Context Navigation

← Previous Period
Next Period →

Timeline

Jan 26, 2020:

10:30 PM Changeset in webkit [255137] by Fujii Hironori

2 edits in trunk/Source/WebKit

[WinCairo][curl] ASSERTION FAILED: sessionID != PAL::SessionID::defaultSessionID() in NetworkProcess since r255067
https://bugs.webkit.org/show_bug.cgi?id=206817

Reviewed by Darin Adler.

Since r255067 (Bug 206700), the assertion is failing in
NetworkProcess::destroySession while shutdown, which is ensuring
the destructing session isn't the default session.

Covered by existing tests.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::destroySession): Conditioned out the
assertion for curl port as well as Soup port does.

10:27 PM Changeset in webkit [255136] by Darin Adler

4 edits in trunk/Source/WebCore

Move DOMCacheEngine::errorToException back out of header and into .cpp file
https://bugs.webkit.org/show_bug.cgi?id=206815

Reviewed by Mark Lam.

This is a follow-up to a recent build fix that moved a function, errorToException,
out of a .cpp file and into a header file. This reverses that since we don't need
this function to be inlined.

Modules/cache/DOMCacheEngine.cpp:

(WebCore::DOMCacheEngine::convertToException): Moved this function from the header
and renamed it from errorToException to match the other function more closely. Also
use the pattern where the switch statement has no default, so we get a warning if
we don't cover all the enum values.
(WebCore::DOMCacheEngine::convertToExceptionAndLog): Updated for new function name.

Modules/cache/DOMCacheEngine.h: Removed the definition of errorToException and

replaced it with the declaration of it under its new name, convertToException.

Modules/cache/DOMCacheStorage.cpp:

(WebCore::DOMCacheStorage::retrieveCaches): Updated for new function name.

8:38 PM Changeset in webkit [255135] by Chris Dumez

11 edits
1 copy in trunk/Source/WebKit

Frequent sync BackForwardBackListCount/BackForwardForwardListCount IPC on reddit.com
https://bugs.webkit.org/show_bug.cgi?id=206438

Reviewed by Darin Adler.

Frequent sync BackForwardBackListCount/BackForwardForwardListCount IPC on reddit.com. When scrolling on reddit.com,
you frequently see 2 consecutive sync IPCs (WebPageProxy::BackForwardBackListCount then WebPageProxy::BackForwardForwardListCount)
from the WebContent process to the UIProcess. Those are bad for performance. This happens every time the script on the page accesses
history.length, which is unfortunate, since this history length rarely changes.

To address the issue, the following changes were made:

Merge BackForwardBackListCount / BackForwardForwardListCount IPCs into a single BackForwardListCounts IPC which returns both the back & forward counts, since we often need both (e.g. when accessing history.length) and since gettings those counts is very cheap compared to the cost of a sync IPC.
Cache those counts in WebBackForwardListProxy and blow away the cached counts whenever the back/forward list changes. In the common case (where the back/forward list rarely changes), we now see a single sync IPC instead of many (verified on reddit.com).

No new tests, merely a performance improvement.

UIProcess/WebPageProxy.cpp:
UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
WebProcess/WebPage/WebBackForwardListProxy.cpp:

(WebKit::WebBackForwardListProxy::addItemFromUIProcess):
(WebKit::WebBackForwardListProxy::addItem):
(WebKit::WebBackForwardListProxy::goToItem):
(WebKit::WebBackForwardListProxy::backListCount const):
(WebKit::WebBackForwardListProxy::forwardListCount const):
(WebKit::WebBackForwardListProxy::cacheListCountsIfNecessary const):
(WebKit::WebBackForwardListProxy::clearCachedListCounts):
(WebKit::WebBackForwardListProxy::close):
(WebKit::WebBackForwardListProxy::clear):

WebProcess/WebPage/WebBackForwardListProxy.h:

3:28 PM Changeset in webkit [255134] by Alexey Shvayka

6 edits in trunk

Invalid ranges in character classes should be banned in unicode patterns
https://bugs.webkit.org/show_bug.cgi?id=206768

Reviewed by Darin Adler.

JSTests:

test262/expectations.yaml: Mark 18 test cases as passing.

Source/JavaScriptCore:

In ES5, grammar of CharacterRange was ambiguous, resulting in invalid ranges
like /[\d-a]/ being allowed. As of ES2015, invalid ranges are SyntaxError in
unicode patterns, yet still allowed in regular ones to avoid breaking the web.
(https://tc39.es/ecma262/#sec-patterns-static-semantics-early-errors-annexb)

This change adds SyntaxError for unicode patterns and updates explanatory
comments. ErrorCode::CharacterClassOutOfOrder is renamed for consistency
with newly added error code and ErrorCode::ParenthesesTypeInvalid.

yarr/YarrErrorCode.cpp:

(JSC::Yarr::errorMessage):
(JSC::Yarr::errorToThrow):

yarr/YarrErrorCode.h:
yarr/YarrParser.h:

(JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
(JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
(JSC::Yarr::Parser::parseCharacterClass):

2:47 PM Changeset in webkit [255133] by youenn@apple.com

10 edits
1 add in trunk/Source

Use ObjectIdentifier for remote RealtimeMediaSource
https://bugs.webkit.org/show_bug.cgi?id=206808
<rdar://problem/58705405>

Reviewed by Eric Carlson.

Source/WebCore:

No change of behavior.

WebCore.xcodeproj/project.pbxproj:
platform/mediastream/RealtimeMediaSourceIdentifier.h: Added.

Source/WebKit:

Use ObjectIdentifier instead of uint64_t.
This is clearer and prevents receiving identifier of value zero from IPC.
Remove related message checks.

Scripts/webkit/messages.py:
UIProcess/Cocoa/UserMediaCaptureManagerProxy.cpp:

(WebKit::UserMediaCaptureManagerProxy::SourceProxy::SourceProxy):
(WebKit::UserMediaCaptureManagerProxy::createMediaSourceForCaptureDeviceWithConstraints):
(WebKit::UserMediaCaptureManagerProxy::startProducingData):
(WebKit::UserMediaCaptureManagerProxy::stopProducingData):
(WebKit::UserMediaCaptureManagerProxy::end):
(WebKit::UserMediaCaptureManagerProxy::capabilities):
(WebKit::UserMediaCaptureManagerProxy::setMuted):
(WebKit::UserMediaCaptureManagerProxy::applyConstraints):
(WebKit::UserMediaCaptureManagerProxy::clone):
(WebKit::UserMediaCaptureManagerProxy::requestToEnd):

UIProcess/Cocoa/UserMediaCaptureManagerProxy.h:
UIProcess/Cocoa/UserMediaCaptureManagerProxy.messages.in:
WebProcess/cocoa/UserMediaCaptureManager.cpp:

(WebKit::UserMediaCaptureManager::Source::Source):
(WebKit::UserMediaCaptureManager::Source::sourceID const):
(WebKit::UserMediaCaptureManager::createCaptureSource):
(WebKit::UserMediaCaptureManager::sourceStopped):
(WebKit::UserMediaCaptureManager::captureFailed):
(WebKit::UserMediaCaptureManager::sourceMutedChanged):
(WebKit::UserMediaCaptureManager::sourceSettingsChanged):
(WebKit::UserMediaCaptureManager::storageChanged):
(WebKit::UserMediaCaptureManager::ringBufferFrameBoundsChanged):
(WebKit::UserMediaCaptureManager::audioSamplesAvailable):
(WebKit::UserMediaCaptureManager::remoteVideoSampleAvailable):
(WebKit::UserMediaCaptureManager::sourceEnded):
(WebKit::UserMediaCaptureManager::applyConstraintsSucceeded):
(WebKit::UserMediaCaptureManager::applyConstraintsFailed):
(WebKit::UserMediaCaptureManager::cloneVideoSource):

WebProcess/cocoa/UserMediaCaptureManager.h:
WebProcess/cocoa/UserMediaCaptureManager.messages.in:

2:15 PM Changeset in webkit [255132] by Darin Adler

4 edits in trunk/Source/WebKit

Protect against crashes during WKWebView init function when methods are called before the view is fully initialized
https://bugs.webkit.org/show_bug.cgi?id=206799
rdar://problem/58871371

Reviewed by Sam Weinig.

Part way through creating WKWebView, some methods can be called and they need to be careful
not to use anything that may not be initialized yet.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView dealloc]): Check _page for null, since this might happen if the superclass's
init method returned nil.

UIProcess/API/ios/WKWebViewIOS.mm:

(-[WKWebView _frameOrBoundsChanged]): Check _page for null, since this might be called
before object initialization is complete.
(-[WKWebView setSemanticContentAttribute:]): Ditto.

UIProcess/API/mac/WKWebViewMac.mm:

(-[WKWebView setFrameSize:]): Check _impl for null since this might be called before
oject initialization is complete.
(-[WKWebView setUserInterfaceLayoutDirection:]): Ditto.
(-[WKWebView renewGState]): Ditto.

1:35 PM Changeset in webkit [255131] by commit-queue@webkit.org

55 edits
4 adds in trunk

Throttling requestAnimationFrame should be controlled by RenderingUpdateScheduler
https://bugs.webkit.org/show_bug.cgi?id=204713

Patch by Said Abou-Hallawa <Said Abou-Hallawa> on 2020-01-26
Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/animation/request-animation-frame-throttling-outside-viewport.html

requestAnimationFrame is throttled by a timer although its callback are
serviced by the page RenderingUpdate. This led to excessive rAF firing
which makes it more than the preferred frame per seconds.

The solution is to have two throttling types:

1) Page throttling (or full throttling) which slows down all the steps of

RenderingUpdate for the main document and all the sub-documents.

2) Document throttling (or partial throttling) which only slows down the

rAF of a certain document.

Headers.cmake:
WebCore.xcodeproj/project.pbxproj:

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::animationInterval const):
(WebCore::DocumentTimeline::updateThrottlingState): Deleted.

animation/DocumentTimeline.h:

There is no need to have DocumentTimeline throttling. It is already
throttled when the page RenderingUpdate is throttled.

dom/Document.cpp:

(WebCore::Document::requestAnimationFrame):
(WebCore::Document::updateLastHandledUserGestureTimestamp):
LowPowerMode throttling is now handled by the page. So remove its handling
in the Document side.

dom/ScriptedAnimationController.cpp:

(WebCore::ScriptedAnimationController::ScriptedAnimationController):
(WebCore::ScriptedAnimationController::page const):
(WebCore::ScriptedAnimationController::preferredScriptedAnimationInterval const):
(WebCore::ScriptedAnimationController::interval const):
(WebCore::ScriptedAnimationController::isThrottled const):
(WebCore::ScriptedAnimationController::isThrottledRelativeToPage const):
(WebCore::ScriptedAnimationController::shouldRescheduleRequestAnimationFrame const):
(WebCore::ScriptedAnimationController::registerCallback):
(WebCore::ScriptedAnimationController::cancelCallback):
(WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks):
(WebCore::ScriptedAnimationController::scheduleAnimation):
(WebCore::throttlingReasonToString): Deleted.
(WebCore::throttlingReasonsToString): Deleted.
(WebCore::ScriptedAnimationController::addThrottlingReason): Deleted.
(WebCore::ScriptedAnimationController::removeThrottlingReason): Deleted.
(WebCore::ScriptedAnimationController::animationTimerFired): Deleted.

dom/ScriptedAnimationController.h:

(WebCore::ScriptedAnimationController::addThrottlingReason):
(WebCore::ScriptedAnimationController::removeThrottlingReason):
Get rid of the rAF throttling timer. Service the rAF callback only when
the period from the current time stamp till the last service time stamp
is greater than the preferred rAF interval .

page/FrameView.cpp:

(WebCore::FrameView::updateScriptedAnimationsAndTimersThrottlingState):
ThrottlingReason is now defined outside ScriptedAnimationController.

page/Page.cpp:

(WebCore::Page::renderingUpdateThrottlingEnabled const):
(WebCore::Page::renderingUpdateThrottlingEnabledChanged):
(WebCore::Page::isRenderingUpdateThrottled const):

(WebCore::Page::preferredRenderingUpdateInterval const):
Calculate the preferred RenderingUpdate interval from the throttling
reasons.

(WebCore::Page::setIsVisuallyIdleInternal):
(WebCore::Page::handleLowModePowerChange):
Call adjustRenderingUpdateFrequency() when isLowPowerModeEnabled or
IsVisuallyIdle is toggled.

(WebCore::updateScriptedAnimationsThrottlingReason): Deleted.

page/Page.h:

page/RenderingUpdateScheduler.cpp:

(WebCore::RenderingUpdateScheduler::adjustFramesPerSecond):
(WebCore::RenderingUpdateScheduler::adjustRenderingUpdateFrequency):
Change the preferredFramesPerSecond of the DisplayRefreshMonitor if the
throttling is not aggressive e.g. 10_s. Otherwise use the timer.

(WebCore::RenderingUpdateScheduler::scheduleTimedRenderingUpdate):
Call adjustFramesPerSecond() when DisplayRefreshMonitor is created.

(WebCore::RenderingUpdateScheduler::startTimer):

page/RenderingUpdateScheduler.h:

page/Settings.yaml:
page/SettingsBase.cpp:

(WebCore::SettingsBase::renderingUpdateThrottlingEnabledChanged):

page/SettingsBase.h:

Add a setting to enable/disable RenderingUpdateThrottling.

platform/graphics/AnimationFrameRate.h: Added.

(WebCore::preferredFrameInterval):
(WebCore::preferredFramesPerSecond):

platform/graphics/DisplayRefreshMonitor.h:

(WebCore::DisplayRefreshMonitor::setPreferredFramesPerSecond):

platform/graphics/DisplayRefreshMonitorManager.cpp:

(WebCore::DisplayRefreshMonitorManager::monitorForClient):
Rename createMonitorForClient() to monitorForClient() since it may return
a cached DisplayRefreshMonitor.

(WebCore::DisplayRefreshMonitorManager::setPreferredFramesPerSecond):
(WebCore::DisplayRefreshMonitorManager::scheduleAnimation):
(WebCore::DisplayRefreshMonitorManager::windowScreenDidChange):
No need to call registerClient(). This function was just ensuring the
DisplayRefreshMonitor is created. scheduleAnimation() does the same thing.

(WebCore::DisplayRefreshMonitorManager::createMonitorForClient): Deleted.
(WebCore::DisplayRefreshMonitorManager::registerClient): Deleted.

platform/graphics/DisplayRefreshMonitorManager.h:

(WebCore::DisplayRefreshMonitorManager::DisplayRefreshMonitorManager): Deleted.

platform/graphics/GraphicsLayerUpdater.cpp:

(WebCore::GraphicsLayerUpdater::GraphicsLayerUpdater):

platform/graphics/ios/DisplayRefreshMonitorIOS.mm:

(-[WebDisplayLinkHandler setPreferredFramesPerSecond:]):
Set the preferredFramesPerSecond of the CADisplayLink.

platform/ios/LowPowerModeNotifierIOS.mm:

(-[WebLowPowerModeObserver initWithNotifier:]):
Set the initial state of the low power mode.

Source/WebKit:

Create an IPC message on the DrawingArea to send a message from the
WebProcess to the UIProcess to setPreferredFramesPerSecond of the
DisplayRefreshMonitor.

Shared/WebPreferences.yaml:
UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetRenderingUpdateThrottlingEnabled):
(WKPreferencesGetRenderingUpdateThrottlingEnabled):

UIProcess/API/C/WKPreferencesRefPrivate.h:

Add a WKPreference key for RenderingUpdateThrottlingEnabled.

UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.h:
UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.messages.in:

UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:

(-[WKOneShotDisplayLinkHandler setPreferredFramesPerSecond:]):
(WebKit::RemoteLayerTreeDrawingAreaProxy::setPreferredFramesPerSecond):
Set the preferredFramesPerSecond of the CADisplayLink.

WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDisplayRefreshMonitor.h:
WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDisplayRefreshMonitor.mm:

(WebKit::RemoteLayerTreeDisplayRefreshMonitor::setPreferredFramesPerSecond):
Delegate the call to RemoteLayerTreeDrawingArea.

WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::setPreferredFramesPerSecond):
Send the IPC message from the WebProcess to the UIProcess.

Source/WebKitLegacy/mac:

Add a WKPreference key for RenderingUpdateThrottling.

WebView/WebPreferenceKeysPrivate.h:
WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences renderingUpdateThrottlingEnabled]):
(-[WebPreferences setRenderingUpdateThrottlingEnabled:]):

WebView/WebPreferencesPrivate.h:
WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKitLegacy/win:

Add a WKPreference key for RenderingUpdateThrottling.

Interfaces/IWebPreferencesPrivate.idl:
WebPreferenceKeysPrivate.h:
WebPreferences.cpp:

(WebPreferences::initializeDefaultSettings):
(WebPreferences::renderingUpdateThrottlingEnabled):
(WebPreferences::setRenderingUpdateThrottlingEnabled):

WebPreferences.h:
WebView.cpp:

(WebView::notifyPreferencesChanged):

Tools:

RenderingUpdateThrottling is enabled by default. Turn it off for DRT and
WTR. In some cases, the page may not get visually active while it's
waiting for rAF. Throttling tests will have to explicitly turn it on.

DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):

WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues):

LayoutTests:

fast/animation/css-animation-throttling-lowPowerMode.html:
fast/animation/request-animation-frame-throttle-subframe.html:
fast/animation/request-animation-frame-throttling-detached-iframe.html:

Enable RenderingUpdateThrottling for these tests.

fast/animation/request-animation-frame-throttling-lowPowerMode-expected.txt:
fast/animation/request-animation-frame-throttling-lowPowerMode.html:

Ensure the actual rAF interval is > 30ms for lowPowerMode.

fast/animation/request-animation-frame-throttling-outside-viewport-expected.txt: Added.
fast/animation/request-animation-frame-throttling-outside-viewport.html: Added.
fast/animation/resources/frame-with-animation-2.html: Added.

Test the OutsideViewport throttling case.

http/tests/frame-throttling/raf-throttle-in-cross-origin-subframe.html:

Enable RenderingUpdateThrottling for this test.

1:11 PM Changeset in webkit [255130] by eric.carlson@apple.com

2 edits
1 add in trunk/LayoutTests

media/modern-media-controls/media-controller/media-controller-auto-hide.html is flaky timing out
https://bugs.webkit.org/show_bug.cgi?id=206629
<rdar://problem/58816827>

Reviewed by Dean Jackson.

Attempt to de-flake this test by decreasing the controller auto-hide interval and
using a base64 encoded video file to make it load and finish more quickly.

media/content/test.mp4.js: Added.

(base64MP4URL): Base64 encoded five frame, four second long MPEG-4 video.

media/modern-media-controls/media-controller/media-controller-auto-hide.html:

4:17 AM Changeset in webkit [255129] by commit-queue@webkit.org

5 edits in trunk

Improve compatibility with hyperlink auditing spec
https://bugs.webkit.org/show_bug.cgi?id=188852

Patch by Rob Buis <rbuis@igalia.com> on 2020-01-26
Reviewed by Youenn Fablet.

Source/WebCore:

The hyperlink auditing algorithm indicates the fetch should be done
using no-referrer [1], so remove the code to set the referrer HTTP
header.

Tests: http/tests/navigation/ping-attribute/anchor-cross-origin.html

http/tests/navigation/ping-attribute/area-cross-origin.html

[1] https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing (Step 3)

loader/PingLoader.cpp:

(WebCore::PingLoader::sendPing):

LayoutTests:

Update improved test results.

http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:

Jan 25, 2020:

10:33 PM Changeset in webkit [255128] by Darin Adler

3 edits in trunk/Source/WebCore

Tighten up some of the drag state machine logic
https://bugs.webkit.org/show_bug.cgi?id=206798

Reviewed by Wenson Hsieh.

page/EventHandler.h: Added shouldDispatchEventsToDragSourceElement function and renamed

the existing dispatchDragSrcEvent function to dispatchEventToDragSourceElement.

page/EventHandler.cpp:

(WebCore::EventHandler::updateDragAndDrop): Call the renamed dispatchEventToDragSourceElement
unconditionally, since it now has the smarts to only dispatch an event when we are supposed to.
(WebCore::EventHandler::cancelDragAndDrop): Ditto.
(WebCore::EventHandler::dragSourceEndedAt): Call the new shouldDispatchEventsToDragSourceElement
function because of the null check it does for dataTransfer, before calling setDestinationOperation
on the dataTransfer, since there isn't an obvious ironclad guarantee we might be here without an
actual drag fully in process and a dataTransfer object allocated. Also call the renamed
dispatchEventToDragSourceElement by its new name.
(WebCore::EventHandler::shouldDispatchDragSourceEvents): Added. Checks thre three conditions that
affect whether we should dispatch events to the drag source. First that there is a drag source.
Second that there is a dataTransfer object, indicating that we got far enough in the logic to
actually start a drag. Third that shouldDispatchEvents is true, indicating this is the type of
drag that should be visible to the website content and so events should be dispatched.
(WebCore::EventHandler::dispatchEventToDragSourceElement): Call shouldDispatchDragSourceEvents
before dispatching the event, so that callers don't all have to do that check.

9:43 PM Changeset in webkit [255127] by beidson@apple.com

20 edits in trunk/Source

Make ContentWorlds be identified by an ObjectIdentifier instead of a uint64_t
https://bugs.webkit.org/show_bug.cgi?id=206784

Reviewed by Alex Christensen.

Source/WebKit:

Refactor: No behavior change.

Scripts/webkit/messages.py:

Shared/AuxiliaryProcess.cpp:

(WebKit::AuxiliaryProcess::initialize):

Shared/ContentWorldShared.h:

(WebKit::pageContentWorldIdentifier):

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::decode):

Shared/WebPageCreationParameters.h:

Shared/WebUserContentControllerDataTypes.cpp:

(WebKit::WebUserScriptData::decode):
(WebKit::WebUserStyleSheetData::decode):
(WebKit::WebScriptMessageHandlerData::decode):

Shared/WebUserContentControllerDataTypes.h:

UIProcess/API/APIContentWorld.cpp:

(API::ContentWorld::pageContentWorld):
(API::ContentWorld::defaultClientWorld):
(API::ContentWorld::ContentWorld):
(API::ContentWorldBase::generateIdentifier): Deleted.

UIProcess/API/APIContentWorld.h:

(API::ContentWorldBase::identifier const):
(API::ContentWorldBase::worldData const):
(API::ContentWorldBase::ContentWorldBase):

UIProcess/API/APIUserContentWorld.cpp:

(API::UserContentWorld::UserContentWorld):

UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::removeUserContentWorldUses):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):

WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::worldMap):
(WebKit::WebUserContentController::worldForIdentifier):
(WebKit::WebUserContentController::addUserContentWorld):
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):
(WebKit::WebUserContentController::addUserScriptMessageHandlers):
(WebKit::WebUserContentController::removeUserScriptMessageHandler):
(WebKit::WebUserContentController::removeAllUserScriptMessageHandlers):

WebProcess/UserContent/WebUserContentController.h:
WebProcess/UserContent/WebUserContentController.messages.in:

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::runJavaScript):
(WebKit::WebPage::runJavaScriptInMainFrameScriptWorld):
(WebKit::WebPage::runJavaScriptInFrame):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

Source/WTF:

wtf/ObjectIdentifier.h:

(WTF::ObjectIdentifier::generate):
(WTF::ObjectIdentifier::generateThreadSafe):
(WTF::ObjectIdentifier::enableGenerationProtection): To allow restricting generating an identifier to the UIProcess.

2:34 PM Changeset in webkit [255126] by mark.lam@apple.com

62 edits in trunk/Source

Introduce a getVTablePointer() utility function.
https://bugs.webkit.org/show_bug.cgi?id=206804
<rdar://problem/58872290>

Reviewed by Yusuke Suzuki and Oliver Hunt.

Source/WebCore:

Updated CodeGeneratorJS to use getVTablePointer() and rebased test results.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/test/JS/JSInterfaceName.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSMapLike.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSReadOnlySetLike.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSSetLike.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestCEReactions.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestCallTracer.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestEnabledForContext.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestGlobalObject.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestIterable.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestPluginInterface.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestSerialization.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifier.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:

(WebCore::toJSNewlyCreated):

bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::toJSNewlyCreated):

Source/WTF:

With getVTablePointer(), we can abstract away how we get a vtable function pointer
without assuming the way it is signed for ARM64E. With this, we can remove the
WTF_PREPARE_VTBL_POINTER_FOR_INSPECTION macro which assumes how a vtable function
pointer is signed.

wtf/PointerPreparations.h:

12:13 PM Changeset in webkit [255125] by mark.lam@apple.com

4 edits in trunk

Add some tests for dynamically allocated StaticStringImpls.
https://bugs.webkit.org/show_bug.cgi?id=206802

Reviewed by Darin Adler.

Source/WTF:

Removed some unnecessary explicit specialization of the charactersAreAllASCII()
template function.

wtf/text/StringImpl.cpp:

(WTF::StringImpl::createFromLiteral):
(WTF::StringImpl::createStaticStringImpl):

Tools:

TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(TestWebKitAPI::doStaticStringImplTests):
(TestWebKitAPI::TEST):

12:07 PM Changeset in webkit [255124] by Darin Adler

2 edits in trunk/LayoutTests

REGRESSION: [ Mac WK2 ] animations/suspend-resume-animation-events.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=206615

Reviewed by Alexey Proskuryakov.

animations/suspend-resume-animation-events.html: Make test slightly less timing

dependent.

12:02 PM Changeset in webkit [255123] by aakash_jain@apple.com

3 edits in trunk/Tools

webkit-patch upload should not submit automatically to old EWS
https://bugs.webkit.org/show_bug.cgi?id=206801

Reviewed by Alexey Proskuryakov.

Scripts/webkitpy/tool/commands/upload_unittest.py:
Scripts/webkitpy/tool/steps/submittoews.py:

11:14 AM Changeset in webkit [255122] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

Regression (r255103): media/modern-media-controls/placard-support/placard-support-airplay-fullscreen-no-controls.html
https://bugs.webkit.org/show_bug.cgi?id=206800

Unreviewed test gardening; the test which this was copied from, placard-support-airplay-fullscreen.html, is skipped on
iOS test bots due to a lack of AirPlay test support.

Patch by Jer Noble <jer.noble@apple.com> on 2020-01-25

platform/ios/TestExpectations:

9:12 AM Changeset in webkit [255121] by Diego Pino Garcia

5 edits in trunk/LayoutTests

[GTK] Gardening of media related tests
https://bugs.webkit.org/show_bug.cgi?id=206796

Unreviewed gardening.

platform/gtk/TestExpectations:
platform/gtk/media/audio-repaint-expected.txt:
platform/gtk/media/controls-styling-strict-expected.txt:
platform/gtk/media/media-controls-play-button-updates-expected.txt:

9:03 AM Changeset in webkit [255120] by mark.lam@apple.com

15 edits in trunk/Source

Move singleton Intl string locales out of JSGlobalObject.
https://bugs.webkit.org/show_bug.cgi?id=206791
<rdar://problem/58889037>

Source/JavaScriptCore:

Reviewed by Yusuke Suzuki and Andy Wagoner.

We were creating an instance of these for each JSGlobalObject when they can be a
global singleton since they are always initialized with the same intl data
(barring a mid-flight change in intl settings, which we don't support even in the
existing code).

It turns out that intlPluralRulesAvailableLocales() wasn't called anywhere.
IntlPluralRules code currently just uses intlNumberFormatAvailableLocales().
To document that this is intentional, we do the following:

have IntlPluralRules code call intlPluralRulesAvailableLocales(), and
have intlPluralRulesAvailableLocales() call intlNumberFormatAvailableLocales() for its implementation.

See https://bugs.webkit.org/show_bug.cgi?id=206791#c7 and
https://bugs.webkit.org/show_bug.cgi?id=206791#c8.

In addMissingScriptLocales(), I'm deliberately naming the string with underscores
because it's much easier to read pa_PK_String and see that it refers to "pa-PK"
as opposed to paPKString. Ditto for zh_CN_String, zh_HK_String, zh_SG_String,
and zh_TW_String.

runtime/IntlCollator.cpp:

(JSC::IntlCollator::initializeCollator):

runtime/IntlCollatorConstructor.cpp:

(JSC::IntlCollatorConstructorFuncSupportedLocalesOf):

runtime/IntlDateTimeFormat.cpp:

(JSC::IntlDateTimeFormat::initializeDateTimeFormat):

runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):

runtime/IntlNumberFormat.cpp:

(JSC::IntlNumberFormat::initializeNumberFormat):

runtime/IntlNumberFormatConstructor.cpp:

(JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):

runtime/IntlObject.cpp:

(JSC::convertICULocaleToBCP47LanguageTag):
(JSC::addMissingScriptLocales):
(JSC::intlCollatorAvailableLocales):
(JSC::intlDateTimeFormatAvailableLocales):
(JSC::intlNumberFormatAvailableLocales):
(JSC::defaultLocale):

runtime/IntlObject.h:
runtime/IntlPluralRules.cpp:

(JSC::IntlPluralRules::initializePluralRules):

runtime/IntlPluralRulesConstructor.cpp:

(JSC::IntlPluralRulesConstructorFuncSupportedLocalesOf):

runtime/JSGlobalObject.cpp:

(JSC::addMissingScriptLocales): Deleted.
(JSC::JSGlobalObject::intlCollatorAvailableLocales): Deleted.
(JSC::JSGlobalObject::intlDateTimeFormatAvailableLocales): Deleted.
(JSC::JSGlobalObject::intlNumberFormatAvailableLocales): Deleted.
(JSC::JSGlobalObject::intlPluralRulesAvailableLocales): Deleted.

runtime/JSGlobalObject.h:

Source/WTF:

Reviewed by Yusuke Suzuki.

Fix a bug in StringImpl::createStaticStringImpl(): I forgot to set its hash value
when I introduced it. StaticStringImpls require that its hash code be set ahead
of time, and cannot be mutated at runtime. See the comment in the definition of
StaticStringImpl in StringImpl.h.

wtf/text/StringImpl.cpp:

(WTF::StringImpl::createStaticStringImpl):

8:51 AM Changeset in webkit [255119] by pvollan@apple.com

13 edits
1 add in trunk

[Cocoa] Media mime types map should be created in the UI process
https://bugs.webkit.org/show_bug.cgi?id=206478

Reviewed by Darin Adler.

