzuki <ysuzuki@apple.com> on 2019-05-07
Reviewed by Saam Barati.

JSTests:

stress/do-not-perform-bytecode-peephole-optimization-in-jump-target.js: Added.

(shouldBe):

Source/JavaScriptCore:

Our peephole optimization in BytecodeGenerator is (1) rewinding the previous instruction and (2) emit optimized instruction instead.
If we have jump target between the previous instruction and the subsequent instruction, this peephole optimization breaks the jump target.
To prevent it, we had a mechanism disabling peephole optimization, setting m_lastOpcodeID = op_end and checking m_lastOpcodeID when performing
peephole optimization. However, BytecodeGenerator::emitEqualityOpImpl checks m_lastInstruction->is<OpTypeof> instead of m_lastOpcodeID == op_typeof,
and miss op_end case.

This patch makes the following changes.

Add canDoPeepholeOptimization method to clarify the intent of m_lastInstruction = op_end.
Check canDoPeepholeOptimization status before performing peephole optimization in emitJumpIfTrue, emitJumpIfFalse, and emitEqualityOpImpl.
Add ASSERT(canDoPeepholeOptimization()) in fuseCompareAndJump and fuseTestAndJmp to ensure that peephole optimization is allowed.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::fuseCompareAndJump):
(JSC::BytecodeGenerator::fuseTestAndJmp):
(JSC::BytecodeGenerator::emitJumpIfTrue):
(JSC::BytecodeGenerator::emitJumpIfFalse):
(JSC::BytecodeGenerator::emitEqualityOpImpl):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::canDoPeepholeOptimization const):

8:22 PM Changeset in webkit [248219] by Michael Catanzaro

3 edits
6 adds in releases/WebKitGTK/webkit-2.24

Merge r245018 - tryCachePutByID should not crash if target offset changes
https://bugs.webkit.org/show_bug.cgi?id=197311
<rdar://problem/48033612>

Reviewed by Filip Pizlo.

JSTests:

Add a series of tests related tryCachePutByID. Two of these tests used to crash and were fixed
by this patch: cache-put-by-id-different-attributes.js and cache-put-by-id-different-offset.js

stress/cache-put-by-id-delete-prototype.js: Added.

(A.prototype.set y):
(A):
(B.prototype.set y):
(B):
(C):

stress/cache-put-by-id-different-proto.js: Added.

(A.prototype.set y):
(A):
(B1):
(B2.prototype.set y):
(B2):
(C):
(D):

stress/cache-put-by-id-different-attributes.js: Added.

(Foo):
(set x):

stress/cache-put-by-id-different-offset.js: Added.

(Foo):
(set x):

stress/cache-put-by-id-insert-prototype.js: Added.

(A.prototype.set y):
(A):
(C):

stress/cache-put-by-id-poly-proto.js: Added.

(Foo):
(set _):
(createBar.Bar):
(createBar):

Source/JavaScriptCore:

When tryCachePutID is called with a cacheable setter, if the target object where the setter was
found is still in the prototype chain and there's no poly protos in the chain, we use
generateConditionsForPrototypePropertyHit to validate that the target object remains the same.
It checks for the absence of the property in every object in the prototype chain from the base
down to the target object and checks that the property is still present in the target object. It
also bails if there are any uncacheable objects, proxies or dictionary objects in the prototype
chain. However, it does not consider two edge cases:

It asserts that the property should still be at the same offset in the target object, but this

assertion does not hold if the setter deletes properties of the object and causes the structure
to be flattened after the deletion. Instead of asserting, we just use the updated offset.

It does not check whether the new slot is also a setter, which leads to a crash in case it's not.

jit/Repatch.cpp:

(JSC::tryCachePutByID):

8:22 PM Changeset in webkit [248218] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r244996 - [JSC] We should check OOM for description string of Symbol
https://bugs.webkit.org/show_bug.cgi?id=197634

Reviewed by Keith Miller.

JSTests:

stress/check-symbol-description-oom.js: Added.

(shouldThrow):

Source/JavaScriptCore:

When resoling JSString for description of Symbol, we should check OOM error.
We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
without description, (1) to simplify the code and (2) give a way for JSC API
to create a symbol value without description.

API/JSValueRef.cpp:

(JSValueMakeSymbol):

API/tests/testapi.cpp:

(TestAPI::symbolsTypeof):
(TestAPI::symbolsDescription):
(testCAPIViaCpp):

dfg/DFGOperations.cpp:
runtime/Symbol.cpp:

(JSC::Symbol::createWithDescription):

runtime/Symbol.h:
runtime/SymbolConstructor.cpp:

(JSC::callSymbol):

8:22 PM Changeset in webkit [248217] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24

Merge r244950 - TypedArrays should not store properties that are canonical numeric indices
https://bugs.webkit.org/show_bug.cgi?id=197228
<rdar://problem/49557381>

Patch by Tadeu Zagallo <Tadeu Zagallo> on 2019-05-04
Reviewed by Saam Barati.

JSTests:

stress/array-species-config-array-constructor.js:

(test):

stress/put-direct-index-broken-2.js:
stress/typed-array-canonical-numeric-index-string.js: Added.

(makeTest.assert):
(makeTest):
(const.testInvalidIndices.makeTest.set assert):
(const.testInvalidIndices.makeTest):
(const.makeTestValidIndex.configurable.set assert):
(const.makeTestValidIndex.configurable):

stress/typedarray-access-monomorphic-neutered.js:

(checkNoException):
(testNoException):
(testFTLNoException):

stress/typedarray-access-neutered.js:

(testNoException):

stress/typedarray-getownproperty-not-configurable.js:

(foo):

test262/expectations.yaml:

Source/JavaScriptCore:

According to the spec[1]:

TypedArrays should not perform an ordinary GetOwnProperty/SetOwnProperty if the index is a

CanonicalNumericIndexString, but invalid according to IntegerIndexedElementGet and similar
functions. I.e., there are a few properties that should not be set in a TypedArray, like NaN,
Infinity and -0.

On DefineOwnProperty, the out-of-bounds check should be performed before validating the property

descriptor.

On GetOwnProperty, the returned descriptor for numeric properties should have writable set to true.

[1]: https://www.ecma-international.org/ecma-262/9.0/index.html#sec-integer-indexed-exotic-objects-defineownproperty-p-desc

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):

runtime/PropertyName.h:

(JSC::isCanonicalNumericIndexString):

LayoutTests:

fast/canvas/canvas-ImageData-behaviour-expected.txt:
fast/canvas/canvas-ImageData-behaviour.js:

8:22 PM Changeset in webkit [248216] by Michael Catanzaro

4 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r243966 - [JSC] CallLinkInfo should clear Callee or CodeBlock even if it is unlinked by jettison
https://bugs.webkit.org/show_bug.cgi?id=196683

Reviewed by Saam Barati.

JSTests:

stress/clear-callee-or-codeblock-in-calllinkinfo-even-cleared-by-jettison.js: Added.

(foo):

Source/JavaScriptCore:

In r243626, we stop repatching CallLinkInfo when the CallLinkInfo is held by jettisoned CodeBlock.
But we still need to clear the Callee or CodeBlock since they are now dead. Otherwise, CodeBlock's
visitWeak eventually accesses this dead cells and crashes because the owner CodeBlock of CallLinkInfo
can be still live.

We also move all repatching operations from CallLinkInfo.cpp to Repatch.cpp for consistency because the
other repatching operations in CallLinkInfo are implemented in Repatch.cpp side.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):

jit/Repatch.cpp:

(JSC::linkFor):
(JSC::revertCall):

8:22 PM Changeset in webkit [248215] by Michael Catanzaro

6 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r243626 - CodeBlock::jettison() should disallow repatching its own calls
https://bugs.webkit.org/show_bug.cgi?id=196359
<rdar://problem/48973663>

Reviewed by Saam Barati.

JSTests:

stress/call-link-info-osrexit-repatch.js: Added.

(foo):

Source/JavaScriptCore:

CodeBlock::jettison() calls CommonData::invalidate, which replaces the hlt
instruction with the jump to OSR exit. However, if the hlt was immediately
followed by a call to the CodeBlock being jettisoned, we would write over the
OSR exit address while unlinking all the incoming CallLinkInfos later in
CodeBlock::jettison().

Change it so that we set a flag, clearedByJettison, in all the CallLinkInfos
owned by the CodeBlock being jettisoned. If the flag is set, we will avoid
repatching the call during unlinking. This is safe because this call will never
be reachable again after the CodeBlock is jettisoned.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):
(JSC::CallLinkInfo::setCodeBlock):
(JSC::CallLinkInfo::clearCodeBlock):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::clearedByJettison):
(JSC::CallLinkInfo::setClearedByJettison):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

jit/Repatch.cpp:

(JSC::revertCall):

8:22 PM Changeset in webkit [248214] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r243237 - JSC test crash: stress/dont-strength-reduce-regexp-with-compile-error.js.default
https://bugs.webkit.org/show_bug.cgi?id=195906

Reviewed by Mark Lam.

The problem here as that we may successfully parsed a RegExp without running out of stack,
but later run out of stack when trying to JIT compile the same expression.

Added a check for available stack space when we call into one of the parenthesis compilation
functions that recurse. When we don't have enough stack space to recurse, we fail the JIT
compilation and let the interpreter handle the expression.

From code inspection of the YARR interpreter it has the same issue, but I couldn't cause a failure.
Filed a new bug and added a FIXME comment for the Interpreter to have similar checks.
Given that we can reproduce a failure, this is sufficient for now.

This change is covered by the previously added failing test,
JSTests/stress/dont-strength-reduce-regexp-with-compile-error.js.

yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::interpret):

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
(JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
(JSC::Yarr::YarrGenerator::opCompileBody):
(JSC::Yarr::dumpCompileFailure):

yarr/YarrJIT.h:

8:22 PM Changeset in webkit [248213] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r242215 - cloop.rb shift mask should depend on the word size being shifted.
https://bugs.webkit.org/show_bug.cgi?id=195181
<rdar://problem/48484164>

Reviewed by Yusuke Suzuki.

Previously, we're always masking the shift amount with 0x1f. This is only correct
for 32-bit words. For 64-bit words, the mask should be 0x3f. For pointer sized
shifts, the mask depends on sizeof(uintptr_t).

offlineasm/cloop.rb:

8:22 PM Changeset in webkit [248212] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebKit/Shared/WebCoreArgumentCoders.cpp

Unreviewed, fix build warning in WebCoreArgumentCoders

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<Region::Span>::decode):

8:22 PM Changeset in webkit [248211] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/inspector/InspectorOverlay.cpp

Unreviewed, fix build warnings in InspectorOverlay.cpp

inspector/InspectorOverlay.cpp:

(WebCore::buildArrayForRendererFragments):
(WebCore::buildObjectForShapeOutside):
(WebCore::buildObjectForElementData):
(WebCore::InspectorOverlay::buildHighlightObjectForNode const):

8:22 PM Changeset in webkit [248210] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r241995 - Unreviewed, fix -Wunused-param warning

jsc.cpp:

8:22 PM Changeset in webkit [248209] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r245234 - Unreviewed, fix unused variable warnings in release builds

Source/WebKit:

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearWebProcessHasUploads):

Source/WTF:

wtf/URLHelpers.cpp:

(WTF::URLHelpers::escapeUnsafeCharacters):

8:22 PM Changeset in webkit [248208] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r243115 - [WTF] Remove redundant std::move in StringConcatenate
https://bugs.webkit.org/show_bug.cgi?id=195798

Patch by Xan Lopez <Xan Lopez> on 2019-03-18
Reviewed by Darin Adler.

Remove redundant calls to WTFMove in return values for this
method. C++ will already do an implicit move here since we are
returning a local value where copy/move elision is not applicable.

wtf/text/StringConcatenate.h:

(WTF::tryMakeStringFromAdapters):

8:22 PM Changeset in webkit [248207] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243204 - Remove copyRef() calls added in r243163
https://bugs.webkit.org/show_bug.cgi?id=195962

Patch by Michael Catanzaro <Michael Catanzaro> on 2019-03-20
Reviewed by Chris Dumez.

Source/JavaScriptCore:

As best I can tell, may be a GCC 9 bug. It shouldn't warn about this case because the return
value is noncopyable and the WTFMove() is absolutely required. We can avoid the warning
without refcount churn by introducing an intermediate variable.

inspector/scripts/codegen/cpp_generator_templates.py:

Source/WebCore:

The first two cases here can just directly return the RefPtr.

In the third case, we have to work around a GCC 6 bug because GCC 6 is unable to pick the
right constructor to use, unlike modern compilers.

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

8:22 PM Changeset in webkit [248206] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r243203 - Unreviewed, drop invalid assertions landed in r243163.

Those assertions were causing some API tests to crash.
Also include some post-review suggestions from Darin.

Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

8:22 PM Changeset in webkit [248205] by Michael Catanzaro

203 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243163 - Build cleanly with GCC 9
https://bugs.webkit.org/show_bug.cgi?id=195920

Reviewed by Chris Dumez.

WebKit triggers three new GCC 9 warnings:

"""
-Wdeprecated-copy, implied by -Wextra, warns about the C++11 deprecation of implicitly
declared copy constructor and assignment operator if one of them is user-provided.
"""

Solution is to either add a copy constructor or copy assignment operator, if required, or
else remove one if it is redundant.

"""
-Wredundant-move, implied by -Wextra, warns about redundant calls to std::move.
-Wpessimizing-move, implied by -Wall, warns when a call to std::move prevents copy elision.
"""

These account for most of this patch. Solution is to just remove the bad WTFMove().

Additionally, -Wclass-memaccess has been enhanced to catch a few cases that GCC 8 didn't.
These are solved by casting nontrivial types to void* before using memcpy. (Of course, it
would be safer to not use memcpy on nontrivial types, but that's too complex for this
patch. Searching for memcpy used with static_cast<void*> will reveal other cases to fix.)

Source/JavaScriptCore:

b3/B3ValueRep.h:
bindings/ScriptValue.cpp:

(Inspector::jsToInspectorValue):

bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::create):
(JSC::GetterSetterAccessCase::clone const):

bytecode/InstanceOfAccessCase.cpp:

(JSC::InstanceOfAccessCase::clone const):

bytecode/IntrinsicGetterAccessCase.cpp:

(JSC::IntrinsicGetterAccessCase::clone const):

bytecode/ModuleNamespaceAccessCase.cpp:

(JSC::ModuleNamespaceAccessCase::clone const):

bytecode/ProxyableAccessCase.cpp:

(JSC::ProxyableAccessCase::clone const):

bytecode/StructureSet.h:
debugger/Breakpoint.h:
dfg/DFGRegisteredStructureSet.h:
inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::buildDebuggerLocation):

inspector/scripts/codegen/cpp_generator_templates.py:
parser/UnlinkedSourceCode.h:
wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::parseAndCompileAir):

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

wasm/WasmNameSectionParser.cpp:

(JSC::Wasm::NameSectionParser::parse):

wasm/WasmStreamingParser.cpp:

(JSC::Wasm::StreamingParser::consume):

Source/WebCore:

Modules/encryptedmedia/CDM.cpp:

(WebCore::CDM::getSupportedConfiguration):

Modules/encryptedmedia/MediaKeys.cpp:

(WebCore::MediaKeys::createSession):

Modules/entriesapi/DOMFileSystem.cpp:

(WebCore::listDirectoryWithMetadata):
(WebCore::toFileSystemEntries):

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::fromFormData):
(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):

Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::create):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::clone):

Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::update):
(WebCore::IDBCursor::deleteFunction):

Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::transaction):

Modules/indexeddb/IDBDatabaseIdentifier.h:

(WebCore::IDBDatabaseIdentifier::decode):

Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::decode):

Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::createIndex):
(WebCore::IDBObjectStore::index):

Modules/indexeddb/IDBValue.h:

(WebCore::IDBValue::decode):

Modules/indexeddb/shared/IDBError.cpp:

(WebCore::IDBError::operator=): Deleted.

Modules/indexeddb/shared/IDBError.h:
Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::decode):

Modules/mediarecorder/MediaRecorder.cpp:

(WebCore::MediaRecorder::create):

Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::addSourceBuffer):

Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::iceServersFromConfiguration):
(WebCore::RTCPeerConnection::certificatesFromConfiguration):
(WebCore::certificateTypeFromAlgorithmIdentifier):

Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::LibWebRTCMediaEndpoint::getStats):

Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:

(WebCore::LibWebRTCPeerConnectionBackend::addTrack):
(WebCore::LibWebRTCPeerConnectionBackend::addUnifiedPlanTransceiver):

Modules/webaudio/AudioBuffer.cpp:

(WebCore::AudioBuffer::create):

Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::createMediaElementSource):
(WebCore::AudioContext::createMediaStreamSource):
(WebCore::AudioContext::createScriptProcessor):

Modules/webaudio/OfflineAudioContext.cpp:

(WebCore::OfflineAudioContext::create):

Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::tryToOpenDatabaseBackend):

Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::canEstablishDatabase):
(WebCore::DatabaseTracker::retryCanEstablishDatabase):

Modules/webdatabase/SQLResultSetRowList.cpp:

(WebCore::SQLResultSetRowList::item const):

Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::create):

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::create):
(WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const):

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElementWithFallback):

bindings/js/JSDOMConvertVariadic.h:

(WebCore::VariadicConverter::convert):
(WebCore::convertVariadicArguments):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::readDOMPointInit):
(WebCore::transferArrayBuffers):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackImplementationContent):

bindings/scripts/test/JS/JSTestCallbackFunction.cpp:

(WebCore::JSTestCallbackFunction::handleEvent):

bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:

(WebCore::JSTestCallbackFunctionRethrow::handleEvent):

bindings/scripts/test/JS/JSTestCallbackInterface.cpp:

(WebCore::JSTestCallbackInterface::callbackWithAReturnValue):
(WebCore::JSTestCallbackInterface::callbackThatRethrowsExceptions):
(WebCore::JSTestCallbackInterface::callbackThatSkipsInvokeCheck):
(WebCore::JSTestCallbackInterface::callbackWithThisObject):

contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getStringList):
(WebCore::ContentExtensions::loadTrigger):
(WebCore::ContentExtensions::loadEncodedRules):
(WebCore::ContentExtensions::parseRuleList):

crypto/SubtleCrypto.cpp:

(WebCore::normalizeCryptoAlgorithmParameters):

crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:

(WebCore::calculateSignature):

crypto/keys/CryptoKeyEC.cpp:

(WebCore::CryptoKeyEC::exportJwk const):

css/CSSComputedStyleDeclaration.cpp:

(WebCore::computedTransform):
(WebCore::ComputedStyleExtractor::valueForShadow):
(WebCore::ComputedStyleExtractor::valueForFilter):
(WebCore::specifiedValueForGridTrackSize):
(WebCore::valueForGridTrackList):
(WebCore::valueForGridPosition):
(WebCore::willChangePropertyValue):
(WebCore::fontVariantLigaturesPropertyValue):
(WebCore::fontVariantNumericPropertyValue):
(WebCore::fontVariantEastAsianPropertyValue):
(WebCore::touchActionFlagsToCSSValue):
(WebCore::renderTextDecorationFlagsToCSSValue):
(WebCore::renderEmphasisPositionFlagsToCSSValue):
(WebCore::speakAsToCSSValue):
(WebCore::hangingPunctuationToCSSValue):
(WebCore::fillRepeatToCSSValue):
(WebCore::fillSizeToCSSValue):
(WebCore::counterToCSSValue):
(WebCore::fontVariantFromStyle):
(WebCore::fontSynthesisFromStyle):
(WebCore::shapePropertyValue):
(WebCore::paintOrder):
(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor2SidesShorthand):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor4SidesShorthand):

css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::matchingFacesExcludingPreinstalledFonts):

css/CSSGradientValue.cpp:

(WebCore::CSSGradientValue::image):

css/CSSStyleSheet.cpp:

(WebCore::CSSStyleSheet::rules):

css/DOMMatrixReadOnly.cpp:

(WebCore::DOMMatrixReadOnly::parseStringIntoAbstractMatrix):

css/FontFace.cpp:

(WebCore::FontFace::create):

css/FontVariantBuilder.cpp:

(WebCore::computeFontVariant):

css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::removeProperty):

css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::strokeDashArrayToCSSValueList):
(WebCore::ComputedStyleExtractor::adjustSVGPaintForCurrentColor const):

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertReflection):

css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::create):
(WebCore::WebKitCSSMatrix::multiply const):

css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontVariationSettings):
(WebCore::consumeBasicShapePath):
(WebCore::consumeImplicitGridAutoFlow):

cssjit/StackAllocator.h:
dom/DOMImplementation.cpp:

(WebCore::DOMImplementation::createDocument):

dom/Document.cpp:

(WebCore::Document::cloneNodeInternal):

dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::cloneNodeInternal):

dom/Element.cpp:

(WebCore::Element::setAttributeNode):
(WebCore::Element::setAttributeNodeNS):
(WebCore::Element::removeAttributeNode):
(WebCore::Element::parseAttributeName):
(WebCore::Element::animate):

dom/MessagePort.cpp:

(WebCore::MessagePort::disentanglePorts):

dom/NodeIterator.cpp:

(WebCore::NodeIterator::nextNode):
(WebCore::NodeIterator::previousNode):

dom/Range.cpp:

(WebCore::Range::processContents):
(WebCore::processContentsBetweenOffsets):
(WebCore::processAncestorsAndTheirSiblings):

dom/RangeBoundaryPoint.h:
dom/ScriptDisallowedScope.h:

(WebCore::ScriptDisallowedScope::operator=):

dom/Text.cpp:

(WebCore::Text::splitText):

dom/TextDecoder.cpp:

(WebCore::TextDecoder::create):
(WebCore::TextDecoder::decode):

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::insertBlockPlaceholder):
(WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary):

editing/Editing.cpp:

(WebCore::createTabSpanElement):

editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleAtSelectionStart):

editing/TextIterator.cpp:

(WebCore::TextIterator::rangeFromLocationAndLength):

editing/VisibleSelection.cpp:

(WebCore::makeSearchRange):

editing/markup.cpp:

(WebCore::styleFromMatchedRulesAndInlineDecl):
(WebCore::createFragmentForInnerOuterHTML):
(WebCore::createContextualFragment):

html/FormController.cpp:

(WebCore::deserializeFormControlState):

html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::captureStream):

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader):

html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::createForJSConstructor):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::createElementRenderer):

html/HTMLTableElement.cpp:

(WebCore::HTMLTableElement::createSharedCellStyle):

html/HTMLTableRowElement.cpp:

(WebCore::HTMLTableRowElement::insertCell):

html/ImageData.cpp:

(WebCore::ImageData::create):

html/OffscreenCanvas.cpp:

(WebCore::OffscreenCanvas::transferToImageBitmap):

html/canvas/CanvasRenderingContext2DBase.cpp:

(WebCore::CanvasRenderingContext2DBase::createLinearGradient):
(WebCore::CanvasRenderingContext2DBase::createRadialGradient):

html/canvas/OESVertexArrayObject.cpp:

(WebCore::OESVertexArrayObject::createVertexArrayOES):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::createBuffer):
(WebCore::WebGLRenderingContextBase::createFramebuffer):
(WebCore::WebGLRenderingContextBase::createTexture):
(WebCore::WebGLRenderingContextBase::createProgram):
(WebCore::WebGLRenderingContextBase::createRenderbuffer):
(WebCore::WebGLRenderingContextBase::createShader):
(WebCore::WebGLRenderingContextBase::getContextAttributes):
(WebCore::WebGLRenderingContextBase::getUniform):

html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerContainer::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):

html/track/BufferedLineReader.cpp:

(WebCore::BufferedLineReader::nextLine):

html/track/VTTCue.cpp:

(WebCore::VTTCue::getCueAsHTML):
(WebCore::VTTCue::createCueRenderingTree):

html/track/WebVTTElement.cpp:

(WebCore::WebVTTElement::cloneElementWithoutAttributesAndChildren):

inspector/InspectorStyleSheet.cpp:

(WebCore::asCSSRuleList):
(WebCore::InspectorStyle::buildObjectForStyle const):
(WebCore::InspectorStyleSheet::buildObjectForStyleSheet):
(WebCore::InspectorStyleSheet::buildObjectForRule):

inspector/agents/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):

inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildArrayForPseudoElements):
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::buildObjectForResourceResponse):

loader/FetchOptions.h:

(WebCore::FetchOptions::decode):

loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::requestResource):

loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::loadCache):
(WebCore::ApplicationCacheStorage::manifestURLs):

loader/archive/mhtml/MHTMLParser.cpp:

(WebCore::MHTMLParser::parseArchiveWithHeader):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

page/DOMWindow.cpp:

(WebCore::DOMWindow::getMatchedCSSRules const):

page/DragController.cpp:

(WebCore::documentFragmentFromDragData):

page/EventSource.cpp:

(WebCore::EventSource::create):

page/PerformanceUserTiming.cpp:

(WebCore::UserTiming::mark):
(WebCore::UserTiming::measure):

page/SecurityOrigin.h:

(WebCore::SecurityOrigin::decode):

page/scrolling/ScrollingConstraints.h:

(WebCore::FixedPositionViewportConstraints::FixedPositionViewportConstraints):
(WebCore::LayoutConstraints::LayoutConstraints): Deleted.

platform/Length.h:

(WebCore::Length::Length):

platform/animation/TimingFunction.cpp:

(WebCore::TimingFunction::createFromCSSText):

platform/encryptedmedia/clearkey/CDMClearKey.cpp:

(WebCore::parseLicenseFormat):

platform/graphics/FloatPoint3D.h:
platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

platform/graphics/GLContext.cpp:

(WebCore::GLContext::createContextForWindow):
(WebCore::GLContext::createSharingContext):

platform/graphics/GraphicsContext.cpp:
platform/graphics/HEVCUtilities.cpp:

(WebCore::parseHEVCCodecParameters):

platform/graphics/gtk/ImageGtk.cpp:

(WebCore::loadImageFromGResource):
(WebCore::loadMissingImageIconFromTheme):

platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):

platform/mediastream/MediaConstraints.h:

(WebCore::MediaTrackConstraintSetMap::decode):

platform/mediastream/MediaStreamRequest.h:

(WebCore::MediaStreamRequest::decode):

platform/mediastream/gstreamer/GStreamerVideoFrameLibWebRTC.cpp:

(WebCore::GStreamerSampleFromLibWebRTCVideoFrame):

platform/mediastream/gstreamer/RealtimeIncomingAudioSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingAudioSource::create):

platform/mediastream/gstreamer/RealtimeIncomingVideoSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingVideoSource::create):

platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::captureDeviceWithPersistentID):

platform/mock/mediasource/MockSourceBufferPrivate.cpp:

(WebCore::MockMediaSample::createNonDisplayingCopy const):

platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::createResourceHandle):

platform/network/CookieRequestHeaderFieldProxy.h:

(WebCore::CookieRequestHeaderFieldProxy::decode):

platform/network/FormData.h:

(WebCore::FormData::decode):

platform/network/MIMEHeader.cpp:

(WebCore::MIMEHeader::parseHeader):

platform/network/ResourceHandle.cpp:

(WebCore::ResourceHandle::create):

platform/network/soup/DNSResolveQueueSoup.cpp:

(WebCore::DNSResolveQueueSoup::takeCompletionAndCancelHandlers):

rendering/RenderElement.cpp:

(WebCore::RenderElement::createFor):

rendering/shapes/Shape.cpp:

(WebCore::Shape::createRasterShape):
(WebCore::Shape::createBoxShape):

rendering/style/BasicShapes.cpp:

(WebCore::BasicShapeCircle::blend const):
(WebCore::BasicShapeEllipse::blend const):
(WebCore::BasicShapePolygon::blend const):
(WebCore::BasicShapePath::blend const):
(WebCore::BasicShapeInset::blend const):

rendering/style/BasicShapes.h:

(WebCore::BasicShapeRadius::BasicShapeRadius):

rendering/style/ContentData.cpp:

(WebCore::ImageContentData::createContentRenderer const):
(WebCore::TextContentData::createContentRenderer const):
(WebCore::QuoteContentData::createContentRenderer const):

rendering/style/ContentData.h:
rendering/svg/RenderSVGInline.cpp:

(WebCore::RenderSVGInline::createInlineFlowBox):

rendering/svg/RenderSVGInlineText.cpp:

(WebCore::RenderSVGInlineText::createTextBox):

rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::createRootInlineBox):

svg/SVGFEBlendElement.cpp:

(WebCore::SVGFEBlendElement::build):

svg/SVGFEColorMatrixElement.cpp:

(WebCore::SVGFEColorMatrixElement::build):

svg/SVGFEComponentTransferElement.cpp:

(WebCore::SVGFEComponentTransferElement::build):

svg/SVGFECompositeElement.cpp:

(WebCore::SVGFECompositeElement::build):

svg/SVGFEConvolveMatrixElement.cpp:

(WebCore::SVGFEConvolveMatrixElement::build):

svg/SVGFEDiffuseLightingElement.cpp:

(WebCore::SVGFEDiffuseLightingElement::build):

svg/SVGFEDisplacementMapElement.cpp:

(WebCore::SVGFEDisplacementMapElement::build):

svg/SVGFEDropShadowElement.cpp:

(WebCore::SVGFEDropShadowElement::build):

svg/SVGFEGaussianBlurElement.cpp:

(WebCore::SVGFEGaussianBlurElement::build):

svg/SVGFEMergeElement.cpp:

(WebCore::SVGFEMergeElement::build):

svg/SVGFEMorphologyElement.cpp:

(WebCore::SVGFEMorphologyElement::build):

svg/SVGFEOffsetElement.cpp:

(WebCore::SVGFEOffsetElement::build):

svg/SVGFESpecularLightingElement.cpp:

(WebCore::SVGFESpecularLightingElement::build):

svg/SVGFETileElement.cpp:

(WebCore::SVGFETileElement::build):

svg/SVGTransformList.h:
svg/properties/SVGList.h:

(WebCore::SVGList::initialize):
(WebCore::SVGList::insertItemBefore):
(WebCore::SVGList::replaceItem):
(WebCore::SVGList::removeItem):
(WebCore::SVGList::appendItem):

svg/properties/SVGListProperty.h:

(WebCore::SVGListProperty::initializeValuesAndWrappers):
(WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
(WebCore::SVGListProperty::replaceItemValuesAndWrappers):
(WebCore::SVGListProperty::removeItemValues):
(WebCore::SVGListProperty::appendItemValuesAndWrappers):

svg/properties/SVGPrimitiveList.h:
testing/Internals.cpp:

(WebCore::Internals::elementRenderTreeAsText):
(WebCore::parseFindOptions):

workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL):

workers/Worker.cpp:

(WebCore::Worker::create):

workers/service/ServiceWorkerJobData.h:

(WebCore::ServiceWorkerJobData::decode):

xml/DOMParser.cpp:

(WebCore::DOMParser::parseFromString):

xml/XPathExpression.cpp:

(WebCore::XPathExpression::evaluate):

Source/WebKit:

NetworkProcess/cache/CacheStorageEngineCache.cpp:

(WebKit::CacheStorage::Cache::decode):

Platform/IPC/ArgumentCoders.h:
Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

Shared/Plugins/NPIdentifierData.cpp:

(WebKit::NPIdentifierData::decode):

Shared/Plugins/NPVariantData.cpp:

(WebKit::NPVariantData::decode):

Shared/Plugins/Netscape/NetscapePluginModule.cpp:

(WebKit::NetscapePluginModule::getOrCreate):

Shared/RTCNetwork.cpp:

(WebKit::RTCNetwork::IPAddress::decode):

Shared/SessionState.cpp:

(WebKit::HTTPBody::Element::decode):
(WebKit::FrameState::decode):
(WebKit::BackForwardListItemState::decode):

Shared/WebCompiledContentRuleListData.cpp:

(WebKit::WebCompiledContentRuleListData::decode):

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<FloatPoint>::decode):
(IPC::ArgumentCoder<FloatRect>::decode):
(IPC::ArgumentCoder<FloatQuad>::decode):
(IPC::ArgumentCoder<ViewportArguments>::decode):
(IPC::ArgumentCoder<IntPoint>::decode):
(IPC::ArgumentCoder<IntRect>::decode):
(IPC::ArgumentCoder<IntSize>::decode):
(IPC::ArgumentCoder<MimeClassInfo>::decode):
(IPC::ArgumentCoder<PluginInfo>::decode):
(IPC::ArgumentCoder<SelectionRect>::decode):
(IPC::ArgumentCoder<CompositionUnderline>::decode):
(IPC::ArgumentCoder<BlobPart>::decode):
(IPC::ArgumentCoder<TextIndicatorData>::decode):
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode):
(IPC::ArgumentCoder<ScrollOffsetRange<float>>::decode):

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::decode):

Shared/WebPlatformTouchPoint.cpp:

(WebKit::WebPlatformTouchPoint::decode):

Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::Entry::decode):

Shared/WebsiteDataStoreParameters.cpp:

(WebKit::WebsiteDataStoreParameters::decode):

UIProcess/API/APIContentRuleListStore.cpp:

(API::decodeContentRuleListMetaData):

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::launchProcessForReload):
(WebKit::WebPageProxy::launchProcessWithItem):
(WebKit::WebPageProxy::loadRequest):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadData):
(WebKit::WebPageProxy::reload):

UIProcess/WebProcessCache.cpp:

(WebKit::WebProcessCache::takeProcess):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::findReusableSuspendedPageProcess):

WebProcess/InjectedBundle/DOM/InjectedBundleCSSStyleDeclarationHandle.cpp:

(WebKit::InjectedBundleCSSStyleDeclarationHandle::getOrCreate):

WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:

(WebKit::InjectedBundleRangeHandle::getOrCreate):

WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::create):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::tryLoadingSynchronouslyUsingURLSchemeHandler):

WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:

(WebKit::CompositingCoordinator::createGraphicsLayer):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::pdfSnapshotAtSize):
(WebKit::WebPage::createDocumentLoader):

WebProcess/WebStorage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::copy):

Source/WTF:

wtf/CheckedArithmetic.h:

(WTF::Checked::Checked):

wtf/MetaAllocator.cpp:

(WTF::MetaAllocator::allocate):

wtf/URLParser.cpp:

(WTF::CodePointIterator::operator!= const):
(WTF::CodePointIterator::operator=): Deleted.

wtf/text/StringView.h:

(WTF::StringView::CodePoints::Iterator::operator=): Deleted.

7:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

(diff)

4:14 PM Changeset in webkit [248204] by Devin Rousso

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Elements: Styles: move psuedo-selector rules before inherited rules
https://bugs.webkit.org/show_bug.cgi?id=199950

Reviewed by Joseph Pecoraro.

Since pseudo-selector rules (usually) affect the selected element, or are related to its
content, it's more useful to have them near that element's rules instead of after all of
it's inherited rules.

UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):

1:32 PM Changeset in webkit [248203] by Konstantin Tokarev

2 edits in trunk/Source/WebKit

Fix compilation with disabled WebGL
https://bugs.webkit.org/show_bug.cgi?id=200421

Reviewed by Wenson Hsieh.

After r247452 webGLStateTracker is guarded with #if ENABLE(WEBGL)

WebProcess/WebPage/WebPage.cpp:

(WebKit::m_textAutoSizingAdjustmentTimer):

12:36 PM Changeset in webkit [248202] by Devin Rousso

14 edits
1 copy
5 adds in trunk

Web Inspector: Elements: Styles: add icons for various CSS rule types
https://bugs.webkit.org/show_bug.cgi?id=199946

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.displayNameForPseudoId):
Add hardcoded pseudo-selector identifiers for older backends.

UserInterface/Models/CSSSelector.js:

(WI.CSSSelector.prototype.isPseudoSelector): Added.
(WI.CSSSelector.prototype.isPseudoElementSelector): Deleted.
There are more types of pseudo-selectors than just :{before|after}.

UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.generateCSSRuleString): Added.

UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.spreadsheetCSSStyleDeclarationSectionAddNewRule): Added.
(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):
Provide a delegate method for adding a new rule, so the WI.SpreadsheetRulesStyleDetailsPanel
can know what selector to focus once the new rule gets added.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection.prototype.initialLayout):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._renderSelector):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._populateIconElementContextMenu): Added.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.css:

(.spreadsheet-css-declaration .header.editing-selector .selector): Added.
(.spreadsheet-css-declaration .selector > .icon): Added.
(.spreadsheet-css-declaration .selector > .icon + *): Added.
(.spreadsheet-css-declaration .selector.style-attribute > span): Added.
When "mousedown" (or "contextmenu") on the icon, show a context menu with helpful actions:

Copy Rule
{Disable|Enable} Rule
Duplicate Selector
Add :{active|focus|hover|visited} Rule
Create ::{before|after} Rule
Reveal in {Resources Tab|Sources Tab|Stylesheet}

Drive-by: add an extra 0.5px of initial margin before the Style Attribute selector (which is
sans-serif) so it properly aligns with the other selectors (which are monospaced).

UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.js:

(WI.SpreadsheetCSSStyleDeclarationEditor.prototype.layout):

UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.css:

(.spreadsheet-style-declaration-editor:empty): Added.
(.spreadsheet-style-declaration-editor.no-properties): Deleted.
Add some extra space when there's no inline style so it looks a bit less cramped.

UserInterface/Main.html:
UserInterface/Views/StyleRuleIcons.css: Added.

(.author-style-rule-icon .icon):
(.author-style-rule-icon.pseudo-selector .icon):
(.user-style-rule-icon .icon):
(.user-style-rule-icon.pseudo-selector .icon):
(.user-agent-style-rule-icon .icon):
(.user-agent-style-rule-icon.pseudo-selector .icon):
(.inspector-style-rule-icon .icon):
(.inspector-style-rule-icon.pseudo-selector .icon):
(.inherited-style-rule-icon .icon):
(.inherited-element-style-rule-icon .icon):

UserInterface/Images/StyleRule.svg: Added.
UserInterface/Images/StyleRuleInheritedElement.svg: Added.
UserInterface/Images/StyleRulePseudo.svg: Added.

Add generic icon classes for style rule icons.

