Timeline

View changes from
going back days
by author

Repository changesets Wiki changes

Apr 11, 2021:

11:02 PM Changeset in webkit [275814] by commit-queue@webkit.org

• 4 edits in trunk/Tools

Unreviewed, reverting r275801.
​https://bugs.webkit.org/show_bug.cgi?id=224423

run-jsc-stress-tests output includes a lot of texts

Reverted changeset:

"[JSC] detect infrastructure failure for remote stress tests"
​https://bugs.webkit.org/show_bug.cgi?id=222601
​https://trac.webkit.org/changeset/275801

8:02 PM Changeset in webkit [275813] by Ruben Turcios

• 8 edits in trunk/Source

Versioning.

WebKit-7612.1.12

8:00 PM Changeset in webkit [275812] by Ruben Turcios

• 1 copy in branches/safari-612.1.11-branch

New branch.

3:53 PM Changeset in webkit [275811] by Cameron McCormack

• 4 edits
  4 adds in trunk

Fix initial horizontal scrollbar position when vertical scrollbar is on the left.
​https://bugs.webkit.org/show_bug.cgi?id=224409

Reviewed by Darin Adler.

Source/WebCore:

Scrollable elements that place their vertical scrollbar on the left
(e.g. when they're direction: rtl or when the OS language is RTL and
the relevant setting to always follow OS scrollbar side is used) have
an incorrect scroll origin, which leads to creating a horizontal
scrollbar with an incorrect initial offset. This is because
RenderLayerScrollableArea::computeScrollDimensions runs prior to the
scrollbars being created. So whenever we start or stop having a
(non-overlay) vertical scrollbar on the left, we need to recompute
the scroll origin and fix up the horizontal scrollbar's offset.

Tests: fast/scrolling/rtl-scrollbars-initial-position-dynamic.html

fast/scrolling/rtl-scrollbars-initial-position.html

• rendering/RenderLayerScrollableArea.cpp:

(WebCore::RenderLayerScrollableArea::computeScrollDimensions):
(WebCore::RenderLayerScrollableArea::computeScrollOrigin): Split this
out of computeScrollDimensions so we can call it from
updateScrollbarsAfterLayout and updateScrollbarsAfterStyleChange, and
have it ask the horizontal scrollbar to update its offset. We could
condition this on the scroll origin actually having changed, but
that's going to be a similar check that Scrollbar::offsetDidChange
does to ensure the offset value did indeed change. We don't want to
condition this on shouldPlaceBlockDirectionScrollbarOnLeft(), since
that's dependent on the current style, and we may be reacting to a
style change removed the vertical scrollbar on the left.
(WebCore::RenderLayerScrollableArea::updateScrollbarsAfterLayout):
(WebCore::RenderLayerScrollableArea::updateScrollbarsAfterStyleChange):

• rendering/RenderLayerScrollableArea.h:

LayoutTests:

• fast/scrolling/rtl-scrollbars-initial-position-dynamic-expected.html: Added.
• fast/scrolling/rtl-scrollbars-initial-position-dynamic.html: Added.
• fast/scrolling/rtl-scrollbars-initial-position-expected.html: Added.
• fast/scrolling/rtl-scrollbars-initial-position.html: Added.

1:11 PM Changeset in webkit [275810] by weinig@apple.com

• 16 edits in trunk

Simplify WebKitTestRunner preference reset to be more like DRT
​https://bugs.webkit.org/show_bug.cgi?id=224410

Reviewed by Darin Adler.

Source/WebKit:

Add WKPreferencesStartBatchingUpdates/WKPreferencesEndBatchingUpdates
to support batching preferences updates by clients.

• UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesStartBatchingUpdates):
(WKPreferencesEndBatchingUpdates):

• UIProcess/API/C/WKPreferencesRefPrivate.h:
• UIProcess/WebPreferences.h:

Tools:

• Use boolWebPreferenceFeatures consistently for accessibilityIsolatedTreeMode
• Adopt new WKPreferencesStartBatchingUpdates/WKPreferencesEndBatchingUpdates to ensure all preferences updates are batched.
• Move all preference overrides that can be moved (two still require some specialized handling for now) to TestOptions defaults.
• Remove now unnecessary platformResetPreferencesToConsistentValues() platform configuration point.

• WebKitTestRunner/Options.cpp:

(WTR::handleOptionAccessibilityIsolatedTreeMode):

• WebKitTestRunner/Options.h:
• WebKitTestRunner/TestController.cpp:

(WTR::TestController::initialize):
(WTR::batchUpdatePreferences):
(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::TestController::resetStateToConsistentValues):

• WebKitTestRunner/TestController.h:

(WTR::TestController::accessibilityIsolatedTreeMode const): Deleted.

• WebKitTestRunner/TestOptions.cpp:

(WTR::TestOptions::defaults):

• WebKitTestRunner/TestOptions.h:

(WTR::TestOptions::accessibilityIsolatedTreeMode const):

• WebKitTestRunner/gtk/TestControllerGtk.cpp:

(WTR::TestController::platformResetStateToConsistentValues):
(WTR::TestController::platformResetPreferencesToConsistentValues): Deleted.

• WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::platformResetStateToConsistentValues):
(WTR::TestController::platformResetPreferencesToConsistentValues): Deleted.

• WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::platformResetPreferencesToConsistentValues): Deleted.

• WebKitTestRunner/win/TestControllerWin.cpp:

(WTR::TestController::platformResetPreferencesToConsistentValues): Deleted.

• WebKitTestRunner/wpe/TestControllerWPE.cpp:

(WTR::TestController::platformResetPreferencesToConsistentValues): Deleted.

12:33 PM Changeset in webkit [275809] by Darin Adler

• 3 edits in trunk/Source/WebCore

[Mac] Add a missing null check to slider thumb focus rendering
​https://bugs.webkit.org/show_bug.cgi?id=224418
rdar://76450584

Reviewed by Sam Weinig.

• rendering/RenderThemeMac.h: Changed updateFocusedState to take a pointer.
• rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateFocusedState): Check pointer for null. This was the
missing null check.
(WebCore::RenderThemeMac::paintSliderThumb): Pass delegate pointer instead of reference.
Also made sure we always update the focused state. Old code took the approach of just not
updating focus state when it encountered null for the focus delegate, but that's not a
good strategy. In future we may also want to change the focusDelegate function signature
to make it clear it will never return null, but that's not critical right now.
(WebCore::RenderThemeMac::setSearchCellState): Update since updateFocusedState now
takes a pointer.

10:06 AM Changeset in webkit [275808] by weinig@apple.com

• 26 edits
  2 moves
  1 add
  1 delete in trunk

Reduce compile time and binary size cost of enabling proper CSSStyleDeclaration property access behavior
​https://bugs.webkit.org/show_bug.cgi?id=222518
<rdar://problem/75136887>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

• web-platform-tests/css/cssom/cssstyledeclaration-properties-expected.txt:

Update test result now that it is passing.

Source/WebCore:

Re-implement proper (not using named-getters) support for the CSSStyleDeclaration bindings
using a new DelegateToSharedSyntheticAttribute extended atttribute which allows IDL attributes
to share a custom getter / setter implementation and delegate their implementation to it. When
using this functionality, the synthetic attribute's implementation is passed the original property
name so it can implement functionality based on it.

We use this for CSSStyleDeclaration by breaking the huge list of generated properties into
four groups, each with their own synthetic attribute. The groups are based on the different
transformation rules in the spec.

• bindings/js/JSDOMAttribute.h:

(WebCore::IDLAttribute::setPassingPropertyName):
(WebCore::IDLAttribute::getPassingPropertyName):
Add overloads of get/set that pass the property name to the provided function. These can't
be simple overloads of get/set as MSVC does not allow overloading with only a non-type
template parameters differentiating.

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateInterface):
Eagerly generate the any synthetic attributes before the rest of code generation,
matching the behavior of other synthetic constructions like map/set/stringifiers.

(GetAttributeGetterName):
(GetAttributeSetterName):
Add special cases to getter/setter name generation to forward to the generated
name of the synthetic attribute when delegating.

(GenerateImplementation):
Extract attribute function forward declaration genation into a new GenerateAttributeGetterAndSetterDeclaration
subroutine and use it for generation of both normal and synthetic attributes. Also adds
synthetic attributes to the list of attributes to generate function implementations for.

(GenerateAttributeGetterAndSetterDeclaration):
Extracted from GenerateImplementation. Adds extra condition to bail if DelegateToSharedSyntheticAttribute
is specified.

(GenerateAttributeGetterBodyDefinition):
Add support for the new CallWith=PropertyName extended attribute by adding a PropertyName
argument to the signature of getter body if it is present. Removes now unnecessary support
for the CSSProperty extended attribute.

(GenerateAttributeGetterTrampolineDefinition):
Switch function name from get to getPassingPropertyName if CallWith=PropertyName is specified.

(GenerateAttributeGetterDefinition):
Adds extra condition to bail if DelegateToSharedSyntheticAttribute is specified.

(GenerateAttributeSetterBodyDefinition):
Add support for the new CallWith=PropertyName extended attribute by adding a PropertyName
argument to the signature of getter body if it is present. Removes now unnecessary support
for the CSSProperty extended attribute.

(GenerateAttributeSetterTrampolineDefinition):
Switch function name from get to getPassingPropertyName if CallWith=PropertyName is specified.

(GenerateAttributeSetterDefinition):
Adds extra condition to bail if DelegateToSharedSyntheticAttribute is specified.

(GenerateCallWith):
Add support for the PropertyName value to CallWith.

(MakeSharedSyntheticAttribute):
Helper to generate the synthetic attribute from the base attribute with DelegateToSharedSyntheticAttribute
specefied. Maintains all existing extended attributes of the base attribute except
DelegateToSharedSyntheticAttribute is replaced with IsSharedSyntheticAttribute to avoid
infinite recursion.

(AddSharedSyntheticAttributesIfNeeded):
Helper to find all delegating attributes and generate / store the synthetic attributes.

(GetSharedSyntheticAttribute):
Helper to get the corresponding synthetic attribute given an attribute with
DelegateToSharedSyntheticAttribute specified on it.

• bindings/scripts/IDLAttributes.json:

Removes CSSProperty. Adds DelegateToSharedSyntheticAttribute. Adds PropertyName value to
CallWith and SetterCallWith.

• css/CSSStyleDeclaration.cpp:

(WebCore::lookupCSSPropertyFromIDLAttribute):
(WebCore::CSSStyleDeclaration::propertyValueForCamelCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::setPropertyValueForCamelCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::propertyValueForWebKitCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::setPropertyValueForWebKitCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::propertyValueForDashedIDLAttribute):
(WebCore::CSSStyleDeclaration::setPropertyValueForDashedIDLAttribute):
(WebCore::CSSStyleDeclaration::propertyValueForEpubCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::setPropertyValueForEpubCasedIDLAttribute):
(WebCore::CSSStyleDeclaration::namedItem): Deleted.
(WebCore::CSSStyleDeclaration::setNamedItem): Deleted.
(WebCore::CSSStyleDeclaration::supportedPropertyNames const): Deleted.

• css/CSSStyleDeclaration.h:

Replace named-getter based implementation with helpers based on the definitions
in the CSSOM spec (plus one special set for 'epub' specializations we currently
maintain).

• css/CSSStyleDeclaration.idl:

Remove !ENABLE_ATTRIBUTE_BASED_PROPERTIES_FOR_CSS_STYLE_DECLARATION sections now that
we can fully support ENABLE_ATTRIBUTE_BASED_PROPERTIES_FOR_CSS_STYLE_DECLARATION.

• css/makeprop.pl:

Remove !ENABLE_ATTRIBUTE_BASED_PROPERTIES_FOR_CSS_STYLE_DECLARATION sections now that
we can fully support ENABLE_ATTRIBUTE_BASED_PROPERTIES_FOR_CSS_STYLE_DECLARATION.
Replaces CSSProperty extended attributes with DelegateToSharedSyntheticAttribute and
CallWith=PropertyName, which together allow us to implement all the attributes with just
8 implementation functions.

• bindings/scripts/test/BindingTestGlobalConstructors.idl:
• bindings/scripts/test/JS/JSTestCSSProperty.cpp: Removed.
• bindings/scripts/test/JS/JSTestCSSProperty.h: Removed.
• bindings/scripts/test/JS/JSTestDelegateToSharedSyntheticAttribute.cpp: Added.
• bindings/scripts/test/JS/JSTestDelegateToSharedSyntheticAttribute.h: Added.
• bindings/scripts/test/JS/JSTestGlobalObject.cpp:
• bindings/scripts/test/SupplementalDependencies.dep:
• bindings/scripts/test/TestCSSProperty.idl: Removed.
• bindings/scripts/test/TestDelegateToSharedSyntheticAttribute.idl: Added.

Replace CSSProperty tests with DelegateToSharedSyntheticAttribute tests and update results
all around for new generation.

Source/WTF:

• wtf/PlatformEnable.h:

Remove ENABLE_ATTRIBUTE_BASED_PROPERTIES_FOR_CSS_STYLE_DECLARATION, as it is now the default and on everwhere.

LayoutTests:

• fast/css/style-enumerate-properties-expected.txt:
• fast/css/style-enumerate-properties.html:
• fast/dom/domListEnumeration-expected.txt:
• fast/dom/domListEnumeration.html:

Remove existing tests for iteration order, which is not standardized, and not consistent among
browsers. Adds a new one that checks invariants of the 4 groupings of properties which we currently
expect to hold, at least in our implementation.

• fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor-expected.txt:
• fast/dom/CSSStyleDeclaration/cssstyledeclaration-properties-descriptor.html:

Update now that the properties are proper attributes on the prototype.

• js/dom/put-override-should-not-use-ic.html:

Switch to using a DOMStringList as the object that overrides put, since CSSStyleDeclaration no longer does.

• transitions/transitions-parsing-expected.txt:
• transitions/transitions-parsing.html:

Remove Object.keys() aspect of the test, which is no longer meaningful since the
properties should no longer exist in the result set.

7:35 AM Changeset in webkit [275807] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Store InputType in a Ref before calling setValueAsDecimal
​https://bugs.webkit.org/show_bug.cgi?id=223535

Patch by Rob Buis <​rbuis@igalia.com> on 2021-04-11
Reviewed by Ryosuke Niwa.

Store InputType in a Ref before calling setValueAsDecimal.

• html/InputType.cpp:

(WebCore::InputType::applyStep):

5:04 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

Apr 10, 2021:

7:57 PM Changeset in webkit [275806] by achristensen@apple.com

• 10 edits in trunk/Source/WebKit

Use WeakHashSet<WebProcessProxy> instead of HashSet<WebProcessProxy*>
​https://bugs.webkit.org/show_bug.cgi?id=224393

Reviewed by Chris Dumez.

• UIProcess/Cocoa/WebProcessProxyCocoa.mm:

(WebKit::WebProcessProxy::requestHighPerformanceGPU):
(WebKit::WebProcessProxy::releaseHighPerformanceGPU):

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::~WebProcessPool):
(WebKit::WebProcessPool::enableProcessTermination):
(WebKit::WebProcessPool::shouldTerminate):
(WebKit::WebProcessPool::disconnectProcess):
(WebKit::WebProcessPool::startedUsingGamepads):
(WebKit::WebProcessPool::stoppedUsingGamepads):
(WebKit::WebProcessPool::processStoppedUsingGamepads):
(WebKit::WebProcessPool::gamepadConnected):
(WebKit::WebProcessPool::gamepadDisconnected):

• UIProcess/WebProcessPool.h:
• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::~WebProcessProxy):
(WebKit::WebProcessProxy::shutDown):
(WebKit::WebProcessProxy::maybeShutDown):
(WebKit::WebProcessProxy::canTerminateAuxiliaryProcess):

• UIProcess/mac/HighPerformanceGPUManager.mm:

(WebKit::HighPerformanceGPUManager::addProcessRequiringHighPerformance):
(WebKit::HighPerformanceGPUManager::removeProcessRequiringHighPerformance):
(WebKit::HighPerformanceGPUManager::updateState):

5:48 PM Changeset in webkit [275805] by Chris Dumez

• 8 edits in trunk/Source/WebKit

Crash under WebProcessProxy::shouldSendPendingMessage()
​https://bugs.webkit.org/show_bug.cgi?id=224377
<rdar://75329251>

Reviewed by David Kilzer.

We are crashing with a null-dereference of pendingMessage.encoder inside WebProcessProxy::shouldSendPendingMessage().
However, pendingMessage.encoder is a UniqueRef<> and thus cannot be null. Also, we know that the WebProcessProxy
is alive because WebProcessProxy::didFinishLaunching() has a protector.

One thing that I believe could theoretically happen and would not be safe though is AuxiliaryProcessProxy::sendMessage()
being called on a non-main thread. Sending IPC off the main thread is safe in general and something we commonly do with
an IPC::Connection. To make this safe, IPC::Connection uses a Lock to protect its vector of messages. However, sending
IPC via an AuxiliaryProcessProxy is currently not thread safe as it relies on the process state (which gets updated on
the main thread) and access to the m_pendingMessages is not synchronized.

As a speculative fix, I have added logic in AuxiliaryProcessProxy::sendMessage() to dispatch to the main thread if
we're not already on it. I have also used WTF::DestructionThread::MainRunLoop to make sure all AuxiliaryProcessProxy
objects get destroyed on the main thread.

In a follow-up, I am planning to add a release assertion in AuxiliaryProcessProxy::sendMessage() to make sure we're
on a main thread. We'll then be able to drop the "dispatching the main thread" logic. For now though, I think we
should start with the "dispatch to main thread" logic, so that we have a patch that we can cherry-pick to a branch.

• UIProcess/AuxiliaryProcessProxy.cpp:

(WebKit::AuxiliaryProcessProxy::sendMessage):
(WebKit::AuxiliaryProcessProxy::didFinishLaunching):
(WebKit::AuxiliaryProcessProxy::replyToPendingMessages):

• UIProcess/AuxiliaryProcessProxy.h:
• UIProcess/GPU/GPUProcessProxy.h:
• UIProcess/Network/NetworkProcessProxy.h:
• UIProcess/Plugins/PluginProcessProxy.h:
• UIProcess/WebAuthentication/WebAuthnProcessProxy.cpp:

(WebKit::WebAuthnProcessProxy::singleton):

• UIProcess/WebProcessProxy.h:

3:41 PM Changeset in webkit [275804] by Chris Dumez

• 3 edits
  2 adds in trunk

Regression(r275668) Potential null pointer deref in AudioParam::exponentialRampToValueAtTime(float, double)
​https://bugs.webkit.org/show_bug.cgi?id=224400
<rdar://76450376>

Reviewed by Ryosuke Niwa.

Source/WebCore:

In r275668, I added null-checks for the AudioContext in AudioParam, now that it holds a WeakPtr to its
context. However, I missed a null-check in AudioParam::exponentialRampToValueAtTime(). This patch adds
the missing check.

Test: webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html

• Modules/webaudio/AudioParam.cpp:

LayoutTests:

Add layout test coverage.

• webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash-expected.txt: Added.
• webaudio/AudioParam/audioparam-exponentialRampToValueAtTime-nocontext-crash.html: Added.

3:37 PM Changeset in webkit [275803] by Chris Dumez

• 4 edits in trunk/LayoutTests

[ macOS ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-analysernode-interface/realtimeanalyser-fft-scaling.html is a flakey text failure
​https://bugs.webkit.org/show_bug.cgi?id=223966
<rdar://problem/76028345>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update test as per:

• ​https://github.com/web-platform-tests/wpt/pull/28428

Make sure subtests are run one after another, not in parallel, so that PASS lines are printed out in a
consistent order.

• web-platform-tests/webaudio/the-audio-api/the-analysernode-interface/realtimeanalyser-fft-scaling.html:

LayoutTests:

Unskip test that should no longer be flaky.

• platform/mac/TestExpectations:

3:02 PM Changeset in webkit [275802] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit

Properly use CompletionHandler when USE_OPENGL_OR_ES is set to OFF
​https://bugs.webkit.org/show_bug.cgi?id=224149

Patch by Charlène Wendling <​julianaito@posteo.jp> on 2021-04-10
Reviewed by Fujii Hironori.

• WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.h:

(WebKit::LayerTreeHost::forceRepaintAsync):

1:14 PM Changeset in webkit [275801] by Angelos Oikonomopoulos

• 4 edits in trunk/Tools

[JSC] detect infrastructure failure for remote stress tests
​https://bugs.webkit.org/show_bug.cgi?id=222601

Reviewed by Yusuke Suzuki.

run-jsc-stress-tests currently detects failures by the absence of
a failure file (that is generated by each failing test). This is
fragile to begin with, as it assumes that tests that fail to run
(e.g. because of an error in the runner script) are successful by
default.

However, the main motivation for this patch is to make execution
more robust when using remote hosts. Currently,
--gnu-parallel-runner will transparently reschedule jobs on a
different host when a remote host goes away. But detectFailures
expects to be able to connect to all hosts and fetch the failure
files, which fails if a remote host is still down when the run
finishes.

Instead, this patch changes the runners to always generate a status
file with the exit code. detectFailures then fetches all status
files from all hosts that are live on exit. Tests that failed to
run are explicitly accounted for as 'noreport' and are set to
ERROR in the final report.

• Scripts/run-javascriptcore-tests:

(runJSCStressTests):

• Scripts/run-jsc-stress-tests:
• Scripts/webkitruby/jsc-stress-test-writer-default.rb:

12:00 PM Changeset in webkit [275800] by ysuzuki@apple.com

• 9 edits in trunk/Source/JavaScriptCore

[JSC] B3 reduce-double-to-float should reduce only when constant double is canonical one to reduced float value
​https://bugs.webkit.org/show_bug.cgi?id=224403
<rdar://problem/76259599>

Reviewed by Mark Lam.

When reducing double-constant value to float in B3, we should check whether the double value is a canonical one
which can be converted back from the reduced float value. For example, double 1.1 is not the one since it is truncated
into float 1.1 by removing some bits.

static_cast<double>(static_cast<float>(1.1)) != 1.1

Reducing such a double to float changes the semantics.

• b3/B3ConstDoubleValue.cpp:

(JSC::B3::ConstDoubleValue::dumpMeta const):

• b3/B3ConstFloatValue.cpp:

(JSC::B3::ConstFloatValue::dumpMeta const):

• b3/B3ReduceDoubleToFloat.cpp:
• b3/B3ReduceStrength.cpp:
• b3/testb3.h:

(populateWithInterestingValues):

• b3/testb3_1.cpp:

(run):

• b3/testb3_3.cpp:

(testConvertDoubleToFloatToDouble):
(testConvertDoubleToFloatEqual):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::JSC_DEFINE_JIT_OPERATION_WITH_ATTRIBUTES):
(JSC::FTL::DFG::LowerDFGToB3::crash):
(JSC::FTL::DFG::ftlUnreachable): Deleted.

10:56 AM Changeset in webkit [275799] by sihui_liu@apple.com

• 8 edits in trunk/Source/WebKit

Unreviewed, reverting r275794, r275784, r275779

r275779 caused bots to crash and r275794, r275784 didn't fully fix it; reverting the patches to investigate.

Reverted changeset:

"Create WebIDBServer only when it is needed"
​https://bugs.webkit.org/show_bug.cgi?id=224305
​https://commits.webkit.org/r275779

10:11 AM Changeset in webkit [275798] by Chris Dumez

• 13 edits
  1 add in trunk

[ macOS ] 3 webaudio/OfflineAudioContext/ layout-tests are flakey text failures
​https://bugs.webkit.org/show_bug.cgi?id=224387
<rdar://problem/76468058>

Reviewed by Eric Carlson.

Source/WebCore:

Replace internals.numberOfBaseAudioContexts() test infrastructure with
internals.baseAudioContextIdentifier() & internals.isBaseAudioContextAlive().
This allows tests to check if specific BaseAudioContext instances created by the
tests are actually alive. As a result, the tests are no longer impacted by tests
running before them (and potentially leaking, see Bug 224399) or in parallel to
them in the same process.

This is the same approach we used for leak testing Documents (internals.documentIdentifier()
& internals.isDocumentAlive()).

• Modules/webaudio/BaseAudioContext.cpp:

(WebCore::generateAudioContextID):
(WebCore::liveAudioContexts):
(WebCore::BaseAudioContext::BaseAudioContext):
(WebCore::BaseAudioContext::~BaseAudioContext):
(WebCore::BaseAudioContext::isContextAlive):

• Modules/webaudio/BaseAudioContext.h:

(WebCore::BaseAudioContext::contextID const):

• testing/Internals.cpp:

(WebCore::Internals::countMatchesForText):
(WebCore::Internals::baseAudioContextIdentifier):
(WebCore::Internals::isBaseAudioContextAlive):

• testing/Internals.h:
• testing/Internals.idl:

LayoutTests:

Update OfflineAudioContext leak tests to use the new test infrastructure. They are no longer impacted
by tests running before them or in parallel to them.

• webaudio/OfflineAudioContext/offlineaudiocontext-leak-after-rendering-expected.txt:
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-after-rendering.html:
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-expected.txt:
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-while-suspended-expected.txt:
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-while-suspended.html:
• webaudio/OfflineAudioContext/offlineaudiocontext-leak.html:
• webaudio/resources/audiocontext-leak-test.js: Added.

(didGCAtLeastOneContext):
(gcAndCheckForContextLeaks):

9:12 AM Changeset in webkit [275797] by mark.lam@apple.com

• 35 edits
  2 adds in trunk

Enable VMTraps checks in RETURN_IF_EXCEPTION.
​https://bugs.webkit.org/show_bug.cgi?id=224078
rdar://75037057

Reviewed by Keith Miller.

JSTests:

• stress/watchdog-fire-while-in-forEachInIterable.js: Added.

Source/JavaScriptCore:

In pre-existing code, termination of a VM's execution can already be requested
asynchronously (with respect to the mutator thread). For example, sources of such
a request can be a watchdog timer firing, or a request to stop execution issued
from a main web thread to a worker thread.

This request is made by firing the VMTraps::NeedTermination event on VMTraps.
Firing the event here only means setting a flag to indicate the presence of the
request. We still have to wait till the mutator thread reaches one of the
pre-designated polling check points to call VMTraps::handleTraps() in order to
service the request. As a result of this need to wait for a polling check point,
if the mutator is executing in a long running C++ loop, then a termination request
may not be serviced for a long time.

However, we observed that a lot of our C++ loops already have RETURN_IF_EXCEPTION
checks. Hence, if we can check VMTraps::needHandling() there, we can service the
VMTraps events more frequently even in a lot of C++ loops, and get a better response.

Full details of what this patch changes:

1. Shorten some type and methods names in the VMTraps class to make code easier to read e.g. EventType => Event, needTrapHandling => needHandling.

2. Remove the VMTraps::Mask class. Mask was introduced so that we can express a concatenation of multiple VMTraps events to form a bit mask in a simple way. In the end, it isn't flexible enough but makes the code more complicated than necessary. It is now replaced by the simpler solution of using macros to define the Events as bit fields. Having Events as bit fields intrinsically make them easy to concatenate (bitwise or) or filter (bitwise and).

Also removed the unused VMTraps::Error class.

3. Make VMTraps::BitField a uint32_t. There was always unused padding in VMTraps to allow for this. So, we'll just extend it to a full 32-bit to make it easier to add more events in the future for other uses.

4. Add NeedExceptionHandling as a VMTrap::Event.

5. Make VMTraps::m_trapBits Atomic. This makes it easier to set and clear the NeedExceptionHandling bit from the mutator without a lock.

6. RETURN_IF_EXCEPTION now checks VMTraps::m_trapBits (via VMTraps::needHandling()) instead of checking VM::m_exception. If the VMTraps::m_trapBits is non-null, the macro will call VM:hasExceptionsAfterHandlingTraps() to service VMTraps events as appropriate before returning whether an exception is being thrown. The result of VM:hasExceptionsAfterHandlingTraps() will determine if RETURN_IF_EXCEPTION returns or not.

VM:hasExceptionsAfterHandlingTraps() is intentionally designed to take a minimum
of arguments (just the VM as this pointer). This is because RETURN_IF_EXCEPTION
is called from many places, and we would like to minimize code size bloating
from this change.

7. Simplify paramaters of VMTraps::handleTraps().

NeedDebuggerBreak's callFrame argument was always vm.topCallFrame anyway.
So, the patch makes it explicit, and removes the callFrame parameter.

NeedWatchdogCheck's globalObject argument should have always been
vm.entryScope->globalObject(), and we can remove the globalObject parameter.

Before this, we pass in whichever globalObject was convenient to grab hold of.
However, the idea of the watchdog is to time out the current script executing
on the stack. Hence, it makes sense to identify thay script by the globalObject
in use at VM entry.

So far, the only clients that uses the watchdog mechanism only operates in
scenarios with only one globalObject anyway. So this formalization to use
VMEntryScope's globalObject does not change the expected behavior.

8. Make the execution of termination more robust. Before reading this, please read the description of the Events in VMTraps.h first, especially the section on NeedTermination.

Here's the life cycle of a termination:

1. a client requests termination of the current execution stack by calling VM::notifyNeedTermination(). notifyNeedTermination() does 2 things:

1. fire the NeedTermination event on VMTraps.

1. set the VM::m_terminationInProgress flag.

2. Firing the NeedTermination event on VMTraps means setting the NeedTermination bit on VMTraps::m_trapBits. This bit will be polled by the mutator thread later at various designated points (including RETURN_IF_EXCEPTION, which we added in this patch).

Once the mutator sees the NeedTermination bit is set, it will clear the bit
and throw the TerminationException (see VMTraps::handleTraps()). This is
unless the mutator thread is currently in a DeferTermination scope (see (8)
below). If in a DeferTermination scope, then it will not throw the
TerminationException.

Since the NeedTermination bit is cleared, the VM will no longer call
VMTraps::handleTraps() to service the event. If the mutator thread is in
a DeferTermination scope, then on exiting the scope (at scope destruction),
the scope will see that VM::m_terminationInProgress is set, and throw the
deferred TerminationException then.

3. The TerminationException will trigger unwinding out of the current stack until we get to the outermost VMEntryScope.

4. At the the outermost VMEntryScope, we will clear VM::m_terminationInProgress if the NeedTermination bit in VMtraps::m_trapBits is cleared.

If the NeedTermination bit is set, then that means we haven't thrown the
TerminationException yet. Currently, clients expect that we must throw the
TerminationException if NeedTermination was requested (again, read comments
at the top of VMTraps.h).

If the NeedTermination bit is set, we'll leave VM::m_terminationInProgress
set until the next time we re-enter the VM and exit to the outermost
VMEntryScope.

5. The purpose of VM::m_terminationInProgress is to provide a summary of the fact that the VM is in a state of trying to terminate the current stack.

Note that this state is first indicated by the NeedTermination bit being set
in VMTraps::m_trapBits. Then, in VMTraps::handleTraps(), the state is
handed of with the NeedTermination bit being cleared, and the
TerminationException being thrown.

While the VM is in this termination state, we need to prevent new DFG/FTL
JIT code from being compiled and run. The reason is the firing of the
NeedTermination event has invalidated DFG/FTL code on the stack, thereby
allowing their baseline / LLInt versions which have VMTraps polling checks
to run. We don't want to compile new DFG / FTL code and possibly get stuck
in loops in there before the termination is complete.

In operationOptimize(), we check if VM::m_terminationInProgress is set, and
prevent new DFG (and therefore FTL) code from being compiled if needed.
Note: it is easier to check a single flag, VM::m_terminationInProgress,
then to check both if the NeedTermination bit is set or if the
TerminationException is being being thrown.

9. One complication of being able to service VMTraps in RETURN_IF_EXCEPTION checks is that some of our code (usually for lengthier initializations and bootstrapping) currently does not handle exceptions well, e.g. JSGlobalObject::init(). They rely on the code crashing if an exception is thrown while still initializing.

However, for a worker thread, a TerminationException (requested by the main
thread) may arrive before the initialization is complete. This can lead to
crashes because part of the initialization may be aborted in the presence of
an exception, while other parts still expect everything prior to have been
initialized correctly. For resource exhaustion cases (which is abnormal), it
is OK to crash. For the TerminationException (which can be part of normal
operation), we should not be crashing.

To work around this, we introduce a DeferTermination RAII scope object that we
deploy in this type of initialization code. With the scope in effect,

1. if a TerminationException arrives but hasn't been thrown yet, it will be deferred till the scope ends before being thrown.
2. if a TerminationException has already been thrown, the scope will stash the exception, clear it from the VM so that the initialization code can run to completion, and then re-throw the exception when the scope ends.

Currently, we only need to use the DeferTermination scope in a few places
where we know that initialization code will only run for a short period of time.

DeferTermination should not be used for code that can block waiting on an
external event for a long time. Obviously, doing so will prevent the VM
termination mechanism from working.

10. Replaced llint_slow_path_check_if_exception_is_uncatchable_and_notify_profiler

and operationCheckIfExceptionIsUncatchableAndNotifyProfiler with
llint_slow_path_retrieve_and_clear_exception_if_catchable and
operationRetrieveAndClearExceptionIfCatchable.

The 2 runtime functions doesn't actually do anything to notify a profiler.
So, we drop that part of the name.

After returning from these runtime functions respectively, the previous LLInt
and JIT code, which calls these runtimes functions, would go on to load
VM::m_exception, and then store a nullptr there to clear it. This is wasteful.

This patch changes the runtime function to clear and return the Exception
instead. As a result, the calling LLInt and JIT code is simplified a bit.

Note also that clearing an exception now also entails clearing the
NeedExceptionHandling bit in VMTraps::m_trapBits in an atomic way. The above
change makes it easy to do this clearing with C++ code.

11. Fix ScriptFunctionCall::call() to handle exceptions correctly. Previously,

it had one case where it propagates an exception, while another eats it.
Change this function to eat the exception in both cases. This is approproiate
because ScriptFunctionCall is only used to execute some Inspector instrumentation
calls. It doesn't make sense to propagate the exception back to user code.

12. Fix the lazy initialization of JSGlobalObject::m_defaultCollator to be able to

handle the TerminationException.

13. Not related to TerminationException, but this patch also fixes

MarkedArgumentBuffer::expandCapacity() to use Gigacage::tryMalloc() instead of
Gigacage::malloc(). This is needed as one of the fixes to make the
accompanying test case work.

This patch increases code size by 320K (144K for JSC, 176K for WebCore) measured
on x86_64.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchTest32):

• assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::branchTest32):

• assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::branchTest32):

• assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::branchTest32):

• bindings/ScriptFunctionCall.cpp:

(Deprecated::ScriptFunctionCall::call):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCheckTraps):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckTraps):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::executeProgram):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeModuleProgram):

• interpreter/InterpreterInlines.h:

(JSC::Interpreter::execute):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_check_traps):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

• jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):

• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/ArgList.cpp:

(JSC::MarkedArgumentBuffer::expandCapacity):

• runtime/DeferTermination.h: Added.