Source/WebCore:

Creating this map in the WebContent process will access the launch services daemon, which will be blocked.
This patch creates the map in the UI process and sends it to the WebContent process as part of the WebProcess
creation parameters.

API test: WebKit.MimeTypes

platform/MIMETypeRegistry.cpp:

(WebCore::overriddenMimeTypesMap):
(WebCore::commonMediaTypes):
(WebCore::commonMimeTypesMap):
(WebCore::typesForCommonExtension):

platform/MIMETypeRegistry.h:
testing/Internals.cpp:

(WebCore::Internals::mediaMIMETypeForExtension):

testing/Internals.h:
testing/Internals.idl:

Source/WebKit:

Send the mime type map from the UI process to the WebContent process as part of the
WebProcess creation parameters.

Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/MimeTypes.mm: Added.

(TEST):

7:57 AM Changeset in webkit [255118] by Alan Bujtas

4 edits in trunk/Source/WebCore

[LFC][IFC] Layout logic should be driven by the type of the inline box
https://bugs.webkit.org/show_bug.cgi?id=206792
<rdar://problem/58889080>

Reviewed by Antti Koivisto.

Use the type of the inline box to decide what layout functions to call and not whether the
box has children or it establishes a formatting context.

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::nextInPreOrder):
(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFormattingRoot):

layout/inlineformatting/InlineFormattingContext.h:
layout/inlineformatting/InlineLineBuilder.cpp:

(WebCore::Layout::LineBuilder::isVisuallyNonEmpty const):

6:16 AM Changeset in webkit [255117] by Antti Koivisto

16 edits in trunk

[LFC][Integration] Re-enable line layout integration
https://bugs.webkit.org/show_bug.cgi?id=206795
<rdar://problem/58853907>

Reviewed by Zalan Bujtas.

Source/WebCore:

page/RuntimeEnabledFeatures.h:

Source/WebKit:

Shared/WebPreferences.yaml:

Source/WebKitLegacy/mac:

WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Tools:

DumpRenderTree/TestOptions.h:

LayoutTests:

fast/dom/Range/getBoundingClientRect-expected.txt:
platform/ios/fast/text/hyphenate-limit-lines-expected.txt:
platform/ios/fast/text/whitespace/pre-break-word-expected.txt:
platform/ios/fast/text/word-break-expected.txt:
platform/mac/fast/text/hyphenate-limit-lines-expected.txt:
platform/mac/fast/text/whitespace/pre-break-word-expected.txt:
platform/mac/fast/text/word-break-expected.txt:

6:14 AM BuildingCairoOnWindows edited by Fujii Hironori

(diff)

4:27 AM Changeset in webkit [255116] by youenn@apple.com

12 edits in trunk

HTMLMediaElement should not remove the media session at DOM suspension time
https://bugs.webkit.org/show_bug.cgi?id=206661
<rdar://problem/58800787>

Source/WebCore:

Reviewed by Eric Carlson.

https://trac.webkit.org/changeset/233560 made it so that, on HTMLMediaElement suspension,
its media session is stopped.
This was done to ensure updateNowPlayingInfo is not called synchronously but asynchronously.
The issue is that, once the media session is stopped, it is removed from the media session vector.
On updating the ready state after suspension, and playing, we try to look into the media session vector and do not find the session.
This triggers the ASSERT.

Partially revert the behavior by calling the same code as clientWillPausePlayback
but make sure updateNowPlayingInfo is calling asynchronously when suspending the media element.
Introduce clientWillBeDOMSuspended for that purpose.

Update mediaPlayerReadyStateChanged to enqueue a task to do the update if the media element is suspended.

Covered by test no longer crashing in debug.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerReadyStateChanged):
(WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):

platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::processClientWillPausePlayback):
(WebCore::PlatformMediaSession::clientWillPausePlayback):
(WebCore::PlatformMediaSession::clientWillBeDOMSuspended):

platform/audio/PlatformMediaSession.h:
platform/audio/PlatformMediaSessionManager.cpp:

(WebCore::PlatformMediaSessionManager::sessionWillEndPlayback):

platform/audio/PlatformMediaSessionManager.h:
platform/audio/cocoa/MediaSessionManagerCocoa.h:
platform/audio/cocoa/MediaSessionManagerCocoa.mm:

(MediaSessionManagerCocoa::sessionWillEndPlayback):

platform/audio/ios/MediaSessionManagerIOS.h:
platform/audio/ios/MediaSessionManagerIOS.mm:

(WebCore::MediaSessionManageriOS::sessionWillEndPlayback):

Tools:

Reviewed by Eric Carlson.

TestWebKitAPI/Tests/WebKitLegacy/ios/ScrollingDoesNotPauseMedia.mm:

(TestWebKitAPI::TEST):
Suspend/resume Active DOM Objects from time to time as would do scrolling.
This allows pending tasks to be executed asynchronously when not scrolling.

Jan 24, 2020:

8:24 PM Changeset in webkit [255115] by rniwa@webkit.org

2 edits in trunk/LayoutTests

[iOS] REGRESSION(r254699) : fast/forms/interactive-validation-remove-node-in-handler.html is timing out
https://bugs.webkit.org/show_bug.cgi?id=206669

Reviewed by Wenson Hsieh.

The timeout was caused by the invalidation bubble in interactive-validation-prevented.html never getting closed.
Address the issue by explicitly dismissing the invalidation bubble by setting a value to the input element.

fast/forms/interactive-validation-prevented.html:

6:09 PM Changeset in webkit [255114] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

macCatalyst: Don't get any custom cursors in subframes
https://bugs.webkit.org/show_bug.cgi?id=206781
<rdar://problem/58698374>

Reviewed by Simon Fraser.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::positionInformation):
Adjust the hit test to allow child frame content, and reorganize the
rest of the code to use the hit frame instead of the main frame.

5:37 PM Changeset in webkit [255113] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

Null Ptr Deref READ @ WebCore::RenderMultiColumnFlow::lastMultiColumnSet const
https://bugs.webkit.org/show_bug.cgi?id=206106

Patch by Jack Lee <Jack Lee> on 2020-01-24
Reviewed by Ryosuke Niwa.

Could not write a reproducible fast test case for this.

rendering/RenderMultiColumnFlow.cpp:

(WebCore::RenderMultiColumnFlow::lastMultiColumnSet const):

rendering/updating/RenderTreeBuilderMultiColumn.cpp:

(WebCore::RenderTreeBuilder::MultiColumn::processPossibleSpannerDescendant):

5:35 PM Changeset in webkit [255112] by mark.lam@apple.com

6 edits
1 add in trunk

IntlObject's cached strings should be immortal and safe for concurrent access.
https://bugs.webkit.org/show_bug.cgi?id=206779
<rdar://problem/58831763>

Reviewed by Yusuke Suzuki.

JSTests:

stress/numberingSystemsForLocale-cached-strings-should-be-immortal-and-safe-for-concurrent-access.js: Added.

Source/JavaScriptCore:

In IntlObject's numberingSystemsForLocale(), we have a never destroyed
cachedNumberingSystems which is a singleton vector of Strings which are shared
multiple VMs. Hence, the strings in this vector should be a StaticStringImpl
so that it will be immortal, and can be access concurrently from multiple VMs
on different threads without any ref/deref'ing race issues.

runtime/IntlObject.cpp:

(JSC::numberingSystemsForLocale):

Source/WTF:

Add a factory for creating a dynamically allocated StaticStringImpl.

Note: StaticStringImpl is guaranteed to have the same shape as StringImpl.
The only difference is that s_refCountFlagIsStaticString is set on the refCount
for StaticStringImpl. Since the client will use the StaticStringImpl as a
StringImpl, we implement the factory by using StringImpl::createInternal() for
simplicity, and set the s_refCountFlagIsStaticString flag thereafter.

wtf/text/StringImpl.cpp:

(WTF::StringImpl::createStaticStringImpl):

wtf/text/StringImpl.h:

5:28 PM Changeset in webkit [255111] by jiewen_tan@apple.com

2 edits in trunk/Source/WebKit

Unreviewed, a speculative test fix after r255041

UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:

(WebKit::MockLocalConnection::getAttestation const):

5:22 PM Changeset in webkit [255110] by ysuzuki@apple.com

2 edits in trunk/JSTests

REGRESSION (r254964-r254970?): Catalina Debug JSC bot timing out while running tests
https://bugs.webkit.org/show_bug.cgi?id=206785

Unreviewed, skipping the test if $buildType is "debug".

stress/operand-should-fit-in-abstract-heap-encoded-payload-format.js:

5:12 PM Changeset in webkit [255109] by Alan Coon

1 copy in tags/Safari-609.1.15.2

Tag Safari-609.1.15.2.

5:08 PM Changeset in webkit [255108] by Wenson Hsieh

9 edits
2 adds in trunk

[iOS] Long pressing text inside a selection should update the selection
https://bugs.webkit.org/show_bug.cgi?id=206769
<rdar://problem/58704316>

Reviewed by Tim Horton.

Source/WebCore:

Remove hasSelectionAtPosition, which is no longer needed.

page/Page.cpp:

(WebCore::Page::hasSelectionAtPosition const): Deleted.

page/Page.h:

Source/WebKit:

Makes it possible to update the selection using text interaction gestures inside an existing text selection. To
do this, we remove code that was previously required in order to disambiguate text selection and drag gestures.
However, since adopting asynchronous drag interaction SPI, this check has not been necessary.

The only other purpose of this check was to avoid triggering text selection gestures after canceling a drag
that did not begin (i.e. the touch location did not move). Instead of bailing in -textInteractionGestures:
shouldBeginAtPoint: and -hasSelectablePositionAtPoint:, we can achieve the same effect by simply resetting the
text interaction gestures when the drag lift begins (at which point we know the drag interaction is starting).
This also ensures that on iPad, in the case where the drag was cancelled by the page, long pressing may still
trigger text selection.

Test: editing/selection/ios/select-text-in-existing-selection.html

Shared/ios/InteractionInformationAtPosition.h:
Shared/ios/InteractionInformationAtPosition.mm:

(WebKit::InteractionInformationAtPosition::encode const):
(WebKit::InteractionInformationAtPosition::decode):

Remove the hasSelectionAtPosition flag from position information, since we no longer need it.

UIProcess/ios/WKContentViewInteraction.mm:

(-[UIGestureRecognizer _wk_cancel]):

Drive-by fix: just ignore the gesture if it is already disabled. This prevents us from causing a gesture
recognizer that was previously disabled to become enabled as a result of calling -_wk_cancel.

(-[WKContentView hasSelectablePositionAtPoint:]):
(-[WKContentView textInteractionGesture:shouldBeginAtPoint:]):
(-[WKContentView cancelActiveTextInteractionGestures]):

Instead of making the text interaction gestures return NO from -gestureRecognizerShouldBegin:, explicitly cancel
the text interaction gestures that may select text.

(-[WKContentView dragInteraction:willAnimateLiftWithAnimator:session:]):

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::positionInformation):

Remove the hasSelectionAtPosition flag from position information, since we no longer need it.

LayoutTests:

Add a layout test to verify that it's possible to select text by long pressing inside an existing text
selection. The test is runnable on both iPad and iPhone, since it programmatically prevents dragstart.

editing/selection/ios/select-text-in-existing-selection-expected.txt: Added.
editing/selection/ios/select-text-in-existing-selection.html: Added.

5:07 PM Changeset in webkit [255107] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][IFC] (Regression) LayoutTests/fast/text/whitespace/029.html fails
https://bugs.webkit.org/show_bug.cgi?id=206773
<rdar://problem/58883388>

Reviewed by Simon Fraser.

While line break is an inline box, it does not have inline content so do not try to cast it to Container.

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints):
(WebCore::Layout::InlineFormattingContext::collectInlineContentIfNeeded):

4:49 PM Changeset in webkit [255106] by achristensen@apple.com

3 edits in trunk/Source/WebKit

Update EditorState from WebProcess when requesting context menu
https://bugs.webkit.org/show_bug.cgi?id=206775
<rdar://problem/56305573>

Reviewed by Wenson Hsieh.

When generating a context menu, AppKit calls -validRequestorForSendType:returnType:
which queries the editor state in WebViewImpl::validRequestorForSendAndReturnTypes.
Without updating the editor state, the first time you right click on a link,
the Services menu item did not appear because we were looking at a stale editor state.
Verified manually this fixes the bug.

WebProcess/WebPage/WebContextMenu.cpp:

(WebKit::WebContextMenu::show):

WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::handleSelectionServiceClick):

4:45 PM Changeset in webkit [255105] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

macCatalyst: Right clicking on links follows the link, but shouldn't
https://bugs.webkit.org/show_bug.cgi?id=206777
<rdar://problem/56586280>

Reviewed by Wenson Hsieh.

UIProcess/ios/WKMouseGestureRecognizer.mm:

(-[WKMouseGestureRecognizer createMouseEventWithType:forEvent:]):
(-[WKMouseGestureRecognizer touchesEnded:withEvent:]):
I got 'button' and 'buttons' backwards.

'button' indicates which button the event is about, so in MouseUp,
it should still be 2.

'buttons' indicate which buttons are still down, so in MouseUp,
it should not include 2. Since we don't currently track mouse button
chording here, we'll just say "none". Leave a FIXME about that.

This makes WebCore's behavior correct, and now it doesn't follow the link.

4:34 PM Changeset in webkit [255104] by rniwa@webkit.org

2 edits in trunk/LayoutTests

imported/w3c/web-platform-tests/requestidlecallback/callback-xhr-sync.html is flaky failure
https://bugs.webkit.org/show_bug.cgi?id=206676
<rdar://problem/58839631>

Add a flaky test expectation.

TestExpectations:

4:23 PM Changeset in webkit [255103] by commit-queue@webkit.org

4 edits
2 adds in trunk

AirPlay placard not visible when AirPlay is entered in fullscreen mode.
https://bugs.webkit.org/show_bug.cgi?id=206772
<rdar://problem/57098851>

Patch by Jer Noble <jer.noble@apple.com> on 2020-01-24
Reviewed by Eric Carlson.

Test: media/modern-media-controls/placard-support/placard-support-airplay-fullscreen-no-controls.html

The AirPlay and Picture-in-picture placards should always become visible, regardless of
whether the <video> element uses the native media controls. So "disabling" the PlacardSupport
object should not remove the listeners for presentation mode and route change events. Instead
merely remember whether the object is disabled, so that the "error placard" will only be shown
if controls are enabled, and PiP and AirPlay placards will always be shown.

Modules/modern-media-controls/media/placard-support.js:

(PlacardSupport.prototype.enable):
(PlacardSupport.prototype.disable):
(PlacardSupport.prototype._updatePlacard):

3:40 PM Changeset in webkit [255102] by Russell Epstein

4 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r255039. rdar://problem/58855996

Background thread with ITP Database should lock when the network process is suspended
https://bugs.webkit.org/show_bug.cgi?id=206593
rdar://problem/58713379

Reviewed by Chris Dumez.

This patch adds a function to hang the background queue when the
NetworkProcess is preparing to suspend.

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp: (WebKit::WebResourceLoadStatisticsStore::suspend): (WebKit::WebResourceLoadStatisticsStore::resume):
NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::prepareToSuspend): (WebKit::NetworkProcess::resume):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255039 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255101] by Russell Epstein

2 edits in branches/safari-609-branch/Source/JavaScriptCore

Cherry-pick r254996. rdar://problem/58856010

OptimizeAssociativeExpressionTrees should reset value owners before running
https://bugs.webkit.org/show_bug.cgi?id=206670
<rdar://problem/58535628>

Reviewed by Robin Morisset.

We have a crash inside OptimizeAssociativeExpressionTrees and we don't know
how to reproduce it. Also, based on Mark's auditing of the crash site's
assembly, Mark thinks we're crashing on a "currupt" basic block.

After I audited the code, I saw that we rely on value owners in this phase.
However, we don't actually reset them before running the phase. This patch
adds that as a speculative fix for the crash we're seeing.

b3/B3OptimizeAssociativeExpressionTrees.cpp: (JSC::B3::OptimizeAssociativeExpressionTrees::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254996 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255100] by Russell Epstein

6 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254991. rdar://problem/58856021

[Web Animations] Make AnimationList ref-counted
https://bugs.webkit.org/show_bug.cgi?id=206664

Reviewed by Antti Koivisto.

platform/animation/AnimationList.cpp:
platform/animation/AnimationList.h: (WebCore::AnimationList::create): (WebCore::AnimationList::copy): (WebCore::AnimationList::AnimationList): Deleted.
rendering/style/RenderStyle.cpp: (WebCore::RenderStyle::ensureAnimations): (WebCore::RenderStyle::ensureTransitions):
rendering/style/StyleRareNonInheritedData.cpp: (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
rendering/style/StyleRareNonInheritedData.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254991 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255099] by Russell Epstein

3 edits in branches/safari-609-branch/Source/JavaScriptCore

Cherry-pick r254962. rdar://problem/58856037

Restore nullification of DFG::Plan::m_vm when the plan is cancelled.
https://bugs.webkit.org/show_bug.cgi?id=206633
<rdar://problem/58811967>

Reviewed by Robin Morisset.

In r253243, I replaced the nullification of Plan::m_vm in Plan::cancel() with
code to decorate the m_vm pointer with a nuke bit. The thinking is that keeping
the VM pointer in nuked form allows us to do certain assertions, as well as
implementing code in support of keeping Box<Identifier>s alive. It is only
correct to use the nuked VM pointer if and only if the VM is guaranteed to
outlive the Plan. r253243 guarantees this condition.

In r254464, I replaced the use of Box<Identifier> with CacheableIdentifier.
This obviated all the support code added above, and rolled out most of it.
However, I opted to keep the nuked VM pointer in the DFG::Plan to as a debugging
aid (it's nice to be able to know which VM the Plan came from).

However, r254464 also undid the guarantee that the VM will outlive the Plan.
As a result, a nuked VM pointer is no longer guaranteed to point to a valid VM.
Some worker layout tests, run on an ASAN build, detected that the pointer is
pointing to an already freed VM and failed with a crash.

This patch fixes this issue by completely reverting the nuked VM pointer code,
and restores nullification of the m_vm pointer in Plan::cancel().

dfg/DFGPlan.cpp: (JSC::DFG::Plan::computeCompileTimes const): (JSC::DFG::Plan::cancel):
dfg/DFGPlan.h: (JSC::DFG::Plan::vm const): (JSC::DFG::Plan::unnukedVM const): Deleted. (JSC::DFG::Plan::nuke): Deleted. (JSC::DFG::Plan::unnuke): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254962 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255098] by Russell Epstein

3 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254951. rdar://problem/58856000

Make a Ref to WindowEventLoop when the timer to run tasks fires
https://bugs.webkit.org/show_bug.cgi?id=206568

Reviewed by Antti Koivisto.

Keep WindowEventLoop alive explicitly while invoking EventLoop::run.

dom/WindowEventLoop.cpp: (WebCore::WindowEventLoop::WindowEventLoop): (WebCore::WindowEventLoop::didReachTimeToRun):
dom/WindowEventLoop.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255097] by Russell Epstein

3 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254938. rdar://problem/58856028

Fix SDK availability macros
https://bugs.webkit.org/show_bug.cgi?id=206463
<rdar://problem/58581906>

Reviewed by Timothy Hatcher.

Bug 197841 updated WebKit.xcconfig with regards to when it runs a
header post-processing script. This post-processing script grovels
over our exported headers, changing macros like WK_API_AVAILABLE to
the standard API_AVAILABLE. Because of the change in Bug 197841, the
script was no longer being run when preparing macOS 10.15 SDKs, which
was breaking those SDKs. Fix this by reverting the change, allowing
the macros to be replaced for macOS 10.15.

We also need to touch WKFoundation.h in order to support incremental
builds. If we don't, then the version of WKFoundation.h that was
exported in the previous build and that was incorrectly post-processed
would remain incorrectly post-processed. Touch the file so that it
will get re-exported and re-post-processed.

No new tests - no added or changed functionality.

Configurations/WebKit.xcconfig:
Shared/API/Cocoa/WKFoundation.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254938 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:40 PM Changeset in webkit [255096] by Russell Epstein

4 edits in branches/safari-609-branch/Tools

Cherry-pick r254318. rdar://problem/58856031

TestController::platformLibraryPathForTesting() returns inner pointer to autoreleased NSString
<https://webkit.org/b/206018>
<rdar://problem/58449733>

Reviewed by Darin Adler.

WebKitTestRunner/TestController.cpp: (WTR::TestController::initialize):
Use WTF::AutodrainedPool to fix remaining autoreleasePool leaks.
WebKitTestRunner/ios/TestControllerIOS.mm: (WTR::TestController::platformLibraryPathForTesting):
WebKitTestRunner/mac/TestControllerMac.mm: (WTR::TestController::platformLibraryPathForTesting):
Retain NSString since these methods return an inner pointer. This also only needs to be initialized once.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2:52 PM Changeset in webkit [255095] by Andres Gonzalez

2 edits in trunk/Source/WebCore

Crash in AXIsolatedObject::tagName.
https://bugs.webkit.org/show_bug.cgi?id=206765

Reviewed by Chris Fleizach.

Fixes crash in AXIsolatedObject::tagName.

accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::initializeAttributeData): Was missing the isolatedCopy when caching the tagName.

2:19 PM Changeset in webkit [255094] by Keith Rollin

2 edits in trunk/Source/WebKitLegacy

Remove check-xcfilelists.sh from WebKitLegacy Xcode build target
https://bugs.webkit.org/show_bug.cgi?id=206762
<rdar://problem/58825997>

Reviewed by Alexey Proskuryakov.

When check-xcfilelists.sh got added to the WebKitLegacy Xcode project,
it was also accidentally added to the WebKitLegacy build target. This
caused it to be treated as a "resource", and so was copied to the
output directory in the Resources sub-folder during the build. This
copying is not expected, needed, or desired. Remove
check-xcfilelists.sh from the target, which also removes it from the
Copy Resources build phase, which removes it from the
WebKitLegacy.framework/Resources directory.

WebKitLegacy.xcodeproj/project.pbxproj:

1:58 PM Changeset in webkit [255093] by jiewen_tan@apple.com

2 edits in trunk/Source/WebKit

Unreviewed, a build fix after r255056

UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:

(WebKit::MockLocalConnection::getAttestation const):

1:18 PM Changeset in webkit [255092] by Ryan Haddad

2 edits in trunk/Source/WebCore

Unreviewed, rolling out r255089.

Breaks tvOS build.

Reverted changeset:

"WebCore: Remove iOS 11 macros from
WebItemProviderPasteboard.h"
https://bugs.webkit.org/show_bug.cgi?id=206719
https://trac.webkit.org/changeset/255089

12:57 PM Changeset in webkit [255091] by Alan Coon

5 edits in branches/safari-609.1.15-branch/Source/WebKit

Cherry-pick r254552. rdar://problem/58812968

REGRESSION (r253394): After swiping back during a navigation, WKWebView gets stuck with the forward content, stops repainting
https://bugs.webkit.org/show_bug.cgi?id=206268
<rdar://problem/58536702>

Reviewed by Simon Fraser.

UIProcess/ViewGestureController.cpp: (WebKit::ViewGestureController::endSwipeGesture):
UIProcess/ViewGestureController.h:
UIProcess/ios/ViewGestureControllerIOS.mm: (WebKit::ViewGestureController::beginSwipeGesture): (WebKit::ViewGestureController::endSwipeGesture): (WebKit::ViewGestureController::removeSwipeSnapshot):
UIProcess/mac/ViewGestureControllerMac.mm: (WebKit::ViewGestureController::beginSwipeGesture): (WebKit::ViewGestureController::removeSwipeSnapshot): After r253394, we start loading the destination page in willEndSwipeGesture, when we know the gesture will complete, instead of in endSwipeGesture, when it is actually done.

This means that if we decide that we should tear down the snapshot immediately,
this can now happen in the window between willEndSwipeGesture and endSwipeGesture.

However, removeSwipeSnapshot has numerous dependencies on endSwipeGesture
(especially on iOS, where there are /also/ dependencies in the other direction -
endSwipeGesture will never be called after removeSwipeSnapshot because
of the gestureID mismatch).

Regardless, it does not make sense to remove the snapshot while the animation
is still running. So, if something causes removeSwipeSnapshot to be called
before endSwipeGesture, we just set a bit and call it inside endSwipeGesture instead.

This ends up putting the snapshot removal ordering back as it was before r253394.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12:54 PM Changeset in webkit [255090] by Alan Coon

8 edits in branches/safari-609.1.15-branch/Source

Versioning.

12:40 PM Changeset in webkit [255089] by Jonathan Bedard

2 edits in trunk/Source/WebCore

WebCore: Remove iOS 11 macros from WebItemProviderPasteboard.h
https://bugs.webkit.org/show_bug.cgi?id=206719

Reviewed by Tim Horton.

No functional changes, covered by existing tests.

platform/ios/WebItemProviderPasteboard.h:

12:26 PM Changeset in webkit [255088] by Caio Lima

7 edits in trunk/Source/JavaScriptCore

[ARMv7][JIT] Implement checkpoint support
https://bugs.webkit.org/show_bug.cgi?id=206611

Reviewed by Yusuke Suzuki.

This patch is adding code path to properly support checkpoint on ARMv7.

dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):

We changed the scratch buffer population to properly handle
callee-saved registers on 32-bits. For more details, check comments on
source code.

dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::compileExit):

jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):
(JSC::GPRInfo::toIndex):

We are adding back regCS1 to be used as GPRReg on DFG and
scratch registers. This was necessary because some code generated by
GetByVal IC requires at least 9 registers available.
Given that, we also added such register to dfgCalleeSaveRegisters
set.

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitPutByValWithCachedId):

jit/RegisterSet.cpp:

(JSC::RegisterSet::dfgCalleeSaveRegisters):

llint/LowLevelInterpreter.asm:

12:25 PM Changeset in webkit [255087] by Keith Rollin

2 edits in trunk/Source/WTF

Fix internal Apple builds after r254411
https://bugs.webkit.org/show_bug.cgi?id=206723
<rdar://problem/58844735>

Reviewed by Maciej Stachowiak.

The default Xcode build configuration has changed between macOS 10.13
and macOS 10.15, such that references to some frameworks when bulding
for the latter don't work when building for the former. Fix this by
explicitly adding support for the desired build location rather than
assuming such support will be provided for us.

Configurations/WTF.xcconfig:

12:00 PM Changeset in webkit [255086] by keith_miller@apple.com

3 edits in trunk/Source/JavaScriptCore

JSC should produce a module map.
https://bugs.webkit.org/show_bug.cgi?id=206717

Reviewed by Mark Lam.

Configurations/JavaScriptCore.xcconfig:
JavaScriptCore.modulemap:

11:33 AM Changeset in webkit [255085] by youenn@apple.com

8 edits in trunk

Add support for MediaRecorder.requestData
https://bugs.webkit.org/show_bug.cgi?id=206731

LayoutTests/imported/w3c:

Reviewed by Eric Carlson.

web-platform-tests/mediacapture-record/idlharness.window-expected.txt:

Source/WebCore:

Reviewed by Eric Carlson.

Add support for requestData that fetches any available data.
Expose MediaRecorder stream.
Covered by updated tests.

Modules/mediarecorder/MediaRecorder.cpp:

(WebCore::MediaRecorder::requestData):

Modules/mediarecorder/MediaRecorder.h:
Modules/mediarecorder/MediaRecorder.idl:

LayoutTests:

Reviewed by Eric Carlson.

http/wpt/mediarecorder/MediaRecorder-dataavailable.html:

11:30 AM Changeset in webkit [255084] by Jon Davis

2 edits in trunk/Websites/webkit.org

Fix editing permissions for the Web Inspector Editor role
https://bugs.webkit.org/show_bug.cgi?id=206761

Reviewed by Devin Rousso.

wp-content/plugins/web-inspector-pages.php:

11:12 AM Changeset in webkit [255083] by commit-queue@webkit.org

3 edits
2 adds in trunk

Nullptr deref in WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation when an element is inserted before legend under multi-column layout.
https://bugs.webkit.org/show_bug.cgi?id=206109

Patch by Jack Lee <Jack Lee> on 2020-01-24
Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/forms/fieldset/fieldset-crash-insert-before-legend-under-multicol.html

rendering/updating/RenderTreeBuilderBlockFlow.cpp:

(WebCore::RenderTreeBuilder::BlockFlow::attach):

LayoutTests:

fast/forms/fieldset/fieldset-crash-insert-before-legend-under-multicol-expected.txt: Added.
fast/forms/fieldset/fieldset-crash-insert-before-legend-under-multicol.html: Added.

10:57 AM Changeset in webkit [255082] by Matt Lewis

5 edits in trunk/Tools

Remove Apple windows 7 queues.
https://bugs.webkit.org/show_bug.cgi?id=206702

Reviewed by Jonathan Bedard.

BuildSlaveSupport/build.webkit.org-config/config.json:
BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:
BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Dashboard.js:
BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/Main.css:
BuildSlaveSupport/build.webkit.org-config/steps_unittest.py:

Removed Windows 7 queues from config and from dashboard.

10:53 AM Changeset in webkit [255081] by pvollan@apple.com

13 edits
1 delete in trunk

Unreviewed, rolling out r255050.

Introduced crashes on bots

Reverted changeset:

"[Cocoa] Media mime types map should be created in the UI
process"
https://bugs.webkit.org/show_bug.cgi?id=206478
https://trac.webkit.org/changeset/255050

10:40 AM Changeset in webkit [255080] by Andres Gonzalez

5 edits in trunk/Source/WebCore

Implementation of AXIsolatedObject::isStaticText and isLandmark methods.
https://bugs.webkit.org/show_bug.cgi?id=206745

Reviewed by Chris Fleizach.

isStaticText moved from the AXObject class to the base AXCoreObject so

that it is used by isolated objects as well.