UserInterface/Base/Setting.js:
UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createExperimentalSettingsView):
Add experimental setting.

Localizations/en.lproj/localizedStrings.js:

LayoutTests:

inspector/css/generateCSSRuleString.html: Added.
inspector/css/generateCSSRuleString-expected.txt: Added.

12:00 PM Changeset in webkit [248201] by Devin Rousso

28 edits
1 move
5 adds
2 deletes in trunk

Web Inspector: DOM: add a special breakpoint for "All Events"
https://bugs.webkit.org/show_bug.cgi?id=200285

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Similar to the existing "All Requests" breakpoint, there should be a way to set a breakpoint
that would pause for any DOM event, regardless of the event's name. This is useful for
situations where the event name isn't known, or where one simply wants to pause on the next
entry to the event loop.

Along these lines, make the "requestAnimationFrame", "setTimeout", and "setInterval"
event breakpoints into special breakpoints that can be added/removed via the create
breakpoint context menu. This simplifies the process for setting these breakpoints, and also
makes them more discoverable (most people wouldn't consider them to be "events").

inspector/protocol/Debugger.json:
- Rename the EventListener pause reason to Listener.
- Split the Timer pause reason into Interval and Timeout.

inspector/protocol/DOMDebugger.json:
- Split the timer type into interval and timeout.
- Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted, the corresponding breakpoint that is added/removed is treated as a global breakpoint that applies to all events of that type (e.g. a global listener breakpoint would pause for any event that is fired).

Source/WebCore:

Tests: inspector/dom/breakpoint-for-event-listener.html

inspector/dom-debugger/event-animation-frame-breakpoints.html
inspector/dom-debugger/event-breakpoint-with-navigation.html
inspector/dom-debugger/event-interval-breakpoints.html
inspector/dom-debugger/event-listener-breakpoints.html
inspector/dom-debugger/event-timeout-breakpoints.html

inspector/agents/InspectorDOMDebuggerAgent.h:
inspector/agents/InspectorDOMDebuggerAgent.cpp:

(WebCore::InspectorDOMDebuggerAgent::disable):
(WebCore::InspectorDOMDebuggerAgent::frameDocumentUpdated):
(WebCore::InspectorDOMDebuggerAgent::setEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::removeEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::willHandleEvent):
(WebCore::InspectorDOMDebuggerAgent::willFireTimer):
(WebCore::InspectorDOMDebuggerAgent::willFireAnimationFrame):
(WebCore::InspectorDOMDebuggerAgent::discardBindings): Deleted.
Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted,
the corresponding breakpoint that is added/removed is treated as a global breakpoint that
applies to all events of that type (e.g. a global listener breakpoint would pause for any
event that is fired).

Source/WebInspectorUI:

UserInterface/Models/EventBreakpoint.js:

(WI.EventBreakpoint):
(WI.EventBreakpoint.deserialize):
(WI.EventBreakpoint.prototype.saveIdentityToCookie):
(WI.EventBreakpoint.prototype.toJSON):

UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager.prototype._pauseReasonFromPayload):

UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):
(WI.DOMDebuggerManager.prototype.initializeTarget):
(WI.DOMDebuggerManager.supportsDOMBreakpoints): Added.
(WI.DOMDebuggerManager.supportsEventBreakpoints):
(WI.DOMDebuggerManager.supportsEventListenerBreakpoints): Added.
(WI.DOMDebuggerManager.supportsURLBreakpoints):
(WI.DOMDebuggerManager.supportsXHRBreakpoints): Added.
(WI.DOMDebuggerManager.supportsAllListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allAnimationFramesBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allIntervalsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allTimeoutsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get listenerBreakpoints): Added.
(WI.DOMDebuggerManager.prototype.isBreakpointSpecial):
(WI.DOMDebuggerManager.prototype.listenerBreakpointForEventName): Added.
(WI.DOMDebuggerManager.prototype.addEventBreakpoint):
(WI.DOMDebuggerManager.prototype.removeEventBreakpoint):
(WI.DOMDebuggerManager.prototype.addURLBreakpoint):
(WI.DOMDebuggerManager.prototype._resolveDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateEventBreakpoint):
(WI.DOMDebuggerManager.prototype._updateURLBreakpoint):
(WI.DOMDebuggerManager.prototype._handleDOMBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleEventBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleURLBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype.get eventBreakpoints): Deleted.
(WI.DOMDebuggerManager.prototype.eventBreakpointForTypeAndEventName): Deleted.
Add additional target compatibility checks.

UserInterface/Views/EventBreakpointPopover.js:

(WI.EventBreakpointPopover.prototype.show):
(WI.EventBreakpointPopover.prototype.dismiss):
(WI.EventBreakpointPopover.prototype._handleTypeSelectChange): Deleted.

UserInterface/Views/EventBreakpointPopover.css:

(.popover .event-breakpoint-content > input): Added.
(.popover .event-breakpoint-content > input::placeholder): Added.
(.popover .event-breakpoint-content > .event-type): Deleted.
(.popover .event-breakpoint-content > .event-type > input): Deleted.
(.popover .event-breakpoint-content > .event-type > input::placeholder): Deleted.

UserInterface/Views/EventBreakpointTreeElement.css:

(.breakpoint.event.breakpoint-for-interval:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timeout:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timer:not(.breakpoint-paused-icon) .icon): Deleted.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel):
(WI.DebuggerSidebarPanel.prototype.saveStateToCookie):
(WI.DebuggerSidebarPanel.prototype.restoreStateFromCookie):
(WI.DebuggerSidebarPanel.prototype._addBreakpoint):
(WI.DebuggerSidebarPanel.prototype._addTreeElement):
(WI.DebuggerSidebarPanel.prototype._updatePauseReasonSection):
(WI.DebuggerSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu):

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel):
(WI.SourcesNavigationSidebarPanel.prototype._insertDebuggerTreeElement):
(WI.SourcesNavigationSidebarPanel.prototype._addBreakpoint):
(WI.SourcesNavigationSidebarPanel.prototype._updatePauseReasonSection):
(WI.SourcesNavigationSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu):
Add create breakpoint context menu items (also sort the breakpoints in this order):

"All Animation Frames" => [A] All Animation Frames
"All Timeouts" => [T] All Timeouts
"All Intervals" => [I] All Intervals
"All Events" => [E] All Events

UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

UserInterface/Base/Setting.js:
UserInterface/Images/EventBreakpointInterval.svg: Added.
UserInterface/Images/EventBreakpointTimeout.svg: Renamed from Source/WebInspectorUI/UserInterface/Images/EventBreakpointTimer.svg.
Localizations/en.lproj/localizedStrings.js:

LayoutTests:

inspector/dom/breakpoint-for-event-listener.html:
inspector/dom/breakpoint-for-event-listener-expected.txt:

inspector/dom-debugger/event-animation-frame-breakpoints.html:
inspector/dom-debugger/event-animation-frame-breakpoints-expected.txt:
inspector/dom-debugger/event-breakpoint-with-navigation.html:
inspector/dom-debugger/event-breakpoint-with-navigation-expected.txt:
inspector/dom-debugger/event-interval-breakpoints.html: Added.
inspector/dom-debugger/event-interval-breakpoints-expected.txt: Added.
inspector/dom-debugger/event-listener-breakpoints.html:
inspector/dom-debugger/event-listener-breakpoints-expected.txt:
inspector/dom-debugger/event-timeout-breakpoints.html: Added.
inspector/dom-debugger/event-timeout-breakpoints-expected.txt: Added.

inspector/dom-debugger/resources/event-breakpoint-utilities.js:

(TestPage.registerInitializer.InspectorTest.EventBreakpoint.teardown):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.failOnPause):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.createBreakpoint): Added.
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.addBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.removeBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.disableBreakpoint):

inspector/dom-debugger/event-timer-breakpoints.html: Removed.
inspector/dom-debugger/event-timer-breakpoints-expected.txt: Removed.

9:09 AM Changeset in webkit [248200] by Alan Bujtas

19 edits
4 deletes in trunk

[LFC] Remove formatting context type leaf classes
https://bugs.webkit.org/show_bug.cgi?id=200224
<rdar://problem/53661907>

Reviewed by Antti Koivisto.

Let's keep the layout tree formatting context type independent.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const):
(WebCore::Layout::InlineFormattingContext::initializeMarginBorderAndPaddingForGenericInlineBox const):
(WebCore::Layout::InlineFormattingContext::collectInlineContent const):

layout/inlineformatting/InlineFormattingContext.h:
layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::inlineItemWidth):
(WebCore::Layout::LineLayout::placeInlineItem):

layout/inlineformatting/InlineItem.h:
layout/inlineformatting/InlineTextItem.cpp:

(WebCore::Layout::InlineTextItem::createAndAppendTextItems):
(WebCore::Layout::InlineTextItem::InlineTextItem):
(WebCore::Layout::InlineTextItem::split const):

layout/inlineformatting/InlineTextItem.h:

(WebCore::Layout::InlineTextItem::inlineBox const): Deleted.

layout/inlineformatting/text/TextUtil.cpp:

(WebCore::Layout::TextUtil::width):
(WebCore::Layout::TextUtil::split):

layout/inlineformatting/text/TextUtil.h:
layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::Box):
(WebCore::Layout::Box::~Box):
(WebCore::Layout::Box::formattingContextRoot const):
(WebCore::Layout::Box::setTextContent):
(WebCore::Layout::Box::hasTextContent const):
(WebCore::Layout::Box::textContent const):
(WebCore::Layout::Box::replaced const):
(WebCore::Layout::Box::replaced):
(WebCore::Layout::Box::rareDataMap):
(WebCore::Layout::Box::rareData const):
(WebCore::Layout::Box::ensureRareData):
(WebCore::Layout::Box::removeRareData):

layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isLineBreakBox const):
(WebCore::Layout::Box::hasRareData const):
(WebCore::Layout::Box::setHasRareData):
(WebCore::Layout::Box::isInlineBox const): Deleted.
(WebCore::Layout::Box::replaced const): Deleted.
(WebCore::Layout::Box::replaced): Deleted.

layout/layouttree/LayoutContainer.h:

(WebCore::Layout::Container::firstChild const): Deleted.
(WebCore::Layout::Container::lastChild const): Deleted.
(WebCore::Layout::Container::hasChild const): Deleted.
(WebCore::Layout::Container::hasInFlowChild const): Deleted.
(WebCore::Layout::Container::hasInFlowOrFloatingChild const): Deleted.
(WebCore::Layout::Container::outOfFlowDescendants const): Deleted.

layout/layouttree/LayoutInlineBox.cpp: Removed.
layout/layouttree/LayoutInlineBox.h: Removed.
layout/layouttree/LayoutLineBreakBox.cpp: Removed.
layout/layouttree/LayoutLineBreakBox.h: Removed.
layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::outputLayoutBox):

7:01 AM Changeset in webkit [248199] by Alan Bujtas

13 edits
4 deletes in trunk/Source/WebCore

[LFC] Remove formatting context type container classes.
https://bugs.webkit.org/show_bug.cgi?id=200202

Reviewed by Antti Koivisto.

These are formatting context specific classes. Let's try to have a layout tree without such types.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::computeIntrinsicWidthConstraints const):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeMarginBorderAndPaddingForInlineContainer const):

layout/inlineformatting/InlineFormattingContext.h:
layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::layout const):

layout/inlineformatting/InlineLine.cpp:

(WebCore::Layout::Line::appendTextContent):

layout/layouttree/LayoutBlockContainer.cpp: Removed.
layout/layouttree/LayoutBlockContainer.h: Removed.
layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::establishesInlineFormattingContext const):
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const):
(WebCore::Layout::Box::formattingContextRoot const):

layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isBlockContainer const):
(WebCore::Layout::Box::isInlineContainer const):
(WebCore::Layout::Box::isInlineBox const):
(WebCore::Layout::Box::establishesInlineFormattingContext const): Deleted.
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const): Deleted.

layout/layouttree/LayoutInlineContainer.cpp: Removed.
layout/layouttree/LayoutInlineContainer.h: Removed.
layout/layouttree/LayoutIterator.h:

(WebCore::Layout::LayoutBoxTraversal::firstChild):

layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutTree):
(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::TreeBuilder::createTableStructure):
(WebCore::Layout::outputLayoutBox):

layout/layouttree/LayoutTreeBuilder.h:
page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

1:56 AM Changeset in webkit [248198] by Devin Rousso

9 edits in trunk/Source/WebInspectorUI

Web Inspector: Heap Snapshot Views should be searchable
https://bugs.webkit.org/show_bug.cgi?id=157582
<rdar://problem/26228629>

Reviewed by Joseph Pecoraro.

Without the ability to filter/search, it's far more difficult to find objects of interest.
Rather than spending time scrolling through the entire heap snapshot or sorting by "Name",
a simple filter/search (which also uses the global search settings) is almost instant.

UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype.updateFilter): Addded.
(WI.HeapAllocationsTimelineView.prototype.get showsFilterBar): Deleted.

UserInterface/Views/HeapSnapshotClusterContentView.js:

(WI.HeapSnapshotClusterContentView.prototype.updateFilter): Added.

UserInterface/Views/HeapSnapshotContentView.js:

(WI.HeapSnapshotContentView):
(WI.HeapSnapshotContentView.prototype.updateFilter): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchNodeAgainstCustomFilters): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchShouldPopulateWhenFilteringNode): Added.

UserInterface/Views/DataGrid.js:

(WI.DataGrid.prototype._updateFilter.createIteratorForNodesToBeFiltered):
Don't attempt to populate each heap snapshot WI.DataGridNode when filtering, as that can
quickly exhaust memory due to the sheer size of a heap snapshot.

UserInterface/Base/Main.js:

(WI._find):

UserInterface/Views/TimelineTabContentView.js:

(WI.TimelineTabContentView.prototype.get canHandleFindEvent): Added.
(WI.TimelineTabContentView.prototype.handleFindEvent): Added.

UserInterface/Views/TimelineRecordingContentView.js:

(WI.TimelineRecordingContentView.prototype.get canFocusFilterBar): Added.
(WI.TimelineRecordingContentView.prototype.focusFilterBar): Added.

UserInterface/Views/FilterBar.js:

(WI.FilterBar.prototype.focus): Added.
Allow the current tab to intercept the find shortcut and do something custom. In the case
of a WI.TimelineTabContentView, declare that it can handle the find event if the displayed
content view (WI.TimelineRecordingContentView) can focus it's filter bar. If so, when the
find shortcut is triggered, focus the filter bar.

1:52 AM Changeset in webkit [248197] by Devin Rousso

6 edits
2 adds in trunk

Web Inspector: CSS Formatter: comments with an escape character aren't formatted
https://bugs.webkit.org/show_bug.cgi?id=200168

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Don't allow escaping of the "*" in CSS comments (e.g. \*/).

Add additional pretty printing rules for comments so that there's always some space between
them and the surrounding text. This ensures that they don't interfere with readability.

UserInterface/Workers/Formatter/CSSFormatter.js:

(CSSFormatter.prototype._format):

UserInterface/Workers/Formatter/FormatterContentBuilder.js:

(FormatterContentBuilder.prototype.get indented): Added.

LayoutTests:

inspector/formatting/formatting-css.html:
inspector/formatting/formatting-css-expected.txt:
inspector/formatting/resources/css-tests/comment.css: Added.
inspector/formatting/resources/css-tests/comment-expected.css: Added.

12:37 AM Changeset in webkit [248196] by Devin Rousso

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: execution context picker doesn't update when switching to the inferred context from auto
https://bugs.webkit.org/show_bug.cgi?id=200279

Reviewed by Joseph Pecoraro.

The representedObject of the "auto" execution context path component is shared with that
execution context's actual path component, meaning that if the user switches from "auto" to
that execution context's path component, the underlying representedObject wouldn't change,
and therfore the RuntimeManager.Event.ActiveExecutionContextChanged wouldn't fire. In this
case, update the visible ("selected") execution context path component manually.

UserInterface/Views/QuickConsole.js:

(WI.QuickConsole.prototype._selectExecutionContext):
(WI.QuickConsole.prototype._pathComponentSelected):

Aug 2, 2019:

9:01 PM Changeset in webkit [248195] by keith_miller@apple.com

5 edits in trunk/Source/JavaScriptCore

Address comments on r248178
https://bugs.webkit.org/show_bug.cgi?id=200411

Reviewed by Saam Barati.

b3/B3Opcode.h:
b3/B3Procedure.h:

(JSC::B3::Procedure::tuples const):

b3/B3Validate.cpp:
b3/testb3_1.cpp:

(main):

6:10 PM Changeset in webkit [248194] by rmorisset@apple.com

2 edits in trunk/Source/WebCore

[WHLSL] Avoid visiting the full AST in computeDimensions
https://bugs.webkit.org/show_bug.cgi?id=200410

Reviewed by Myles C. Maxfield.

Avoid visiting the full AST in computeDimensions
This cuts the time spent in computeDimensions on compute_boids.html from about 2ms to about 0.002ms.

No new tests as there is no functional change intended.

Modules/webgpu/WHLSL/WHLSLComputeDimensions.cpp:

(WebCore::WHLSL::computeDimensions):

Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

5:49 PM Changeset in webkit [248193] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Ref Frame in DOMWindow::screen* functions
https://bugs.webkit.org/show_bug.cgi?id=200409

Reviewed by Simon Fraser.

Ref Frame in the following functions.

page/DOMWindow.cpp:

(WebCore::DOMWindow::innerHeight const):
(WebCore::DOMWindow::innerWidth const):
(WebCore::DOMWindow::screenX const):
(WebCore::DOMWindow::screenY const):
(WebCore::DOMWindow::scrollX const):
(WebCore::DOMWindow::scrollY const):

5:31 PM Changeset in webkit [248192] by mark.lam@apple.com

13 edits in trunk/Source

[ARM64E] Harden the diversity of the DOMJIT::Signature::unsafeFunction pointer.
https://bugs.webkit.org/show_bug.cgi?id=200292
<rdar://problem/53706881>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Previously, DOMJIT::Signature::functionWithoutTypeCheck was signed as a C function
pointer. We can do better by signing it like a vtbl function pointer.

No new tests needed. The DOMJIT mechanism is covered by existing tests.

I also manually confirmed that DOMJIT::Signature::functionWithoutTypeCheck is signed
exactly as expected by reading its bits out of memory (not letting Clang have a
chance to resign it into a C function pointer) and comparing it against manually
signed bits with the expected diversifier.

assembler/MacroAssemblerCodeRef.h:

(JSC::CFunctionPtr::CFunctionPtr):
(JSC::CFunctionPtr::get const):
(JSC::CFunctionPtr::address const):
(JSC::CFunctionPtr::operator bool const):
(JSC::CFunctionPtr::operator! const):
(JSC::CFunctionPtr::operator== const):
(JSC::CFunctionPtr::operator!= const):

Introduce a CFunctionPtr abstraction that is used to hold pointers to C functions. It can instantiated in 4 ways:

The default constructor.
A constructor that takes a nullptr_t.

These 2 forms will instantiate a CFunctionPtr with a nullptr.

A constructor that takes the name of a function.
A constructor that takes a function pointer.

Form 3 already knows that we're initializing with a real function, and
that Clang will give it to use signed as a C function pointer. So, it
doesn't do any assertions. This form is useful for initializing CFunctionPtrs
embedded in const data structures.

Form 4 is an explicit constructor that takes an arbitrary function
pointer, but does not know if that pointer is already signed as a C function
pointer. Hence, this form will do a RELEASE_ASSERT that the given function
pointer is actually signed as a C function pointer.

Once instantiated, we are guaranteed that a C function pointer is either null
or contains a signed C function pointer.

domjit/DOMJITSignature.h:

(JSC::DOMJIT::Signature::Signature):

Sign functionWithoutTypeCheck as WTF_VTBL_FUNCPTR_PTRAUTH(DOMJITFunctionPtrTag).

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOM):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):

Use the new CFunctionPtr to document that the retrieved signature->functionWithoutTypeCheck is signed as a C function pointer.

runtime/ClassInfo.h:
Update MethodTable to sign its function pointers using the new WTF_VTBL_FUNCPTR_PTRAUTH_STR to be consistent. No longer need to roll its own PTRAUTH macro.

runtime/JSCPtrTag.h:
Add DOMJITFunctionPtrTag.

tools/JSDollarVM.cpp:
Update to work with the new DOMJIT::Signature constructor.

Source/WebCore:

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

Update to work with the new DOMJIT::Signature constructor.

bindings/scripts/test/JS/JSTestDOMJIT.cpp:
Re-base test results.

Source/WTF:

wtf/PtrTag.h:
Introducing WTF_VTBL_FUNCPTR_PTRAUTH and WTF_VTBL_FUNCPTR_PTRAUTH_STR macros for defining vtbl function pointer style pointer signing modifier.

5:09 PM Changeset in webkit [248191] by Alan Coon

1 copy in tags/Safari-608.1.42

Tag Safari-608.1.42.

4:44 PM Changeset in webkit [248190] by Keith Rollin

24 edits in trunk

Consistently use Obj-C boolean literals
https://bugs.webkit.org/show_bug.cgi?id=200405
<rdar://problem/53880043>

Reviewed by Simon Fraser, Joseph Pecoraro.

There are places where we use equivalent but different expressions for
Obj-C boolean objects. For example, we use both [NSNumber
numberWithBool:YES] and @YES. There are places where both are used in
the same function, such as -[WebPreferences initialize]. The boolean
literal is in greater use and is more succinct, so standardize on
that. Also, change @(YES/NO) to @YES/NO.

Examples:

NetscapeCoreAnimationMoviePlugin/main.m:

(NPP_GetValue):

Source/WebCore:

No new tests -- no new or changed functionality.

platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::enqueueSample):

platform/graphics/cv/ImageTransferSessionVT.mm:

(WebCore::ImageTransferSessionVT::ImageTransferSessionVT):
(WebCore::ImageTransferSessionVT::setSize):
(WebCore::ImageTransferSessionVT::ioSurfacePixelBufferCreationOptions):

platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

(WebCore::RealtimeIncomingVideoSourceCocoa::pixelBufferPool):

platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:

(WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):

platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::applySniffingPoliciesIfNeeded):

Source/WebKit:

NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::getAttestation const):

Source/WebKitLegacy/mac:

History/WebHistoryItem.mm:
WebView/WebFrame.mm:

(-[WebFrame _cacheabilityDictionary]):

WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Tools:

DumpRenderTree/mac/ObjCController.m:

(-[ObjCController objectOfClass:]):

TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm:

(TEST):

TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(overrideAddObserverForName):

TestWebKitAPI/ios/mainIOS.mm:

(main):

TestWebKitAPI/mac/InjectedBundleControllerMac.mm:

(TestWebKitAPI::InjectedBundleController::platformInitialize):

TestWebKitAPI/mac/mainMac.mm:

(main):

WebKitLauncher/WebKitNightlyEnabler.m:

(enableWebKitNightlyBehaviour):

4:20 PM Changeset in webkit [248189] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

[ Mac ] Layout Test accessibility/mac/press-not-work-for-disabled-menu-list.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=196505
<rdar://problem/49532620>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Re-wrote test in a timing independent way. This should fix the intermittent failures.

accessibility/mac/press-not-work-for-disabled-menu-list.html:

4:03 PM Changeset in webkit [248188] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Explicitly returning BOOL to avoid error in some compiler configurations.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

3:58 PM Changeset in webkit [248187] by ysuzuki@apple.com

18 edits
4 copies
5 adds in trunk

[JSC] Support WebAssembly in SamplingProfiler
https://bugs.webkit.org/show_bug.cgi?id=200329

Reviewed by Saam Barati.

JSTests:

stress/sampling-profiler-wasm-name-section.js: Added.

(const.compile):
(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

stress/sampling-profiler-wasm.js: Added.

(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

stress/sampling-profiler/loop.wasm: Added.
stress/sampling-profiler/loop.wast: Added.
stress/sampling-profiler/nameSection.wasm: Added.

Source/JavaScriptCore:

The sampling profiler support is critical to investigate what is actually time-consuming. This patch adds the sampling profiler support for Wasm functions
to list up hot Wasm functions with compilation mode (BBQ or OMG). This allows us to investigate the hot functions in JetStream2 wasm tests.

In order to retrieve wasm function information from the sampling profiler safely, we need to know whether the given Wasm CalleeBits is valid in the call frame.
To achieve this, we start collecting valid Wasm::Callee pointers in a global hash set. Previously, each Wasm::Callee registered its code region to a hash set
for wasm fault signal handler to know whether the faulted program-counter is in wasm region. We reuse and change this mechanism. Instead of registering code region,
we register Wasm::Callee* to a hash set. The sampling profiler reuses this hash set to determine whether the given bits is a valid Wasm::Callee.

The sampling profiler retrieves the information safely from valid Wasm::Callee* pointer. It is possible that this Wasm::Callee is about to be dead: ref-count is 0,
now in the middle of the destructor of Wasm::Callee. Even in that case, fields of Wasm::Callee are still valid and can be accessed since destroying these fields happens
after we unregister Wasm::Callee from the global hash set.

We retrieve Wasm::IndexOrName and Wasm::CompilationMode. Copying them does not involve any allocations, locking etc. So we can safely copy them while some of threads are suspended.