(JSC::DeferTermination::DeferTermination):
(JSC::DeferTermination::~DeferTermination):

• runtime/ExceptionScope.h:

(JSC::ExceptionScope::exception const):
(JSC::ExceptionScope::exception): Deleted.

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::finishCreation):

• runtime/LazyPropertyInlines.h:

(JSC::ElementType>::callFunc):

• runtime/StringPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

• runtime/VM.cpp:

(JSC::VM::hasExceptionsAfterHandlingTraps):
(JSC::VM::clearException):
(JSC::VM::setException):
(JSC::VM::throwTerminationException):
(JSC::VM::throwException):

• runtime/VM.h:

(JSC::VM::terminationInProgress const):
(JSC::VM::setTerminationInProgress):
(JSC::VM::notifyNeedTermination):
(JSC::VM::DeferExceptionScope::DeferExceptionScope):
(JSC::VM::DeferExceptionScope::~DeferExceptionScope):
(JSC::VM::handleTraps): Deleted.
(JSC::VM::needTrapHandling): Deleted.
(JSC::VM::needTrapHandlingAddress): Deleted.
(JSC::VM::setException): Deleted.
(JSC::VM::clearException): Deleted.

• runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::~VMEntryScope):

• runtime/VMTraps.cpp:

(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::fireTrap):
(JSC::VMTraps::handleTraps):
(JSC::VMTraps::takeTopPriorityTrap):
(JSC::VMTraps::deferTermination):
(JSC::VMTraps::undoDeferTermination):

• runtime/VMTraps.h:

(JSC::VMTraps::onlyContainsAsyncEvents):
(JSC::VMTraps::needHandling const):
(JSC::VMTraps::trapBitsAddress):
(JSC::VMTraps::isDeferringTermination const):
(JSC::VMTraps::notifyGrabAllLocks):
(JSC::VMTraps::hasTrapBit):
(JSC::VMTraps::clearTrapBit):
(JSC::VMTraps::setTrapBit):
(JSC::VMTraps::Mask::Mask): Deleted.
(JSC::VMTraps::Mask::allEventTypes): Deleted.
(JSC::VMTraps::Mask::bits const): Deleted.
(JSC::VMTraps::Mask::init): Deleted.
(JSC::VMTraps::interruptingTraps): Deleted.
(JSC::VMTraps::needTrapHandling): Deleted.
(JSC::VMTraps::needTrapHandlingAddress): Deleted.
(JSC::VMTraps::hasTrapForEvent): Deleted.
(JSC::VMTraps::setTrapForEvent): Deleted.
(JSC::VMTraps::clearTrapForEvent): Deleted.

Source/WebCore:

1. Add DeferTermination in WorkerOrWorkletScriptController::initScript(). This allows us to avoid having to make all exception checking in WorkerOrWorkletScriptController::initScript() very thorough and complete. Currently, they aren't.

2. Fix WorkerOrWorkletScriptController::evaluate() to handle the TerminationException.

3. Fix JSEventListener::handleEvent() to handle the TerminationException correctly. Previously, in one case, it was checking scope.exception() for the exception, but the exception has already been taken out of there.

• bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

• workers/WorkerOrWorkletScriptController.cpp:

(WebCore::WorkerOrWorkletScriptController::evaluate):
(WebCore::WorkerOrWorkletScriptController::initScript):

5:31 AM Changeset in webkit [275796] by Alan Bujtas

• 3 edits in trunk/Source/WebCore

RenderFlexibleBox::m_hasDefiniteHeight should not need to be mutable
​https://bugs.webkit.org/show_bug.cgi?id=224404

Reviewed by Antti Koivisto.

Let's just fix constness instead.

• rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::childIntrinsicLogicalWidth):
(WebCore::RenderFlexibleBox::crossAxisIntrinsicExtentForChild):
(WebCore::RenderFlexibleBox::useChildAspectRatio):
(WebCore::RenderFlexibleBox::childMainSizeIsDefinite):
(WebCore::RenderFlexibleBox::childCrossSizeIsDefinite):
(WebCore::RenderFlexibleBox::childHasIntrinsicMainAxisSize):
(WebCore::RenderFlexibleBox::childIntrinsicLogicalWidth const): Deleted.
(WebCore::RenderFlexibleBox::crossAxisIntrinsicExtentForChild const): Deleted.
(WebCore::RenderFlexibleBox::useChildAspectRatio const): Deleted.
(WebCore::RenderFlexibleBox::childMainSizeIsDefinite const): Deleted.
(WebCore::RenderFlexibleBox::childCrossSizeIsDefinite const): Deleted.
(WebCore::RenderFlexibleBox::childHasIntrinsicMainAxisSize const): Deleted.

• rendering/RenderFlexibleBox.h:

4:20 AM Changeset in webkit [275795] by aakash_jain@apple.com

• 3 edits in trunk/Tools

Improve step description when compile-webkit step is skipped
​https://bugs.webkit.org/show_bug.cgi?id=224373

Reviewed by Jonathan Bedard.

• CISupport/ews-build/steps.py:

(CompileWebKit.getResultSummary): Set custom summary when this step is skipped.

• CISupport/ews-build/steps_unittest.py: Updated unit-tests.

1:39 AM Changeset in webkit [275794] by sihui_liu@apple.com

• 2 edits in trunk/Source/WebKit

Unreviewed, fix test crashes after r275779
​https://bugs.webkit.org/show_bug.cgi?id=224305
rdar://71962196

• NetworkProcess/IndexedDB/WebIDBServer.cpp:

(WebKit::WebIDBServer::WebIDBServer): rolling back change on setting thread name as we see crash in
pthread_setname_np.

Apr 9, 2021:

11:43 PM Changeset in webkit [275793] by graouts@webkit.org

• 20 edits in trunk

calc() simplification for a multiplication should apply the multiplication to each value of an addition
​https://bugs.webkit.org/show_bug.cgi?id=224376

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

Mark 99 WPT progressions.

• web-platform-tests/css/css-backgrounds/animations/background-position-origin-interpolation-expected.txt:
• web-platform-tests/css/css-shapes/animation/shape-outside-interpolation-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-margin-003-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-circle-010-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-circle-011-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-ellipse-010-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-ellipse-011-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-inset-008-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-inset-009-expected.txt:
• web-platform-tests/css/css-shapes/shape-outside/values/shape-outside-polygon-006-expected.txt:
• web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt:

Source/WebCore:

An expression such as calc(0.5 * (100% + 100px)) should be simplified to calc(50% + 50px). We produce
these types of expressions when blending between a percentage and a dimension, and they can also be
specified explicitly in style.

• css/CSSCalculationValue.cpp:

(WebCore::CSSCalcOperationNode::combineChildren):

LayoutTests:

Rebase some non-WPT tests to account for new results.

• css3/calc/simplification-expected.txt:
• transitions/background-position-transitions-expected.txt:
• transitions/background-position-transitions.html:

9:09 PM Changeset in webkit [275792] by Simon Fraser

• 3 edits in trunk/Source/WebKit

[iOS WK2] CADisplayLink in the web process is used unintentionally
​https://bugs.webkit.org/show_bug.cgi?id=224395

Reviewed by Tim Horton.

When RemoteLayerTreeDrawingArea called windowScreenDidChange() from its constructor,
m_page.drawingArea() was null which resulted in DisplayRefreshMonitor::create()
receiving a null DisplayRefreshMonitorFactory*, so it fell back to the legacy
DisplayRefreshMonitorIOS, instead of using RemoteLayerTreeDisplayRefreshMonitor.

Fix by sending windowScreenDidChange() from the UI process, with the synthetic
DisplayID generated from the webPageID(). This has the advantage that
WebPageProxy will also store the correct DisplayID, and is more similar to macOS.

• UIProcess/ios/WKContentView.mm:

(-[WKContentView _commonInitializationWithProcessPool:configuration:]):

• WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea):

8:01 PM Changeset in webkit [275791] by Wenson Hsieh

• 12 edits
  2 adds in trunk

REGRESSION (r271660): Tap highlight no longer shows when tapping clickable elements without touch event listeners
​https://bugs.webkit.org/show_bug.cgi?id=224385
<rdar://problem/76462370>

Reviewed by Tim Horton.

Source/WebKit:

In r271660, I added a call to -finishInteraction when resetting the synthetic tap gesture to fix a bug where
it was possible for the tap highlight to remain indefinitely when tapping on a clickable element with a touchend
event listener. This was because the touch end deferring gesture defers -_singleTapDidReset: until after
-_didGetTapHighlightForRequest:…nodeHasBuiltInClickHandling:, where we receive the tap highlight information.

`
2021-04-09 13:05:27.141097-0700 -[WKContentView(WKInteraction) _singleTapIdentified:]
2021-04-09 13:05:27.148678-0700 -[WKContentView(WKInteraction) _didGetTapHighlightForRequest:…nodeHasBuiltInClickHandling:]
2021-04-09 13:05:27.162525-0700 -[WKContentView(WKInteraction) _singleTapRecognized:]
2021-04-09 13:05:27.162675-0700 ↳ -[WKContentView(WKInteraction) _showTapHighlight]
2021-04-09 13:05:27.163250-0700 -[WKContentView(WKInteraction) _singleTapDidReset:]
2021-04-09 13:05:51.849481-0700 ↳ -[WKContentView(WKInteraction) _finishInteraction]
`

However, in the case where there is no touchend event listener and when fast-click is active, we reset the tap
gesture before receiving the tap highlight information:

`
2021-04-09 13:05:51.836638-0700 -[WKContentView(WKInteraction) _singleTapIdentified:]
2021-04-09 13:05:51.846152-0700 -[WKContentView(WKInteraction) _singleTapRecognized:]
2021-04-09 13:05:51.847196-0700 -[WKContentView(WKInteraction) _singleTapDidReset:]
2021-04-09 13:05:51.848563-0700 -[WKContentView(WKInteraction) _didGetTapHighlightForRequest:…nodeHasBuiltInClickHandling:]
2021-04-09 13:05:51.848851-0700 ↳ -[WKContentView(WKInteraction) _showTapHighlight]
2021-04-09 13:05:51.849481-0700 ↳ -[WKContentView(WKInteraction) _finishInteraction]

`

Critically, this means that calling -_finishInteraction in -_singleTapDidReset: prematurely flagged the
tap highlight request as complete (by setting _isTapHighlightIDValid to NO) in the case where we aren't
deferring gestures, which caused us to avoid showing the tap highlight at all when we eventually receive the tap
highlight information.

To fix this, only fade out the tap highlight view in -_singleTapDidReset: if the tap highlight request has
already finished (i.e. _isTapHighlightIDValid has been set to NO). Additionally, split logic for fading out
the highlight view into a separate method, and add a BOOL flag to make the fading idempotent.

Test: fast/events/touch/ios/tap-highlight-during-synthetic-click.html

• UIProcess/API/ios/WKWebViewPrivateForTestingIOS.h:
• UIProcess/API/ios/WKWebViewTestingIOS.mm:

(-[WKWebView _tapHighlightViewRect]):

• UIProcess/ios/WKContentViewInteraction.h:
• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView tapHighlightViewRect]):

Also add a testing-only method to report the frame of the tap highlight view. Note that this only attempts to
return the current frame of the tap highlight view instead of converting the frame to the coordinate system of
the content view (as other similar testing hooks do), since the tap highlight view only exists in the view
hierarchy for a brief duration.

(-[WKContentView _finishInteraction]):
(-[WKContentView _fadeTapHighlightViewIfNeeded]):
(-[WKContentView _singleTapDidReset:]):

Tools:

Add plumbing to expose the frame of the tap highlight view via UIScriptController.

• TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
• TestRunnerShared/UIScriptContext/UIScriptController.h:

(WTR::UIScriptController::tapHighlightViewRect const):

• WebKitTestRunner/ios/UIScriptControllerIOS.h:
• WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptControllerIOS::tapHighlightViewRect const):

LayoutTests:

Add a new layout test that exercises 3 scenarios, using the new testing SPI:

1. Tapping on a button that prevents the "touchend" event (and therefore prevents clicking) should cause

the tap highlight to not show up.

2. Tapping on a button that has a "touchend" event listener and does not prevent default should cause the tap

highlight to show up.

3. Tapping on a button with no event listeners should cause the tap highlight to show up.

• fast/events/touch/ios/tap-highlight-during-synthetic-click-expected.txt: Added.
• fast/events/touch/ios/tap-highlight-during-synthetic-click.html: Added.
• resources/ui-helper.js:

(window.UIHelper.tapHighlightViewRect):

7:51 PM WebKitGTK/2.32.x edited by Michael Catanzaro

(diff)

7:11 PM Changeset in webkit [275790] by Simon Fraser

• 6 edits in trunk/Source/WebCore

scrollingTreeNodeDidScroll() should just trigger a rendering udpate
​https://bugs.webkit.org/show_bug.cgi?id=224394

Reviewed by Tim Horton.

After handling wheel events on the scrolling thread,
ThreadedScrollingTree::scrollingTreeNodeDidScroll() appends to a queue of pending updates
and then triggers applyPendingScrollUpdates() on the main thread to process those updates.
However, every rendering update also processes pending scroll updates via
synchronizeStateFromScrollingTree(), so it's simpler if we just trigger a rendering update.

• page/scrolling/AsyncScrollingCoordinator.cpp:

(WebCore::AsyncScrollingCoordinator::scrollingThreadAddedPendingUpdate):
(WebCore::AsyncScrollingCoordinator::scheduleRenderingUpdate):

• page/scrolling/AsyncScrollingCoordinator.h:
• page/scrolling/ThreadedScrollingTree.cpp:

(WebCore::ThreadedScrollingTree::scrollingTreeNodeDidScroll):

• page/scrolling/mac/ScrollingCoordinatorMac.mm:

(WebCore::ScrollingCoordinatorMac::scheduleTreeStateCommit):

• page/scrolling/nicosia/ScrollingCoordinatorNicosia.cpp:

(WebCore::ScrollingCoordinatorNicosia::scheduleTreeStateCommit):

6:55 PM Changeset in webkit [275789] by Brent Fulgham

• 2 edits in trunk/Source/WebKit

[iOS] Correct process-info rules to restrict to self
​https://bugs.webkit.org/show_bug.cgi?id=224383
<rdar://problem/66582454>

Reviewed by Eric Carlson.

The sandbox allows 'process-info' by default, so our allow rules have no real impact.
We need to deny access first, as we do on macOS, so that the allow rules have meaning.

I reviewed the macOS sandbox, and made sure the iOS sandbox allows the same items.

• Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

6:00 PM Changeset in webkit [275788] by Alexey Shvayka

• 34 edits in trunk

Remove className() and toStringName() from the method table
​https://bugs.webkit.org/show_bug.cgi?id=224247

Reviewed by Darin Adler.

Source/JavaScriptCore:

ES6 introduced Symbol.toStringTag to customize Object.prototype.toString return value.
It was adopted by WebIDL spec, Chrome's DevTools, Node.js etc. There is no reason to
keep 2 method table methods, each with only 1 call site, instead of using the symbol.

Also, it's a bit confusing that for some objects, method table's className() returns
different result than JSCell::className(VM&).

This change:

1. Removes JSProxy's className() / toStringName() methods because its target() is a global object that never has these overrides and uses Symbol.toStringTag instead.

2. Removes DebuggerScope's className() / toStringName() overrides because its objectAtScope() has these methods extremely rarely (e.g. with (new Date) {}), and its not displayed by Web Inspector.

3. Merges JSCallbackObject's className() / toStringName() methods into Symbol.toStringTag branch of getOwnPropertySlot(), with permissive property attributes. To avoid any possible breakage, we make sure that it will be shadowed by a structure property.

4. Reworks JSObject::calculatedClassName() to rely on Symbol.toStringTag, matching Chrome's DevTools behavior. On its own, it's a nice change for Web Inspector. We make sure to lookup Symbol.toStringTag if constructor.name inference fails to avoid confusion when extending builtins.

5. Removes now unused className() from the method table.

6. Removes toStringName() override from JSFinalizationRegistry because its builtin tag [1] is already "Object".

7. Introduces BooleanObjectType for Boolean wrapper object, and Boolean.prototype as it's also required to have a BooleanData? internal slot [2].

8. Reworks Object.prototype.toString to determine builtin tag [1] based on JSType rather than performing method table call. It's guaranteed that a) the set of types we are checking against won't be expanded, and b) objects with these types have correct className.

9. Removes now unused toStringTag() from the method table.

This patch is performance-neutral and carefully preserves current behavior for API objects,
including isPokerBros() hack.

[1]: ​https://tc39.es/ecma262/#sec-object.prototype.tostring (steps 5-14)
[2]: ​https://tc39.es/ecma262/#sec-properties-of-the-boolean-prototype-object

• API/JSCallbackObject.h:
• API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
(JSC::JSCallbackObject<Parent>::className): Deleted.
(JSC::JSCallbackObject<Parent>::toStringName): Deleted.

• API/tests/testapiScripts/testapi.js:
• debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::className): Deleted.
(JSC::DebuggerScope::toStringName): Deleted.

• debugger/DebuggerScope.h:
• runtime/BooleanObject.cpp:

(JSC::BooleanObject::toStringName): Deleted.

• runtime/BooleanObject.h:

(JSC::BooleanObject::createStructure):

• runtime/BooleanPrototype.h:
• runtime/ClassInfo.h:
• runtime/DateInstance.cpp:

(JSC::DateInstance::toStringName): Deleted.

• runtime/DateInstance.h:
• runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::toStringName): Deleted.

• runtime/ErrorInstance.h:
• runtime/JSCell.cpp:

(JSC::JSCell::className): Deleted.
(JSC::JSCell::toStringName): Deleted.

• runtime/JSCell.h:
• runtime/JSFinalizationRegistry.cpp:

(JSC::JSFinalizationRegistry::toStringName): Deleted.

• runtime/JSFinalizationRegistry.h:
• runtime/JSObject.cpp:

(JSC::JSObject::calculatedClassName):
(JSC::JSObject::className): Deleted.
(JSC::isPokerBros): Deleted.
(JSC::JSObject::toStringName): Deleted.

• runtime/JSObject.h:
• runtime/JSProxy.cpp:

(JSC::JSProxy::className): Deleted.
(JSC::JSProxy::toStringName): Deleted.

• runtime/JSProxy.h:
• runtime/JSType.cpp:

(WTF::printInternal):

• runtime/JSType.h:
• runtime/NumberObject.cpp:

(JSC::NumberObject::toStringName): Deleted.

• runtime/NumberObject.h:

(JSC::NumberObject::createStructure):

• runtime/ObjectPrototype.cpp:

(JSC::isPokerBros):
(JSC::inferBuiltinTag):
(JSC::objectPrototypeToString):

1. Removes jsNontrivialString() because it's assertion may fail in case of iOS hack.
2. Utilizes AtomStringImpl to avoid allocating StringImpl for a small fixed set of strings.

• runtime/RegExpObject.cpp:

(JSC::RegExpObject::toStringName): Deleted.

• runtime/RegExpObject.h:
• runtime/StringObject.cpp:

(JSC::StringObject::toStringName): Deleted.

• runtime/StringObject.h:

LayoutTests:

• inspector/model/remote-object-get-properties-expected.txt:
• inspector/model/remote-object-get-properties.html:

5:45 PM Changeset in webkit [275787] by Jean-Yves Avenard

• 17 edits
  2 adds in trunk

Media Session action should default to the MediaElement's default when no MediaSession handler are set
​https://bugs.webkit.org/show_bug.cgi?id=224278
<rdar://problem/76339841>

Reviewed by Youenn Fablet .

Source/WebCore:

When a media session doesn't explicitly define an action handler, we use the media element
default action of the same type.
Media Session doesn't track a particular media element, instead it loosely defines a guessed playback state
that tracks if some element in the current document is playing and not muted or otherwise paused.
(see ​https://w3c.github.io/mediasession/#playback-state-model)
We therefore need to determine what is currently the most suitable media element available in this document.
Unlike the Media Controller and the Now Playing policy that will only ever select a media
if it is currently playing and not muted, for the Media Session we may have to interact with paused media elements.
For this we add a new PlaybackControlsPurpose named MediaSession defining new search criterias.
A media element will be up for selection if it's playable (according to autoplay policy). From then,
the best element will be selected accoring to its visibility, its size, if it's beeing played previously and
the last time it was interacted with.

Test: media/media-session/default-actionHandlers.html

• Modules/mediasession/MediaSession.cpp:

(WebCore::platformCommandForMediaSessionAction): New convenience method to convert one datatype into another.
(WebCore::MediaSession::callActionHandler): Use user defined handler if present or run the related action on
the most suitable media element
(WebCore::MediaSession::activeMediaElement const): Determine the currently active media element in the current
Media Session's document.

• Modules/mediasession/MediaSession.h:
• html/HTMLMediaElement.cpp:

(WebCore::mediaElementSessionInfoForSession): Add new hasEverNotifiedAboutPlaying member.
(WebCore::preferMediaControlsForCandidateSessionOverOtherCandidateSession): Amend sorting algorithm to cater
for the MediaSession criterias described above.
(WebCore::mediaSessionMayBeConfusedWithMainContent): When using MediaSession purpose, there is no possible
ambiguity, amend as such.
(WebCore::HTMLMediaElement::bestMediaElementForRemoteControls): Renamed from bestMediaElementForShowingPlaybackControlsManager
method to better match how the method is actually used.

• html/HTMLMediaElement.h:
• html/MediaElementSession.cpp:

(WebCore::MediaElementSession::canShowControlsManager const): Amend for new Media Session criterias.
(WebCore::MediaElementSession::didReceiveRemoteControlCommand): Always let MediaSession manage the actions handling.

• html/MediaElementSession.h:
• page/Page.cpp:

(WebCore::Page::playbackControlsManagerUpdateTimerFired): amend following method rename.

• platform/audio/cocoa/MediaSessionManagerCocoa.mm:

(WebCore::MediaSessionManagerCocoa::nowPlayingEligibleSession): amend following method rename.

• testing/Internals.cpp:

(WebCore::Internals::bestMediaElementForRemoteControls): Renamed from bestMediaElementForShowingPlaybackControlsManager as above.
(WebCore::Internals::sendMediaSessionAction): amend following method rename.

• testing/Internals.h: Rename method
• testing/Internals.idl: Rename method

LayoutTests:

• media/audio-background-playback-playlist-expected.txt: Renamed method
• media/audio-background-playback-playlist.html: Renamed method
• media/media-session/default-actionHandlers-expected.txt: Added.
• media/media-session/default-actionHandlers.html: Added.
• platform/mac/media/video-best-element-for-playback-controls-purpose-expected.txt: Renamed method
• platform/mac/media/video-best-element-for-playback-controls-purpose.html: Renamed method

5:03 PM Changeset in webkit [275786] by Wenson Hsieh

• 2 edits in trunk/Source/WebKit

Web process crashes if image extraction is requested for an element that is pending image extraction
​https://bugs.webkit.org/show_bug.cgi?id=224397
<rdar://problem/76472254>

Reviewed by Tim Horton.

Add a missing null check, so that we don't append (and then end up attempting to call) a null completion handler
in the case where image extraction is re-requested for an element that already has a pending image extraction
request.

This is currently not possible to reliably test this; in a future patch, I will add testing infrastructure that
will allow us to simulate image extraction requests and responses at the client layer.

• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::requestImageExtraction):

4:56 PM Changeset in webkit [275785] by Robert Jenner

• 2 edits in trunk/LayoutTests

[ macOS ] webgl/1.0.3/conformance/glsl/constructors/glsl-construct-ivec2.html is a flakey timeout
​https://bugs.webkit.org/show_bug.cgi?id=224396

Unreviewed test gardening.

• platform/mac/TestExpectations: Updating test expectations to Pass Timeout while test is reviewed.

4:54 PM Changeset in webkit [275784] by sihui_liu@apple.com

• 2 edits in trunk/Source/WebKit

Unreviewed, fix for test crashes after r275779.
​https://bugs.webkit.org/show_bug.cgi?id=224305
rdar://71962196

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::createWebIDBServer): hitting an assertion when deref the WeakPtr, so rolling back to
old impl.

4:33 PM Changeset in webkit [275783] by jer.noble@apple.com

• 2 edits in trunk/Source/WebKit

[Cocoa] Don't set LD_RUNPATH_SEARCH_PATHS in the WebKit project file.
​https://bugs.webkit.org/show_bug.cgi?id=224392

Reviewed by Eric Carlson.

• WebKit.xcodeproj/project.pbxproj:

3:20 PM Changeset in webkit [275782] by Russell Epstein

• 1 copy in tags/Safari-612.1.10.1

Tag Safari-612.1.10.1.

3:20 PM Changeset in webkit [275781] by Russell Epstein

• 1 delete in tags/Safari-612.1.10.1

Delete tag.

3:09 PM Changeset in webkit [275780] by Fujii Hironori

• 2 edits in trunk/Source/WebCore

[Cairo][GPUP] GraphicsContextGLOpenGL::paintToCanvas can't paint into a remote canvas
​https://bugs.webkit.org/show_bug.cgi?id=224271

Reviewed by Don Olmstead.

WebGL canvas tests were failing for WinCairo port since r274327
enabled GPU process for canvas rendering. In the current
implementation of WebKitTestRunner, 2D canvases are in GPU
process, while WebGL canvases are in WebContent process. Remote
canvases in GPU process failed to drawImage() with a WebGL canvas
what is in WebContent process.

GraphicsContextGLOpenGL::paintToCanvas of Cairo port was painting
directly into PlatformContextCairo. It also should use
GraphicsContext::drawNativeImage as well as CG port does.

• platform/graphics/cairo/GraphicsContextGLCairo.cpp:

(WebCore::GraphicsContextGLOpenGL::paintToCanvas):

3:04 PM Changeset in webkit [275779] by sihui_liu@apple.com

• 8 edits in trunk/Source/WebKit

Create WebIDBServer only when it is needed
​https://bugs.webkit.org/show_bug.cgi?id=224305
rdar://71962196

Reviewed by Alex Christensen.

Currently each WebIDBServer comes with a thread, so we don't want to keep WebIDBServer if it's not in use.
Now there are two cases where network process needs a WebIDBServer:

1. handle requests from UI process to collect or remove data
2. handle requests from Web process to perform IDB operations

We created a WebIDBServer when network process connects to a web process, and we should create it when
web process is about to perform IDB operations. Also, we should remove WebIDBServer if it's done handling
requests, i.e count of pending requests from UI process is 0 and WebIDBServer is not associated with any web
process connection.

• NetworkProcess/IndexedDB/WebIDBServer.cpp:

(WebKit::WebIDBServer::create):
(WebKit::WebIDBServer::WebIDBServer): Add SessionID to thread name so we know which session to blame in crash
traces.
(WebKit::m_closeCallback):
(WebKit::WebIDBServer::getOrigins):
(WebKit::WebIDBServer::closeAndDeleteDatabasesModifiedSince):
(WebKit::WebIDBServer::closeAndDeleteDatabasesForOrigins):
(WebKit::WebIDBServer::renameOrigin):
(WebKit::WebIDBServer::removeConnection):
(WebKit::WebIDBServer::tryClose):

• NetworkProcess/IndexedDB/WebIDBServer.h:
• NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::addIDBConnection):

• NetworkProcess/NetworkConnectionToWebProcess.h:
• NetworkProcess/NetworkConnectionToWebProcess.messages.in: Add a message for web process to ask network process

to create WebIDBServer if not exists, and associate the web process connection with WebIDBServer.

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::createNetworkConnectionToWebProcess):
(WebKit::NetworkProcess::destroySession):
(WebKit::NetworkProcess::createWebIDBServer):
(WebKit::NetworkProcess::connectionToWebProcessClosed):
(WebKit::NetworkProcess::removeWebIDBServerIfPossible): Deleted. Move the removal code to WebIDBServer.

• WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):

2:56 PM Changeset in webkit [275778] by aakash_jain@apple.com

• 2 edits in trunk/Tools

git-webkit find doesn't work well with unicode characters in author name (follow-up fix)
​https://bugs.webkit.org/show_bug.cgi?id=223686

Reviewed by Jonathan Bedard.

• Scripts/libraries/webkitscmpy/webkitscmpy/program/find.py:

(Info.main): Updated the error message.

1:37 PM Changeset in webkit [275777] by Russell Epstein

• 13 edits in branches/safari-612.1.10-branch/Source

Cherry-pick r275775. rdar://problem/76467684

WTF SoftLinking macros can cause collisions with their target functions
​https://bugs.webkit.org/show_bug.cgi?id=224379
<rdar://76434202>

Reviewed by Eric Carlson.

Source/WebCore:

Don't include the SoftLinkLibxslt.h file in the .cpp file.

• xml/SoftLinkLibxslt.cpp:
• xml/SoftLinkLibxslt.h:

Source/WebCore/PAL:

• pal/cf/CoreMediaSoftLink.h:
• pal/cocoa/MediaToolboxSoftLink.h:
• pal/cocoa/OpenGLSoftLinkCocoa.h:
• pal/cocoa/PassKitSoftLink.h:
• pal/ios/UIKitSoftLink.h:
• pal/spi/cocoa/AccessibilitySupportSoftLink.cpp:
• pal/spi/cocoa/AccessibilitySupportSoftLink.h:

Source/WTF:

Do not declare an inline version of the target function, as this will collide if the target function
becomes inlined. Instead, callers should use the explicit softLink_Library_Function() syntax, or
the LibrarySoftLinking.h headers should use #defines to re-declare the function name.

• wtf/cocoa/SoftLinking.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:37 PM Changeset in webkit [275776] by Russell Epstein

• 4 edits in branches/safari-612.1.10-branch/Source

Cherry-pick r275736. rdar://problem/76467285

Fix incorrect compile-time macro for CFNETWORK_NSURLSESSION_ATTRIBUTED_BUNDLE_IDENTIFIER
​https://bugs.webkit.org/show_bug.cgi?id=224347
<rdar://problem/76353792>

Reviewed by Brent Fulgham.

Source/WebCore/PAL:

• pal/spi/cf/CFNetworkSPI.h:

Source/WebKit:

• NetworkProcess/cocoa/NetworkSessionCocoa.mm: (WebKit::NetworkSessionCocoa::NetworkSessionCocoa): (WebKit::NetworkSessionCocoa::SessionSet::initializeEphemeralStatelessSessionIfNeeded):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275736 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:31 PM Changeset in webkit [275775] by jer.noble@apple.com

• 13 edits in trunk/Source

WTF SoftLinking macros can cause collisions with their target functions
​https://bugs.webkit.org/show_bug.cgi?id=224379
<rdar://76434202>

Reviewed by Eric Carlson.

Source/WebCore:

Don't include the SoftLinkLibxslt.h file in the .cpp file.

• xml/SoftLinkLibxslt.cpp:
• xml/SoftLinkLibxslt.h:

Source/WebCore/PAL:

• pal/cf/CoreMediaSoftLink.h:
• pal/cocoa/MediaToolboxSoftLink.h:
• pal/cocoa/OpenGLSoftLinkCocoa.h:
• pal/cocoa/PassKitSoftLink.h:
• pal/ios/UIKitSoftLink.h:
• pal/spi/cocoa/AccessibilitySupportSoftLink.cpp:
• pal/spi/cocoa/AccessibilitySupportSoftLink.h:

Source/WTF:

Do not declare an inline version of the target function, as this will collide if the target function
becomes inlined. Instead, callers should use the explicit softLink_Library_Function() syntax, or
the LibrarySoftLinking.h headers should use #defines to re-declare the function name.

• wtf/cocoa/SoftLinking.h:

12:57 PM Changeset in webkit [275774] by graouts@webkit.org

• 6 edits
  1 delete in trunk/LayoutTests

Remove tests under css3/shapes which are superseded by tests at imported/w3c/web-platform-tests/css/css-shapes
​https://bugs.webkit.org/show_bug.cgi?id=224378

Reviewed by Dean Jackson.