Implemented isLandmark.
Ordered alphabetically the setProperty calls for most IsXXX

properties in initializeAttributeData for easier identification.

accessibility/AccessibilityObject.h:
accessibility/AccessibilityObjectInterface.h:

(WebCore::AXCoreObject::isStaticText const):

accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::initializeAttributeData):
(WebCore::AXIsolatedObject::isLandmark const): Deleted, inline in header file.
(WebCore::AXIsolatedObject::isStaticText const): Deleted, implemented in AXCoreObject.

accessibility/isolatedtree/AXIsolatedObject.h:

10:29 AM Changeset in webkit [255079] by commit-queue@webkit.org

2 edits
5 adds in trunk/LayoutTests

[GTK][WPE] Websockets close-on-x tests are failing
https://bugs.webkit.org/show_bug.cgi?id=206392

Unreviewed gardening.

Rebaseline after libsoup commit 35f1bac5.

Patch by Lauro Moura <Lauro Moura> on 2020-01-24

platform/gtk/TestExpectations:
platform/gtk/http/tests/websocket/tests/hybi/close-on-navigate-new-location-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-on-unload-and-force-gc-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-on-unload-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-on-unload-reference-in-parent-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/send-after-close-on-unload-expected.txt: Added.

10:13 AM Changeset in webkit [255078] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

[GTK][WPE] Several WPT fetch tests are failing
https://bugs.webkit.org/show_bug.cgi?id=206416

Patch by Rob Buis <rbuis@igalia.com> on 2020-01-24
Reviewed by Frédéric Wang.

It is better to skip these as more tests can be added
and this feature is not enabled on WPE/GTK.

platform/gtk/TestExpectations:
platform/wpe/TestExpectations:

9:58 AM Changeset in webkit [255077] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r255052.
https://bugs.webkit.org/show_bug.cgi?id=206758

"Broke production builds" (Requested by rmorisset on #webkit).

Reverted changeset:

"Break the dependency between jsc and DerivedSources"
https://bugs.webkit.org/show_bug.cgi?id=206720
https://trac.webkit.org/changeset/255052

9:35 AM Changeset in webkit [255076] by graouts@webkit.org

14 edits in trunk

[Web Animations] Support multiple CSS Animations with the same name in animation-name
https://bugs.webkit.org/show_bug.cgi?id=206688

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark some new WPT progressions.

web-platform-tests/css/css-animations/Element-getAnimations-dynamic-changes.tentative-expected.txt:
web-platform-tests/css/css-animations/Element-getAnimations.tentative-expected.txt:
web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement-expected.txt:

Source/WebCore:

AnimationTimeline would keep track of registered CSS Animations by name for a given element in m_elementToCSSAnimationByName which would map one CSSAnimation
per String (the animation-name) for a given Element. However, within the same animation-name property, the name of a given @keyframes rules may appear more
than once, and the CSS Animations specification explains how to handle this scenario.

We now correctly handle this by replacing m_elementToCSSAnimationByName with the new m_elementToCSSAnimationsCreatedByMarkupMap which simply maps an Element
to a ListHashSet of CSSAnimation objects. Removing the string that appeared in animation-name to create this animation requires us to keep the AnimationList
used for the last style update for sorting purposes, since having multiple instances of the same string would not allow disambiguation when sorting the
KeyframeEffectStack.

So we also replace m_cssAnimationNames, a Vector<String>, with m_cssAnimationList, a RefPtr<const AnimationList>, and use this to compare Animation objects
stored in the AnimationList against the backing animation of each CSSAnimation.

Storing the AnimationList on the KeyframeEffectStack also has the benefit of allowing us to use this as the previous state when updating CSS Animations in
AnimationTimeline::updateCSSAnimationsForElement(). We used to rely on the previous RenderStyle provided to that function, but it's possible that this style
is null and we would unnecessarily create additional CSSAnimation objects for animations that actually were retained since the last time CSS Animations were
invalidated. We now use the stored AnimationList on the invalidated element's KeyframeEffectStack and create a new animation list that will replace the old
list stored in the m_elementToCSSAnimationsCreatedByMarkupMap map for that element. We can also compare the old list with the new list to find out which
animations are no longer current.

Finally, we refactor things a bit to have some new aliases AnimationCollection and CSSAnimationCollection instead of using ListHashSet<> in our types.

animation/AnimationTimeline.cpp:

(WebCore::AnimationTimeline::animationWasAddedToElement): Use the new AnimationCollection alias.
(WebCore::AnimationTimeline::removeDeclarativeAnimationFromListsForOwningElement): We no longer need to do any work for CSSAnimation here since the
m_elementToCSSAnimationByName map is no more and the m_elementToCSSAnimationsCreatedByMarkupMap that replaces it is updated in updateCSSAnimationsForElement()
and elementWasRemoved().
(WebCore::AnimationTimeline::animationsForElement const): Since animations are correctly sorted accounting for their composite order in KeyframeEffectStack,
call KeyframeEffectStack::sortedEffects() when we're called with Ordering::Sorted.
(WebCore::AnimationTimeline::removeCSSAnimationCreatedByMarkup): New method called by elementWasRemoved() to ensure that when an element is removed, we remove
its CSSAnimation objects from the new m_elementToCSSAnimationsCreatedByMarkupMap and also update the AnimationList on the relevant KeyframeEffectStack.
(WebCore::AnimationTimeline::elementWasRemoved): Call the new removeCSSAnimationCreatedByMarkup() method before canceling a CSSAnimation.
(WebCore::AnimationTimeline::cancelDeclarativeAnimationsForElement): Call the new removeCSSAnimationCreatedByMarkup() method before canceling a CSSAnimation.
(WebCore::AnimationTimeline::updateCSSAnimationsForElement): Use the AnimationList recoreded on the relevant KeyframeEffectStack to determine which CSSAnimation
objects to create, cancel or merely update depending on the AnimationList in the current style.

animation/AnimationTimeline.h:
animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::getAnimations const): Use compareAnimationsByCompositeOrder() to correctly sort CSS Animations since they are no longer guaranteed
to be stored in the relevant map in the expected order.

animation/KeyframeEffectStack.cpp:

(WebCore::KeyframeEffectStack::ensureEffectsAreSorted): Use the new m_cssAnimationList instead of the old m_cssAnimationNames when sorting effects.
(WebCore::KeyframeEffectStack::setCSSAnimationList):
(WebCore::KeyframeEffectStack::setCSSAnimationNames): Deleted.

animation/KeyframeEffectStack.h:

(WebCore::KeyframeEffectStack::cssAnimationList const):
(WebCore::KeyframeEffectStack::cssAnimationNames const): Deleted.

animation/WebAnimation.cpp:

(WebCore::WebAnimation::commitStyles): Use the new KeyframeEffectStack::cssAnimationList() instead of the old KeyframeEffectStack::cssAnimationNames().

animation/WebAnimationUtilities.cpp:

(WebCore::compareAnimationsByCompositeOrder): Update the composite order comparison utility to use an AnimationList rather than a list of animation names.

animation/WebAnimationUtilities.h:
platform/animation/AnimationList.h:

(WebCore::AnimationList::copy const):

9:18 AM Changeset in webkit [255075] by Jonathan Bedard

2 edits in trunk/Tools

run-webkit-tests: Handle case where device socket make handle invalid
https://bugs.webkit.org/show_bug.cgi?id=206707

Reviewed by Stephanie Lewis.

Scripts/webkitpy/port/simulator_process.py:

(SimulatorProcess.NonBlockingFileFromSocket.close): Catch IOError when closing file.

8:42 AM Changeset in webkit [255074] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][Painting] Add Display::Run cleanup to TextPainter::clearGlyphDisplayLists
https://bugs.webkit.org/show_bug.cgi?id=206744
<rdar://problem/58867112>

Reviewed by Antti Koivisto.

rendering/TextPainter.cpp:

(WebCore::TextPainter::clearGlyphDisplayLists):

8:32 AM Changeset in webkit [255073] by Jonathan Bedard

4 edits in trunk/Source/WTF

WTF: Remove old iOS version macros
https://bugs.webkit.org/show_bug.cgi?id=206634
<rdar://problem/58818561>

Reviewed by Darin Adler.

wtf/PlatformEnable.h: Remove iOS 12 version macro.
wtf/PlatformHave.h: Ditto.
wtf/PlatformUse.h: Ditto.

7:58 AM Changeset in webkit [255072] by Brent Fulgham

2 edits in trunk/Source/WebKit

[iOS] Add missing sysctl-read permission (already available in macOS sandbox)
https://bugs.webkit.org/show_bug.cgi?id=206713
<rdar://problem/57665153>

Reviewed by Per Arne Vollan.

Correct a sandbox violation encountered when attempting to log the system hostname.
This was already handled properly on macOS, but the rule was not added to the iOS sandbox.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

7:26 AM Changeset in webkit [255071] by Antti Koivisto

5 edits in trunk/Source/WebCore

[LFC][Integration] Clear inline item caches on low memory notification
https://bugs.webkit.org/show_bug.cgi?id=206740
<rdar://problem/58773905>

Reviewed by Zalan Bujtas.

Clear inline item caches on low memory notification.

layout/inlineformatting/InlineFormattingState.h:
layout/integration/LayoutIntegrationLineLayout.cpp:

(WebCore::LayoutIntegration::LineLayout::releaseCaches):
(WebCore::LayoutIntegration::LineLayout::releaseInlineItemCache):

layout/integration/LayoutIntegrationLineLayout.h:

Remove inline capacity. It is rarely optimal and we can afford the heap allocation.

page/MemoryRelease.cpp:

(WebCore::releaseNoncriticalMemory):

7:14 AM Changeset in webkit [255070] by Adrian Perez de Castro

9 edits in trunk/Source

Fix various non-unified build issues introduced since r254751
https://bugs.webkit.org/show_bug.cgi?id=206736

Reviewed by Carlos Garcia Campos.

Source/JavaScriptCore:

tools/CompilerTimingScope.cpp: Add missing inclusions of wtf/Vector.h and wtf/text/WTFString.h

Source/WebCore:

No new tests needed.

Modules/cache/DOMCacheEngine.cpp: Move errorToException() function out from the file to

make it usable from DOMCacheStorage.cpp

Modules/cache/DOMCacheEngine.h:

(WebCore::DOMCacheEngine::errorToException): Added.

Modules/cache/DOMCacheStorage.cpp:

(WebCore::DOMCacheStorage::retrieveCaches): Adapt to use DOMCacheEngine::errorToException().

platform/graphics/cairo/ImageBufferUtilitiesCairo.cpp: Add missing RefPtrCairo.h inclusion.

Source/WebKit:

WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp: Add missing WebFrame.h inclusion.

7:14 AM Changeset in webkit [255069] by clopez@igalia.com

2 edits in trunk/Tools

[GTK] API test runner fails with error: too many open files.
https://bugs.webkit.org/show_bug.cgi?id=206743

Reviewed by Carlos Garcia Campos.

The API test runner for google tests was leaking file descriptors because
it was not closing the file descriptor of the pseudo-terminal of the child,
which was referred in the parent because of the forkpty() call.
This was causing a small but constant increase of open file descriptors,
until the point it reached the limit of maximum open files (1024 usually)
causing this error.

Fix that by closing the reference to the fd of the child's pseudo-terminal.

glib/api_test_runner.py:

(TestRunner._run_google_test):

6:36 AM Changeset in webkit [255068] by Alan Bujtas

4 edits in trunk/Source/WebCore

[LFC][Integration] LineLayout::paint should take advantage of the glyph display list cache
https://bugs.webkit.org/show_bug.cgi?id=206727
<rdar://problem/58809696>

Reviewed by Antti Koivisto.

layout/displaytree/DisplayInlineContent.cpp:

(WebCore::Display::InlineContent::~InlineContent):

layout/displaytree/DisplayInlineContent.h:
layout/integration/LayoutIntegrationLineLayout.cpp:

(WebCore::LayoutIntegration::LineLayout::paint):

6:11 AM Changeset in webkit [255067] by don.olmstead@sony.com

16 edits
3 copies
3 moves
3 deletes in trunk/Source/WebKit

Centralize AuxiliaryProcessMainBase implementations
https://bugs.webkit.org/show_bug.cgi?id=206700

Reviewed by Carlos Garcia Campos.

Non-Cocoa ports share a common usage of AuxiliaryProcessMainBase but the implementations
don't share a lot of code. This patch centralizes the code and the naming used.

NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

NetworkProcess/EntryPoint/win/NetworkProcessMain.cpp:

(main):

NetworkProcess/NetworkProcessMain.h: Renamed from Source/WebKit/NetworkProcess/win/NetworkProcessMainWin.h.
NetworkProcess/curl/NetworkProcessMainCurl.cpp: Renamed from Source/WebKit/NetworkProcess/win/NetworkProcessMainWin.cpp.

(WebKit::initializeAuxiliaryProcess<NetworkProcess>):
(WebKit::NetworkProcessMain):

NetworkProcess/soup/NetworkProcessMainSoup.cpp:

(WebKit::NetworkProcessMain):
(WebKit::NetworkProcessMainUnix): Deleted.

NetworkProcess/unix/NetworkProcessMainUnix.h: Removed.
PlatformFTW.cmake:
PlatformGTK.cmake:
PlatformWPE.cmake:
PlatformWin.cmake:
PluginProcess/EntryPoint/unix/PluginProcessMain.cpp:

(main):

PluginProcess/PluginProcessMain.h: Renamed from Source/WebKit/PluginProcess/unix/PluginProcessMainUnix.h.
PluginProcess/unix/PluginProcessMainUnix.cpp:

(WebKit::PluginProcessMain):
(WebKit::PluginProcessMainUnix): Deleted.

Shared/AuxiliaryProcessMain.h: Renamed from Source/WebKit/Shared/unix/AuxiliaryProcessMain.h.
WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

WebProcess/EntryPoint/win/WebProcessMain.cpp:

(main):

WebProcess/WebProcessMain.h: Renamed from Source/WebKit/WebProcess/win/WebProcessMainWin.h.
WebProcess/gtk/WebProcessMainGtk.cpp:

(WebKit::WebProcessMain):
(WebKit::WebProcessMainUnix): Deleted.

WebProcess/playstation/WebProcessMainPlayStation.cpp: Renamed from Source/WebKit/WebProcess/unix/WebProcessMainUnix.h.

(WebKit::WebProcessMain):

WebProcess/win/WebProcessMainWin.cpp:

(WebKit::WebProcessMain):
(WebKit::WebProcessMainWin): Deleted.

WebProcess/wpe/WebProcessMainWPE.cpp:

(WebKit::WebProcessMain):
(WebKit::WebProcessMainUnix): Deleted.

webkitglib-symbols.map:

5:53 AM Changeset in webkit [255066] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

[GTK] More unreviewed gardening.
https://bugs.webkit.org/show_bug.cgi?id=206693

Unreviewed gardening.

Patch by Lauro Moura <Lauro Moura> on 2020-01-24

platform/gtk/TestExpectations:

3:32 AM Changeset in webkit [255065] by Pablo Saavedra

2 edits in trunk/LayoutTests

Layout Test animations/no-style-recalc-during-accelerated-animation.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=206733

Unreviewed test gardening.

platform/gtk/TestExpectations:

3:18 AM Changeset in webkit [255064] by commit-queue@webkit.org

2 edits
4 moves
3 adds
2 deletes in trunk/LayoutTests

Import 2 sets of grid-align-tests from WPT
https://bugs.webkit.org/show_bug.cgi?id=206492

Patch by Rossana Monteriso <rmonteriso@igalia.com> on 2020-01-24
Reviewed by Manuel Rego Casasnovas.

LayoutTests/imported/w3c:

Add outdated grid-align tests, checked and adapted to the WPT project, to the css-grid/alignment folder for imported tests.
Add also blue-100.png support file inside the css/support folder.
Correct the test description inside <p>, for grid-align-stretching-replaced-items.html.

web-platform-tests/css/css-grid/alignment/grid-align-content-vertical-lr.html:
web-platform-tests/css/css-grid/alignment/grid-align-content-vertical-rl.html:
web-platform-tests/css/css-grid/alignment/grid-align-stretching-replaced-items.html:
web-platform-tests/css/css-grid/alignment/grid-align-content-vertical-lr-expected.txt:
web-platform-tests/css/css-grid/alignment/grid-align-content-vertical-rl-expected.txt:
web-platform-tests/css/css-grid/alignment/grid-align-stretching-replaced-items-expected.txt:
web-platform-tests/css/support/blue-100.png:

LayoutTests:

Remove outdated grid-align tests, that are being replaced by newer tests, adapted to the WPT project and imported
to the corresponding css-grid folder inside WebKit.

fast/css-grid-layout/grid-align-content-vertical-lr-expected.txt: Removed.
fast/css-grid-layout/grid-align-content-vertical-rl-expected.txt: Removed.
fast/css-grid-layout/grid-align-stretching-replaced-items-expected.txt: Removed.
fast/css-grid-layout/grid-align-stretching-replaced-items.html: Removed.
fast/css-grid-layout/grid-align-content-vertical-lr.html: Removed.
fast/css-grid-layout/grid-align-content-vertical-rl.html: Removed.

3:17 AM Changeset in webkit [255063] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Fix number of callee saved register count on MIPS
https://bugs.webkit.org/show_bug.cgi?id=206732

Patch by Paulo Matos <Paulo Matos> on 2020-01-24
Reviewed by Žan Doberšek.

MIPS has been issuing illegal instruction errors due to stack corruption.
This is caused by an incorrect number of CalleeSaveRegisterCount
that should be set to 3 since r254674.

llint/LowLevelInterpreter.asm:

2:52 AM Changeset in webkit [255062] by zandobersek@gmail.com

2 edits in trunk/Tools

Unreviewed WPE dependency bump.

wpe/jhbuild.modules: Bump the libwpe checkout commit to include fixes

for configuration errors that can occur with older (but still supported)
CMake versions.

1:03 AM Changeset in webkit [255061] by Carlos Garcia Campos

2 edits in trunk/Tools

Unreviewed GTK gardening. Mark /webkit/WebKitWebPage/get-uri as flaky

TestWebKitAPI/glib/TestExpectations.json:

12:47 AM Changeset in webkit [255060] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit

[GTK] Reduce the maximum time we wait for draw events in DrawingMonitor
https://bugs.webkit.org/show_bug.cgi?id=206662

Reviewed by Carlos Alberto Lopez Perez.

1 second is too much, we can wait up to 100_ms instead and wait for the next frame after 16_ms. We should also
ensure there's a draw event since this is called from dispatchAfterEnsuringDrawing().

UIProcess/CoordinatedGraphics/DrawingAreaProxyCoordinatedGraphics.cpp:

(WebKit::DrawingAreaProxyCoordinatedGraphics::DrawingMonitor::start):
(WebKit::DrawingAreaProxyCoordinatedGraphics::DrawingMonitor::didDraw):

12:37 AM Changeset in webkit [255059] by Antti Koivisto

9 edits
2 adds in trunk

:matches() doesn't combine correctly with pseudo elements
https://bugs.webkit.org/show_bug.cgi?id=206654

Reviewed by Simon Fraser.

Source/WebCore:

:matches() has been renamed to :is() in the spec (https://www.w3.org/TR/selectors-4/#matches).
Update the :matches implementation to spec behavior regarding pseudo element handling.

"Pseudo-elements cannot be represented by the matches-any pseudo-class; they are not valid within :is()."

Selectors like

::matches(foo, .parent .child)::first-letter

should work while

::matches(:first-letter)

shoudn't match anything.

Test: fast/selectors/matches-with-pseudo-element.html

css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively const):
(WebCore::SelectorChecker::checkOne const):

Don't provide pseudoId into ::matches subselectors. Pseudo elements are not suppported inside ::matches.
If one if found, fail that subselector.

css/SelectorChecker.h:

LayoutTests:

TestExpectations:

Unskip fast/css/first-letter-and-float-crash.html which no longer hits assert due to this.

fast/selectors/matches-with-pseudo-element-expected.html: Added.
fast/selectors/matches-with-pseudo-element.html: Added.
fast/css/currentColor-on-before-after-pseudo-elements.html:
fast/css/matches-specificity-5.html:
fast/selectors/pseudo-element-inside-matches-expected.html:
fast/selectors/pseudo-element-inside-matches.html:

Update the existing tests to match the behavior.

12:23 AM Changeset in webkit [255058] by youenn@apple.com

13 edits in trunk

Make sure fetch tasks go to network if service worker never gets to activated
https://bugs.webkit.org/show_bug.cgi?id=206648

Reviewed by Chris Dumez.

Source/WebCore:

In case worker context process crashes, the SWServerWorker gets set to NotRunning.
If the SWServerWorker has pending activating completion handlers, they will never be called until the worker is destroyed.
But the worker may never be destroyed until its registration is destroyed.
This may trigger service worker fetch task hangs.

To fix this, make sure to call activating completion handlers whenever the SWServerWorker state is changed to either Terminating or NotRunning.

Covered by updated test.

workers/service/server/SWServerWorker.cpp:

(WebCore::SWServerWorker::~SWServerWorker):
(WebCore::SWServerWorker::whenActivated):
(WebCore::SWServerWorker::setState):

workers/service/server/SWServerWorker.h:

Source/WebKit:

In case activating completion handlers are not called, the fetch task timeout should kick in and make the load go to network process.
The issue is that our code was using the context connection to do so.
If the fetch task is waiting for the worker activation, the context connection might not be set and the timeout will be a no-op.

To fix this, the fetch task will do as if its context is closed when the timeout fires.
The fetck task now has a weak pointer to the WebSWServerConnection and will use to terminate the service worker as done previously.

We no longer handle all ongoing fetch tasks of the ongoing service worker.
Each individual fetch task timeout provides the same level of protection.
The service worker will anyway get terminated which will race to finalize the service worker fetch tasks with each of their timeout.

NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:

(WebKit::ServiceWorkerFetchTask::ServiceWorkerFetchTask):
(WebKit::ServiceWorkerFetchTask::timeoutTimerFired):

NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.h:
NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:

(WebKit::WebSWServerConnection::createFetchTask):
(WebKit::WebSWServerConnection::fetchTaskTimedOut):

NetworkProcess/ServiceWorker/WebSWServerConnection.h:
NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:

(WebKit::WebSWServerToContextConnection::fetchTaskTimedOut):

LayoutTests:

http/wpt/service-workers/service-worker-spinning-activate.https-expected.txt:
http/wpt/service-workers/service-worker-spinning-activate.https.html:

12:19 AM Changeset in webkit [255057] by youenn@apple.com

2 edits in trunk/Source/WebCore

Make sure DOMCacheStorage::retrieveCaches always calls its completionHandler
https://bugs.webkit.org/show_bug.cgi?id=206647

Reviewed by Chris Dumez.

Modules/cache/DOMCacheStorage.cpp:

(WebCore::DOMCacheStorage::retrieveCaches):
In case of context being stopped, make sure the completion handler is still called.

Jan 23, 2020:

10:37 PM Changeset in webkit [255056] by jiewen_tan@apple.com

2 edits in trunk/Source/WebKit

Unreviewed, a follow up on r254894

UIProcess/WebAuthentication/Mock/MockLocalConnection.mm:

(WebKit::MockLocalConnection::getAttestation const):
Includes the status code in the message.

10:09 PM Changeset in webkit [255055] by ysuzuki@apple.com

3 edits
1 add in trunk

[JSC] DFG OSR exit is not marking CodeBlock::m_hasLinkedOSRExit when the exit target is checkpoint
https://bugs.webkit.org/show_bug.cgi?id=206726
<rdar://problem/58827849>

Reviewed by Saam Barati.

JSTests:

stress/exit-target-code-block-can-be-changed-between-llint-and-baseline.js: Added.

(bar):
(foo):

Source/JavaScriptCore:

The problem was that DFG OSR exit is not marking CodeBlock::m_hasLinkedOSRExit appropriately when an exit target bytecode-index is a checkpoint.
Let's consider the following scenario.

The caller CodeBlock "A" has Baseline code.
Compile DFG code exiting to the checkpoint of "A". We are not marking "A"'s CodeBlock::m_hasLinkedOSRExit.
GC happens and we decide dropping Baseline code for "A" since it is not marked. Switching it to LLInt.
However, DFG OSR exit code is compiled by assuming that "A" is Baseline. So LLInt registers are not recovered correctly.
Then, exiting to LLInt of "A", LLInt sees that LLInt registers have garbage.

In this patch, we correctly set a bit of CodeBlock::m_hasLinkedOSRExit when the exit target is checkpoint.

dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::callerReturnPC):

9:55 PM Changeset in webkit [255054] by Wenson Hsieh

10 edits in trunk

[iOS] Support setting minimum effective device width during dynamic viewport size updates
https://bugs.webkit.org/show_bug.cgi?id=206709
<rdar://problem/58713872>

Reviewed by Tim Horton.

Source/WebKit:

Changes to minimum effective device width are currently always propagated to the web process via out-of-band
updates to the web process. During animated resize, Safari currently changes the minimum effective device width
prior to updating the view size; this causes the viewport configuration to temporarily be in a state where the
new value for minimum effective device width is used, but the old viewport width and height are still used.

This subsequently breaks existing logic in WebPage::dynamicViewportSizeUpdate that attempts to keep the portion
of the unobscured content width that is visible consistent before and after rotation (see
visibleHorizontalFraction), since that code will be mislead into believing that the wrong fraction of content
width is visible.

To fix this, we roll minimum effective device width changes along with view size (and other attributes) in
dynamic viewport size updates.

Test: WebKit.ChangeFrameAndMinimumEffectiveDeviceWidthDuringAnimatedResize

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setViewScale:]):
(-[WKWebView _setMinimumEffectiveDeviceWidth:]):

During animated resize, just set m_minimumEffectiveDeviceWidth without notifying the web process; if the value
changed during the update block, we send the new minimum effective device width to the web page as a part of
the dynamic viewport size update.

Also, make a drive-by adjustment to use _page->viewLayoutSize() instead of recomputing the active layout
bounds when we know that only the minimum effective device width is changing. We also apply the same adjustment
above, in -_setViewScale:.

UIProcess/API/ios/WKWebViewIOS.mm:

(-[WKWebView _beginAnimatedResizeWithUpdates:]):

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::viewLayoutSize const):
(WebKit::WebPageProxy::setMinimumEffectiveDeviceWidthWithoutViewportConfigurationUpdate):

Add a helper method to update the minimum effective device width without updating the viewport configuration in
the web process. This is only used when the minimum effective device width is specified in the middle of a
dynamic viewport size update (i.e. animated resize).

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::dynamicViewportSizeUpdate):

Plumb the new minimum effective device width over to the web process as a part of the dynamic viewport size
update, and update both the new view size and minimum effective device width on the viewport configuration at
the same time.

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:
WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::dynamicViewportSizeUpdate):

Tools:

Adds a new API test that changes both the effective minimum device width and view size during animated resize.

TestWebKitAPI/Tests/WebKitCocoa/AnimatedResize.mm:

9:41 PM Changeset in webkit [255053] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for Windows
https://bugs.webkit.org/show_bug.cgi?id=206706

Definition still existed.

parser/Parser.h:

8:52 PM Changeset in webkit [255052] by rmorisset@apple.com

3 edits in trunk/Source/JavaScriptCore

Break the dependency between jsc and DerivedSources
https://bugs.webkit.org/show_bug.cgi?id=206720

Reviewed by Mark Lam.

According to Tadeu, the slowdown of production builds (by more than 20%) when he landed his bytecode patch was caused by a new dependency of the jsc binary on DerivedSources/, which was needed because of DerivedSources/BytecodeStructs.h being included in CommonSlowPaths.h which is transitively included in jsc.cpp.
Now that BytecodeStructs.h is no longer included in CommonSlowPaths.h (see https://bugs.webkit.org/show_bug.cgi?id=206566), I'm trying to break the dependency, to recover from this compile time regression.

Configurations/JSC.xcconfig:
JavaScriptCore.xcodeproj/project.pbxproj:

8:24 PM Changeset in webkit [255051] by rmorisset@apple.com

2 edits in trunk/Source/JavaScriptCore

Remove dead option useFTLTBAA
https://bugs.webkit.org/show_bug.cgi?id=206725

Reviewed by Mark Lam.

It is likely from when the FTL used LLVM, before B3/Air were written, making this option completely obsolete (and it is currently unused).

runtime/OptionsList.h:

7:18 PM Changeset in webkit [255050] by pvollan@apple.com

13 edits
1 add in trunk

[Cocoa] Media mime types map should be created in the UI process
https://bugs.webkit.org/show_bug.cgi?id=206478

Reviewed by Darin Adler.

Source/WebCore:

API test: WebKit.MimeTypes

platform/MIMETypeRegistry.cpp:

(WebCore::overriddenMimeTypesMap):
(WebCore::commonMediaTypes):
(WebCore::commonMimeTypesMap):
(WebCore::typesForCommonExtension):

platform/MIMETypeRegistry.h:
testing/Internals.cpp:

(WebCore::Internals::mediaMIMETypeForExtension):

testing/Internals.h:
testing/Internals.idl:

Source/WebKit:

Send the mime type map from the UI process to the WebContent process as part of the
WebProcess creation parameters.

Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/MimeTypes.mm: Added.

(TEST):

7:11 PM Changeset in webkit [255049] by Darin Adler

15 edits in trunk/Source

Remove some unneeded definitions from Platform.h family headers
https://bugs.webkit.org/show_bug.cgi?id=206642

Reviewed by Eric Carlson.

Source/WebCore:

platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.h: Removed

checks of HAVE(AVFOUNDATION_MEDIA_SELECTION_GROUP) and
HAVE(AVFOUNDATION_VIDEO_OUTPUT) because both are always 1 on Cocoa platforms,
and this is Cocoa-only source code.

platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm: Ditto.
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: Ditto.
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: Ditto.

Source/WebCore/PAL:

pal/spi/cf/CFNetworkSPI.h: Remove

HAVE(CFNETWORK_WITH_CONTENT_ENCODING_SNIFFING_OVERRIDE) because it was
always 1 on Cocoa platforms, and was guarding a definition that we
use unconditionally in Objective-C Cocoa-only code, and there is no
harm of defining it on Windows as long as we don't use it.

pal/spi/cocoa/PassKitSPI.h: Remove HAVE(PASSKIT_API_TYPE) because

it was always 1 on Cocoa platforms and this is a Cocoa-only header.