This patch also fixes the issue that we never called unregisterCode while every Wasm::Calllee registers its code region through registerCode.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
Sources.txt:
runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::FrameWalker):
(JSC::FrameWalker::recordJSFrame):
(JSC::CFrameWalker::CFrameWalker):
(JSC::SamplingProfiler::takeSample):
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::displayName):
(JSC::SamplingProfiler::StackFrame::displayNameForJSONTests):
(JSC::SamplingProfiler::StackFrame::functionStartLine):
(JSC::SamplingProfiler::StackFrame::functionStartColumn):
(JSC::SamplingProfiler::StackFrame::sourceID):
(JSC::SamplingProfiler::StackFrame::url):
(JSC::SamplingProfiler::reportTopBytecodes):
(WTF::printInternal):

runtime/SamplingProfiler.h:
tools/JSDollarVM.cpp:

(JSC::functionIsWasmSupported):
(JSC::JSDollarVM::finishCreation):

wasm/WasmB3IRGenerator.h:
wasm/WasmBBQPlan.cpp:

(JSC::Wasm::BBQPlan::complete):

wasm/WasmBBQPlanInlines.h:

(JSC::Wasm::BBQPlan::initializeCallees):

wasm/WasmCallee.cpp:

(JSC::Wasm::Callee::Callee):
(JSC::Wasm::Callee::~Callee):

wasm/WasmCallee.h:

(JSC::Wasm::Callee::create): Deleted.
(JSC::Wasm::Callee::entrypoint const): Deleted.
(JSC::Wasm::Callee::calleeSaveRegisters): Deleted.
(JSC::Wasm::Callee::indexOrName const): Deleted.

wasm/WasmCalleeRegistry.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::CalleeRegistry::initialize):
(JSC::Wasm::CalleeRegistry::singleton):

wasm/WasmCalleeRegistry.h: Copied from Source/JavaScriptCore/wasm/WasmCallee.cpp.

(JSC::Wasm::CalleeRegistry::getLock):
(JSC::Wasm::CalleeRegistry::registerCallee):
(JSC::Wasm::CalleeRegistry::unregisterCallee):
(JSC::Wasm::CalleeRegistry::isValidCallee):

wasm/WasmCompilationMode.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::makeString):

wasm/WasmCompilationMode.h: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.
wasm/WasmFaultSignalHandler.cpp:

(JSC::Wasm::trapHandler):
(JSC::Wasm::enableFastMemory):
(JSC::Wasm::registerCode): Deleted.
(JSC::Wasm::unregisterCode): Deleted.

wasm/WasmFaultSignalHandler.h:
wasm/WasmIndexOrName.h:
wasm/WasmOMGPlan.cpp:

(JSC::Wasm::OMGPlan::work):

3:57 PM Changeset in webkit [248186] by Wenson Hsieh

3 edits in trunk/Tools

TextAutosizingBoost.ChangeAutosizingBoostAtRuntime fails on iPad Simulator
https://bugs.webkit.org/show_bug.cgi?id=200402
<rdar://problem/53823368>

Reviewed by Tim Horton.

Make it possible to run this test using the iPad simulator.

TestWebKitAPI/Tests/ios/TextAutosizingBoost.mm:

Two adjustments: (1) override the screen size to be 320 by 568 (so that the legacy text autosizing heuristic
doesn't avoid boosting this text), and (2) force text autosizing on, but disable idempotent text autosizing,
since this would result in differently sized text.

(mainScreenReferenceBoundsOverride):

TestWebKitAPI/ios/UIKitSPI.h:

3:20 PM Changeset in webkit [248185] by ysuzuki@apple.com

3 edits
1 add in trunk

[JSC] LazyJSValue should be robust for empty JSValue
https://bugs.webkit.org/show_bug.cgi?id=200388

Reviewed by Saam Barati.

JSTests:

stress/switch-constant-child-becomes-empty.js: Added.

(foo):

Source/JavaScriptCore:

If the Switch DFG node is preceded by ForceOSRExit or something that invalidates the basic block,
it can take a FrozenValue as a child which includes empty value instead of string, number etc.
If this Switch node is kept and we reached to DFGCFGSimplificationPhase, it will use this FrozenValue.
However, LazyJSValue using this FrozenValue strongly assumes that FrozenValue is never holding empty value.
But this assumption is wrong. This patch makes LazyJSValue robust for empty value.

dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::tryGetStringImpl const):
(JSC::DFG::LazyJSValue::tryGetString const):
(JSC::DFG::LazyJSValue::strictEqual const):
(JSC::DFG::LazyJSValue::switchLookupValue const):

3:14 PM Changeset in webkit [248184] by Devin Rousso

2 edits in trunk/Source/WebCore

Web Inspector: fix inverted check in InspectorDOMStorageAgent::enable
Followup to r248179.

Rubber-stamped by Joseph Pecoraro.

inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):

3:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

Reviewed safari-607-branch backports through r247496 and resolved … (diff)

2:54 PM Changeset in webkit [248183] by eric.carlson@apple.com

2 edits in trunk/Source/WTF

uniqueLogIdentifier() should generate a 64-bit identifier
https://bugs.webkit.org/show_bug.cgi?id=200403
<rdar://problem/53878447>

Reviewed by Youenn Fablet.

wtf/LoggerHelper.h:

(WTF::LoggerHelper::childLogIdentifier const): Use uint64_t masks.
(WTF::LoggerHelper::uniqueLogIdentifier): cryptographicallyRandomNumber returns a
uint32_t so use two to generate a 64-bit identifier.

2:32 PM Changeset in webkit [248182] by Fujii Hironori

3 edits in trunk/Source/WebCore

[Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
https://bugs.webkit.org/show_bug.cgi?id=200378

Reviewed by Ross Kirsling.

URL::isolatedCopy() is called in the worker thread. URL is using a
thread-unsafe ref-counter. It should be called in the main thread.

Covered by existing tests.

platform/network/curl/SocketStreamHandleImpl.h:
platform/network/curl/SocketStreamHandleImplCurl.cpp:

(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
(WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.

2:19 PM Changeset in webkit [248181] by sihui_liu@apple.com

16 edits in trunk

API tests using permanent credentials should clear credentials left by previous tests
https://bugs.webkit.org/show_bug.cgi?id=199729

Reviewed by Alex Christensen.

Source/WebCore:

Update existing API tests.

platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::clearSessionCredentials):
(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

platform/network/CredentialStorage.h:
platform/network/mac/CredentialStorageMac.mm:

(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

Source/WebKit:

Permanent password credentials currently are shared across processes, so we don't need to clear them from
network process.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::clearPermanentCredentialsForProtectionSpace): Deleted.

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:]):
(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:completionHandler:]): Deleted.

UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace): Deleted.

UIProcess/WebProcessPool.h:

Tools:

We used to clear the permanent credentials created by API tests at the end of the API tests, to ensure those
credentials will not affect tests running after. There is a case where permanent credentials were left on the
system, so those API tests were timing out themselves before reaching to the cleanup, which caused cascading
failure. To prevent this from happening again, add cleanup at the begining of the tests.

TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:

(TEST):

TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:

(TestWebKitAPI::TEST):

2:07 PM Changeset in webkit [248180] by Devin Rousso

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: all navigation items should be shown in the split console
https://bugs.webkit.org/show_bug.cgi?id=200280

Reviewed by Joseph Pecoraro.

UserInterface/Views/LogContentView.js:

(WI.LogContentView):
(WI.LogContentView.prototype.get navigationItems):
Adjust the visibilityPriority of each navigationItems so that the filter/scope bars are
kept visible for longer than the "Preserve Log"/"Emulate User Gesture" toggles.

UserInterface/Views/FindBanner.js:

(WI.FindBanner):

UserInterface/Views/FindBanner.css:

(.find-banner.console-find-banner > input[type="search"]):
(.find-banner.console-find-banner > :matches(input[type="search"], button)):
(.find-banner.console-find-banner > input[type="search"]:focus, .find-banner.console-find-banner > input[type="search"]:focus ~ button, .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown), .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown) ~ button ): Added.
(.find-banner.console-find-banner > input[type="search"]::placeholder): Deleted.
(.find-banner.console-find-banner > input[type="search"]:focus): Deleted.
(.find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown)): Deleted.
(@media (prefers-color-scheme: dark) .find-banner.console-find-banner > input[type=search]:not(:placeholder-shown)): Deleted.
Make the WI.FindBanner blend in with the surrounding content when it's not focused or has
no content.

2:05 PM Changeset in webkit [248179] by Devin Rousso

17 edits in trunk/Source

Web Inspector: Storage: disable related agents when the tab is closed
https://bugs.webkit.org/show_bug.cgi?id=200117

Reviewed by Joseph Pecoraro.

Rework how enable/disable is used for storage-related agents so that events are not sent
and data isn't kept alive when the Storage tab isn't enabled.

Source/JavaScriptCore:

inspector/protocol/ApplicationCache.json:

Add disable command.

Source/WebCore:

Covered by existing tests.

inspector/agents/InspectorApplicationCacheAgent.h:
inspector/agents/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorApplicationCacheAgent::enable):
(WebCore::InspectorApplicationCacheAgent::disable): Added.

inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):
(WebCore::InspectorDOMStorageAgent::disable):

inspector/agents/InspectorDatabaseAgent.cpp:

(WebCore::InspectorDatabaseAgent::enable):
(WebCore::InspectorDatabaseAgent::disable):

Source/WebInspectorUI:

UserInterface/Controllers/ApplicationCacheManager.js:

(WI.ApplicationCacheManager):
(WI.ApplicationCacheManage.prototype.get domains): Added.
(WI.ApplicationCacheManage.prototype.activateExtraDomain): Added.
(WI.ApplicationCacheManager.prototype.initializeTarget):
(WI.ApplicationCacheManager.prototype.enable): Added.
(WI.ApplicationCacheManager.prototype.disable): Added.
(WI.ApplicationCacheManager.prototype.networkStateUpdated):
(WI.ApplicationCacheManager.prototype.applicationCacheStatusUpdated):
(WI.ApplicationCacheManager.prototype._reset): Added.
(WI.ApplicationCacheManager.prototype._mainResourceDidChange):
(WI.ApplicationCacheManager.prototype._manifestForFrameLoaded):
(WI.ApplicationCacheManager.prototype._framesWithManifestsLoaded):
(WI.ApplicationCacheManager.prototype.initialize): Deleted.

UserInterface/Controllers/DOMStorageManager.js:

(WI.DOMStorageManager):
(WI.DOMStorageManager.prototype.get domains): Added.
(WI.DOMStorageManager.prototype.activateExtraDomain): Added.
(WI.DOMStorageManager.prototype.initializeTarget):
(WI.DOMStorageManager.prototype.enable): Added.
(WI.DOMStorageManager.prototype.disable): Added.
(WI.DOMStorageManager.prototype.itemsCleared):
(WI.DOMStorageManager.prototype.itemRemoved):
(WI.DOMStorageManager.prototype.itemAdded):
(WI.DOMStorageManager.prototype.itemUpdated):
(WI.DOMStorageManager.prototype.inspectDOMStorage):
(WI.DOMStorageManager.prototype._reset): Added.
(WI.DOMStorageManager.prototype._addDOMStorageIfNeeded):
(WI.DOMStorageManager.prototype._addCookieStorageIfNeeded):
(WI.DOMStorageManager.prototype._mainResourceDidChange):
(WI.DOMStorageManager.prototype.initialize): Deleted.
(WI.DOMStorageManager.prototype.domStorageWasAdded): Deleted.

UserInterface/Controllers/DatabaseManager.js:

(WI.DatabaseManager):
(WI.DatabaseManager.prototype.get domains): Added.
(WI.DatabaseManager.prototype.activateExtraDomain): Added.
(WI.DatabaseManager.prototype.initializeTarget):
(WI.DatabaseManager.prototype.enable): Added.
(WI.DatabaseManager.prototype.disable): Added.
(WI.DatabaseManager.prototype.databaseWasAdded):
(WI.DatabaseManager.prototype.inspectDatabase):
(WI.DatabaseManager.prototype._reset): Added.
(WI.DatabaseManager.prototype._mainResourceDidChange):
(WI.DatabaseManager.prototype.initialize): Deleted.

UserInterface/Controllers/IndexedDBManager.js:

(WI.IndexedDBManager):
(WI.IndexedDBManager.prototype.get domains): Added.
(WI.IndexedDBManager.prototype.activateExtraDomain): Added.
(WI.IndexedDBManager.prototype.initializeTarget):
(WI.IndexedDBManager.prototype.enable): Added.
(WI.IndexedDBManager.prototype.disable): Added.
(WI.IndexedDBManager.prototype.clearObjectStore):
(WI.IndexedDBManager.prototype._reset): Added.
(WI.IndexedDBManager.prototype._mainResourceDidChange):
(WI.IndexedDBManager.prototype.initialize): Deleted.

UserInterface/Controllers/AppController.js:

(WI.AppController.prototype.activateExtraDomains):

UserInterface/Controllers/CanvasManager.js:

(WI.CanvasManager.prototype.get domains): Added.
(WI.CanvasManager.prototype.activateExtraDomain): Added.
Only call enable on any extra agents if the domain is not controlled by a manager.