• TestExpectations:
• css3/shapes/shape-outside-invalid-001-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-001.html: Removed.
• css3/shapes/shape-outside-invalid-circle-000-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-circle-000.html: Removed.
• css3/shapes/shape-outside-invalid-circle-001-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-circle-001.html: Removed.
• css3/shapes/shape-outside-invalid-circle-002-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-circle-002.html: Removed.
• css3/shapes/shape-outside-invalid-circle-003-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-circle-003.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-001-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-001.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-002-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-002.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-003-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-003.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-004-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-004.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-005-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-005.html: Removed.
• css3/shapes/shape-outside-invalid-ellipse-006-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-ellipse-006.html: Removed.
• css3/shapes/shape-outside-invalid-inset-001-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-inset-001.html: Removed.
• css3/shapes/shape-outside-invalid-inset-002-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-inset-002.html: Removed.
• css3/shapes/shape-outside-invalid-inset-003-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-inset-003.html: Removed.
• css3/shapes/shape-outside-invalid-inset-004-expected.txt: Removed.
• css3/shapes/shape-outside-invalid-inset-004.html: Removed.
• css3/shapes/shape-outside-path-no-crash-expected.txt: Removed.
• css3/shapes/shape-outside-path-no-crash.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-002-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-002.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-003-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-003.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-004-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-004.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-006-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-006.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-007-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-007.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-008-expected.html: Removed.
• css3/shapes/shape-outside/shape-box/shape-outside-box-008.html: Removed.
• css3/shapes/shape-outside/shape-box/w3c-import.log: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-001-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-001.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-002-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-002.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-003-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-003.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-004-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-linear-gradient-004.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-001-expected.txt: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-001.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-002-expected.txt: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-002.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-003-expected.txt: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-003.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-004-expected.txt: Removed.
• css3/shapes/shape-outside/shape-image/gradients/shape-outside-radial-gradient-004.html: Removed.
• css3/shapes/shape-outside/shape-image/gradients/w3c-import.log: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-000-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-000.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-001-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-001.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-002-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-002.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-003-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-003.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-004-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-004.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-005-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-005.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-006-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-006.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-007-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-007.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-008-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-008.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-009-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-009.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-010-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-010.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-011-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-011.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-012-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-012.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-013-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-013.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-014-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-014.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-015-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-015.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-016-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-016.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-017-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-017.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-018-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-018.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-019-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-019.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-020-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-020.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-021-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-021.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-022-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-022.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-023-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-023.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-024-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-024.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-025-expected.html: Removed.
• css3/shapes/shape-outside/shape-image/shape-image-025.html: Removed.
• css3/shapes/shape-outside/shape-image/support/animated.gif: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-20.png: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-20.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-50.png: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-50.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-70.png: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle-70.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle.jpg: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle.png: Removed.
• css3/shapes/shape-outside/shape-image/support/left-half-rectangle.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle-20.png: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle-50.png: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle-70.png: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle-70.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle.gif: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle.jpg: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle.png: Removed.
• css3/shapes/shape-outside/shape-image/support/right-half-rectangle.svg: Removed.
• css3/shapes/shape-outside/shape-image/support/w3c-import.log: Removed.
• css3/shapes/shape-outside/shape-image/w3c-import.log: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-013-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-013.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-014-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-014.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-015-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-015.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-016-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-016.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-017-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-017.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-018-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-018.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-019-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-019.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-020-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-020.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-021-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-021.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-022-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-022.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-024-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-024.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-025-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-025.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-026-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-026.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-027-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-027.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-028-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-028.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-029-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-029.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-030-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-030.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-031-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/shape-outside-circle-031.html: Removed.
• css3/shapes/shape-outside/supported-shapes/circle/w3c-import.log: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-013-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-013.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-014-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-014.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-016-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-016.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-018-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-018.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-019-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-019.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-020-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-020.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-021-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-021.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-022-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-022.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-023-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-023.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-024-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-024.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-025-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-025.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-030-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-030.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-031-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/shape-outside-ellipse-031.html: Removed.
• css3/shapes/shape-outside/supported-shapes/ellipse/w3c-import.log: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-010-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-010.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-011-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-011.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-012-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-012.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-013-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-013.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-014-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-014.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-015-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/shape-outside-inset-015.html: Removed.
• css3/shapes/shape-outside/supported-shapes/inset/w3c-import.log: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-007-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-007.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-008-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-008.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-009-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-009.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-010-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-010.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-011-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-011.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-012-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-012.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-013-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-013.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-014-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-014.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-015-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-015.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-016-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-016.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-017-expected.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/shape-outside-polygon-017.html: Removed.
• css3/shapes/shape-outside/supported-shapes/polygon/w3c-import.log: Removed.
• css3/shapes/shape-outside/supported-shapes/support/rounded-rectangle.js: Removed.
• css3/shapes/shape-outside/supported-shapes/support/subpixel-utils.js: Removed.
• css3/shapes/shape-outside/supported-shapes/support/test-utils.js: Removed.
• css3/shapes/shape-outside/supported-shapes/support/w3c-import.log: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-000.html: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-001.html: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-002.html: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-image-threshold-003.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-000.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-001.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-002.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-003.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-004-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-004.html: Removed.
• css3/shapes/shape-outside/values/shape-margin-005-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-margin-005.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-box-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-box-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-001.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-002.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-003.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-004-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-004.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-005-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-005.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-006-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-006.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-007-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-007.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-008-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-008.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-009-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-009.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-010-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-010.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-011-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-circle-011.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-computed-shape-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-computed-shape-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-computed-shape-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-computed-shape-001.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-002.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-003.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-004-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-004.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-006-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-006.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-007-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-007.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-008-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-008.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-009-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-ellipse-009.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-001.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-002.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-003.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-004-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-004.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-005-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-005.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-006-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-006.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-007-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-007.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-008-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-008.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-009-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-inset-009.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-001.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-002-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-002.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-003-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-003.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-004-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-004.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-005-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-005.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-006-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-polygon-006.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-arguments-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-arguments-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-arguments-001-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-arguments-001.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-box-pair-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-box-pair-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-inherit-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-inherit-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-initial-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-initial-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-none-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-none-000.html: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-notation-000-expected.txt: Removed.
• css3/shapes/shape-outside/values/shape-outside-shape-notation-000.html: Removed.
• css3/shapes/shape-outside/values/support/parsing-utils.js: Removed.
• css3/shapes/shape-outside/values/support/w3c-import.log: Removed.
• css3/shapes/shape-outside/values/w3c-import.log: Removed.
• css3/shapes/spec-examples/shape-outside-001-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-001.html: Removed.
• css3/shapes/spec-examples/shape-outside-002-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-002.html: Removed.
• css3/shapes/spec-examples/shape-outside-003-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-003.html: Removed.
• css3/shapes/spec-examples/shape-outside-004-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-004.html: Removed.
• css3/shapes/spec-examples/shape-outside-005-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-005.html: Removed.
• css3/shapes/spec-examples/shape-outside-006-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-006.html: Removed.
• css3/shapes/spec-examples/shape-outside-007-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-007.html: Removed.
• css3/shapes/spec-examples/shape-outside-008-expected.html: Removed.
• css3/shapes/spec-examples/shape-outside-008.html: Removed.
• css3/shapes/spec-examples/shape-outside-010-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-010.html: Removed.
• css3/shapes/spec-examples/shape-outside-011-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-011.html: Removed.
• css3/shapes/spec-examples/shape-outside-012-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-012.html: Removed.
• css3/shapes/spec-examples/shape-outside-013-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-013.html: Removed.
• css3/shapes/spec-examples/shape-outside-014-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-014.html: Removed.
• css3/shapes/spec-examples/shape-outside-015-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-015.html: Removed.
• css3/shapes/spec-examples/shape-outside-016-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-016.html: Removed.
• css3/shapes/spec-examples/shape-outside-017-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-017.html: Removed.
• css3/shapes/spec-examples/shape-outside-018-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-018.html: Removed.
• css3/shapes/spec-examples/shape-outside-019-expected.txt: Removed.
• css3/shapes/spec-examples/shape-outside-019.html: Removed.
• css3/shapes/spec-examples/support/circle-no-shadow.png: Removed.
• css3/shapes/spec-examples/support/circle-shadow.png: Removed.
• css3/shapes/spec-examples/support/rounded-triangle.svg: Removed.
• css3/shapes/spec-examples/support/spec-example-utils.js: Removed.
• css3/shapes/spec-examples/support/w3c-import.log: Removed.
• css3/shapes/spec-examples/w3c-import.log: Removed.
• css3/shapes/w3c-import.log: Removed.
• platform/glib/TestExpectations:
• platform/ios/TestExpectations:
• platform/mac-wk2/TestExpectations:
• platform/wincairo/TestExpectations:

12:49 PM Changeset in webkit [275773] by Sam Sneddon

• 7 edits in trunk/Tools

Make TestInput take a Test object, not a path
​https://bugs.webkit.org/show_bug.cgi?id=224329

Reviewed by Jonathan Bedard.

• Scripts/webkitpy/layout_tests/controllers/layout_test_runner.py:

(LayoutTestRunner.run_tests): Remove test_to_skip argument; skipped tests aren't for the runner.

• Scripts/webkitpy/layout_tests/controllers/layout_test_runner_unittest.py:

(LayoutTestRunnerTests._run_tests): TestInput expects a Test.
(LayoutTestRunnerTests.test_interrupt_if_at_failure_limits): TestInput expects a Test.
(SharderTests.get_test_input): TestInput expects a Test.

• Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager._collect_tests):
Move duplicated code from Manager.run and Manager.print_expectations here.
(Manager._tests_to_run):
Renamed from Manager._prepare_lists; now just gives tests to run.
(Manager._test_input_for_file): Now takes a Test, not a str; device_type changes behaviour and shouldn't have any default.
(Manager._test_is_slow): device_type changes behaviour and shouldn't have any default.
(Manager._test_should_dump_jsconsolelog_in_stderr): device_type changes behaviour and shouldn't have any default.
(Manager._get_test_inputs): device_type changes behaviour and shouldn't have any default.
(Manager._update_worker_count): device_type changes behaviour and shouldn't have any default.
(Manager._set_up_run): device_type changes behaviour and shouldn't have any default.
(Manager.run):
Largely just change for Manager._collect_tests, also renaming the sets to match their
clearer names in print_expectations.
Additionally, now generate skip results here, as they aren't to do with actually running
tests, they're about test selection.
(Manager._run_test_subset): Remove tests_to_skip argument, devie_type is required.
(Manager._run_tests): Remove tests_to_skip argument, devie_type is required.
(Manager._print_expectation_line_for_test): Now takes a Test, not a str; device_type changes behaviour and shouldn't have any default.
(Manager._print_expectations_for_subset): Change default of tests_to_skip to avoid set/dict oddness.
(Manager.print_expectations): Largely change for Manager._collect_tests.

• Scripts/webkitpy/layout_tests/models/test.py:

(Test): Use attrs to avoid having to define cmp, hash, repr, etc.

• Scripts/webkitpy/layout_tests/models/test_input.py:

(TestInput.init): Take a Test, not a str.
(TestInput.test_name): Maintain compatibility with code reading TestInput.test_name for now.

• Scripts/webkitpy/layout_tests/models/test_run_results.py:

(TestRunResults.merge): Fix merging of dicts-of-sets, rather than overwriting the sets.
(TestRunResults.merge.merge_dict_sets): Implement the merging.

12:05 PM Changeset in webkit [275772] by commit-queue@webkit.org

• 6 edits in trunk

[css-grid] Set hasIntrinsicWidth & hasIntrinsicHeight properties for SVG element's intrinsic size
​https://bugs.webkit.org/show_bug.cgi?id=223504

Patch by Ziran Sun <Ziran Sun> on 2021-04-09
Reviewed by Javier Fernandez.

Source/WebCore:

In RenderReplaced::computeReplacedLogicalWidth/RenderReplaced::computeReplacedLogicalHeight(),
hasIntrinsicWidth and hasIntrinsicHeight are decided by whether the value is bigger than 0.
This is not alway true. The SVG element sets its hasIntrinsicWidth/hasIntrinsicHeight property
in line with its lengthType(). This change adds checks for SVG element cases specifically.

• platform/graphics/FloatSize.h:
• rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::computeReplacedLogicalWidth const):
(WebCore::RenderReplaced::computeReplacedLogicalHeight const):

• rendering/svg/RenderSVGRoot.cpp:

(WebCore::RenderSVGRoot::computeIntrinsicRatioInformation const):

LayoutTests:

Enable 4 tests that pass now.

• TestExpectations:

11:55 AM EarlyWarningSystem edited by aakash_jain@apple.com

(diff)

11:35 AM Changeset in webkit [275771] by Said Abou-Hallawa

• 3 edits in trunk/LayoutTests

[ macOS wk2 ARM64 ] fast/images/async-image-background-change.html is a flakey timeout
​https://bugs.webkit.org/show_bug.cgi?id=223469

Reviewed by Darin Adler.

If the event 'webkitImageFrameReady' fires before registering its listener,
the test will timeout.

Make sure the event listener is registered before changing the background
of the element.

• fast/images/async-image-background-change.html:
• platform/mac-wk2/TestExpectations:

11:33 AM Changeset in webkit [275770] by Alan Coon

• 1 copy in tags/Safari-611.2.2

Tag Safari-611.2.2.

11:32 AM Changeset in webkit [275769] by Wenson Hsieh

• 7 edits in trunk/LayoutTests

REGRESSION (r273154): 3 layout tests in editing/selection/ios are consistently failing
​https://bugs.webkit.org/show_bug.cgi?id=224375
<rdar://problem/76420167>

Reviewed by Tim Horton.

Rebaseline some layout tests after enabling form control refresh on iOS.

• editing/selection/ios/do-not-hide-selection-in-visible-field-expected.txt:
• editing/selection/ios/do-not-hide-selection-in-visible-field.html:
• editing/selection/ios/show-selection-in-transformed-container-2-expected.txt:
• editing/selection/ios/show-selection-in-transformed-container-2.html:
• editing/selection/ios/show-selection-in-transformed-container-expected.txt:
• editing/selection/ios/show-selection-in-transformed-container.html:

11:31 AM Changeset in webkit [275768] by Chris Dumez

• 30 edits
  1 add in trunk/Source/WebKit

Need to propagate and use 'canShowWhileLocked' in the GPU Process
​https://bugs.webkit.org/show_bug.cgi?id=224345
<rdar://76011262>

Reviewed by Tim Horton.

The GPUProcess was previously creating a single visibility propagation view even though
it was potentially serving several web views. Also, it would also pass
canShowWhileLocked=false when constructing the visibility propagation view, ignoring
the value of WKWebViewConfiguration._canShowWhileLocked. This would lead to issues for
apps relying on WKWebView to show content on the lock screen.

To address the issue, we now have the RemoteRenderingBackend construct its own
visibility propagation view in the GPUProcess. The GPUProcess constructs a
RemoteRenderingBackend per WebPage being served so this is convenient. When sending the
IPC to the GPUProcess to construct the RemoteRenderingBackend, the WebProcess now sends
the page identifier as well as the value of the canShowWhileLocked flag so that we
can use the correct canShowWhileLocked flag when constructing the visibility propagation
view.

The logic in the UIProcess for dealing with GPUProcess visibility propagation views
is now almost identical to WebProcess visibility propagation views. They are stored on
the WebPageProxy and get swapped on process-swap (since a new WebPage gets created).

• GPUProcess/GPUConnectionToWebProcess.cpp:

(WebKit::GPUConnectionToWebProcess::createRenderingBackend):

• GPUProcess/GPUConnectionToWebProcess.h:
• GPUProcess/GPUConnectionToWebProcess.messages.in:
• GPUProcess/GPUProcess.cpp:

(WebKit::GPUProcess::initializeGPUProcess):

• GPUProcess/GPUProcess.h:
• GPUProcess/graphics/RemoteRenderingBackend.cpp:

(WebKit::RemoteRenderingBackend::create):
(WebKit::RemoteRenderingBackend::RemoteRenderingBackend):

• GPUProcess/graphics/RemoteRenderingBackend.h:
• GPUProcess/graphics/RemoteRenderingBackendCreationParameters.h: Added.

(WebKit::RemoteRenderingBackendCreationParameters::encode const):
(WebKit::RemoteRenderingBackendCreationParameters::decode):

• UIProcess/Cocoa/WebPageProxyCocoa.mm:

(WebKit::WebPageProxy::didCreateContextInWebProcessForVisibilityPropagation):
(WebKit::WebPageProxy::didCreateContextInGPUProcessForVisibilityPropagation):

• UIProcess/GPU/GPUProcessProxy.cpp:

(WebKit::GPUProcessProxy::getGPUProcessConnection):
(WebKit::GPUProcessProxy::didCreateContextForVisibilityPropagation):

• UIProcess/GPU/GPUProcessProxy.h:
• UIProcess/GPU/GPUProcessProxy.messages.in:
• UIProcess/PageClient.h:

(WebKit::PageClient::didCreateContextInWebProcessForVisibilityPropagation):

• UIProcess/ProvisionalPageProxy.cpp:

(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
(WebKit::ProvisionalPageProxy::didCreateContextInWebProcessForVisibilityPropagation):
(WebKit::ProvisionalPageProxy::didCreateContextInGPUProcessForVisibilityPropagation):
(WebKit::ProvisionalPageProxy::didReceiveMessage):

• UIProcess/ProvisionalPageProxy.h:

(WebKit::ProvisionalPageProxy::contextIDForVisibilityPropagationInWebProcess const):
(WebKit::ProvisionalPageProxy::contextIDForVisibilityPropagationInGPUProcess const):

• UIProcess/SuspendedPageProxy.cpp:

(WebKit::SuspendedPageProxy::SuspendedPageProxy):

• UIProcess/SuspendedPageProxy.h:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::swapToProvisionalPage):
(WebKit::WebPageProxy::resetState):
(WebKit::WebPageProxy::gpuProcessCrashed):

• UIProcess/WebPageProxy.h:
• UIProcess/WebPageProxy.messages.in:
• UIProcess/WebProcessProxy.cpp:
• UIProcess/WebProcessProxy.h:
• UIProcess/ios/PageClientImplIOS.h:
• UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::didCreateContextInWebProcessForVisibilityPropagation):

• UIProcess/ios/WKContentView.h:
• UIProcess/ios/WKContentView.mm:

(-[WKContentView _commonInitializationWithProcessPool:configuration:]):
(-[WKContentView _setupVisibilityPropagationViewForWebProcess]):
(-[WKContentView _setupVisibilityPropagationViewForGPUProcess]):
(-[WKContentView _removeVisibilityPropagationViewForWebProcess]):
(-[WKContentView _processDidExit]):
(-[WKContentView _gpuProcessCrashed]):
(-[WKContentView _didRelaunchProcess]):
(-[WKContentView _webProcessDidCreateContextForVisibilityPropagation]):

• WebKit.xcodeproj/project.pbxproj:
• WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:

(WebKit::RemoteRenderingBackendProxy::create):
(WebKit::RemoteRenderingBackendProxy::RemoteRenderingBackendProxy):
(WebKit::RemoteRenderingBackendProxy::~RemoteRenderingBackendProxy):
(WebKit::RemoteRenderingBackendProxy::connectToGPUProcess):
(WebKit::RemoteRenderingBackendProxy::reestablishGPUProcessConnection):
(WebKit::RemoteRenderingBackendProxy::messageSenderDestinationID const):
(WebKit::RemoteRenderingBackendProxy::waitForDidCreateImageBufferBackend):
(WebKit::RemoteRenderingBackendProxy::waitForDidFlush):
(WebKit::RemoteRenderingBackendProxy::createImageBuffer):
(WebKit::RemoteRenderingBackendProxy::sharedMemoryForGetImageData):
(WebKit::RemoteRenderingBackendProxy::destroyGetImageDataSharedMemory):
(WebKit::RemoteRenderingBackendProxy::getDataURLForImageBuffer):
(WebKit::RemoteRenderingBackendProxy::getDataForImageBuffer):
(WebKit::RemoteRenderingBackendProxy::getBGRADataForImageBuffer):
(WebKit::RemoteRenderingBackendProxy::getShareableBitmap):
(WebKit::RemoteRenderingBackendProxy::cacheNativeImage):
(WebKit::RemoteRenderingBackendProxy::cacheFont):
(WebKit::RemoteRenderingBackendProxy::deleteAllFonts):
(WebKit::RemoteRenderingBackendProxy::releaseRemoteResource):
(WebKit::RemoteRenderingBackendProxy::sendWakeupMessage):
(WebKit::RemoteRenderingBackendProxy::didAppendData):
(WebKit::RemoteRenderingBackendProxy::createItemBuffer):
(WebKit::RemoteRenderingBackendProxy::renderingBackendIdentifier const):

• WebProcess/GPU/graphics/RemoteRenderingBackendProxy.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::m_lastNavigationWasAppBound):
(WebKit::WebPage::updatePreferences):
(WebKit::WebPage::ensureRemoteRenderingBackendProxy):

10:19 AM Changeset in webkit [275767] by Russell Epstein

• 5 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274819. rdar://problem/76373741

AVAudioSessionCaptureDeviceManager should use crossThreadCopy
​https://bugs.webkit.org/show_bug.cgi?id=223565
<rdar://75480589>

Reviewed by Youenn Fablet.

Tested manually, this can only be tested on device.

• platform/mediastream/CaptureDevice.h: Change access restriction for member variables from private: to protected: so derived classes can access them directly.

• platform/mediastream/ios/AVAudioSessionCaptureDevice.h:
• platform/mediastream/ios/AVAudioSessionCaptureDevice.mm: (WebCore::AVAudioSessionCaptureDevice::AVAudioSessionCaptureDevice): New constructor. (WebCore::AVAudioSessionCaptureDevice::isolatedCopy const): New.

• platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm: (WebCore::AVAudioSessionCaptureDeviceManager::refreshAudioCaptureDevices): Use WTFMove(deviceList).isolatedCopy() when moving from AVAudioSession queue to main thread. (WebCore::AVAudioSessionCaptureDeviceManager::getCaptureDevices): Ditto.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274819 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:19 AM Changeset in webkit [275766] by Russell Epstein

• 3 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r274377. rdar://problem/76412582

AX: PDF frame conversion routines need to be updated
​https://bugs.webkit.org/show_bug.cgi?id=223138

Reviewed by Darin Adler.

PDF bounding boxes are wrong in WebKit because.

1) There's no way for PDF objects to get the primary screen height. So we need to be able to return the primary

screen height from an object in the PDF hierarchy.

2) The WKPDFPluginAccessibilityObject's position was not being converted correctly.

• WebProcess/Plugins/PDF/PDFPlugin.mm: (-[WKPDFPluginAccessibilityObject accessibilityAttributeValue:]): (-[WKPDFPluginAccessibilityObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]): (WebKit::PDFPlugin::boundsOnScreen const):
• WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm: (-[WKAccessibilityWebPageObject accessibilityAttributeValue:]):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9:43 AM Changeset in webkit [275765] by Darin Adler

• 9 edits in trunk/Source

[Cocoa] Reduce usage of autorelease, fix mistakes noticed nearby code using autorelease
​https://bugs.webkit.org/show_bug.cgi?id=224340

Reviewed by Anders Carlsson.

Source/WebCore:

• bridge/objc/objc_instance.h: Added a static member function isInStringValue to

help factor the _web_description method better.

• bridge/objc/objc_instance.mm:

(JSC::Bindings::ObjcInstance::stringValue const): Removed unneeded WTF prefixes.
(JSC::Bindings::ObjcInstance::isInStringValue): Added.
(-[NSObject _web_description]): Moved this out of the C++ namespace since it's an
Objective-C class implementation. Refactored for simplicity.

Source/WebKit:

• NetworkProcess/cocoa/NetworkDataTaskCocoa.h: Use RetainPtr<NSURLRequest> instead of

strong NSURLRequest*& for the in/out argument of the
applySniffingPoliciesAndBindRequestToInferfaceIfNeeded function.

• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):
Updated to use RetainPtr instead of strong. Also fixed some incorrect uses of %llu
to log NSUInteger and uint64_t, switching to "%lu" (and casting to unsigned long to
retain 32-bit compatibility) and "%" PRIu64 respectively.
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): Ditto.
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection): Ditto.

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(setIgnoreHSTS): Added. Helper function so the code that makes a mutableCopy is isolated
in a helper function for clarity. A good counterpart to the existing ignoreHSTS function.
(updateIgnoreStrictTransportSecuritySetting): Changed to use a RetainPtr<NSURLRequest>
in/out argument instead of an argument plus a return value, obviating the need to use
autorelease and making this easier to read. Used setIgnoreHSTS for brevity in implementation.
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
Update for change to updateIgnoreStrictTransportSecuritySetting.
(-[WKNetworkSessionDelegate URLSession:task:_schemeUpgraded:completionHandler:]): Ditto.
(WebKit::proxyDictionary): Return a RetainPtr instead of something autoreleased.
(WebKit::NetworkSessionCocoa::NetworkSessionCocoa): Call get() on the result of the
proxyDictionary function.

• UIProcess/API/Cocoa/WKBrowsingContextController.mm:

(makePolicyDecisionBlock): Return a BlockPtr instead of an autoreleased block.
Also use a lambda and retainWK for better clarity on capture semantics rather than
doing a WKRetain in the caller and a WKRelease in the block.
(setUpPagePolicyClient): Call get() on the result of the
makePolicyDecisionBlock function.

• WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm:

(WebKit::animationValueFromKeyframeValue): Return a RetainPtr instead of an
autoreleased object.
(WebKit::createAnimation): Call get() on the result of the
animationValueFromKeyframeValue function.

9:38 AM Changeset in webkit [275764] by Brent Fulgham

• 3 edits in trunk/Source/WebKit

[Cocoa] Silence a CFNetwork preference file access warning
​https://bugs.webkit.org/show_bug.cgi?id=224344
<rdar://problem/75839558>

Reviewed by Eric Carlson.

Silence sandbox telemetry and reports when CFNetwork attempts to read an unimportant preference
when executing in the WebContent process. This has been confirmed to be a silent/safe failiure
case (just returns false) and is not needed in the WebContent process.

• Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
• WebProcess/com.apple.WebProcess.sb.in:

8:58 AM Changeset in webkit [275763] by graouts@webkit.org

• 24 edits in trunk

calc() values resulting from blending mixed type lengths should be simplified
​https://bugs.webkit.org/show_bug.cgi?id=224322

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Mark 84 WPT progressions.

• web-platform-tests/css/css-backgrounds/animations/background-position-origin-interpolation-expected.txt:
• web-platform-tests/css/css-backgrounds/animations/border-image-width-interpolation-expected.txt:
• web-platform-tests/css/css-backgrounds/animations/border-radius-interpolation-expected.txt:
• web-platform-tests/css/css-shapes/animation/shape-outside-composition-expected.txt:
• web-platform-tests/css/css-shapes/animation/shape-outside-interpolation-expected.txt:
• web-platform-tests/css/css-sizing/animation/max-height-composition-expected.txt:
• web-platform-tests/css/css-sizing/animation/max-width-composition-expected.txt:
• web-platform-tests/css/css-sizing/animation/min-height-composition-expected.txt:
• web-platform-tests/css/css-sizing/animation/min-width-composition-expected.txt:
• web-platform-tests/css/css-transitions/animations/vertical-align-composition-expected.txt:
• web-platform-tests/css/css-transitions/animations/vertical-align-interpolation-expected.txt:
• web-platform-tests/css/css-values/animations/calc-interpolation-expected.txt:
• web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-001-expected.txt:

Source/WebCore:

While we simplify calc() values upon parsing such that operations are resolved and
values are sorted (percentages first then alphabetically by unit), we didn't do this
when creating calc() values during blending of lengths of mixed types.

• css/CSSCalculationValue.cpp:

(WebCore::CSSCalcValue::create const):

LayoutTests:

Modify a few tests to account for the correct serialization.

• fast/css/object-position/parsing-object-position-expected.txt:
• fast/css/object-position/parsing-object-position.html:
• fast/shapes/shape-outside-floats/shape-outside-animation-expected.txt:
• fast/shapes/shape-outside-floats/shape-outside-animation.html:
• transitions/background-position-transitions.html:
• transitions/background-position-transitions-expected.txt:
• transitions/resources/transition-test-helpers.js: set computedValue such that

failures print out the actual value instead of "undefined".

8:02 AM Changeset in webkit [275762] by Chris Gambrell

• 4 edits
  5 adds
  5 deletes in trunk/LayoutTests

[LayoutTests] Convert http/tests/cookies convert PHP to Python
​https://bugs.webkit.org/show_bug.cgi?id=223891
<rdar://problem/75965634>

Reviewed by Jonathan Bedard.

• http/tests/cookies/multiple-redirect-and-set-cookie.php: Removed.
• http/tests/cookies/multiple-redirect-and-set-cookie.py: Added.

(redirect_url):
(redirect_to_step):
(step0):
(step2):

• http/tests/cookies/resources/cookie-utilities.php: Removed.
• http/tests/cookies/resources/cookie_utilities.py: Added.

(hostname_is_equal_to_string):
(reset_cookies_for_current_origin):
(reset_cookies):
(should_reset_cookies):
(wk_set_cookie):

• http/tests/cookies/same-site/set-first-party-cross-site-cookies.php: Removed.
• http/tests/cookies/same-site/set-first-party-cross-site-cookies.py: Added.
• http/tests/cookies/same-site/set-first-party-same-site-cookies.php: Removed.
• http/tests/cookies/same-site/set-first-party-same-site-cookies.py: Added.
• http/tests/cookies/same-site/user-load-cross-site-redirect.php: Removed.
• http/tests/cookies/same-site/user-load-cross-site-redirect.py: Added.
• platform/gtk/TestExpectations:
• platform/mac/TestExpectations:
• platform/wpe/TestExpectations:

6:48 AM Changeset in webkit [275761] by Alan Bujtas

• 2 edits in trunk/Source/WebCore

[RenderTreeBuilder] Cleanup the inline box wrappers when moving subtrees
​https://bugs.webkit.org/show_bug.cgi?id=224342
<rdar://76349279>

Reviewed by Antti Koivisto.

When an inline box is moved over to a different BFC (<span>), any inline level descendant (<span><img></span>) should release its inline box wrapper. This inline box wrapper (e.g. InlineFlowBox)
will eventually be destroy during the subsequent line layout of the original BFC.

• rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::move):

6:25 AM Changeset in webkit [275760] by Aditya Keerthi

• 10 edits in trunk

[iOS][FCR] Use context menus for text input datalist dropdowns
​https://bugs.webkit.org/show_bug.cgi?id=224287
<rdar://problem/76351317>

Reviewed by Wenson Hsieh.

Source/WebKit:

Use context menus rather than popovers to present suggested values for
text inputs with an associated datalist element.

• Platform/spi/ios/UIKitSPI.h:
• UIProcess/API/ios/WKWebViewPrivateForTestingIOS.h:

Expose _isShowingDatalistSuggestions for testing. Previously, the test
runner traversed the view hierarchy in order to determine whether the
suggestions were visible. However, that approach is not reliable since
we no longer own the presented view, and UIKit could change the
implementation details of context menus.

• UIProcess/API/ios/WKWebViewTestingIOS.mm:

(-[WKWebView _isShowingDataListSuggestions]):

• UIProcess/ios/WKContentViewInteraction.h:
• UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView doAfterEditorStateUpdateAfterFocusingElement:]):

Add a mechanism to perform actions after an editor state update when
focusing an element. If an update is not expected, run the block
immediately.

See below for details on why this is necessary.

(-[WKContentView _didUpdateEditorState]):

Run any pending blocks that were awaiting an editor state update.

(-[WKContentView isShowingDataListSuggestions]):

• UIProcess/ios/WebDataListSuggestionsDropdownIOS.h:
• UIProcess/ios/WebDataListSuggestionsDropdownIOS.mm:

(-[WKDataListSuggestionsDropdown invalidate]):
(-[WKDataListSuggestionsDropdown didSelectOptionAtIndex:]):
(-[WKDataListSuggestionsDropdown _showSuggestions]):

Present a context menu displaying the suggestions if one is not already
presented.

Note that focusing text fields can result in automatic zooming of the
webview. This zooming occurs after an editor state update for focused
elements. The presentation of the context menu is deferred to run
after an editor state update to ensure any zooming occurs before
showing the menu. Without this deferred presentation mechanism, the
context menu can be presented before the state update, partially
obscuring the webview and resulting in an incorrect zoom once the
update occurs.

If a menu is already presented, use updateVisibleMenuWithBlock: to
update the contents of the menu.

(-[WKDataListSuggestionsDropdown _updateTextSuggestions]):
(-[WKDataListSuggestionsDropdown _updateSuggestionsMenuElements]):
(-[WKDataListSuggestionsDropdown _removeContextMenuInteraction]):
(-[WKDataListSuggestionsDropdown _suggestionsMenuDidPresent]):
(-[WKDataListSuggestionsDropdown _suggestionsMenuDidDismiss]):
(-[WKDataListSuggestionsDropdown _preferredEdgeInsetsForSuggestionsMenu]):

By default, context menus can obscure the presenting element if there
are too many options. Inset the menu so that it does not overlap the
text field. Present the menu above the text field if there is less
space underneath the field.

(-[WKDataListSuggestionsDropdown contextMenuInteraction:previewForHighlightingMenuWithConfiguration:]):
(-[WKDataListSuggestionsDropdown _contextMenuInteraction:styleForMenuWithConfiguration:]):
(-[WKDataListSuggestionsDropdown contextMenuInteraction:configurationForMenuAtLocation:]):
(-[WKDataListSuggestionsDropdown contextMenuInteraction:willDisplayMenuForConfiguration:animator:]):
(-[WKDataListSuggestionsDropdown contextMenuInteraction:willEndForConfiguration:animator:]):

Tools:

• WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptControllerIOS::isShowingDataListSuggestions const):

Use the exposed information from the webview to determine whether the
datalist suggestions are visible, rather than traversing the view
hierarchy.

4:43 AM Changeset in webkit [275759] by commit-queue@webkit.org

• 6 edits in trunk

[GTK][WPE] Bump libsoup3 version to 2.99.3
​https://bugs.webkit.org/show_bug.cgi?id=224362

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2021-04-09
Reviewed by Žan Doberšek.

.:

• Source/cmake/OptionsGTK.cmake:
• Source/cmake/OptionsWPE.cmake:

Source/WebCore:

• platform/network/soup/GUniquePtrSoup.h:
• platform/network/soup/ResourceResponseSoup.cpp:

(WebCore::ResourceResponse::platformSuggestedFilename const):

4:35 AM Changeset in webkit [275758] by commit-queue@webkit.org

• 4 edits
  2 adds in trunk

[css-flexbox] max-height percentages are wrongly resolved for replaced grid items in nested percentage flexboxes
​https://bugs.webkit.org/show_bug.cgi?id=223931

Patch by Ziran Sun <Ziran Sun> on 2021-04-09
Reviewed by Javier Fernandez.

LayoutTests/imported/w3c:

• web-platform-tests/css/css-flexbox/percentage-max-height-004-expected.html: Added.
• web-platform-tests/css/css-flexbox/percentage-max-height-004.html: Added.

Source/WebCore:

This change is to make sure that when overridingContainingBlockContentLogicalHeight of a replaced's containing block
element is indefinite, % max-height of the replaced element is resolved to none.

Test: imported/w3c/web-platform-tests/css/css-flexbox/percentage-max-height-004.html

• rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight const):

3:58 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

3:56 AM Changeset in webkit [275757] by Philippe Normand

• 2 edits in trunk/Source/WebCore

Unreviewed, GStreamer Thunder decryptor build fix after r275599

• platform/graphics/gstreamer/eme/WebKitThunderDecryptorGStreamer.cpp:

(decrypt):

3:25 AM Changeset in webkit [275756] by commit-queue@webkit.org

• 3 edits in trunk/Source/WebCore

Teardown shadow root renderers on SlotAssignment::didChangeSlot
​https://bugs.webkit.org/show_bug.cgi?id=221386

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2021-04-09
Reviewed by Ryosuke Niwa.

This reverts r272900 to move the call to RenderTreeUpdater::tearDownRenderers() from hostChildElementDidChange()
to didChangeSlot(). This ensures the renderers are also cleared for other shadow root trees not using details
element.

• dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::addSlotElementByName):
(WebCore::SlotAssignment::didChangeSlot):

• dom/SlotAssignment.h:

(WebCore::ShadowRoot::hostChildElementDidChange):

2:35 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

2:34 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

2:29 AM Changeset in webkit [275755] by commit-queue@webkit.org

• 4 edits in trunk

[GStreamer] fast/canvas/canvas-createPattern-video-loading.html is failing since r218170
​https://bugs.webkit.org/show_bug.cgi?id=173410

Patch by Philippe Normand <​pnormand@igalia.com> on 2021-04-09
Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

When a flush has been requested by the GL video sink, allocate a new copy of the sample
which has to be released. The copy is necessary so that the video dimensions can still be
fetched and also for canvas rendering. The release is necessary because the sample might
have been allocated by a hardware decoder and memory might have to be reclaimed by a
non-sysmem buffer pool.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::flushCurrentBuffer):
(WebCore::MediaPlayerPrivateGStreamer::paint):

LayoutTests:

• platform/gtk/TestExpectations: Unflag now-passing test.

2:17 AM Changeset in webkit [275754] by commit-queue@webkit.org

• 6 edits in trunk

[css-grid] Fix min/max widths of grid affected by ancestor
​https://bugs.webkit.org/show_bug.cgi?id=222100

Patch by Ziran Sun <Ziran Sun> on 2021-04-09
LayoutTests/imported/w3c:

Reviewed by Javier Fernandez.

• web-platform-tests/css/css-grid/grid-items/grid-items-percentage-paddings-002-expected.txt:
• web-platform-tests/css/css-grid/grid-items/grid-items-percentage-paddings-vertical-lr-002-expected.txt:
• web-platform-tests/css/css-grid/grid-items/grid-items-percentage-paddings-vertical-rl-002-expected.txt:

Source/WebCore:

Reviewed by Reviewed by Javier Fernandez.