Source/WebKit:

Platform/cocoa/PaymentAuthorizationViewController.mm:

(-[WKPaymentAuthorizationViewControllerDelegate _getPaymentServicesMerchantURL:]):
Removed HAVE(PASSKIT_API_TYPE) because it's always 1 on Cocoa platforms and this
is Cocoa-only code.

Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:

(WebKit::toAPIType): Ditto.
(WebKit::WebPaymentCoordinatorProxy::platformPaymentRequest): Ditto.

Source/WTF:

wtf/PlatformEnable.h:

Removed ENABLE_RESPECT_EXIF_ORIENTATION because it was unused.

wtf/PlatformHave.h:

Removed HAVE_PASSKIT_API_TYPE because it is now unused.
Removed HAVE_MERGESORT because it was unused.
Removed HAVE_AVFOUNDATION_VIDEO_OUTPUT because it is now unused.
Removed HAVE_AVFOUNDATION_MEDIA_SELECTION_GROUP because it is now unused.
Removed HAVE_CFNETWORK_WITH_CONTENT_ENCODING_SNIFFING_OVERRIDE because it was unused.

wtf/PlatformUse.h:

Removed USE_ARENA_ALLOC_ALIGNMENT_INTEGER because it was unused.
Removed USE_NETWORK_CFDATA_ARRAY_CALLBACK because it is now unused.

6:57 PM Changeset in webkit [255048] by rmorisset@apple.com

2 edits in trunk/Source/JavaScriptCore

Remove dead options "dumpAllDFGNodes"/"showAllDFGNodes"
https://bugs.webkit.org/show_bug.cgi?id=204372

Reviewed by Keith Miller.

runtime/OptionsList.h:

6:54 PM Changeset in webkit [255047] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

Get rid of didFinishParsing and make parseInner return its results
https://bugs.webkit.org/show_bug.cgi?id=206706

Reviewed by Mark Lam and Keith Miller and Yusuke Suzuki.

This is paving the way for eagerly parsing immediately invoked functions.
Before, we'd just end up setting member fields inside ::didFinishParsing,
and then read them out inside ::parse. However, this is not going to work
when we are in a world where we're generating AST nodes for more than one
function at a time. This patch paves the way for that.

parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::didFinishParsing): Deleted.

parser/Parser.h:

(JSC::Parser<LexerType>::parse):

6:22 PM Changeset in webkit [255046] by timothy_horton@apple.com

5 edits in trunk/Source

macCatalyst: I-Beam is too conservative, doesn't show up in editable areas with no text
https://bugs.webkit.org/show_bug.cgi?id=206716
<rdar://problem/58359523>

Reviewed by Simon Fraser.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::lineCaretExtent):
(WebKit::populateCaretContext):
(WebKit::WebPage::positionInformation):
Instead of uniting the caret position for the first and last position
on the line to find the I-Beam region, use the bounds of the selection
rect for the line, which extends beyond existing text, matching our
traditional behavior of showing the I-Beam over blank regions.

editing/VisiblePosition.cpp:

(WebCore::VisiblePosition::absoluteSelectionBoundsForLine const):

editing/VisiblePosition.h:

Expose the bounds of the possible selection for the line that the given position belongs to.

6:04 PM Changeset in webkit [255045] by Fujii Hironori

2 edits in trunk/Source/WebKit

Set proper TextureMapperLayer::m_contentsLayer in updateImageBacking
https://bugs.webkit.org/show_bug.cgi?id=206212

Patch by Tomoki Imai <Tomoki Imai> on 2020-01-23
Reviewed by Žan Doberšek.

There is a chance to set a wrong TextureMapperLayer::m_contentsLayer.
It occurs when

The previous content layer is removed, and it doesn't have the next content layer. (layerState.contentLayer == nullptr)
It has an image backing, which is not visible. (layerState.imageBacking != nullptr, entry.update.isVisible == false)

In that case, it didn't call TextureMapperLayer::setContentsLayer(nullptr) even if it doesn't have a new content layer.

This patch set TextureMapperLayer::m_contentsLayer in updateImageBacking regardless of the visibility.
setBackingStore is not needed in updateImageBacking, as it should be handle only by layerState.backingStore.

Should be covered by the existing testcases.

Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:

(WebKit::updateImageBacking): Call TextureMapperLayer::setContentsLayer(nullptr) instead of TextureMapperLayer::setBackingStore(nullptr) when it's not visible.

5:48 PM Changeset in webkit [255044] by Andres Gonzalez

8 edits in trunk/Source/WebCore

Use the same AccessibilityObjectWrapper for associated AXObject and AXIsolatedObject.
https://bugs.webkit.org/show_bug.cgi?id=206384

Reviewed by Chris Fleizach.

Associated AXObject and AXIsolatedObject need to share the same
AccessibilityObjectWrapper in order for accessibility clients to work
properly. This change implements Chris Fleizach's original approach to
have both the AXObject and IsolatedObject in the same wrapper. This
approach allows the event notification code to remain the same in
isolated tree mode, and minimizes lock contention between the main and
AX threads.

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::cacheAndInitializeWrapper): Utility method that encapsulates these operations performed in the getOrCreate methods.
(WebCore::AXObjectCache::getOrCreate):
(WebCore::AXObjectCache::createIsolatedTreeHierarchy): Attaches to the IsolatedObject the same wrapper as its associated AXObject.

accessibility/AXObjectCache.h:
accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: Instead of accessing the backing object directly (m_object) or through the macro _axBackingObject, uses self.axBackingObject.

(AccessibilityUnignoredAncestor):
(-[WebAccessibilityTextMarker initWithData:accessibilityObject:]):
(-[WebAccessibilityObjectWrapper detach]):
(-[WebAccessibilityObjectWrapper dealloc]):
(-[WebAccessibilityObjectWrapper _prepareAccessibilityCall]):
(-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
(-[WebAccessibilityObjectWrapper accessibilityHitTest:]):
(-[WebAccessibilityObjectWrapper enableAttributeCaching]):
(-[WebAccessibilityObjectWrapper disableAttributeCaching]):
(-[WebAccessibilityObjectWrapper accessibilityElementCount]):
(-[WebAccessibilityObjectWrapper accessibilityElementAtIndex:]):
(-[WebAccessibilityObjectWrapper indexOfAccessibilityElement:]):
(-[WebAccessibilityObjectWrapper _accessibilityPath]):
(-[WebAccessibilityObjectWrapper accessibilityHasPopup]):
(-[WebAccessibilityObjectWrapper accessibilityPopupValue]):
(-[WebAccessibilityObjectWrapper accessibilityLanguage]):
(-[WebAccessibilityObjectWrapper accessibilityIsDialog]):
(-[WebAccessibilityObjectWrapper _accessibilityTreeAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityListAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityArticleAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityLandmarkAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityTableAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):
(-[WebAccessibilityObjectWrapper _accessibilityFieldsetAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityFrameAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
(-[WebAccessibilityObjectWrapper accessibilityIsWebInteractiveVideo]):
(-[WebAccessibilityObjectWrapper interactiveVideoDescription]):
(-[WebAccessibilityObjectWrapper accessibilityIsMediaPlaying]):
(-[WebAccessibilityObjectWrapper accessibilityIsMediaMuted]):
(-[WebAccessibilityObjectWrapper accessibilityToggleMuteForMedia]):
(-[WebAccessibilityObjectWrapper accessibilityVideoEnterFullscreen]):
(-[WebAccessibilityObjectWrapper _accessibilityTextEntryTraits]):
(-[WebAccessibilityObjectWrapper accessibilityTraits]):
(-[WebAccessibilityObjectWrapper isSVGGroupElement]):
(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
(-[WebAccessibilityObjectWrapper stringValueShouldBeUsedInLabel]):
(-[WebAccessibilityObjectWrapper _accessibilityHasTouchEventListener]):
(-[WebAccessibilityObjectWrapper _accessibilityValueIsAutofilled]):
(-[WebAccessibilityObjectWrapper _accessibilityIsStrongPasswordField]):
(-[WebAccessibilityObjectWrapper _accessibilityMinValue]):
(-[WebAccessibilityObjectWrapper _accessibilityMaxValue]):
(-[WebAccessibilityObjectWrapper accessibilityRoleDescription]):
(-[WebAccessibilityObjectWrapper accessibilityLabel]):
(-[WebAccessibilityObjectWrapper tableCellParent]):
(-[WebAccessibilityObjectWrapper tableParent]):
(-[WebAccessibilityObjectWrapper accessibilityTitleElement]):
(-[WebAccessibilityObjectWrapper accessibilityRowRange]):
(-[WebAccessibilityObjectWrapper accessibilityBlockquoteLevel]):
(-[WebAccessibilityObjectWrapper accessibilityDatetimeValue]):
(-[WebAccessibilityObjectWrapper accessibilityPlaceholderValue]):
(-[WebAccessibilityObjectWrapper accessibilityColorStringValue]):
(-[WebAccessibilityObjectWrapper accessibilityValue]):
(-[WebAccessibilityObjectWrapper accessibilityIsAttachmentElement]):
(-[WebAccessibilityObjectWrapper accessibilityIsComboBox]):
(-[WebAccessibilityObjectWrapper accessibilityHint]):
(-[WebAccessibilityObjectWrapper accessibilityURL]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollToVisible]):
(-[WebAccessibilityObjectWrapper accessibilityScroll:]):
(-[WebAccessibilityObjectWrapper _accessibilityRelativeFrame]):
(-[WebAccessibilityObjectWrapper accessibilityElementRect]):
(-[WebAccessibilityObjectWrapper accessibilityVisibleContentRect]):
(-[WebAccessibilityObjectWrapper accessibilityActivationPoint]):
(-[WebAccessibilityObjectWrapper accessibilityFrame]):
(-[WebAccessibilityObjectWrapper containsUnnaturallySegmentedChildren]):
(-[WebAccessibilityObjectWrapper accessibilityContainer]):
(-[WebAccessibilityObjectWrapper accessibilityFocusedUIElement]):
(-[WebAccessibilityObjectWrapper _accessibilityWebDocumentView]):
(-[WebAccessibilityObjectWrapper accessibilityCanSetValue]):
(-[WebAccessibilityObjectWrapper accessibilityLinkRelationshipType]):
(-[WebAccessibilityObjectWrapper accessibilityRequired]):
(-[WebAccessibilityObjectWrapper accessibilityFlowToElements]):
(-[WebAccessibilityObjectWrapper accessibilityLinkedElement]):
(-[WebAccessibilityObjectWrapper isAttachment]):
(-[WebAccessibilityObjectWrapper accessibilityTextualContext]):
(-[WebAccessibilityObjectWrapper _accessibilityActivate]):
(-[WebAccessibilityObjectWrapper attachmentView]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollPosition]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollSize]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollVisibleRect]):
(-[WebAccessibilityObjectWrapper accessibilityFindMatchingObjects:]):
(-[WebAccessibilityObjectWrapper accessibilityModifySelection:increase:]):
(-[WebAccessibilityObjectWrapper accessibilityMoveSelectionToMarker:]):
(-[WebAccessibilityObjectWrapper accessibilityIncrement]):
(-[WebAccessibilityObjectWrapper accessibilityDecrement]):
(-[WebAccessibilityObjectWrapper _accessibilitySetValue:]):
(-[WebAccessibilityObjectWrapper stringForTextMarkers:]):
(-[WebAccessibilityObjectWrapper arrayOfTextForTextMarkers:attributed:]):
(-[WebAccessibilityObjectWrapper _convertToNSRange:]):
(-[WebAccessibilityObjectWrapper _convertToDOMRange:]):
(-[WebAccessibilityObjectWrapper positionForTextMarker:]):
(-[WebAccessibilityObjectWrapper textMarkerRange]):
(-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
(-[WebAccessibilityObjectWrapper textMarkerForPosition:]):
(-[WebAccessibilityObjectWrapper stringForRange:]):
(-[WebAccessibilityObjectWrapper _accessibilitySelectedTextRange]):
(-[WebAccessibilityObjectWrapper _accessibilitySetSelectedTextRange:]):
(-[WebAccessibilityObjectWrapper accessibilityReplaceRange:withText:]):
(-[WebAccessibilityObjectWrapper accessibilityInsertText:]):
(-[WebAccessibilityObjectWrapper selectedTextMarker]):
(-[WebAccessibilityObjectWrapper lineEndMarkerForMarker:]):
(-[WebAccessibilityObjectWrapper lineStartMarkerForMarker:]):
(-[WebAccessibilityObjectWrapper misspellingTextMarkerRange:forward:]):
(-[WebAccessibilityObjectWrapper frameForTextMarkers:]):
(-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
(-[WebAccessibilityObjectWrapper textMarkerForPoint:]):
(-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
(-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
(-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
(-[WebAccessibilityObjectWrapper startOrEndTextMarkerForTextMarkers:isStart:]):
(-[WebAccessibilityObjectWrapper textMarkersForRange:]):
(-[WebAccessibilityObjectWrapper accessibilityExpandedTextValue]):
(-[WebAccessibilityObjectWrapper accessibilityIdentifier]):
(-[WebAccessibilityObjectWrapper accessibilityARIAIsBusy]):
(-[WebAccessibilityObjectWrapper accessibilityARIALiveRegionStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIARelevantStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIALiveRegionIsAtomic]):
(-[WebAccessibilityObjectWrapper accessibilitySupportsARIAPressed]):
(-[WebAccessibilityObjectWrapper accessibilityIsPressed]):
(-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):
(-[WebAccessibilityObjectWrapper accessibilityIsExpanded]):
(-[WebAccessibilityObjectWrapper accessibilityIsShowingValidationMessage]):
(-[WebAccessibilityObjectWrapper accessibilityInvalidStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIACurrentStatus]):
(-[WebAccessibilityObjectWrapper accessibilitySortDirection]):
(-[WebAccessibilityObjectWrapper accessibilityMathRootIndexObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathRadicandObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathNumeratorObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathDenominatorObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathBaseObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathSubscriptObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathSuperscriptObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathUnderObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathOverObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathFencedOpenString]):
(-[WebAccessibilityObjectWrapper accessibilityMathFencedCloseString]):
(-[WebAccessibilityObjectWrapper accessibilityIsMathTopObject]):
(-[WebAccessibilityObjectWrapper accessibilityMathLineThickness]):
(-[WebAccessibilityObjectWrapper accessibilityMathType]):
(-[WebAccessibilityObjectWrapper accessibilityClickPoint]):

accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::attachWrapper): Attaches the given IsolatedObject and wrapper.

accessibility/mac/WebAccessibilityObjectWrapperBase.h:
accessibility/mac/WebAccessibilityObjectWrapperBase.mm:

(-[WebAccessibilityObjectWrapperBase initWithAccessibilityObject:]):
(-[WebAccessibilityObjectWrapperBase attachAXObject:]):
(-[WebAccessibilityObjectWrapperBase attachIsolatedObject:]):
(-[WebAccessibilityObjectWrapperBase detach]):
(-[WebAccessibilityObjectWrapperBase updateObjectBackingStore]):
(-[WebAccessibilityObjectWrapperBase baseAccessibilityTitle]):
(-[WebAccessibilityObjectWrapperBase axBackingObject]):
(-[WebAccessibilityObjectWrapperBase baseAccessibilityDescription]):
(-[WebAccessibilityObjectWrapperBase baseAccessibilitySpeechHint]):
(-[WebAccessibilityObjectWrapperBase baseAccessibilityHelpText]):
(-[WebAccessibilityObjectWrapperBase convertRectToSpace:space:]):
(-[WebAccessibilityObjectWrapperBase ariaLandmarkRoleDescription]):
(-[WebAccessibilityObjectWrapperBase baseAccessibilitySetFocus:]):
(-[WebAccessibilityObjectWrapperBase accessibilityMathPostscriptPairs]):
(-[WebAccessibilityObjectWrapperBase accessibilityMathPrescriptPairs]):
(accessibilitySearchCriteriaForSearchPredicateParameterizedAttribute):
(-[WebAccessibilityObjectWrapperBase accessibilityObject]): Deleted, axBackingObject should be used instead.

accessibility/mac/WebAccessibilityObjectWrapperMac.mm: Instead of accessing the backing object directly (m_object) or through the macro _axBackingObject, uses self.axBackingObject.

(-[WebAccessibilityObjectWrapper attachmentView]):
(-[WebAccessibilityObjectWrapper screenToContents:]):
(-[WebAccessibilityObjectWrapper accessibilityObjectForTextMarker:]):
(-[WebAccessibilityObjectWrapper textMarkerRangeFromRange:]):
(-[WebAccessibilityObjectWrapper startOrEndTextMarkerForRange:isStart:]):
(-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
(-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
(-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
(-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
(-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
(-[WebAccessibilityObjectWrapper textMarkerForVisiblePosition:]):
(-[WebAccessibilityObjectWrapper textMarkerForFirstPositionInTextControl:]):
(-[WebAccessibilityObjectWrapper visiblePositionForTextMarker:]):
(-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:spellCheck:]):
(-[WebAccessibilityObjectWrapper textMarkerRangeFromVisiblePositions:endPosition:]):
(-[WebAccessibilityObjectWrapper ALLOW_DEPRECATED_IMPLEMENTATIONS_END]):
(-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
(-[WebAccessibilityObjectWrapper visiblePositionRangeForTextMarkerRange:]):
(-[WebAccessibilityObjectWrapper renderWidgetChildren]):
(-[WebAccessibilityObjectWrapper remoteAccessibilityParentObject]):
(convertToVector):
(-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
(-[WebAccessibilityObjectWrapper associatedPluginParent]):
(-[WebAccessibilityObjectWrapper path]):
(-[WebAccessibilityObjectWrapper childrenVectorSize]):
(-[WebAccessibilityObjectWrapper childrenVectorArray]):
(-[WebAccessibilityObjectWrapper position]):
(-[WebAccessibilityObjectWrapper role]):
(-[WebAccessibilityObjectWrapper subrole]):
(-[WebAccessibilityObjectWrapper roleDescription]):
(-[WebAccessibilityObjectWrapper computedRoleString]):
(-[WebAccessibilityObjectWrapper scrollViewParent]):
(-[WebAccessibilityObjectWrapper valueDescriptionForMeter]):
(-[WebAccessibilityObjectWrapper windowElement:]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
(-[WebAccessibilityObjectWrapper accessibilityFocusedUIElement]):
(-[WebAccessibilityObjectWrapper accessibilityHitTest:]):
(-[WebAccessibilityObjectWrapper accessibilityIsAttributeSettable:]):
(-[WebAccessibilityObjectWrapper _accessibilityPerformPressAction]):
(-[WebAccessibilityObjectWrapper _accessibilityPerformIncrementAction]):
(-[WebAccessibilityObjectWrapper _accessibilityPerformDecrementAction]):
(-[WebAccessibilityObjectWrapper accessibilityPerformShowMenuAction]):
(-[WebAccessibilityObjectWrapper _accessibilityShowContextMenu]):
(-[WebAccessibilityObjectWrapper accessibilityScrollToVisible]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollToMakeVisibleWithSubFocus:]):
(-[WebAccessibilityObjectWrapper _accessibilityScrollToGlobalPoint:]):
(-[WebAccessibilityObjectWrapper accessibilityReplaceRange:withText:]):
(-[WebAccessibilityObjectWrapper accessibilityInsertText:]):
(-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):
(-[WebAccessibilityObjectWrapper doAXAttributedStringForRange:]):
(-[WebAccessibilityObjectWrapper _convertToNSRange:]):
(-[WebAccessibilityObjectWrapper _indexForTextMarker:]):
(-[WebAccessibilityObjectWrapper _textMarkerForIndex:]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
(-[WebAccessibilityObjectWrapper accessibilityIndexOfChild:]):
(-[WebAccessibilityObjectWrapper accessibilityArrayAttributeCount:]):
(-[WebAccessibilityObjectWrapper accessibilityArrayAttributeValues:index:maxCount:]):

5:20 PM Changeset in webkit [255043] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[EME] Key renewal fails when using AVContentKeyReportGroup
https://bugs.webkit.org/show_bug.cgi?id=206694
<rdar://problem/58628345>

Patch by Jer Noble <jer.noble@apple.com> on 2020-01-23
Reviewed by Eric Carlson.

When a CDMInstanceSession has a AVContentKeyReportGroup, it doesn't have an AVContentKeySession; it has
to get the session from it's parent CDMInstance to request key renewal.

platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:

(WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::updateLicense):

4:10 PM Changeset in webkit [255042] by dbates@webkit.org

3 edits in trunk/Source/WebKit

Add a variant of -selectPositionAtPoint that can select an arbitrary point
https://bugs.webkit.org/show_bug.cgi?id=206712

Reviewed by Wenson Hsieh.

Adds a variant of -selectPositionAtPoint, called _selectPositionAtPoint, that takes a boolean
as to whether to constrain the specified point to stay within the focused element. I will
make use of this functionality in a subsequent patch.

UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView selectPositionAtPoint:completionHandler:]): Moved implementation to -_selectPositionAtPoint
and write this function in terms of it.
(-[WKContentView _selectPositionAtPoint:stayingWithinFocusedElement:completionHandler:]): Added.

3:57 PM Changeset in webkit [255041] by jiewen_tan@apple.com

2 edits in trunk/Tools

WebKitTestRunner: use ad hoc signing for internal Production builds
https://bugs.webkit.org/show_bug.cgi?id=206607
<rdar://problem/56087327>

Reviewed by Jonathan Bedard.

WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:

3:25 PM Changeset in webkit [255040] by rmorisset@apple.com

9 edits
1 add in trunk/Source/JavaScriptCore

Don't include BytecodeStructs.h in CommonSlowPaths.h
https://bugs.webkit.org/show_bug.cgi?id=206566

Reviewed by Tadeu Zagallo.

Simple improvement to compile times.

JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGOSREntry.cpp:
jit/JIT.h:
jit/JITInlines.h:
jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:
runtime/CommonSlowPaths.h:
wasm/WasmSlowPaths.cpp:

2:49 PM Changeset in webkit [255039] by Kate Cheney

4 edits in trunk/Source/WebKit

Background thread with ITP Database should lock when the network process is suspended
https://bugs.webkit.org/show_bug.cgi?id=206593
rdar://problem/58713379

Reviewed by Chris Dumez.

This patch adds a function to hang the background queue when the
NetworkProcess is preparing to suspend.

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::suspend):
(WebKit::WebResourceLoadStatisticsStore::resume):

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::prepareToSuspend):
(WebKit::NetworkProcess::resume):

2:13 PM Changeset in webkit [255038] by pvollan@apple.com

9 edits in trunk/Source/WebKit

[iOS] Make it possible for WebKit clients to enable connections to asset services in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=206551

Reviewed by Brent Fulgham.

Add SPI to grant and revoke access to asset services in the WebContent process.

No new tests, since this should have an API test, but API tests are not running on iOS devices. We could
create an API test for simulator, but the simulator has no sandbox.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
UIProcess/API/Cocoa/WKWebViewPrivate.h:
UIProcess/API/ios/WKWebViewIOS.mm:

(-[WKWebView _grantAccessToAssetServices]):
(-[WKWebView _revokeAccessToAssetServices]):

UIProcess/WebPageProxy.h:
UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::grantAccessToAssetServices):
(WebKit::WebPageProxy::revokeAccessToAssetServices):

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:
WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::grantAccessToAssetServices):
(WebKit::WebProcess::revokeAccessToAssetServices):

1:51 PM Changeset in webkit [255037] by Simon Fraser

45 edits
5 adds in trunk

Fixed elements no longer stay fixed with elastic overscroll
https://bugs.webkit.org/show_bug.cgi?id=206227
rdar://problem/58707084

Reviewed by Antti Koivisto.
Source/WebCore:

Intended behavior on iOS and macOS is for position:fixed and sticky elements to maintain
their position relative to the view bounds when rubber-banding ("overscrolling"). This broke
some time back. This change restores the correct behavior with the call to layoutViewportRespectingRubberBanding()
in ScrollingTreeFixedNode::applyLayerPositions() and ScrollingTreeStickyNode::computeLayerPosition().
layoutViewportRespectingRubberBanding() computes a layout viewport without clamping.

The rest of the changes are to support testing. internals.unconstrainedScrollTo()
didn't work for main frame scrolling because of scroll position clamping in various places,
so propagate ScrollClamping in more places (and replace the redundant ScrollPositionClamp with ScrollClamping).

"requested scroll position" updates now carry along both clamping and "is programmatic" data, wrapped in a struct
which is passed around the scrolling tree. This allows us to not clamp the scroll position (for testing) in more places.

Internals::unconstrainedScrollTo() needs one weird hack to trigger a layout (and thus a scrolling tree commit),
because the layout is normally triggered by a layout viewport change, but when rubber-banding we clamp the layoutViewport
used for layout, so those layouts are never triggered.

Tests: tiled-drawing/scrolling/fixed/fixed-during-rubberband.html

tiled-drawing/scrolling/sticky/sticky-during-rubberband.html

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
dom/Element.cpp:

(WebCore::Element::scrollTo):

page/DOMWindow.cpp:

(WebCore::DOMWindow::scrollTo const):

page/FrameView.cpp:

(WebCore::FrameView::setScrollPosition):
(WebCore::FrameView::requestScrollPositionUpdate):

page/FrameView.h:
page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):

page/scrolling/AsyncScrollingCoordinator.h:
page/scrolling/ScrollingCoordinator.cpp:
page/scrolling/ScrollingCoordinator.h:

(WebCore::ScrollingCoordinator::requestScrollPositionUpdate):

page/scrolling/ScrollingStateScrollingNode.cpp:

(WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
(WebCore::ScrollingStateScrollingNode::setRequestedScrollData):
(WebCore::ScrollingStateScrollingNode::dumpProperties const):
(WebCore::ScrollingStateScrollingNode::setRequestedScrollPosition): Deleted.

page/scrolling/ScrollingStateScrollingNode.h:

(WebCore::RequestedScrollData::operator== const):
(WebCore::ScrollingStateScrollingNode::requestedScrollData const):
(WebCore::ScrollingStateScrollingNode::requestedScrollPosition const): Deleted.
(WebCore::ScrollingStateScrollingNode::requestedScrollPositionRepresentsProgrammaticScroll const): Deleted.

page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::scrollingTreeNodeRequestsScroll):

page/scrolling/ScrollingTreeFrameScrollingNode.cpp:

(WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const):
(WebCore::ScrollingTreeFrameScrollingNode::layoutViewportRespectingRubberBanding const):

page/scrolling/ScrollingTreeFrameScrollingNode.h:
page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren):
(WebCore::ScrollingTreeScrollingNode::adjustedScrollPosition const):
(WebCore::ScrollingTreeScrollingNode::scrollBy):
(WebCore::ScrollingTreeScrollingNode::scrollTo):
(WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling):

page/scrolling/ScrollingTreeScrollingNode.h:
page/scrolling/cocoa/ScrollingTreeFixedNode.mm:

(WebCore::ScrollingTreeFixedNode::applyLayerPositions):

page/scrolling/cocoa/ScrollingTreeStickyNode.mm:

(WebCore::ScrollingTreeStickyNode::computeLayerPosition const):

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateAfterChildren):
(WebCore::ScrollingTreeFrameScrollingNodeMac::adjustedScrollPosition const):

page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.h:
page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm:

(WebCore::ScrollingTreeOverflowScrollingNodeMac::commitStateAfterChildren):
(WebCore::ScrollingTreeOverflowScrollingNodeMac::adjustedScrollPosition const):

page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm:

(WebCore::ScrollingTreeScrollingNodeDelegateMac::immediateScrollByWithoutContentEdgeConstraints):

platform/ScrollTypes.cpp: Added.

(WebCore::operator<<):

platform/ScrollTypes.h:
platform/ScrollView.cpp:

(WebCore::ScrollView::setContentsScrollPosition):
(WebCore::ScrollView::setScrollPosition):

platform/ScrollView.h:
platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::setScrollOffsetFromAnimation):

platform/ScrollableArea.h:

(WebCore::ScrollableArea::requestScrollPositionUpdate):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollToOffset):

testing/Internals.cpp:

(WebCore::Internals::unconstrainedScrollTo):

Source/WebKit:

Shared/RemoteLayerTree/RemoteScrollingCoordinatorTransaction.cpp:

(ArgumentCoder<ScrollingStateScrollingNode>::encode):
(ArgumentCoder<ScrollingStateScrollingNode>::decode):
(ArgumentCoder<RequestedScrollData>::encode):
(ArgumentCoder<RequestedScrollData>::decode):
(WebKit::dump):

UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.cpp:

(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll):

UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h:
UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp:

(WebKit::RemoteScrollingTree::scrollingTreeNodeRequestsScroll):

UIProcess/RemoteLayerTree/RemoteScrollingTree.h:
UIProcess/RemoteLayerTree/ios/ScrollingTreeFrameScrollingNodeRemoteIOS.mm:

(WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::commitStateAfterChildren):

UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm:

(WebKit::ScrollingTreeScrollingNodeDelegateIOS::commitStateAfterChildren):

LayoutTests:

tiled-drawing/scrolling/fixed/fixed-during-rubberband-expected.html: Added.
tiled-drawing/scrolling/fixed/fixed-during-rubberband.html: Added.
tiled-drawing/scrolling/sticky/sticky-during-rubberband-expected.html: Added.
tiled-drawing/scrolling/sticky/sticky-during-rubberband.html: Added.

1:48 PM Changeset in webkit [255036] by ddkilzer@apple.com

13 edits in trunk/Source/WebCore

Enable -Wconditional-uninitialized in WebCore project
<https://webkit.org/b/206508>

Reviewed by Darin Adler.

Configurations/Base.xcconfig:

(WARNING_CFLAGS): Add -Wconditional-uninitialized switch.
Source/WebCore:

Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp:

(WebCore::WHLSL::Intrinsics::addFullTexture):

Initialize vectorLength to zero and add release assert that it is in a valid range [1-4] to prevent buffer out-of-bounds reads.
Change ASSERT() to ASSERT_WITH_SECURITY_IMPLICATION() since they all have security implications.

Modules/webgpu/WHLSL/WHLSLParser.cpp:

(WebCore::WHLSL::Parser::parseResourceSemantic):

Add default case to switch statement with release assert since mode is not set for all possible character values.

accessibility/AXObjectCache.cpp:

(WebCore::characterForCharacterOffset):

Ignore -Wconditional-warning for U16_NEXT() macro. Fix must be in compiler or in ICU header.