UserInterface/Views/StorageTabContentView.js:

(WI.StorageTabContentView):
(WI.StorageTabContentView.static isTabAllowed):
(WI.StorageTabContentView.prototype.canShowRepresentedObject):
(WI.StorageTabContentView.prototype.closed): Added.

UserInterface/Test.html:
UserInterface/Test/Test.js:

(WI.loaded):
(WI.contentLoaded):

2:02 PM Changeset in webkit [248178] by keith_miller@apple.com

49 edits
2 copies in trunk/Source/JavaScriptCore

B3 should support tuple types
https://bugs.webkit.org/show_bug.cgi?id=200327

Reviewed by Filip Pizlo.

As part of the Wasm multi-value proposal, we need to teach B3 that
patchpoints can return more than one value. This is done by
adding a new B3::Type called Tuple. Unlike, other B3 types Tuple
is actually an encoded index into a numeric B3::Type vector on the
procedure. This lets us distinguish any two tuples from each
other, moreover, it's possible to get the vector of types with
just the B3::Tuple type and the procedure.

Since most B3 operations only expect to see a single numeric child
there is a new Opcode, Extract, that takes yields the some, fixed,
entry from a tuple value. Extract would be the only other change
needed to make tuples work in B3 except that some optimizations
expect to be able to take any non-Void value and stick it into a
Variable of the same type. This means both Get/Set from a variable
have to support Tuples as well. For simplicity and consistency,
the ability to accept tuples is also applied to Phi and Upsilon.

In order to lower a Tuple, B3Lowering needs to have a Tmp for each
nested type in a Tuple. While we could reuse the existing
IndexedTables to hold the extra information we need to lower
Tuples, we instead use a two new HashTables for Value->Tmp(s) and
Phi->Tmp(s). It's expected that Tuples will be sufficiently
uncommon the overhead of tracking everything together would be
prohibitive. On the other hand, we don't worry about this for
Variables because we don't expect those to make it to lowering.

JavaScriptCore.xcodeproj/project.pbxproj:
Sources.txt:
b3/B3Bank.h:

(JSC::B3::bankForType):

b3/B3CheckValue.cpp:

(JSC::B3::CheckValue::CheckValue):

b3/B3ExtractValue.cpp: Copied from Source/JavaScriptCore/b3/B3ProcedureInlines.h.

(JSC::B3::ExtractValue::~ExtractValue):
(JSC::B3::ExtractValue::dumpMeta const):

b3/B3ExtractValue.h: Copied from Source/JavaScriptCore/b3/B3FixSSA.h.
b3/B3FixSSA.h:
b3/B3LowerMacros.cpp:
b3/B3LowerMacrosAfterOptimizations.cpp:
b3/B3LowerToAir.cpp:
b3/B3NativeTraits.h:
b3/B3Opcode.cpp:

(JSC::B3::invertedCompare):
(WTF::printInternal):

b3/B3Opcode.h:

(JSC::B3::opcodeForConstant):

b3/B3PatchpointSpecial.cpp:

(JSC::B3::PatchpointSpecial::forEachArg):
(JSC::B3::PatchpointSpecial::isValid):
(JSC::B3::PatchpointSpecial::admitsStack):
(JSC::B3::PatchpointSpecial::generate):

b3/B3PatchpointValue.cpp:

(JSC::B3::PatchpointValue::dumpMeta const):
(JSC::B3::PatchpointValue::PatchpointValue):

b3/B3PatchpointValue.h:
b3/B3Procedure.cpp:

(JSC::B3::Procedure::addTuple):
(JSC::B3::Procedure::isValidTuple const):
(JSC::B3::Procedure::tupleForType const):
(JSC::B3::Procedure::addIntConstant):
(JSC::B3::Procedure::addConstant):

b3/B3Procedure.h:

(JSC::B3::Procedure::returnCount const):

b3/B3ProcedureInlines.h:

(JSC::B3::Procedure::extractFromTuple const):

b3/B3ReduceStrength.cpp:
b3/B3StackmapSpecial.cpp:

(JSC::B3::StackmapSpecial::isValidImpl):
(JSC::B3::StackmapSpecial::isArgValidForType):
(JSC::B3::StackmapSpecial::isArgValidForRep):
(JSC::B3::StackmapSpecial::isArgValidForValue): Deleted.

b3/B3StackmapSpecial.h:
b3/B3StackmapValue.h:
b3/B3Type.cpp:

(WTF::printInternal):

b3/B3Type.h:

(JSC::B3::Type::Type):
(JSC::B3::Type::tupleFromIndex):
(JSC::B3::Type::kind const):
(JSC::B3::Type::tupleIndex const):
(JSC::B3::Type::hash const):
(JSC::B3::Type::operator== const):
(JSC::B3::Type::operator!= const):
(JSC::B3::Type::isInt const):
(JSC::B3::Type::isFloat const):
(JSC::B3::Type::isNumeric const):
(JSC::B3::Type::isTuple const):
(JSC::B3::sizeofType):
(JSC::B3::isInt): Deleted.
(JSC::B3::isFloat): Deleted.

b3/B3TypeMap.h:

(JSC::B3::TypeMap::at):

b3/B3Validate.cpp:
b3/B3Value.cpp:

(JSC::B3::Value::isRounded const):
(JSC::B3::Value::effects const):
(JSC::B3::Value::typeFor):

b3/B3Value.h:
b3/B3ValueInlines.h:
b3/B3ValueKey.cpp:

(JSC::B3::ValueKey::intConstant):

b3/B3ValueKey.h:

(JSC::B3::ValueKey::hash const):

b3/B3ValueRep.h:
b3/B3Width.h:

(JSC::B3::widthForType):

b3/air/AirArg.cpp:

(JSC::B3::Air::Arg::canRepresent const):

b3/air/AirArg.h:
b3/air/AirCCallingConvention.cpp:

(JSC::B3::Air::cCallResult):

b3/air/AirLowerMacros.cpp:

(JSC::B3::Air::lowerMacros):

b3/testb3.h:

(populateWithInterestingValues):

b3/testb3_1.cpp:

(run):

b3/testb3_3.cpp:

(testStorePartial8BitRegisterOnX86):

b3/testb3_5.cpp:

(testPatchpointWithRegisterResult):
(testPatchpointWithStackArgumentResult):
(testPatchpointWithAnyResult):

b3/testb3_6.cpp:

(testPatchpointDoubleRegs):
(testSomeEarlyRegister):

b3/testb3_7.cpp:

(testShuffleDoesntTrashCalleeSaves):
(testReportUsedRegistersLateUseFollowedByEarlyDefDoesNotMarkUseAsDead):
(testSimpleTuplePair):
(testSimpleTuplePairUnused):
(testSimpleTuplePairStack):
(tailDupedTuplePair):
(tuplePairVariableLoop):
(tupleNestedLoop):
(addTupleTests):

b3/testb3_8.cpp:

(testLoad):
(addLoadTests):

ftl/FTLAbbreviatedTypes.h:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
(JSC::FTL::DFG::LowerDFGToB3::compileCPUIntrinsic):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
(JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitRightShiftSnippet):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):

wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::AirIRGenerator::emitPatchpoint):

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):

wasm/WasmCallingConvention.h:

(JSC::Wasm::CallingConvention::marshallArgument const):
(JSC::Wasm::CallingConvention::setupFrameInPrologue const):
(JSC::Wasm::CallingConvention::setupCall const):
(JSC::Wasm::CallingConventionAir::setupCall const):

1:39 PM Changeset in webkit [248177] by Devin Rousso

22 edits in trunk/Source

Web Inspector: Timelines: Develop > Start Timeline Recording doesn't work when focused on a detached inspector window
https://bugs.webkit.org/show_bug.cgi?id=200125
<rdar://problem/53543008>

Reviewed by Brian Burg.

Always show the Timelines tab in Web Inspector whenever timeline recording starts/stops.
Notify the UIProcess whenever the timeline recording state changes.

Source/WebCore:

inspector/InspectorClient.h:

(WebCore::InspectorClient::timelineRecordingChanged): Added.

inspector/agents/InspectorTimelineAgent.h:
inspector/agents/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
(WebCore::InspectorTimelineAgent::internalStart):
(WebCore::InspectorTimelineAgent::internalStop):

Source/WebInspectorUI:

UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setTimelineProfilingEnabled):

Source/WebKit:

WebProcess/WebPage/WebInspector.messages.in:
WebProcess/WebPage/WebInspector.h:
WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::startPageProfiling):
(WebKit::WebInspector::stopPageProfiling):
(WebKit::WebInspector::timelineRecordingChanged): Added.
(WebKit::WebInspector::showTimelines): Deleted.

WebProcess/WebPage/WebInspectorUI.messages.in:
WebProcess/WebPage/WebInspectorUI.h:
WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showTimelines): Deleted.

WebProcess/WebCoreSupport/WebInspectorClient.h:
WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::timelineRecordingChanged): Added.

UIProcess/WebInspectorProxy.messages.in:
UIProcess/WebInspectorProxy.h:
UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::togglePageProfiling):
(WebKit::WebInspectorProxy::timelineRecordingChanged): Added.
(WebKit::WebInspectorProxy::showTimelines): Deleted.

UIProcess/API/C/WKInspector.cpp:

(WKInspectorTogglePageProfiling):

UIProcess/API/Cocoa/_WKInspector.h:
UIProcess/API/Cocoa/_WKInspector.mm:

(-[_WKInspector showTimelines]): Deleted.

WebProcess/InjectedBundle/API/c/WKBundleInspector.cpp:

(WKBundleInspectorSetPageProfilingEnabled):

1:25 PM Changeset in webkit [248176] by Devin Rousso

4 edits in trunk/Source/WebInspectorUI

Web Inspector: "Inspector.initialized" happens before breakpoints are set
https://bugs.webkit.org/show_bug.cgi?id=200364

Reviewed by Joseph Pecoraro.

Allow managers to register a promise that will delay Inspector.initialized. This is needed
when restoring breakpoints so that "Automatically Show Web Inspector for JSContexts" can set
them before any scripts have evaluated, ensuring that no breakpoints are "skipped".

UserInterface/Protocol/Target.js:

(WI.Target.prototype.initialize):
(WI.Target.registerInitializationPromise): Added.

UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):

UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager):

1:22 PM Changeset in webkit [248175] by commit-queue@webkit.org

4 edits
2 adds in trunk

Web Inspector: Crash when interacting with Template Content in Console
https://bugs.webkit.org/show_bug.cgi?id=196280

Patch by Yury Semikhatsky <yurys@chromium.org> on 2019-08-02
Reviewed by Joseph Pecoraro.

Source/WebCore:

Test: inspector/dom/inspect-template-node.html

bindings/js/JSDOMBindingSecurity.cpp:

(WebCore::canAccessDocument): if target element is from a
<template> use its host document to check the access. Elements
from the host document always have access to its template elements content.

inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::resolveNode): templates are created in
special template document which doesn't have a frame, in such case get
the frame from the host document.

LayoutTests:

inspector/dom/inspect-template-node-expected.txt: Added.
inspector/dom/inspect-template-node.html: Added.

1:09 PM Changeset in webkit [248174] by jer.noble@apple.com

2 edits in trunk/Source/WebKit

[iPadOS] slides.google.com: Full Screen API warning is presented when swiping through slides
https://bugs.webkit.org/show_bug.cgi?id=200313
<rdar://problem/53777001>

Reviewed by Eric Carlson.

Only run the secheuristic scoring during UIGestureRecognizerStateEnded, rather than both
UIGestureRecognizerStateEnded and UIGestureRecognizerStateBegan. The goal of the heuristic is
to detect fake on-screen keyboards by detecting gestures that look like "typing". Using only
UIGestureRecognizerStateEnded still allows us to do this (as typing will usually have identical
geometries for both Ended and Began) without generating false-positives during swipe gestures.

UIProcess/ios/fullscreen/WKFullScreenViewController.mm:

(-[WKFullScreenViewController _touchDetected:]):

1:07 PM Changeset in webkit [248173] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Harden NodeRareData::m_connectedFrameCount
https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

dom/NodeRareData.h:

12:58 PM Changeset in webkit [248172] by rniwa@webkit.org

5 edits
2 adds in trunk

Document::resume should delay resetting of form control elements.
https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

12:46 PM Changeset in webkit [248171] by ysuzuki@apple.com

3 edits in trunk/Source/JavaScriptCore

[JSC] Use "destroy" function directly for JSWebAssemblyCodeBlock and WebAssemblyFunction
https://bugs.webkit.org/show_bug.cgi?id=200385

Reviewed by Mark Lam.