It's a reland of r273435, which got reverted because it broke
imported/w3c/web-platform-tests/css/css-flexbox/percentage-max-height-003.html. This change
narrows down the fix specificallly to the case when logical-width is recomputed.
We need to recalculate min/max widths of child that depend on the ancestor.
Before update logical-width, for element that needs preferredWidth recalcution,
it is necessary to make sure that min/max widths are set dirty.

This change is an import of chromium CL at
​https://chromium-review.googlesource.com/c/chromium/src/+/527640/
Only the parts that apply to this issue are imported.

Tests were already imported in WPT.

• rendering/RenderBlock.cpp:

(WebCore::shouldRecalculateMinMaxWidthsAffectedByAncestor):
(WebCore::RenderBlock::recomputeLogicalWidth):

2:17 AM Changeset in webkit [275753] by commit-queue@webkit.org

• 2 edits in trunk/Tools/buildstream

[Flatpak SDK] Update to libsoup 2.99.3
​https://bugs.webkit.org/show_bug.cgi?id=224361

Patch by Philippe Normand <​pnormand@igalia.com> on 2021-04-09
Reviewed by Carlos Garcia Campos.

• elements/sdk/libsoup3.bst:

2:11 AM Changeset in webkit [275752] by graouts@webkit.org

• 2 edits in trunk/LayoutTests

[ Mac WK2 ] compositing/animation/keyframe-order.html is a flakey image failure
​https://bugs.webkit.org/show_bug.cgi?id=221359

Reviewed by Dean Jackson.

Attempt to make this test more stable by awaiting the resolution of the animation.ready
promise as well as UIHelper.renderingUpdate() to ensure the animation has been committed.

• compositing/animation/keyframe-order.html:

2:06 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

1:54 AM Changeset in webkit [275751] by ysuzuki@apple.com

• 5 edits
  4 adds in trunk

ServiceWorker should save module scripts
​https://bugs.webkit.org/show_bug.cgi?id=224356
<rdar://problem/75634897>

Reviewed by Youenn Fablet.

Source/WebCore:

Test: http/wpt/service-workers/persistent-modules.html

In this patch, we call setScriptResource / scriptResource while loading service-worker module scripts in module loaders,
so that we can ensure that they are saved on the disk.

• bindings/js/ScriptModuleLoader.cpp:

(WebCore::ScriptModuleLoader::notifyFinished):

• bindings/js/WorkerModuleScriptLoader.cpp:

(WebCore::WorkerModuleScriptLoader::load):
(WebCore::WorkerModuleScriptLoader::notifyFinished):
(WebCore::WorkerModuleScriptLoader::notifyClientFinished):

• bindings/js/WorkerModuleScriptLoader.h:

LayoutTests:

• http/wpt/service-workers/persistent-modules-expected.txt: Added.
• http/wpt/service-workers/persistent-modules.html: Added.
• http/wpt/service-workers/resources/persistent-imported-module-script.py: Added.

(main):

• http/wpt/service-workers/resources/persistent-module-worker.js: Added.

Apr 8, 2021:

11:05 PM Changeset in webkit [275750] by Fujii Hironori

• 6 edits in trunk/Source

[Win] Wrong KeyboardEvent.key for numeric key pad with NumLock
​https://bugs.webkit.org/show_bug.cgi?id=224352

Reviewed by Don Olmstead.

Source/WebCore:

8 key on a numeric key pad with NumLock dispatched a wrong
KeyboardEvent with ArrowUp as the key value. It should be 8.

WindowsKeyNames::domKeyFromLParam computed a virtual key by
MapVirtualKey and a scan code. But, it should use a real virtual
key conveyed by WPARAM of WM_KEYDOWN and WM_KEYUP events.

• platform/win/KeyEventWin.cpp:

(WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent):

• platform/win/WindowsKeyNames.cpp:

(WebCore::WindowsKeyNames::domKeyFromParams):
(WebCore::WindowsKeyNames::domKeyFromLParam): Deleted.

• platform/win/WindowsKeyNames.h:

Source/WebKit:

• Shared/win/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebKeyboardEvent):

9:25 PM Changeset in webkit [275749] by Wenson Hsieh

• 8 edits in trunk/Source

Add a completion handler argument to ChromeClient::requestImageExtraction
​https://bugs.webkit.org/show_bug.cgi?id=224348

Reviewed by Tim Horton.

Source/WebCore:

See WebKit/ChangeLog for more details. No change in behavior.

• html/HTMLElement.h:

Export an existing helper method.

• page/ChromeClient.h:

(WebCore::ChromeClient::requestImageExtraction):

Add a (null-by-default) CompletionHandler argument to this client method, for future use by accessibility.

Source/WebKit:

Add an optional completion handler argument to ChromeClient::requestImageExtraction. If specified, this
completion handler will be invoked with the image overlay host element (if present), once image extraction
finishes, or if the element is not suitable for image extraction.

• WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::requestImageExtraction):

• WebProcess/WebCoreSupport/WebChromeClient.h:
• WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didCommitLoad):
(WebKit::WebPage::requestImageExtraction):

Refactor this code, such that the data structure that (weakly) holds elements pending image extraction is
distinct from the set of elements that have completed image extraction. This allows us to queue completion
handlers to each element with a pending image extraction request, and invoke them once image extraction is
finished.

The existing weak set, m_elementsWithExtractedImages, is now repurposed to keep track of only elements that
have finished image extraction (and may or may not contain an image overlay). The new member variable,
m_elementsPendingImageExtraction, maintains pairs of weak elements and completion handlers; upon finishing
image extraction, each completion handler corresponding to the element (if it still exists) will be invoked.
Since the element is weakly held, in the case where the element is destroyed before image extraction finishes,
we will clean up the (now-null) entries in m_elementsPendingImageExtraction when the image extraction request
is finished.

• WebProcess/WebPage/WebPage.h:

9:06 PM Changeset in webkit [275748] by jiewen_tan@apple.com

• 10 edits in trunk

PCM: Write more blinded secret tests
​https://bugs.webkit.org/show_bug.cgi?id=222018
<rdar://problem/74674160>

Reviewed by John Wilander.

Source/WebKit:

Covered by new tests.

• NetworkProcess/PrivateClickMeasurementManager.cpp:

(WebKit::PrivateClickMeasurementManager::fireConversionRequest):
The KeyID is no longer truncated.

• UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
• UIProcess/API/Cocoa/WKWebViewTesting.mm:

(-[WKWebView _setPrivateClickMeasurementAttributionTokenPublicKeyURLForTesting:completionHandler:]):
(-[WKWebView _setPrivateClickMeasurementAttributionTokenSignatureURLForTesting:completionHandler:]):

• UIProcess/API/ios/WKWebViewPrivateForTestingIOS.h:
• UIProcess/API/ios/WKWebViewTestingIOS.mm:

(-[WKWebView _setUIEventAttributionForTesting:withNonce:]):
Adds SPI for testing.

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/EventAttribution.mm:

(TestWebKitAPI::TEST):
Adds the new test.

LayoutTests:

• http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html:

8:49 PM Changeset in webkit [275747] by achristensen@apple.com

• 18 edits in trunk

Serialize URL instead of entire challenge for informing client that modern TLS was negotiated
​https://bugs.webkit.org/show_bug.cgi?id=224346
Source/WebKit:

<rdar://76421667>

Reviewed by Geoff Garen.

This callback is only used in Safari, and they only use the host.
We are serializing the certificate chain, during which we evaluate the trustedness and correctness of the certificate chain.
This patch removes that unused operation.

• NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTaskClient::didNegotiateModernTLS):

• NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didNegotiateModernTLS):

• NetworkProcess/NetworkLoad.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::didNegotiateModernTLS):

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):

• UIProcess/API/APINavigationClient.h:

(API::NavigationClient::didNegotiateModernTLS):

• UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
• UIProcess/Cocoa/NavigationState.h:
• UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::NavigationState::NavigationClient::didNegotiateModernTLS):

• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::didNegotiateModernTLS):

• UIProcess/Network/NetworkProcessProxy.h:
• UIProcess/Network/NetworkProcessProxy.messages.in:
• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didNegotiateModernTLS):

• UIProcess/WebPageProxy.h:

Tools:

Reviewed by Geoff Garen.

• TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:

(-[TLSNavigationDelegate waitForDidNegotiateModernTLS]):
(-[TLSNavigationDelegate _webView:didNegotiateModernTLSForURL:]):
(TestWebKitAPI::TEST):
(-[TLSNavigationDelegate _webView:didNegotiateModernTLS:]): Deleted.

7:23 PM Changeset in webkit [275746] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274403. rdar://problem/76374004

Cancel image loader events after first dispatch
​https://bugs.webkit.org/show_bug.cgi?id=218556

Patch by Rob Buis <​rbuis@igalia.com> on 2021-03-14
Reviewed by Darin Adler.

Address post review comments.

• dom/EventSender.h: (WebCore::EventSender<T>::dispatchPendingEvents):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275745] by Russell Epstein

• 4 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274357. rdar://problem/76374004

Cancel image loader events after first dispatch
​https://bugs.webkit.org/show_bug.cgi?id=218556

Patch by Rob Buis <​rbuis@igalia.com> on 2021-03-12
Reviewed by Ryosuke Niwa.

Cancel image loader events after first dispatch.
Also change EventSender to use WeakPtr.

• dom/EventSender.h: (WebCore::EventSender<T>::dispatchEventSoon): (WebCore::EventSender<T>::dispatchPendingEvents):
• loader/ImageLoader.cpp: (WebCore::ImageLoader::dispatchPendingErrorEvent):
• loader/ImageLoader.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275744] by Russell Epstein

• 5 edits in branches/safari-611-branch

Cherry-pick r274199. rdar://problem/76416079

Unreviewed, reverting r274054.

Broke http/tests/misc/empty-urls.html

Reverted changeset:

"Use counters for pending events"
​https://bugs.webkit.org/show_bug.cgi?id=218556
​https://commits.webkit.org/r274054

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274199 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275743] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WTF

Cherry-pick r275003. rdar://problem/76411341

WTF::setPermissionsOfConfigPage() should allow its VM_FLAGS_PERMANENT workaround unconditionally.
​https://bugs.webkit.org/show_bug.cgi?id=223725
rdar://75813316

Reviewed by Saam Barati.

If the OS does not support the flag, then we should not require it.

• wtf/WTFConfig.cpp: (WTF::setPermissionsOfConfigPage):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275742] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WTF

Cherry-pick r274898. rdar://problem/76412278

Don't require VM_FLAGS_PERMANENT on the simulator builds
​https://bugs.webkit.org/show_bug.cgi?id=223649
<rdar://problem/75747788>

Reviewed by Alexey Proskuryakov.

Since VM_FLAGS_PERMANENT must be supported by the kernel, let's make
it so that the vm_map that passes this flag in can fail when running
on the simulator. This is to support the use case of running a newer
simulator on an older OS. When the call to vm_map fails when running
on the simulator, we try again without the VM_FLAGS_PERMANENT flag.

• wtf/WTFConfig.cpp: (WTF::setPermissionsOfConfigPage):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274898 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275741] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274877. rdar://problem/76373841

Enable the quirk to disable firing "webkitendfullscreen" event when a video enters picture-in-picture from fullscreen on espn.com
​https://bugs.webkit.org/show_bug.cgi?id=223610

Reviewed by Jer Noble.

A video element entering picture-in-picture from fullscreen will fire a "webkitendfullscreen"
event since r266728, but some sites (e.g., espn.com) do not handle the event properly.
Because they assume the video will resume to inline after exiting fullscreen.

This patch enables the quirk for espn.com to disable firing "webkitendfullscreen" event
in that scenario before they fix the issue in the event handler.

• page/Quirks.cpp: (WebCore::Quirks::shouldDisableEndFullscreenEventWhenEnteringPictureInPictureFromFullscreenQuirk const):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274877 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:23 PM Changeset in webkit [275740] by Russell Epstein

• 6 edits in branches/safari-611-branch/Source

Cherry-pick r274491. rdar://problem/76374243

Terminate network process when making new WebProcessPool in Lutron App
​https://bugs.webkit.org/show_bug.cgi?id=223194
<rdar://74674915>

Reviewed by Geoff Garen.

Source/WebCore:

• platform/RuntimeApplicationChecks.h:
• platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isLutron):
• platform/cocoa/VersionChecks.h:

Source/WebKit:

The Lutron App uses allocation of a new WKProcessPool as a way to stop using old session cookies.
Since r267763 we keep the session cookies for the lifetime of a WKWebsiteDataStore instead of making a new process for each WKProcessPool.
Add a quirk for this app until they update to use a new WKWebsiteDataStore or use WKHTTPCookieStore API to clear the cookies properly.
I manually verified this causes the logging out to succeed.

• UIProcess/WebProcessPool.cpp:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:22 PM Changeset in webkit [275739] by Russell Epstein

• 9 edits in branches/safari-611-branch/Source

Cherry-pick r274325. rdar://problem/76416354

Adopt VM_FLAGS_PERMANENT for the config vm mapping
​https://bugs.webkit.org/show_bug.cgi?id=222086
<rdar://74402690>

Reviewed by Yusuke Suzuki and Mark Lam.

Source/JavaScriptCore:

• runtime/JSCConfig.h: (JSC::Config::configureForTesting):

Source/WebKit:

• Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm: (WebKit::XPCServiceMain):

Source/WTF:

• wtf/PlatformHave.h:
• wtf/Threading.cpp: (WTF::initialize):
• wtf/WTFConfig.cpp: (WTF::setPermissionsOfConfigPage):
• wtf/WTFConfig.h: (WTF::setPermissionsOfConfigPage):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7:22 PM Changeset in webkit [275738] by Russell Epstein

• 29 edits in branches/safari-611-branch

Cherry-pick r272707. rdar://problem/76375033

Use event loop to set title
​https://bugs.webkit.org/show_bug.cgi?id=218496

Patch by Rob Buis <​rbuis@igalia.com> on 2021-02-10
Reviewed by Darin Adler.

Source/WebCore:

Use event loop to set title to avoid calling WebFrameLoaderClient
within HTMLTitleElement::insertedIntoAncestor.

• dom/Document.cpp: (WebCore::Document::updateTitle):
• dom/Document.h: (WebCore::Document::titleWithDirection const):
• loader/DocumentLoader.cpp: (WebCore::DocumentLoader::setTitle):
• loader/EmptyClients.h:
• page/Chrome.cpp: (WebCore::Chrome::print):
• page/ChromeClient.h:

Source/WebKit:

Add title parameter to PrintFrame message.

• UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::printFrame):
• UIProcess/WebPageProxy.h:
• UIProcess/WebPageProxy.messages.in:
• WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::print):
• WebProcess/WebCoreSupport/WebChromeClient.h:

Source/WebKitLegacy/mac:

Adjust to API change.

• WebCoreSupport/WebChromeClient.h:
• WebCoreSupport/WebChromeClient.mm: (WebChromeClient::print):

Source/WebKitLegacy/win:

Adjust to API change.

• WebCoreSupport/WebChromeClient.cpp: (WebChromeClient::print):
• WebCoreSupport/WebChromeClient.h:

Tools:

Adapt unit tests to wait for title change tasks
to be processed.

• TestWebKitAPI/Tests/WebKit/PageLoadState.cpp: (TestWebKitAPI::didChangeTitle): (TestWebKitAPI::TEST):
• TestWebKitAPI/Tests/WebKitCocoa/UIDelegate.mm: (TEST):
• TestWebKitAPI/Tests/WebKitGLib/TestAuthentication.cpp: (testWebViewAuthenticationFailure): (testWebViewAuthenticationNoCredential): (testWebViewAuthenticationSuccess): (testWebViewAuthenticationEmptyRealm):
• TestWebKitAPI/Tests/WebKitGLib/TestBackForwardList.cpp: (testBackForwardListNavigation):
• TestWebKitAPI/Tests/WebKitGLib/TestLoaderClient.cpp: (testWebViewTitle):
• TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp: (testLoadFailedWithTLSErrors):
• TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp: (testWebKitSettingsJavaScriptMarkup):
• TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp: (testWebViewTitleChange):

LayoutTests:

Adapt tests to make sure pending title change tasks
are processed before the test is done.

• TestExpectations:
• fast/dom/title-text-property-2.html:
• fast/dom/title-text-property-assigning-empty-string.html:
• fast/dom/title-text-property.html:
• http/tests/globalhistory/history-delegate-basic-title-expected.txt:
• http/tests/globalhistory/history-delegate-basic-title.html:
• http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
• http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html:
• http/tests/loading/redirect-with-no-location-crash-expected.txt:
• http/tests/loading/redirect-with-no-location-crash.html:
• platform/mac-wk2/TestExpectations:
• platform/win/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Copied from LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt.
• platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
• platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@272707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:49 PM Changeset in webkit [275737] by timothy_horton@apple.com

• 6 edits in trunk

Safari unit tests sometimes fail an ASSERTion in IOSurface.mm's optionsFor32BitSurface()
​https://bugs.webkit.org/show_bug.cgi?id=224351
<rdar://problem/76405354>

Reviewed by Wenson Hsieh.

Source/WebCore:

New API test: NavigationSwipeTests.DoNotAssertWhenSnapshottingZeroSizeView

• platform/graphics/cocoa/IOSurface.mm:

(WebCore::IOSurface::IOSurface):
Add assertions that IOSurface size is non-empty at the beginning of the constructor.
We already have downstream ones (e.g. the bytesPerRow and totalBytes
assertions inside optionsFor32BitSurface()), but they are after doing
some math and calling IOSurfaceAlignProperty, so it's tempting to blame
that instead of the input. This way, we fail right at the input, making
it more obvious what's up.

Source/WebKit:

• UIProcess/API/ios/WKWebViewIOS.mm:

(-[WKWebView _takeViewSnapshot]):
Don't take view snapshots for views that have a empty size.
This triggers both the assertions mentioned in the title, and the newly added ones.

Tools:

• TestWebKitAPI/Tests/ios/NavigationSwipeTests.mm:

(TEST):
Add a test that taking navigation snapshots for a 0x0 WKWebView doesn't assert.

5:54 PM Changeset in webkit [275736] by Kate Cheney

• 4 edits in trunk/Source

Fix incorrect compile-time macro for CFNETWORK_NSURLSESSION_ATTRIBUTED_BUNDLE_IDENTIFIER
​https://bugs.webkit.org/show_bug.cgi?id=224347
<rdar://problem/76353792>

Reviewed by Brent Fulgham.

Source/WebCore/PAL:

• pal/spi/cf/CFNetworkSPI.h:

Source/WebKit:

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
(WebKit::NetworkSessionCocoa::SessionSet::initializeEphemeralStatelessSessionIfNeeded):

5:39 PM Changeset in webkit [275735] by eric.carlson@apple.com

• 2 edits in trunk/Source/WebKit

[macOS] WebProcessProxy::sendAudioComponentRegistrations leaks CFDataRef
​https://bugs.webkit.org/show_bug.cgi?id=224349
<rdar://problem/76176827>

Reviewed by Jer Noble.

Tested manually.

• UIProcess/Cocoa/WebProcessProxyCocoa.mm:

(WebKit::WebProcessProxy::sendAudioComponentRegistrations): The CFDictionary
returned by AudioComponentFetchServerRegistrations is newly allocated, so adopt
it into the RetainPtr so we don't increase the retain count.

4:58 PM Changeset in webkit [275734] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r275625. rdar://problem/76375389

[Cocoa] Incorrect selector used to set logging level
​https://bugs.webkit.org/show_bug.cgi?id=224292
<rdar://problem/75379660>

Reviewed by John Wilander.

Use {public} declarations so we get logging in release builds. These strings
are not sensitive.

• NetworkProcess/cocoa/NetworkSessionCocoa.mm: (WebKit::configurationForSessionID):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275625 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275733] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r275622. rdar://problem/76375389

[Cocoa] Incorrect selector used to set logging level
​https://bugs.webkit.org/show_bug.cgi?id=224292
<rdar://problem/75379660>

Reviewed by John Wilander.

The wrong selector label was used to configure the low-level network logging level.

• NetworkProcess/cocoa/NetworkSessionCocoa.mm: (WebKit::configurationForSessionID):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275622 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275732] by Russell Epstein

• 3 edits
  2 adds in branches/safari-611-branch

Cherry-pick r275535. rdar://problem/76375208

WebCrypto in Safari will not AES-GCM encrypt 0 bytes
​https://bugs.webkit.org/show_bug.cgi?id=224083
<rdar://75093377>

Reviewed by Youenn Fablet.

Source/WebCore:

CommonCrypto will bail out both the encryption and decryption process if the dataOut is a null pointer.
To workaround the issue, this patch forces the dataOut to be a non-null pointer.

Test: crypto/subtle/aes-gcm-generate-key-encrypt-decrypt-null-plain-text.html

• crypto/mac/CryptoAlgorithmAES_GCMMac.cpp: (WebCore::encryptAES_GCM): (WebCore::decyptAES_GCM):

LayoutTests:

• crypto/subtle/aes-gcm-generate-key-encrypt-decrypt-null-plain-text-expected.txt: Added.
• crypto/subtle/aes-gcm-generate-key-encrypt-decrypt-null-plain-text.html: Added.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275731] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r275475. rdar://problem/76416845

Make sure the Frame always gets destroyed on the main thread
​https://bugs.webkit.org/show_bug.cgi?id=224213
<rdar://75131946>

Reviewed by Alex Christensen.

Make sure the Frame always gets destroyed on the main thread.

Since ​http://trac.webkit.org/changeset/181791, Frame is ThreadSafeRefCounted and captured
on other threads. We should make sure the Frame is always destroyed on the main thread
though, since it is a main thread object and we hold WeakPtrs to it in many places.

• page/AbstractFrame.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275730] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r275474. rdar://problem/76416845

Protect frame in WebPage::runJavaScriptInFrameInScriptWorld()
​https://bugs.webkit.org/show_bug.cgi?id=224210

Reviewed by Alex Christensen.

Between the time we were getting the raw pointer to the frame, and the time were were passing it to
WebPage::runJavaScript(), we were potentially calling WebFrameLoaderClient::dispatchGlobalObjectAvailable().
It is possible in theory for those synchronous injected bundle calls to mess with the frame tree and cause
our frame to go bad. As a result, it is best to protect the frame as soon as we get it.

• WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::runJavaScriptInFrameInScriptWorld):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275474 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275729] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r275450. rdar://problem/76374359

PendingImageBitmap gets created on a stopped script execution context.
​https://bugs.webkit.org/show_bug.cgi?id=223971

Reviewed by Youenn Fablet.

Don't create a PendingImageBitmap in PendingImageBitmap::fetch
if the associated script execution context had already been stoppped.

The new behavior matches of Chrome although it's technically incorrect.

Correcting it to match the spec & Firefox will refactor a larger fix around
how script execution context is used by the threaded loader.

• html/ImageBitmap.cpp: (WebCore::PendingImageBitmap::fetch):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275728] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r275341. rdar://problem/76375265

Web Inspector: [Cocoa] WKInspectorResourceURLSchemeHandler can exceed the soft thread limit when opening multiple inspectors simultaneously.
​https://bugs.webkit.org/show_bug.cgi?id=223958

Reviewed by BJ Burg.

In engineering builds, the Web Inspector is loaded as hundreds of separate resources instead of the handful of
minified sources used for released builds. When two Web Inspector windows are opened their loads can overlap
and it is possible for the sum total of file load operations to exceed the dispatch soft thread limit. To
resolve this, we set a sensible limit to the number of simultaneous inspector loading operations. A higher
number of allowed concurrent operations yielded no noticeable increase in load speeds.

• UIProcess/Inspector/mac/WKInspectorResourceURLSchemeHandler.mm: (-[WKInspectorResourceURLSchemeHandler webView:startURLSchemeTask:]):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275341 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275727] by Russell Epstein

• 5 edits
  2 adds in branches/safari-611-branch

Cherry-pick r275300. rdar://problem/76375624

In case WebRTC VTB decoder returns a null frame, mark the decoder as failing
​https://bugs.webkit.org/show_bug.cgi?id=223993
<rdar://problem/76049206>

Reviewed by Eric Carlson.

Source/ThirdParty/libwebrtc:

In case VTB does not return any pixel buffer, consider decoding is failing.
Set the error so that we we will send the error on the next frame we try to decode.

• Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH264.mm: (decompressionOutputCallback):
• Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH265.mm: (h265DecompressionOutputCallback): (-[RTCVideoDecoderH265 setError:]):
• Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderVTBVP9.mm: (vp9DecompressionOutputCallback):

LayoutTests:

• http/wpt/webrtc/webrtc-late-transform-expected.txt: Added.
• http/wpt/webrtc/webrtc-late-transform.html: Added.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275726] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r275230. rdar://problem/76412999

Nullptr crash in applyCommonButtonPaddingToStyle
​https://bugs.webkit.org/show_bug.cgi?id=223917
rdar://57262957

Reviewed by Zalan Bujtas.

• rendering/RenderThemeIOS.mm: (WebCore::applyCommonButtonPaddingToStyle):

Null check frame.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275725] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r275168. rdar://problem/76374982

Make a Ref to HTMLPlugInElement when resolving callback
​https://bugs.webkit.org/show_bug.cgi?id=223846

Patch by Ian Gilbert <​iang@apple.com> on 2021-03-29
Reviewed by Ryosuke Niwa.

Take a Ref to the HTMLPlugInElement to keep it alive while invoking HTMLPlugInElement::swapRendererTimerFired()

• html/HTMLPlugInElement.cpp: (WebCore::HTMLPlugInElement::swapRendererTimerFired):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275168 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275724] by Russell Epstein

• 5 edits
  4 adds in branches/safari-611-branch

Cherry-pick r275147. rdar://problem/76411207

Use-after-move in UserMediaPermissionRequestManagerProxy::checkUserMediaPermissionForSpeechRecognition
​https://bugs.webkit.org/show_bug.cgi?id=223842
<rdar://problem/75791668>

Reviewed by Eric Carlson.

Source/WebKit:

Use request decision handler instead of already moved completion handler.

Tests: fast/speechrecognition/start-recognition-after-denied-gum.html

fast/speechrecognition/start-recognition-after-gum.html

• UIProcess/UserMediaPermissionRequestManagerProxy.cpp: (WebKit::UserMediaPermissionRequestManagerProxy::checkUserMediaPermissionForSpeechRecognition):

LayoutTests:

• fast/speechrecognition/start-recognition-after-denied-gum-expected.txt: Added.
• fast/speechrecognition/start-recognition-after-denied-gum.html: Added.
• fast/speechrecognition/start-recognition-after-gum-expected.txt: Added.
• fast/speechrecognition/start-recognition-after-gum.html: Added.
• platform/mac-wk1/TestExpectations:
• platform/win/TestExpectations:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275723] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r275142. rdar://problem/76411405

UBSan: runtime error: load of value <unknown>, which is not a valid value for type 'const WebCore::RealtimeMediaSourceCapabilities::EchoCancellation'
<​https://webkit.org/b/223821>

Reviewed by Chris Dumez.

Tests: fast/mediastream/MediaDevices-addEventListener.html

fast/mediastream/constraint-intrinsic-size.html
http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute.html
http/tests/media/media-stream/get-display-media-iframe-allow-attribute.html
imported/w3c/web-platform-tests/mediacapture-record/MediaRecorder-bitrate.https.html
webrtc/addICECandidate-closed.html
webrtc/ice-candidate-sdpMLineIndex.html
webrtc/libwebrtc/descriptionGetters.html
webrtc/peerconnection-page-cache.html

• platform/mediastream/RealtimeMediaSourceCapabilities.h: (WebCore::CapabilityValueOrRange::union ValueUnion):
• Make asDouble the first union member so C++ member initializers set all memory. (WebCore::CapabilityValueOrRange::m_minOrValue): (WebCore::CapabilityValueOrRange::m_max): (WebCore::CapabilityValueOrRange::m_type): (WebCore::RealtimeMediaSourceCapabilities::m_echoCancellation):
• Provide member initializers. Setting a default value for m_echoCancellation fixes the bug. (WebCore::RealtimeMediaSourceCapabilities::encode const):
• Drive-by clean-up of encoder statement.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275722] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r275011. rdar://problem/76375300

Crash in TextChecker::updateSpellingUIWithGrammarString()
​https://bugs.webkit.org/show_bug.cgi?id=223716

Patch by Julian Gonzalez <​julian_a_gonzalez@apple.com> on 2021-03-24
Reviewed by Ryosuke Niwa.

Prevent a crash by checking the GrammarDetail's range.

• UIProcess/mac/TextCheckerMac.mm: (WebKit::TextChecker::updateSpellingUIWithGrammarString):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275011 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275721] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274776. rdar://problem/76373875

Better validate JSArrays in AudioWorkletProcessor
​https://bugs.webkit.org/show_bug.cgi?id=223548

Reviewed by Geoffrey Garen.

Better validate JSArrays in AudioWorkletProcessor. Replaces debug assertions with runtime
checks for robustness.

• Modules/webaudio/AudioWorkletProcessor.cpp: (WebCore::copyDataFromBusesToJSArray): (WebCore::copyDataFromParameterMapToJSObject): (WebCore::zeroJSArray): (WebCore::AudioWorkletProcessor::buildJSArguments):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:58 PM Changeset in webkit [275720] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebInspectorUI

Cherry-pick r274737. rdar://problem/76416315

Uncaught Exception: RangeError: Array size is not a small enough positive integer.
​https://bugs.webkit.org/show_bug.cgi?id=223532
<rdar://problem/75635080>

Reviewed by Devin Rousso.

This patch fixes the broken CPU instrument when viewing a JSON timeline recordng.

This exception is thrown when viewing a timeline recording that has been
imported from JSON file. Aside from the exception, the code is functionally
broken in this situation since passing a negative number to Array() doesn't work.

I tested this change manually and selection ranges now behave as expected, and
have not regressed in other instruments / UI.

• UserInterface/Views/CPUTimelineView.js: Based on my investigation, the visibleEndTime is incorrectly computed when showing a JSON timeline recording because the currentTime property is always '0'. If this is the case, then let's assume that the entire range should be displayed.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274737 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275719] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274723. rdar://problem/76375575

Protect frame before calling didBeginDocument
​https://bugs.webkit.org/show_bug.cgi?id=217185

Patch by Rob Buis <​rbuis@igalia.com> on 2021-03-19
Reviewed by Alex Christensen.

Protect frame before calling didBeginDocument
since it could potentially delete the frame
through event handling.

• loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275718] by Russell Epstein

• 4 edits
  1 add in branches/safari-611-branch

Cherry-pick r274699. rdar://problem/76373830

JS->Wasm IC must save the tag registers if it uses them
​https://bugs.webkit.org/show_bug.cgi?id=223491
<rdar://66445108>

Reviewed by Yusuke Suzuki.

JSTests:

• wasm/stress/save-tag-callee-saves-in-js-entrypoint-ic.js: Added. (0x0b.WebAssembly.instantiate.wasm.then.e.const.mod.e.instance.exports.Test.prototype.get breakIt): (0x0b.WebAssembly.instantiate.wasm.then.e.const.mod.e.instance.exports.Test): (0x0b.WebAssembly.instantiate.wasm.then.e.const.obj.new.Test):

Source/JavaScriptCore:

It turns out, that when you use a callee save register, you should save it.

• wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::usesTagRegisters const): (JSC::WebAssemblyFunction::calleeSaves const): (JSC::WebAssemblyFunction::jsCallEntrypointSlow): (JSC::WebAssemblyFunction::useTagRegisters const): Deleted.
• wasm/js/WebAssemblyFunction.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274699 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275717] by Russell Epstein

• 7 edits
  1 copy
  1 add in branches/safari-611-branch/Source/WebKit

Cherry-pick r274697. rdar://problem/76375608

[Cocoa] Web Inspector: load inspector resources using a custom scheme handler
​https://bugs.webkit.org/show_bug.cgi?id=179904
<rdar://problem/10887211>

Reviewed by Geoff Garen.

Load WebInspectorUI resources via the inspector-resource:// scheme.
Moving off of ​file:// URLs will allow for a tighter sandbox and
will fix the longstanding issue that Web Inspector's settings are
part of the ​file:// scheme and cleared when Safari clears website data.

This also has the effect of resetting Web Inspector settings since
they are no longer associated with ​file:///.

Loading via this scheme is exercised by existing inspector tests.

• SourcesCocoa.txt: Added new file.
• WebKit.xcodeproj/project.pbxproj:
• UIProcess/Inspector/mac/WKInspectorResourceURLSchemeHandler.h: Copied from Source/WebKit/WebProcess/Inspector/mac/WebInspectorUIMac.mm.
• UIProcess/Inspector/mac/WKInspectorResourceURLSchemeHandler.mm: Added. (-[WKInspectorResourceURLSchemeHandler webView:startURLSchemeTask:]): Use a global concurrent queue and NSOperation / NSOperationQueue to support reading files off the main queue.

(-[WKInspectorResourceURLSchemeHandler webView:stopURLSchemeTask:]):
Translate the request URL to a bundle resource URL, read the data, and send a response
with the file data. Return an error if the file could not be found or read.

• UIProcess/Inspector/mac/WKInspectorViewController.h:
• UIProcess/Inspector/mac/WKInspectorViewController.mm: (-[WKInspectorViewController webViewConfiguration]): (+[WKInspectorViewController URLForInspectorResource:]): (-[WKInspectorViewController webView:decidePolicyForNavigationAction:decisionHandler:]): Allow navigations to URIs with the inspector-resource:// scheme.

• UIProcess/Inspector/mac/WebInspectorProxyMac.mm: (WebKit::WebInspectorProxy::inspectorPageURL): (WebKit::WebInspectorProxy::inspectorTestPageURL): (WebKit::WebInspectorProxy::inspectorBaseURL): Updated.

• WebProcess/Inspector/mac/WebInspectorUIMac.mm: (WebKit::webInspectorUILocalizedStringsURL): Updated.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274697 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275716] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274675. rdar://problem/76374314

Protect frame before calling setPrinting
​https://bugs.webkit.org/show_bug.cgi?id=222664

Patch by Rob Buis <​rbuis@igalia.com> on 2021-03-18
Reviewed by Ryosuke Niwa.

Protect frame before calling setPrinting
since it could potentially delete the frame
through event handling.

• page/PrintContext.cpp: (WebCore::PrintContext::begin):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274675 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275715] by Russell Epstein

• 4 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274626. rdar://problem/76374269

ASSERTION FAILED: node.isConnected() in matchSlottedPseudoElementRules
​https://bugs.webkit.org/show_bug.cgi?id=221440

Patch by Frédéric Wang <​fwang@igalia.com> on 2021-03-18
Reviewed by Ryosuke Niwa.

ReplaceSelectionCommand::doApply() removes a <br> from an element and immediately calls
highestNodeToRemoveInPruning() on that element. The former operation may destroy the
element's renderer and confuses the latter operation. This happens in particular for a
<summary> element which ends up being removed from the tree. This in turn causes unexpected
issues such as a debug assertion failure in matchSlottedPseudoElementRules. To address that
problem, ensure the document is laid out before calling highestNodeToRemoveInPruning().
This patch also increases and improves use of RefPtr<Node>.

• editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::removeNodeAndPruneAncestors): Use auto & makeRefPtr. (WebCore::CompositeEditCommand::prune): Store local highestNodeToRemove variable in a RefPtr. (WebCore::CompositeEditCommand::cleanupAfterDeletion): Store local node variable in a RefPtr. (WebCore::CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph): Store local parentNode variable in a RefPtr.
• editing/Editing.cpp: (WebCore::highestNodeToRemoveInPruning): Store local currentNode variable in a a RefPtr.
• editing/ReplaceSelectionCommand.cpp: (WebCore::ReplaceSelectionCommand::doApply): Use auto & makeRefPtr. Store local odeToRemove variable in a RefPtr. Ensure the document is laid out before calling highestNodeToRemoveInPruning.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275714] by Russell Epstein

• 3 edits
  1 add in branches/safari-611-branch

Cherry-pick r274539. rdar://problem/76374197

Object allocation sinking phase should prioritize materializations with no dependencies before materializations with no reverse dependencies
​https://bugs.webkit.org/show_bug.cgi?id=221069
<rdar://problem/73686589>

Reviewed by Yusuke Suzuki.

JSTests:

• stress/allocation-sinking-scope-materialization-order.js: Added. (var3.var2.x): (var3):

Source/JavaScriptCore:

Suppose we have two scope objects, A and B. Let's say A points to B, so B is
A's parent scope. A then depends on B. B has no dependencies here. When deciding
an order to materialize scope objects, we should always do it in reverse dependency
order. So above, we should materialize B, then A.

Inside object allocation sinking phase, when at an object materialization
site, we do track both dependencies and reverse dependencies. In the above
object graph, we'd attempt to materialize the objects in the right order,
always picking things with no dependencies first (and updating the list of
dependencies as we materialzed objects).

The code was using an std::list to track things to materialize, and it had
notions for materializing something first, and materializing something last.
However, there was a bug in how the code managed to insert things when
it first inserted last followed by inserting first. This patch simplifies
the code and makes it do the right thing.

• dfg/DFGObjectAllocationSinkingPhase.cpp:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275713] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274387. rdar://problem/76373770

Mark the line dirty when list marker goes from inline to block
​https://bugs.webkit.org/show_bug.cgi?id=223132

Reviewed by Antti Koivisto.

This patch ensures that the line layout has a chance to clean up the inline boxes when the marker goes from inline to block.
Instead of deleting the inline box wrapper (InlineElement) here let's

1. mark both the renderer and the line dirty and let the inline layout code run its normal cleanup process on dirty lines.
2. detach the inline box wrapper from the now-block list marker.

• rendering/RenderListMarker.cpp: (WebCore::RenderListMarker::styleDidChange):
• rendering/RootInlineBox.cpp: (WebCore::RootInlineBox::verticalPositionForBox):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275712] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r274378. rdar://problem/76412648

[Cocoa][WebM] Hang when reloading page before WebM content is loaded
​https://bugs.webkit.org/show_bug.cgi?id=223139
<rdar://75351029>

Reviewed by Darin Adler.

No new tests; a truly deterministic test would require a .cgi script to block loading after
the WebM init segment, but a bug in the platform format reader causes URLs not ending in
.webm to fail to load the format reader plugin. Once this issue is fixed, we can write a
test to cover this behavior.

The WebM TrackEntry "enabled" bit is optional, and WebKit previously waited until any media data
was appended to say whether or not the track is enabled in the absense of an explicit signal.
Instead, assume any track that is not explicity disabled is enabled, for the purpose of the
format reader. This means that "enabled" queries will no longer block, which breaks the deadlock
when tearing down the AVAsset backing the WebM file.

• Shared/mac/MediaFormatReader/MediaTrackReader.cpp: (WebKit::MediaTrackReader::copyProperty):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275711] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/JavaScriptCore

Cherry-pick r274288. rdar://problem/76415622

Web Inspector: Occasional crash under RemoteConnectionToTargetCocoa::close()
​https://bugs.webkit.org/show_bug.cgi?id=223038
<rdar://74920246>

Reviewed by Alex Christensen.

• inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm: (Inspector::RemoteConnectionToTarget::setup): (Inspector::RemoteConnectionToTarget::close): Don't use a capture default, and copy the targetIdentifier.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275710] by Russell Epstein

• 6 edits in branches/safari-611-branch

Cherry-pick r274154. rdar://problem/76375184

MediaRecorder.requestData() not returning all captured media after a pause
​https://bugs.webkit.org/show_bug.cgi?id=222285
<rdar://problem/74884561>

Reviewed by Eric Carlson.

Source/WebCore:

Previously, when flushing, we are called on a background thread and we hop to the main thread to append data.
In some cases, we were resolving the completion handlers before appending all data.
To prevent this, we now append data from a background thread.
To do so, we lock when accessing m_data, either to append or take the data.
In addition, we cancel writing when clearing the writer.
This allows to clean the writer delegate without fearing that write operations are happening.

Covered by updated test.

• platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.h:
• platform/mediarecorder/cocoa/MediaRecorderPrivateWriterCocoa.mm: (-[WebAVAssetWriterDelegate initWithWriter:]): (-[WebAVAssetWriterDelegate assetWriter:didProduceFragmentedHeaderData:]): (-[WebAVAssetWriterDelegate assetWriter:didProduceFragmentedMediaData:fragmentedMediaDataReport:]): (WebCore::MediaRecorderPrivateWriter::initialize): (WebCore::MediaRecorderPrivateWriter::clear): (WebCore::MediaRecorderPrivateWriter::stopRecording): (WebCore::MediaRecorderPrivateWriter::completeFetchData): (WebCore::MediaRecorderPrivateWriter::appendData): (WebCore::MediaRecorderPrivateWriter::takeData):

LayoutTests:

• http/wpt/mediarecorder/pause-recording-expected.txt:
• http/wpt/mediarecorder/pause-recording.html:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275709] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274146. rdar://problem/76374119

Suspend widget hierarchy updates while executing node insertion
​https://bugs.webkit.org/show_bug.cgi?id=222719

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2021-03-09
Reviewed by Ryosuke Niwa.

• dom/ContainerNode.cpp: (WebCore::executeNodeInsertionWithScriptAssertion):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275708] by Russell Epstein

• 5 edits in branches/safari-611-branch

Cherry-pick r274054. rdar://problem/76374004

Use counters for pending events
​https://bugs.webkit.org/show_bug.cgi?id=218556

Patch by Rob Buis <​rbuis@igalia.com> on 2021-03-07
Reviewed by Ryosuke Niwa.

Source/WebCore:

Use counters for pending events instead of flags since
it is allowed to schedule multiple events:
​https://html.spec.whatwg.org/multipage/images.html#update-the-image-data

• loader/ImageLoader.cpp: (WebCore::ImageLoader::ImageLoader): (WebCore::ImageLoader::~ImageLoader): (WebCore::ImageLoader::clearImageWithoutConsideringPendingLoadEvent): (WebCore::ImageLoader::updateFromElement): (WebCore::ImageLoader::notifyFinished): (WebCore::ImageLoader::updatedHasPendingEvent): (WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): (WebCore::ImageLoader::dispatchPendingLoadEvent): (WebCore::ImageLoader::dispatchPendingErrorEvent):
• loader/ImageLoader.h: (WebCore::ImageLoader::hasPendingBeforeLoadEvent const): (WebCore::ImageLoader::hasPendingActivity const):

LayoutTests:

The onerror can be called multiple times, after the first call
container will have no parent, so protect against that in
subsequent calls.

• fast/dom/modify-node-and-while-in-the-callback-too-crash.html:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274054 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275707] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r274025. rdar://problem/76375235

CanvasRenderingContext2DBase::canDrawTextWithParams() needs to resolve styles before using the drawingContext
​https://bugs.webkit.org/show_bug.cgi?id=221257
<rdar://problem/73878095>

Reviewed by Ryosuke Niwa.

Simply call fontProxy() (which internally resolves styles) before calling drawingContext().

Test: fast/text/canvas-synchronous-events.html

• html/canvas/CanvasRenderingContext2DBase.cpp: (WebCore::CanvasRenderingContext2DBase::canDrawTextWithParams):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@274025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275706] by Russell Epstein

• 4 edits
  1 add in branches/safari-611-branch

Cherry-pick r273972. rdar://problem/76375074

OpGetPrivateName needs to be listed in FOR_EACH_OPCODE_WITH_VALUE_PROFILE
​https://bugs.webkit.org/show_bug.cgi?id=222775
<rdar://74982634>

Reviewed by Michael Saboff.

JSTests:

• stress/private-name-assignment-in-constructor.js: Added. (Foo):

Source/JavaScriptCore:

Right now valueProfileForBytecodeIndex incorrectly returns null for op_get_private_name.

• bytecode/CodeBlock.cpp: (JSC::CodeBlock::valueProfileForBytecodeIndex):
• bytecode/Opcode.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273972 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275705] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273938. rdar://problem/76411908

Deploy Ref<T> in SVGUseElement.cpp
​https://bugs.webkit.org/show_bug.cgi?id=222637

Patch by Julian Gonzalez <​julian_a_gonzalez@apple.com> on 2021-03-04
Reviewed by Ryosuke Niwa.

Remove usage of raw pointers in a few functions here
that showed issues in 222397.

Thanks to Darin Adler for the initial version of this patch
and Ryosuke Niwa for refinements.

• svg/SVGUseElement.cpp: (WebCore::disassociateAndRemoveClones): (WebCore::removeDisallowedElementsFromSubtree): (WebCore::removeSymbolElementsFromSubtree):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273938 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275704] by Russell Epstein

• 11 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273935. rdar://problem/76373961

"precustomized" state of custom elements can become HTMLUnknownElement
​https://bugs.webkit.org/show_bug.cgi?id=221652

Reviewed by Darin Adler.

The bug was caused by createJSHTMLWrapper in JSHTMLElementWrapperFactory.cpp relying on
!isCustomElementUpgradeCandidate() to create HTMLUnknownElement as JS wrapper of the element.

This is problematic after r266269 since that change re-purposes CustomElementState::Failed
on a custom element as "precustomized" state instead of introducing another enum value in
CustomElementState as RareDataBitFields has no more bits available.

This patch fixes the problem by introducing a new NodeFlag::IsUnknownElement and using that
to check whether JSHTMLUnknownElement should be created for a given element or not. Note that
HTMLElement had a virtual function, isHTMLUnknownElement, to check this condition but invoking
a virtual function proved to incur too much runtime cost.

• dom/Node.h: (WebCore::Node::isUnknownElement const): Added. (WebCore::Node::isHTMLUnknownElement const): Added. (WebCore::Node::isSVGUnknownElement const): Added. (WebCore::Node::isMathMLUnknownElement const): Added. (WebCore::Node::NodeFlag): Added NodeFlag::IsUnknownElement.
• dom/make_names.pl: (printWrapperFactoryCppFile): Treat the element as HTMLUnknownElement only if isUnknownElement returns true instead of isCustomElementUpgradeCandidate returning false.
• html/HTMLElement.h: (WebCore::HTMLElement::isHTMLUnknownElement const): Deleted.
• html/HTMLUnknownElement.h:
• mathml/MathMLElement.cpp: (WebCore::MathMLElement::MathMLElement): Added ConstructionType as an argument.
• mathml/MathMLElement.h:
• mathml/MathMLUnknownElement.h: (WebCore::MathMLUnknownElement::MathMLUnknownElement): Set NodeFlag::IsUnknownElement.
• svg/SVGElement.cpp: (WebCore::SVGElement::SVGElement): Added ConstructionType as an argument.
• svg/SVGElement.h:
• svg/SVGUnknownElement.h: (WebCore::SVGUnknownElement::SVGUnknownElement): Set NodeFlag::IsUnknownElement.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275703] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273866. rdar://problem/76416143

Nulllptr crash in DeleteSelectionCommand::handleGeneralDelete()
​https://bugs.webkit.org/show_bug.cgi?id=222681

Reviewed by Wenson Hsieh.

Skip the loop when m_downstreamEnd.isNull() or im_downstreamEnd.isOrphan() is true
to avoid dereferencing a nullptr.

No new tests since we don't have any reproduction for this crash,
and it's not obvious how we're getting into that state.

• editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::handleGeneralDelete):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:57 PM Changeset in webkit [275702] by Russell Epstein

• 15 edits
  1 move
  7 adds in branches/safari-611-branch

Cherry-pick r273820. rdar://problem/76412727

Report the correct document uri in the case of a ContentSecurityPolicyClient
​https://bugs.webkit.org/show_bug.cgi?id=222489
<rdar://problem/73774118>

Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html

http/tests/security/contentSecurityPolicy/report-document-uri-blob.html

Previously we were setting the document URI to be the blocked URI in
the case where we were using a ContentSecurityPolicyClient and didn't
have access to the document URL. This patch passes the document URL
to the network process when loading a resource so we can properly set
the document URI in this case.

• page/csp/ContentSecurityPolicy.cpp: (WebCore::shouldReportProtocolOnly): (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): (WebCore::ContentSecurityPolicy::reportViolation const): Follow spec guidelines ​https://www.w3.org/TR/CSP2/#violation-reports and set the document URI to be the URI's scheme if it is a globally unique identifier.

In the case where we are using a client and don't have the document
URL, we should at least strip the blocked URL before reporting to align
with the spec.

• page/csp/ContentSecurityPolicy.h: (WebCore::ContentSecurityPolicy::setDocumentURL):

Source/WebKit:

Pass the document URL from the Network Process when we schedule a load
in case we need to report a CSP violation in NetworkLoadChecker.

• NetworkProcess/NetworkLoadChecker.cpp: (WebKit::NetworkLoadChecker::NetworkLoadChecker): (WebKit::NetworkLoadChecker::contentSecurityPolicy): The regular toString() method sets ​file:// URLs to null. We should use toRawString() so we can report the scheme if the source origin is a local file, as per the W3C spec.

• NetworkProcess/NetworkLoadChecker.h:
• NetworkProcess/NetworkResourceLoadParameters.cpp: (WebKit::NetworkResourceLoadParameters::encode const): (WebKit::NetworkResourceLoadParameters::decode):
• NetworkProcess/NetworkResourceLoadParameters.h:
• NetworkProcess/NetworkResourceLoader.cpp:
• NetworkProcess/PingLoad.cpp: (WebKit::PingLoad::PingLoad):
• WebProcess/Network/WebLoaderStrategy.cpp: (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):

Tools:

Rename OverrideContentSecurityPolicy.mm to ContentSecurityPolicy.mm
so we can use it for more general purpose CSP testing.

Add a test for document-uri reporting for file:, data: and about: protocols.

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm: Renamed from Tools/TestWebKitAPI/Tests/WebKitCocoa/OverrideContentSecurityPolicy.mm. (TEST):
• TestWebKitAPI/Tests/WebKitCocoa/csp-document-uri-report.html: Added.

LayoutTests:

Layout test coverage for redirects using a ContentSecurityPolicyClient
and blob files.

• http/tests/security/contentSecurityPolicy/report-document-uri-blob-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/report-document-uri-blob.html: Added.
• http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt: Added.
• http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html: Added.
• platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt: Added.
• platform/win/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt: Added.
• platform/win/TestExpectations: Blob URLs timeout on win.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273820 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275701] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273752. rdar://problem/76416035

Crash under KeyframeEffect::setTarget()
​https://bugs.webkit.org/show_bug.cgi?id=222591
<rdar://problem/74281295>

Reviewed by David Kilzer.

The Styleable returned by targetStyleable() holds a reference to the Element that at
this point is m_target (assuming it's non-null). However, once we set the new value
for m_target, if the only reference to the original target was held by this KeyframeEffect,
then that element will be deallocated and by the time we call didChangeTargetStyleable()
it will be gone.

To address, we create a RefPtr<Element> in the scope of KeyframeEffect::setTarget()
protecting the Styleable's element while didChangeTargetStyleable() is called.

• animation/KeyframeEffect.cpp: (WebCore::KeyframeEffect::setTarget):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275700] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/ThirdParty/ANGLE

Cherry-pick r273582. rdar://problem/76373661

Textures Fail to Render in WebGL from HLS Stream on iPhone 12 [iOS 14.2]
​https://bugs.webkit.org/show_bug.cgi?id=218637
<rdar://problem/71102126>

Patch by Kimmo Kinnunen <​kkinnunen@apple.com> on 2021-02-26
Reviewed by Kenneth Russell.

Remove incorrect validation that IOSurface pixel format matches
the pixel format of the texture image being specified.

The "Element" in IOSurface is a block of pixels, while the validation assumed
it means one pixel. The validation failed for a compressed format.

Currently we map non-public YUV formats, to which there is no elequent way
of implementing the validation.
Most likely this started to reproduce if IOSurfaceGetBytesPerElementOfPlane
was changed to produce correct results for the above YUV format.

Later commits could add the validation back for formats that we know the
pixel format type.

• src/libANGLE/renderer/gl/eagl/IOSurfaceSurfaceEAGL.mm: (rx::IOSurfaceSurfaceEAGL::validateAttributes):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273582 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275699] by Russell Epstein

• 3 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273505. rdar://problem/76374627

Streamline ImageData size calculations and handle out-of-memory
​https://bugs.webkit.org/show_bug.cgi?id=222340

Reviewed by Geoff Garen.

• html/ImageData.cpp: (WebCore::ImageData::dataSize): Added (WebCore::ImageData::create): Use the dataSize function consistently to compute the size of the byteArray needed. In the JavaScript-exposed create function, use tryCreateUninitialized and throw an exception if it fails. Removed an unnecessary assertion that simply repeats something covered by an if statement just above it. (WebCore::ImageData::ImageSize): Removed the overload that only takes an IntSize and allocates a Uint8ClampedArray, moving that into the create function instead.

• html/ImageData.h: Added dataSize, removed a constructor overload.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275698] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273468. rdar://problem/76374398

Crash in CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph()
​https://bugs.webkit.org/show_bug.cgi?id=222339

Patch by Julian Gonzalez <​julian_a_gonzalez@apple.com> on 2021-02-24
Reviewed by Ryosuke Niwa.

Make a copy of Ref<HTMLBRElement> when inserting before highest blockquote node.

• editing/CompositeEditCommand.cpp: (WebCore::CompositeEditCommand::breakOutOfEmptyMailBlockquotedParagraph):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273468 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275697] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/ThirdParty/libwebrtc

Cherry-pick r273405. rdar://problem/76412874

Fix null pointer deref in X509_issuer_and_serial_hash
​https://bugs.webkit.org/show_bug.cgi?id=222353
<rdar://problem/74446806>

Reviewed by Eric Carlson.

Cherry-picking of ​https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0.

• Source/third_party/boringssl/src/crypto/x509/x509_cmp.c: (X509_issuer_and_serial_hash):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275696] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebKit

Cherry-pick r273367. rdar://problem/76375686

[iOS] Add null checks for Node before accessing treeScope() in rangeForPointInRootViewCoordinates
​https://bugs.webkit.org/show_bug.cgi?id=222338
<rdar://problem/72292289>

Reviewed by Tim Horton.

Add a null check for the hit test result's targetNode inside rangeForPointInRootViewCoordinates() to avoid
crashing in the case where the target node is null and either result <= selectionStart is false or
selectionEnd <= result is false.

Additionally, avoid a potential null deref on selectionStart.deepEquivalent().anchorNode() and
selectionEnd.deepEquivalent().anchorNode() by using Position::treeScope() (which null checks the anchor
node) instead of directly asking the anchor node.

Note that the call sites of rangeForPointInRootViewCoordinates() already handle a WTF::nullopt return value
gracefully, by skipping the selection update.

• WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::rangeForPointInRootViewCoordinates):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275695] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273300. rdar://problem/76375521

Handle Page::didFinishLoadingImageForElement asynchronously
​https://bugs.webkit.org/show_bug.cgi?id=221390

Reviewed by Antti Koivisto.

Use EventLoop instead of RunLoop::main() to be thread safe in iOS WebKit1.

• page/Page.cpp: (WebCore::Page::didFinishLoadingImageForElement):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275694] by Russell Epstein

• 2 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r273231. rdar://problem/76375521

Handle Page::didFinishLoadingImageForElement asynchronously
​https://bugs.webkit.org/show_bug.cgi?id=221390

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2021-02-22
Reviewed by Alex Christensen.

When called synchronously from RenderImage::notifyFinished() it's not possible to update the layout because
scripts are not allowed at that point.

• page/Page.cpp: (WebCore::Page::didFinishLoadingImageForElement):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@273231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275693] by Russell Epstein

• 5 edits in branches/safari-611-branch

Cherry-pick r272910. rdar://problem/76416446

Set a default path for device ID hash salts
​https://bugs.webkit.org/show_bug.cgi?id=221955

Reviewed by Eric Carlson.

Source/WebKit:

The default path was the empty string, which leads to not persist device IDs.
Update this to provide a valid default path like for other persisting data types.
Covered by API test.

• UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm: (WebKit::WebsiteDataStore::defaultDeviceIdHashSaltsStorageDirectory):
• UIProcess/WebsiteData/WebsiteDataStore.cpp:

Tools:

• TestWebKitAPI/Tests/WebKit/GetUserMediaNavigation.mm: (TestWebKitAPI::TEST):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@272910 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275692] by Russell Epstein

• 4 edits in branches/safari-611-branch

Cherry-pick r272900. rdar://problem/76411260

Teardown shadow root renderers on hostChildElementDidChange
​https://bugs.webkit.org/show_bug.cgi?id=221386

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2021-02-16
Reviewed by Antti Koivisto.

Source/WebCore:

When details element has a display contents style, the default summary renderer is not cleared when a new
summary element is added. This causes that both summary elements are rendered at the same time, instead of the
active one. The crash happens when the details element is removed from the document, because the default summary
element still has a valid renderer on destroy.

• dom/SlotAssignment.h: (WebCore::ShadowRoot::hostChildElementDidChange):

LayoutTests:

• tables/table-col-indent-crash-expected.txt:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@272900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275691] by Russell Epstein

• 4 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r272843. rdar://problem/76374775

Don't update form control elements validity status if they are detached from the document.
​https://bugs.webkit.org/show_bug.cgi?id=220390

Reviewed by Ryosuke Niwa.

When a radio button input element is removed from a form (either because it's moved or because the form
is deleted) then it's also removed from its current RadioButtonGroup. The latter removal might require the
update of the input validity status. In case of validity status changes, then we have to walk up
the ancestor chain in order to update the style for pseudo classes such as :valid :invalid. That node traversal
should not be done in case of being detached from the main document because our ancestors might have been
deleted before.

Apart from that we're replacing the HashSet of raw pointers to descendants in HTMLFieldSetElement by a WeakHashSet
which is safer.

• html/HTMLFieldSetElement.cpp: (WebCore::HTMLFieldSetElement::matchesValidPseudoClass const): (WebCore::HTMLFieldSetElement::matchesInvalidPseudoClass const): (WebCore::HTMLFieldSetElement::addInvalidDescendant): (WebCore::HTMLFieldSetElement::removeInvalidDescendant):
• html/HTMLFieldSetElement.h:
• html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::updateValidity(): Early return in case of isConnected().

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@272843 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275690] by Russell Epstein

• 4 edits in branches/safari-611-branch/LayoutTests

Cherry-pick r271549. rdar://problem/76375033

Release assert in Document::updateStyleIfNeeded() via PrintContext::end() inside HTMLTitleElement::insertedIntoAncestor and removedFromAncestor
​https://bugs.webkit.org/show_bug.cgi?id=218496

Reviewed by Darin Adler.

Remove the title element to eliminiate the non-determinism.

• http/tests/loading/redirect-with-no-location-crash-expected.txt:
• http/tests/loading/redirect-with-no-location-crash.html:
• platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@271549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275689] by Russell Epstein

• 19 edits
  1 copy in branches/safari-611-branch

Cherry-pick r271514. rdar://problem/76375033

Use event loop to set title
​https://bugs.webkit.org/show_bug.cgi?id=218496

Patch by Rob Buis <​rbuis@igalia.com> on 2021-01-15
Reviewed by Ryosuke Niwa.

Source/WebCore:

Use event loop to set title to avoid calling WebFrameLoaderClient
within HTMLTitleElement::insertedIntoAncestor.

• dom/Document.cpp: (WebCore::Document::updateTitle):
• dom/Document.h:

Tools:

Adapt unit tests to wait for title change tasks
to be processed.

• TestWebKitAPI/Tests/WebKit/PageLoadState.cpp: (TestWebKitAPI::didChangeTitle): (TestWebKitAPI::TEST):
• TestWebKitAPI/Tests/WebKitCocoa/UIDelegate.mm: (TEST):

LayoutTests:

Adapt tests to make sure pending title change tasks
are processed before the test is done.

• fast/dom/title-text-property-2.html:
• fast/dom/title-text-property-assigning-empty-string.html:
• fast/dom/title-text-property.html:
• http/tests/globalhistory/history-delegate-basic-title-expected.txt:
• http/tests/globalhistory/history-delegate-basic-title.html:
• http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
• http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html:
• http/tests/loading/redirect-with-no-location-crash-expected.txt:
• http/tests/loading/redirect-with-no-location-crash.html:
• platform/mac-wk2/TestExpectations:
• platform/win/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Copied from LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt.
• platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt:
• platform/wk2/http/tests/loading/redirect-with-no-location-crash-expected.txt:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@271514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:56 PM Changeset in webkit [275688] by Russell Epstein

• 3 edits in branches/safari-611-branch/Source/WebCore

Cherry-pick r271404. rdar://problem/76413093

Safari Networking high % CPU when Caches/WebKit/ServiceWorkers folder not writable
​https://bugs.webkit.org/show_bug.cgi?id=220220
<rdar://problem/72930195>

Reviewed by Chris Dumez.

In case writing changes in the service worker database fails, we retry once.
If it fails, we give up and will only retry writing when new changes happen.
Manually tested.

• workers/service/server/RegistrationDatabase.cpp: (WebCore::RegistrationDatabase::pushChanges): (WebCore::RegistrationDatabase::schedulePushChanges):
• workers/service/server/RegistrationDatabase.h:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@271404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:14 PM Changeset in webkit [275687] by commit-queue@webkit.org

• 10 edits in trunk

REGRESSION(r273541) WKWebView can't load NSURLRequest subclasses
​https://bugs.webkit.org/show_bug.cgi?id=224338
Source/WebCore:

<rdar://76192721>

Patch by Alex Christensen <​achristensen@webkit.org> on 2021-04-08
Reviewed by Brent Fulgham.

We used to use SPI to extract the CFURLRequestRef, but now we just call encodeWithCoder and initWithCoder.
That's great for many reasons, but to stay binary compatible we have to continue to support NSURLRequest subclasses.
They fail in two possible ways:

1. In ObjC, you can do wild and crazy things such as overriding encodeWithCoder and not calling [super encodeWithCoder:coder];
2. The process decoding the request (one of our auxiliary processes) almost certainly has not linked with the definition of the subclass. This makes us receive an NSException like this when calling decodeObjectOfClasses:forKey:

* -[NSKeyedUnarchiver decodeObjectForKey:]: cannot decode object of class (TestURLRequest) for key (root) because no class named "TestURLRequest" was found;
the class needs to be defined in source code or linked in from a library (ensure the class is part of the correct target).
If the class was renamed, use setClassName:forClass: to add a class translation mapping to NSKeyedUnarchiver

To solve this problem, when attempting to encode a request that is not an NSURLRequest or NSMutableURLRequest, use existing code in ResourceRequest to extract
the parts we use into an NSMutableURLRequest that we can successfully decode.

• platform/network/cf/ResourceRequest.h:
• platform/network/cocoa/ResourceRequestCocoa.mm:

(WebCore::ResourceRequest::replacePlatformRequest):

Source/WebKit:

Patch by Alex Christensen <​achristensen@webkit.org> on 2021-04-08
Reviewed by Brent Fulgham.

• Shared/Cocoa/WebCoreArgumentCodersCocoa.mm:

(IPC::ArgumentCoder<WebCore::ResourceRequest>::encodePlatformData):

Tools:

Patch by Alex Christensen <​achristensen@webkit.org> on 2021-04-08
Reviewed by Brent Fulgham.

• TestWebKitAPI/Tests/WebKitCocoa/ContentRuleListNotification.mm:

(respond):

• TestWebKitAPI/Tests/WebKitCocoa/LoadInvalidURLRequest.mm:

(-[TestURLRequest initWithURL:]):
(TestWebKitAPI::TEST):

• TestWebKitAPI/Tests/WebKitCocoa/TestURLSchemeHandler.h:

4:04 PM Changeset in webkit [275686] by ddkilzer@apple.com

• 2 edits in trunk/Tools

REGRESSION (r275150): set-webkit-configuration is too aggressive at deleting config files when coverage/sanitizer switch is not set
<​https://webkit.org/b/224343>

Reviewed by Mark Lam.

• Scripts/set-webkit-configuration:

(updateOrDeleteConfigurationFile):

• Change to take enabled and disabled arguments, and only reset (unlink) a config file if the --no-<option> is explicitly set.

3:54 PM Changeset in webkit [275685] by commit-queue@webkit.org

• 3 edits in trunk/Source/ThirdParty/ANGLE

[Metal-ANGLE] Support GPU power preferences, select low-power GPU by default.
Respond to GPU power preference flags, expose extension, and avoid creating a high-powered GPU by default.
​https://bugs.webkit.org/show_bug.cgi?id=224337

Patch by Kyle Piddington <Kyle Piddington> on 2021-04-08
Reviewed by Dean Jackson.

• src/libANGLE/renderer/metal/DisplayMtl.h:
• src/libANGLE/renderer/metal/DisplayMtl.mm:

(rx::DisplayMtl::initializeImpl):
(rx::DisplayMtl::getMetalDeviceMatchingAttribute):
(rx::DisplayMtl::generateExtensions const):

3:31 PM Changeset in webkit [275684] by Russell Epstein

• 19 edits
  3 adds in branches/safari-612.1.10-branch

Cherry-pick r275682. rdar://problem/76424627

Add test infrastructure for app bound request context string
​https://bugs.webkit.org/show_bug.cgi?id=224311
<rdar://problem/76229003>

Reviewed by Brent Fulgham.

Source/WebKit:

The app-bound request context string is the eTLD+1 for a load and is
needed by CFNetwork. We should add testing infrastructure to make sure
the context string is being properly set.

Test: http/tests/in-app-browser-privacy/context-string-for-subframe.html

• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (contextString): (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
• Shared/NavigatingToAppBoundDomain.h: (WebKit::AppBoundNavigationTestingData::clearAppBoundNavigationDataTesting): (WebKit::AppBoundNavigationTestingData::updateAppBoundNavigationTestingData): (WebKit::AppBoundNavigationTestingData::encode const): (WebKit::AppBoundNavigationTestingData::decode): Store the context string in the testing struct.
• UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _appBoundNavigationDataForDomain:completionHandler:]):
• UIProcess/API/Cocoa/WKWebViewPrivate.h: SPI to get the app-bound request test data for layout testing.

Tools:

Layout test infrastructure.

• WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp: (WTR::InjectedBundle::didReceiveMessageToPage):
• WebKitTestRunner/InjectedBundle/TestRunner.cpp: (WTR::TestRunner::appBoundRequestContextDataForDomain): (WTR::TestRunner::callDidReceiveAppBoundRequestContextDataForDomainCallback):
• WebKitTestRunner/InjectedBundle/TestRunner.h:
• WebKitTestRunner/TestController.cpp: (WTR::TestController::appBoundRequestContextDataForDomain):
• WebKitTestRunner/TestController.h:
• WebKitTestRunner/TestInvocation.cpp: (WTR::TestInvocation::didReceiveMessageFromInjectedBundle): (WTR::TestInvocation::didReceiveAppBoundRequestContextDataForDomain):
• WebKitTestRunner/TestInvocation.h:
• WebKitTestRunner/cocoa/TestControllerCocoa.mm: (WTR::TestController::appBoundRequestContextDataForDomain):
• WebKitTestRunner/cocoa/TestRunnerWKWebView.h:
• WebKitTestRunner/cocoa/TestRunnerWKWebView.mm: (-[TestRunnerWKWebView _appBoundNavigationDataForDomain:completionHandler:]):

LayoutTests:

Test coverage.

• http/tests/in-app-browser-privacy/context-string-for-subframe-expected.txt: Added.
• http/tests/in-app-browser-privacy/context-string-for-subframe.html: Added.
• http/tests/in-app-browser-privacy/resources/basic-iframe.html: Added.
• platform/ios-wk2/TestExpectations:

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275682 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3:23 PM Changeset in webkit [275683] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

[Metal ANGLE] check to see that a Metal device is available before selecting the backend.
​https://bugs.webkit.org/show_bug.cgi?id=224341

Some platforms, including virtual machines, do not support Metal.
If we cannot create a default device, fall back on selecting the OpenGL backend.

Patch by Kyle Piddington <Kyle Piddington> on 2021-04-08
Reviewed by Dean Jackson.

• platform/graphics/cocoa/GraphicsContextGLOpenGLCocoa.mm:

(WebCore::platformSupportsMetal):
(WebCore::InitializeEGLDisplay):
Added Metal header include, and runtime check to ensure a metal device can be created before selecting the Metal backend.

3:14 PM Changeset in webkit [275682] by Kate Cheney

• 19 edits
  3 adds in trunk

Add test infrastructure for app bound request context string
​https://bugs.webkit.org/show_bug.cgi?id=224311
<rdar://problem/76229003>

Reviewed by Brent Fulgham.

Source/WebKit:

The app-bound request context string is the eTLD+1 for a load and is
needed by CFNetwork. We should add testing infrastructure to make sure
the context string is being properly set.

Test: http/tests/in-app-browser-privacy/context-string-for-subframe.html

• NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(contextString):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):

• Shared/NavigatingToAppBoundDomain.h:

(WebKit::AppBoundNavigationTestingData::clearAppBoundNavigationDataTesting):
(WebKit::AppBoundNavigationTestingData::updateAppBoundNavigationTestingData):
(WebKit::AppBoundNavigationTestingData::encode const):
(WebKit::AppBoundNavigationTestingData::decode):
Store the context string in the testing struct.

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _appBoundNavigationDataForDomain:completionHandler:]):

• UIProcess/API/Cocoa/WKWebViewPrivate.h:

SPI to get the app-bound request test data for layout testing.

Tools:

Layout test infrastructure.

• WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
• WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::didReceiveMessageToPage):

• WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::appBoundRequestContextDataForDomain):
(WTR::TestRunner::callDidReceiveAppBoundRequestContextDataForDomainCallback):

• WebKitTestRunner/InjectedBundle/TestRunner.h:
• WebKitTestRunner/TestController.cpp:

(WTR::TestController::appBoundRequestContextDataForDomain):

• WebKitTestRunner/TestController.h:
• WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
(WTR::TestInvocation::didReceiveAppBoundRequestContextDataForDomain):

• WebKitTestRunner/TestInvocation.h:
• WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::appBoundRequestContextDataForDomain):

• WebKitTestRunner/cocoa/TestRunnerWKWebView.h:
• WebKitTestRunner/cocoa/TestRunnerWKWebView.mm:

(-[TestRunnerWKWebView _appBoundNavigationDataForDomain:completionHandler:]):

LayoutTests:

Test coverage.

• http/tests/in-app-browser-privacy/context-string-for-subframe-expected.txt: Added.
• http/tests/in-app-browser-privacy/context-string-for-subframe.html: Added.
• http/tests/in-app-browser-privacy/resources/basic-iframe.html: Added.
• platform/ios-wk2/TestExpectations:

2:52 PM Changeset in webkit [275681] by Russell Epstein

• 2 edits in branches/safari-612.1.10-branch/Source/WebKit

Cherry-pick r275669. rdar://problem/76422912

[Cocoa] Temporarily retain some media services when GPU Process active
​https://bugs.webkit.org/show_bug.cgi?id=224328
<rdar://problem/76370805>

Reviewed by Eric Carlson.

Testing of the GPU Process show that access to the CoreMedia routing service is still needed under
some use cases. To prevent user-facing impact, we will allow these connections while the underlying
issues are resolved.

• UIProcess/WebPageProxy.cpp: (WebKit::temporaryMachServices): Added. (WebKit::WebPageProxy::creationParameters): Extend access to the set of temporaryMachServices when the GPU Process is enabled.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275669 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2:45 PM Changeset in webkit [275680] by Chris Dumez

• 4 edits in trunk/Source/WebKit

Cache NSInvocation objects on _WKRemoteObjectInterface
​https://bugs.webkit.org/show_bug.cgi?id=224331
<rdar://75628393>

Reviewed by Geoffrey Garen.

Have _WKRemoteObjectInterface eagerly create the NSInvocation objects and store them
instead of re-constructing them every time they are needed.

• Shared/API/Cocoa/WKRemoteObjectCoder.mm:

(decodeInvocation):

• Shared/API/Cocoa/_WKRemoteObjectInterface.mm:

(methodArgumentTypeEncodingForSelector):
(initializeMethod):
(-[_WKRemoteObjectInterface debugDescription]):
(classesForSelectorArgument):
(-[_WKRemoteObjectInterface _invocationForSelector:]):
(-[_WKRemoteObjectInterface _invocationForReplyBlockOfSelector:]):
(-[_WKRemoteObjectInterface _allowedArgumentClassesForReplyBlockOfSelector:]):

• Shared/API/Cocoa/_WKRemoteObjectInterfaceInternal.h:

2:44 PM Changeset in webkit [275679] by Chris Dumez

• 3 edits
  2 adds in trunk

Suspended OfflineAudioContext objects are leaking
​https://bugs.webkit.org/show_bug.cgi?id=224333

Reviewed by Darin Adler.

Source/WebCore:

When offline rendering is suspended, we now release the ActiveDOMObject::PendingActivity we hold
to keep the OfflineAudioContext and its wrapper alive during rendering. The JS has to keep a
reference to the context's wrapper anyway if they ever want to resume rendering.

Test: webaudio/OfflineAudioContext/offlineaudiocontext-leak-while-suspended.html

• Modules/webaudio/OfflineAudioContext.cpp:

(WebCore::OfflineAudioContext::didSuspendRendering):

LayoutTests:

Add layout test coverage.

• webaudio/OfflineAudioContext/offlineaudiocontext-leak-while-suspended-expected.txt: Added.
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-while-suspended.html: Added.

2:30 PM Changeset in webkit [275678] by jiewen_tan@apple.com

• 2 edits in trunk/Source/WebCore

Unreviewed, a comment fix

• crypto/mac/CryptoAlgorithmAES_GCMMac.cpp:

(WebCore::encryptAES_GCM):
(WebCore::decyptAES_GCM):
Removes unnecessary comments.

2:27 PM Changeset in webkit [275677] by Chris Gambrell

• 41 edits
  11 adds
  10 deletes in trunk/LayoutTests

[LayoutTests] Convert http/tests/navigation convert PHP to Python
​https://bugs.webkit.org/show_bug.cgi?id=222418
<rdar://problem/74744523>

Reviewed by Jonathan Bedard.

• http/tests/blink/sendbeacon/beacon-cross-origin-redirect-blob-expected.txt:
• http/tests/blink/sendbeacon/beacon-cross-origin-redirect-blob.html:
• http/tests/blink/sendbeacon/beacon-cross-origin-redirect-expected.txt:
• http/tests/blink/sendbeacon/beacon-cross-origin-redirect.html:
• http/tests/navigation/image-load-in-pagehide-handler-expected.txt:
• http/tests/navigation/image-load-in-pagehide-handler.html:
• http/tests/navigation/image-load-in-unload-handler-expected.txt:
• http/tests/navigation/image-load-in-unload-handler.html:
• http/tests/navigation/no-referrer-reset-expected.txt:
• http/tests/navigation/no-referrer-reset.html:
• http/tests/navigation/no-referrer-same-window.html:
• http/tests/navigation/no-referrer-subframe.html:
• http/tests/navigation/no-referrer-target-blank.html:
• http/tests/navigation/ping-attribute/anchor-cookie-expected.txt:
• http/tests/navigation/ping-attribute/anchor-cookie.html:
• http/tests/navigation/ping-attribute/anchor-cross-origin-expected.txt:
• http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
• http/tests/navigation/ping-attribute/anchor-cross-origin-from-https.html:
• http/tests/navigation/ping-attribute/anchor-cross-origin.html:
• http/tests/navigation/ping-attribute/anchor-ping-and-follow-redirect-when-sending-ping-expected.txt:
• http/tests/navigation/ping-attribute/anchor-ping-and-follow-redirect-when-sending-ping.html:
• http/tests/navigation/ping-attribute/anchor-same-origin-expected.txt:
• http/tests/navigation/ping-attribute/anchor-same-origin.html:
• http/tests/navigation/ping-attribute/area-cookie-expected.txt:
• http/tests/navigation/ping-attribute/area-cookie.html:
• http/tests/navigation/ping-attribute/area-cross-origin-expected.txt:
• http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
• http/tests/navigation/ping-attribute/area-cross-origin-from-https.html:
• http/tests/navigation/ping-attribute/area-cross-origin.html:
• http/tests/navigation/ping-attribute/area-same-origin-expected.txt:
• http/tests/navigation/ping-attribute/area-same-origin.html:
• http/tests/navigation/ping-attribute/resources/utilities.js:

(clearLastPingResultAndRunTest):

• http/tests/navigation/post-301-response.html:
• http/tests/navigation/post-302-response.html:
• http/tests/navigation/post-303-response.html:
• http/tests/navigation/post-307-response.html:
• http/tests/navigation/post-308-response.html:
• http/tests/navigation/resources/check-ping.php: Removed.
• http/tests/navigation/resources/check-ping.py: Added.
• http/tests/navigation/resources/delete-ping.php: Removed.
• http/tests/navigation/resources/delete-ping.py: Added.
• http/tests/navigation/resources/image-load-in-pagehide-handler-2.html:
• http/tests/navigation/resources/image-load-in-unload-handler-2.html:
• http/tests/navigation/resources/no-referrer-helper.php: Removed.
• http/tests/navigation/resources/no-referrer-helper.py: Added.
• http/tests/navigation/resources/no-referrer-reset-helper.php: Removed.
• http/tests/navigation/resources/no-referrer-reset-helper.py: Added.
• http/tests/navigation/resources/no-referrer-same-window-helper.php: Removed.
• http/tests/navigation/resources/no-referrer-same-window-helper.py: Added.
• http/tests/navigation/resources/ping-file-path.php: Removed.
• http/tests/navigation/resources/ping_file_path.py: Added.
• http/tests/navigation/resources/redirected-post-request-contents.php: Removed.
• http/tests/navigation/resources/redirected-post-request-contents.py: Added.

(check_header):

• http/tests/navigation/resources/redirection-response.php: Removed.
• http/tests/navigation/resources/redirection-response.py: Added.
• http/tests/navigation/resources/save-Ping.php: Removed.
• http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.php: Removed.
• http/tests/navigation/resources/save-ping-and-redirect-to-save-ping.py: Added.
• http/tests/navigation/resources/save-ping.py: Added.
• http/tests/navigation/resources/save_ping.py: Added.

(not_being_called):
(save_ping):

• http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html:

1:57 PM Changeset in webkit [275676] by Chris Gambrell

• 2 edits
  1 delete in trunk/LayoutTests

[LayoutTests] Convert http/tests/workers convert PHP to Python
​https://bugs.webkit.org/show_bug.cgi?id=223522
<rdar://problem/75624689>

Reviewed by Jonathan Bedard.

• http/tests/workers/resources/worker-encoded.py:
• http/tests/workers/resources/xhr-response.php: Removed.

1:46 PM Changeset in webkit [275675] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Remove virtual from RenderBox::availableLogicalWidth
​https://bugs.webkit.org/show_bug.cgi?id=224332

Patch by Rob Buis <​rbuis@igalia.com> on 2021-04-08
Reviewed by Darin Adler.

Remove virtual from RenderBox::availableLogicalWidth since
it is not overridden.

• rendering/RenderBox.h:

(WebCore::RenderBox::availableLogicalWidth const):

1:45 PM Changeset in webkit [275674] by stephan.szabo@sony.com

• 2 edits in trunk/Source/WTF

[RunLoopGeneric] OneShotTimer should not remain "isActive" after fired
​https://bugs.webkit.org/show_bug.cgi?id=189335
<rdar://problem/44226604>

Reviewed by Geoffrey Garen.

• wtf/generic/RunLoopGeneric.cpp:

Deactivate one-shot timer before invoking its callback.

1:04 PM Changeset in webkit [275673] by dino@apple.com

• 2 edits in trunk/Source/WebKit

Specify Swift version in configuration
​https://bugs.webkit.org/show_bug.cgi?id=224334

Reviewed by Darin Adler.

Specify Swift language version 5 to stop an Xcode warning.

• Configurations/Base.xcconfig:

1:02 PM Changeset in webkit [275672] by aakash_jain@apple.com

• 6 edits in trunk/Tools

Add webkit-patch support for fast-cq mode
​https://bugs.webkit.org/show_bug.cgi?id=224286

Reviewed by Jonathan Bedard.

• Scripts/webkitpy/tool/steps/options.py:

(Options): Added --fast-cq parameter.

• Scripts/webkitpy/tool/steps/postdiff.py:

(PostDiff.options):
(PostDiff.run): Set the patch name appropriately for fast-cq mode.

• Scripts/webkitpy/common/net/bugzilla/attachment.py:
• Scripts/webkitpy/tool/commands/upload_unittest.py: Added unit test.

1:02 PM Changeset in webkit [275671] by aakash_jain@apple.com

• 2 edits in trunk/Tools

EWS should keep working when Bugzilla is down
​https://bugs.webkit.org/show_bug.cgi?id=224336

Reviewed by Jonathan Bedard.

• CISupport/ews-build/steps.py:

(BugzillaMixin.get_patch_json):
(BugzillaMixin.get_bug_json):

12:43 PM WebKitGTK/2.32.x edited by Adrian Perez de Castro

(diff)

12:05 PM Changeset in webkit [275670] by commit-queue@webkit.org

• 6 edits in trunk/Source

[WPE] Build fixes for musl C library on Linux
​https://bugs.webkit.org/show_bug.cgi?id=210068

Patch by Khem Raj <​raj.khem@gmail.com> on 2021-04-08
Reviewed by Carlos Alberto Lopez Perez.

Source/JavaScriptCore:

Use OS(LINUX) to include musl in platform test
for linux and consolidate all linux platfrom
under same test. Use smaller limits for JSC
stack size per thread and reserved zone size.

• runtime/MachineContext.h:

(JSC::MachineContext::stackPointerImpl):
(JSC::MachineContext::framePointerImpl):
(JSC::MachineContext::instructionPointerImpl):
(JSC::MachineContext::argumentPointer<1>):
(JSC::MachineContext::llintInstructionPointer):

• runtime/OptionsList.h:

Source/WTF:

Define 128KB DEFAULT_THREAD_STACK_SIZE_IN_KB for musl
Use OS(LINUX) check to include musl when building for
Linux based platforms.

• wtf/PlatformHave.h:
• wtf/Threading.cpp:

11:47 AM Changeset in webkit [275669] by Brent Fulgham

• 2 edits in trunk/Source/WebKit

[Cocoa] Temporarily retain some media services when GPU Process active
​https://bugs.webkit.org/show_bug.cgi?id=224328
<rdar://problem/76370805>

Reviewed by Eric Carlson.

Testing of the GPU Process show that access to the CoreMedia routing service is still needed under
some use cases. To prevent user-facing impact, we will allow these connections while the underlying
issues are resolved.

• UIProcess/WebPageProxy.cpp:

(WebKit::temporaryMachServices): Added.
(WebKit::WebPageProxy::creationParameters): Extend access to the set of temporaryMachServices when
the GPU Process is enabled.

11:41 AM Changeset in webkit [275668] by Chris Dumez

• 28 edits
  4 adds in trunk

OfflineAudioContext objects are leaking
​https://bugs.webkit.org/show_bug.cgi?id=224279

Reviewed by Darin Adler.

Source/WebCore:

OfflineAudioContext objects were always leaking due to 2 reference cycles:

1. BaseAudioContext -> m_listener (AudioListener) -> m_positionX (AudioParam) -> m_context (BaseAudioContext)
2. BaseAudioContext -> m_destinationNode (AudioDestinationNode) -> m_context (BaseAudioContext)

For reference cycle 1, I made AudioSummingJunction (base class of AudioParam) hold a weak pointer to the
AudioContext instead of a Ref<>. I don't think there is a good reason for an AudioSummingJunction (AudioParam
or AudioNodeInput) to keep its AudioContext alive. AudioNodes already keep their AudioContext alive.
AudioNodeInputs and AudioParams are associated to AudioNodes.

For reference cycle 2, I made AudioDestinationNode not hold a strong pointer to its context but instead a
weak pointer. Since keeping an AudioDestinationNode alive should keep its AudioContext alive, I made it so
that ref'ing the AudioDestinationNode refs its BaseAudioContext. Also, BaseAudioContext::m_destinationNode
is now a UniqueRef<> instead of a RefPtr<> to avoid a cycle.

Tests: webaudio/OfflineAudioContext/offlineaudiocontext-leak-after-rendering.html

webaudio/OfflineAudioContext/offlineaudiocontext-leak.html

• Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::baseLatency):
(WebCore::AudioContext::getOutputTimestamp):
(WebCore::AudioContext::close):
(WebCore::AudioContext::destination):
(WebCore::AudioContext::destination const):
(WebCore::AudioContext::suspendRendering):
(WebCore::AudioContext::resumeRendering):
(WebCore::AudioContext::startRendering):
(WebCore::AudioContext::lazyInitialize):
(WebCore::AudioContext::mediaState const):
(WebCore::AudioContext::mayResumePlayback):
(WebCore::AudioContext::suspendPlayback):
(WebCore::AudioContext::pageMutedStateDidChange):

• Modules/webaudio/AudioContext.h:
• Drop some null checks now that m_destinationNode can no longer be null.
• Capture an ActiveDOMObject::PendingActivity when doing async work that ends up resolving a Promise, so that we keep both the object and its wrapper alive for the duration of the async work.

• Modules/webaudio/AudioDestinationNode.cpp:

(WebCore::AudioDestinationNode::ref):
(WebCore::AudioDestinationNode::deref):

• Modules/webaudio/AudioDestinationNode.h:

Have AudioDestinationNode override AudioNode's ref() / deref() to forward the refcounting
to its BaseAudioContext, instead of using the AudioNode's internal refCount.

• Modules/webaudio/AudioListener.cpp:

(WebCore::AudioListener::updateValuesIfNeeded):
(WebCore::AudioListener::setPosition):
(WebCore::AudioListener::setOrientation):
Add some null-checks for AudioParam::context() now that AudioParam holds a WeakPtr to its
context.

• Modules/webaudio/AudioNode.cpp:

(WebCore::AudioNode::toWeakOrStrongContext):
(WebCore::AudioNode::AudioNode):
(WebCore::AudioNode::connect):
(WebCore::AudioNode::sampleRate const):
(WebCore::AudioNode::markNodeForDeletionIfNecessary):
(WebCore::AudioNode::contextForBindings):
(WebCore::AudioNode::context):
(WebCore::AudioNode::context const):

• Modules/webaudio/AudioNode.h:
• Hold the BaseAudioContext as a WeakPtr instead of a Ref<> if the AudioNode is an AudioDestinationNode. This avoids a reference cycle since the BaseAudioContext owns the AudioDestinationNode. Even though we are using a WeakPtr, it is safe to assume that the context is not null because ref'ing an AudioDestinationNode refs its BaseAudioContext.
• Make sure markNodeForDeletionIfNecessary() has no effect for AudioDestinationNode since BaseAudioContext now owns the AudioDestinationNode when we take care of destroying its destination node when destroyed.

• Modules/webaudio/AudioNodeInput.cpp:

(WebCore::AudioNodeInput::connect):
(WebCore::AudioNodeInput::disconnect):
(WebCore::AudioNodeInput::outputEnabledStateChanged):
(WebCore::AudioNodeInput::updateInternalBus):
(WebCore::AudioNodeInput::bus):
(WebCore::AudioNodeInput::internalSummingBus):
(WebCore::AudioNodeInput::sumAllConnections):
(WebCore::AudioNodeInput::pull):
Add assertions that the context is not null. There were already assertions that we are the graph
owner, which means we are holding the BaseAudioContext's lock, which means that the audio context
is alive.

• Modules/webaudio/AudioParam.cpp:

(WebCore::AudioParam::value):
(WebCore::AudioParam::setValueForBindings):
(WebCore::AudioParam::smooth):
(WebCore::AudioParam::hasSampleAccurateValues const):
(WebCore::AudioParam::calculateSampleAccurateValues):
(WebCore::AudioParam::calculateFinalValues):
(WebCore::AudioParam::calculateTimelineValues):
(WebCore::AudioParam::connect):
(WebCore::AudioParam::disconnect):
Add null-checks for the AudioContext now that the AudioParam is only holding a WeakPtr to its
BaseAudioContext (to avoid a reference cycle).

• Modules/webaudio/AudioSummingJunction.cpp:

(WebCore::AudioSummingJunction::AudioSummingJunction):
(WebCore::AudioSummingJunction::~AudioSummingJunction):
(WebCore::AudioSummingJunction::markRenderingStateAsDirty):
(WebCore::AudioSummingJunction::addOutput):
(WebCore::AudioSummingJunction::removeOutput):
(WebCore::AudioSummingJunction::updateRenderingState):
(WebCore::AudioSummingJunction::outputEnabledStateChanged):

• Modules/webaudio/AudioSummingJunction.h:

(WebCore::AudioSummingJunction::context):
(WebCore::AudioSummingJunction::context const):

• Hold a WeakPtr to the BaseAudioContext to avoid a reference cycle.
• Deal with the fact that the audio context may be null now that we're holding a WeakPtr to it (except when holding the graph lock)

• Modules/webaudio/BaseAudioContext.cpp:

(WebCore::BaseAudioContext::BaseAudioContext):
(WebCore::BaseAudioContext::~BaseAudioContext):
(WebCore::BaseAudioContext::numberOfInstances):
(WebCore::BaseAudioContext::lazyInitialize):
(WebCore::BaseAudioContext::clear):
(WebCore::BaseAudioContext::uninitialize):
(WebCore::BaseAudioContext::stop):
(WebCore::BaseAudioContext::sampleRate const):
(WebCore::BaseAudioContext::decodeAudioData):
(WebCore::BaseAudioContext::markForDeletion):
(WebCore::BaseAudioContext::deleteMarkedNodes):
(WebCore::BaseAudioContext::setPendingActivity):
(WebCore::BaseAudioContext::workletIsReady):

• Modules/webaudio/BaseAudioContext.h:

(WebCore::BaseAudioContext::destination):
(WebCore::BaseAudioContext::destination const):
(WebCore::BaseAudioContext::currentSampleFrame const):
(WebCore::BaseAudioContext::currentTime const):

• Switch m_destinationNode from RefPtr<> to UniqueRef<> since the AudioContext is now the owner of the destinationNode and since refing the destination node actually refs its BaseAudioContext.
• Drop some null checks now that m_destinationNode can no longer be null.
• Rename makePendingActivity() to setPendingActivity() to avoid a naming conflict with ActiveDOMObject::makePendingActivity().

• Modules/webaudio/DefaultAudioDestinationNode.h:
• Modules/webaudio/OfflineAudioDestinationNode.h:
• Drop create() factory functions and make the constructor public now that the BaseAudioContext owns its destination node via a UniqueRef<>.
• Make some member functions public as they are virtual and they now called on the subclass instead of the base class (and these functions are public in the base class).

• Modules/webaudio/OfflineAudioContext.cpp:

(WebCore::OfflineAudioContext::startOfflineRendering):
(WebCore::OfflineAudioContext::resumeOfflineRendering):

• Modules/webaudio/OfflineAudioContext.h:
• Drop some null checks now that m_destinationNode can no longer be null.
• Capture an ActiveDOMObject::PendingActivity when doing async work that ends up resolving a Promise, so that we keep both the object and its wrapper alive for the duration of the async work.

• Modules/webaudio/WebKitAudioContext.cpp:

(WebCore::WebKitAudioContext::close):
Drop null checks for the destination node now that it can never be null.

• dom/ShadowRoot.cpp:
• rendering/FloatingObjects.cpp:
• rendering/RootInlineBox.cpp:

Update classes used of size restrictions since the size of a WeakPtr is not longer the same as the size of a
pointer when debug assertions are enabled. As long as they are the same size in release builds, there is no
memory use concern.

• testing/Internals.cpp:

(WebCore::Internals::numberOfBaseAudioContexts const):

• testing/Internals.h:
• testing/Internals.idl:

Add testing function to check how many BaseAudioContexts are alive, so that we can write layout tests and check
for leaks.

Source/WTF:

Add flag that can be passed when constructing a WeakPtr to disable threading assertions.
This is useful for cases where we know it is safe due to locking but we'd like to use a
WeakPtr instead of a raw pointer because it is safer.

• wtf/WeakPtr.h:

(WTF::WeakPtr::get const):
(WTF::WeakPtr::operator-> const):
(WTF::WeakPtr::operator* const):
(WTF::WeakPtr::WeakPtr):
(WTF::WeakPtrFactory::createWeakPtr const):
(WTF::=):
(WTF::makeWeakPtr):

LayoutTests:

Add layout test coverage.

• webaudio/OfflineAudioContext/offlineaudiocontext-leak-after-rendering-expected.txt: Added.
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-after-rendering.html: Added.
• webaudio/OfflineAudioContext/offlineaudiocontext-leak-expected.txt: Added.
• webaudio/OfflineAudioContext/offlineaudiocontext-leak.html: Added.

11:37 AM Changeset in webkit [275667] by youenn@apple.com

• 6 edits in trunk

Streams: new test failure for canceling the branches of an errored tee'd stream
​https://bugs.webkit.org/show_bug.cgi?id=223558
<rdar://problem/75924807>

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebased from WPT ToT.

• web-platform-tests/streams/readable-streams/tee.any-expected.txt:
• web-platform-tests/streams/readable-streams/tee.any.js:

(promise_test.async const):
(promise_test):
(promise_test.async t):

• web-platform-tests/streams/readable-streams/tee.any.worker-expected.txt:

Source/WebCore:

Align with latest version of the spec.
Covered by updated test.

• Modules/streams/ReadableStreamInternals.js:

(readableStreamTee):
(readableStreamTeePullFunction):

11:30 AM Changeset in webkit [275666] by commit-queue@webkit.org

• 2 edits in trunk/Tools

prepare-ChangeLog fails to find deleted functions in files with spaces in their path in Git repositories
​https://bugs.webkit.org/show_bug.cgi?id=224303

Patch by Adam Roben <Adam Roben> on 2021-04-08
Reviewed by Sam Weinig.

It would also print a bunch of errors like this on stderr:

fatal: ambiguous argument 'Foo/Bar.cpp': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'

• Scripts/prepare-ChangeLog:

(originalFile): Quote the file path in the git show command we
construct.

11:25 AM Changeset in webkit [275665] by Truitt Savell

• 2 edits in trunk/Tools

Repalce bot187 with bot178 for CLoop tester.
rdar://76009577

Unreviewed infrustructure fix.

• CISupport/build-webkit-org/config.json:

11:23 AM Changeset in webkit [275664] by Andres Gonzalez

• 11 edits
  2 adds in trunk

VoiceOver does not echo text insertions and deletions when a contenteditable div has a non editable descendant element with a content editable child
​https://bugs.webkit.org/show_bug.cgi?id=223818

Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/nested-textareas-value-changed-notifications.html

AXObjectCache::textChanged now only notifies the closest non-native text
control of value changes. This avoid the problem of multiple value
changed notifications in a row when there are nested text areas.
Removed AccessibilityRenderObject::textChanged and moved that
functionality to AXObjectCache::textChanged, where it belongs.

• accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::textChanged):

• accessibility/AccessibilityObject.h:
• accessibility/AccessibilityObjectInterface.h:
• accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::textChanged): Deleted.

• accessibility/AccessibilityRenderObject.h:
• accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::textChanged): Deleted.

• accessibility/isolatedtree/AXIsolatedObject.h:

LayoutTests:

• accessibility/nested-textareas-value-changed-notifications-expected.txt: Added.
• accessibility/nested-textareas-value-changed-notifications.html: Added.

11:21 AM Changeset in webkit [275663] by Wenson Hsieh

• 2 edits in trunk/Source/WebKit

Unreviewed, fix the internal build after r275640
​https://bugs.webkit.org/show_bug.cgi?id=224239

• WebKit.xcodeproj/project.pbxproj:

This source file was added to the project as a compilation target, but it also appears in unified sources; this
causes the encode and decode methods to be defined twice, leading to a linker error. Fix this by only
including it as a unified source.

11:17 AM Changeset in webkit [275662] by youenn@apple.com

• 2 edits in trunk/Source/WebCore

Broken transition when video player with MediaStream changes size
​https://bugs.webkit.org/show_bug.cgi?id=224161
<rdar://problem/76366061>

Reviewed by Eric Carlson.

In case of animation that changes the root layer bounds, we need to synchronously update
the buffer layer as well.

Manually tested.

• platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::rootLayerBoundsDidChange):

11:15 AM Changeset in webkit [275661] by jer.noble@apple.com

• 2 edits in trunk/Source/WebKit

[Swift] Move the "Copy Additional Sources" Build Phase into the WebKitSwift target
​https://bugs.webkit.org/show_bug.cgi?id=224330

Reviewed by Eric Carlson.

Avoid a dependency cycle (WebKit -> WebKitSwift -> WebKit) due to the Copy Additional Sources phase by moving
that phase to the WebKitSwift target itself.

• WebKit.xcodeproj/project.pbxproj:

10:03 AM Changeset in webkit [275660] by Simon Fraser

• 2 edits in trunk/Source/WebCore

Compact GraphicsContextState
​https://bugs.webkit.org/show_bug.cgi?id=224317

Reviewed by Jon Lee.

Shrink GraphicsContextState from 192 to 184 bytes. This saves space in all the
GraphicsContext state stacks, and on pages with filters and canvas there can be
many of these.

• platform/graphics/GraphicsContext.h:

9:54 AM CSSContainment edited by Simon Fraser

(diff)

9:14 AM Changeset in webkit [275659] by sihui_liu@apple.com

• 30 edits in trunk

Remove logging for investigating http/tests/IndexedDB/storage-limit-1.html failure
​https://bugs.webkit.org/show_bug.cgi?id=223086
<rdar://problem/75591816>

Reviewed by Chris Dumez.

Source/WebCore:

• Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::diskUsage):

• Modules/indexeddb/server/IDBServer.h:
• Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForDirectory):

• Modules/indexeddb/server/SQLiteIDBBackingStore.h:
• storage/StorageQuotaManager.cpp:

(WebCore::StorageQuotaManager::requestSpaceOnBackgroundThread):
(WebCore::StorageQuotaManager::tryGrantRequest):
(WebCore::StorageQuotaManager::setLoggingEnabled): Deleted.

• storage/StorageQuotaManager.h:

Source/WebKit:

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::storageQuotaManager):
(WebKit::NetworkProcess::setQuotaLoggingEnabled): Deleted.

• NetworkProcess/NetworkProcess.h:
• NetworkProcess/NetworkProcess.messages.in:
• UIProcess/API/C/WKWebsiteDataStoreRef.cpp:

(WKWebsiteDataStoreSetQuotaLoggingEnabled): Deleted.

• UIProcess/API/C/WKWebsiteDataStoreRef.h:
• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::setQuotaLoggingEnabled): Deleted.

• UIProcess/Network/NetworkProcessProxy.h:
• UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::setQuotaLoggingEnabled): Deleted.

• UIProcess/WebsiteData/WebsiteDataStore.h:

Source/WebKitLegacy:

• Storage/InProcessIDBServer.cpp:

(InProcessIDBServer::quotaManager):

Tools:

• WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
• WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::setQuotaLoggingEnabled): Deleted.

• WebKitTestRunner/InjectedBundle/TestRunner.h:
• WebKitTestRunner/TestController.cpp:

(WTR::TestController::setQuotaLoggingEnabled): Deleted.

• WebKitTestRunner/TestController.h:
• WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

LayoutTests:

• http/tests/IndexedDB/storage-limit-1.https.html:
• http/tests/IndexedDB/storage-limit-2.https.html:
• http/tests/IndexedDB/storage-limit.https.html:

9:14 AM Changeset in webkit [275658] by Simon Fraser

• 4 edits in trunk

Copy-constructed Vectors should not have excess capacity
​https://bugs.webkit.org/show_bug.cgi?id=224313

Reviewed by Darin Adler.

Source/WTF:

When copy-constructing a Vector<>, set the capacity to the size of the input.
This avoids wasted vector capacity at call sites that dynamically build vectors
and then copy them into read-only caches.

• wtf/Vector.h:

(WTF::Malloc>::Vector):

Tools:

New API tests for testing capacity on copy-construct, with tests for copy-constructing
with various configs of inline capacity.

• TestWebKitAPI/Tests/WTF/Vector.cpp:

(TestWebKitAPI::TEST):

8:34 AM WebKitGTK/2.32.x edited by Michael Catanzaro

(diff)

6:16 AM Changeset in webkit [275657] by Antti Koivisto

• 16 edits in trunk

Revert r273621 because iPhone PLT regression
​https://bugs.webkit.org/show_bug.cgi?id=224323

Unreviewed.

Source/WebCore:

• dom/CharacterData.cpp:

(WebCore::CharacterData::parserAppendData):
(WebCore::CharacterData::setDataAndUpdate):

• dom/Document.cpp:

(WebCore::Document::removedLastRef):
(WebCore::Document::resolveStyle):
(WebCore::Document::updateTextRenderer):
(WebCore::Document::needsStyleRecalc const):

• dom/Document.h:
• dom/Text.cpp:

(WebCore::Text::splitText):
(WebCore::Text::updateRendererAfterContentChange):

• editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::deleteInsignificantText):

• editing/markup.cpp:

(WebCore::replaceChildrenWithFragment):

• rendering/updating/RenderTreeUpdater.cpp:
• style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::TreeResolver::resolve):

• style/StyleTreeResolver.h:

(WebCore::Style::TreeResolver::TreeResolver): Deleted.

• style/StyleUpdate.cpp:

(WebCore::Style::Update::addText):
(WebCore::Style::Update::addPossibleRoot):

• style/StyleUpdate.h:

(WebCore::Style::Update:: const):
(WebCore::Style::Update::roots const): Deleted.

LayoutTests:

• fast/text/splitText-dirty-lines-expected.txt:
• fast/text/text-combine-surroundContents-crash-expected.txt:
• imported/blink/fast/css/first-letter-range-insert-expected.txt:

3:53 AM Changeset in webkit [275656] by youenn@apple.com

• 12 edits
  2 adds in trunk

Update SFrame implementation to latest version
​https://bugs.webkit.org/show_bug.cgi?id=224276

Reviewed by Eric Carlson.

Source/WebCore:

Update implementation according to latest draft at ​https://github.com/eomara/sframe/blob/master/draft-omara-sframe.md.
In particular, we derive keys with new algorithm and the generation of the signature by including header and data length as well as nonce.

Test: webrtc/sframe-test-vectors.html

• Modules/mediastream/RTCRtpSFrameTransform.cpp:

(WebCore::RTCRtpSFrameTransform::setCounterForTesting):

• Modules/mediastream/RTCRtpSFrameTransform.h:
• Modules/mediastream/RTCRtpSFrameTransformer.cpp:

(WebCore::computeIV):
(WebCore::RTCRtpSFrameTransformer::updateEncryptionKey):
(WebCore::RTCRtpSFrameTransformer::decryptFrame):
(WebCore::RTCRtpSFrameTransformer::encryptFrame):
(WebCore::RTCRtpSFrameTransformer::computeEncryptedDataSignature):

• Modules/mediastream/RTCRtpSFrameTransformer.h:
• Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp:

(WebCore::RTCRtpSFrameTransformer::computeSaltKey):
(WebCore::createBaseSFrameKey):
(WebCore::RTCRtpSFrameTransformer::computeAuthenticationKey):
(WebCore::RTCRtpSFrameTransformer::computeEncryptionKey):
(WebCore::encodeBigEndian):
(WebCore::RTCRtpSFrameTransformer::computeEncryptedDataSignature):

• testing/Internals.cpp:

(WebCore::Internals::setSFrameCounter):

• testing/Internals.h:
• testing/Internals.idl:

Tools:

Update tests according new way of deriving keys and generating the signature.

• TestWebKitAPI/Tests/WebCore/RTCRtpSFrameTransformerTests.cpp:

(TestWebKitAPI::TEST):

LayoutTests:

• webrtc/sframe-test-vectors-expected.txt: Added.
• webrtc/sframe-test-vectors.html: Added.

1:58 AM Changeset in webkit [275655] by commit-queue@webkit.org

• 10 edits in trunk/Source/WebKit

Difficult to understand which IPC message caused an ASSERT due to being not handled
​https://bugs.webkit.org/show_bug.cgi?id=224269

Patch by Kimmo Kinnunen <​kkinnunen@apple.com> on 2021-04-08
Reviewed by Chris Dumez.

Add the message name and destination ID to the assertion message about
unhandled IPC message.

• Scripts/webkit/messages.py:

(generate_message_handler):

• Scripts/webkit/tests/TestWithIfMessageMessageReceiver.cpp:

(WebKit::TestWithIfMessage::didReceiveMessage):

• Scripts/webkit/tests/TestWithImageDataMessageReceiver.cpp:

(WebKit::TestWithImageData::didReceiveMessage):
(WebKit::TestWithImageData::didReceiveSyncMessage):

• Scripts/webkit/tests/TestWithLegacyReceiverMessageReceiver.cpp:

(WebKit::TestWithLegacyReceiver::didReceiveTestWithLegacyReceiverMessage):
(WebKit::TestWithLegacyReceiver::didReceiveSyncTestWithLegacyReceiverMessage):

• Scripts/webkit/tests/TestWithSemaphoreMessageReceiver.cpp:

(WebKit::TestWithSemaphore::didReceiveMessage):
(WebKit::TestWithSemaphore::didReceiveSyncMessage):

• Scripts/webkit/tests/TestWithStreamBufferMessageReceiver.cpp:

(WebKit::TestWithStreamBuffer::didReceiveMessage):

• Scripts/webkit/tests/TestWithStreamMessageReceiver.cpp:

(WebKit::TestWithStream::didReceiveStreamMessage):

• Scripts/webkit/tests/TestWithSuperclassMessageReceiver.cpp:

(WebKit::TestWithSuperclass::didReceiveSyncMessage):

• Scripts/webkit/tests/TestWithoutAttributesMessageReceiver.cpp:

(WebKit::TestWithoutAttributes::didReceiveMessage):
(WebKit::TestWithoutAttributes::didReceiveSyncMessage):

1:38 AM Changeset in webkit [275654] by calvaris@igalia.com

• 2 edits in trunk/Source/WebCore

Unreviewed. Fixed build warning.

• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h: Avoid C-linkage warning.

Apr 7, 2021:

10:48 PM Changeset in webkit [275653] by ysuzuki@apple.com

• 5 edits
  1 add in trunk

[JSC] DUCET level-1 weighs are equal if characters are alphabets
​https://bugs.webkit.org/show_bug.cgi?id=224047

Reviewed by Saam Barati and Mark Lam.

JSTests:

• stress/ducet-level-3-or-4-comparison.js: Added.

(shouldBe):

Source/JavaScriptCore:

ASCII comparison optimization was based on that DUCET level-1 weights are all different (except for 0000 case), but this was wrong.
If we have the same latin letters with different capitalization, then they have the same level-1 weight ('A' v.s. 'a').
In this patch,

1. If we found that the result of level-1 weight comparison is equal, and characters are not equal, then we do level-3 weight comparison. We do not perform level-2 since they are all the same weight in ASCII (excluding control characters) region.
2. We do not perform level-4 weight comparison since level-1 and level-3 comparison must distinguish the strings. Level-1 weights are equal only when characters are the same latin letters. And level-3 weight puts different weights for capital latin letters. Since we already know that these strings are different while they are equal in level-1 weight comparison, the only case is that they have same latin letters in the same position. In that case, level-3 weight must say different results for these characters so that we never meet "equal" status in level-3 weight comparison if characters are different.

• runtime/IntlObject.cpp:
• runtime/IntlObject.h:
• runtime/IntlObjectInlines.h:

(JSC::canUseASCIIUCADUCETComparison):
(JSC::compareASCIIWithUCADUCETLevel3):
(JSC::compareASCIIWithUCADUCET):

10:21 PM Changeset in webkit [275652] by commit-queue@webkit.org

• 4 edits
  2 adds in trunk

Nullptr dereference in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline
​https://bugs.webkit.org/show_bug.cgi?id=224259

Patch by Julian Gonzalez <​julian_a_gonzalez@apple.com> on 2021-04-07
Reviewed by Ryosuke Niwa.

Source/WebCore:

When pruning after removing the end <br> in ReplaceSelectionCommand::doApply(), make sure
that insertedNodes is updated properly (given that we may be removing an ancestor
of the start or end of insertedNodes).

Test: editing/inserting/insert-display-contents-crash.html

• editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::InsertedNodes::willRemovePossibleAncestorNode):
(WebCore::ReplaceSelectionCommand::InsertedNodes::willRemoveNode):
(WebCore::ReplaceSelectionCommand::doApply):

• editing/ReplaceSelectionCommand.h:

LayoutTests:

Add a test to catch the editing crash fixed here; thanks to Tuomas Karkkainen
for its basic structure.

• editing/inserting/insert-display-contents-crash-expected.txt: Added.
• editing/inserting/insert-display-contents-crash.html: Added.

9:21 PM Changeset in webkit [275651] by Jean-Yves Avenard

• 2 edits in trunk/Source/WebCore

Site could crash if MediaRemote framework isn't available.
​https://bugs.webkit.org/show_bug.cgi?id=224308
<rdar://problem/76273591>

Reviewed by Eric Carlson.

Check that MediaRemote framework is available before calling any of its method.
We put the check in the two static methods calling MediaRemote in order to keep all code dealing with MediaRemote in the same place.

• platform/audio/cocoa/MediaSessionManagerCocoa.mm:

(WebCore::MediaSessionManagerCocoa::clearNowPlayingInfo): Add a test with isMediaRemoteFrameworkAvailable
(WebCore::MediaSessionManagerCocoa::setNowPlayingInfo): Add a test with isMediaRemoteFrameworkAvailable

7:19 PM Changeset in webkit [275650] by Darin Adler

• 53 edits in trunk/Source

Use Hasher more, remove IntegerHasher, fix hashing-related mistakes
​https://bugs.webkit.org/show_bug.cgi?id=224138

Reviewed by Chris Dumez.

Source/JavaScriptCore:

• bytecode/BytecodeIndex.h:

(JSC::BytecodeIndex::hash const): Remove unneeded WTF prefix on call
to intHash.

• ftl/FTLAbstractHeap.h: Use HashTraits instead of WTF::GenericHashTraits.

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::validateAIState): Remove unneeded WTF
prefix on call to intHash.

• wasm/WasmLLIntGenerator.cpp: Use HashTraits instead of WTF::GenericHashTraits.

Source/WebCore:

• contentextensions/ContentExtensionRule.h:

(WebCore::ContentExtensions::TriggerHash::hash): Use computeHash to
hash all the fields instead of a custom-written algorithm. The custom
algorithm had some magic numbers, repeatedly hashed hashes, and combined
hashes using exclusive or. The new one is almost certainly better.

• contentextensions/Term.h:

(WebCore::ContentExtensions::Term::CharacterSet::hash const):
Use computeHash to hash the boolean and the characters rather than
using intHash and pairIntHash.

• css/parser/CSSParserContext.cpp:

(WebCore::add): Moved the hashing here from the header. Fixed the
mistake where this was using & instead of | and so none of the booleans
were having any effect on the hash value.

• css/parser/CSSParserContext.h: Use WTF_MAKE_STRUCT_FAST_ALLOCATED so

we don't have to say public: explicitly. Also moved all the function
members to the bottom of the struct. This is typically preferred style
for structures as opposed to classes. Since the data members are the
primary interface, they are first, and all function members are secondary
and so they come after.
(WebCore::CSSParserContextHash::hash): Use convertHash instead of
a custom written hash function. The custom written function was combining
hahes using exclusive or, not a best practice, and also had a mistake
where it used & instead of | and so the "bits" local variable was always 0.

• html/FormController.cpp: Use HashTraits instead of WTF::GenericHashTraits.

• platform/encryptedmedia/CDMProxy.h: Removed unneedes includes.

• platform/graphics/Font.cpp: Changed CharacterFallbackMapKey into a

simple struct with no additional function members or static data members.
Changed CharacterFallbackMapKeyHash to use computeHash to calculate the
hash, instead of IntegerHasher. Probably better to hash the pointer of
the AtomString rather than hashing the hash, but either way, we should
have the best implementation for AtomString hashing in the Hasher class.
Added CharacterFallbackMapKeyHashTraits instead of using
SimpleClassHashTraits. Use the value U_SENTINEL for the UChar32 character,
which is the same as the -1 used before, but slightly clearer why it's OK.
(WebCore::Font::systemFallbackFontForCharacter const): Use HashMap::ensure
instead of HashMap::add to make the logic simpler.

• platform/graphics/Font.h: Use bool instead of uint8_t as the base type

for the No/Yes enumeration IsForPlatformFont.

• platform/graphics/FontCache.cpp: Removed unneeded "using namespace WTF",

which is not our best practice, especially given unified builds.
Changed FontPlatformDataCacheKey into a simple struct, removing all the
hash-related member functions. Also used struct-style naming for the
members without an "m_" prefix. Used the type FontFamilyName for the
family name, which means we will use FontCascadeDescription's system
for hashing and comparing family names for equality without having to
remember do to so explicitly. Changed FontPlatformDataCacheKeyHash to
use computeHash. The old version had unnecessarily complex logic to
handle Optional and was unnecessarily hashing hashes.
(WebCore::FontCache::cachedFontPlatformData): Renamed to remove "get"
from the function's name. Also use shorter argument and local variable
names that are single words, and updated since FontPlatformDataCacheKey
is now a struct without a constructor.
(WebCore::FontCache::fontForFamily): Use shorter names.
(WebCore::operator==): To compare two FontCascadeCacheKey objects,
use a simpler constructions, depending on the fact that Vector already
has an == operator and we are using FontFamilyName for the elements
of the vector, which has a correct == operator.
(WebCore::FontCascadeCacheKeyHash::hash): Use computeHash since
the FontFamilyName hashing is now correct, and we can rely on the
way Hasher knows how to iterate a collection.
(WebCore::FontCache::retrieveOrAddCachedFonts): Update since
FontCascadeCacheEntry is now a simple struct. Also use constexpr a bit.
(WebCore::FontCache::invalidate): Use copyToVectorOf<> to simplify the
code that calls fontCacheInvalidated on all the font selectors.

• platform/graphics/FontCache.h: Use "using" instead of "typedef".

Remove FontDescriptionKey::computeHash.
(WebCore::add): An overload of add for Hasher to include a
FontDescriptionKey in a hash, which just lists all the data members.
The old version did a hash of hashes, but that's not needed any more.
Updated FontDescriptionKeyHash to use the Hasher version of ComputeHash.
Added FontFamilyName. Change FontCascadeCacheKey to use a vector of
FontFamilyName instead of AtomString. In FontCascadeCacheEntry, use
WTF_MAKE_STRUCT_FAST_ALLOCATED instead of WTF_MAKE_FAST_ALLOCATED
and also got rid of the unneeeded constructor.
(WebCore::FontCascadeCacheKeyHashTraits::constructDeletedValue):
Use the deleted value of FontDescriptionKey.
(WebCore::FontCascadeCacheKeyHashTraits::isDeletedValue): Ditto.
Renamed getCachedFontPlatformData to just cachedFontPlatformData.

• platform/graphics/FontGenericFamilies.h: Use HashTraits instead of

WTF::GenericHashTraits.

• platform/graphics/FontSelectionAlgorithm.h:

(WebCore::FontSelectionRange::uniqueValue const): Deleted.
(WebCore::add): Add both the minimum and maximum values to the hash
separately instead of combining them. For now, this makes the way
they are hashed a bit inefficient, but that can be re-tightened up by
improving the algorithm of Hasher if we like. Should be fine for our
needs either way.

• platform/graphics/FontTaggedSettings.cpp:

(WebCore::FontFeatureSettings::hash const): Deleted.
(WebCore::FontVariationSettings::hash const): Deleted.

• platform/graphics/FontTaggedSettings.h: Added overloads of the

add(Hasher&) function for std::array<char, 4> and FontTaggedSetting<T>.
Got rid of many uses of pass by reference instead of value for FontTag,
since it fits into a 32-bit register and bth more source code and less
efficient to pass by value.

• platform/graphics/Gradient.cpp: Removed "using WTF::pairIntHash" since

that's now done in the WTF header.

• platform/graphics/cg/GraphicsContextCG.cpp: Ditto. Also removed

"using WTF::GenericHashTraits", which was unhelpful. The GenericHashTraits
template is only really needed when specializing HashTraits, which
already has to be done within the WTF namespace. In all other cases, we
should just use HashTraits instead.

• platform/graphics/cg/SubimageCacheWithTimer.h: Use HashTraits

instead of WTF::GenericHashTraits.

• platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:

Move the data members to the top of the FontFamilySpecificationKey struct.
Removed unneeded computeHash function and WTF prefix from safeCFEqual.
(WebCore::FontFamilySpecificationKeyHash::hash): Call the Hasher version
of computeHash directly to hash the two items in this structure.

• platform/graphics/cocoa/SystemFontDatabaseCoreText.h:

(WebCore::SystemFontDatabaseCoreText::CascadeListParameters::hash const):
Use computeHash instead of IntegerHasher. Also renamed the hash function
struct from CascadeListParameters::CascadeListParametersHash to
CascadeListParameters::Hash.

• platform/graphics/mac/ComplexTextControllerCoreText.mm:

(WebCore::ComplexTextController::collectComplexTextRunsForCharacters):
Removed now-unneeded WTF prefixes from calls to safeCFEqual.

• rendering/TextAutoSizing.h: Use HashTraits instead of WTF::GenericHashTraits.

• rendering/style/RenderStyle.cpp:

(WebCore::computeFontHash): Use computeHash instead of IntegerHasher.
Still not great that we hash a hash here, but we can improve that later.

• workers/service/ServiceWorkerClientIdentifier.h:

(WebCore::ServiceWorkerClientIdentifier::decode): Removed unneeded
WTFMove on ObjectIdentifier, which are just integers, so move vs. copy
is not an important distinction.
(WebCore::ServiceWorkerClientIdentifier::hash const): Use computeHash
instead of combining intHash with StringHasher::hashMemory. This fixes
two mistakes: one is that there is no need to hash a hash. The second is
that intHash takes a 32-bit integer as its parameter, so high bits
of object identifiers were discarded unnecessarily.

• workers/service/ServiceWorkerContextData.h: Removed unneeded include.

• workers/service/ServiceWorkerGlobalScope.h: Added now-needed include

of URLHash.h, since we removed it from a widely-included header.

• workers/service/context/SWContextManager.h: Ditto.
• workers/service/server/ServiceWorkerThreadProxy.h: Ditto.
• workers/service/server/RegistrationStore.h: Ditto.
• workers/service/server/SWServer.h: Ditto.
• workers/service/server/SWServerToContextConnection.h: Ditto.
• workers/service/server/SWServerWorker.h: Ditto.

Source/WebKit:

• NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h: Added now-needed include

of URLHash.h, since we removed it from a widely-included header.

• NetworkProcess/cache/NetworkCache.h:

(WebKit::NetworkCache::GlobalFrameID::hash const): Use computeHash
instead of combining intHash with StringHasher::hashMemory. This fixes
two mistakes: one is that there is no need to hash a hash. The second is
that intHash takes a 32-bit integer as its parameter, so high bits
of object identifiers were discarded unnecessarily.

• Scripts/webkit/messages.py: Added code so that if URL is in an argument, we include the

URLHash.h header. Would be better to just use URL.h and use URLHash.h only if it's a
HashMap<URL>, but currently the script does not distinguish those cases. This wasn't needed
before becuase a widely included header was always pulling in URLHash.h.

• Shared/API/Cocoa/WKBrowsingContextHandle.mm:

(-[WKBrowsingContextHandle hash]): Use computeHash instead of pairIntHash.
This fixes a mistake: pairIntHash takes two 32-bit integers, so high bits
of object identifiers were discarded unnecessarily.

• NetworkProcess/Storage/WebSWContextManagerConnection.h: Added now-needed include

of URLHash.h, since we removed it from a widely-included header.

Source/WebKitLegacy/mac:

• History/BinaryPropertyList.cpp: Use HashTraits instead of WTF::GenericHashTraits.

Source/WTF:

• wtf/HashFunctions.h: Export intHash and pairIntHash to the global namespace

so they can be called without an explicit WTF prefix. This follows the usual
WTF design pattern given that these functions are intended for use outside WTF.

• wtf/Hasher.h: Deleted IntegerHasher.

(WTF::add): Added overloads for String, AtomString, and URL.

• wtf/ObjectIdentifier.h:

(WTF::add): Added a Hasher overload for any ObjectIdentifier.

• wtf/RetainPtr.h: Export safeCFEqual and safeCFHash to the global namespace

so they can be called without an explicit WTF prefix. This follows the usual
WTF design pattern given that these functions are intended for use outside WTF.

• wtf/VectorHash.h: Removed the VectorHash template, instead just specializing

DefaultHash. Use computeHash to hash the contents of the vector instead of
hashing the hashes of the items in the vector. This is better in general and
better for the one case where we are currently using this, for a Vector<int>.
We want to hash all the integers rather than hashing hashes of all the integers.
In the future, this means the elements of the Vector need to be hashable using
the Hasher machinery. The old requirement was the the elements had a DefaultHash.

6:55 PM Changeset in webkit [275649] by commit-queue@webkit.org

• 2 edits in trunk/Source/ThirdParty/ANGLE

Crash in conformance2/textures/misc/compressed-tex-image.html with ANGLE+METAL
Handle uploading a compressed texture with a non-aligned offset. Path requires that we still fill the entire level of a
compressed texture.
​https://bugs.webkit.org/show_bug.cgi?id=223925

Patch by Kyle Piddington <Kyle Piddington> on 2021-04-07
Reviewed by Dean Jackson.

• src/libANGLE/renderer/metal/TextureMtl.mm:

(rx::TextureMtl::convertAndSetPerSliceSubImage):

5:30 PM Changeset in webkit [275648] by mark.lam@apple.com

• 27 edits in trunk/Source

Rename and make the TerminationException a singleton.
​https://bugs.webkit.org/show_bug.cgi?id=224295

Reviewed by Keith Miller.

Source/JavaScriptCore:

We previously call it the TerminatedExecutionException, which is a mouthful but
adds no meaningful information. It's now renamed to TerminationException.

We can make it a singleton because the TerminationException is just a VM internal
mechanism for implementing the termination of the current execution stack. It
should never be exposed to user JS code, and therefore, there is no value in
making it a JS object. Making it a singleton simplifies the code.

A TerminationException is now implemented as an Exception cell which holds a
Symbol with the name "TerminationError". The TerminationException is only created
if needed e.g. if the JSC watchdog is created, or if the VM is for a Worker thread
which needs to be able to handle termination requests.

We'll also stop notifying the debugger when we throw the TerminationException.
This is because the TerminationException is not like ordinary exceptions that
should be reported to the debugger. The fact that the TerminationException uses
the exception handling mechanism is just a VM internal implementation detail.
It is not meaningful to report it to the debugger as an exception.

• API/JSContext.mm:

(-[JSContext evaluateJSScript:]):

• API/tests/ExecutionTimeLimitTest.cpp:

(testExecutionTimeLimit):

• bindings/ScriptFunctionCall.cpp:

(Deprecated::ScriptFunctionCall::call):

• heap/Heap.cpp:

(JSC::Heap::addCoreConstraints):

• inspector/InjectedScriptManager.cpp:

(Inspector::InjectedScriptManager::injectedScriptFor):

• inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::reportAPIException):

• interpreter/Interpreter.cpp:

(JSC::Interpreter::unwind):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):

• jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):

• jsc.cpp:

(checkException):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• runtime/ExceptionHelpers.cpp:

(JSC::TerminatedExecutionError::defaultValue): Deleted.
(JSC::createTerminatedExecutionException): Deleted.
(JSC::isTerminatedExecutionException): Deleted.
(JSC::throwTerminatedExecutionException): Deleted.

• runtime/ExceptionHelpers.h:

(): Deleted.

• runtime/JSObject.h:

(JSC::JSObject::get const):

• runtime/JSPromise.cpp:

(JSC::JSPromise::rejectWithCaughtException):

• runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::ensureWatchdog):
(JSC::VM::ensureTerminationException):
(JSC::VM::throwTerminationException):
(JSC::VM::throwException):

• runtime/VM.h:

(JSC::VM::terminationException const):
(JSC::VM::isTerminationException const):

• runtime/VMTraps.cpp:

(JSC::VMTraps::handleTraps):

Source/WebCore:

In the WorkerOrWorkletScriptController constructor, we ensure the TerminationException
because workers need to support termination requests.

• bindings/js/JSDOMExceptionHandling.cpp:

(WebCore::reportException):

• bindings/js/JSDOMGlobalObject.cpp:

(WebCore::JSC_DEFINE_HOST_FUNCTION):
(WebCore::handleResponseOnStreamingAction):

• bindings/js/JSDOMPromise.cpp:

(WebCore::DOMPromise::whenPromiseIsSettled):

• bindings/js/JSDOMPromiseDeferred.cpp:

(WebCore::DeferredPromise::reject):

• bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

• bindings/js/ReadableStream.cpp:

(WebCore::invokeReadableStreamFunction):
(WebCore::ReadableStream::lock):
(WebCore::checkReadableStream):

• bindings/js/ReadableStreamDefaultController.cpp:

(WebCore::invokeReadableStreamDefaultControllerFunction):
(WebCore::ReadableStreamDefaultController::error):
(WebCore::ReadableStreamDefaultController::enqueue):

• workers/WorkerOrWorkletScriptController.cpp:

(WebCore::WorkerOrWorkletScriptController::WorkerOrWorkletScriptController):
(WebCore::WorkerOrWorkletScriptController::evaluate):
(WebCore::WorkerOrWorkletScriptController::linkAndEvaluateModule):
(WebCore::WorkerOrWorkletScriptController::loadAndEvaluateModule):

5:24 PM Changeset in webkit [275647] by Russell Epstein

• 8 edits in branches/safari-611-branch/Source

Versioning.

WebKit-7611.2.2

4:49 PM Changeset in webkit [275646] by commit-queue@webkit.org

• 2 edits in trunk/Source/WTF

Suppress -Warray-bounds warning spam in Bitmap.h
​https://bugs.webkit.org/show_bug.cgi?id=224207

Patch by Michael Catanzaro <Michael Catanzaro> on 2021-04-07
Reviewed by Don Olmstead.

Suppress this warning.

• wtf/Bitmap.h:

(WTF::WordType>::clear):

4:35 PM Changeset in webkit [275645] by jer.noble@apple.com

• 2 edits in trunk/Source/WebKit

Unreviewed build fix after r275614; make sure SWIFT_VERSION is defined inside the WebKitSwift build target.

• Configurations/WebKitSwift.xcconfig:

4:31 PM Changeset in webkit [275644] by Russell Epstein

• 1 copy in tags/Safari-612.1.10.1

Tag Safari-612.1.10.1.

4:24 PM Changeset in webkit [275643] by Russell Epstein

• 1 copy in tags/Safari-611.2.1

Tag Safari-611.2.1.

4:11 PM Changeset in webkit [275642] by Russell Epstein

• 8 edits in branches/safari-612.1.10-branch/Source

Versioning.

WebKit-7612.1.10.1

4:06 PM Changeset in webkit [275641] by Simon Fraser

• 7 edits in trunk/Source/WebCore

Remove RepaintLayoutRectsMap
​https://bugs.webkit.org/show_bug.cgi?id=224217

Reviewed by Zalan Bujtas.

RepaintLayoutRectsMap was a side table used to map RenderLayerModelObjects to
repaint rects for their corresponding layers. However, this HashMap could
get large, and waste more space than if we just stored the repaint rects
on RenderLayer.

For example, on twitter.com we could have about 2000 RenderLayers; increasing
their size by 32 bytes (the size of the two LayoutRects) adds 62KB, but RepaintLayoutRectsMap
would contain about 1950 entries with a capacity of 8192, wasting around 200KB.

So moving repaint rects into RenderLayer is a memory saving. This patch does so
without using Optional<> since that introduces extra padding.

• rendering/ComplexLineLayout.cpp:

(WebCore::ComplexLineLayout::layoutRunsAndFloats):

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::RenderLayer):
(WebCore::RenderLayer::updateLayerPositions):
(WebCore::RenderLayer::repaintRectIncludingNonCompositingDescendants const):
(WebCore::RenderLayer::computeRepaintRects):
(WebCore::RenderLayer::setRepaintRects):
(WebCore::RenderLayer::clearRepaintRects):
(WebCore::RenderLayer::updateLayerPositionsAfterScroll):
(WebCore::RenderLayer::calculateClipRects const):

• rendering/RenderLayer.h:

(WebCore::RenderLayer::repaintRects const):
(WebCore::RenderLayer::hasComputedRepaintRects const): Deleted.

• rendering/RenderLayerModelObject.cpp:

(WebCore::RenderLayerModelObject::willBeDestroyed):
(WebCore::RenderLayerModelObject::destroyLayer):
(WebCore::RenderLayerModelObject::styleDidChange):
(WebCore::RenderLayerModelObject::layerRepaintRects const):
(WebCore::RepaintLayoutRects::RepaintLayoutRects): Deleted.
(WebCore::RenderLayerModelObject::hasRepaintLayoutRects const): Deleted.
(WebCore::RenderLayerModelObject::setRepaintLayoutRects): Deleted.
(WebCore::RenderLayerModelObject::clearRepaintLayoutRects): Deleted.
(WebCore::RenderLayerModelObject::repaintLayoutRects const): Deleted.
(WebCore::RenderLayerModelObject::computeRepaintLayoutRects): Deleted.

• rendering/RenderLayerModelObject.h:

(WebCore::RepaintLayoutRects::RepaintLayoutRects): Deleted.

• rendering/RenderLayerScrollableArea.cpp:

(WebCore::RenderLayerScrollableArea::scrollTo):

3:55 PM Changeset in webkit [275640] by commit-queue@webkit.org

• 4 edits
  3 adds in trunk/Source/WebKit

[WebXR] Introduce XRDeviceIdentifier and XRDeviceInfo to be used to communicate device info
​https://bugs.webkit.org/show_bug.cgi?id=224239

Patch by Ada Chan <​ada.chan@apple.com> on 2021-04-07
Reviewed by Tim Horton.

These classes are codable so they can be used in messages across UI/web process boundary.
In a future patch, these classes will be used to create device objects returned from
WebChromeClient::enumerateImmersiveXRDevices().

• Shared/Cocoa/XRDeviceIdentifier.h: Added.

This codable type will be used to identify a device.

• Shared/Cocoa/XRDeviceInfo.h: Added.
• Shared/Cocoa/XRDeviceInfo.mm: Added.

(WebKit::XRDeviceInfo::encode const):
(WebKit::XRDeviceInfo::decode):

• Shared/WebCoreArgumentCoders.h:

Add EnumTraits for PlatformXR::ReferenceSpaceType so we can encode it.

• SourcesCocoa.txt:
• WebKit.xcodeproj/project.pbxproj:

3:46 PM Changeset in webkit [275639] by Simon Fraser

• 8 edits in trunk/Source/WebCore

Wasted vector capacity in various DisplayList related code paths
​https://bugs.webkit.org/show_bug.cgi?id=224304

Reviewed by Wenson Hsieh.

Add DisplayList::shrinkToFit() and have it shrink the vector of drawing extents (this
could be extended to shrink item buffers at some point). Call the shrink from
FontCascade which caches glyph buffers as an optimization.

Reduce the inline capacity of the Recorder's context stack; this sticks around
for GPU process canvases.

Reduce the inline capacity of the DrawGyph buffers from 128 to 16, as these items
persist for FontCascade cached lists (until a memory warning).

• platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::displayListForTextRun const):

• platform/graphics/displaylists/DisplayList.cpp:

(WebCore::DisplayList::DisplayList::shrinkToFit):

• platform/graphics/displaylists/DisplayList.h:
• platform/graphics/displaylists/DisplayListItems.h:

(WebCore::DisplayList::DrawGlyphs::glyphs const):

• platform/graphics/displaylists/DisplayListRecorder.h:

3:36 PM Changeset in webkit [275638] by Simon Fraser

• 2 edits in trunk/Source/WebCore

Wasted vector capacity under CSSFontFace::setUnicodeRange()
​https://bugs.webkit.org/show_bug.cgi?id=224266

Reviewed by Devin Rousso.

We know how big the Vector<UnicodeRange> is up-front.

• css/CSSFontFace.cpp:

(WebCore::CSSFontFace::setUnicodeRange):

3:36 PM Changeset in webkit [275637] by Simon Fraser

• 2 edits in trunk/Source/WebCore

Wasted vector capacity under RuleFeatureSet::collectFeatures()
​https://bugs.webkit.org/show_bug.cgi?id=224248

Reviewed by Devin Rousso.

The RuleSets constructed ensureInvalidationRuleSets() were never shrunk,
causing up to 500KB of wasted vector capacity on youtube.com.

This change calls shrinkToFit() on the RuleSets, and on the InvalidationRuleSet
vector.

• style/StyleScopeRuleSets.cpp:

(WebCore::Style::ensureInvalidationRuleSets):

3:32 PM Changeset in webkit [275636] by Russell Epstein

• 1 copy in tags/Safari-612.1.10

Tag Safari-612.1.10.

3:25 PM Changeset in webkit [275635] by Jonathan Bedard

• 5 edits in trunk/Tools

[webkitscmpy] Handle multiple double-branch commits
​https://bugs.webkit.org/show_bug.cgi?id=224251
<rdar://problem/76288547>

Reviewed by Dewei Zhu.

There are a few cases, namely on the safari-607-branch, where some commits where made both
on trunk and on a branch. In one notable case, two sequential commits were made this way.

• Scripts/libraries/webkitscmpy/setup.py: Bump version.
• Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
• Scripts/libraries/webkitscmpy/webkitscmpy/local/svn.py:

(Svn._cache_revisions): Handle multiple double-branch commits.

• Scripts/libraries/webkitscmpy/webkitscmpy/remote/svn.py:

(Svn._cache_revisions): Handle multiple double-branch commits.

3:18 PM Changeset in webkit [275634] by commit-queue@webkit.org

• 4 edits in trunk

[GTK] webkit://gpu should print runtime libwpe and wpebackend-fdo versions
​https://bugs.webkit.org/show_bug.cgi?id=224298

Patch by Michael Catanzaro <Michael Catanzaro> on 2021-04-07
Reviewed by Adrian Perez de Castro.

.:

• Source/cmake/OptionsGTK.cmake:

Source/WebKit:

• UIProcess/API/glib/WebKitProtocolHandler.cpp:

(WebKit::WebKitProtocolHandler::handleGPU):

3:17 PM Changeset in webkit [275633] by Simon Fraser

• 3 edits in trunk/Source/WebCore

Reduce Vector<> wasted capacity in some RuleSet code
​https://bugs.webkit.org/show_bug.cgi?id=224160

Reviewed by Antti Koivisto.

Dynamic media rule-related vectors were not getting shrunk because m_dynamicMediaQueryRules
was constructed after the shrinkToFit() calls, and itself was not shrunk.

Also re-order member variables to reduce padding.

Saves 60-120KB on a nytimes page.

• style/RuleSet.cpp:

(WebCore::Style::RuleSet::addRulesFromSheet):
(WebCore::Style::RuleSet::evaluateDynamicMediaQueryRules):
(WebCore::Style::shrinkDynamicRules):
(WebCore::Style::RuleSet::shrinkToFit):

• style/RuleSet.h:

(WebCore::Style::RuleSet::DynamicMediaQueryRules::shrinkToFit):

3:17 PM Changeset in webkit [275632] by Simon Fraser

• 2 edits in trunk/Source/WebCore

Wasted vector capacity in RenderLayer lists
​https://bugs.webkit.org/show_bug.cgi?id=224170

Reviewed by Sam Weinig.

Shrink RenderLayer normal flow and z-order lists.

This saves about 800KB on twitter.com.

• rendering/RenderLayer.cpp:

(WebCore::RenderLayer::updateNormalFlowList):
(WebCore::RenderLayer::rebuildZOrderLists):

3:11 PM Changeset in webkit [275631] by Russell Epstein

• 2 edits in branches/safari-611-branch

Cherry-pick r275541. rdar://problem/76367015

Speculative build fix for Windows port.
​https://bugs.webkit.org/show_bug.cgi?id=224243
rdar://75883248

Reviewed by Saam Barati.

Source/cmake/tools/scripts/auto-version.pl was limiting our minor and micro
version to only 2 decimal digits only. In practice, we can use up to 3 digits.

• Source/cmake/tools/scripts/auto-version.pl: (packTwoValues):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2:46 PM Changeset in webkit [275630] by Russell Epstein

• 1 copy in tags/Safari-611.1.21.161.4

Tag Safari-611.1.21.161.4.

2:45 PM Changeset in webkit [275629] by Russell Epstein

• 2 edits in branches/safari-611.1.21.161-branch

Cherry-pick r275541. rdar://problem/76365929

Speculative build fix for Windows port.
​https://bugs.webkit.org/show_bug.cgi?id=224243
rdar://75883248

Reviewed by Saam Barati.

Source/cmake/tools/scripts/auto-version.pl was limiting our minor and micro
version to only 2 decimal digits only. In practice, we can use up to 3 digits.

• Source/cmake/tools/scripts/auto-version.pl: (packTwoValues):

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@275541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2:41 PM Changeset in webkit [275628] by Russell Epstein

• 8 edits in branches/safari-611.1.21.161-branch/Source

Versioning.

WebKit-7611.1.21.161.4

2:24 PM Changeset in webkit [275627] by dino@apple.com

• 1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Adding Ada as a contributor.

• Scripts/webkitpy/common/config/contributors.json:

2:14 PM Changeset in webkit [275626] by ysuzuki@apple.com

• 24 edits in trunk/Source

[JSC] Use FixedVector more in bytecode dir and JumpTable
​https://bugs.webkit.org/show_bug.cgi?id=224275

Reviewed by Michael Saboff and Mark Lam.

Source/JavaScriptCore:

1. Use FixedVector more in bytecode/ directory's long-living data structures.
2. Use FixedVector in SimpleJumpTable. This involves LLInt changes because we need to access FixedVector data from LLInt.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):

• bytecode/InlineCallFrame.cpp:

(JSC::InlineCallFrame::dumpInContext const):

• bytecode/InlineCallFrame.h:
• bytecode/JumpTable.h:

(JSC::SimpleJumpTable::clear):

• bytecode/ObjectPropertyConditionSet.cpp:

(JSC::ObjectPropertyConditionSet::mergedWith const):
(JSC::ObjectPropertyConditionSet::dumpInContext const):
(JSC::ObjectPropertyConditionSet::isValidAndWatchable const):

• bytecode/ObjectPropertyConditionSet.h:

(JSC::ObjectPropertyConditionSet::create):
(JSC::ObjectPropertyConditionSet::isValid const):
(JSC::ObjectPropertyConditionSet::size const):
(JSC::ObjectPropertyConditionSet::begin const):
(JSC::ObjectPropertyConditionSet::end const):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
(JSC::DFG::ByteCodeParser::flushImpl):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

• dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::validateReferences):

• dfg/DFGGraph.cpp:

(JSC::DFG::Graph::isLiveInBytecode):

• dfg/DFGGraph.h:
• dfg/DFGPreciseLocalClobberize.h:

(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

• dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

• ftl/FTLCompile.cpp:

(JSC::FTL::compile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):

• jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::argumentsStart):

• jit/SetupVarargsFrame.cpp:

(JSC::emitSetupVarargsFrameFastCase):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::createWithInlineFrame):

Source/WTF:

• wtf/FixedVector.h:

(WTF::FixedVector::offsetOfStorage):

• wtf/RefCountedArray.h:

(WTF::RefCountedArray::Header::size):
(WTF::RefCountedArray::Header::offsetOfLength):

2:02 PM Changeset in webkit [275625] by Brent Fulgham

• 2 edits in trunk/Source/WebKit

[Cocoa] Incorrect selector used to set logging level
​https://bugs.webkit.org/show_bug.cgi?id=224292
<rdar://problem/75379660>

Reviewed by John Wilander.

Use {public} declarations so we get logging in release builds. These strings
are not sensitive.

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::configurationForSessionID):

2:00 PM Changeset in webkit [275624] by aakash_jain@apple.com

• 3 edits in trunk/Tools

commit-queue should perform git reset --hard between retry attempts
​https://bugs.webkit.org/show_bug.cgi?id=224300

Reviewed by Jonathan Bedard.

• CISupport/ews-build/steps.py:

(GitResetHard): Build step to perform git reset --hard.
(GitResetHard.start):
(PushCommitToWebKitRepo.evaluateCommand):

• CISupport/ews-build/steps_unittest.py: Added unit-test.

1:07 PM Changeset in webkit [275623] by jer.noble@apple.com

• 3 edits in trunk/Source/WebCore/PAL

Unreviewed build fix after r275614; add soft linked class.

• pal/cocoa/AVFoundationSoftLink.h:
• pal/cocoa/AVFoundationSoftLink.mm:

12:31 PM Changeset in webkit [275622] by Brent Fulgham

• 2 edits in trunk/Source/WebKit

[Cocoa] Incorrect selector used to set logging level
​https://bugs.webkit.org/show_bug.cgi?id=224292
<rdar://problem/75379660>

Reviewed by John Wilander.

The wrong selector label was used to configure the low-level network logging level.

• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::configurationForSessionID):

12:31 PM Changeset in webkit [275621] by Robert Jenner

• 2 edits in trunk/LayoutTests

[ macOS ] media/modern-media-controls/seek-forward-support/seek-forward-support.html is a flakey timeout
​https://bugs.webkit.org/show_bug.cgi?id=224297

Unreviewed test gardening.

• platform/mac/TestExpectations: Updating test expectations to Pass Timeout.

12:25 PM Changeset in webkit [275620] by Alan Bujtas

• 2 edits in trunk/Source/WebCore

[LFC][IFC] Remove InlineLines and InlineLineBoxes inline capacity of 10
​https://bugs.webkit.org/show_bug.cgi?id=224296

Reviewed by Antti Koivisto.

A casual browsing session shows that the average line count is ~1.4. Having 10 as initial capacity seems a little excessive.
(and neither PerformanceTests/Layout/line-layout-inline-block.html nor PerformanceTests/Layout/line-layout-inline-level-boxes.html microbenchmarks show regression locally)

• layout/inlineformatting/InlineFormattingState.h:

12:16 PM Changeset in webkit [275619] by commit-queue@webkit.org

• 5 edits in trunk/Source

Use os_transaction_create instead of deprecated xpc_transaction_begin/end
​https://bugs.webkit.org/show_bug.cgi?id=224288

Patch by Alex Christensen <​achristensen@webkit.org> on 2021-04-07
Reviewed by Tim Horton.

Source/WebKit:

xpc_transaction_begin/end are deprecated with os_transaction_t being the replacement.
The transaction object makes it easier to associate a transaction's begin and end with each other,
and it adds a name, which makes system level debugging of what transactions are happening in which
processes much nicer.

• Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h:

(WebKit::XPCServiceInitializer):

• Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.mm:

(WebKit::osTransaction):
(WebKit::XPCServiceExit):

Source/WTF:

• wtf/spi/darwin/XPCSPI.h:

12:13 PM Changeset in webkit [275618] by Robert Jenner

• 2 edits in trunk/LayoutTests

[ BigSur wk2 Debug x86_64 ] inspector/indexeddb/requestDatabaseNames.html is a flakey text failure
​https://bugs.webkit.org/show_bug.cgi?id=224294

Unreviewed test gardening.

• platform/mac-wk2/TestExpectations: Updating test expectations to Pass Failure.

12:00 PM Changeset in webkit [275617] by commit-queue@webkit.org

• 5 edits in trunk/Source/ThirdParty/ANGLE

[METAL ANGLE] Interface block declerations need to have children marked as struct accesses. Add implicit backing textures for multisample render targets
​https://bugs.webkit.org/show_bug.cgi?id=224265

Patch by John Cunningham <​johncunnigham@apple.com> on 2021-04-07
Reviewed by Dean Jackson.

• src/compiler/translator/TranslatorMetalDirect/ReduceInterfaceBlocks.cpp:
• src/libANGLE/renderer/metal/FrameBufferMtl.h:
• src/libANGLE/renderer/metal/FrameBufferMtl.mm:

(rx::FramebufferMtl::setLoadStoreActionOnRenderPassFirstStart):
(rx::FramebufferMtl::onStartedDrawingToFrameBuffer):

• src/libANGLE/renderer/metal/RenderBufferMtl.mm:

(rx::RenderbufferMtl::setStorageImpl):

11:23 AM Changeset in webkit [275616] by don.olmstead@sony.com

• 3 edits
  1 add in trunk/Source/ThirdParty

[PlayStation] Do not include <any> in gtest because it requires RTTI
​https://bugs.webkit.org/show_bug.cgi?id=224281

Reviewed by Ross Kirsling.

To determine platform capabilities gtest looks to see if a platform is using a minimum
C++ version and whether it has a required header. In the PlayStation's case it sees that
the <any> header is present with the requisite version of C++ so it defines support for it
and includes the header. However in the PlayStation's case to use <any> RTTI must be
enabled and if it isn't an error is generated.

This patch adds a way to short circuit GTEST_INTERNAL values for ports. An upstream fix is
in review at ​https://github.com/google/googletest/pull/3345 and if landed then the next
update to gtest can remove this patch.

• gtest/PlatformPlayStation.cmake:
• gtest/README.WebKit: Added.
• gtest/include/gtest/internal/gtest-port.h:

11:22 AM Changeset in webkit [275615] by mark.lam@apple.com

• 3 edits in trunk/Source/JavaScriptCore

Fix a typo in JITUncoughtExceptionAfterCall.
​https://bugs.webkit.org/show_bug.cgi?id=224290

Reviewed by Keith Miller.

• assembler/AbortReason.h:
• jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::jitReleaseAssertNoException):

11:20 AM Changeset in webkit [275614] by jer.noble@apple.com

• 4 edits
  1 add in trunk/Source/WebKit

[Cocoa] Add WebKitAdditions sources to project
​https://bugs.webkit.org/show_bug.cgi?id=223803

Reviewed by Eric Carlson.

Enabling swift compilation requires modularization of the WebKit project,
but some of the headers in the WebKitLegacy.h umbrella header conflict with
filenames in the WebKit project, and can't be included in Objective-C or
Swift sources. To work around this issue for now, add "#if defined(cplusplus)"
guards around those headers.

• Configurations/WebKit.xcconfig:
• UIProcess/API/Cocoa/WebKitLegacy.h:
• UIProcess/WebBackForwardList.h:
• UIProcess/WebPreferences.h:
• WebKit.xcodeproj/project.pbxproj:
• WebProcess/WebPage/WebFrame.h:

10:58 AM Changeset in webkit [275613] by Jonathan Bedard

• 3 edits in trunk/Tools

[build.webkit.org] Commit queue should post the identifier
​https://bugs.webkit.org/show_bug.cgi?id=223829
<rdar://problem/75908321>

Reviewed by Aakash Jain.

• CISupport/ews-build/steps.py:

(PushCommitToWebKitRepo.url_for_revision): Use COMMITS_INFO_URL.
(PushCommitToWebKitRepo.url_for_identifier): Convert identifier
to commits.webkit.org URL.
(PushCommitToWebKitRepo.identifier_for_revision): Convert a commit
revision to an identifier string.
(PushCommitToWebKitRepo.comment_text_for_bug): Consult commits.webkit.org
to convert revision to identifier.

• CISupport/ews-build/steps_unittest.py:

10:26 AM Changeset in webkit [275612] by aakash_jain@apple.com

• 2 edits in trunk/Tools

git-webkit find doesn't work well with unicode characters in author name
​https://bugs.webkit.org/show_bug.cgi?id=223686

Reviewed by Jonathan Bedard.

• Scripts/libraries/webkitscmpy/webkitscmpy/program/find.py:

(Info.main): Added a try except block while printing author, since the script should still print rest of the info.

10:08 AM Changeset in webkit [275611] by Chris Dumez

• 3 edits in trunk/Source/WebCore

Drop unnecessary NDEBUG checks in ServiceWorkerContainer
​https://bugs.webkit.org/show_bug.cgi?id=224285

Reviewed by Youenn Fablet.

• workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::~ServiceWorkerContainer):
(WebCore::ServiceWorkerContainer::scheduleJob):
(WebCore::ServiceWorkerContainer::jobFailedWithException):
(WebCore::ServiceWorkerContainer::queueTaskToFireUpdateFoundEvent):
(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
(WebCore::ServiceWorkerContainer::jobResolvedWithUnregistrationResult):
(WebCore::ServiceWorkerContainer::startScriptFetchForJob):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
(WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
(WebCore::ServiceWorkerContainer::destroyJob):
(WebCore::ServiceWorkerContainer::addRegistration):
(WebCore::ServiceWorkerContainer::removeRegistration):
(WebCore::ServiceWorkerContainer::queueTaskToDispatchControllerChangeEvent):
(WebCore::ServiceWorkerContainer::contextIdentifier):

• workers/service/ServiceWorkerContainer.h:

10:06 AM Changeset in webkit [275610] by Simon Fraser

• 5 edits in trunk/Source/WebCore

Wasted vector capacity in StyleRuleKeyframes
​https://bugs.webkit.org/show_bug.cgi?id=224264

Reviewed by Antti Koivisto.

Shrink StyleRuleKeyframes::m_keyframes. Saves 23KB on youtube.com.

• css/CSSKeyframesRule.cpp:

(WebCore::StyleRuleKeyframes::shrinkToFit):

• css/CSSKeyframesRule.h:
• css/parser/CSSParserImpl.cpp:

(WebCore::CSSParserImpl::consumeKeyframesRule):

• css/parser/CSSPropertyParser.cpp:

(WebCore::CSSPropertyParser::consumeAnimationShorthand):

9:56 AM Changeset in webkit [275609] by Simon Fraser

• 2 edits in trunk/Source/WebCore

Wasted vector capacity in StyleSheetContents
​https://bugs.webkit.org/show_bug.cgi?id=224250

Reviewed by Darin Adler.

Call shrinkToFit() on the StyleSheetContents created in CSSParserImpl::parseStyleSheet()
in order to shrink m_importRules and m_childRules, which can waste about 100KB on
youtube.com.

• css/parser/CSSParserImpl.cpp:

(WebCore::CSSParserImpl::parseStyleSheet):

9:26 AM Changeset in webkit [275608] by don.olmstead@sony.com

• 4 edits in trunk

[CMake] Mark _LIBRARY not _LIBRARIES in find modules
​https://bugs.webkit.org/show_bug.cgi?id=224283

Reviewed by Michael Catanzaro.

A few find modules are erroniously sending _LIBRARIES to mark_as_advanced rather than
_LIBRARY. The former is created from the _LIBRARY value so it isn't valid at that point.

• Source/cmake/FindCairo.cmake:
• Source/cmake/FindFontconfig.cmake:
• Source/cmake/FindSQLite3.cmake:

8:54 AM Changeset in webkit [275607] by Alan Bujtas

• 4 edits
  2 adds in trunk

REGRESSION (r270849): Button content fails to render on apple.com "Blood Oxygen"/"ECG"
​https://bugs.webkit.org/show_bug.cgi?id=224261

Reviewed by Simon Fraser.

Source/WebCore:

1. The changeRequiresRecompositeLayer check in RenderStyle::diff should come after

changeRequiresRepaintIfTextOrBorderOrOutline since RepaintIfTextOrBorderOrOutline is at
a higher priority in StyleDifference.

2. Ensure that we trigger setNeedsCompositingConfigurationUpdate on diff >= StyleDifference::RecompositeLayer.

Test: fast/text/text-repaint-when-pointer-event-property-changes.html

• rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::layerStyleChanged):

• rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::diff const):

LayoutTests:

• fast/text/text-repaint-when-pointer-event-property-changes-expected.html: Added.
• fast/text/text-repaint-when-pointer-event-property-changes.html: Added.

7:47 AM Changeset in webkit [275606] by commit-queue@webkit.org

• 5 edits
  2 adds in trunk

Ignore non-null lastQuote ASSERT when continuation is broken
​https://bugs.webkit.org/show_bug.cgi?id=218576

Patch by Rob Buis <​rbuis@igalia.com> on 2021-04-07
Reviewed by Zalan Bujtas.

Source/WebCore:

Ignore non-null lastQuote when continuation is broken.

• rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::hasBrokenContinuation const):
(WebCore::RenderTreeBuilder::setHasBrokenContinuation):

• rendering/updating/RenderTreeBuilderInline.cpp:

(WebCore::RenderTreeBuilder::Inline::splitInlines):

• rendering/updating/RenderTreeUpdaterGeneratedContent.cpp:

(WebCore::RenderTreeUpdater::GeneratedContent::updateQuotesUpTo):

LayoutTests:

Add test for this.

• fast/dom/quotes-continuation-crash-expected.txt: Added.
• fast/dom/quotes-continuation-crash.html: Added.

6:13 AM Changeset in webkit [275605] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebKit

[WPE][GTK] Null pointer dereference when child process exits immediately
​https://bugs.webkit.org/show_bug.cgi?id=224209

Patch by Michael Catanzaro <Michael Catanzaro> on 2021-04-07
Reviewed by Carlos Garcia Campos.

We discovered that when the child process exits immediately after it is spawned,
g_subprocess_get_identifier() will return nullptr. In this case, we should crash cleanly
with SIGABRT via g_error(), rather than crashing with a null pointer dereference inside
g_ascii_strtoll(). SIGABRT is much nicer than SIGSEGV and indicates that we really do want
to crash here, whereas SIGSEGV is just a bug.

Also, let's be careful with our terminology in the existing error message here. Although
GSubprocess currently always forks, I'm working to make it use posix_spawn() instead, so
let's not claim that fork() has failed when it soon might not be used at all.

• UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:

(WebKit::ProcessLauncher::launchProcess):

5:30 AM Changeset in webkit [275604] by Jonathan Bedard

• 4 edits in trunk/Tools

REGRESSION(r274366): webkitscmpy.test.svn_unittest.TestRemoteSvn.test_info fails in non-PDT timezones
​https://bugs.webkit.org/show_bug.cgi?id=223606

Reviewed by Aakash Jain.

• Scripts/libraries/webkitscmpy/setup.py: Bump version.
• Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
• Scripts/libraries/webkitscmpy/webkitscmpy/test/svn_unittest.py:

(TestRemoteSvn.test_info): Use utc shifted into PDT for consistency across timezones.

5:27 AM Changeset in webkit [275603] by imanol

• 4 edits in trunk/Source/WebCore

Use frameData instead of scheduleOnNextFrame calls in WebFakeXRDevice
​https://bugs.webkit.org/show_bug.cgi?id=223580

Reviewed by Youenn Fablet.

This patch makes the WebFakeXRDevice code more robust by getting rid of the scheduleOnNextFrame calls.

Tested by WebXR WPT.

• testing/WebFakeXRDevice.cpp:

(WebCore::SimulatedXRDevice::setViews):
(WebCore::SimulatedXRDevice::setNativeBoundsGeometry):
(WebCore::SimulatedXRDevice::setViewerOrigin):
(WebCore::SimulatedXRDevice::frameTimerFired):
(WebCore::WebFakeXRDevice::setViews):
(WebCore::WebFakeXRDevice::setViewerOrigin):
(WebCore::WebFakeXRDevice::setFloorOrigin):

• testing/WebFakeXRDevice.h:
• testing/WebXRTest.cpp:

(WebCore::WebXRTest::simulateDeviceConnection):

5:09 AM Changeset in webkit [275602] by don.olmstead@sony.com

• 8 edits in trunk

[CMake] Add WebKit::gtest target
​https://bugs.webkit.org/show_bug.cgi?id=224203

Reviewed by Adrian Perez de Castro.

Source/ThirdParty:

Create a WebKit::gtest target that propagates the include directories and required
preprocessor directives to dependencies.

Use Modern CMake functions for describing the target.

• gtest/CMakeLists.txt:
• gtest/PlatformPlayStation.cmake:

Tools:

Use the WebKit::gtest target. Remove uses of ${THIRDPARTY_DIR}/gtest/include since the
target propagates those. Also remove the hack to get gtest definitions.

Don't include gtest with the TestJSC executable since it just uses GLib's testing
capabilities.

• TestWebKitAPI/CMakeLists.txt:
• TestWebKitAPI/PlatformGTK.cmake:
• TestWebKitAPI/PlatformWPE.cmake:
• TestWebKitAPI/config.h:

5:01 AM WebKitGTK/2.32.x edited by aboya@igalia.com

(diff)

4:38 AM Changeset in webkit [275601] by commit-queue@webkit.org

• 2 edits in trunk

.gitignore contains 'build/' which causes all directories named 'build/' to be ignored
​https://bugs.webkit.org/show_bug.cgi?id=224227

Patch by Kimmo Kinnunen <​kkinnunen@apple.com> on 2021-04-07
Reviewed by Ryosuke Niwa.

Remove 'build/' from .gitignore, it was causing errors by hiding files.
WebGL conformance test suite files have directiories with 'build/' in its path.

Most likely '/build/' is not a common build directory, since the scripts
seem to default to '/WebKitBuild/'.

• .gitignore:

4:08 AM WebKitGTK/2.32.x edited by eocanha@igalia.com

(diff)

3:27 AM WebKitGTK/2.32.x edited by Philippe Normand

(diff)

2:58 AM Changeset in webkit [275600] by commit-queue@webkit.org

• 5 edits in trunk

[GStreamer] Videos start playing muted in epiphany with no unmute icon visible in tab, webkit_web_view_get_is_muted() returns incorrect results
​https://bugs.webkit.org/show_bug.cgi?id=223195

Patch by Philippe Normand <​pnormand@igalia.com> on 2021-04-07
Source/WebCore:

Reviewed by Eric Carlson.

For GStreamer ports the semantics of IsPlayingAudio slightly differ from Apple ports. The
webkit_web_view_is_playing_audio() API is expected to return true if a page is producing
audio even though it might be muted.

The second change affects the private player mute state when the page mute state has been
updated.

• html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaState const):
(WebCore::HTMLMediaElement::pageMutedStateDidChange):

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp: Logging improvements.

(WebCore::MediaPlayerPrivateGStreamer::isMuted const):
(WebCore::MediaPlayerPrivateGStreamer::volume const):
(WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfVolumeChange):
(WebCore::MediaPlayerPrivateGStreamer::setMuted):
(WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfMute):

Tools:

Reviewed by Michael Catanzaro.

Adapt is-playing test, after muting the page, webkit_web_view_is_playing_audio() should
still return TRUE.

• TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp:

(IsPlayingAudioWebViewTest::periodicallyCheckIsPlayingForAWhile):
(testWebViewIsPlayingAudio):

2:53 AM Changeset in webkit [275599] by eocanha@igalia.com

• 11 edits in trunk/Source/WebCore

[EME][GStreamer] Abort decryptor operations immediately and without errors on flush
​https://bugs.webkit.org/show_bug.cgi?id=223742

Reviewed by Xabier Rodriguez-Calvar.

A decryptor transformInPlace() operation can cause potentially long waits in
two situations:

• transformInPlace() is waiting to get the cdmProxy.
• The CDMProxy::decrypt() method is internally waiting for a specific key to become available.

If a seek operation is performed during those long waits, the main thread will
be blocked until the seek finishes the conditions those long waits are waiting
for will never be fulfilled (because the operations that complete them happen
in the main thread, which is blocked), the internal wait timeouts will trigger
and the decoder will trigger an unrecoverable error.

The solution for this is to break the waits by issuing the right notifications,
and to detect the flushes performed by the seek, distinguising this special
"abort" case from a regular error, so that the situation is no longer
unrecoverable.

This solution involves changes in several layers. A public
CDMProxy::abortWaitingForKey() method is exposed to allow the decryptor to
awake the inner waitFor() that checks for the key. The cdmProxy wait is also
awaken in case there's no cdmProxy available yet.

In order to distinguish if the awakenings are caused by real errors (no
cdmProxy, no key available) or by a flush operation (caused by the seek), the
decryptor first needs to keep track of the "flushing" state and allow other
objects to know about it. CDMProxy is one of those objects, but due to layer
limitations it can't directly ask about it to the decryptor (it can't "see"
it).

A new CDMProxyDecryptionClient interface is created, and the decryptor will
hold an implementation of it (as CDMProxyDecryptorClientImplementation).
CDMProxy can then know the client isAborting(), and the client will know the
decryptor and will ask about it.

As the pipeline, and thus the decryptor, can be destroyed at any moment,
the client holds a WeakPtr to the decryptor and will only ask if isAborting()
if the pointer is still alive.

• platform/encryptedmedia/CDMProxy.cpp:

(WebCore::CDMProxy::abortWaitingForKey const): Notify waiting threads.
(WebCore::CDMProxy::tryWaitForKeyHandle const): Take a client and ask it if it's aborting.
(WebCore::CDMProxy::getOrWaitForKeyHandle const): Pass the client along.
(WebCore::CDMProxy::getOrWaitForKeyValue const): Ditto.

• platform/encryptedmedia/CDMProxy.h: Declaration and usage of the CDMProxyDecryptionClient interface.
• platform/graphics/gstreamer/eme/CDMProxyClearKey.cpp:

(WebCore::CDMProxyClearKey::cencSetDecryptionKey): Pass the client along from the context.

• platform/graphics/gstreamer/eme/CDMProxyClearKey.h: Store client in the cencDecryptContext.
• platform/graphics/gstreamer/eme/CDMProxyThunder.cpp:

(WebCore::CDMProxyThunder::getDecryptionSession const): Pass the client along from the context.
(WebCore::CDMProxyThunder::decrypt): Abort operations aren't an error, so just trigger a warning if there's no session.

• platform/graphics/gstreamer/eme/CDMProxyThunder.h: Store client in DecryptionContext.
• platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:

(decrypt): Ask for client to the superclass and store it in the context.

• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:

(CDMProxyDecryptionClientImplementation::CDMProxyDecryptionClientImplementation): Implementation of the CDMProxyDecryptionClient interface.
(CDMProxyDecryptionClientImplementation::isAborting): Ask if the decryptor is flushing.
(constructed): Initialize the client.
(transformInPlace): Check the flush status after waiting for the CDMProxy and for the decryption performed by the subclasses. Release the lock when not needed.
(isCDMProxyAvailable): Renamed mutex to be more generic.
(attachCDMProxy): Ditto. Also renamed condition for the same reason.
(sinkEventHandler): Manage isFlushing status and awake waits for cdmProxy or for session depending on the lifecycle stage.
(webKitMediaCommonEncryptionDecryptIsFlushing): Expose isFlushing status.
(webKitMediaCommonEncryptionDecryptGetCDMProxyDecryptionClient): Return Weak reference to the client.
(changeState): Renamed condition.
(setContext): Renamed mutex.

• platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h: New getters for isFlushing and the client.
• platform/graphics/gstreamer/eme/WebKitThunderDecryptorGStreamer.cpp:

(decrypt): Ask for client to the superclass and store it in the context.

2:45 AM WebKitGTK/2.32.x edited by Adrian Perez de Castro

(diff)

2:30 AM Changeset in webkit [275598] by ysuzuki@apple.com

• 3 edits
  1 move
  5 adds
  3 deletes in trunk/JSTests

[JSC] Update test262
​https://bugs.webkit.org/show_bug.cgi?id=224272

Reviewed by Ross Kirsling.

• test262/latest-changes-summary.txt:
• test262/test/intl402/DisplayNames/options-getoptionsobject.js: Added.
• test262/test/intl402/ListFormat/constructor/constructor/options-getoptionsobject.js: Renamed from JSTests/test262/test/intl402/ListFormat/constructor/constructor/options-toobject.js.
• test262/test/intl402/ListFormat/constructor/constructor/options-toobject-prototype.js: Removed.
• test262/test/intl402/Segmenter/constructor/constructor/options-getoptionsobject.js: Added.
• test262/test/intl402/Segmenter/constructor/constructor/options-toobject-prototype.js: Removed.
• test262/test/intl402/Segmenter/constructor/constructor/options-toobject.js: Removed.
• test262/test/language/expressions/in/rhs-yield-absent-non-strict.js: Added.
• test262/test/language/expressions/in/rhs-yield-absent-strict.js: Added.
• test262/test/language/expressions/in/rhs-yield-present.js: Added.

(isNameIn):

• test262/test262-Revision.txt:

2:28 AM Changeset in webkit [275597] by ysuzuki@apple.com

• 16 edits
  4 adds in trunk

JSTests:
[JSC] WasmMemory caging should care about nullptr
​https://bugs.webkit.org/show_bug.cgi?id=224268
<rdar://problem/74654838>

Reviewed by Mark Lam.

• wasm/stress/4g-memory-cage.js: Added.

(async test):

• wasm/stress/more-than-4g-offset-access-oom.js: Added.

(async test):

• wasm/stress/null-memory-cage-explicit.js: Added.

(async test):

• wasm/stress/null-memory-cage.js: Added.

(async test):

Source/JavaScriptCore:
[JSC] WasmMemory caging should care about nullptr
​https://bugs.webkit.org/show_bug.cgi?id=224268
<rdar://problem/74654838>

Reviewed by Mark Lam.

1. Fix Wasm::MemoryHandle::boundsCheckingSize. We should just return m_mappedCapacity here since UINT32_MAX is not 4GB. This checking size can include redzone for fast-memory, but this is OK: bounds-check pass in LLInt (in upper tiers, we do not use bounds-check for fast-memory), and access to redzone, then fault occurs and signal handler can make it error since signal handler is checking whether the access is within Memory::fastMappedBytes which includes redzone.
2. Fix caging of wasm memory-base pointer in LLInt. We should use pointer sized length since it can be larger than 4GB. And we should handle nullptr case correctly: Wasm::MemoryHandle's memory can be nullptr when mapped size is zero. caging needs to handle this case as we do in CagedPtr::getMayBeNull.

• assembler/MacroAssemblerARM64E.h:

(JSC::MacroAssemblerARM64E::untagArrayPtrLength32):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::cageTypedArrayStorage):

• llint/LowLevelInterpreter64.asm:
• llint/WebAssembly.asm:
• offlineasm/arm64e.rb:
• offlineasm/ast.rb:
• offlineasm/instructions.rb:
• runtime/CagedBarrierPtr.h:

(JSC::CagedBarrierPtr::CagedBarrierPtr):
(JSC::CagedBarrierPtr::set):
(JSC::CagedBarrierPtr::get const):
(JSC::CagedBarrierPtr::getMayBeNull const):
(JSC::CagedBarrierPtr::at const):
(JSC::CagedBarrierPtr::setWithoutBarrier):

• wasm/WasmInstance.h:

(JSC::Wasm::Instance::updateCachedMemory):

• wasm/WasmMemory.cpp:

(JSC::Wasm::MemoryHandle::MemoryHandle):

• wasm/WasmMemory.h:

Source/WTF:
[JSC] WasmMemory caging should care nullptr
​https://bugs.webkit.org/show_bug.cgi?id=224268
<rdar://problem/74654838>

Reviewed by Mark Lam.

Accept size_t since Wasm::Memory's length can be larger than 4GB.

• wtf/CagedPtr.h:

(WTF::CagedPtr::CagedPtr):
(WTF::CagedPtr::get const):
(WTF::CagedPtr::getMayBeNull const):
(WTF::CagedPtr::at const):
(WTF::CagedPtr::recage):

• wtf/CagedUniquePtr.h:

(WTF::CagedUniquePtr::CagedUniquePtr):
(WTF::CagedUniquePtr::create):
(WTF::CagedUniquePtr::tryCreate):

2:10 AM Changeset in webkit [275596] by eocanha@igalia.com

• 3 edits in trunk/Source/WebCore

[GStreamer] Only seek to change the rate un updatePlaybackRate() when needed
​https://bugs.webkit.org/show_bug.cgi?id=224235

Reviewed by Alicia Boya Garcia.

A seek is used by MediaPlayerPrivateGStreamer to update the playback
rate used in the pipeline. There's a special case when the rate is 0.0.
This actually means "paused" and, when set, the pipeline is changed to
PAUSED and no updatePlaybackRate() call is made because of an early
return (and therefore, no seek). When the rate is restored to a
non-zero value, the pipeline is set again to PLAYING, but a
call to updatePlaybackRate() is done, which implies an unconditional
seek.

It should be possible to do the seek in updatePlaybackRate() only if the
rate changed with respect to the original one, instead of always doing
it. This would avoid unneeded seeks, which are complex operations that
can trigger collateral issues such as the one addressed in
​https://bugs.webkit.org/show_bug.cgi?id=223742.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate): Only seek when the playback rate hasn't changed.

• platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Document m_lastPlaybackRate purpose.

2:03 AM Changeset in webkit [275595] by commit-queue@webkit.org

• 2 edits in trunk/Tools

[Flatpak SDK] Enable LLVM extension
​https://bugs.webkit.org/show_bug.cgi?id=223882

Patch by Philippe Normand <​pnormand@igalia.com> on 2021-04-07
Reviewed by Adrian Perez de Castro.

The clang shipped by default in the FDO SDK is not usable for ASan, UBSan (and I guess TSan)
builds, but the Flatpak extension shipping LLVM11 allows this, even though UBSan builds
still fail (linking errors in JSC and WTF) and will require further investigation. Still,
having clang-11 in the SDK is an improvement.

This patch also adds support for cleaning up unused toolchain archives.

• flatpak/flatpakutils.py:

(run_sanitized):
(WebkitFlatpak.load_from_args):
(WebkitFlatpak.clean_args):
(WebkitFlatpak.run_in_sandbox):
(WebkitFlatpak.main):
(WebkitFlatpak.purge_unused_toolchains):
(WebkitFlatpak.pack_toolchain):
(WebkitFlatpak._get_packages):

2:03 AM Changeset in webkit [275594] by commit-queue@webkit.org

• 2 edits in trunk/Source/WebCore

Make synthesizedBaselineFromContentBox return LayoutUnit
​https://bugs.webkit.org/show_bug.cgi?id=224234

Patch by Rob Buis <​rbuis@igalia.com> on 2021-04-07
Reviewed by Javier Fernandez.

Make synthesizedBaselineFromContentBox return LayoutUnit. This
makes it consistent with synthesizedBaselineFromBorderBox.

• rendering/RenderButton.cpp:

(WebCore::synthesizedBaselineFromContentBox):
(WebCore::RenderButton::baselinePosition const):

1:32 AM Changeset in webkit [275593] by commit-queue@webkit.org

• 6 edits
  2 adds in trunk

[GTK][WPE] Wrong frame scrolled when view is horizontally scrolled with async scrolling enabled
​https://bugs.webkit.org/show_bug.cgi?id=222900

Patch by Alejandro G. Castro <​alex@igalia.com> on 2021-04-07
Reviewed by Žan Doberšek.

Source/WebCore:

We need to use the scrolling offset in the parent when collecting
the descendant layers at a point. We substract the boundsOrigin to
make sure we transform the point considering the scrolling offset.

Test: fast/scrolling/scrolling-inside-scrolled-overflowarea.html

• page/scrolling/nicosia/ScrollingTreeNicosia.cpp:

(WebCore::collectDescendantLayersAtPoint):

Tools:

We were not testing the async code path for WPE, it is important
we do it because it is the default option.

• WebKitTestRunner/wpe/TestControllerWPE.cpp:

(WTR::TestController::platformSpecificFeatureDefaultsForTest const):
Activating AsyncOverflowScrollingEnabled.

LayoutTests:

Add test for the use case.

• fast/scrolling/scrolling-inside-scrolled-overflowarea-expected.txt: Added.
• fast/scrolling/scrolling-inside-scrolled-overflowarea.html: Added.
• platform/ios/TestExpectations: The test uses mouseMoveTo and it is not supported in IOS.

1:30 AM Changeset in webkit [275592] by jer.noble@apple.com

• 2 edits in trunk/Source/WebKit

Unreviewed build fix after r275571 and r275537, which introduced conflicting changes.

• UIProcess/API/Cocoa/WKWebViewTesting.mm:

(-[WKWebView _createMediaSessionCoordinatorForTesting:completionHandler:]):
(-[WKMediaSessionCoordinatorHelper playSessionWithCompletion:]):

12:42 AM Changeset in webkit [275591] by rniwa@webkit.org

• 5 edits
  2 adds in trunk

REGRESSION(r274812): Release assert in Document::updateLayout() after calling focus({preventScroll: true}) on a textarea
​https://bugs.webkit.org/show_bug.cgi?id=224262

Reviewed by Antti Koivisto.

Source/WebCore:

The regression was caused by Element::focus not updating the selection when preventScroll is set to true.
Fixed it by always updating the selection whenever Element::focus is called.

Test: fast/forms/textarea/textarea-focus-prevent-scroll-crash.html

• dom/Element.cpp:

(WebCore::Element::focus):
(WebCore::Element::findTargetAndUpdateFocusAppearance): Renamed from revealFocusedElement.

• dom/Element.h:
• page/EventHandler.cpp:

(WebCore::EventHandler::dispatchMouseEvent):

LayoutTests:

Added a regression test.

• fast/forms/textarea/textarea-focus-prevent-scroll-crash-expected.txt: Added.
• fast/forms/textarea/textarea-focus-prevent-scroll-crash.html: Added.

12:40 AM Changeset in webkit [275590] by stephan.szabo@sony.com

• 2 edits in trunk/Source/WebCore

[PlayStation] Provide a non-empty User Agent
​https://bugs.webkit.org/show_bug.cgi?id=224216

Reviewed by Ross Kirsling.

Add non-empty implementation of User Agent code for port.

• platform/playstation/UserAgentPlayStation.cpp:

12:38 AM Changeset in webkit [275589] by Lauro Moura

• 2 edits
  1 delete in trunk/Tools/buildstream

[Flatpak SDK] Bump GTK4 to 4.2
​https://bugs.webkit.org/show_bug.cgi?id=224263

Reviewed by Carlos Garcia Campos.

• elements/sdk/gtk.bst: Bump and remove merged patch.
• patches/gtk-clipboard-Fix-a-crash-when-GdkContentProviderUnion-d.patch: Removed.