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::readRSAKey):

Initialize hash to CryptoAlgorithmIdentifier::SHA_1. SHA_1 was chosen since Optional<CryptoAlgorithmIdentifier> parameters use that as a default vaule in crypto/keys/CryptoKeyRSA.cpp.

contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::transitions):

Initialize rangeMin to 0.

css/parser/CSSSupportsParser.cpp:

(WebCore::CSSSupportsParser::consumeCondition):

Initialize result to false.

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::modulo):

Initialize inputDividendCopy to JSC::InvalidGPRReg.

dom/Document.cpp:

(WebCore::Document::processHttpEquiv):

Initialize delay to zero.

rendering/svg/RenderSVGResourceGradient.cpp:

(WebCore::RenderSVGResourceGradient::applyResource):

Initialize gradientData to nullptr. This false positive is tracked by <rdar://problem/58615489>.

1:44 PM Changeset in webkit [255035] by Russell Epstein

9 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254892. rdar://problem/58816313

[IPC Hardening] Only process Messages::NetworkProcess messages when sent by the UIProcess
https://bugs.webkit.org/show_bug.cgi?id=206558
<rdar://problem/58733679>

Reviewed by Alex Christensen.

Port UpdateQuotaBasedOnSpaceUsageForTesting IPC from the NetworkProcess to the NetworkConnectionToWebProcess
since it is sent by the WebContent process. As a result, we can now stop forwarding all Messages::NetworkProcess
IPC messages from the WebContent process to the NetworkProcess class.

NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::didReceiveMessage): (WebKit::NetworkConnectionToWebProcess::didReceiveSyncMessage): (WebKit::NetworkConnectionToWebProcess::updateQuotaBasedOnSpaceUsageForTesting):
NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::didReceiveMessage): (WebKit::NetworkProcess::didReceiveSyncMessage):
NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
Platform/IPC/StringReference.h: (IPC::StringReference::operator!=):
WebProcess/Cache/WebCacheStorageConnection.cpp: (WebKit::WebCacheStorageConnection::updateQuotaBasedOnSpaceUsage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255034] by Russell Epstein

6 edits in branches/safari-609-branch

Cherry-pick r254884. rdar://problem/58807972

ProvisionalPageProxy::loadData should pass last navigation's shouldOpenExternalURLsPolicy flag to WebPageProxy
https://bugs.webkit.org/show_bug.cgi?id=206462
<rdar://problem/57468718>

Reviewed by Chris Dumez.

Source/WebKit:

Covered by API tests.

This patch also does it for ProvisionalPageProxy::loadRequest.

UIProcess/ProvisionalPageProxy.cpp: (WebKit::ProvisionalPageProxy::loadData): (WebKit::ProvisionalPageProxy::loadRequest):
UIProcess/ProvisionalPageProxy.h:
UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::continueNavigationInNewProcess):

Tools:

TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm: (TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255033] by Russell Epstein

4 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254880. rdar://problem/58816328

[macOS] Add managed preference to allow synchronous XHR during page dismissal
https://bugs.webkit.org/show_bug.cgi?id=206540
<rdar://problem/58644447>

Reviewed by Alex Christensen.

Add managed preference to allow synchronous XHR during page dismissal. This is temporarily needed by some
enterprise products until they can update their code.

Shared/WebPreferences.yaml:
Shared/WebPreferencesDefaultValues.cpp: (WebKit::defaultDisallowSyncXHRDuringPageDismissalEnabled):
Shared/WebPreferencesDefaultValues.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255032] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254874. rdar://problem/58816330

macCatalyst: Two-finger click is dispatched to DOM as left click
https://bugs.webkit.org/show_bug.cgi?id=206549

Reviewed by Simon Fraser.

UIProcess/ios/WKMouseGestureRecognizer.mm: (-[WKMouseGestureRecognizer createMouseEventWithType:forEvent:]): (-[WKMouseGestureRecognizer touchesBegan:withEvent:]): (-[WKMouseGestureRecognizer touchesMoved:withEvent:]): (-[WKMouseGestureRecognizer touchesEnded:withEvent:]): (-[WKMouseGestureRecognizer _hoverEntered:withEvent:]): (-[WKMouseGestureRecognizer _hoverMoved:withEvent:]): (-[WKMouseGestureRecognizer _hoverExited:withEvent:]): (-[WKMouseGestureRecognizer createMouseEventWithType:]): Deleted. We correctly say button=2 for ctrl-click, but not for secondary-button click.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255031] by Russell Epstein

3 edits
1 add in branches/safari-609-branch

Cherry-pick r254866. rdar://problem/58807986

JSTests:
Object allocation sinking is missing PutHint for allocations unreachable in the graph
https://bugs.webkit.org/show_bug.cgi?id=203799
<rdar://problem/56852162>

Reviewed by Saam Barati.

stress/allocation-sinking-puthint-control-flow-2.js: Added. (f.handler.construct): (f):

Source/JavaScriptCore:
Object allocation sinking is missing PutHint for sunken allocations
https://bugs.webkit.org/show_bug.cgi?id=203799
<rdar://problem/56852162>

Reviewed by Saam Barati.

Consider the following graph:

Block #0:

1: PhantomCreateActivation()
2: PhantomNewFunction()
PutHint(@2, @1, FunctionActivationPLoc)
Branch(#1, #2)

Block #1:

3: MaterializeCreateActivation()
PutHint(@2, @3, FunctionActivationPLoc)
Upsilon(@3, ^5)

Jump(#3)

Block #2:

4: MaterializeCreateActivation()
PutHint(@2, @4, FunctionActivationPLoc)
Upsilon(@4, ^5)

Jump(#3)

Block #3:

5: Phi()
ExitOK()

On Block #3, we need to emit a PutHint after the Phi, since we might exit after it. However,
object allocation sinking skipped this Phi because it was checking whether the base of the
location that caused us to create this Phi (@2) was live, but it's dead in the graph (there
are no pointers to it). The issue is that, even though there are no pointers to the base, the
location PromotedHeapLocation(@2, FunctionActivationPLoc) is still live, so we should PutHint
to it. We fix it by checking for liveness of the location rather than its base.

dfg/DFGObjectAllocationSinkingPhase.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255030] by Russell Epstein

9 edits
6 adds in branches/safari-609-branch

Cherry-pick r254841. rdar://problem/58807959

EXIF orientation is ignored for some CSS images
https://bugs.webkit.org/show_bug.cgi?id=203355

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2020-01-20
Reviewed by Simon Fraser.

Source/WebCore:

Unlike GraphicsContext::drawNativeImage(), GraphicsContext::drawPattern()
can't change the coordinates system before drawing the image to respect
the EXIF orientation. Drawing a pattern tries to fill the destination
rectangle with the image according to the GraphicsContext origin and the
direction of its axes. So we need to create temporary NativeImage with
respecting the EXIF orientation and then use it to draw the pattern.

Tests: fast/images/exif-orientation-background-image-no-repeat.html

fast/images/exif-orientation-background-image-repeat.html
fast/images/exif-orientation-border-image.html

platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::nativeImageForCurrentFrameRespectingOrientation): (WebCore::BitmapImage::drawPattern):
platform/graphics/BitmapImage.h:
platform/graphics/Image.h: (WebCore::Image::nativeImage): (WebCore::Image::nativeImageForCurrentFrameRespectingOrientation): (WebCore::Image::nativeImageOfSize):
platform/graphics/ImageBuffer.h:
platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::drawPattern):
platform/graphics/cg/NativeImageCG.cpp: (WebCore::drawNativeImage):
rendering/style/NinePieceImage.cpp: (WebCore::NinePieceImage::paint const):

LayoutTests:

fast/images/exif-orientation-background-image-no-repeat-expected.html: Added.
fast/images/exif-orientation-background-image-no-repeat.html: Added.
fast/images/exif-orientation-background-image-repeat-expected.html: Added.
fast/images/exif-orientation-background-image-repeat.html: Added.
fast/images/exif-orientation-border-image-expected.html: Added.
fast/images/exif-orientation-border-image.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255029] by Russell Epstein

4 edits
4 adds in branches/safari-609-branch

Cherry-pick r254814. rdar://problem/58816321

Video sound sometimes keeps playing in page cache
https://bugs.webkit.org/show_bug.cgi?id=206408
<rdar://problem/58654047>

Reviewed by Eric Carlson.

Source/WebCore:

In r253375, we made sure to enqueue calls that would trigger state changes, to ensure we would not start playing while in page cache.
But this delayed the order to pause the video when entering page cache.
Fix this by synchronously updating playing state when being suspended for page cache.

Test: http/tests/navigation/page-cache-video.html

html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::pauseAndUpdatePlayStateImmediately): (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
html/HTMLMediaElement.h:

LayoutTests:

http/tests/media/resources/sound_5.mp3: Added. File comes from WPT and is 5 seconds long.
http/tests/navigation/page-cache-video-expected.txt: Added.
http/tests/navigation/page-cache-video.html: Added.
http/tests/navigation/resources/page-cache-video-helper.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255028] by Russell Epstein

8 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254800. rdar://problem/58816340

Make pasteboard markup sanitization more robust
https://bugs.webkit.org/show_bug.cgi?id=206379
<rdar://problem/58660859>

Reviewed by Ryosuke Niwa.

Makes markup sanitization when copying and pasting more robust in some circumstances (see the bug for additional
details).

editing/markup.cpp: (WebCore::createPageForSanitizingWebContent):

Adopt the new setting when creating the temporary web page used to sanitize markup coming from the pasteboard.

html/parser/HTMLParserOptions.cpp: (WebCore::HTMLParserOptions::HTMLParserOptions):
html/parser/HTMLParserOptions.h:

Rename scriptEnabled to scriptingFlag, since parsing script elements may now be allowed even when JavaScript
execution is disabled. The term "scripting flag" also closely matches the wording of the HTML parsing
specification.

html/parser/HTMLTokenizer.cpp: (WebCore::HTMLTokenizer::updateStateFor):
html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processStartTagForInBody): (WebCore::HTMLTreeBuilder::processStartTagForInHead):
page/Settings.yaml:

Add a new setting to determine whether to consider the scripting flag on when parsing HTML. By default, we will
only turn the scripting flag on if script execution is enabled; however, this may be set such that we may
consider the scripting flag set, even though script execution is disabled.

page/SettingsBase.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255027] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254789. rdar://problem/58807968

iOS: Prepare deploying Ref/RefPtr in touch event code
https://bugs.webkit.org/show_bug.cgi?id=206466

Reviewed by Wenson Hsieh.

Introduce a new variant of dispatchTouchEvent, which takes EventTargetTouchArrayMap that uses
Ref<EventTarget> as keys instead of raw pointers to EventTarget as is the case in EventTargetTouchMap.

page/EventHandler.h: (WebCore::EventHandler::EventTargetTouchArrayMap): Added. (WebCore::EventHandler::dispatchTouchEvent): Added the declaration for new variant.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255026] by Russell Epstein

3 edits in branches/safari-609-branch/Source/WebInspectorUI

Cherry-pick r254773. rdar://problem/58807954

Web Inspector: Unchecking Enable Preview Features on Engineering and Preview builds does not affect WI.arePreviewFeaturesEnabled()
https://bugs.webkit.org/show_bug.cgi?id=204026

Reviewed by Brian Burg.

Make WI.arePreviewFeaturesEnabled() return false when Enable Preview Features is unchecked.

UserInterface/Base/Setting.js: (WI.canShowPreviewFeatures): (WI.arePreviewFeaturesEnabled): (WI.isTechnologyPreviewBuild): Deleted. (WI.canShowPreviewFeatures): Added.
UserInterface/Views/SettingsTabContentView.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254773 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255025] by Russell Epstein

5 edits
2 adds in branches/safari-609-branch

Cherry-pick r254761. rdar://problem/58807932

[MSE] Decode glitches when watching videos on CNN.com
https://bugs.webkit.org/show_bug.cgi?id=206412
<rdar://problem/55685630>

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

Test: media/media-source/media-source-samples-out-of-order.html

The "Coded frame processing" algorithm has a known shortcoming <https://github.com/w3c/media-source/issues/187>
when dealing appends of with "SAP Type 2" content, or in general terms, appending data where the resulting samples
have presentation times that do not increase monotonically. When this occurs, the ordering of samples in presentation
time will be different from the ordering of samples in decode time. The decoder requires samples to be enqueued in
decode time order, but the MSE specification only checks for overlapping samples in presentation time order. During
appends of out-of-order samples, this can lead to new samples being inserted between a previously appended sample and
the sample on which that sample depends.

To resolve this, add a new step in the implementation of the "coded frame processing" algorithm in
SourceBuffer::sourceBufferPrivateDidReceiveSample(). When the incoming frame is a sync sample, search forward
in the TrackBuffer for all previous samples in between the new sync sample, and the next sync sample. All the
samples found in this step would fail to decode correctly if enqueued after the new (possibly different resolution)
sync sample, so they are removed in this step.

Modules/mediasource/SampleMap.cpp: (WebCore::DecodeOrderSampleMap::findSampleAfterDecodeKey):
Modules/mediasource/SampleMap.h:
Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

LayoutTests:

media/media-source/media-source-samples-out-of-order-expected.txt: Added.
media/media-source/media-source-samples-out-of-order.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254761 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255024] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebInspectorUI

Cherry-pick r254726. rdar://problem/58816338

REGRESSION(r251487): Web Inspector: selected color in color picker has wrong lightness
https://bugs.webkit.org/show_bug.cgi?id=206202

Reviewed by Devin Rousso.

Currently, tintedColor setter has two code paths:

rgb2hsv convertion if the color is defined using color(...) syntax.
HSL to HSV convertion for any other color.

The latter was defined in the view, was untested, and incorrect.
This patch uses WI.Color.rgb2hsv convertion for all colors. This method is
already covered by tests.

UserInterface/Views/ColorSquare.js: (WI.ColorSquare.prototype.set tintedColor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254726 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255023] by Russell Epstein

3 edits
2 adds in branches/safari-609-branch

Cherry-pick r254722. rdar://problem/58811423

REGRESSION (r251110): Crash on https://developer.apple.com/tutorials/swiftui/creating-and-combining-views
https://bugs.webkit.org/show_bug.cgi?id=206337

Reviewed by Geoffrey Garen.

Source/WebCore:

The crash was caused by RadioButtonGroups::hasCheckedButton getting called by RadioInputType's
matchesIndeterminatePseudoClass during a style update which happens before the input element had a chance
to register itself with RadioButtonGroups in HTMLInputElement::didFinishInsertingNode.

This happens, in particular, when didFinishInsertingNode of other nodes that appear before the input element
executes arbitrary author scripts or otherwise update the style.

Test: fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html

dom/RadioButtonGroups.cpp: (WebCore::RadioButtonGroups::hasCheckedButton const):

LayoutTests:

Added a regression test. The test crashes on trunk and causes an infinite loop before r251110.

fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash-expected.txt: Added.
fast/forms/match-pseudo-on-radio-before-finalizing-tree-insertion-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255022] by Russell Epstein

7 edits
1 add in branches/safari-609-branch

Cherry-pick r254711. rdar://problem/58816343

Regression(r253224) No longer able to prevent a tab from closing via the beforeunload prompt
https://bugs.webkit.org/show_bug.cgi?id=206366
<rdar://problem/58537467>

Reviewed by Geoffrey Garen.

Source/WebKit:

Change is covered by new API test.

UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _tryClose]): (-[WKWebView _isClosed]):
UIProcess/API/Cocoa/WKWebViewPrivate.h: Add new _tryClose / _isClosed SPI on WKWebView in order to write an API test to cover the change.

UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::runBeforeUnloadConfirmPanel): In WebPageProxy::tryClose(), we start a timer before sending the TryClose async IPC to the WebProcess. We would then stop the timer when receiving the response to the TryClose IPC. If the timer fires, we would forcefully close the page. The issue was that before answering the TryClose IPC, the WebContent process would send a sync RunBeforeUnloadConfirmPanel IPC to the UIProcess to show the confirmation prompt, and this would fail to stop the timer. WebPageProxy::runBeforeUnloadConfirmPanel() would spin a nested run loop to show the prompt and we would time out while showing the prompt.

Tools:

tryClose_timeout_fix

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/beforeunload.html: Added.
TestWebKitAPI/Tests/WebKitCocoa/ModalAlerts.mm: (-[SlowBeforeUnloadPromptUIDelegate _webView:runBeforeUnloadConfirmPanelWithMessage:initiatedByFrame:completionHandler:]): (-[SlowBeforeUnloadPromptUIDelegate webViewDidClose:]): (TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255021] by Russell Epstein

5 edits in branches/safari-609-branch

Cherry-pick r254710. rdar://problem/58807942

[WebAuthn] User Verification (UV) option present on a CTAP2 authenticatorMakeCredential while the authenticator has not advertised support for it
https://bugs.webkit.org/show_bug.cgi?id=204111
<rdar://problem/57019604>

Reviewed by Brent Fulgham.

Source/WebCore:

Covered by API tests.

Modules/webauthn/fido/DeviceRequestConverter.cpp: (fido::encodeMakeCredenitalRequestAsCBOR): (fido::encodeGetAssertionRequestAsCBOR): Only set UV if RP requires it.

Tools:

TestWebKitAPI/Tests/WebCore/CtapRequestTest.cpp: (TestWebKitAPI::TEST):
TestWebKitAPI/Tests/WebCore/FidoTestData.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254710 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255020] by Russell Epstein

7 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254706. rdar://problem/58811361

Add finite timeout when synchronously terminating a service worker
https://bugs.webkit.org/show_bug.cgi?id=206325
<rdar://problem/58183380>

Patch by Alex Christensen <achristensen@webkit.org> on 2020-01-16
Reviewed by Youenn Fablet.

When this message reply is never received, it hangs everything.
If we haven't received verification that a service worker was terminated in 10 seconds, unhang everything
and tell the UI process to terminate the hanging service worker process. Continue handling messages during
these 10 seconds to hopefully turn a bad hang into no perceptible hang.

NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp: (WebKit::WebSWServerToContextConnection::syncTerminateWorker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255019] by Russell Epstein

2 edits
1 add
1 delete in branches/safari-609-branch/LayoutTests

Cherry-pick r254705. rdar://problem/58811395

REGRESSION: [ Mac WK2 ] fast/text/international/unicode-bidi-other-neutrals.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=205808

Patch by Doug Kelly <Doug Kelly> on 2020-01-16
Reviewed by Maciej Stachowiak.

Update the testcase for bidi text runs ending with other neutrals to dumpAsText, instead of trying
to compare visual content.

fast/text/international/unicode-bidi-other-neutrals-expected.html: Removed.
fast/text/international/unicode-bidi-other-neutrals-expected.txt: Added.
fast/text/international/unicode-bidi-other-neutrals.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254705 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:44 PM Changeset in webkit [255018] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254700. rdar://problem/58811338

WK1: arbitrary JS execution while tearing down renderers in Element::addShadowRoot
https://bugs.webkit.org/show_bug.cgi?id=206335

Reviewed by Antti Koivisto.

Delay the widget hierarchy updates until we're done attaching a shadow root.
Otherwise, WK1 would retry to update the focus synchronously.

dom/Element.cpp: (WebCore::Element::addShadowRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255017] by Russell Epstein

3 edits
1 add in branches/safari-609-branch

Cherry-pick r254687. rdar://problem/58811365

operationToObject() should check for a null errorMessage.
https://bugs.webkit.org/show_bug.cgi?id=206339
<rdar://problem/58449666>

Reviewed by Yusuke Suzuki.

JSTests:

stress/operationToObject-should-check-for-null-errorMessage.js: Added.

Source/JavaScriptCore:

r224280 introduced operationToObject() with an option to specify a custom error
message. r254252 added a scenario where the passed in error message is null but
did not update operationToObject() to allow for this. This patch adds the
missing null check.

dfg/DFGOperations.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255016] by Russell Epstein

14 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254659. rdar://problem/58811354

Keep RefPtr instead of raw pointer to message queue on WebCoreResourceHandleAsOperationQueueDelegate
https://bugs.webkit.org/show_bug.cgi?id=206261
<rdar://problem/57562592>

Patch by Alex Christensen <achristensen@webkit.org> on 2020-01-15
Reviewed by David Kilzer.

There's no reason to keep a raw pointer when we can keep a smart pointer.
This will make this more robust against someone forgetting to clear this pointer value.

platform/network/ResourceHandle.h:
platform/network/SynchronousLoaderClient.cpp: (WebCore::SynchronousLoaderClient::SynchronousLoaderClient): (WebCore::SynchronousLoaderClient::didFinishLoading): (WebCore::SynchronousLoaderClient::didFail):
platform/network/SynchronousLoaderClient.h: (WebCore::SynchronousLoaderMessageQueue::create): (WebCore::SynchronousLoaderMessageQueue::append): (WebCore::SynchronousLoaderMessageQueue::kill): (WebCore::SynchronousLoaderMessageQueue::killed const): (WebCore::SynchronousLoaderMessageQueue::waitForMessage):
platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::makeDelegate):
platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]): (-[WebCoreResourceHandleAsOperationQueueDelegate initWithHandle:messageQueue:]): (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254659 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255015] by Russell Epstein

6 edits
6 adds in branches/safari-609-branch

Cherry-pick r254652. rdar://problem/58811422

Regression(r253213) Load hang and high CPU usage when trying to load myuhc.com
https://bugs.webkit.org/show_bug.cgi?id=206315
<rdar://problem/58139842>

Reviewed by Geoffrey Garen.

Source/WebCore:

Starting in r253213, we now throw when trying to do a sync XHR during unload. Unfortunately, this is confusing the script
on myuhc.com and it ends up retrying the sync XHR in a tight loop. To address the issue, I am putting in a safety net which
ignores calls to XMLHttpRequest.send() instead of throwing, once we've reached 5 sync XHR failures during unload.

Throwing is useful because this gives a change for Web authors to fall back to using Beacon API or Fetch KeepAlive if the
sync XHR fails. There is already code out there doing just that. You could imagine content doing more than one sync XHR
during unload, each one with a good beacon API fallback. For this reason, I put in a limit of 5 sync failures before
we stop throwing. Having a limit is important to break bad loops when the content simply retries the same sync XHR load
when the sync XHR send() call throws.

Tests: fast/xmlhttprequest/xmlhttprequest-multiple-sync-xhr-during-unload.html

fast/xmlhttprequest/xmlhttprequest-sync-xhr-failure-loop-during-unload.html

dom/Document.cpp: (WebCore::Document::didRejectSyncXHRDuringPageDismissal): (WebCore::Document::shouldIgnoreSyncXHRs const):
dom/Document.h:
loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::prepareToSend):

LayoutTests:

Add layout test coverage.

fast/xmlhttprequest/resources/xmlhttprequest-multiple-sync-xhr-during-unload-iframe.html: Added.
fast/xmlhttprequest/resources/xmlhttprequest-sync-xhr-failure-loop-during-unload-iframe.html: Added.
fast/xmlhttprequest/xmlhttprequest-multiple-sync-xhr-during-unload-expected.txt: Added.
fast/xmlhttprequest/xmlhttprequest-multiple-sync-xhr-during-unload.html: Added.
fast/xmlhttprequest/xmlhttprequest-sync-xhr-failure-loop-during-unload-expected.txt: Added.
fast/xmlhttprequest/xmlhttprequest-sync-xhr-failure-loop-during-unload.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254652 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255014] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebInspectorUI

Cherry-pick r254633. rdar://problem/58816370

Web Inspector: collapsing a virtualized folder in a WI.TreeOutline doesn't updated the DOM
https://bugs.webkit.org/show_bug.cgi?id=206302

Reviewed by Timothy Hatcher.

UserInterface/Views/TreeOutline.js: (WI.TreeOutline.prototype._updateVirtualizedElements): When collapsing a currently visible WI.TreeElement, it will still be in the cached set of visible and attached WI.TreeElements, meaning that _updateVirtualizedElements will early return since it thinks that the same WI.TreeElement are being shown. Add another check to ensure that it only thinks that if the same number of WI.TreeElement are visible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254633 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255013] by Russell Epstein

5 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254552. rdar://problem/58812968

REGRESSION (r253394): After swiping back during a navigation, WKWebView gets stuck with the forward content, stops repainting
https://bugs.webkit.org/show_bug.cgi?id=206268
<rdar://problem/58536702>

Reviewed by Simon Fraser.

UIProcess/ViewGestureController.cpp: (WebKit::ViewGestureController::endSwipeGesture):
UIProcess/ViewGestureController.h:
UIProcess/ios/ViewGestureControllerIOS.mm: (WebKit::ViewGestureController::beginSwipeGesture): (WebKit::ViewGestureController::endSwipeGesture): (WebKit::ViewGestureController::removeSwipeSnapshot):
UIProcess/mac/ViewGestureControllerMac.mm: (WebKit::ViewGestureController::beginSwipeGesture): (WebKit::ViewGestureController::removeSwipeSnapshot): After r253394, we start loading the destination page in willEndSwipeGesture, when we know the gesture will complete, instead of in endSwipeGesture, when it is actually done.

This means that if we decide that we should tear down the snapshot immediately,
this can now happen in the window between willEndSwipeGesture and endSwipeGesture.

However, removeSwipeSnapshot has numerous dependencies on endSwipeGesture
(especially on iOS, where there are /also/ dependencies in the other direction -
endSwipeGesture will never be called after removeSwipeSnapshot because
of the gestureID mismatch).

Regardless, it does not make sense to remove the snapshot while the animation
is still running. So, if something causes removeSwipeSnapshot to be called
before endSwipeGesture, we just set a bit and call it inside endSwipeGesture instead.

This ends up putting the snapshot removal ordering back as it was before r253394.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255012] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254550. rdar://problem/58812988

REGRESSION(iOS 13): createMediaElementSource not working
https://bugs.webkit.org/show_bug.cgi?id=203435

Reviewed by David Kilzer.

The WebContent process is missing an entitlement according to logs.

Scripts/process-entitlements.sh:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255011] by Russell Epstein

3 edits
2 adds in branches/safari-609-branch

Cherry-pick r254541. rdar://problem/58605951

Supported mime types for encoding should be supported mime types for loading
https://bugs.webkit.org/show_bug.cgi?id=206239

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2020-01-14
Reviewed by Simon Fraser.

Source/WebCore:

Consult isSupportedImageType() for the system supported UTI before
considering its mime type is allowed for the image DataURL encoding.

Test: fast/canvas/toDataURL-unsupportedTypes.html

platform/MIMETypeRegistry.cpp: (WebCore::MIMETypeRegistry::createMIMETypeRegistryThreadGlobalData):

LayoutTests:

fast/canvas/toDataURL-unsupportedTypes-expected.txt: Added.
fast/canvas/toDataURL-unsupportedTypes.html: Added. Unsupported mime-types for encoding should fall back to 'image/png'.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255010] by Russell Epstein

4 edits in branches/safari-609-branch/LayoutTests

Cherry-pick r254530. rdar://problem/58606272

[iOS] fast/forms/contenteditable-font-optical-size.html landed flaky
https://bugs.webkit.org/show_bug.cgi?id=203371
<rdar://problem/56590026>

Reviewed by Wenson Hsieh.

fast/forms/contenteditable-font-optical-size-expected.txt:
fast/forms/contenteditable-font-optical-size.html:
platform/ios-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255009] by Russell Epstein

2 edits in branches/safari-609-branch/Source/JavaScriptCore

Cherry-pick r254523. rdar://problem/58606225

Web Inspector: crash in DumpRenderTree at com.apple.JavaScriptCore: WTF::RefCountedBase::hasOneRef const
https://bugs.webkit.org/show_bug.cgi?id=206191
<rdar://problem/58415623>

Reviewed by Joseph Pecoraro.

debugger/Debugger.cpp: (JSC::Debugger::attach): (GatherSourceProviders::GatherSourceProviders): Deleted. (GatherSourceProviders::operator()): Deleted. Use RefPtr<SourceProvider> instead of SourceProvider* in case the FunctionExecutable is destroyed after the SourceProvider* is saved, which would destroy the SourceProvider as well.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255008] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254512. rdar://problem/58606195

A video element cannot enter fullscreen from PiP mode
https://bugs.webkit.org/show_bug.cgi?id=204468

Reviewed by Eric Carlson.

This patch fixes two issues:

Make sure the message exchanges between WebContent and UI process can complete in the scenario that switching to fullscreen from PiP.
Do not send fullscreenModeChanged event with mode = 3 (both fullscreen and Picture-in-Picture) to WebContent process.

We need to use API tests to verify the fix.
No new tests are added because of webkit.org/b/203724.

platform/ios/VideoFullscreenInterfaceAVKit.mm: (VideoFullscreenInterfaceAVKit::didStopPictureInPicture): (VideoFullscreenInterfaceAVKit::doEnterFullscreen): (VideoFullscreenInterfaceAVKit::setMode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254512 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255007] by Russell Epstein

5 edits
2 adds in branches/safari-609-branch

Cherry-pick r254497. rdar://problem/58606212

REGRESSION (Catalina) non-scrolling iframe prevents document scrolling
https://bugs.webkit.org/show_bug.cgi?id=202687

Reviewed by Tim Horton.

Source/WebCore:

Latching code in EventHandlerMac would consider <iframe scrolling=no> to be a latching
candidate, which would cause mousewheel scrolling in a <iframe scrolling=no> nested inside
a scrollable frame to not scroll. This affected ads and twitch.tv.

Fix by having scrolledToEdgeInDominantDirection() return true for non-scrollable iframes.

Test: tiled-drawing/scrolling/scrolling-no-iframe-latching.html

page/mac/EventHandlerMac.mm: (WebCore::scrolledToEdgeInDominantDirection):
platform/ScrollView.h: (WebCore::ScrollView::canHaveScrollbars const): Deleted.
platform/ScrollableArea.h: (WebCore::ScrollableArea::canHaveScrollbars const):

LayoutTests:

tiled-drawing/scrolling/scrolling-no-iframe-latching-expected.txt: Added.
tiled-drawing/scrolling/scrolling-no-iframe-latching.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255006] by Russell Epstein

4 edits in branches/safari-609-branch

Cherry-pick r254492. rdar://problem/58606251

Scrollbar hiding on iOS via ::-webkit-scrollbar { display: none } doesn't work
https://bugs.webkit.org/show_bug.cgi?id=206197

Reviewed by Tim Horton.
Source/WebCore:

The logic added in r251369 was reversed, causing scrollbar hiding to not work correctly.

Tested by fast/scrolling/ios/scrollbar-hiding.html

rendering/RenderScrollbar.cpp: (WebCore::RenderScrollbar::isHiddenByStyle const):

LayoutTests:

The logic added in r251369 was reversed, causing scrollbar hiding to not work correctly.

fast/scrolling/ios/scrollbar-hiding-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255005] by Russell Epstein

2 edits in branches/safari-609-branch/Source/WebCore

Cherry-pick r254490. rdar://problem/58605943

[WK1][iOS] VideoFullscreenControllerContext uses UIKit on the WebThread
https://bugs.webkit.org/show_bug.cgi?id=206203
<rdar://problem/48742782>

Reviewed by Simon Fraser.

platform/ios/WebVideoFullscreenControllerAVKit.mm: (VideoFullscreenControllerContext::setVideoLayerFrame):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255004] by Russell Epstein

3 edits in branches/safari-609-branch/Source/WebKit

Cherry-pick r254487. rdar://problem/58606185

Reformat WebProcessPool logging
https://bugs.webkit.org/show_bug.cgi?id=205882
<rdar://problem/58384349>

Reviewed by Brent Fulgham.

Update the format used by WebProcessPool in its RELEASE_LOG logging.
Use the format used by WebPageProxy and NetworkResourceLoader, which
is generally of the form:

<object-address> - [<values that help thread together operations>] <class>::<method>: <message and other useful values>

So, for example:

Using prewarmed process 0

becomes:

0x7f81e8804008 - WebProcessPool::processForRegistrableDomain: Using prewarmed process (process=0x1471c2a00, PID=64197)

No new tests - no added or changed functionality.

UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::applicationIsAboutToSuspend):
UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::establishWorkerContextConnectionToNetworkProcess): (WebKit::WebProcessPool::tryTakePrewarmedProcess): (WebKit::WebProcessPool::prewarmProcess): (WebKit::WebProcessPool::processForRegistrableDomain): (WebKit::WebProcessPool::didReachGoodTimeToPrewarm): (WebKit::WebProcessPool::handleMemoryPressureWarning): (WebKit::WebProcessPool::processForNavigation): (WebKit::WebProcessPool::processForNavigationInternal): (WebKit::WebProcessPool::setWebProcessHasUploads): (WebKit::WebProcessPool::clearWebProcessHasUploads): (WebKit::WebProcessPool::setWebProcessIsPlayingAudibleMedia): (WebKit::WebProcessPool::clearWebProcessIsPlayingAudibleMedia): (WebKit::WebProcessPool::setUseSeparateServiceWorkerProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255003] by Russell Epstein

3 edits in branches/safari-609-branch/Source/WebInspectorUI

Cherry-pick r254485. rdar://problem/58606245

Web Inspector: "Enable Local Override" and "Delete Local Override" are displayed twice in the contextual menu
https://bugs.webkit.org/show_bug.cgi?id=206184
<rdar://problem/58409880>

Reviewed by Brian Burg.

UserInterface/Views/ContextMenuUtilities.js: (WI.appendContextMenuItemsForSourceCode):
UserInterface/Views/LocalResourceOverrideTreeElement.js: (WI.LocalResourceOverrideTreeElement.prototype.populateContextMenu): Add an expando flag that can be set by WI.LocalResourceOverrideTreeElement to ensure that the local override context menu items aren't added again by WI.ResourceTreeElement.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255002] by Russell Epstein

3 edits
2 adds in branches/safari-609-branch

Cherry-pick r254484. rdar://problem/58606285

RenderTreeBuilder::Block::attachIgnoringContinuation should handle inline-block anonymous containers.
https://bugs.webkit.org/show_bug.cgi?id=202913
<rdar://problem/56233694>

Reviewed by Simon Fraser.

Source/WebCore:

When the before child happens to be a block level box wrapped in an anonymous inline-block (e.g. ruby),
let's attach this new child before the anonymous inline-block wrapper instead.

Test: fast/ruby/before-child-is-block-after.html

rendering/updating/RenderTreeBuilderBlock.cpp: (WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation):

LayoutTests:

fast/ruby/before-child-is-block-after-expected.txt: Added.
fast/ruby/before-child-is-block-after.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254484 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:43 PM Changeset in webkit [255001] by Russell Epstein

8 edits in branches/safari-609-branch

Cherry-pick r254408. rdar://problem/58606270

[WebCore] Fix crash in module loader due to change in fragment reservation
https://bugs.webkit.org/show_bug.cgi?id=206125

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/scripting-1/the-script-element/module/import-meta/import-meta-url-expected.txt:

Source/WebCore:

At some point, CachedResource::url() starts returning URL without fragment.
However, this was invariant in ScriptModuleLoader, so one of WPT test is crashing.

We save source URL so that we preserve fragment information.
Still we need to have fragment information after the redirect to fix a bug filed in [1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=205294

bindings/js/CachedModuleScriptLoader.cpp: (WebCore::CachedModuleScriptLoader::load):
bindings/js/CachedModuleScriptLoader.h:
bindings/js/ScriptModuleLoader.cpp: (WebCore::ScriptModuleLoader::notifyFinished):

LayoutTests:

TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:42 PM Changeset in webkit [255000] by Russell Epstein

24 edits
2 copies
2 adds in branches/safari-609-branch

Cherry-pick r254296. rdar://problem/58606275

Resource Load Statistics: Add timing information to WebPageProxy::logFrameNavigation() to detect delayed client-side redirects
https://bugs.webkit.org/show_bug.cgi?id=205522
<rdar://problem/58125759>

Reviewed by Chris Dumez.

Source/WebKit:

The purpose of this patch is to capture navigations that happen programmatically
after the document has loaded. These are delayed redirects and should be counted
as redirects in ITP.

To achieve this, a timestamp is captured in
WebPageProxy::didFinishDocumentLoadForFrame() to be able to calculate how much time
has passed since that timestamp in the IPC sent from
WebPageProxy::logFrameNavigation(). The IPC also gets information on whether
userInitiatedActivity exists so that ITP can decide whether to treat the navigation
as triggered by the user or not.

A new test was added and existing test expectations were updated.

NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp: (WebKit::ResourceLoadStatisticsDatabaseStore::logFrameNavigation):

Now takes the extra parameters delayAfterMainFrameDocumentLoad
and wasPotentiallyInitiatedByUser.

NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp: (WebKit::ResourceLoadStatisticsMemoryStore::logFrameNavigation):

Now takes the extra parameters delayAfterMainFrameDocumentLoad
and wasPotentiallyInitiatedByUser.

NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.h:
NetworkProcess/Classifier/ResourceLoadStatisticsStore.h:
NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp: (WebKit::WebResourceLoadStatisticsStore::logFrameNavigation):

Now takes the extra parameters delayAfterMainFrameDocumentLoad
and wasPotentiallyInitiatedByUser.
The deleted WebResourceLoadStatisticsStore::logFrameNavigation() was dead code.

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::logFrameNavigation):

Now takes the extra parameters delayAfterMainFrameDocumentLoad
and wasPotentiallyInitiatedByUser.

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
UIProcess/API/Cocoa/WKWebsiteDataStore.mm: (-[WKWebsiteDataStore _resourceLoadStatisticsSetShouldSubmitTelemetry:]): Deleted.

Dead code.

UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didFinishDocumentLoadForFrame):

Now captures a timestamp.

(WebKit::WebPageProxy::decidePolicyForNavigationAction):

Removed dead code.

(WebKit::WebPageProxy::logFrameNavigation):

Now sends the diff between now and the timestamp captured in
WebPageProxy::didFinishDocumentLoadForFrame().

UIProcess/WebPageProxy.h:
UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm: (WebKit::WebsiteDataStore::platformInitialize):

Removed dead code.

(WebKit::WebsiteDataStore::platformDestroy):

Removed dead code.

UIProcess/WebsiteData/WebsiteDataStore.h: (WebKit::WebsiteDataStore::resourceLoadStatistics const): Deleted.

Dead code.

Tools:

WebKitTestRunner/cocoa/TestControllerCocoa.mm: (WTR::initializeWebViewConfiguration):

Removed dead code.

LayoutTests:

Results updated with additional data now that delayed redirects are captured.

http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-database-expected.txt:
http/tests/resourceLoadStatistics/log-cross-site-load-with-link-decoration-expected.txt:
http/tests/resourceLoadStatistics/log-delayed-client-side-redirects-database-expected.txt: Added.
http/tests/resourceLoadStatistics/log-delayed-client-side-redirects-database.html: Added.
http/tests/resourceLoadStatistics/log-delayed-client-side-redirects-expected.txt: Added.
http/tests/resourceLoadStatistics/log-delayed-client-side-redirects.html: Added.
http/tests/storageAccess/aggregate-sorted-data-with-storage-access-database-expected.txt:
http/tests/storageAccess/aggregate-sorted-data-with-storage-access-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:14 PM Changeset in webkit [254999] by Brent Fulgham

3 edits in trunk/Source/WebKit

[iOS] Remove access to 'awd' directories
https://bugs.webkit.org/show_bug.cgi?id=206098
<rdar://problem/58491816>

Reviewed by Per Arne Vollan.

Now that we have removed 'awd' features from the WebContent process, and have blocked access to the
mach service, we should remove the ability to interact with the 'awd' directories on device.

No new tests. No change in behavior.

Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

12:32 PM Changeset in webkit [254998] by Jon Davis

2 edits in trunk/Websites/webkit.org

Fix extra space between title and article body
https://bugs.webkit.org/show_bug.cgi?id=206689

Reviewed by Devin Rousso.

wp-content/themes/webkit/style.css:

(article .meta):
(article .bodycopy,):

12:18 PM Changeset in webkit [254997] by commit-queue@webkit.org

1 edit
2 adds in trunk/Tools

Add missing coverage.xcconfig
https://bugs.webkit.org/show_bug.cgi?id=206686

Patch by Tuomas Karkkainen <tuomas.webkit@apple.com> on 2020-01-23
Reviewed by Mark Lam.

coverage/coverage.xcconfig: Added.

12:11 PM Changeset in webkit [254996] by sbarati@apple.com

2 edits in trunk/Source/JavaScriptCore

OptimizeAssociativeExpressionTrees should reset value owners before running
https://bugs.webkit.org/show_bug.cgi?id=206670
<rdar://problem/58535628>

Reviewed by Robin Morisset.

We have a crash inside OptimizeAssociativeExpressionTrees and we don't know
how to reproduce it. Also, based on Mark's auditing of the crash site's
assembly, Mark thinks we're crashing on a "currupt" basic block.

After I audited the code, I saw that we rely on value owners in this phase.
However, we don't actually reset them before running the phase. This patch
adds that as a speculative fix for the crash we're seeing.

b3/B3OptimizeAssociativeExpressionTrees.cpp:

(JSC::B3::OptimizeAssociativeExpressionTrees::run):

12:10 PM Changeset in webkit [254995] by pvollan@apple.com

13 edits
3 adds in trunk

[Cocoa] Broker access to the PowerManagement API
https://bugs.webkit.org/show_bug.cgi?id=206373
Source/WebCore:

Reviewed by Darin Adler.

Code to determine if device has battery should be executed in the UI process.

API test: WebKit.SystemHasBattery

WebCore.xcodeproj/project.pbxproj:
platform/cocoa/SystemBattery.h: Added.
platform/cocoa/SystemBattery.mm: Added.

(WebCore::setSystemHasBattery):
(WebCore::systemHasBattery):

platform/graphics/avfoundation/objc/AVAssetTrackUtilities.mm:

(WebCore::systemHasBattery): Deleted.

testing/Internals.cpp:

(WebCore::Internals::systemHasBattery const):

testing/Internals.h:
testing/Internals.idl:

Source/WebKit:

<rdar://problem/34722450>

Reviewed by Darin Adler.

Send flag indicating whether device has battery to the WebContent process as part of the
WebProcess creation parameters.

Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

Reviewed by Darin Adler.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/Battery.mm: Added.

(TEST):

11:56 AM Changeset in webkit [254994] by Ryan Haddad

9 edits in trunk/Source/WebKit

Unreviewed, rolling out r254990.

Breaks watchOS / tvOS builds.

Reverted changeset:

"[iOS] Make it possible for WebKit clients to enable
connections to asset services in the WebContent process"
https://bugs.webkit.org/show_bug.cgi?id=206551
https://trac.webkit.org/changeset/254990

11:50 AM Changeset in webkit [254993] by Brent Fulgham

3 edits in trunk/Source/WebKit

[iOS] Unreviewed follow-up sandbox fix.
https://bugs.webkit.org/show_bug.cgi?id=206562
<rdar://problem/58778970>

I missed a couple of rules that are being overly chatty in the logs in r254982.
This adds appropriate commands to silence them.

Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

11:33 AM Changeset in webkit [254992] by dino@apple.com

628 edits
4 moves
34 adds
62 deletes in trunk/Source/ThirdParty/ANGLE

Reverting 254981 - Failed many tests on Mojave WK1

11:23 AM Changeset in webkit [254991] by graouts@webkit.org

6 edits in trunk/Source/WebCore

[Web Animations] Make AnimationList ref-counted
https://bugs.webkit.org/show_bug.cgi?id=206664

Reviewed by Antti Koivisto.

platform/animation/AnimationList.cpp:
platform/animation/AnimationList.h:

(WebCore::AnimationList::create):
(WebCore::AnimationList::copy):
(WebCore::AnimationList::AnimationList): Deleted.

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::ensureAnimations):
(WebCore::RenderStyle::ensureTransitions):

rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):

rendering/style/StyleRareNonInheritedData.h:

11:09 AM Changeset in webkit [254990] by pvollan@apple.com

9 edits in trunk/Source/WebKit

[iOS] Make it possible for WebKit clients to enable connections to asset services in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=206551

Reviewed by Brent Fulgham.

Add SPI to grant and revoke access to asset services in the WebContent process.

No new tests, since this should have an API test, but API tests are not running on iOS devices. We could
create an API test for simulator, but the simulator has no sandbox.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
UIProcess/API/Cocoa/WKWebViewPrivate.h:
UIProcess/API/ios/WKWebViewIOS.mm:

(-[WKWebView _grantAccessToAssetServices]):
(-[WKWebView _revokeAccessToAssetServices]):

UIProcess/WebPageProxy.h:
UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::grantAccessToAssetServices):
(WebKit::WebPageProxy::revokeAccessToAssetServices):

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:
WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::grantAccessToAssetServices):
(WebKit::WebProcess::revokeAccessToAssetServices):

11:05 AM Changeset in webkit [254989] by Brent Fulgham

2 edits in trunk/Source/WebKit

[iOS] Camera is lost during WebRTC demo
https://bugs.webkit.org/show_bug.cgi?id=206613
<rdar://problem/58764572>

Patch by Per Arne Vollan <pvollan@apple.com> on 2020-01-23
Reviewed by Brent Fulgham.

Fix observed sandbox violations in the Networking process.

Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

11:03 AM Changeset in webkit [254988] by Alan Coon

1 copy in tags/Safari-609.1.15.1

Tag Safari-609.1.15.1.

11:01 AM Changeset in webkit [254987] by Alan Coon

13 edits
2 adds in branches/safari-609.1.15-branch

Cherry-pick r254681. rdar://problem/58379794

[Win] Fix AppleWin build
https://bugs.webkit.org/show_bug.cgi?id=206299

Reviewed by Brent Fulgham.

.:

This patch has been created by don.olmstead@sony.com and pvollan@apple.com. Add target files for WTF and
JavaScriptCore. Also, to make sure headers are copied to the forwarding headers directory, add the CMake
keywork ALL when adding custom target for copying files.

Source/cmake/TargetJavaScriptCore.cmake: Added.
Source/cmake/TargetWTF.cmake: Added.
Source/cmake/WebKitMacros.cmake:

Source/JavaScriptCore:

Include required target. Build internal builds with VS2019.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.proj:

Source/WebCore:

Include required targets. Build internal builds with VS2019.

CMakeLists.txt:
WebCore.vcxproj/WebCore.proj:

Source/WebKitLegacy:

Include required targets. Build internal builds with VS2019.

CMakeLists.txt:
WebKitLegacy.vcxproj/WebKitLegacy.proj:

Source/WTF:

Build internal builds with VS2019.

WTF.vcxproj/WTF.proj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254681 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:00 AM Changeset in webkit [254986] by Alan Coon

8 edits in branches/safari-609.1.15-branch/Source

Versioning.

10:58 AM Changeset in webkit [254985] by Alan Coon

1 copy in branches/safari-609.1.15-branch

New branch.

10:50 AM Changeset in webkit [254984] by dino@apple.com

1 edit in trunk/WebKit.xcworkspace/xcshareddata/xcschemes/All Source.xcscheme

Change the name of libANGLE in the shared workspace.

WebKit.xcworkspace/xcshareddata/xcschemes/All Source.xcscheme:

10:50 AM Changeset in webkit [254983] by achristensen@apple.com

13 edits
1 add in trunk/Source/WebCore

ContentFilter should access DocumentLoader through an interface
https://bugs.webkit.org/show_bug.cgi?id=206564

Reviewed by Andy Estes.

This will make it easier to move, like to the NetworkProcess where there are no DocumentLoaders.
Also use WTF::Function instead of std::function and UniqueRef instead of std::unique_ptr.
No change in behavior.

WebCore.xcodeproj/project.pbxproj:
loader/ContentFilter.cpp:

(WebCore::ContentFilter::types):
(WebCore::ContentFilter::create):
(WebCore::ContentFilter::ContentFilter):
(WebCore::ContentFilter::continueAfterWillSendRequest):
(WebCore::ContentFilter::continueAfterResponseReceived):
(WebCore::ContentFilter::continueAfterDataReceived):
(WebCore::ContentFilter::continueAfterNotifyFinished):
(WebCore::ContentFilter::forEachContentFilterUntilBlocked):
(WebCore::ContentFilter::didDecide):
(WebCore::ContentFilter::deliverResourceData):
(WebCore::ContentFilter::handleProvisionalLoadFailure):
(): Deleted.

loader/ContentFilter.h:
loader/ContentFilterClient.h: Added.

(WebCore::ContentFilterClient::~ContentFilterClient):

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::handleProvisionalLoadFailure):
(WebCore::DocumentLoader::didBlock):

loader/DocumentLoader.h:
platform/cocoa/NetworkExtensionContentFilter.h:
platform/cocoa/NetworkExtensionContentFilter.mm:

(WebCore::NetworkExtensionContentFilter::create):

platform/cocoa/ParentalControlsContentFilter.h:
platform/cocoa/ParentalControlsContentFilter.mm:

(WebCore::ParentalControlsContentFilter::create):

10:15 AM Changeset in webkit [254982] by Brent Fulgham

4 edits in trunk/Source/WebKit

Stop capturing telemetry for well-understood sandbox rules (206562)
https://bugs.webkit.org/show_bug.cgi?id=206562
<rdar://problem/58778970>

Reviewed by Per Arne Vollan.

Remove logging of sandbox rules that are now understood, and either confirmed to be needed for proper WebKit operation
or identified for removal through a future update.

No new tests. No change in behavior.

NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

10:05 AM Changeset in webkit [254981] by dino@apple.com

629 edits
1 copy
4 moves
70 adds
34 deletes in trunk/Source/ThirdParty/ANGLE

Update ANGLE
https://bugs.webkit.org/show_bug.cgi?id=206318

Several important changes to fix layout test failures and timeouts in this update.

Made expensive validation non-default in debug mode to reduce timeouts.
Optimize disabling ARB_texture_rectangle to make shader compilation much faster.
Flush before texture deletion to work around Mac Intel driver bug.

Patch by James Darpinian <James Darpinian> on 2020-01-22
Reviewed by Dean Jackson.

ANGLE.plist: update commit hash
ANGLE.xcodeproj/project.pbxproj: Add/remove files
Compiler.cmake: Translated from compiler.gni
GLESv2.cmake: Translated from libGLESv2.gni
changes.diff: Now lists all changes from upstream.
update-angle.sh: Diff command was wrong.
Plus a whole lot of changes from upstream.

9:53 AM Changeset in webkit [254980] by Diego Pino Garcia

2 edits
1 add in trunk/LayoutTests

[GTK] Gardening, rebaselines and update TestExpectations
https://bugs.webkit.org/show_bug.cgi?id=206660

Unreviewed gardening.

platform/gtk/TestExpectations:
platform/gtk/imported/w3c/web-platform-tests/media-source/mediasource-remove-expected.txt: Added.

9:51 AM Changeset in webkit [254979] by Matt Lewis

3 edits in trunk/LayoutTests

Actually fix history link directs on dashboard and results.html
https://bugs.webkit.org/show_bug.cgi?id=206666

Reviewed by Jonathan Bedard.

fast/harness/results.html:
legacy-animation-engine/fast/harness/results.html:

8:23 AM Changeset in webkit [254978] by Jonathan Bedard

2 edits in trunk/Tools

Fix iOS 13.2 iphoneos build
https://bugs.webkit.org/show_bug.cgi?id=206618

Reviewed by Alexey Proskuryakov.

Scripts/webkitdirs.pm:

(XcodeOptions): Relax provisioning profile rules on embedded SDKs.

8:15 AM Changeset in webkit [254977] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC][IFC] Do not special case formatting root layout
https://bugs.webkit.org/show_bug.cgi?id=206641
<rdar://problem/58823548>

Reviewed by Antti Koivisto.

Let's move out all the formatting context layout logic from layoutFormattingContextRoot.

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layoutInFlowContent):
(WebCore::Layout::InlineFormattingContext::layoutFormattingContextRoot): Deleted.
(WebCore::Layout::InlineFormattingContext::computeHorizontalAndVerticalGeometry): Deleted.
(WebCore::Layout::InlineFormattingContext::computeWidthAndHeightForReplacedInlineBox): Deleted.

layout/inlineformatting/InlineFormattingContext.h:
layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::isInlineTableBox const):
(WebCore::Layout::Box::isInlineLevelBox const):

layout/layouttree/LayoutBox.h:

8:05 AM Changeset in webkit [254976] by Antti Koivisto

4 edits in trunk

fast/css/first-letter-and-float-crash.html asserts under ComplexLineLayout::createLineBoxes
https://bugs.webkit.org/show_bug.cgi?id=206651
<rdar://problem/54889982>

Reviewed by Anders Carlsson.

Source/WebCore:

Take care that the first-letter style has the correct styleType set even when getCachedPseudoStyle failed.
This is used for checking if there is an existing first letter renderer.

rendering/updating/RenderTreeBuilderFirstLetter.cpp:

(WebCore::styleForFirstLetter):

LayoutTests:

fast/css/first-letter-and-float-crash.html:

Force an additional layout in the test to make the issue easily reproducible.

4:48 AM Changeset in webkit [254975] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix calculation of kindBits
https://bugs.webkit.org/show_bug.cgi?id=206650

bytecode/Operands.h:

4:13 AM Changeset in webkit [254974] by Adrian Perez de Castro

1 copy in releases/WPE WebKit/webkit-2.26.3

WPE WebKit 2.26.3

4:12 AM Changeset in webkit [254973] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.26

Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.26.3 release

Source/cmake/OptionsWPE.cmake: Bump version numbers.

Source/WebKit:

wpe/NEWS: Add release notes 2.26.3.

3:50 AM Changeset in webkit [254972] by Diego Pino Garcia

2 edits
6 adds in trunk/LayoutTests

[GTK] Gardening, update platform baselines for failing tests
https://bugs.webkit.org/show_bug.cgi?id=206644

Unreviewed gardening.

platform/gtk/fast/dom/Range/getBoundingClientRect-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/ecdh_bits.https.any.worker-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/ecdh_keys.https.any.worker-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/dom/events/Event-dispatch-redispatch-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/dom/nodes/Document-createEvent.https-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/svg/import/paths-dom-01-f-manual-expected.txt:

2:58 AM Changeset in webkit [254971] by commit-queue@webkit.org

4 edits in trunk

KeyedDecoderGeneric crashes when it accesses a data with empty string key.
https://bugs.webkit.org/show_bug.cgi?id=206572

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2020-01-23
Reviewed by Fujii Hironori.

Source/WebCore:

Changed null string which was used for HasMap key to empty string.

Test: TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp

platform/generic/KeyedDecoderGeneric.cpp:

(WebCore::readString):

Tools:

TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp:

(TestWebKitAPI::TEST):

1:51 AM Changeset in webkit [254970] by ysuzuki@apple.com

3 edits
4 adds in trunk

nomodule scripts are fetched in some cases (with empty cache or in new tab)
https://bugs.webkit.org/show_bug.cgi?id=194337
<rdar://problem/49700924>

Reviewed by Ryosuke Niwa.

Source/WebCore:

The preloader attempt to preload "src" of script tags. However, script tag attributed with "nomodule"
will never be executed by WebKit since it already supports modules. Avoid loading this content in
the preloader.

Test: http/wpt/preload/classic-script-with-nomodule.html

html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
(WebCore::TokenPreloadScanner::StartTagScanner::shouldPreload):

LayoutTests:

http/wpt/preload/classic-script-with-nomodule-expected.txt: Added.
http/wpt/preload/classic-script-with-nomodule.html: Added.
http/wpt/preload/resources/classic.js: Added.
http/wpt/preload/resources/module.js: Added.

1:46 AM Changeset in webkit [254969] by commit-queue@webkit.org

4 edits in trunk/Tools

It should be possible to build JavaScriptCore with LLVM Source-based Code Coverage, run the tests and see the coverage data
https://bugs.webkit.org/show_bug.cgi?id=206389

Patch by Tuomas Karkkainen <tuomas.webkit@apple.com> on 2020-01-23
Reviewed by Alexey Proskuryakov.

Scripts/run-javascriptcore-tests:
Scripts/set-webkit-configuration:
Scripts/webkitdirs.pm:
coverage/coverage.xcconfig: Added.

1:39 AM Changeset in webkit [254968] by ysuzuki@apple.com

4 edits
1 add in trunk

[JSC] Bits from Operand should fit in bits reserved in AbstractHeap's Payload
https://bugs.webkit.org/show_bug.cgi?id=206619
<rdar://problem/58270260>

Reviewed by Keith Miller.

JSTests:

stress/operand-should-fit-in-abstract-heap-encoded-payload-format.js: Added.

Source/JavaScriptCore:

We extended JSC::Operand to have an additional field representing OperandKind.
However, we have restriction in DFG::AbstractHeap's Payload that Operand's raw
bits format need to fit in reserved bits in Payload's raw bits format, 49 bits.
Since we ordered fields of Operand "m_kind" and "m_operand", in little endian
architecture, raw bits format of Operand can exceed 49 bits if m_operand is
large enough.

This patch fixes the order to ensure that Operand's raw bit format always fits
in 49 bits.

bytecode/Operands.h:

(JSC::Operand::Operand):
(JSC::Operand::asBits const):

dfg/DFGAbstractHeap.h:

1:29 AM Changeset in webkit [254967] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

[GTK] Navigation gesture creates CSS nodes and doesn't remove them
https://bugs.webkit.org/show_bug.cgi?id=206591

Patch by Alexander Mikhaylenko <Alexander Mikhaylenko> on 2020-01-23
Reviewed by Carlos Garcia Campos.

Even though foreign drawing uses a temporary GtkStyleContext, calling
gtk_style_context_set_parent() adds all its CSS nodes to the global
hierarchy, and then they aren't cleaned up. This shouldn't happen.

UIProcess/gtk/ViewGestureControllerGtk.cpp:

(WebKit::ViewGestureController::createStyleContext):Stop setting GtkStyleContext parent.

Jan 22, 2020:

10:50 PM Changeset in webkit [254966] by commit-queue@webkit.org

2 edits
1 add in trunk/LayoutTests

[GTK] Gardening HTTP tests
https://bugs.webkit.org/show_bug.cgi?id=206640

Unreviewed test gardening.

Patch by Lauro Moura <Lauro Moura> on 2020-01-22

platform/gtk/TestExpectations:
platform/gtk/http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt: Added.

10:46 PM Changeset in webkit [254965] by Fujii Hironori

5 edits
2 adds in trunk

[WinCairo] Some of combining family glyphs are replaced by space glyphs
https://bugs.webkit.org/show_bug.cgi?id=205485

Reviewed by Myles C. Maxfield.

Source/WebCore:

Although ComplexTextControllerUniscribe requires
glyph-to-character mapping (stringIndices), Uniscribe returns
character-to-glyph mapping (clusters). So, we are converting it.
And, this is not simple task due to the following reasons.

ComplexTextControllerUniscribe replaces glyphs, which are

corresponding to space characters, with space glyphs.

For example, 👨‍👦 (man+boy, U+1F468 ZWJ U+1F466) consists of a 5
length UTF-16 string.

Uniscribe returns:

glyphs: [6368 6318] (father and boy glyphs)
clusters: [0 0 1 1 1]

This means U+1F468 is mapping to the father glyph, and ZWJ U+1F466
are mapping to the boy glyph. If one simply converts this to
glyph-to-character mapping, it would be [0 2]. This means the
father glyph is mapping to U+1F468, and the boy glyph is mapping
to ZWJ. As the result, ComplexTextControllerUniscribe replaces the
boy glyph with a space glyph because it is mapped to ZWJ. So, by
somehow skipping space characters, we need to convert the clusters
to a glyph-to-character mapping [0 3].

Uniscribe returns the rightmost glyphs for combining glyphs in

RTL text even though it returns the leftmost one for LTR.

For example, if a string "abc" are generating combining glyphs "AB",
Uniscribe returns clusters [0 0] for LTR text, but [1 1] for RTL text.

Test: fast/text/emoji-single-parent-family-3.html

platform/graphics/win/ComplexTextControllerUniscribe.cpp:

(WebCore::BidiRange::BidiRange): Added.
(WebCore::BidiRange::Iterator::Iterator):
(WebCore::BidiRange::Iterator::operator++):
(WebCore::BidiRange::Iterator::operator*):
(WebCore::BidiRange::Iterator::operator==):
(WebCore::BidiRange::Iterator::operator!=):
(WebCore::BidiRange::Iterator::index):
(WebCore::BidiRange::begin const):
(WebCore::BidiRange::end const):
(WebCore::stringIndicesFromClusters): Added.
(WebCore::ComplexTextController::collectComplexTextRunsForCharacters):

LayoutTests:

fast/text/emoji-single-parent-family-3-expected-mismatch.html: Added.
fast/text/emoji-single-parent-family-3.html: Added.
platform/win/TestExpectations: Marked fast/text/emoji-single-parent-family-3.html as ImageOnlyFailure.
platform/wincairo/TestExpectations: Changed the bug number for fast/text/stale-TextLayout-from-first-line.html.

10:31 PM Changeset in webkit [254964] by jonlee@apple.com

14 edits in trunk/Source

[Media in GPU process] Pipe more MediaPlayerPrivate and client methods
https://bugs.webkit.org/show_bug.cgi?id=206468

Reviewed by Eric Carlson.

Source/WebCore:

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):

html/HTMLMediaElement.h:
platform/graphics/MediaPlayer.cpp:

(WebCore::MediaPlayer::currentPlaybackTargetIsWirelessChanged):

platform/graphics/MediaPlayer.h: Add resourceNotSupported() to call up to the client.

(WebCore::MediaPlayerClient::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):

platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:

(WebCore::MediaPlayerPrivateAVFoundation::playbackTargetIsWirelessChanged):

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setShouldPlayToPlaybackTarget):

Source/WebKit:

Pipe more of the media player and client functions. Generally, these are void functions
that require no parameters.

Also, the client *changed() functions, when implemented, tend to call the accessor of the property
that just changed. This seems rather circuitous. The client methods ought to just also pass along
the value of the new changed value. This patch refactors mediaPlayerCurrentPlaybackTargetIsWirelessChanged
to do exactly that.

GPUProcess/media/RemoteMediaPlayerProxy.cpp:

(WebKit::RemoteMediaPlayerProxy::mediaPlayerResourceNotSupported):
(WebKit::RemoteMediaPlayerProxy::mediaPlayerEngineUpdated):
(WebKit::RemoteMediaPlayerProxy::mediaPlayerActiveSourceBuffersChanged):
(WebKit::RemoteMediaPlayerProxy::mediaPlayerWaitingForKeyChanged):
(WebKit::RemoteMediaPlayerProxy::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
(WebKit::RemoteMediaPlayerProxy::setWirelessVideoPlaybackDisabled):
(WebKit::RemoteMediaPlayerProxy::setShouldPlayToPlaybackTarget):
(WebKit::RemoteMediaPlayerProxy::keyAdded):
(WebKit::RemoteMediaPlayerProxy::beginSimulatedHDCPError):
(WebKit::RemoteMediaPlayerProxy::endSimulatedHDCPError):
(WebKit::RemoteMediaPlayerProxy::notifyActiveSourceBuffersChanged):
(WebKit::RemoteMediaPlayerProxy::applicationWillResignActive):
(WebKit::RemoteMediaPlayerProxy::applicationDidBecomeActive):

GPUProcess/media/RemoteMediaPlayerProxy.h:
GPUProcess/media/RemoteMediaPlayerProxy.messages.in:
WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:

(WebKit::MediaPlayerPrivateRemote::setWirelessVideoPlaybackDisabled):
(WebKit::MediaPlayerPrivateRemote::currentPlaybackTargetIsWirelessChanged): Cache value in new member variable.
(WebKit::MediaPlayerPrivateRemote::isCurrentPlaybackTargetWireless const): Return value.
(WebKit::MediaPlayerPrivateRemote::setShouldPlayToPlaybackTarget):
(WebKit::MediaPlayerPrivateRemote::keyAdded):
(WebKit::MediaPlayerPrivateRemote::waitingForKeyChanged):
(WebKit::MediaPlayerPrivateRemote::beginSimulatedHDCPError):
(WebKit::MediaPlayerPrivateRemote::endSimulatedHDCPError):
(WebKit::MediaPlayerPrivateRemote::notifyActiveSourceBuffersChanged):
(WebKit::MediaPlayerPrivateRemote::applicationWillResignActive):
(WebKit::MediaPlayerPrivateRemote::applicationDidBecomeActive):
(WebKit::MediaPlayerPrivateRemote::resourceNotSupported):
(WebKit::MediaPlayerPrivateRemote::engineUpdated):
(WebKit::MediaPlayerPrivateRemote::activeSourceBuffersChanged):

WebProcess/GPU/media/MediaPlayerPrivateRemote.h:
WebProcess/GPU/media/MediaPlayerPrivateRemote.messages.in:

8:54 PM Changeset in webkit [254963] by jiewen_tan@apple.com

2 edits in trunk/Tools

Unreviewed, rolling out r254955.

Broke internal builds

Reverted changeset:

"WebKitTestRunner: move code sign configurations from
WebKitTestRunner.xcconfig to DebugRelease.xcconfig"
https://bugs.webkit.org/show_bug.cgi?id=206607
https://trac.webkit.org/changeset/254955

8:50 PM Changeset in webkit [254962] by mark.lam@apple.com

3 edits in trunk/Source/JavaScriptCore

Restore nullification of DFG::Plan::m_vm when the plan is cancelled.
https://bugs.webkit.org/show_bug.cgi?id=206633
<rdar://problem/58811967>

Reviewed by Robin Morisset.

In r253243, I replaced the nullification of Plan::m_vm in Plan::cancel() with
code to decorate the m_vm pointer with a nuke bit. The thinking is that keeping
the VM pointer in nuked form allows us to do certain assertions, as well as
implementing code in support of keeping Box<Identifier>s alive. It is only
correct to use the nuked VM pointer if and only if the VM is guaranteed to
outlive the Plan. r253243 guarantees this condition.

In r254464, I replaced the use of Box<Identifier> with CacheableIdentifier.
This obviated all the support code added above, and rolled out most of it.
However, I opted to keep the nuked VM pointer in the DFG::Plan to as a debugging
aid (it's nice to be able to know which VM the Plan came from).

However, r254464 also undid the guarantee that the VM will outlive the Plan.
As a result, a nuked VM pointer is no longer guaranteed to point to a valid VM.
Some worker layout tests, run on an ASAN build, detected that the pointer is
pointing to an already freed VM and failed with a crash.

This patch fixes this issue by completely reverting the nuked VM pointer code,
and restores nullification of the m_vm pointer in Plan::cancel().

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::computeCompileTimes const):
(JSC::DFG::Plan::cancel):

dfg/DFGPlan.h:

(JSC::DFG::Plan::vm const):
(JSC::DFG::Plan::unnukedVM const): Deleted.
(JSC::DFG::Plan::nuke): Deleted.
(JSC::DFG::Plan::unnuke): Deleted.

8:49 PM Changeset in webkit [254961] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC][IFC] Use "inline box" or "atomic inline level box" instead of inline container
https://bugs.webkit.org/show_bug.cgi?id=206592
<rdar://problem/58799970>

Reviewed by Antti Koivisto.

Inline container is not a spec term.

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computeHorizontalAndVerticalGeometry):
(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthConstraints):
(WebCore::Layout::InlineFormattingContext::collectInlineContentIfNeeded):

layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::isInlineBox const):
(WebCore::Layout::Box::isAtomicInlineLevelBox const):

layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isContainer const):
(WebCore::Layout::Box::isBlockContainer const): Deleted.
(WebCore::Layout::Box::isInlineContainer const): Deleted.

layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::outputLayoutBox):

7:52 PM Changeset in webkit [254960] by keith_miller@apple.com

3 edits in trunk/Source/JavaScriptCore

Remove DFGAbstractHeap::typeInfoType since it's immutable
https://bugs.webkit.org/show_bug.cgi?id=206638

Reviewed by Yusuke Suzuki.

dfg/DFGAbstractHeap.h:
dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

6:58 PM Changeset in webkit [254959] by keith_miller@apple.com

7 edits
1 add in trunk

InternalField and CheckNeutered DFG nodes are not always safe to execute
https://bugs.webkit.org/show_bug.cgi?id=206632

Reviewed by Saam Barati.

JSTests:

stress/for-of-bad-internal-field-hoist.js: Added.

(foo):

Source/JavaScriptCore:

We currently mark (Get/Set)InternalField/CheckNeutered nodes as safe to execute everywhere. However,
GetInternalField, etc. rely on a proof that the cell passed to it is a subclass of InteralFieldObject.
This combination means we may hoist the nodes past the check guarding them.

Also, remove a bogus assertion that we will have proven the value passed to CheckNeutered is a TypedArray.
It's not valid to require that AI preserve a precise model of all invariants since phases can make changes
that AI doesn't understand.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCheckNeutered):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckNeutered):

6:45 PM Changeset in webkit [254958] by don.olmstead@sony.com

11 edits
20 adds in trunk

[OpenSSL] Add stubs and build for Web Crypto
https://bugs.webkit.org/show_bug.cgi?id=206449

Reviewed by Jiewen Tan.

Enable Web Crypto as an experiment for WinCairo and PlayStation. Add the USE_OPENSSL
definition to platforms using OpenSSL.

Source/cmake/OptionsFTW.cmake:
Source/cmake/OptionsPlayStation.cmake:
Source/cmake/OptionsWin.cmake:
Source/cmake/OptionsWinCairo.cmake:

Source/WebCore:

Add stubs for an OpenSSL implementation of Web Crypto. Add the associated CMake
files for OpenSSL platforms and reference them on the platforms using OpenSSL.

Tests will be enabled as functionality lands.

PlatformFTW.cmake:
PlatformPlayStation.cmake:
PlatformWinCairo.cmake:
crypto/keys/CryptoKeyEC.h:
crypto/keys/CryptoKeyRSA.h:
crypto/openssl/CryptoAlgorithmAES_CBCOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):

crypto/openssl/CryptoAlgorithmAES_CFBOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmAES_CFB::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CFB::platformDecrypt):

crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmAES_CTR::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CTR::platformDecrypt):

crypto/openssl/CryptoAlgorithmAES_GCMOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmAES_GCM::platformEncrypt):
(WebCore::CryptoAlgorithmAES_GCM::platformDecrypt):

crypto/openssl/CryptoAlgorithmAES_KWOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmAES_KW::platformWrapKey):
(WebCore::CryptoAlgorithmAES_KW::platformUnwrapKey):

crypto/openssl/CryptoAlgorithmECDHOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmECDH::platformDeriveBits):

crypto/openssl/CryptoAlgorithmECDSAOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmECDSA::platformSign):
(WebCore::CryptoAlgorithmECDSA::platformVerify):

crypto/openssl/CryptoAlgorithmHKDFOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmHKDF::platformDeriveBits):

crypto/openssl/CryptoAlgorithmHMACOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmHMAC::platformSign):
(WebCore::CryptoAlgorithmHMAC::platformVerify):

crypto/openssl/CryptoAlgorithmPBKDF2OpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmPBKDF2::platformDeriveBits):

crypto/openssl/CryptoAlgorithmRSAES_PKCS1_v1_5OpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
(WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):

crypto/openssl/CryptoAlgorithmRSASSA_PKCS1_v1_5OpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):

crypto/openssl/CryptoAlgorithmRSA_OAEPOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
(WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):

crypto/openssl/CryptoAlgorithmRSA_PSSOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmRSA_PSS::platformSign):
(WebCore::CryptoAlgorithmRSA_PSS::platformVerify):

crypto/openssl/CryptoAlgorithmRegistryOpenSSL.cpp: Added.

(WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):

crypto/openssl/CryptoKeyECOpenSSL.cpp: Added.

(WebCore::CryptoKeyEC::keySizeInBits const):
(WebCore::CryptoKeyEC::platformSupportedCurve):
(WebCore::CryptoKeyEC::platformGeneratePair):
(WebCore::CryptoKeyEC::platformImportRaw):
(WebCore::CryptoKeyEC::platformImportJWKPublic):
(WebCore::CryptoKeyEC::platformImportJWKPrivate):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportRaw const):
(WebCore::CryptoKeyEC::platformAddFieldElements const):
(WebCore::CryptoKeyEC::platformExportSpki const):
(WebCore::CryptoKeyEC::platformExportPkcs8 const):

crypto/openssl/CryptoKeyRSAOpenSSL.cpp: Added.

(WebCore::CryptoKeyRSA::create):
(WebCore::CryptoKeyRSA::isRestrictedToHash const):
(WebCore::CryptoKeyRSA::keySizeInBits const):
(WebCore::CryptoKeyRSA::generatePair):
(WebCore::CryptoKeyRSA::importSpki):
(WebCore::CryptoKeyRSA::importPkcs8):
(WebCore::CryptoKeyRSA::exportSpki const):
(WebCore::CryptoKeyRSA::exportPkcs8 const):
(WebCore::CryptoKeyRSA::exportData const):

crypto/openssl/SerializedCryptoKeyWrapOpenSSL.cpp: Added.

(WebCore::getDefaultWebCryptoMasterKey):
(WebCore::wrapSerializedCryptoKey):
(WebCore::unwrapSerializedCryptoKey):

platform/OpenSSL.cmake: Added.

6:27 PM Changeset in webkit [254957] by sbarati@apple.com

6 edits in trunk/Source/JavaScriptCore

Add an option for logging total phase times
https://bugs.webkit.org/show_bug.cgi?id=206623

Reviewed by Robin Morisset and Keith Miller.

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

jsc.cpp:

(runJSC):

runtime/OptionsList.h:
tools/CompilerTimingScope.cpp:

(JSC::CompilerTimingScope::CompilerTimingScope):
(JSC::CompilerTimingScope::~CompilerTimingScope):
(JSC::logTotalPhaseTimes):

tools/CompilerTimingScope.h:

6:25 PM Changeset in webkit [254956] by eric.carlson@apple.com

2 edits in trunk/Source/WTF

uniqueLogIdentifier() should generate a unique identifiers
https://bugs.webkit.org/show_bug.cgi?id=206612

Reviewed by Brent Fulgham.

wtf/LoggerHelper.h:

(WTF::LoggerHelper::uniqueLogIdentifier):

6:14 PM Changeset in webkit [254955] by jiewen_tan@apple.com

2 edits in trunk/Tools

WebKitTestRunner: move code sign configurations from WebKitTestRunner.xcconfig to DebugRelease.xcconfig
https://bugs.webkit.org/show_bug.cgi?id=206607
<rdar://problem/56087327>

Reviewed by Alexey Proskuryakov.

WebKitTestRunner/Configurations/WebKitTestRunner.xcconfig:

5:53 PM Changeset in webkit [254954] by Fujii Hironori

2 edits in trunk/Source/WebCore

preprocess-idls.pl: CygwinPathIfNeeded should use Cygwin::win_to_posix_path instead of invoking cygpath
https://bugs.webkit.org/show_bug.cgi?id=206407

Reviewed by Chris Dumez.

preprocess-idls.pl was invoking cygpath command for all input IDL
files. Use Cygwin::win_to_posix_path function instead.

bindings/scripts/preprocess-idls.pl: Changed the way to load idlFilesList as well as generate-bindings-all.pl does.

(CygwinPathIfNeeded): Copied from CygwinPathIfNeeded of generate-bindings-all.pl.

4:27 PM Changeset in webkit [254953] by dino@apple.com

3 edits in trunk/Source/ThirdParty/ANGLE

REGRESSION (r253926): webgl/1.0.3/conformance/rendering/many-draw-calls.html is much slower, times out in debug
https://bugs.webkit.org/show_bug.cgi?id=205668

Disable asserts when compiling ANGLE in release mode by defining
NDEBUG.

Patch by James Darpinian <James Darpinian> on 2020-01-22
Reviewed by Dean Jackson.

Configurations/ANGLE.xcconfig:

4:24 PM Changeset in webkit [254952] by dbates@webkit.org

3 edits in trunk/Source/WebKitLegacy/mac

Legacy WebKit: Add SPI variant of -setSelectedDOMRange that can perform the selection as if triggered by the user
https://bugs.webkit.org/show_bug.cgi?id=206622

Reviewed by Wenson Hsieh.

Add a new -setSelectedDOMRange SPI variant that takes a boolean to indicate whether the selection
was triggered by the user.

While I am here, I simplified and modernized the code. This includes moving the null check of
Frame::page() to the top of the function. This let me eliminate the null check for Frame::view()
because every frame that has a page must have a non-null view. I imported WebEditorClient.h
to get WebKit::core(NSSelectionAffinity) and remove a C-style cast to WebCore::EAffinity.
I also used more "auto".

WebView/WebFrame.mm:

(-[WebFrame setSelectedDOMRange:affinity:closeTyping:]): Modified to call the newly added variant,
passing "userTriggered:NO" to keep the current behavior.
(-[WebFrame setSelectedDOMRange:affinity:closeTyping:userTriggered:]): Added.

WebView/WebFramePrivate.h:

4:20 PM Changeset in webkit [254951] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Make a Ref to WindowEventLoop when the timer to run tasks fires
https://bugs.webkit.org/show_bug.cgi?id=206568

Reviewed by Antti Koivisto.

Keep WindowEventLoop alive explicitly while invoking EventLoop::run.

dom/WindowEventLoop.cpp:

(WebCore::WindowEventLoop::WindowEventLoop):
(WebCore::WindowEventLoop::didReachTimeToRun):

dom/WindowEventLoop.h:

3:48 PM Changeset in webkit [254950] by beidson@apple.com

4 edits in trunk

REGRESSION (r253519): [WKWebView evaluateJavaScript:completionHandler:] gives a non-nil, non-Error result even when JavaScript cannot be evaluated
<rdar://problem/58544942> and https://bugs.webkit.org/show_bug.cgi?id=206608

Reviewed by Alex Christensen.

Source/WebCore:

Covered by new API test.

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeScriptInWorld): Address a FIXME added in 253519 which had predicted this problem.

Tools:

TestWebKitAPI/Tests/WebKitCocoa/WKWebViewEvaluateJavaScript.mm:

(TEST):

3:38 PM Changeset in webkit [254949] by Truitt Savell

2 edits in trunk/LayoutTests

REGRESSION: [ Mac WK2 ] webgpu/vertex-buffer-triangle-strip.html is a flakey image failure
https://bugs.webkit.org/show_bug.cgi?id=198942

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

3:25 PM Changeset in webkit [254948] by commit-queue@webkit.org

2 edits in trunk/Source/WTF

Remove unused enable macro ENABLE_JIT_CONSTANT_BLINDING
https://bugs.webkit.org/show_bug.cgi?id=206415

Patch by Sam Weinig <weinig@apple.com> on 2020-01-22
Reviewed by Anders Carlsson.

wtf/PlatformEnable.h:

ENABLE_JIT_CONSTANT_BLINDING is not used anywhere in WebKit so can be removed.

3:12 PM Changeset in webkit [254947] by Caio Lima

8 edits in trunk/Source/JavaScriptCore

[32-bits][JIT] Fix build issues.
https://bugs.webkit.org/show_bug.cgi?id=206603

Reviewed by Yusuke Suzuki.

This patch is adjusting places to use VirtualRegister instead of
offset directly, to make 32-bit JIT compilable again. Original authors
of this patch are Paulo Matos and Guillaume Emont.

jit/JIT.h:
jit/JITArithmetic32_64.cpp:

(JSC::JIT::emit_compareAndJump):
(JSC::JIT::emit_compareUnsignedAndJump):
(JSC::JIT::emit_compareUnsigned):
(JSC::JIT::emit_compareAndJumpSlow):
(JSC::JIT::emit_op_unsigned):
(JSC::JIT::emit_op_inc):
(JSC::JIT::emit_op_dec):
(JSC::JIT::emitBinaryDoubleOp):

jit/JITCall32_64.cpp:

(JSC::JIT::emitPutCallResult):
(JSC::JIT::emit_op_ret):
(JSC::JIT::compileSetupFrame):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):

jit/JITInlines.h:

(JSC::JIT::emitLoadTag):
(JSC::JIT::emitLoadPayload):
(JSC::JIT::emitGetVirtualRegister):
(JSC::JIT::emitJumpSlowCaseIfNotJSCell):
(JSC::JIT::getOperandConstantInt):
(JSC::JIT::emitGet): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_mov):
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_overrides_has_instance):
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof_custom):
(JSC::JIT::emit_op_is_empty):
(JSC::JIT::emit_op_is_undefined):
(JSC::JIT::emit_op_is_undefined_or_null):
(JSC::JIT::emit_op_is_boolean):
(JSC::JIT::emit_op_is_number):
(JSC::JIT::emit_op_is_cell_with_type):
(JSC::JIT::emit_op_is_object):
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_not):
(JSC::JIT::emit_op_jfalse):
(JSC::JIT::emit_op_jtrue):
(JSC::JIT::emit_op_jeq_null):
(JSC::JIT::emit_op_jneq_null):
(JSC::JIT::emit_op_jundefined_or_null):
(JSC::JIT::emit_op_jnundefined_or_null):
(JSC::JIT::emit_op_jneq_ptr):
(JSC::JIT::emit_op_eq):
(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::emit_op_jeq):
(JSC::JIT::emit_op_neq):
(JSC::JIT::emitSlow_op_neq):
(JSC::JIT::emit_op_jneq):
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::compileOpStrictEqJump):
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emit_op_to_numeric):
(JSC::JIT::emit_op_to_string):
(JSC::JIT::emit_op_to_object):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_get_parent_scope):
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_get_scope):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emit_op_to_this):
(JSC::JIT::emit_op_check_tdz):
(JSC::JIT::emit_op_has_structure_property):
(JSC::JIT::emit_op_has_indexed_property):
(JSC::JIT::emitSlow_op_has_indexed_property):
(JSC::JIT::emit_op_get_direct_pname):
(JSC::JIT::emit_op_enumerator_structure_pname):
(JSC::JIT::emit_op_enumerator_generic_pname):
(JSC::JIT::emit_op_profile_type):
(JSC::JIT::emit_op_log_shadow_chicken_prologue):
(JSC::JIT::emit_op_log_shadow_chicken_tail):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_put_getter_by_id):
(JSC::JIT::emit_op_put_setter_by_id):
(JSC::JIT::emit_op_put_getter_setter_by_id):
(JSC::JIT::emit_op_put_getter_by_val):
(JSC::JIT::emit_op_put_setter_by_val):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitArrayStoragePutByVal):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalVariable):
(JSC::JIT::emitPutGlobalVariableIndirect):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_get_internal_field):
(JSC::JIT::emit_op_put_internal_field):

jit/JSInterfaceJIT.h:

(JSC::JSInterfaceJIT::emitJumpIfNotJSCell):
(JSC::JSInterfaceJIT::emitLoadInt32):
(JSC::JSInterfaceJIT::emitLoadDouble):

2:31 PM Changeset in webkit [254946] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, fix build with recent SDKs.

platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::externalOutputDeviceAvailable):
(WebCore::MediaPlaybackTargetPickerMac::devicePicker):
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

2:00 PM Changeset in webkit [254945] by commit-queue@webkit.org

9 edits
2 adds in trunk

Automatic link replacement via "Smart links" should emit "insertLink" input events
https://bugs.webkit.org/show_bug.cgi?id=191306
Source/WebCore:

<rdar://problem/58491514>

Patch by Nikos Mouchtaris <Nikos Mouchtaris> on 2020-01-22
Reviewed by Wenson Hsieh.

Added support for outputting "insertLink" for input type and the url for the
data of the input event when smart link is used.

Test: fast/events/input-event-insert-link.html

editing/CreateLinkCommand.h:
editing/EditCommand.cpp:

(WebCore::inputTypeNameForEditingAction):

LayoutTests:

Patch by Nikos Mouchtaris <Nikos Mouchtaris> on 2020-01-22
Reviewed by Wenson Hsieh.

Due to webkit.org/b/162081 this test is skipped for WebKit2.

fast/events/input-event-insert-link-expected.txt: Added.
fast/events/input-event-insert-link.html: Added.
platform/gtk/TestExpectations:
platform/ios/TestExpectations:
platform/mac-wk2/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

1:58 PM Changeset in webkit [254944] by Jonathan Bedard

2 edits in trunk/Tools

webkitpy: WebSocket server doesn't support Python 3 (Workaround)
https://bugs.webkit.org/show_bug.cgi?id=206546

Reviewed by Alexey Proskuryakov.

websocket_server.py doesn't support Python 3, and needs to be run with
Python 2.

Scripts/webkitpy/layout_tests/servers/websocket_server.py:

(PyWebSocket._prepare_config): Use Python 2 explicitly.

1:42 PM Changeset in webkit [254943] by Caio Lima

2 edits in trunk/Source/JavaScriptCore

[ARMv7] Assembler is generating wrong instruction for ldr r2, [r3, #7]
https://bugs.webkit.org/show_bug.cgi?id=206231

Reviewed by Mark Lam.

When generating code for ldr on ARMv7, we were encoding immediates not
multiple of 4 using Encoding T1, which only accepts multiple of 4 as
immediates. This patch fixes such issue and allow us generate proper
code when offset imemdiates are not multiple of 4.

assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::ldr):

1:33 PM Changeset in webkit [254942] by basuke.suzuki@sony.com

2 edits in trunk/Tools

[build-webkit] Add option for toggling unified build
https://bugs.webkit.org/show_bug.cgi?id=206597

Reviewed by Adrian Perez de Castro.

Added command line option for build-webkit script to toggle unified build.

Scripts/webkitperl/FeatureList.pm:

1:32 PM Changeset in webkit [254941] by commit-queue@webkit.org

9 edits in trunk/Source/WebCore

Remove ImageBuffer::sizeForDestinationSize()
https://bugs.webkit.org/show_bug.cgi?id=206541

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2020-01-22
Reviewed by Tim Horton.

-- Remove ImageBuffer::sizeForDestinationSize() since it is currently

doing nothing. For CG and D2D ports, it scales a rect by the ratio
backingStoreSize / internalSize which is always 1. The constructor
ImageBuffer::ImageBuffer() sets m_size and m_data.backingStoreSize
to the same value always.

-- Remove ImageBuffer::isCompatibleWithContext() since it is not used.

-- Remove ImageBuffer::fastCopyImageMode() since it returns

DontCopyBackingStore on all ports.

html/CustomPaintCanvas.cpp:

(WebCore::CustomPaintCanvas::copiedImage const):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::texSubImage2D):
(WebCore::WebGLRenderingContextBase::texImage2D):
(WebCore::WebGLRenderingContextBase::drawImageIntoBuffer):

platform/graphics/ImageBuffer.cpp:

(WebCore::ImageBuffer::sizeForDestinationSize const): Deleted.
(WebCore::ImageBuffer::isCompatibleWithContext const): Deleted.

platform/graphics/ImageBuffer.h:

(WebCore::ImageBuffer::logicalSize const):

platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBuffer::fastCopyImageMode): Deleted.

platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::clipToImageBuffer):

platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::ImageBuffer):
(WebCore::createBitmapImageAfterScalingIfNeeded):
(WebCore::ImageBuffer::copyImage const):
(WebCore::ImageBuffer::sinkIntoImage):
(WebCore::ImageBuffer::toCFData const):
(WebCore::scaleSizeToUserSpace): Deleted.
(WebCore::ImageBuffer::sizeForDestinationSize const): Deleted.
(WebCore::ImageBuffer::fastCopyImageMode): Deleted.

platform/graphics/win/ImageBufferDirect2D.cpp:

(WebCore::scaleSizeToUserSpace): Deleted.
(WebCore::ImageBuffer::sizeForDestinationSize const): Deleted.
(WebCore::ImageBuffer::fastCopyImageMode): Deleted.

1:21 PM Changeset in webkit [254940] by don.olmstead@sony.com

5 edits
3 deletes in trunk/Tools

Share InjectedBundleController::platformInitialize
https://bugs.webkit.org/show_bug.cgi?id=206598

Reviewed by Konstantin Tokarev.

Add a stub for platformInitialize in InjectedBundleController.cpp which is
used for non-Cocoa ports. Remove the platform specific stubs.

TestWebKitAPI/InjectedBundleController.cpp:

(TestWebKitAPI::InjectedBundleController::platformInitialize):

TestWebKitAPI/PlatformGTK.cmake:
TestWebKitAPI/PlatformWPE.cmake:
TestWebKitAPI/PlatformWin.cmake:
TestWebKitAPI/gtk/InjectedBundleControllerGtk.cpp: Removed.
TestWebKitAPI/win/InjectedBundleControllerWin.cpp: Removed.
TestWebKitAPI/wpe/InjectedBundleControllerWPE.cpp: Removed.

12:55 PM Changeset in webkit [254939] by ysuzuki@apple.com

6 edits
1 add in trunk

[JSC] DateMath should accept more ISO-8601 timezone designators even if they are not included in ECMA262 to produce expected results in the wild code
https://bugs.webkit.org/show_bug.cgi?id=160287

Reviewed by Ross Kirsling.

JSTests:

stress/relaxed-timezone-designators.js: Added.

(shouldBe):
(parsedDate):

Source/WTF:

While ECMA262[1] always requires ":" in a timezone designator between hours and minutes (like, "hh:mm"),
ISO-8601 can accept additional forms, "+hh" and "+hhmm". This patch relaxes our Date parsing to accept this
type of timezone designators so that we can accept wider forms of date time formats. This addition does not
break the existing parsing rules since '+-' prefix can clarify that following sequences are timezones.

[1]: https://tc39.es/ecma262/#sec-date-time-string-format
[2]: https://en.wikipedia.org/wiki/ISO_8601#Time_zone_designators

wtf/DateMath.cpp:

(WTF::parseES5TimePortion):
(WTF::parseES5DateFromNullTerminatedCharacters):

LayoutTests:

js/date-parse-test-expected.txt:
js/script-tests/date-parse-test.js:

12:52 PM Changeset in webkit [254938] by Keith Rollin

3 edits in trunk/Source/WebKit

Fix SDK availability macros
https://bugs.webkit.org/show_bug.cgi?id=206463
<rdar://problem/58581906>

Reviewed by Timothy Hatcher.

Bug 197841 updated WebKit.xcconfig with regards to when it runs a
header post-processing script. This post-processing script grovels
over our exported headers, changing macros like WK_API_AVAILABLE to
the standard API_AVAILABLE. Because of the change in Bug 197841, the
script was no longer being run when preparing macOS 10.15 SDKs, which
was breaking those SDKs. Fix this by reverting the change, allowing
the macros to be replaced for macOS 10.15.

We also need to touch WKFoundation.h in order to support incremental
builds. If we don't, then the version of WKFoundation.h that was
exported in the previous build and that was incorrectly post-processed
would remain incorrectly post-processed. Touch the file so that it
will get re-exported and re-post-processed.

No new tests - no added or changed functionality.

Configurations/WebKit.xcconfig:
Shared/API/Cocoa/WKFoundation.h:

12:49 PM Changeset in webkit [254937] by Diego Pino Garcia

2 edits in trunk/LayoutTests

[GTK] Gardening, update TestExpectations
https://bugs.webkit.org/show_bug.cgi?id=206590

Unreviewed gardening.

platform/gtk/TestExpectations:

12:45 PM Changeset in webkit [254936] by ysuzuki@apple.com

22 edits
1 add in trunk

[JSC] Add CheckArrayOrEmpty to handle the case when hoisting CheckArray for places where input can be empty
https://bugs.webkit.org/show_bug.cgi?id=206571
<rdar://problem/58757016>

Reviewed by Saam Barati.

JSTests:

stress/check-array-or-empty.js: Added.

(C):

Source/JavaScriptCore:

Since we hoist CheckArray too in DFGTypeCheckHoistingPhase, we have the same problem to CheckStructureOrEmpty: we
could insert CheckArray where the input can include Empty. We should have CheckArrayOrEmpty as we have CheckStructureOrEmpty
for CheckStructure: CheckArrayOrEmpty accepts empty or cell with specified array-modes.

dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::filterArrayModes):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::filterArrayModes):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filterArrayModes):

dfg/DFGAbstractValue.h:
dfg/DFGArgumentsEliminationPhase.cpp:
dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNode.h:

(JSC::DFG::Node::convertCheckArrayOrEmptyToCheckArray):
(JSC::DFG::Node::hasArrayMode):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::checkArray):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::run):

dfg/DFGValidate.cpp:
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckArrayOrEmpty):

12:39 PM Changeset in webkit [254935] by dino@apple.com

2 edits in trunk/LayoutTests

[WebGL] Skip tests on WebGL bot that are skipped on trunk/master
https://bugs.webkit.org/show_bug.cgi?id=206609

Reviewed by Antoine Quint.

These three tests fail when trying to get external resources.

webgl/TestExpectations:

12:31 PM Changeset in webkit [254934] by ysuzuki@apple.com

10 edits in trunk/Source/JavaScriptCore

[JSC] Attempt to fix BytecodeIndex handling in 32bit
https://bugs.webkit.org/show_bug.cgi?id=206577

Reviewed by Keith Miller.

This patch mechanically lists up places using Instruction* as BytecodeIndex and fixes it,
since 32bit also starts using an offset as BytecodeIndex. This patch also fixes several
places where LLInt PB is not handled correctly in 32bit after we start using PB register
even in 32bit.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::bytecodeIndexFromCallSiteIndex):

dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):

jit/JITCall32_64.cpp:

(JSC::JIT::compileOpCall):

jit/JITInlines.h:

(JSC::JIT::updateTopCallFrame):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_log_shadow_chicken_tail):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_in_by_id):

llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

llint/LowLevelInterpreter.cpp:

(JSC::CLoop::execute):

runtime/SamplingProfiler.cpp:

(JSC::tryGetBytecodeIndex):
(JSC::SamplingProfiler::processUnverifiedStackTraces):

11:45 AM Changeset in webkit [254933] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC] Do not create a FormattingContext to compute intrinsic width unless there's some content.
https://bugs.webkit.org/show_bug.cgi?id=206581
<rdar://problem/58798593>

Reviewed by Antti Koivisto.

We should only construct a formatting context when it has some content.

layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::FormattingContext):

layout/FormattingContextGeometry.cpp:

(WebCore::Layout::FormattingContext::Geometry::shrinkToFitWidth):

layout/blockformatting/BlockFormattingContextGeometry.cpp:

(WebCore::Layout::BlockFormattingContext::Geometry::intrinsicWidthConstraints):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthForFormattingRoot):

11:45 AM Changeset in webkit [254932] by Alan Bujtas

2 edits in trunk/Source/WebKitLegacy/mac

REGRESSION (r254923): [mac-wk1] http/tests/inspector/network/har/har-page.html crashing in WebCore::Display::Box::contentBox()
https://bugs.webkit.org/show_bug.cgi?id=206600

Unreviewed.

r254923 missed this one place to turn off LFC integration.

WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

11:31 AM Changeset in webkit [254931] by Chris Dumez

43 edits
1 copy
1 move in trunk/Source

Frequent NetworkConnectionToWebProcess::CookiesEnabled sync IPC when browsing reddit.com
https://bugs.webkit.org/show_bug.cgi?id=206450

Reviewed by Darin Adler.

Source/WebCore:

Move HTTPCookieAcceptPolicy.h header from WebKit to WebCore so that the HTTPCookieAcceptPolicy enum
can be used in NetworkStorageSession. Replace NetworkStorageSession::cookiesEnabled() with a more
detailed NetworkStorageSession::cookieAcceptPolicy() method.

WebCore.xcodeproj/project.pbxproj:
loader/CookieJar.cpp:

(WebCore::CookieJar::cookiesEnabled const):

platform/network/HTTPCookieAcceptPolicy.h: Renamed from Source/WebKit/Shared/HTTPCookieAcceptPolicy.h.
platform/network/NetworkStorageSession.cpp:
platform/network/NetworkStorageSession.h:
platform/network/cf/NetworkStorageSessionCFNetWin.cpp:

(WebCore::NetworkStorageSession::cookieAcceptPolicy const):

platform/network/cocoa/NetworkStorageSessionCocoa.mm:

(WebCore::NetworkStorageSession::cookieAcceptPolicy const):

platform/network/curl/NetworkStorageSessionCurl.cpp:

(WebCore::NetworkStorageSession::cookieAcceptPolicy const):

platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::NetworkStorageSession::cookieAcceptPolicy const):

Source/WebKit:

Frequent NetworkConnectionToWebProcess::CookiesEnabled sync IPC when browsing reddit.com. This
happens every time the page script calls navigator.cookieEnabled. To address the issue, we now
store the "cookie accept policy" on the WebContent process side. This allows us to know
synchronously on the WebContent process if cookies are enabled or not and without any IPC to
the network process. To achieve this, I added a new cookieAcceptPolicy member to
NetworkProcessConnectionInfo so that the WebContent process is aware of the initial policy when
it connects to the network process. The policy on the WebContent process side is then kept up
to date via IPCs from the network process to the WebContent processes whenever the cookie
accept policy changes.

NetworkProcess/Cookies/WebCookieManager.cpp:

(WebKit::WebCookieManager::setHTTPCookieAcceptPolicy):
(WebKit::WebCookieManager::getHTTPCookieAcceptPolicy):

NetworkProcess/Cookies/WebCookieManager.h:
NetworkProcess/Cookies/WebCookieManager.messages.in:
NetworkProcess/Cookies/curl/WebCookieManagerCurl.cpp:
NetworkProcess/Cookies/mac/WebCookieManagerMac.mm:
NetworkProcess/Cookies/soup/WebCookieManagerSoup.cpp:
NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::cookieAcceptPolicyChanged):

NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::createNetworkConnectionToWebProcess):
(WebKit::NetworkProcess::cookieAcceptPolicyChanged):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
NetworkProcess/NetworkProcessCreationParameters.h:
Shared/WebProcessCreationParameters.h:
UIProcess/API/APIHTTPCookieStore.cpp:

(API::HTTPCookieStore::setHTTPCookieAcceptPolicy):
(API::HTTPCookieStore::setHTTPCookieAcceptPolicyInDefaultUIProcessCookieStore):

UIProcess/API/APIHTTPCookieStore.h:
UIProcess/API/C/WKAPICast.h:

(WebKit::toHTTPCookieAcceptPolicy):
(WebKit::toAPI):

UIProcess/API/Cocoa/APIHTTPCookieStoreCocoa.mm:

(API::toNSHTTPCookieAcceptPolicy):
(API::HTTPCookieStore::setHTTPCookieAcceptPolicyInDefaultUIProcessCookieStore):

UIProcess/API/Cocoa/WKHTTPCookieStore.mm:
UIProcess/API/Cocoa/WKProcessPool.mm:

(toHTTPCookieAcceptPolicy):

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::openNetworkProcessConnection):

UIProcess/WebCookieManagerProxy.h:
UIProcess/WebProcessPool.h:
WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::NetworkProcessConnection):
(WebKit::NetworkProcessConnection::writeBlobsToTemporaryFiles):
(WebKit::NetworkProcessConnection::cookiesEnabled):
(WebKit::NetworkProcessConnection::cookieAcceptPolicyChanged):

WebProcess/Network/NetworkProcessConnection.h:

(WebKit::NetworkProcessConnection::create):

WebProcess/Network/NetworkProcessConnection.messages.in:
WebProcess/Network/NetworkProcessConnectionInfo.h:

(WebKit::NetworkProcessConnectionInfo::encode const):
(WebKit::NetworkProcessConnectionInfo::decode):

WebProcess/WebPage/WebCookieJar.cpp:

(WebKit::WebCookieJar::cookiesEnabled const):

Return false early if the document has no frame / page (cookie-averse as per spec)
Return false early if ITP is enabled and it is a third-party iframe without storage access. This bypasses the sync IPC call completely for such iframes.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::ensureNetworkProcessConnection):

11:29 AM Changeset in webkit [254930] by Chris Dumez

2 edits in trunk/Source/WebCore

Stop doing synchronous DecidePolicyForNavigationActionSync IPCs for initially empty document loads
https://bugs.webkit.org/show_bug.cgi?id=206458

Reviewed by Alex Christensen.

Stop doing synchronous DecidePolicyForNavigationActionSync IPCs for initially empty document loads. Instead, we
now do regular asynchronous DecidePolicyForNavigationAction IPCs for such loads and we ignore the response from
the client, allowing WebCore to proceed with the load synchronously.

loader/PolicyChecker.cpp:

(WebCore::PolicyChecker::checkNavigationPolicy):

10:55 AM Changeset in webkit [254929] by Jonathan Bedard

6 edits in trunk/Tools

webkitpy: Make logging during ImageDiff crashes accurate
https://bugs.webkit.org/show_bug.cgi?id=206542

Reviewed by Aakash Jain.

When ImageDiff crashes, the generated logs are not accurate, they
reference a crash in test output when the test will actually fail
with an Image failure. The owner of a ServerProcess should be able
to customize this error message.

Scripts/webkitpy/port/image_diff.py:

(ImageDiffer._start): Pass ImageDiff specific crash message.

Scripts/webkitpy/port/port_testcase.py:

(PortTestCase.test_diff_image.make_proc): Match ImageDiff calcite.
(PortTestCase.test_diff_image_passed): Ditto.
(PortTestCase.test_diff_image_failed): Ditto.
(PortTestCase.test_diff_image_crashed.make_proc): Ditto.

Scripts/webkitpy/port/server_process.py:

(ServerProcess.init): Support a custom message when the process crashes.
(ServerProcess.write): Ditto.
(ServerProcess._wait_for_data_and_update_buffers_using_select): Ditto.
(ServerProcess.has_crashed): Ditto.

Scripts/webkitpy/port/server_process_mock.py:

(MockServerProcess.init): Match the ServerProcess constructor.

Scripts/webkitpy/port/simulator_process.py:

(SimulatorProcess.init): Support a custom message when the process crashes.

10:19 AM Changeset in webkit [254928] by Ryan Haddad

3 edits in trunk/LayoutTests

Flaky Test: svg/wicd/rightsizing-grid.xhtml
https://bugs.webkit.org/show_bug.cgi?id=203222

Unreviewed test gardening.

platform/ios/TestExpectations: Mark test as flaky.
platform/mac/TestExpectations: Ditto.

9:07 AM Changeset in webkit [254927] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC] Do not create a FormattingContext unless there's content to layout.
https://bugs.webkit.org/show_bug.cgi?id=206570
<rdar://problem/58785735>

Reviewed by Antti Koivisto.

We still construct "no-op" FormattingContexts through the computeIntrinsicWidth* codepath (see webkit.org/b/206581).

layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::FormattingContext):
(WebCore::Layout::FormattingContext::layoutOutOfFlowContent):

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutInFlowContent):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layoutInFlowContent):
(WebCore::Layout::InlineFormattingContext::layoutFormattingContextRoot):

layout/tableformatting/TableFormattingContext.cpp:

(WebCore::Layout::TableFormattingContext::layoutTableCellBox):

9:06 AM Changeset in webkit [254926] by sbarati@apple.com

8 edits in trunk/Source/JavaScriptCore

Throw away baseline code if there is an optimized replacement
https://bugs.webkit.org/show_bug.cgi?id=202503
<rdar://problem/58552041>

Reviewed by Yusuke Suzuki.

This patch's goal is to help us save JIT executable memory by throwing
away baseline code when it has an optimized replacement. To make it
easy to reason about, we do this when finalizing a GC, when the CodeBlock
is not on the stack, and when no OSR exits are linked to jump to the baseline
code. Also, as a measure to combat a performance regression, we only throw
away code on the second GC cycle in which it is eligible for this.
When we downgrade Baseline to LLInt, we also throw away all JIT data
and unlink all incoming calls.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::resetJITData):
(JSC::CodeBlock::optimizedReplacement):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::CodeBlock::tallyFrequentExitSites):

bytecode/CodeBlock.h:

(JSC::CodeBlock::setJITCode):

dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::callerReturnPC):
(JSC::DFG::adjustAndJumpToTarget):

heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::isCurrentlyExecuting):

heap/CodeBlockSet.h:
heap/Heap.cpp:

(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::runEndPhase):

8:59 AM Changeset in webkit [254925] by Matt Lewis

5 edits in trunk/Tools

Test history links on the dashboard should go to the new results database
https://bugs.webkit.org/show_bug.cgi?id=205821

Reviewed by Jonathan Bedard.

Made changes to the various locations that we use the old database in the main dashboard
and test results pages.

BuildSlaveSupport/build.webkit.org-config/public_html/TestFailures/scripts/ui.js:

(ui.urlForFlakinessDashboard):

BuildSlaveSupport/build.webkit.org-config/public_html/TestFailures/scripts/ui/results.js:

(ui.results.FlakinessData.base._handleMessage):

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitTestHistory.js:

(TestHistory):
(TestHistory.prototype.historyPageURLForTest):

BuildSlaveSupport/build.webkit.org-config/templates/root.html:

8:51 AM Changeset in webkit [254924] by Chris Dumez

2 edits in trunk/Source/WebKit

[IPC Hardening] Only process Messages::NetworkProcess messages when sent by the UIProcess
https://bugs.webkit.org/show_bug.cgi?id=206558

Unreviewed post-landing review comments from Darin Adler after r254892.

Platform/IPC/StringReference.h:

(IPC::operator==):
(IPC::operator!=):
(IPC::StringReference::Hash::equal):
(IPC::StringReference::operator==): Deleted.
(IPC::StringReference::operator!=): Deleted.

7:43 AM Changeset in webkit [254923] by Antti Koivisto

14 edits in trunk

[LFC][Integration] Disable integration to see performance impact
https://bugs.webkit.org/show_bug.cgi?id=206576
<rdar://problem/58562185>

Reviewed by Zalan Bujtas.

Source/WebCore:

Disable by default for now to get a clearer picture of the performance impact.

page/RuntimeEnabledFeatures.h:

Source/WebKit:

Shared/WebPreferences.yaml:

Tools:

DumpRenderTree/TestOptions.h:

LayoutTests:

fast/dom/Range/getBoundingClientRect-expected.txt:
platform/ios/fast/text/whitespace/pre-break-word-expected.txt:
platform/ios/fast/text/word-break-expected.txt:
platform/mac/fast/text/hyphenate-limit-lines-expected.txt:
platform/mac/fast/text/whitespace/pre-break-word-expected.txt:
platform/mac/fast/text/word-break-expected.txt:

7:40 AM Changeset in webkit [254922] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][BFC] No need to special case formatting context root layout
https://bugs.webkit.org/show_bug.cgi?id=206569
<rdar://problem/58784767>

Reviewed by Antti Koivisto.

Let's move out all the formatting context layout logic from layoutFormattingContextRoot.

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutInFlowContent):
(WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot): Deleted.

layout/blockformatting/BlockFormattingContext.h:

7:19 AM Changeset in webkit [254921] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][BFC] Move float avoider special available width handling to BlockFormattingContext::computeWidthAndMargin
https://bugs.webkit.org/show_bug.cgi?id=206567
<rdar://problem/58783979>

Reviewed by Antti Koivisto.

Now we can move the compute* functions from layoutFormattingContextRoot to the main loop in layoutInFlowContent.

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutInFlowContent):
(WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot):
(WebCore::Layout::BlockFormattingContext::computeWidthAndMargin):

layout/blockformatting/BlockFormattingContext.h:

6:48 AM Changeset in webkit [254920] by commit-queue@webkit.org

2 edits
1 delete in trunk/LayoutTests/imported/w3c

Fix fetch/api/policies/referrer-origin-worker.html

https://bugs.webkit.org/show_bug.cgi?id=206520

Patch by Rob Buis <rbuis@igalia.com> on 2020-01-22
Reviewed by Youenn Fablet.

Revert, it was the wrong way to fix this

web-platform-tests/fetch/api/policies/referrer-origin-worker-expected.txt:
web-platform-tests/fetch/api/policies/referrer-origin-worker.html.headers: Removed.

6:26 AM Changeset in webkit [254919] by youenn@apple.com

12 edits in trunk

Add logging of the source of a response used to respond a fetch event
https://bugs.webkit.org/show_bug.cgi?id=206426

Reviewed by Darin Adler.

Source/WebCore:

Add a DOMCache response source value.
This is set on responses created by DOMCache.
Update code that checks the source to handle this new value similary to ApplicationCache.
No change of behavior.

Add an internal test to verify a fetch response grabbed from DOM cache has the right source.

Modules/cache/DOMCache.cpp:

(WebCore::DOMCache::updateRecords):

inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::responseSource):

loader/ResourceLoader.cpp:

(WebCore::logResourceResponseSource):

platform/network/ResourceResponseBase.h:
testing/Internals.cpp:

(WebCore::responseSourceToString):

workers/service/context/ServiceWorkerFetch.cpp:

(WebCore::ServiceWorkerFetch::processResponse):
Remove setting of the source to service worker, this is done in NetworkProcess
just before sending the response to the WebProcess.

Source/WebKit:

NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:

(WebKit::ServiceWorkerFetchTask::didReceiveResponse):
Log the source of the response.

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::havePerformedSecurityChecks const):
Add case of DOMCache, similar to ServiceWorker.

LayoutTests:

http/wpt/cache-storage/cache-put-keys.https.any.js:

(cache_test):

6:08 AM Changeset in webkit [254918] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Unreviewed. Fix non-unified build

runtime/NativeErrorConstructor.h: Add missing inclusion of JSGlobalObject.h.

6:08 AM Changeset in webkit [254917] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merged r254637 - Offlineasm warnings with newer Ruby versions
https://bugs.webkit.org/show_bug.cgi?id=206233

Reviewed by Yusuke Suzuki.

Avoid a warning about using Object#=~ on Annotation instances, which
has been deprecated in Ruby 2.7.

offlineasm/parser.rb: Swap checks to prevent applying the =~ operator

to Annotation instances, which do not define it.

5:15 AM Changeset in webkit [254916] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

REGRESSION (r254893): Apple Win 10 Debug build failure

Introduced by:

Make RenderingMode and AlphaPremultiplication enum classes and move them to separate headers
https://bugs.webkit.org/show_bug.cgi?id=206516

platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::ImageBuffer): Use RenderingMode::Unaccelerated.

3:21 AM Changeset in webkit [254915] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.26.3

WebKitGTK 2.26.3

3:21 AM Changeset in webkit [254914] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.26

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.26.3 release

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

gtk/NEWS: Add release notes for 2.26.3.

2:42 AM Changeset in webkit [254913] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.26/LayoutTests

Merge r254185 - [GTK] fast/text/atsui-rtl-override-selection.html is failing since r254114
https://bugs.webkit.org/show_bug.cgi?id=205898

Unreviewed test gardening.

Patch by Fujii Hironori <fujii.hironori@gmail.com> on 2020-01-07

platform/gtk/fast/text/atsui-rtl-override-selection-expected.png:
platform/gtk/fast/text/atsui-rtl-override-selection-expected.txt:

2:42 AM Changeset in webkit [254912] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r254114 - ComplexTextController::offsetForPosition returns a wrong offset for a glyph boundary in a RTL text
https://bugs.webkit.org/show_bug.cgi?id=205486

Reviewed by Ross Kirsling.

Source/WebCore:

ComplexTextController::offsetForPosition had the following code:

unsigned hitIndex = hitGlyphStart + (hitGlyphEnd - hitGlyphStart) * (m_run.ltr() ? x / adjustedAdvance : 1 - x / adjustedAdvance);

If m_run.ltr() was false and x == 0, hitIndex would become hitGlyphEnd.
This is not expected. It expects hitIndex < hitGlyphEnd if hitGlyphStart ≠ hitGlyphEnd.
Let hitIndex be hitGlyphStart-1 in the such condition.

Above change makes fast/text/ellipsis-text-rtl.html starting to
fail because offsetForPosition returns the character offset of the
next glyph if the argument 'h' is in a glyph boundary. In RTL
text, offsetForPosition should return a character offset of the
previous glyph in case of a glyph boundary. Use '<=' instead of '<'
for RTL text in order to select previous glyphs for glyph
boundaries.

Test: fast/dom/Document/CaretRangeFromPoint/rtl.html

platform/graphics/ComplexTextController.cpp:

(WebCore::ComplexTextController::offsetForPosition): Compute correct hitGlyphEnd for RTL.

LayoutTests:

fast/dom/Document/CaretRangeFromPoint/rtl-expected.txt: Added.
fast/dom/Document/CaretRangeFromPoint/rtl.html: Added.
platform/gtk/TestExpectations: Unmarked imported/blink/editing/selection/offset-from-point-complex-scripts.html.

2:42 AM Changeset in webkit [254911] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.26

Merge r254190 - [HarfBuzz][GTK] fast/text/complex-first-glyph-with-initial-advance.html is failing
https://bugs.webkit.org/show_bug.cgi?id=118221

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Arabic diacritics made glyphs vertically unaligned if the first
glyph had a vertical offset.

The initial advance should be same with the first glyph origin for
HarfBuzz. See the diagram in ComplexTextController.h for details.
<https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/platform/graphics/ComplexTextController.h?rev=224007#L109>

drawGlyphs of Cairo port was assuming upward y-axis for glyph
advances even though those of Mac and AppleWin port are assuming
downward y-axis. This is a problem for Windows ports because
AppleWin and WinCairo port are sharing the code calculating
advances.

Covered by existing tests.

platform/graphics/cairo/FontCairo.cpp:

(WebCore::FontCascade::drawGlyphs):

platform/graphics/cairo/GraphicsContextImplCairo.cpp:

(WebCore::GraphicsContextImplCairo::drawGlyphs):
Sum up the height of advances into yOffset instead of subtraction.

platform/graphics/harfbuzz/ComplexTextControllerHarfBuzz.cpp:

(WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
Don't negate offsetY. Set m_initialAdvance as the first item of
m_glyphOrigins.

LayoutTests:

platform/gtk/TestExpectations: Unmarked

fast/text/complex-first-glyph-with-initial-advance.html and
fast/text/initial-advance-in-intermediate-run-complex.html.

platform/wincairo/TestExpectations: Unmarked

fast/text/complex-first-glyph-with-initial-advance.html and
fast/text/complex-initial-advance.html.

2:42 AM Changeset in webkit [254910] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r253470 - [HarfBuzz] WebKitWebProcess crashes when displaying a KaTeX formula
https://bugs.webkit.org/show_bug.cgi?id=204689

Reviewed by Carlos Alberto Lopez Perez.

We are creating and caching an hb_font_t for the given FontPlatformData's FT_Face, but the face is not
referenced so it is destroyed eventually while the hb_font_t is still alive. We need to keep a reference of the
FT_Face while the hb_font_t is alive.

platform/graphics/freetype/FontPlatformDataFreeType.cpp:

(WebCore::FontPlatformData::createOpenTypeMathHarfBuzzFont const): Create the hb_face_t with
hb_ft_face_create_referenced() instead of hb_ft_face_create_cached().

2:42 AM Changeset in webkit [254909] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Merge r254119 - [SOUP] HSTS Support causes page loading to fail with "Operation was cancelled"
https://bugs.webkit.org/show_bug.cgi?id=203620

Reviewed by Michael Catanzaro.

The problem is that we are assuming that request cancellation happens synchronously, but it can happen that the
async ready callback for the previous request is called after the new one has started.

NetworkProcess/soup/NetworkDataTaskSoup.cpp:

(WebKit::NetworkDataTaskSoup::sendRequestCallback): Return early if this is a previous request already cancelled.

2:26 AM Changeset in webkit [254908] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r251957 - SVG pair properties must be detached from their owner before it's deleted
https://bugs.webkit.org/show_bug.cgi?id=203545

Reviewed by Simon Fraser.

Source/WebCore:

SVGAnimatedPropertyPairAccessor needs to override its detach() method so
each of its pair properties detaches itself from the owner.
SVGPointerMemberAccessor does the same thing but for a single property
which covers all the list properties as well.

Test: svg/custom/pair-properties-detach.html

svg/properties/SVGAnimatedPropertyPairAccessor.h:

LayoutTests:

svg/custom/pair-properties-detach-expected.txt: Added.
svg/custom/pair-properties-detach.html: Added.

2:26 AM Changeset in webkit [254907] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r250929 - RunResolver::rangeForRendererWithOffsets should check for range end
https://bugs.webkit.org/show_bug.cgi?id=202761
<rdar://problem/55917924>

Reviewed by Antti Koivisto.

Source/WebCore:

This patch ensures that when rangeForRenderer comes back with a collapsed run (empty range), rangeForRendererWithOffsets returns an empty range as well.

Test: fast/text/simple-line-layout-range-check-end.html

rendering/SimpleLineLayoutResolver.cpp:

(WebCore::SimpleLineLayout::RunResolver::rangeForRendererWithOffsets const):

LayoutTests:

fast/text/simple-line-layout-range-check-end-expected.txt: Added.
fast/text/simple-line-layout-range-check-end.html: Added.

2:26 AM Changeset in webkit [254906] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r250585 - ObjectAllocationSinkingPhase shouldn't insert hints for allocations which are no longer valid
https://bugs.webkit.org/show_bug.cgi?id=199361
<rdar://problem/52454940>

Reviewed by Yusuke Suzuki.

JSTests:

stress/allocation-sinking-hints-are-valid-ssa-2.js: Added.

(main.fn):
(main.executor):
(main):

stress/allocation-sinking-hints-are-valid-ssa.js: Added.

(main.fn):
(main.executor):
(main):

Source/JavaScriptCore:

In a prior fix to the object allocation sinking phase, I added code where we
made sure to insert PutHints over Phis for fields of an object at control flow
merge points. However, that code didn't consider that the base of the PutHint
may no longer be a valid heap location. This could cause us to emit invalid
SSA code by referring to a node which does not dominate the PutHint location.
This patch fixes the bug to only emit the PutHints when valid.

This patch also makes it so that DFGValidate actually validates that the graph
is in valid SSA form. E.g, any use of a node N must be dominated by N.

dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGValidate.cpp:

2:19 AM WebKitGTK/2.26.x edited by Carlos Garcia Campos

(diff)

2:19 AM Changeset in webkit [254905] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r252398 - [GStreamer] Several issues while trying to play a video on NextCloud
https://bugs.webkit.org/show_bug.cgi?id=203194

Reviewed by Philippe Normand.

First problem was the loader not being restarted in PAUSED, so
sometimes playback never started since buffering never reached
100%.

Then, after investigating blocksizes and not being a viable
solution, reducing the 200_ms to 100_ms wait for new data was the
trick to avoid choppyness.

During investigation several issues were fixed like turning
GstQuery* into GRefPtr for MediaPlayerPrivateGStreamer::buffered,
making blocksize unsigned instead of uint64_t as it is in
GStreamer and creating and using WEBKIT_WEB_SRC_CAST since many
uses of WEBKIT_WEB_SRC cast were already protected by
WEBKIT_IS_WEB_SRC.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::buffered const): GRefPtr<GstQuery>.
(WebCore::MediaPlayerPrivateGStreamer::handleMessage):
(WebCore::MediaPlayerPrivateGStreamer::sourceSetup):
(WebCore::MediaPlayerPrivateGStreamer::didPassCORSAccessCheck const):
Use WEBKIT_WEB_SRC_CAST.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcCreate): Reduce wait for data down to 100_ms and
request download restart also in PAUSED.
(CachedResourceStreamingClient::checkUpdateBlocksize): Turn
blocksize to unsigned.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Add

WEBKIT_WEB_SRC_CAST.

2:19 AM Changeset in webkit [254904] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r253284 - [GStreamer] Crashes in MediaPlayerPrivateGStreamer::ensureGstGLContext
https://bugs.webkit.org/show_bug.cgi?id=204848

Reviewed by Michael Catanzaro.

Make sure the GL video sink uses a valid WebKit shared GL context.

platform/graphics/gstreamer/GLVideoSinkGStreamer.cpp:

(ensureGstGLContext):
(webKitGLVideoSinkProbePlatform):

2:19 AM Changeset in webkit [254903] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r251680 - Hidden framesets should provide default edgeInfo value
https://bugs.webkit.org/show_bug.cgi?id=203506
<rdar://problem/56233726>

Reviewed by Simon Fraser.

Source/WebCore:

The grid information (and certain associated structures e.g. edegeInfo) for a frameset is updated through the layout() call.
When the used height/width computes to zero on a frameset child (frame or nested frameset), we don't run layout on the renderer thus
hidden nested framesets can only provide the default edge info.
This patch changes this behaviour and we now call layout on those hidden renderers the same way we do it on iOS.

Test: fast/frames/hidden-frameset.html