These CellTypes are not using classInfo stored in the cells, so we can just call JSWebAssemblyCodeBlock::destroy
and WebAssemblyFunction::destroy directly.

wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:

(JSC::JSWebAssemblyCodeBlockDestroyFunc::operator() const):

wasm/js/WebAssemblyFunctionHeapCellType.cpp:

(JSC::WebAssemblyFunctionDestroyFunc::operator() const):

12:17 PM Changeset in webkit [248170] by youenn@apple.com

2 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Unreviewed.
Build fix by guarding with MEDIA_STREAM in addition to IOS.

dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

12:10 PM Changeset in webkit [248169] by commit-queue@webkit.org

8 edits
2 adds in trunk

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/ios-simulator/element-in-table-cell.html

Added _accessibilityIsInTableCell needed for iOS accessibility client.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

Tools:

Glue code to exercise new method [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::isInTableCell const):

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::isInTableCell const):

LayoutTests:

New test that exercises [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

accessibility/ios-simulator/element-in-table-cell-expected.txt: Added.
accessibility/ios-simulator/element-in-table-cell.html: Added.

12:03 PM Changeset in webkit [248168] by commit-queue@webkit.org

2 edits in trunk/Tools

[results.webkit.org Timeline] Using transform matrix to calculate the tag rotation position
https://bugs.webkit.org/show_bug.cgi?id=200397

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-02
Reviewed by Jonathan Bedard.

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

11:58 AM Changeset in webkit [248167] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

[macOS, iOS] webaudio/silent-audio-interrupted-in-background.html sometimes crashes
https://bugs.webkit.org/show_bug.cgi?id=200396
<rdar://problem/53819720>

Reviewed by Youenn Fablet.

No new test, this fixes an existing test.

platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:

(WebCore::AudioSourceProviderAVFObjC::~AudioSourceProviderAVFObjC): Drop the
lock before clearing m_tapStorage.

11:49 AM Changeset in webkit [248166] by Wenson Hsieh

6 edits in trunk

[macOS 10.15] Image dragged from Safari does not appear in Notes
https://bugs.webkit.org/show_bug.cgi?id=188490
<rdar://problem/39462717>

Reviewed by Andy Estes.

Source/WebKit:

Removes some logic that clears out the cached promised drag image in the UI process when WebKit is asked to
provide TIFF image data. This prevents the drop destination from asking for promised image data, if anything
else (e.g. the system) also asks the web view to provide the same data. Additionally, this logic didn't
previously guarantee that the promised image would be cleared anyways, since it is dependent on the drop target
actually requesting the promised image in order to perform the cleanup.

In lieu of clearing the promised drag image when it's requested, we instead clear it out upon mainframe
navigation, in PageClientImpl::didCommitLoadForMainFrame.

Test: DragAndDropTests.MultiplePromisedImageDataRequests

UIProcess/Cocoa/WebViewImpl.h:
UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::clearPromisedDragImage):
(WebKit::WebViewImpl::pasteboardChangedOwner):
(WebKit::WebViewImpl::provideDataForPasteboard):

Fix the bug by not immediately clearing out the promised drag image.

UIProcess/mac/PageClientImplMac.mm:

(WebKit::PageClientImpl::didCommitLoadForMainFrame):

Tools:

Add a test to verify that promised image data can be delivered to multiple pasteboards when performing a drop.

TestWebKitAPI/Tests/mac/DragAndDropTestsMac.mm:

11:47 AM Changeset in webkit [248165] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

libwebrtc.xcodeproj/project.pbxproj:

11:39 AM Changeset in webkit [248164] by Keith Rollin

9 edits
5 deletes in trunk/Source/WebKit

macCatalyst build fails the first attempt, requires a second build
https://bugs.webkit.org/show_bug.cgi?id=200242
<rdar://problem/53678481>

macCatalyst builds fail the first time with an error like:

Code Signing Error: The file
"/Users/tim_cook/Build/Debug-maccatalyst/DerivedSources/WebKit2/WebContent-macCatalyst-no-sandbox.entitlements"
could not be opened. Verify the value of the
CODE_SIGN_ENTITLEMENTS build setting for target "WebContent" is
correct and that the file exists on disk.

This problem is caused by the file referenced by
CODE_SIGN_ENTITLEMENTS changing during the build process. For
macCatalyst builds, we start with the iOS entitlements files and then
tweak them for macCatalyst. When this occurs during a clean build,
Xcode sees the entitlements file being generated and complains about
it. Restarting the build does so with the file already existing, and
so Xcode does not complain about it.

The approach of generating or tweaking entitlement files may have
worked in the past, but the fact is that Xcode doesn't support it.

We had a similar problem with macOS builds. The entitlements files
used to be generated on the fly with scripts like
WebKit/Scripts/process-network-sandbox-entitlements.sh. That process
was reworked to avoid the issue with Xcode not allowing the files to
be generated (see r241135). In short:

o The various process-*-entitlements.sh scripts were consolidated into

a single process-entitlements file

o CODE_SIGN_ENTITLEMENTS, which contains the name of the entitlements

file to use, was de-initialized so that Xcode would not try to
access our generated entitlements file

o CODE_SIGN_INJECT_BASE_ENTITLEMENTS (which injects some base

entitlements) was set to NO. If it were left set to YES, Xcode would
create its own entitlements file and use it as if it were specified
in CODE_SIGN_ENTITLEMENTS

o WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was updated with an

"--entitlements <generated_file>" option.
WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was then used to initialize
OTHER_CODE_SIGN_FLAGS. By specifying the entitlements file this way,
we avoid Xcode complaining about it.

This approach works well for macOS, and so we now also use it to
address the issue with macCatalyst. While we're at it, convert the
rest of the platforms to use the same approach and also generate their
entitlements from the process-entitlements script.

The new process was validated by performing a build with the old
process and the new process, and then comparing the entitlements of
the resulting XPC services to make sure they were the same. Builds
were performed for all platforms, and for Engineering and Production
builds.

Reviewed by Brent Fulgham.

Configurations/BaseXPCService.xcconfig:
Configurations/Network-iOS.entitlements: Removed.
Configurations/Network-macCatalyst.entitlements: Removed.
Configurations/NetworkService.xcconfig:
Configurations/PluginService.64.xcconfig:
Configurations/PluginService.entitlements: Removed.
Configurations/WebContent-iOS.entitlements: Removed.
Configurations/WebContent-macCatalyst.entitlements: Removed.
Configurations/WebContentService.Development.xcconfig:
Configurations/WebContentService.xcconfig:
Scripts/copy-webcontent-resources-to-private-headers.sh:
Scripts/process-entitlements.sh:
WebKit.xcodeproj/project.pbxproj:

11:27 AM Changeset in webkit [248163] by achristensen@apple.com

2 edits in trunk/Tools

Fix API test after r248139
https://bugs.webkit.org/show_bug.cgi?id=200102

TestWebKitAPI/Tests/WebKitCocoa/AdditionalReadAccessAllowedURLsPlugin.mm:

(-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
This was supposed to be removed as part of reverting r245322.

11:16 AM Changeset in webkit [248162] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Gardening: build fix.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Not reviewed.

assembler/CPU.cpp:

(JSC::hwPhysicalCPUMax):

10:34 AM Changeset in webkit [248161] by youenn@apple.com

4 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Reviewed by Eric Carlson.

Instead of registering a MediaStreamTrack as a media producer to compute capture state,
go directly to the sources from the RealtimeMediaSourceCenter.
Do the same when requested to mute capture tracks.

No observable change of behavior.
Covered by manual test on iOS and existing tests.

Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::MediaStreamTrack):
(WebCore::MediaStreamTrack::~MediaStreamTrack):
(WebCore::MediaStreamTrack::mediaState const):
(WebCore::sourceCaptureState):
(WebCore::MediaStreamTrack::captureState):
(WebCore::MediaStreamTrack::muteCapture):

Modules/mediastream/MediaStreamTrack.h:
dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

10:33 AM Changeset in webkit [248160] by commit-queue@webkit.org

2 edits in trunk/Source/ThirdParty/libwebrtc

Unreviewed, rolling out r248156.
https://bugs.webkit.org/show_bug.cgi?id=200393

It broke internal bots (Requested by youenn on #webkit).

Reverted changeset:

"Add build check for libwebrtc ObjectiveC names"
https://bugs.webkit.org/show_bug.cgi?id=200365
https://trac.webkit.org/changeset/248156

10:30 AM Changeset in webkit [248159] by achristensen@apple.com

2 edits in trunk/Source/WTF

Fix an internal build after r248139
https://bugs.webkit.org/show_bug.cgi?id=200102

wtf/cocoa/FileSystemCocoa.mm:

Some internal builds couldn't find BOM framework headers.
No problem. They're not needed. Just remove references to them.

10:09 AM Changeset in webkit [248158] by Alan Coon

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247875. rdar://problem/53841460

[iOS] REGRESSION: Keyboard dismisses and reappears when typing 2FA pin on appleid.apple.com
https://bugs.webkit.org/show_bug.cgi?id=200171
<rdar://problem/50245251>

Reviewed by Wenson Hsieh.

Take out an InputViewUpdateDeferrer token (if we don't already have one) to temporarily defer
tearing down the input view (keyboard) before bluring the previously focused element as part
of switching between focused elements. This avoid a noticeable flash caused by UIKit animating
out and animating in the keyboard should the newly focused element require the keyboard. We
only take out the InputViewUpdateDeferrer until we fall off the end of _elementDidFocus: (or
bail early). Once we fall of the end UIKit will update input view UI.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:06 AM Changeset in webkit [248157] by Alan Coon

7 edits in branches/safari-608.1-branch/Source

Versioning.

10:04 AM Changeset in webkit [248156] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

libwebrtc.xcodeproj/project.pbxproj:

9:43 AM Changeset in webkit [248155] by Chris Dumez

17 edits
2 adds in trunk

DOMWindow properties may get GC'd before their Window object
https://bugs.webkit.org/show_bug.cgi?id=200359

Reviewed by Ryosuke Niwa.

Source/WebCore:

DOMWindow properties may get GC'd before their Window object once their frame is detached. This
is unexpected behavior given that these properties persist on the Window after the frame is
detached. This patch thus updates their bindings so that they live as long as their window, not
their frame.

Note that this also fixes a thread-safety issue since DOMWindowProperty::frame() would get called
from GC threads, although its implementation looks like:
"""

return m_window ? m_window->frame() : nullptr;

"""

Because m_window is a WeakPtr<DOMWindow> and because windows get destroyed on the main thread,
we could in theory crash when dereferencing m_window->frame() from the GC thread.

Test: fast/dom/dom-window-property-gc-after-frame-detach.html

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::visitAdditionalChildren):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/IDLAttributes.json:
css/StyleMedia.idl:
loader/appcache/DOMApplicationCache.idl:
page/BarProp.idl:
page/DOMSelection.idl:
page/History.idl:
page/Location.idl:
page/Navigator.idl:
page/Screen.idl:
page/VisualViewport.idl:
plugins/DOMMimeTypeArray.idl:
plugins/DOMPluginArray.idl:
storage/Storage.idl:

LayoutTests:

Add layout test coverage.

fast/dom/dom-window-property-gc-after-frame-detach-expected.txt: Added.
fast/dom/dom-window-property-gc-after-frame-detach.html: Added.

6:23 AM Changeset in webkit [248154] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.25.4

WebKitGTK 2.25.4

6:22 AM Changeset in webkit [248153] by Carlos Garcia Campos

4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.25.4 release

Source/cmake/OptionsGTK.cmake: Bump version numbers

Source/WebKit:

gtk/NEWS: Add release notes for 2.25.4.

3:20 AM Changeset in webkit [248152] by Konstantin Tokarev

3 edits in trunk/Source/WebCore

Remove constructors and operators of FontPlatformData defined only for Freetype
https://bugs.webkit.org/show_bug.cgi?id=200379

Reviewed by Carlos Garcia Campos.

These methods only make maintenance harder, as all data fields are
trivially copyable. Constructors generated by compiler should be used
instead.

platform/graphics/FontPlatformData.h:
platform/graphics/freetype/FontPlatformDataFreeType.cpp:

1:58 AM Changeset in webkit [248151] by Konstantin Tokarev

2 edits in trunk/Source/WebCore

Remove unused constructor declaration from FontPlatformData
https://bugs.webkit.org/show_bug.cgi?id=200371

Reviewed by Carlos Garcia Campos.

It is not implemented by any port.

platform/graphics/FontPlatformData.h:

1:56 AM Changeset in webkit [248150] by commit-queue@webkit.org

5 edits in trunk

[SOUP] WebSockets: use SOUP_WEBSOCKET_CLOSE_NO_STATUS when closing with no status
https://bugs.webkit.org/show_bug.cgi?id=200338

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2019-08-02
Reviewed by Alex Christensen.

Source/WebKit:

NetworkProcess/soup/WebSocketTaskSoup.cpp:

(WebKit::WebSocketTask::close):

LayoutTests:

Remove failure expectation for http/tests/websocket/tests/hybi/client-close.html

platform/gtk/TestExpectations:
platform/wpe/TestExpectations:

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed