Context Navigation

← Previous Period
Next Period →

Timeline

Jan 23, 2022:

11:32 PM Changeset in webkit [288431] by Russell Epstein

1 copy in tags/Safari-613.1.14.2.3

Tag Safari-613.1.14.2.3.

11:28 PM Changeset in webkit [288430] by Russell Epstein

9 edits in branches/safari-613.1.14.2-branch/Source

Versioning.

WebKit-7613.1.14.2.3

8:48 PM Changeset in webkit [288429] by commit-queue@webkit.org

6 edits
1 copy
1 add in trunk

Position:fixed layers shouldn't allocate a backing buffer if all children are offscreen.
https://bugs.webkit.org/show_bug.cgi?id=235420
<rdar://86612099>

Patch by Matt Woodrow <Matt Woodrow> on 2022-01-23
Reviewed by Simon Fraser and Darin Adler.

Source/WebCore:

Adds a bounds intersection check to isPaintDestinationForDescendantLayers,
so that we can exclude descendants that definitely won't draw anything into
the compositing layer. Uses a conservative check, which gives up if there are
any transforms in the ancestor chain.

Test: compositing/backing/no-backing-for-offscreen-children-of-position-fixed.html

rendering/RenderLayerBacking.cpp:

(WebCore::intersectsWithAncestor):
(WebCore::RenderLayerBacking::isPaintDestinationForDescendantLayers const):

LayoutTests:

Adds a test that has a viewport sized position:fixed element (with compositing
layer), and a single child which is entirely offscreen. Tests that we correctly
determine that we don't need a backing store for the layer.

compositing/backing/no-backing-for-offscreen-children-of-position-fixed-expected.txt: Added.
compositing/backing/no-backing-for-offscreen-children-of-position-fixed.html: Added.

6:07 PM Changeset in webkit [288428] by Darin Adler

2 edits in trunk/Source/WebCore

Fix "componet" typo in just-landed patch.

platform/graphics/ColorInterpolation.h: I suggested Sam change a name

to interpolateComponentWithoutAccountingForNaN, but mispelled it "componet".
Fixing it here.

4:57 PM Changeset in webkit [288427] by weinig@apple.com

10 edits in trunk

Support interpolating colors with missing/none components via color-mix()
https://bugs.webkit.org/show_bug.cgi?id=235496

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update color-mix() tests to include test cases that use 'none' components.

web-platform-tests/css/css-color/parsing/color-mix-computed-expected.txt:
web-platform-tests/css/css-color/parsing/color-mix-computed.html:
web-platform-tests/css/css-color/parsing/color-mix-valid-expected.txt:
web-platform-tests/css/css-color/parsing/color-mix-valid.html:

Source/WebCore:

Adds support for interpolating colors that have a missing/none component. Currently,
the only way for a color to have a missing/none component is for it to be specified
explicitly by the user (e.g. hsl(none 20% 40%)), but the interpolation implementation
is agnostic to how the color was created so will work once there is automatic creation
of missing/none components on conversion for powerless components.

This change only enables the new interpolation behavior for color-mix(), by replacing
a call of colorType.resolved() with colorType.unresolved(), support for other interpolation
use cases will follow.

css/parser/CSSPropertyParserHelpers.cpp:

(WebCore::CSSPropertyParserHelpers::mixColorComponentsUsingColorInterpolationMethod):
Replace resolved() with unrersolved() to allow NaN values through to interpolation.

platform/graphics/ColorInterpolation.cpp:

(WebCore::fixupHueComponentsPriorToInterpolation):
(WebCore::interpolateColors):
Move non-templated version of interpolateColors to the implementation file as it generates
a lot of code and there is little reason to believe it would be useful to inline it.

platform/graphics/ColorInterpolation.h:

(WebCore::interpolateComponent):
(WebCore::interpolateComponentAccountingForNaN):
(WebCore::interpolateHue):
(WebCore::interpolateAlphaPremulitplied):
(WebCore::interpolateComponentUsingPremultipliedAlpha):
(WebCore::interpolateAlphaUnpremulitplied):
(WebCore::interpolateComponentUsingUnpremultipliedAlpha):
(WebCore::interpolateColorComponents):
(WebCore::preInterpolationNormalizationForComponent): Deleted.
(WebCore::preInterpolationNormalization): Deleted.
(WebCore::postInterpolationNormalizationForComponent): Deleted.
(WebCore::postInterpolationNormalization): Deleted.
(WebCore::interpolateColors): Deleted.
Replace existing interpolation implementation which separated each component into pre/interpolate/post
steps, with one that does all three steps at once and now also supports missing components. Removing
the steps made the overall algorithm is easier to understand a couples premulitplication and unpremultiplication
much closer together.

platform/graphics/ColorTypes.h:

(WebCore::constexprIsNaN):
Update comment to include missing word.

4:55 PM Changeset in webkit [288426] by Darin Adler

18 edits in trunk/Source/WebCore

Improve FourCC to use more inlining, fix incorrect mix of WEBCORE_EXPORT on entire class with inline functions
https://bugs.webkit.org/show_bug.cgi?id=235461

Reviewed by Sam Weinig.

WebCore.xcodeproj/project.pbxproj: Added FourCC.cpp. Because of

unified sources it was compiled, but because it was not in the project
various Xcode features would not work.

platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.cpp:

Added some explicitly non-inlined exported functions. These need to
be exported because they are used in TestWebKitAPI tests and we
want to export the functions rather than the vtable pointer.

platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.h:

Stop using WEBCORE_EXPORT on whole classes that contain inline
functions, and instead use it on individual functions.

platform/graphics/FourCC.cpp:

(WebCore::FourCC::fromString): Take a StringView instead of String.
Removed unnecessary allocation of a temporary CString for the result
of String::ascii.
(WebCore::FourCC::string const): Rename from toString to string and
changed the return type to std::array instead of String.

platform/graphics/FourCC.h: Made all the constructors constexpr.

Changed the string literal constructor to just work with 4-character
strings. The old one was a template for any length string, but then
asserted it was 4 characters long, which is a roundabout way to do it.

platform/graphics/HEVCUtilities.cpp:

(WebCore::parseHEVCDecoderConfigurationRecord): Take FourCC instead
of const FourCC&. Also removed unnecessary explicit conversion to
FourCC since four character strings.

platform/graphics/HEVCUtilities.h: Ditto.

platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.h:

Removed unneeded WEBCORE_EXPORT on these classes.

platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

(WebCore::InbandTextTrackPrivateAVF::processNativeSamples): Removed
unnecesary calls to toString, logging can handle FourCC without it.
Also removed unneeded type casts to size_t.

platform/graphics/avfoundation/objc/AVAssetTrackUtilities.mm:

(WebCore::contentTypesToCodecs): Removed unnecessary allocation of
a String by using StringView for the substring.

platform/graphics/cocoa/HEVCUtilitiesCocoa.mm:

(WebCore::validateHEVCParameters): Added an explicit cast to String
since FourCC::fromString now takes a StringView. Sadly there's not
a trivial way to do this without allocating a String.

platform/graphics/cv/GraphicsContextGLCVCocoa.cpp:

(WebCore::GraphicsContextGLCVCocoa::copyVideoSampleToTexture):
Since FourCC::string now returns a std::array with a C-style
null-terminated string, use it instead of calling toString and
then utf8. Cleaner and also much more efficient.

platform/graphics/iso/ISOBox.cpp: Moved constructors and

destructors so they are no longer inlined so there is no need to
export the vtable.
(WebCore::ISOBox::peekBox): Removed unnecessary initialization
of FourCC since they are zero by default.

platform/graphics/iso/ISOBox.h: Removed WEBCORE_EXPORT of

the entire class, since that's not fully compatible with a class
with inline functions (warning is done by check-webkit-style).
Put WEBCORE_EXPORT on individual functions instead. Also use some
more constexpr, removed unneeded FourCC initialization since it is
zero by default, and use FourCC, not const FourCC& for return value.

platform/graphics/iso/ISOOriginalFormatBox.h: Removed unneeded

FourCC initialization since it is zero by default.

platform/graphics/iso/ISOSchemeTypeBox.h: Ditto.

platform/graphics/iso/ISOVTTCue.cpp: Moved constructors and

destructors so they are no longer inlined so there is no need to
export the vtable.
(WebCore::ISOWebVTTCue::parse): Use PRIu64 instead of casting
to size_t, no need to rely on the relationship between type sizes.

platform/graphics/iso/ISOVTTCue.h: Removed WEBCORE_EXPORT of

the entire class, since that's not fully compatible with a class
with inline functions (warning is done by check-webkit-style).
Put WEBCORE_EXPORT on individual functions instead.

3:10 PM Changeset in webkit [288425] by Tyler Wilcock

4 edits
2 adds in trunk

AX Isolated Tree Mode: Re-compute AXPropertyName::IsEnabled when a node experiences AXDisabledStateChanged
https://bugs.webkit.org/show_bug.cgi?id=235295

Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/dynamic-attribute-changes-should-update-isenabled.html

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::updateIsolatedTree):
Re-compute AXPropertyName::IsEnabled when receiving an AXDisabledStateChanged notification.

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::updateNodeProperty):
Handle requests for AXPropertyName::IsEnabled updates.

LayoutTests:

This patch adds a test verifying that AXPropertyName::IsEnabled is re-computed when an
object's disabled state changes.

accessibility/dynamic-attribute-changes-should-update-isenabled-expected.txt: Added.
accessibility/dynamic-attribute-changes-should-update-isenabled.html: Added.

1:50 PM Changeset in webkit [288424] by graouts@webkit.org

16 edits
3 adds
4 deletes in trunk

[Model] Add load and error events to distinguish resource load from model readiness
https://bugs.webkit.org/show_bug.cgi?id=233706
rdar://85922697

Reviewed by Chris Dumez and Dean Jackson.

Source/WebCore:

Test: model-element/model-element-error-and-load-events.html

Prior to this patch, <model> elements had a "ready" promise which resolved once the resource had been loaded.
However, this promise should be used when the <model> is fully ready, and this is done on macOS and iOS asynchronously
after the resource has been loaded by the supporting ARQL framework. So we need a way to monitor success or failure of
the resource load specifically.

To that end, and matching the <img> element, we dispatch "load" and "error" events on <model> elements and add a
"complete" property to indicate whether the resource is loaded.

Meanwhile, the "ready" promise is now resolved when the model is fully loaded by the supporting framework, indicating
that further APIs are safe to use.

Since creating the support ARQL object for macOS and iOS also requires the <model> element's renderer being available,
we opt into "custom style resolve callbacks" so that we may implement didAttachRenderers() on HTMLModelElement and keep
track of renderer availability before attempting to create the ModelPlayer.

Modules/model-element/HTMLModelElement.cpp:

(WebCore::HTMLModelElement::HTMLModelElement):
(WebCore::HTMLModelElement::create):
(WebCore::HTMLModelElement::setSourceURL):
(WebCore::HTMLModelElement::didAttachRenderers):
(WebCore::HTMLModelElement::notifyFinished):
(WebCore::HTMLModelElement::modelDidChange):
(WebCore::HTMLModelElement::createModelPlayer):
(WebCore::HTMLModelElement::didFinishLoading):
(WebCore::HTMLModelElement::didFailLoading):
(WebCore::HTMLModelElement::activeDOMObjectName const):
(WebCore::HTMLModelElement::virtualHasPendingActivity const):

Modules/model-element/HTMLModelElement.h:
Modules/model-element/HTMLModelElement.idl:

Tools:

Use the "load" event instead of the "ready" promise for this test which only requires monitoring
the <model> resource being loaded.

TestWebKitAPI/Tests/ios/DragAndDropTestsIOS.mm:

(TestWebKitAPI::TEST):

LayoutTests:

Remove existing tests around resource loading and recreate them in terms of "load" and "error"
events in model-element/model-element-error-and-load-events.html and in terms of the ready
promise in model-element/model-element-ready.html.

Other tests using model.ready for other purposes are also rewritten using events.

model-element/model-element-contents-layer-updates-with-clipping.html:
model-element/model-element-contents-layer-updates.html:
model-element/model-element-error-and-load-events-expected.txt: Added.
model-element/model-element-error-and-load-events.html: Added.
model-element/model-element-graphics-layers-opacity.html:
model-element/model-element-graphics-layers.html:
model-element/model-element-ready-expected.txt:
model-element/model-element-ready-load-aborted-expected.txt: Removed.
model-element/model-element-ready-load-aborted.html: Removed.
model-element/model-element-ready-load-failed-expected.txt: Removed.
model-element/model-element-ready-load-failed.html: Removed.
model-element/model-element-ready.html:
model-element/resources/model-element-test-utils.js: Added.

(const.createModelAndSource):

platform/ios-simulator/TestExpectations:
platform/mac/TestExpectations:

1:21 PM Changeset in webkit [288423] by graouts@webkit.org

3 edits
2 adds in trunk

m_lastStyleChangeEventStyle null ptr deref for accelerated CSS Animation with no duration and an implicit keyframe
https://bugs.webkit.org/show_bug.cgi?id=235394
<rdar://problem/87701738>

Reviewed by Antti Koivisto.

Source/WebCore:

Test: webanimations/accelerated-animation-without-duration-crash.html

In r287827, the fix for bug 235014, we stopped filling implicit keyframes for CSS Animations at creation
time such that the output of getKeyframes() would correctly account for the missing keyframes. This meant
that we have to fill in those implicit keyframes when running an accelerated animation before we pass it
on to GraphicsLayer.

We would always use the value stored by lastStyleChangeEventStyle() with an assert that this value was
never null. However, in the case of an animation that is not relevant, such as a CSS Animation with no
duration, we've never had a chance to set that style since Style::TreeResolver::createAnimatedElementUpdate()
would not see any "relevant" (a term defined by the Web Animations specification to specify an animation
that has an effect on its target) animations.

We now use the renderer's style as a fallback, which is guaranteed to be defined at this stage.

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::applyPendingAcceleratedActions):

LayoutTests:

New test, created by Gabriel Nava Marino, that creates an accelerated animation with no
duration and with implicit keyframes that would crash prior to this patch.

webanimations/accelerated-animation-without-duration-crash-expected.txt: Added.
webanimations/accelerated-animation-without-duration-crash.html: Added.

11:27 AM Changeset in webkit [288422] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[GStreamer] C++20 warnings
https://bugs.webkit.org/show_bug.cgi?id=235493

Patch by Philippe Normand <pnormand@igalia.com> on 2022-01-23
Reviewed by Darin Adler.

Fix ambiguous-reversed-operator warnings. In C++20 comparison operators (like a == b) need
to be declared const, so that reverse comparisons (like b == a) also work as intended.

platform/graphics/gstreamer/GStreamerCommon.h:

(GstIteratorAdaptor::iterator::operator== const):
(GstIteratorAdaptor::iterator::operator!= const):
(GstIteratorAdaptor::iterator::operator==): Deleted.
(GstIteratorAdaptor::iterator::operator!=): Deleted.

10:43 AM Changeset in webkit [288421] by Alan Bujtas

4 edits in trunk/Source/WebCore

[LFC][IFC] InlineFormattingContext::computeGeometryForLineContent should always return the line logical rect
https://bugs.webkit.org/show_bug.cgi?id=235494

Reviewed by Antti Koivisto.

The return rect of computeGeometryForLineContent (based on the display line) is input to the next line's
initial rect and therefore it is supposed to be logical (in general, layout should strictly use logical coords).

This is in preparation for supporting vertical writing mode.

layout/formattingContexts/inline/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computeGeometryForLineContent):

layout/formattingContexts/inline/InlineFormattingGeometry.cpp:

(WebCore::Layout::InlineFormattingGeometry::flipVisualRectToLogicalForWritingMode):

layout/formattingContexts/inline/InlineFormattingGeometry.h:

8:59 AM Changeset in webkit [288420] by Ziran Sun

4 edits in trunk

[forms] Prevent contenteditable anchors from being stuck
https://bugs.webkit.org/show_bug.cgi?id=235438

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update 1 WPT test expectation file as the test is now passing.

web-platform-tests/html/semantics/forms/the-input-element/anchor-active-contenteditable-expected.txt:

Source/WebCore:

Anchors can be stuck in the :active state if contenteditable is enabled before
:active is removed. With this patch setActive() can remove :active during
contenteditable in order to prevent anchors from navigating during contenteditable.

This is an import of Chromium CL at
https://chromium-review.googlesource.com/c/chromium/src/+/2595978

html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::setActive):

8:50 AM Changeset in webkit [288419] by Tyler Wilcock

2 edits in trunk/Source/WebCore

AX: Refactor near-duplicate AXObjectCache::updateIsolatedTree implementations
https://bugs.webkit.org/show_bug.cgi?id=235481

Reviewed by Chris Fleizach.

AXObjectCache::updateIsolatedTree(AXCoreObject&, AXNotification) and
AXObjectCache::updateIsolatedTree(const Vector<std::pair<RefPtr<AXCoreObject>, AXNotification>>&)
duplicate a lot of code, and make it possible to forget to add new
notification handling in one place or the other. This patch refactors
this by making the single-object versions of this method defer to the
multiple-object version by wrapping the single change in a Vector.

No tests added because there is no behavior change.

accessibility/AXObjectCache.cpp:

(WebCore::appendIfNotContainsMatching):
Moved this function above updateIsolatedTree methods. No other change.
(WebCore::AXObjectCache::updateIsolatedTree):

8:25 AM Changeset in webkit [288418] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] LineLayout::contentLogicalHeight should always return the logical height
https://bugs.webkit.org/show_bug.cgi?id=235488

Reviewed by Antti Koivisto.

The display boxes/lines always have visual geometries and in case of vertical writing mode it means that the
content stretches in horiztonal direction (left to right/right to left).

This is in preparation for supporting vertical writing mode.

layout/integration/LayoutIntegrationLineLayout.cpp:

(WebCore::LayoutIntegration::LineLayout::contentLogicalHeight const):
(WebCore::LayoutIntegration::LineLayout::adjustForPagination):

layout/integration/LayoutIntegrationLineLayout.h:

(WebCore::LayoutIntegration::LineLayout::isPaginated const):

6:48 AM Changeset in webkit [288417] by Alan Bujtas

5 edits in trunk

[LFC][IFC] Enable unicode-bidi: plaintext for IFC
https://bugs.webkit.org/show_bug.cgi?id=235429

Reviewed by Antti Koivisto.

Source/WebCore:

layout/integration/LayoutIntegrationCoverage.cpp:

(WebCore::LayoutIntegration::printReason):
(WebCore::LayoutIntegration::canUseForStyle):

layout/integration/LayoutIntegrationCoverage.h:

LayoutTests:

platform/mac/fast/text/international/unicode-bidi-plaintext-in-textarea-expected.txt:

Jan 22, 2022:

9:20 PM Changeset in webkit [288416] by Ben Nham

22 edits
1 copy in trunk/Source

Add PushSubscriptionIdentifier
https://bugs.webkit.org/show_bug.cgi?id=234797

Reviewed by Darin Adler.

Source/WebCore:

This adds a PushSubscriptionIdentifier to each PushSubscription. Implementation-wise, it
will be the rowid if the subscription in the subscription database. We need this so that
PushSubscription.unsubscribe only unsubscribes from the given subscription. Currently it
unsubscribes from any active subscription associated with the subscription's service worker
scope.

No new tests. I plan on adding a test for this case in an API test which will work with real
PushSubscription objects when I submit the patch that implements the subscription business
logic in webpushd. The current layout tests only work with fake PushSubscription objects
that aren't connected to webpushd.

Headers.cmake:
Modules/push-api/PushSubscription.cpp:

(WebCore::PushSubscription::unsubscribe):

Modules/push-api/PushSubscriptionData.cpp:

(WebCore::PushSubscriptionData::isolatedCopy const):

Modules/push-api/PushSubscriptionData.h:

(WebCore::PushSubscriptionData::encode const):
(WebCore::PushSubscriptionData::decode):
webpushd only supports modern decoding and we need to send this object to it, so use modern decoding.

Modules/push-api/PushSubscriptionIdentifier.h:
WebCore.xcodeproj/project.pbxproj:
testing/Internals.cpp:

(WebCore::Internals::createPushSubscription):

testing/ServiceWorkerInternals.cpp:

(WebCore::ServiceWorkerInternals::createPushSubscription):

workers/service/SWClientConnection.h:
workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::unsubscribeFromPushService):

workers/service/ServiceWorkerContainer.h:
workers/service/ServiceWorkerRegistration.cpp:

(WebCore::ServiceWorkerRegistration::unsubscribeFromPushService):

workers/service/ServiceWorkerRegistration.h:
workers/service/WorkerSWClientConnection.cpp:

(WebCore::WorkerSWClientConnection::unsubscribeFromPushService):

workers/service/WorkerSWClientConnection.h:

Source/WebKit:

Pass the subscription identifier in the PushSubscription.unsubscribe call to guarantee that
we only unsubscribe from the given subscription.

NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:

(WebKit::WebSWServerConnection::unsubscribeFromPushService):

NetworkProcess/ServiceWorker/WebSWServerConnection.h:
NetworkProcess/ServiceWorker/WebSWServerConnection.messages.in:
Scripts/webkit/messages.py:

(types_that_cannot_be_forward_declared):
(headers_for_type):

WebProcess/Storage/WebSWClientConnection.cpp:

(WebKit::WebSWClientConnection::unsubscribeFromPushService):

WebProcess/Storage/WebSWClientConnection.h:

9:01 PM Changeset in webkit [288415] by Alan Bujtas

2 edits in trunk/Source/WebCore

REGRESSION(r280887) broke some svg based chart content repaint
https://bugs.webkit.org/show_bug.cgi?id=235483
<rdar://87904254>

Unreviewed, reverting r280887.

svg/SVGSVGElement.cpp:

(WebCore::SVGSVGElement::svgAttributeChanged):

8:37 PM Changeset in webkit [288414] by Alan Bujtas

2 edits in trunk/LayoutTests

[iOS] Unreviewed gardering

platform/ios/TestExpectations: blank selection.

7:38 PM Changeset in webkit [288413] by Peng Liu

2 edits in trunk/Source/WebCore

REGRESSION (Safari 15?): Blob videos slow to pause, affects CBS and CNN
https://bugs.webkit.org/show_bug.cgi?id=234066

Reviewed by Jer Noble.

MediaPlayerPrivateMediaSourceAVFObjC::playInternal() calls [m_synchronizer setRate:],
which will make the return value of MediaPlayerPrivateMediaSourceAVFObjC::paused() change
from true to false. But it won't push the new paused value back to the Web process.

RemoteMediaPlayerProxy::play() does call sendCachedState() after calling
m_player->play(), but because MediaPlayerPrivateMediaSourceAVFObjC::playInternal() is not
called in the same run loop, sendCachedState() won't send back the updated paused value either.

In most cases, this is not an issue, because other member functions of RemoteMediaPlayerProxy
will call sendCachedState() to push the updated paused value back to the Web process later.
However, we did find some videos need the paused value to be pushed back the Web process
in a timely manner.

No new tests, manually tested.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal):

5:03 PM Changeset in webkit [288412] by Said Abou-Hallawa

18 edits
2 adds in trunk/Source

[GPU Process] Add the class 'SourceImage' to represent variants of image
https://bugs.webkit.org/show_bug.cgi?id=235467

Reviewed by Cameron McCormack.

Source/WebCore:

Before the existence of GPUProcess we used to do some drawing on an
ImageBuffer, get a NativeImage from the ImageBuffer and then use this
NativeImage. With GPUProces, this will require bouncing the NativeImage
between WebProcess and GPUProcess at least two times. To make this scenario
efficient, a new class called 'SourceImage' will be introduced. The purpose
of this class is to provide a new level of abstraction for the images
such that no conversion is needed before the actual use.

Replace FEImage::SourceImage with a new class named 'SourceImage'. Let
the new class handle the encoding and decoding and the conversion from
NativeImage to ImageBuffer and vice versa.

Make Recorder::recordResourceUse() returns a boolean which indicates
whether the resource can be cached for later replay or not.

Headers.cmake:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
platform/graphics/Image.h:

(WebCore::Image::nativeImageForCurrentFrame):
(WebCore::Image::preTransformedNativeImageForCurrentFrame):

platform/graphics/SourceImage.cpp: Added.

(WebCore::SourceImage::SourceImage):
(WebCore::SourceImage::nativeImageIfExists const):
(WebCore::SourceImage::nativeImage):
(WebCore::SourceImage::imageBufferIfExists const):
(WebCore::SourceImage::imageBuffer):
(WebCore::SourceImage::imageIdentifier const):

platform/graphics/SourceImage.h: Added.

(WebCore::SourceImage::encode const):
(WebCore::SourceImage::decode):

platform/graphics/displaylists/DisplayListRecorder.cpp:

(WebCore::DisplayList::Recorder::drawFilteredImageBuffer):
(WebCore::DisplayList::Recorder::drawImageBuffer):

platform/graphics/displaylists/DisplayListRecorder.h:
platform/graphics/displaylists/DisplayListRecorderImpl.cpp:

(WebCore::DisplayList::RecorderImpl::recordResourceUse):

platform/graphics/displaylists/DisplayListRecorderImpl.h:
svg/SVGFEImageElement.cpp:

(WebCore::SVGFEImageElement::filterEffect const):

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::nativeImageForCurrentFrame): Deleted.

svg/graphics/SVGImage.h:
svg/graphics/filters/SVGFEImage.cpp:

(WebCore::FEImage::calculateImageRect const):
(WebCore::FEImageSoftwareApplier::apply const):

svg/graphics/filters/SVGFEImage.h:

(WebCore::FEImage::encode const):
(WebCore::FEImage::decode):

Source/WebKit:

Provide a new recordResourceUse() for the SourceImage.

GPUProcess/graphics/RemoteDisplayListRecorder.cpp:

(WebKit::RemoteDisplayListRecorder::drawFilteredImageBuffer):

WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.cpp:

(WebKit::RemoteDisplayListRecorderProxy::recordResourceUse):

WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.h:

4:00 PM Changeset in webkit [288411] by ysuzuki@apple.com

6 edits
1 add in trunk

[JSC] Relax Date.parse requirement
https://bugs.webkit.org/show_bug.cgi?id=235468

Reviewed by Darin Adler.

JSTests:

stress/date-relaxed-separator.js: Added.

(shouldBe):

Source/WTF:

While the spec does not require accepting 't' / ' ' separator, ISO 8601 accepts it.
This is because ECMA262's Date format is *not* ISO 8601 (it is called simplification
of ISO 8601[1]).
This patch relaxes this strictness to accept more formats, which can be accepted in
the other engines too.

[1]: https://tc39.es/ecma262/#sec-date-time-string-format

wtf/DateMath.cpp:

(WTF::parseES5DateFromNullTerminatedCharacters):

LayoutTests:

js/date-parse-test-expected.txt:
js/script-tests/date-parse-test.js:

2:58 PM Changeset in webkit [288410] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] Add InlineDisplay::Box::isHorizontal
https://bugs.webkit.org/show_bug.cgi?id=235482

Reviewed by Antti Koivisto.

This is in preparation for supporting vertical writing mode.

layout/formattingContexts/inline/display/InlineDisplayBox.h:

(WebCore::InlineDisplay::Box::isHorizontal const):

layout/integration/InlineIteratorBoxModernPath.h:

(WebCore::InlineIterator::BoxModernPath::isHorizontal const):

2:57 PM Changeset in webkit [288409] by Alan Bujtas

3 edits
2 adds in trunk

REGRESSION (r288069): Bits of selection left after deselecting on bugzilla page
https://bugs.webkit.org/show_bug.cgi?id=235466
<rdar://87902230>

Reviewed by Darin Adler.

Source/WebCore:

Undo the incorrect dynamicDowncast change.

This code reads (perhaps confusingly at first sight):

return is<RenderView>(containingBlock) ? nullptr : containingBlock;

while the dynamicDowncast is meant to shorten code like this:

return is<RenderView>(containingBlock) ? containingBlock : nullptr;

Test: fast/text/incorrect-deselection-across-multiple-elements.html

rendering/SelectionRangeData.cpp:

(WebCore::containingBlockBelowView):

LayoutTests:

fast/text/incorrect-deselection-across-multiple-elements-expected.txt: Added.
fast/text/incorrect-deselection-across-multiple-elements.html: Added. Use indexOf because

while the repaint rect area is always the same, the rects order may vary.

2:20 PM Changeset in webkit [288408] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][IFC] Use content direction for the first "unicode-paragraph" when "unicode-bidi: plaintext" is present
https://bugs.webkit.org/show_bug.cgi?id=235452

Reviewed by Antti Koivisto.

This makes the /css/css-writing-modes/bidi-plaintext-br-* tests pass (not enabled yet).

layout/formattingContexts/inline/InlineLineBuilder.cpp:

(WebCore::Layout::LineBuilder::layoutInlineContent):

2:14 PM Changeset in webkit [288407] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][IFC] Alignment logic should take the line specific direction (which may be different from the root direction)
https://bugs.webkit.org/show_bug.cgi?id=235460

Reviewed by Antti Koivisto.

This makes the the /html/dom/elements/global-attributes/dir_auto-* tests pass (not enabled yet).

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::build):

12:55 PM Changeset in webkit [288406] by commit-queue@webkit.org

4 edits in trunk/Source/WebKit

Skip installing webpushd in STP and downlevel builds
https://bugs.webkit.org/show_bug.cgi?id=235464
<rdar://87425138>

Patch by Elliott Williams <Elliott Williams> on 2022-01-22
Reviewed by Brady Eidson.

We can't ship webpushd as part of STP or builds made for previous versions of macOS. This
change adjusts build settings to skip installing webpushd and its launchd plist outside of a
non-relocatable production build environment.

As a consequence, webpushd will not _install_ in development builds (where all build
products are relocatable). It will continue to build and be runnable from the build
products directory.

Configurations/BaseTarget.xcconfig: Add WK_SKIP_INSTALL_WEBPUSHD to determine whether to

skip installation.

Configurations/webpushd.xcconfig: Set SKIP_INSTALL based on WK_SKIP_INSTALL_WEBPUSHD.
WebKit.xcodeproj/project.pbxproj: Skip installing launchd plists when

WK_SKIP_INSTALL_WEBPUSHD=YES.

10:17 AM Changeset in webkit [288405] by Andres Gonzalez

3 edits in trunk/Source/WebCore

Create ancestry of isolated objects instead of generating the entire subtree for an ancestor.
https://bugs.webkit.org/show_bug.cgi?id=235389
<rdar://problem/87803473>

Reviewed by Chris Fleizach.

AXIsolatedTree::updateChildren may be called for an AXObject that has no
corresponding IsolatedObject. That is the case of empty canvas and some
empty div elements. In those cases we were generating the subtree of the
first available ancestor in the isolated tre. This can be expensive
because in some cases the immediate exisiting ancestor was the webarea,
causing the re-generation of the entire isolated tree. With this patch,
only the IsolatedObjects that are missing in the isolated tree are added
to the tree.

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::nodeChangeForObject):
(WebCore::AXIsolatedTree::queueChanges):
The above two methods are added to avoid coude duplication and to be
able to decouple the creation of new isolated objects from the addition
of those objects to the isolated tree.
(WebCore::AXIsolatedTree::createSubtree):
(WebCore::AXIsolatedTree::updateChildren):

accessibility/isolatedtree/AXIsolatedTree.h:

9:26 AM Changeset in webkit [288404] by Oriol Brufau

3 edits
2 deletes in trunk

[CSS Cascade Layers] Enable CSSImportRule.layerName for WebKitGTK
https://bugs.webkit.org/show_bug.cgi?id=235455

Reviewed by Darin Adler.

Source/WebCore:

Bug 231340 added support for CSSImportRule.layerName, but CMakeLists.txt
wasn't listing CSSImportRule+Layer.idl

So the attribute was not there when running WebKitGTK, built with CMake.

Tests: imported/w3c/web-platform-tests/css/css-cascade/idlharness.html

imported/w3c/web-platform-tests/css/css-cascade/layer-rules-cssom.html

CMakeLists.txt: link missing css/CSSImportRule+Layer.idl

LayoutTests:

Expect the tests to pass.

platform/glib/imported/w3c/web-platform-tests/css/css-cascade/idlharness-expected.txt: Removed.
platform/glib/imported/w3c/web-platform-tests/css/css-cascade/layer-rules-cssom-expected.txt: Removed.

1:31 AM Changeset in webkit [288403] by Carlos Garcia Campos

9 edits in trunk

[GTK][a11y] Stop registering the tree when clients are connected with ATSPI
https://bugs.webkit.org/show_bug.cgi?id=235313

Reviewed by Adrian Perez de Castro.

Source/WebCore:

That was needed with the isolated tree mode, now we can go back to register objects on demand.

accessibility/atspi/AXObjectCacheAtspi.cpp:

(WebCore::AXObjectCache::platformPerformDeferredCacheUpdate):

accessibility/atspi/AccessibilityAtspi.cpp:

(WebCore::AccessibilityAtspi::addClient):
(WebCore::AccessibilityAtspi::parentChanged):
(WebCore::AccessibilityAtspi::childrenChanged):
(WebCore::AccessibilityAtspi::cacheClearTimerFired):

accessibility/atspi/AccessibilityObjectAtspi.cpp:

(WebCore::AccessibilityObjectAtspi::isTreeRegistered const): Deleted.

accessibility/atspi/AccessibilityObjectAtspi.h:
accessibility/atspi/AccessibilityRootAtspi.cpp:

(WebCore::AccessibilityRootAtspi::embedded):
(WebCore::AccessibilityRootAtspi::child const):
(WebCore::AccessibilityRootAtspi::childAdded):
(WebCore::registerSubtree): Deleted.
(WebCore::AccessibilityRootAtspi::registerTree): Deleted.
(WebCore::AccessibilityRootAtspi::didUnregisterTree): Deleted.

accessibility/atspi/AccessibilityRootAtspi.h:

Tools:

TestWebKitAPI/Tests/WebKitGtk/TestWebKitAccessibility.cpp:

(testDocumentLoadEvents): Now we don't get the initial event from previous document web because it happens
before the first client is connected.

Jan 21, 2022:

11:39 PM Changeset in webkit [288402] by graouts@webkit.org

6 edits
6 adds in trunk/LayoutTests/imported/w3c

Update css/css-animation WPT following animation-composition testing updates
https://bugs.webkit.org/show_bug.cgi?id=235443

Unreviewed WPT import and rebaseline.

web-platform-tests/css/css-animations/CSSAnimation-effect.tentative-expected.txt:
web-platform-tests/css/css-animations/CSSAnimation-effect.tentative.html:
web-platform-tests/css/css-animations/KeyframeEffect-getKeyframes.tentative-expected.txt:
web-platform-tests/css/css-animations/KeyframeEffect-getKeyframes.tentative.html:
web-platform-tests/css/css-animations/parsing/animation-composition-computed.tentative-expected.txt: Added.
web-platform-tests/css/css-animations/parsing/animation-composition-computed.tentative.html: Added.
web-platform-tests/css/css-animations/parsing/animation-composition-invalid.tentative-expected.txt: Added.
web-platform-tests/css/css-animations/parsing/animation-composition-invalid.tentative.html: Added.
web-platform-tests/css/css-animations/parsing/animation-composition-valid.tentative-expected.txt: Added.
web-platform-tests/css/css-animations/parsing/animation-composition-valid.tentative.html: Added.
web-platform-tests/css/css-animations/parsing/w3c-import.log:

10:03 PM Changeset in webkit [288401] by commit-queue@webkit.org

11 edits in trunk/Source

Unreviewed, reverting r288400.
https://bugs.webkit.org/show_bug.cgi?id=235470

broke ARM64E build

Reverted changeset:

"[JSC][32bit] Fix regexp crash on ARMv7"
https://bugs.webkit.org/show_bug.cgi?id=234476
https://commits.webkit.org/r288400

8:58 PM Changeset in webkit [288400] by Mikhail R. Gadelha

10 edits in trunk/Source

[JSC][32bit] Fix regexp crash on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=234476

Reviewed by Yusuke Suzuki.

This patch fixes several regexp crashes on ARMv7 due to an incorrect
offset to retrieve the 5th argument from the stack: in ARMv7, only
4 arguments are passed via registers r0-r3i, and any other argument is
placed on the stack, however, YarrJIT was trying to get the 5th arg
from a fixed offset, so because the generateEnter() method pushed
register into the stack, the offset was wrong. This patch fixes how
the offset is calculated for MIPS and ARMv7.

This patch also introduces some small changes:

Added static_asserts that the YarrJIT calls do indeed have 5 arguments

and that the 5th argument has the type that we expect (MatchingContextHolder*).

Removed an unnecessary pointer from the MatchingContextHolder

constructor.

Fixed some warnings in the YarrJIT code here and there.

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):

runtime/RegExpInlines.h:

(JSC::RegExp::matchInline):

yarr/YarrJIT.cpp:
yarr/YarrMatchingContextHolder.h:

(JSC::Yarr::MatchingContextHolder::MatchingContextHolder):

7:03 PM Changeset in webkit [288399] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, follow-up after r288066
https://bugs.webkit.org/show_bug.cgi?id=235271

runtime/DatePrototype.cpp:

(JSC::applyToNumberToOtherwiseIgnoredArguments):
(JSC::fillStructuresUsingDateArgs):
(JSC::setNewValueFromTimeArgs):
(JSC::setNewValueFromDateArgs):
(JSC::applyToNumbersToTrashedArguments): Deleted.

6:22 PM Changeset in webkit [288398] by Russell Epstein

1 copy in tags/Safari-613.1.14.5.1

Tag Safari-613.1.14.5.1.

6:18 PM Changeset in webkit [288397] by Russell Epstein

10 edits
2 adds in branches/safari-613.1.14.5-branch/Source/ThirdParty/libwebrtc

Cherry-pick r288391. rdar://problem/87829404

WebKit fails to build - error: 'webrtc/rtc_base/network.h' file not found
https://bugs.webkit.org/show_bug.cgi?id=235459

Reviewed by Mark Lam.

We needed to create symlinks from the standard location to the SYSTEM_CONTENT_PATH location.
This is needed for both the include files and archive libraries.

Configurations/boringssl.xcconfig:
Configurations/libsrtp.xcconfig:
Configurations/libvpx.xcconfig:
Configurations/libwebm.xcconfig:
Configurations/libwebrtc.xcconfig:
Configurations/libyuv.xcconfig:
Configurations/opus.xcconfig:
Configurations/usrsctp.xcconfig:
Scripts: Added.
Scripts/create-symlink-to-altroot.sh: Added.
libwebrtc.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:13 PM Changeset in webkit [288396] by Russell Epstein

9 edits in branches/safari-613.1.14.5-branch/Source

Versioning.

WebKit-7613.1.14.5.1

6:13 PM Changeset in webkit [288395] by timothy_horton@apple.com

4 edits in trunk

GraphicsContextStateChange logging doesn't dump shadow color
https://bugs.webkit.org/show_bug.cgi?id=235428

Reviewed by Wenson Hsieh.

platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContextStateChange::dump const):
Add shadowColor property to the things we dump on ShadowChange.

5:59 PM Changeset in webkit [288394] by Russell Epstein

9 edits in branches/safari-613.1.14.41-branch/Source

Revert "Versioning."

This reverts commit r288393.

5:58 PM Changeset in webkit [288393] by Russell Epstein

9 edits in branches/safari-613.1.14.41-branch/Source

Versioning.

WebKit-7613.1.14.5.1

5:48 PM Changeset in webkit [288392] by Russell Epstein

1 copy in branches/safari-613.1.14.5-branch

New branch.

5:38 PM Changeset in webkit [288391] by msaboff@apple.com

10 edits
2 adds in trunk/Source/ThirdParty/libwebrtc

WebKit fails to build - error: 'webrtc/rtc_base/network.h' file not found
https://bugs.webkit.org/show_bug.cgi?id=235459

Reviewed by Mark Lam.

We needed to create symlinks from the standard location to the SYSTEM_CONTENT_PATH location.
This is needed for both the include files and archive libraries.

Configurations/boringssl.xcconfig:
Configurations/libsrtp.xcconfig:
Configurations/libvpx.xcconfig:
Configurations/libwebm.xcconfig:
Configurations/libwebrtc.xcconfig:
Configurations/libyuv.xcconfig:
Configurations/opus.xcconfig:
Configurations/usrsctp.xcconfig:
Scripts: Added.
Scripts/create-symlink-to-altroot.sh: Added.
libwebrtc.xcodeproj/project.pbxproj:

5:23 PM Changeset in webkit [288390] by Tyler Wilcock

9 edits in trunk/Source/WebCore

AX: Move Mac subrole logic to new subrolePlatformString AXCoreObject interface method
https://bugs.webkit.org/show_bug.cgi?id=235414

Reviewed by Chris Fleizach.

This patch moves most of the Mac subrole logic to a new AXCoreObject interface
method, subrolePlatformString (matching the naming of rolePlatformString).
This allows us to cache a new AXPropertyName::SubrolePlatformString
property in isolated tree objects.

This fixes accessibility/mac/subroles-for-formatted-groups.html in isolated
tree mode because this test exercised the backingObject->isStyleFormatGroup() codepath,
which in turn tried to compare AtomStrings off the main-thread, which won't work
(the string comparisons will unexpectedly not match).

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::subrolePlatformString const):
Added.

accessibility/AccessibilityObject.h:
accessibility/AccessibilityObjectInterface.h:
accessibility/isolatedtree/AXIsolatedObject.h:
accessibility/isolatedtree/AXIsolatedTree.h:

Add new AXPropertyName::SubrolePlatformString property.

accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::initializeAttributeData):
Initialize new AXPropertyName::subrolePlatformString.

accessibility/mac/AccessibilityObjectMac.mm:

(WebCore::AccessibilityObject::subrolePlatformString const):
Added.

accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper isEmptyGroup]):
Added.
(-[WebAccessibilityObjectWrapper subrole]):
Defer to subrolePlatformString for determining all subroles except AXEmptyGroup.

5:01 PM Changeset in webkit [288389] by sihui_liu@apple.com

13 edits in trunk/Source

Disable CFURLCache in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=234988
<rdar://problem/87619196>

Reviewed by Geoffrey Garen.

Source/WebCore:

_CFURLStorageSessionCopyCache can be slow (see rdar://85418732) and UI process may kill network process for
being unresponsive. Since WebKit does not use CFURLCache, we should disable it to avoid the hang.

platform/network/NetworkStorageSession.h:
platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::createCFStorageSessionForIdentifier):

platform/network/cocoa/NetworkStorageSessionCocoa.mm:

(WebCore::createPrivateStorageSession):

Source/WebCore/PAL:

pal/spi/cf/CFNetworkSPI.h:

Source/WebKit:

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::newTestingSession):
(WebKit::NetworkProcess::ensureSession):

Source/WebKitLegacy:

WebCoreSupport/NetworkStorageSessionMap.cpp:

(NetworkStorageSessionMap::ensureSession):

Source/WTF:

wtf/PlatformHave.h:

4:41 PM Changeset in webkit [288388] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

imported/w3c/web-platform-tests/css/css-color/parsing/color-valid.html fails in debug

Reviewed by Sam Weinig.

platform/graphics/ColorTypes.h:

(WebCore::assertInRange):
We want to *ignore* NaN alpha, like for the other channels. The conditional was backwards.

4:29 PM Changeset in webkit [288387] by pvollan@apple.com

12 edits in trunk/Source/WebKit

Inject Launch Services database before NSApplication is initialized
https://bugs.webkit.org/show_bug.cgi?id=235186
<rdar://87468788>

Reviewed by Chris Dumez.

To avoid the main thread getting stuck, the Launch Services database should be injected before NSApplication
is initialized, since the initialization now depends on the database. To make sure also prewarmed WebContent
processes are receiving the Launch Services database, the WebsiteDataStore method
sendNetworkProcessXPCEndpointToProcess is moved to the class NetworkProcessProxy, since prewarmed processes
will not have a data store initially. This allows us to simplify the code, since we are no longer depending
on having a Website data store before sending the XPC endpoint.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::didFinishLaunching):

UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::sendNetworkProcessXPCEndpointToProcess):
(WebKit::WebsiteDataStore::sendNetworkProcessXPCEndpointToProcess const): Deleted.

UIProcess/WebsiteData/WebsiteDataStore.h:
WebProcess/WebPage/Cocoa/WebPageCocoa.mm:

(WebKit::WebPage::platformDidReceiveLoadParameters):

WebProcess/cocoa/LaunchServicesDatabaseManager.h:
WebProcess/cocoa/LaunchServicesDatabaseManager.mm:

(WebKit::LaunchServicesDatabaseManager::waitForDatabaseUpdate):

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

4:21 PM Changeset in webkit [288386] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Allow access to CFNetwork prefs
https://bugs.webkit.org/show_bug.cgi?id=235457
<rdar://87822314>

Reviewed by Brent Fulgham.

Allow access to CFNetwork prefs on internal builds.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

3:40 PM Changeset in webkit [288385] by Nikita Vasilyev

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Make alignment editor accessible
https://bugs.webkit.org/show_bug.cgi?id=235395
<rdar://problem/87851989>

Reviewed by Patrick Angle.

Make alignment editor icons focusable, and annotate elements so VoiceOver could correctly read what is selected.

UserInterface/Views/AlignmentEditor.css:

(.alignment-editor .glyph:focus):
(.alignment-editor .glyph:not(:focus-visible)):

UserInterface/Views/AlignmentEditor.js:

(WI.AlignmentEditor):
(WI.AlignmentEditor.prototype.set alignment):
(WI.AlignmentEditor.prototype._removePreviouslySelected):
(WI.AlignmentEditor.prototype._updateSelected):

3:30 PM Changeset in webkit [288384] by Jonathan Bedard

2 edits in trunk/Tools

[EWS] Support pull-requests in ValidateChange (Follow-up fix)
https://bugs.webkit.org/show_bug.cgi?id=234861
<rdar://problem/87114299>

Unreviewed follow-up fix.

Tools/CISupport/ews-build/steps.py:

(GitHubMixin.fetch_data_from_url_with_authentication): Fix authentication call.

Canonical link: https://commits.webkit.org/246281@main

3:10 PM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

2:49 PM Changeset in webkit [288383] by Jonathan Bedard

2 edits in trunk/Tools

[EWS] Avoid extra network request from buildbot to github
https://bugs.webkit.org/show_bug.cgi?id=235417
<rdar://problem/87846222>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/events.py:

(GitHubEventHandlerNoEdits._get_commit_msg): Return empty string.

Canonical link: https://commits.webkit.org/246280@main

2:18 PM Changeset in webkit [288382] by Simon Fraser

2 edits in trunk/LayoutTests

Unreviewed test resource change.

Change this alpha PNG image to use a simple color with alpha, rather than a gradient,
so that when the image is stretched it doesn't result in small pixel diffs in test
results.

compositing/resources/simple_image.png:

1:59 PM Changeset in webkit [288381] by ysuzuki@apple.com

3 edits in trunk/Source/bmalloc

[libpas] Follow-up after r288339
https://bugs.webkit.org/show_bug.cgi?id=235423

Changed the type names.

libpas/src/libpas/pas_allocation_callbacks.c:
libpas/src/libpas/pas_allocation_callbacks.h:

1:51 PM Changeset in webkit [288380] by Robert Jenner

3 edits in trunk/LayoutTests

REGRESSION (r286944?): web-platform-tests/html/semantics/text-level-semantics/the-a-element/a-download-click tests have become flaky failures
https://bugs.webkit.org/show_bug.cgi?id=234410

Unreviewed test gardening. Adding expectations due to negative impact on EWS.

platform/ios-wk2/TestExpectations:
platform/mac-wk2/TestExpectations:

1:47 PM Changeset in webkit [288379] by commit-queue@webkit.org

9 edits in trunk

Build failure with g++ 12: std::exchange undefined
https://bugs.webkit.org/show_bug.cgi?id=235445

Patch by Mike Gorse <mgorse@suse.com> on 2022-01-21
Reviewed by Michael Catanzaro.

Source/JavaScriptCore:

API/JSRetainPtr.h: Include <utility>

Source/WebCore:

platform/graphics/x11/XUniqueResource.h: Include <utility>

Source/WTF:

wtf/CompletionHandler.h: Include <utility>
wtf/MallocPtr.h: Ditto

Tools:

ImageDiff/ImageDiff.cpp: Include <utility>

1:38 PM Changeset in webkit [288378] by Russell Epstein

1 copy in tags/Safari-613.1.14.41.1

Tag Safari-613.1.14.41.1.

1:32 PM Changeset in webkit [288377] by Russell Epstein

1 edit in branches/safari-613.1.14.41-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj

Revert "Apply patch. rdar://problem/86298747"

This reverts commit r288231

1:29 PM Changeset in webkit [288376] by Russell Epstein

9 edits in branches/safari-613.1.14.41-branch/Source

Versioning.

WebKit-7613.1.14.41.1

1:25 PM Changeset in webkit [288375] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[macOS][GPUP] Add access to IOKit property
https://bugs.webkit.org/show_bug.cgi?id=235450
<rdar://76403140>

Reviewed by Brent Fulgham.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

1:19 PM Changeset in webkit [288374] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[RISCV64] Add MacroAssemblerRISCV64 branch-testing operations
https://bugs.webkit.org/show_bug.cgi?id=235442

Patch by Zan Dobersek <zdobersek@igalia.com> on 2022-01-21
Reviewed by Yusuke Suzuki.

Implement MacroAssemblerRISCV64 branch-testing operations. The branching
instructions being intentionally simple in RISC-V, and with no status
register, scratch register has to be used to hold the testing result
and perform a branch based on its value. This will disallow use of these
implementations from Air, but that has to be address inside Air itself.

When performing tests for values that are smaller than 64 bits in width,
the tested value is zero-extended or, when necessary, loaded as an
unsigned value, to impose zeroed upper bits that eliminate masking
values that are too wide or get sign-extended when used as immediates.
Post-masking, these shorter-width values still have to be sign-extended
to accommodate branch instructions that are used when testing
signedness.

The test result value is then passed on, along with the desired
condition, to the new branchTestFinalize() helper method that finally
generates the appropriate branch.

assembler/MacroAssemblerRISCV64.h:

(JSC::MacroAssemblerRISCV64::branchTest8):
(JSC::MacroAssemblerRISCV64::branchTest16):
(JSC::MacroAssemblerRISCV64::branchTest32):
(JSC::MacroAssemblerRISCV64::branchTest64):
(JSC::MacroAssemblerRISCV64::branchPtr):
(JSC::MacroAssemblerRISCV64::branchTestFinalize):

1:18 PM Changeset in webkit [288373] by Russell Epstein

1 copy in branches/safari-613.1.14.41-branch

New branch.

1:13 PM Changeset in webkit [288372] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[RISCV64] Add MacroAssemblerRISCV64 operations for bitfield, zero-counting, byte-swapping operations
https://bugs.webkit.org/show_bug.cgi?id=235439

Patch by Zan Dobersek <zdobersek@igalia.com> on 2022-01-21
Reviewed by Yusuke Suzuki.

Add MacroAssemblerRISCV64 implementations that cover unsigned bitfield,
leading-zero, trailing-zero and byte-swapping operations. All these
operations are not supported in base RISC-V specifications. There are
extensions currently being ratified that will introduce more useful
instructions, but until then more verbose implementations will have
to be used.

For the unsigned bitfield operations, the desired result is achieved
through shifting and masking. Scratch registers are only needed in
case of the mask immediate being too large, but that will be properly
handled by the higher-level JITs. For other operations covered in this
patch we have to use scratch registers and custom loops to implement
the necessary behavior.

assembler/MacroAssemblerRISCV64.h:

(JSC::MacroAssemblerRISCV64::extractUnsignedBitfield32):
(JSC::MacroAssemblerRISCV64::extractUnsignedBitfield64):
(JSC::MacroAssemblerRISCV64::insertUnsignedBitfieldInZero32):
(JSC::MacroAssemblerRISCV64::insertUnsignedBitfieldInZero64):
(JSC::MacroAssemblerRISCV64::countLeadingZeros32):
(JSC::MacroAssemblerRISCV64::countLeadingZeros64):
(JSC::MacroAssemblerRISCV64::countTrailingZeros32):
(JSC::MacroAssemblerRISCV64::countTrailingZeros64):
(JSC::MacroAssemblerRISCV64::byteSwap16):
(JSC::MacroAssemblerRISCV64::byteSwap32):
(JSC::MacroAssemblerRISCV64::byteSwap64):

1:07 PM Changeset in webkit [288371] by Alan Bujtas

4 edits in trunk

[LFC][IFC] Inline boxes with collapsible content only should not be considered opaque bidi items
https://bugs.webkit.org/show_bug.cgi?id=235447

Reviewed by Antti Koivisto.

Source/WebCore:

We don't normally submit inline boxes with content to ubidi re-ordering since their content drives the visual
position unless they are empty. While empty inline boxes do not usually produce visual artifacts (except ones with decoration)
they still need to be able to answer "bounding box" type of questions.

So in order to have geometry generated for inline boxes, they either
1, need to have some content so that while processing their content, we also compute their geometries
2, have to participate in ubidi's visual re-ordering so that they show up in the visual list (which is the input to the display box create function)

This patch treats inline boxes with fully collapsible content empty so that they fall into group #2.

layout/formattingContexts/inline/InlineItemsBuilder.cpp:

(WebCore::Layout::InlineItemsBuilder::breakAndComputeBidiLevels):

LayoutTests:

TestExpectations:

1:02 PM Changeset in webkit [288370] by Robert Jenner

1 edit
1 move in trunk/LayoutTests

[ iOS EWS ] imported/w3c/web-platform-tests/dom/events/focus-event-document-move.html is a constant text failure
https://bugs.webkit.org/show_bug.cgi?id=235150
<rdar://problem/87524787>

Unreviewed, re-land iOS baseline in the correct location. The behaviour difference is expected as it involves mouse events.

platform/ios/imported/w3c/web-platform-tests/dom/events/focus-event-document-move-expected.txt: Renamed from LayoutTests/platform/ios/imported/w3c/dom/events/focus-event-document-move-expected.txt.

1:01 PM Changeset in webkit [288369] by Russell Epstein

1 copy in branches/safari-613.1.13.1-branch

New branch.

12:30 PM Changeset in webkit [288368] by Jonathan Bedard

2 edits in trunk/Tools

[EWS] Use token when processing hook
https://bugs.webkit.org/show_bug.cgi?id=235383
<rdar://problem/87791577>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/master.cfg:

Canonical link: https://commits.webkit.org/246270@main

10:54 AM Changeset in webkit [288367] by Jonathan Bedard

2 edits in trunk/Tools

[EWS] ConfigureBuild should display PR information instead of ValidateChange
https://bugs.webkit.org/show_bug.cgi?id=235377
<rdar://problem/87853245>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/steps.py:

(GitHub):
(GitHub.commit_url): Convert a sha and repository to clickable commit url.
(ConfigureBuild._addToLog): Added.
(ConfigureBuild.add_pr_details): Print link to pull request, commit being
tested and author of change.
(ValidateChange.validate_github): Move links to ConfigureBuild.

Canonical link: https://commits.webkit.org/246269@main

10:31 AM Changeset in webkit [288366] by Jonathan Bedard

5 edits in trunk/Tools

[webkitscmpy] Stop killing finished processes
https://bugs.webkit.org/show_bug.cgi?id=235427
<rdar://problem/87887233>

Rubber-stamped by Aakash Jain.

Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:

(Git.Cache.populate): Check if process has finished before killing it.
(Git.commits): Ditto.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/svn.py:

(Svn.Cache.populate): Check if process has finished before killing it.
(Svn.commits): Ditto.

Canonical link: https://commits.webkit.org/246268@main

9:14 AM Changeset in webkit [288365] by Russell Epstein

1 copy in tags/Safari-612.4.9.1.7

Tag Safari-612.4.9.1.7.

9:10 AM Changeset in webkit [288364] by Russell Epstein

8 edits in branches/safari-612.4.9.1-branch/Source

Versioning.

WebKit-7612.4.9.1.7

8:11 AM Changeset in webkit [288363] by achristensen@apple.com

3 edits in trunk/Source/JavaScriptCore

Fix build when using Visual Studio 2022
https://bugs.webkit.org/show_bug.cgi?id=235440

Reviewed by Antti Koivisto.

It doesn't like having a switch with a default but no cases.
This is cleaner with if statements anyways.
Also make members const because I can.

jit/JITCode.cpp:

(JSC::JITCode::calleeSaveRegisters const):

jit/JITCode.h:

7:08 AM Changeset in webkit [288362] by Antti Koivisto

6 edits
2 adds in trunk

WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
https://bugs.webkit.org/show_bug.cgi?id=235434
rdar://87832940

Reviewed by Alan Bujtas.

LayoutTests/imported/w3c:

web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html:

Update to WPT version.

Source/WebCore:

Test: fast/css/insert-import-rule-crash.html

css/StyleRuleImport.cpp:

(WebCore::StyleRuleImport::setCSSStyleSheet):

Null check the parent stylesheet. It can be null if the rule has been removed.

dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::startLoadingDynamicSheet):

Also fix a debug assert in addPendingSheet, this can get called multiple times.

LayoutTests:

fast/css/insert-import-rule-crash-expected.txt: Added.
fast/css/insert-import-rule-crash.html: Added.

5:11 AM Changeset in webkit [288361] by Lauro Moura

13 edits in trunk

[CMake] Cannot link libTestRunnerInjectedBundle.so in non unified build
https://bugs.webkit.org/show_bug.cgi?id=226088

Reviewed by Adrian Perez de Castro.

Source/JavaScriptCore:

wasm/js/JSWebAssemblyModule.h: Add missing header

Source/WebCore:

Covered by existing tests.

inspector/InspectorController.cpp:

(WebCore::InspectorController::isUnderTest const): Defining it.

inspector/InspectorController.h: Export isUnderTest().
loader/SubresourceIntegrity.h: Add missing header.
platform/gtk/ValidationBubbleGtk.cpp: Ditto.
svg/graphics/filters/SVGFEImage.h: Ditto.
testing/Internals.cpp:

(WebCore::Internals::mediaSessionState): Cast new enum to the WebCore
one.

testing/Internals.h: Redefine MediaSessionState as a new enum

instead of aliasing to avoid redefinitions of
convertEnumerationToString in non-unified builds.

workers/WorkerConsoleClient.h:

Tools:

WebKitTestRunner/CMakeLists.txt: Pull WebCore as dependency for

WTR/WTRInjectedBundle

3:05 AM Changeset in webkit [288360] by Adrian Perez de Castro

1 copy in releases/WPE WebKit/webkit-2.34.4

WPE WebKit 2.34.4

3:03 AM Changeset in webkit [288359] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.34

Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.34.4 release

Source/cmake/OptionsWPE.cmake: Bump version numbers.

Source/WebKit:

wpe/NEWS: Add release notes for 2.34.4

2:36 AM Changeset in webkit [288358] by Martin Robinson

10 edits
1 delete in trunk

element.scrollIntoView() sometimes doesn't scroll
https://bugs.webkit.org/show_bug.cgi?id=42593

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

web-platform-tests/css/cssom-view/scrollIntoView-horizontal-partially-visible-expected.txt:

Source/WebCore:

No new tests. This is covered by existing WPT tests.

For some operations which scroll to a rectangle, if an object is more than
32 pixels onscreen, it's not considered onscreen. This was originally used
to prevent unnecessary scrolling while tabbing through form fields, but is
no longer used for that in the majority of cases. Instead, the behavior affects
the calls to Element.focus(), Element.scrollIntoView(), and navigations to
anchor elements.

While navigation to anchor elements and calls to Element.focus() offer more
flexibility to the user agent, this behavior is not spec-compliant with
scrollIntoView(). This change adds a flag to ScrollAlignment to turn it off.

It could be that, in the future, the behavior for focus() is specified more
thoroughly, which might mean extending this fix.

dom/Element.cpp:

(WebCore::Element::scrollIntoView): Turn off the legacy horizontal visibility threshold.
(WebCore::Element::scrollIntoViewIfNeeded): Ditto.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::getRectToExpose const): Use the new setting in ScrollAlignment
and also rework the code to use the new methods on ScrollAlignment.

rendering/ScrollAlignment.h:

(WebCore::ScrollAlignment::getVisibleBehavior const): Converted this to a method to match
the new ones.
(WebCore::ScrollAlignment::getPartialBehavior const): Ditto.
(WebCore::ScrollAlignment::getHiddenBehavior const): Ditto.
(WebCore::ScrollAlignment::disableLegacyHorizontalVisibilityThreshold): Added.
(WebCore::ScrollAlignment::legacyHorizontalVisibilityThresholdEnabled const): Added.
(WebCore::ScrollAlignment::getVisibleBehavior): Deleted.
(WebCore::ScrollAlignment::getPartialBehavior): Deleted.
(WebCore::ScrollAlignment::getHiddenBehavior): Deleted.

LayoutTests:

platform/gtk/imported/w3c/web-platform-tests/css/cssom-view/getBoundingClientRect-empty-inline-expected.txt: Removed.
platform/gtk/imported/w3c/web-platform-tests/css/cssom-view/getBoundingClientRect-shy-expected.txt:
platform/gtk/imported/w3c/web-platform-tests/css/cssom-view/offsetTopLeft-empty-inline-expected.txt:
platform/gtk/imported/w3c/web-platform-tests/css/cssom-view/offsetTopLeft-leading-space-inline-expected.txt:

2:25 AM Changeset in webkit [288357] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

[GLIB] Garden fast/mediastream/getUserMedia-to-canvas-*.html failure for WPE
https://bugs.webkit.org/show_bug.cgi?id=235396

Unreviewed gardnening.

Move fast/mediastream/getUserMedia-to-canvas-*.html failures to glib
to suppress also WPE failures.

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-01-21

platform/glib/TestExpectations:
platform/gtk/TestExpectations:

1:41 AM Changeset in webkit [288356] by Fujii Hironori

5 edits in trunk/Source

Fix AppleWin build with newer MSVC
https://bugs.webkit.org/show_bug.cgi?id=235431

Reviewed by Alex Christensen.

Source/WebCore:

platform/graphics/ca/win/PlatformCALayerWin.cpp:

(printLayer):

Source/WebKitLegacy/win:

WebDownloadCFNet.cpp:

(WebDownload::cancelForResume):

WebKitQuartzCoreAdditions/CAD3DRenderer.cpp:

(WKQCA::CAD3DRenderer::resetD3DDevice):

1:25 AM Changeset in webkit [288355] by jonlee@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening.

gpu-process/TestExpectations:

12:32 AM Changeset in webkit [288354] by commit-queue@webkit.org

28 edits
1 copy
3 adds in trunk

Support in-process testing of IPC messages
https://bugs.webkit.org/show_bug.cgi?id=231674
<rdar://84189314>

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-01-21
Reviewed by Brent Fulgham.

Source/WebKit:

Add IPCTester service to UI, GPU, Network, Authn process.
The service can be used to send random messages to the processes.

Test: ipc/start-message-testing.html

DerivedSources-input.xcfilelist:
DerivedSources-output.xcfilelist:
DerivedSources.make:
GPUProcess/GPUConnectionToWebProcess.cpp:

(WebKit::GPUConnectionToWebProcess::dispatchMessage):
(WebKit::GPUConnectionToWebProcess::dispatchSyncMessage):

GPUProcess/GPUConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::didReceiveMessage):
(WebKit::NetworkConnectionToWebProcess::didReceiveSyncMessage):

NetworkProcess/NetworkConnectionToWebProcess.h:
Platform/IPC/Connection.cpp:

(IPC::Connection::dispatchIncomingMessageForTesting):
(IPC::Connection::dispatchMessage):
(IPC::CompletionHandler<void):
Remove asserts from takeAsyncReplyHandler, they're already present
in the caller. The caller can filter them based on the testing flag,
allowing testing without asserts.

Platform/IPC/Connection.h:
Platform/IPC/Decoder.cpp:

(IPC::Decoder::create):
(IPC::Decoder::Decoder):
(IPC::Decoder::~Decoder):

Platform/IPC/Decoder.h:
Platform/IPC/cocoa/ConnectionCocoa.mm:

(IPC::createMessageDecoder):

Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::processMessage):

Platform/IPC/win/ConnectionWin.cpp:

(IPC::Connection::readEventHandler):

Shared/IPCTester.cpp: Added.

(WebKit::messageTestDriver):
(WebKit::runMessageTesting):
(WebKit::IPCTester::~IPCTester):
(WebKit::IPCTester::startMessageTesting):
(WebKit::IPCTester::stopMessageTesting):
(WebKit::IPCTester::stopIfNeeded):

Shared/IPCTester.h: Added.
Shared/IPCTester.messages.in: Copied from Source/WebKit/WebAuthnProcess/WebAuthnConnectionToWebProcess.messages.in.
Sources.txt:
UIProcess/LegacySessionStateCodingNone.cpp:

(WebKit::decodeLegacySessionState):

UIProcess/WebProcessPool.cpp:
UIProcess/WebProcessPool.h:
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::shouldSendPendingMessage):

WebAuthnProcess/WebAuthnConnectionToWebProcess.cpp:

(WebKit::WebAuthnConnectionToWebProcess::dispatchMessage):
(WebKit::WebAuthnConnectionToWebProcess::dispatchSyncMessage):

WebAuthnProcess/WebAuthnConnectionToWebProcess.h:
WebAuthnProcess/WebAuthnConnectionToWebProcess.messages.in:
WebKit.xcodeproj/project.pbxproj:
WebProcess/WebPage/IPCTestingAPI.cpp:

(WebKit::IPCTestingAPI::JSMessageListener::didReceiveMessage):
(WebKit::IPCTestingAPI::JSMessageListener::willSendMessage):

LayoutTests:

done-ipc-fuzizng

TestExpectations:
ipc/start-message-testing.html: Added.

Jan 20, 2022:

10:38 PM Changeset in webkit [288353] by commit-queue@webkit.org

3 edits in trunk/LayoutTests

Partially garden [iOS] Triage failing LayoutTests in the storage/indexeddb directory
https://bugs.webkit.org/show_bug.cgi?id=181752
rdar://36590081

Patch by Jon Lee <jonlee554@gmail.com> on 2022-01-20
Reviewed by Simon Fraser.

Some of the tests always pass now. Update expectations.

gpu-process/TestExpectations:
platform/ios/TestExpectations:

10:15 PM Changeset in webkit [288352] by Said Abou-Hallawa

59 edits in trunk/Source

[Cocoa] Accelerated filters are enabled by the wrong setting
https://bugs.webkit.org/show_bug.cgi?id=235376

Reviewed by Simon Fraser.

Source/WebCore:

This patch does the following:

Delete the setting AcceleratedFiltersEnabled since it has not been enabled by any port.
Delete CoreImageAcceleratedFilterRenderEnabled from the experimental features list because CoreImage filters are not ready to be run in the layout tests.
Add AcceleratedFiltersEnabled as an internal feature and use it to enable CoreImage filters for Cocoa ports. and SourceGraphic::createApplier().
Use "Accelerated" instead of using "CoreImage" in the methods of Filter and FilterEffect. The implementation of these methods will be guarded by #if USE(CORE_IMAGE) for Cocoa ports.
Split the method createApplier() to two methods: createSoftwareApplier() and createAcceleratedApplier() and make FilterEffect::createApplier() decide which one to call.

Headers.cmake:
WebCore.xcodeproj/project.pbxproj:
css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::image):

page/Page.cpp:

(WebCore::Page::acceleratedFiltersEnabled const):

page/Page.h:
page/Settings.yaml:
platform/graphics/coreimage/FEColorMatrixCoreImageApplier.h:
platform/graphics/coreimage/FEComponentTransferCoreImageApplier.h:
platform/graphics/coreimage/SourceGraphicCoreImageApplier.h:
platform/graphics/filters/FEBlend.cpp:

(WebCore::FEBlend::createSoftwareApplier const):
(WebCore::FEBlend::createApplier const): Deleted.

platform/graphics/filters/FEBlend.h:
platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::FEColorMatrix::resultIsAlphaImage const):
(WebCore::FEColorMatrix::supportsAcceleratedRendering const):
(WebCore::FEColorMatrix::createAcceleratedApplier const):
(WebCore::FEColorMatrix::createSoftwareApplier const):
(WebCore::FEColorMatrix::supportsCoreImageRendering const): Deleted.
(WebCore::FEColorMatrix::createApplier const): Deleted.

platform/graphics/filters/FEColorMatrix.h:
platform/graphics/filters/FEComponentTransfer.cpp:

(WebCore::FEComponentTransfer::supportsAcceleratedRendering const):
(WebCore::FEComponentTransfer::createAcceleratedApplier const):
(WebCore::FEComponentTransfer::createSoftwareApplier const):
(WebCore::FEComponentTransfer::supportsCoreImageRendering const): Deleted.
(WebCore::FEComponentTransfer::createApplier const): Deleted.

platform/graphics/filters/FEComponentTransfer.h:
platform/graphics/filters/FEComposite.cpp:

(WebCore::FEComposite::createSoftwareApplier const):
(WebCore::FEComposite::createApplier const): Deleted.

platform/graphics/filters/FEComposite.h:
platform/graphics/filters/FEConvolveMatrix.cpp:

(WebCore::FEConvolveMatrix::createSoftwareApplier const):
(WebCore::FEConvolveMatrix::createApplier const): Deleted.

platform/graphics/filters/FEConvolveMatrix.h:
platform/graphics/filters/FEDisplacementMap.cpp:

(WebCore::FEDisplacementMap::createSoftwareApplier const):
(WebCore::FEDisplacementMap::createApplier const): Deleted.

platform/graphics/filters/FEDisplacementMap.h:
platform/graphics/filters/FEDropShadow.cpp:

(WebCore::FEDropShadow::createSoftwareApplier const):
(WebCore::FEDropShadow::createApplier const): Deleted.

platform/graphics/filters/FEDropShadow.h:
platform/graphics/filters/FEFlood.cpp:

(WebCore::FEFlood::createSoftwareApplier const):
(WebCore::FEFlood::createApplier const): Deleted.

platform/graphics/filters/FEFlood.h:
platform/graphics/filters/FEGaussianBlur.cpp:

(WebCore::FEGaussianBlur::createSoftwareApplier const):
(WebCore::FEGaussianBlur::createApplier const): Deleted.

platform/graphics/filters/FEGaussianBlur.h:
platform/graphics/filters/FELighting.cpp:

(WebCore::FELighting::createSoftwareApplier const):
(WebCore::FELighting::createApplier const): Deleted.

platform/graphics/filters/FELighting.h:
platform/graphics/filters/FEMerge.cpp:

(WebCore::FEMerge::createSoftwareApplier const):
(WebCore::FEMerge::createApplier const): Deleted.

platform/graphics/filters/FEMerge.h:
platform/graphics/filters/FEMorphology.cpp:

(WebCore::FEMorphology::createSoftwareApplier const):
(WebCore::FEMorphology::createApplier const): Deleted.

platform/graphics/filters/FEMorphology.h:
platform/graphics/filters/FEOffset.cpp:

(WebCore::FEOffset::createSoftwareApplier const):
(WebCore::FEOffset::createApplier const): Deleted.

platform/graphics/filters/FEOffset.h:
platform/graphics/filters/FETile.cpp:

(WebCore::FETile::createSoftwareApplier const):
(WebCore::FETile::createApplier const): Deleted.

platform/graphics/filters/FETile.h:
platform/graphics/filters/FETurbulence.cpp:

(WebCore::FETurbulence::createSoftwareApplier const):
(WebCore::FETurbulence::createApplier const): Deleted.

platform/graphics/filters/FETurbulence.h:
platform/graphics/filters/FilterEffect.cpp:

(WebCore::FilterEffect::createApplier const):

platform/graphics/filters/FilterEffect.h:

(WebCore::FilterEffect::createAcceleratedApplier const):

platform/graphics/filters/FilterFunction.h:

(WebCore::FilterFunction::supportsAcceleratedRendering const):
(WebCore::FilterFunction::supportsCoreImageRendering const): Deleted.

platform/graphics/filters/SourceAlpha.cpp:

(WebCore::SourceAlpha::createSoftwareApplier const):
(WebCore::SourceAlpha::createApplier const): Deleted.

platform/graphics/filters/SourceAlpha.h:
platform/graphics/filters/SourceGraphic.cpp:

(WebCore::SourceGraphic::supportsAcceleratedRendering const):
(WebCore::SourceGraphic::createAcceleratedApplier const):
(WebCore::SourceGraphic::createSoftwareApplier const):
(WebCore::SourceGraphic::createApplier const): Deleted.

platform/graphics/filters/SourceGraphic.h:
rendering/CSSFilter.cpp:

(WebCore::CSSFilter::create):
(WebCore::CSSFilter::supportsAcceleratedRendering const):
(WebCore::CSSFilter::supportsCoreImageRendering const): Deleted.

rendering/CSSFilter.h:
rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

rendering/svg/RenderSVGResourceFilter.cpp:

(WebCore::RenderSVGResourceFilter::applyResource):

svg/graphics/filters/SVGFEImage.cpp:

(WebCore::FEImage::createSoftwareApplier const):
(WebCore::FEImage::createApplier const): Deleted.

svg/graphics/filters/SVGFEImage.h:
svg/graphics/filters/SVGFilter.cpp:

(WebCore::SVGFilter::create):
(WebCore::SVGFilter::supportsAcceleratedRendering const):
(WebCore::SVGFilter::supportsCoreImageRendering const): Deleted.

svg/graphics/filters/SVGFilter.h:

Source/WTF:

Delete ENABLE_CORE_IMAGE_ACCELERATED_FILTER_RENDER and use USE_CORE_IMAGE
instead since CoreImage is only used for filters right now. Besides
CoreImage filters will be enabled by the internal feature control flag
AcceleratedFiltersEnabled.

Scripts/Preferences/WebPreferencesExperimental.yaml:
Scripts/Preferences/WebPreferencesInternal.yaml:
wtf/PlatformEnableCocoa.h:

8:54 PM Changeset in webkit [288351] by Alan Bujtas

2 edits in trunk/LayoutTests

It looks like word-break-break-all-008.html still fails on Catalina.

Unreviewed.

platform/mac/TestExpectations:

8:18 PM Changeset in webkit [288350] by jonlee@apple.com

4 edits in trunk/LayoutTests

Unreviewed gardening.

gpu-process/TestExpectations:
platform/ios-simulator/TestExpectations:
platform/ios-wk2/TestExpectations:

7:58 PM Changeset in webkit [288349] by Lauro Moura

2 edits in trunk/Tools

[GTK] API test /webkit/WebKitWebsiteData/cache is flaky
https://bugs.webkit.org/show_bug.cgi?id=188113

Unreviewed test gardening.

It has been passing consistently for a long time. Sometimes failing
consistently too, but when there are regressions.

TestWebKitAPI/glib/TestExpectations.json:

7:51 PM Changeset in webkit [288348] by jonlee@apple.com

3 edits in trunk/LayoutTests

media/video-src-blob-using-open-panel.html now always passes.
rdar://problem/32715902

Gardening. Unreviewed.

gpu-process/TestExpectations:
platform/ios/TestExpectations:

7:47 PM Changeset in webkit [288347] by jonlee@apple.com

5 edits in trunk/LayoutTests

WPT progressions after r288070 (complex font codepath for IFC)

Unreviewed.

Patch by Alan Bujtas <Alan Bujtas> on 2022-01-20

TestExpectations:
platform/mac/TestExpectations:

7:18 PM Changeset in webkit [288346] by Alan Bujtas

3 edits in trunk/LayoutTests

WPT progressions after r288070 (complex font codepath for IFC)

Unreviewed.

TestExpectations:
platform/mac/TestExpectations:

7:09 PM Changeset in webkit [288345] by Devin Rousso

18 edits
4 copies
2 adds in trunk

Add SPI for passing around and getting details about WebCore::CSSStyleDeclaration in injected bundle code
https://bugs.webkit.org/show_bug.cgi?id=235386
<rdar://problem/87566737>

Reviewed by Tim Horton.

Source/WebKit:

Test: WebKit.WKWebProcessPlugInCSSStyleDeclarationHandle

WebProcess/InjectedBundle/DOM/InjectedBundleCSSStyleDeclarationHandle.h:
WebProcess/InjectedBundle/DOM/InjectedBundleCSSStyleDeclarationHandle.cpp:

(WebKit::InjectedBundleCSSStyleDeclarationHandle::getOrCreate):
(WebKit::InjectedBundleCSSStyleDeclarationHandle::coreCSSStyleDeclaration): Added.
Expose a way to get the related WebCore::CSSStyleDeclaration (for toJS).
Add a method that returns the string value for a given property name.

WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInCSSStyleDeclarationHandle.h: Added.
WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInCSSStyleDeclarationHandleInternal.h: Added.
WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInCSSStyleDeclarationHandle.mm: Added.

(-[WKWebProcessPlugInCSSStyleDeclarationHandle dealloc]):
(+[WKWebProcessPlugInCSSStyleDeclarationHandle cssStyleDeclarationHandleWithJSValue:inContext:]):
(-[WKWebProcessPlugInCSSStyleDeclarationHandle _cssStyleDeclarationHandle]):
(-[WKWebProcessPlugInCSSStyleDeclarationHandle _apiObject]):
Add ObjC SPI for manipulating WebCore::CSSStyleDeclaration (in the injected bundle).

WebProcess/WebPage/WebFrame.h:
WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::jsWrapperForWorld):

WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.h:
WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm:

(-[WKWebProcessPlugInFrame jsCSSStyleDeclarationForCSSStyleDeclarationHandle:inWorld:]): Added.
Add methods for converting from ObjC SPI wrappers of WebCore::CSSStyleDeclaration to JS.

Shared/Cocoa/APIObject.mm:

(API::Object::newObject):
Add support for automatic conversion of WKBundleCSSStyleDeclarationRef to ObjC (above).

PlatformMac.cmake:
SourcesCocoa.txt:
WebKit.xcodeproj/project.pbxproj:

WebProcess/cocoa/WebProcessCocoa.mm:

Drive-by: Unified sources fixes.

Tools:

TestWebKitAPI/Tests/WebKitCocoa/BundleCSSStyleDeclarationHandleProtocol.h: Added.
TestWebKitAPI/Tests/WebKitCocoa/BundleCSSStyleDeclarationHandle.mm: Added.

(-[BundleCSSStyleDeclarationHandleRemoteObject verifyStyle:]):
(TEST.WebKit.WKWebProcessPlugInCSSStyleDeclarationHandle):

TestWebKitAPI/Tests/WebKitCocoa/BundleCSSStyleDeclarationHandlePlugIn.mm: Added.

(-[BundleCSSStyleDeclarationHandlePlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[BundleCSSStyleDeclarationHandlePlugIn webProcessPlugInBrowserContextController:didFinishDocumentLoadForFrame:]):

TestWebKitAPI/SourcesCocoa.txt:
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

TestWebKitAPI/Tests/WebKitCocoa/CookiePrivateBrowsing.mm:

(-[CookiePrivateBrowsingDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
(TEST.WebKit.CookiePrivateBrowsing):

TestWebKitAPI/Tests/WebKitCocoa/ModalContainerObservation.mm:
TestWebKitAPI/Tests/WebKitCocoa/RestoreSessionStateWithoutNavigation.mm:

(-[SessionStateDelegate webView:didFinishNavigation:]):
(TestWebKitAPI::createSessionStateData):
Drive-by: Unified sources fixes.

7:00 PM Changeset in webkit [288344] by jonlee@apple.com

3 edits in trunk/LayoutTests

Unreviewed gardening.

gpu-process/TestExpectations: Remove failure expectations on media tests that are passing on iOS.
platform/ios/TestExpectations:

6:58 PM Changeset in webkit [288343] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][IFC] Implement TextUtil::directionForTextContent
https://bugs.webkit.org/show_bug.cgi?id=235392

Reviewed by Antti Koivisto.

Let's check with ubidi_getBaseDirection what the content direction is. We use this
direction value to drive the line based "content alignment".

layout/formattingContexts/inline/text/TextUtil.cpp:

(WebCore::Layout::TextUtil::directionForTextContent):

6:43 PM Changeset in webkit [288342] by fpizlo@apple.com

13 edits in trunk/Source/bmalloc

[libpas] medium directory lookup should bail if begin_index is zero to catch races with expendable memory decommit (cherry pick 434465bfb8e0c285d6763cf6aa0e04982199f824)
https://bugs.webkit.org/show_bug.cgi?id=235280

Reviewed by Yusuke Suzuki.

I've been seeing crashes in pas_segregated_heap_ensure_allocator_index where the directory that is
passed to the function doesn't match the size. The most likely reason why this is happening is that
the medium directory lookup raced with expendable memory decommit and returned the wrong directory.
To figure out how this happens, I added a bunch of tests to ExpendableMemoryTests. This change
includes various small fixes (like removing assertions) that were found by doing such testing, and it
also includes a test and a change that I think exactly catches what is going on:

Expendable memory is decommitted so that the medium lookup sees begin_index == 0, but end_index still has its original value. This will cause it to return a tuple that is for a too-large size class.
Some other thread rematerializes the expendable memory right after the medium lookup finishes, but before it loads the directory.
The medium lookup finally loads the directory from the tuple, and now sees a non-NULL directory, so it thinks that everything is fine.

This race barely "works" since:

Any other field in the medium tuple being zero would cause the medium lookup to fail, which would then cause a slow path that rematerializes expendable memory under a lock.
Rematerialization of expendable memory adjusts the mutation count, so this race would only go undetected if the rematerialization happened after the medium lookup search but before when the medium lookup loads the directory.

The solution is to just have the medium lookup fail if begin_index == 0. Begin_index can never
legitimately be zero, because there's no way that a size class would want to be responsible for both
index 0 (i.e. the zero-byte object) and objects big enough to require medium lookup.

This adds new tests. While running those new tests, I found and fixed two other bugs:

Recomputation of the index_to_small_allocator_index table subtly mishandles the cached_index case. Previously, it was only special-casing it only when the directory was not participating in lookup tables at all, but actually it needs to special-case it anytime that the directory doesn't otherwise think that it should set the entry at cached_index.

Expendable memory commit/decommit was playing fast-and-loose with version numbers. This fixes it so that there is a global monotonically increasing version number.

libpas/src/libpas/bmalloc_heap.c:

(bmalloc_flex_heap_ref_get_heap):
(bmalloc_auxiliary_heap_ref_get_heap):
(bmalloc_get_heap):

libpas/src/libpas/bmalloc_heap.h:
libpas/src/libpas/pas_expendable_memory.c:

(pas_expendable_memory_state_version_next):
(pas_expendable_memory_construct):
(pas_expendable_memory_commit_if_necessary):
(scavenge_impl):
(pas_expendable_memory_scavenge):

libpas/src/libpas/pas_expendable_memory.h:
libpas/src/libpas/pas_scavenger.c:

(handle_expendable_memory):
(scavenger_thread_main):
(pas_scavenger_decommit_expendable_memory):
(pas_scavenger_fake_decommit_expendable_memory):

libpas/src/libpas/pas_scavenger.h:
libpas/src/libpas/pas_segregated_heap.c:

(medium_directory_tuple_for_index_impl):
(pas_segregated_heap_medium_directory_tuple_for_index):
(pas_segregated_heap_medium_allocator_index_for_index):
(recompute_size_lookup):
(rematerialize_size_lookup_set_medium_directory_tuple):
(pas_segregated_heap_ensure_allocator_index):
(check_size_lookup_recomputation_set_medium_directory_tuple):
(check_size_lookup_recomputation_dump_directory):
(check_size_lookup_recomputation):
(check_size_lookup_recomputation_if_appropriate):
(pas_segregated_heap_ensure_size_directory_for_size):

libpas/src/libpas/pas_segregated_heap.h:
libpas/src/libpas/pas_segregated_size_directory.h:

(pas_segregated_size_directory_get_tlc_allocator_index):

libpas/src/libpas/pas_try_allocate_primitive.h:

(pas_try_allocate_primitive_impl_casual_case):
(pas_try_allocate_primitive_impl_inline_only):

libpas/src/test/ExpendableMemoryTests.cpp:

(std::testRage):
(std::testRematerializeAfterSearchOfDecommitted):
(std::testBasicSizeClass):
(addExpendableMemoryTests):

libpas/src/test/TestHarness.cpp:

(RuntimeConfigTestScope::RuntimeConfigTestScope):

6:39 PM Changeset in webkit [288341] by jonlee@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening.

gpu-process/TestExpectations:

6:11 PM Changeset in webkit [288340] by Ben Nham

3 edits in trunk/Source/bmalloc

Make bmalloc work better with various MallocStackLogging modes
https://bugs.webkit.org/show_bug.cgi?id=235425

Reviewed by Yusuke Suzuki.

This conditionalizes the way system malloc is used depending on the exact value of the
MallocStackLogging environment variable:

If the mode is "vm" or "vmlite", then we don't need to use system malloc at all, since those logging modes only intercept syscalls.
If the mode is "lite", then we should use the default malloc zone (rather than our custom "WebKit Using System Malloc" zone), since the lite mode only intercepts allocations from the default zone.

Before this change, the lite mode didn't capture bmalloc/FastMalloc callstacks, which made
it less useful than it should have been.

bmalloc/DebugHeap.cpp:

(bmalloc::shouldUseDefaultMallocZone):
(bmalloc::DebugHeap::DebugHeap):

bmalloc/Environment.cpp:

(bmalloc::isMallocEnvironmentVariableImplyingSystemMallocSet):
(bmalloc::Environment::computeIsDebugHeapEnabled):

5:36 PM Changeset in webkit [288339] by ysuzuki@apple.com

3 edits in trunk/Source/bmalloc

[libpas] Ensure pas_allocation_callback and pas_deallocation_callback are initialized as NULL
https://bugs.webkit.org/show_bug.cgi?id=235423

Reviewed by Mark Lam.

Some compiler options cause link-failure when we do not explicitly initialize these variables
in the C file (but it is not necessary strictly speaking). This patch cleans up and initializes
them with NULL.

libpas/src/libpas/pas_allocation_callbacks.c:
libpas/src/libpas/pas_allocation_callbacks.h:

5:35 PM Changeset in webkit [288338] by Russell Epstein

1 copy in tags/Safari-613.1.14.2.2

Tag Safari-613.1.14.2.2.

5:33 PM Changeset in webkit [288337] by Russell Epstein

9 edits in branches/safari-613.1.14.2-branch/Source

Versioning.

WebKit-7613.1.14.2.2

5:23 PM Changeset in webkit [288336] by Simon Fraser

8 edits
2 adds in trunk

REGRESSION (r284136): A slight horizontal rubberband kills scroll momentum
https://bugs.webkit.org/show_bug.cgi?id=234384

Reviewed by Tim Horton.

Source/WebCore:

ScrollAnimationRubberBand subtly changed the behavior of the rubberband animation on the
axis that is not the rubberbanding axis. Because it converged on m_targetOffset, it always
resulted in no offset on that axis.

Fix by restoring the behavior from before r284136, which applies the rubberbanding as a
delta from the current offset and no longer uses m_targetOffset, which is removed. It's a
bit surprising that this rubberband animation drives a vertical scroll when the gesture is
primarily horizontal (normally we'd clamp these deltas to be purely horizontal), but people
are used to this behavior so restore it.

Test: fast/scrolling/mac/j-shaped-scroll-rubberband.html

platform/ScrollAnimation.h:
platform/ScrollingEffectsController.cpp:

(WebCore::ScrollingEffectsController::overscrollAmount):
(WebCore::ScrollingEffectsController::scrollOffset):

platform/ScrollingEffectsController.h:
platform/mac/ScrollAnimationRubberBand.h:
platform/mac/ScrollAnimationRubberBand.mm:

(WebCore::ScrollAnimationRubberBand::startRubberBandAnimation):
(WebCore::ScrollAnimationRubberBand::serviceAnimation):
(WebCore::ScrollAnimationRubberBand::debugDescription const):

platform/mac/ScrollingEffectsController.mm:

(WebCore::ScrollingEffectsController::startRubberBandAnimation):
(WebCore::ScrollingEffectsController::startRubberBandAnimationIfNecessary):

LayoutTests:

fast/scrolling/mac/j-shaped-scroll-rubberband-expected.txt: Added.
fast/scrolling/mac/j-shaped-scroll-rubberband.html: Added.

5:13 PM Changeset in webkit [288335] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

ReplayCGDisplayListsIntoBackingStore often results in compositing layers with black backgrounds
https://bugs.webkit.org/show_bug.cgi?id=235424

Reviewed by Simon Fraser.

No new tests, covered by many existing tests when run in this mode.

Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::applyBackingStoreToLayer):
Since we use CA-driven painting when ReplayCGDisplayListsIntoBackingStore
is enabled, we need to tell CA whether or not our backing store needs
an alpha channel before invalidating and painting into the layer.

5:01 PM Changeset in webkit [288334] by Tyler Wilcock

2 edits in trunk/Source/WebCore

AXCoreObject::childrenIDs can be simplified and more efficient by using map
https://bugs.webkit.org/show_bug.cgi?id=235418

Reviewed by Darin Adler.

Follow-up to address Darin's comment at
https://bugs.webkit.org/show_bug.cgi?id=235384#c8.

No tests added because there's no behavior change.

accessibility/AccessibilityObjectInterface.h:

(WebCore::AXCoreObject::childrenIDs):
Use map instead of for-loop for simplicity and efficiency through
map's use of uncheckedAppend and reserveInitialCapacity.

4:34 PM Changeset in webkit [288333] by J Pascoe

3 edits in trunk/Source/WebKit

[WebAuthn] Support all valid FIDO NFC tag types
https://bugs.webkit.org/show_bug.cgi?id=234616
rdar://85871173

Reviewed by Darin Adler.

This patch modifies a check when looking for FIDO nfc tags
to support all valid FIDO tag types.

Tested using physical NFC tags provided for this bug.

Platform/spi/Cocoa/NearFieldSPI.h:
UIProcess/WebAuthentication/Cocoa/NfcConnection.mm:

(WebKit::NfcConnection::didDetectTags):

4:17 PM Changeset in webkit [288332] by Alan Bujtas

9 edits in trunk/Source/WebCore

[LFC][IFC] Add LineContent::inlineBaseDirection to support line based inline direction
https://bugs.webkit.org/show_bug.cgi?id=235391

Reviewed by Antti Koivisto.

In this patch we introduce the line based inline base direction. With "unicode-bidi: plaintext" each line can have its own
base direction depending on the content on the line.

layout/formattingContexts/inline/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computeGeometryForLineContent):

layout/formattingContexts/inline/InlineLineBuilder.cpp:

(WebCore::Layout::toString): Unfortunately we have to rebuild the text content part of the line here.
(WebCore::Layout::LineBuilder::layoutInlineContent):

layout/formattingContexts/inline/InlineLineBuilder.h:
layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:

(WebCore::Layout::InlineDisplayContentBuilder::processNonBidiContent):

layout/formattingContexts/inline/display/InlineDisplayLineBuilder.cpp:

(WebCore::Layout::InlineDisplayLineBuilder::build const):

layout/formattingContexts/inline/display/InlineDisplayLineBuilder.h:
layout/formattingContexts/inline/text/TextUtil.cpp:

(WebCore::Layout::TextUtil::directionForTextContent):

layout/formattingContexts/inline/text/TextUtil.h:

3:48 PM Changeset in webkit [288331] by Adrian Perez de Castro

1 copy in releases/WebKitGTK/webkit-2.34.4

WebKitGTK 2.34.4

3:41 PM Changeset in webkit [288330] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.34

Unreviewed. Update OptionsGTK.cmake and NEWS for the 2.34.4 release

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

gtk/NEWS: Add release notes for 2.34.4

3:41 PM Changeset in webkit [288329] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r288305 - [JSC] Add section directive in MacroAssemblerX86Common asm blocks
https://bugs.webkit.org/show_bug.cgi?id=235406

Patch by Joseph Griego <jgriego@igalia.com> on 2022-01-20
Reviewed by Yusuke Suzuki.

These asm blocks aren't in a function body so they need a .text
directive to prevent them from being included in some arbitrary section
(say, an inline function's section) by happenstance, which was happening
in the WPE build without UnifiedSources.

assembler/MacroAssemblerX86Common.cpp:

3:41 PM Changeset in webkit [288328] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r288324 - Non-unified build fails due to forward declaration in JavaScriptCore/jit/JITStubRoutine.h
https://bugs.webkit.org/show_bug.cgi?id=235409

Unreviewed non-unified build fix.

jit/JITStubRoutine.h:

3:09 PM Changeset in webkit [288327] by Wenson Hsieh

2 edits in trunk/Source/WebCore

[macOS] Various tests hit debug assertions under SearchBuffer::search after system ICU changes
https://bugs.webkit.org/show_bug.cgi?id=235413
rdar://87423185

Reviewed by Darin Adler.

After upgrading the system ICU version to ICU 70, many layout tests that attempt to use TextIterator on macOS
(e.g. tests in accessibility/mac) hit debug assertions underneath WebCore::SearchBuffer::search; this is
because ICU now emits U_USING_DEFAULT_WARNING as the error code when calling usearch_next(), instead of
U_ZERO_ERROR, like it did in previous versions.

This warning is propagated due to ICU falling back to the root locale (kRootLocaleName) when creating an
icu::BreakIterator, and appears to be benign. We can address this by relaxing the debug assertion in this
method to just check that the error code indicates success (i.e. "warning, or no error"), rather than strictly
being equal to U_ZERO_ERROR.

editing/TextIterator.cpp:

(WebCore::SearchBuffer::search):

2:32 PM Changeset in webkit [288326] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] Add "previous line ends with a line break" flag to PreviousLine
https://bugs.webkit.org/show_bug.cgi?id=235405

Reviewed by Antti Koivisto.

This is in preparation for supporting unicode-bidi: plaintext where we need to know if the previous line ends in a line break or not.

layout/formattingContexts/inline/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::lineLayout):

layout/formattingContexts/inline/InlineLineBuilder.h:

2:10 PM Changeset in webkit [288325] by Ross Kirsling

2 edits in trunk/PerformanceTests

[WinCairo] Unreviewed performance test gardening.

Skipped:

Skip various IndexedDB timeouts.

2:06 PM Changeset in webkit [288324] by Pablo Saavedra

2 edits in trunk/Source/JavaScriptCore

Non-unified build fails due to forward declaration in JavaScriptCore/jit/JITStubRoutine.h
https://bugs.webkit.org/show_bug.cgi?id=235409

Unreviewed non-unified build fix.

jit/JITStubRoutine.h:

2:04 PM Changeset in webkit [288323] by commit-queue@webkit.org

1 edit
1 add in trunk/LayoutTests

Mark range boundary point containers
https://bugs.webkit.org/show_bug.cgi?id=233462

Patch by Rob Buis <rbuis@igalia.com> on 2022-01-20
Reviewed by Darin Adler.

Add test that should have been part of r287131. Caught by Adrian.

fast/dom/Range/delete-contents-crash.html: Added.

1:36 PM Changeset in webkit [288322] by Jonathan Bedard

2 edits in trunk/Tools

[ews] Load credentials from passwords.json in master.cfg (Follow-up)
https://bugs.webkit.org/show_bug.cgi?id=235296

Reviewed by Aakash Jain.

CISupport/ews-build/master.cfg:

(load_password): Define default value.

Canonical link: https://commits.webkit.org/246234@main

1:26 PM Changeset in webkit [288321] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288293. rdar://problem/87777915

Prevent empty folders being created during install builds
rdar://87777915

Patch by Elliott Williams <Elliott Williams> on 2022-01-20
Reviewed by Brady Eidson.

The "Copy Daemon Plists" script phase has output files which aren't always written to. Since
Xcode mkdir-p's these output directories, it ends up creating an empty directory under some
circumstances. Fix by removing these declared outputs: since this script is install-only
and executes quickly, it's not really a problem to have it run redundantly.

Once we use XCBuild everywhere, it can be rewritten as a Copy Files phase.

WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:26 PM Changeset in webkit [288320] by Russell Epstein

4 edits
4 adds in branches/safari-613-branch

Cherry-pick r288078. rdar://problem/87662271

database names leak cross-origin within the same browser session
https://bugs.webkit.org/show_bug.cgi?id=233548

Reviewed by Geoff Garen.

Source/WebCore:

Test: http/tests/security/getdatabases-crossorigin.html

Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open UniqueIDBDatabases, only add them to the results list if their origins match.

page/ClientOrigin.h: (WebCore::ClientOrigin::operator!= const):

LayoutTests:

http/tests/security/getdatabases-crossorigin-expected.txt: Added.
http/tests/security/getdatabases-crossorigin.html: Added.
http/tests/security/resources/getdatabases-otherframe.html: Added.
http/tests/security/resources/getdatabases-otherwindow.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:26 PM Changeset in webkit [288319] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r287997. rdar://problem/87274541

Sometimes cannot scroll after using internal trackpad
https://bugs.webkit.org/show_bug.cgi?id=235206
<rdar://problem/87274541>

Reviewed by Simon Fraser.

WebProcess/WebPage/MomentumEventDispatcher.cpp: (WebKit::MomentumEventDispatcher::didStartMomentumPhase): (WebKit::MomentumEventDispatcher::setScrollingAccelerationCurve):
WebProcess/WebPage/MomentumEventDispatcher.h: We store std::optional<ScrollingAccelerationCurve> in a map, but then when looking at whether we have a curve (to decide whether or not to even use MomentumEventDispatcher), we check if the map has *any* value for the given page... even an unengaged optional. To fix, check if the optional is engaged.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287997 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:26 PM Changeset in webkit [288318] by Russell Epstein

4 edits in branches/safari-613-branch

Cherry-pick r287957. rdar://problem/87327557

[WebAuthn] Fix freebie call without user gesture not being given
https://bugs.webkit.org/show_bug.cgi?id=235078
rdar://87327557

Reviewed by Brent Fulgham.

Source/WebKit:

This logic was previously always requiring a user gesture. The desired
behavior of giving pages a single "freebie" webauthn call without gesture
was lost in a refactor.

Tested manually on iOS device with webauthn.me.

WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp: (WebKit::WebAuthenticatorCoordinator::processingUserGesture):

Tools:

Updated API test to reflect user gesture freebie.

TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287957 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:18 PM Changeset in webkit [288317] by Alan Bujtas

4 edits in trunk/Source/WebCore

[LFC][IFC] LineBuilder::layoutInlineContent should take PreviousLine
https://bugs.webkit.org/show_bug.cgi?id=235403

Reviewed by Antti Koivisto.

Let's pass in a PreviousLine struct to LineBuilder::layoutInlineContent instead of individual variables about the previous line.
This is in preparation for supporting unicode-bidi: plaintext where we need to know if the previous line ends in a line break or not.

layout/formattingContexts/inline/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::lineLayout):
(WebCore::Layout::InlineFormattingContext::computedIntrinsicWidthForConstraint const):

layout/formattingContexts/inline/InlineLineBuilder.cpp:

(WebCore::Layout::LineBuilder::layoutInlineContent):
(WebCore::Layout::LineBuilder::computedIntrinsicWidth):
(WebCore::Layout::LineBuilder::initialize):

layout/formattingContexts/inline/InlineLineBuilder.h:

1:11 PM Changeset in webkit [288316] by commit-queue@webkit.org

9 edits
1 copy in trunk

[XCBuild] Build via the workspace with USE_WORKSPACE=YES
https://bugs.webkit.org/show_bug.cgi?id=235385
rdar://87489695

Patch by Elliott Williams <Elliott Williams> on 2022-01-20
Reviewed by Alexey Proskuryakov.

Experimental XCBuild support is available by passing USE_WORKSPACE=YES to Make. This is
roughly equivalent to opening WebKit.xcworkspace and building a scheme in the IDE.

A workspace build is only one xcodebuild invocation, in contrast with the traditional
recursive-Make build that iterates through each project directory. As a result, workspace
builds are faster: the build system can schedule targets from different projects to build
simultaneously, and there's lower xcodebuild overhead.

Workspaces build _schemes_, which are a collection of targets. By default, Make looks for a
scheme whose name matches the source directory (Source/WebCore => build scheme "WebCore").
Makefiles can customize this by setting SCHEME.

At this time, there is no guarantee of correctness when building with USE_WORKSPACE=YES, and
workspace builds are not checked by builders.

Makefile: Use workspace logic when USE_WORKSPACE=YES
Makefile.shared: xcodebuild invocation logic for workspace builds
Source/Makefile: Use workspace logic and set custom SCHEME name
WebKit.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings: Use XCBuild for workspace

builds

WebKit.xcworkspace/xcshareddata/xcschemes/All Modules.xcscheme: Added, to correspond with

the top-level Makefile

WebKit.xcworkspace/xcshareddata/xcschemes/All Source.xcscheme: Let XCBuild determine build

order

WebKit.xcworkspace/xcshareddata/xcschemes/All Tools.xcscheme: Let XCBuild determine build

order

Tools:

Makefile: Use workspace logic and set custom SCHEME name

12:48 PM Changeset in webkit [288315] by commit-queue@webkit.org

33 edits
1 copy
6 adds
2 deletes in trunk

Implement WebGL GPU buffer texture upload path for Cocoa getUserMedia camera streams
https://bugs.webkit.org/show_bug.cgi?id=235233
<rdar://problem/87601762>

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-01-20
Reviewed by Youenn Fablet.

Source/WebCore:

Make full texture uploads from MediaStream camera captures use CVPixelBuffers
instead of reading the pixels back.
Implement MediaPlayerInterface::pixelBufferForCurrentTime() for
MediaPlayerPrivateMediaSourceAVFObjC.
Rename functions from pixelBuffer... to videoSample...
Use new type MediaSampleVideoFrame instead of CVPixelBuffer.
MediaSampleVideoFrame contains also the frame orientation. The
orientation is needed as the camera might capture the image
with a rotation or a flip.

To avoid ifdefs, the new API videoSampleForCurrentTime exists
for all platforms, but is currently called only by Cocoa.
Also the type MediaSampleVideoFrame exists for all platforms
but has the frame contents implementation only for Cocoa.

Tested by
fast/mediastream/getUserMedia-to-canvas-1.html
fast/mediastream/getUserMedia-to-canvas-2.html

Currently the "mirrored" part is tested manually, WebKit
does not request mirrored camera image so it is dead code.

Headers.cmake:
SourcesCocoa.txt:
WebCore.xcodeproj/project.pbxproj:
platform/graphics/MediaPlayer.cpp:

(WebCore::MediaPlayer::videoSampleForCurrentTime):
(WebCore::MediaPlayer::pixelBufferForCurrentTime): Deleted.

platform/graphics/MediaPlayer.h:
platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::copyVideoTextureToPlatformTexture):
(WebCore::MediaPlayerPrivateInterface::videoSampleForCurrentTime):
(WebCore::MediaPlayerPrivateInterface::pixelBufferForCurrentTime): Deleted.

platform/graphics/MediaSampleVideoFrame.h: Added.

(WebCore::MediaSampleVideoFrame::orientation const):
(WebCore::MediaSampleVideoFrame::pixelBuffer const):
(WebCore::MediaSampleVideoFrame::operator== const):
(WebCore::MediaSampleVideoFrame::encode const):
(WebCore::MediaSampleVideoFrame::decode):

platform/graphics/avfoundation/MediaSampleVideoFrameAVF.mm: Added.

(WebCore::MediaSampleVideoFrame::MediaSampleVideoFrame):

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::videoSampleForCurrentTime):
(WebCore::MediaPlayerPrivateAVFoundationObjC::pixelBufferForCurrentTime): Deleted.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::videoSampleForCurrentTime):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::pixelBufferForCurrentTime): Deleted.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::videoOrientation):
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::videoSampleForCurrentTime):

platform/graphics/cocoa/GraphicsContextGLCocoa.mm:

(WebCore::GraphicsContextGLCocoa::copyTextureFromMedia):

platform/graphics/cv/GraphicsContextGLCV.h:
platform/graphics/cv/GraphicsContextGLCVCocoa.cpp:

(WebCore::GraphicsContextGLCVCocoa::GraphicsContextGLCVCocoa):
(WebCore::GraphicsContextGLCVCocoa::copyVideoFrameToTexture):
(WebCore::GraphicsContextGLCVCocoa::copyPixelBufferToTexture): Deleted.

platform/graphics/cv/GraphicsContextGLCVCocoa.h:

Source/WebKit:

Rename functions from pixelBuffer... to videoFrame.
Send new type MediaPlayerVideoFrame instead of CVPixelBuffer.
MediaPlayerVideoFrame contains also the frame orientation.

GPUProcess/graphics/RemoteGraphicsContextGL.cpp:

(WebKit::RemoteGraphicsContextGL::copyTextureFromMedia):

GPUProcess/media/RemoteMediaPlayerProxy.cpp:

(WebKit::RemoteMediaPlayerProxy::invalidate):
(WebKit::RemoteMediaPlayerProxy::videoFrameForCurrentTimeIfChanged):

GPUProcess/media/RemoteMediaPlayerProxy.h:
GPUProcess/media/RemoteMediaPlayerProxy.messages.in:
GPUProcess/media/cocoa/RemoteMediaPlayerProxyCocoa.mm:

(WebKit::RemoteMediaPlayerProxy::pixelBufferForCurrentTimeIfChanged): Deleted.

WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:

(WebKit::MediaPlayerPrivateRemote::videoFrameForCurrentTime):
(WebKit::MediaPlayerPrivateRemote::pixelBufferForCurrentTime): Deleted.

WebProcess/GPU/media/MediaPlayerPrivateRemote.h:
WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm:

(WebKit::MediaPlayerPrivateRemote::pixelBufferForCurrentTime): Deleted.

LayoutTests:

fast/mediastream/getUserMedia-to-canvas.html:
webrtc/routines.js:

Test camera image rotations in the test.

12:34 PM Changeset in webkit [288314] by Jonathan Bedard

5 edits in trunk/Tools

[EWS] Add CheckOutPullRequest step
https://bugs.webkit.org/show_bug.cgi?id=235157
<rdar://problem/87487209 >

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/factories.py:

(Factory.init): Add CheckOutPullRequest step.
(StyleFactory.init): Ditto.
(WatchListFactory.init): Ditto.

Tools/CISupport/ews-build/factories_unittest.py:

(TestExpectedBuildSteps): Add CheckOutPullRequest step.

Tools/CISupport/ews-build/steps.py:

(ApplyPatch.doStepIf): Only run step if a patch is provided.
(ApplyPatch.hideStepIf): Only display step if a patch was provided.
(ApplyPatch.getResultSummary): Add SKIPPED description.
(CheckOutPullRequest):
(CheckOutPullRequest.init):
(CheckOutPullRequest.doStepIf): Only run step if a pull request is provided.
(CheckOutPullRequest.hideStepIf): Only display step if a pul request was provided.
(CheckOutPullRequest.run): Configure new remote, fetch remote and checkout pull request
branch from the newly configured remote.
(CheckOutPullRequest.getResultSummary):

Tools/CISupport/ews-build/steps_unittest.py:

Canonical link: https://commits.webkit.org/246230@main

12:02 PM Changeset in webkit [288313] by Tyler Wilcock

3 edits in trunk/Source/WebCore

AXIsolatedTree::updateChildren childrenIDs and children local variables could get out of sync
https://bugs.webkit.org/show_bug.cgi?id=235384

Reviewed by Andres Gonzalez.

In AXIsolatedTree::updateChildren, we have this:

const auto& axChildren = axAncestor->children();
auto axChildrenIDs = axAncestor->childrenIDs();

Because the current version of AXCoreObject::childrenIDs
always updates the underlying children if necessary, these
two variables could get out of sync if childrenIDs actually
performs an update after we already got children().

This patch changes childrenIDs to have the same interface as
children() by adding a bool updateChildrenIfNecessary parameter,
and using childrenIDs(false) in the above method.

accessibility/AccessibilityObjectInterface.h:

(WebCore::AXCoreObject::childrenIDs):
Add updateChildrenIfNecessary parameter to match AXCoreObject::children(bool).

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::updateChildren):

11:48 AM Changeset in webkit [288312] by Jonathan Bedard

18 edits
1 copy in trunk/Tools

[webkitbugspy] Support automated comments
https://bugs.webkit.org/show_bug.cgi?id=235371
<rdar://problem/87783426>

Reviewed by Dewei Zhu.

Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/init.py: Ditto.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:

(Tracker.user): Add potential credentials to requests.
(Tracker.credentials): Explicitly call credentials from webkitcorepy.
(Tracker._login_arguments): Create login query from credentials.
(Tracker.me): Return user based on credentials.
(Tracker.populate): Add potential credentials to requests.
(Tracker.add_comment): Add comment to bugzilla issue.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py:

(Tracker.me): Return user based on credentials.
(Tracker.add_comment): Add comment to GitHub issue.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py:

(Issue.add_comment): Base class.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/base.py:

(Base.add): We don't want to edit the original list of comments.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/bugzilla.py:

(Bugzilla.init): Add optional Environment mock.
(Bugzilla.enter): Enter Environment mock.
(Bugzilla.exit): Exit Environment mock.
(Bugzilla._user): Use jsonlib instead of json.
(Bugzilla._user_for_credentials): Convert a credential string into
a User object.
(Bugzilla._issue): Use jsonlib instead of json.
(Bugzilla._see_also): Ditto.
(Bugzilla._comments): Ditto.
(Bugzilla._post_comment): Update mock issue database with posted comment.
(Bugzilla.request): Add credentials to each request, handle comment POST request.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/github.py:

(GitHub.init): Add optional Environment mock.
(GitHub.enter): Enter Environment mock.
(GitHub.exit): Exit Environment mock.
(GitHub._post_comment): Update mock issue database with posted comment.
(GitHub.request): Handle comment POST request.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py:

(AppleDirectoryQuery.user_entry_for_attribute_value): Map AppleConnect username
to user.
(RadarModel.CollectionProperty.init): Pass parent model in.
(RadarModel.CollectionProperty.add): Add an element to the collection.
(RadarModel.init): Pass self into CollectionProperty.
(RadarModel.commit_changes): Update mock issue database with issue contents.
(RadarClient.init): Accept authentication_strategy.
(Radar.AuthenticationStrategySystemAccount.init): Save username.
(Radar.AuthenticationStrategySystemAccount.username): Return username.
(Radar.AuthenticationStrategySPNego.username): Assume username from environment.
(Radar.DiagnosisEntry): Moved from RadarModel.DiagnosisEntry.
(Radar.transform_user): Add AppleConnect email.
(Radar.init): Pass authentication_strategy to RadarClient.
(RadarModel.DiagnosisEntry): Moved to Radar.DiagnosisEntry.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py:

(Tracker.user): Support queries by AppleConnect username.
(Tracker.me): Use authentication to determine the logged in user.
(Tracker.add_comment): Add comment to Radar.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py:

(TestBugzilla.test_reference_parse): Use add_comment.
(TestBugzilla.test_me): Added.
(TestBugzilla.test_add_comment): Added.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/github_unittest.py:

(TestGitHub.test_watcher_parse): Use add_comment.
(TestGitHub.test_reference_parse): Ditto.
(TestGitHub.test_me): Added.
(TestGitHub.test_add_comment): Added.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:

(TestRadar): Renamed from TestGitHub.
(TestRadar.test_reference_parse): Use add_comment.
(TestRadar.test_me): Added.
(TestRadar.test_add_comment): Added.
(TestGitHub): Renamed TestRadar.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tracker.py:

(Tracker.me): Added.
(Tracker.add_comment): Added.

Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/mocks/init.py: Export mock environment, bump version.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/mocks/environment.py: Added.

(Environment): Mock os.environ and reset credential cache.

Canonical link: https://commits.webkit.org/246228@main

11:16 AM Changeset in webkit [288311] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r288215 - Null check m_progressTracker in clearProvisionalLoad
https://bugs.webkit.org/show_bug.cgi?id=233063

Patch by Rob Buis <rbuis@igalia.com> on 2022-01-19
Reviewed by Alex Christensen.

Source/WebCore:

Null check m_progressTracker in clearProvisionalLoad.

Test: fast/frames/contentFrame-disconnecting-crash.html

loader/FrameLoader.cpp:

(WebCore::FrameLoader::clearProvisionalLoad):

LayoutTests:

platform/mac/fast/frames/contentFrame-disconnecting-crash-expected.txt: Added.
platform/mac/fast/frames/contentFrame-disconnecting-crash.html: Added.

11:12 AM Changeset in webkit [288310] by commit-queue@webkit.org

2 edits in trunk/Tools

[ iOS15 ] TestWebKitAPI.WebKit.ServerTrust and TestWebKitAPI.WebKit.FastServerTrust tests timing out
https://bugs.webkit.org/show_bug.cgi?id=231320
<rdar://80352256>

Patch by Alex Christensen <achristensen@webkit.org> on 2022-01-20
Reviewed by Chris Dumez.

SecTrustCopyCertificateChain returns a CFArrayRef of SecCertificateRef, not CFData.

TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:

(verifyCertificateAndPublicKey):
(TestWebKitAPI::TEST):

11:12 AM Changeset in webkit [288309] by Ross Kirsling

2 edits in trunk/Source/WebKit

Unreviewed PlayStation / clang-cl build fix following r288298.

clang for Windows (< v10.0.0) cannot destructure a const class.
See also r261572, r254471, r249524, etc.

NetworkProcess/storage/StorageAreaBase.cpp:

(WebKit::StorageAreaBase::notifyListenersAboutClear):
(WebKit::StorageAreaBase::dispatchEvents const):

11:08 AM Changeset in webkit [288308] by Adrian Perez de Castro

4 edits
3 adds in releases/WebKitGTK/webkit-2.34

Merge r288052 - null ptr deref in WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor()
https://bugs.webkit.org/show_bug.cgi?id=233463

Patch by Frederic Wang <fwang@igalia.com> on 2022-01-14
Reviewed by Wenson Hsieh.

Source/WebCore:

One line of ReplaceSelectionCommand::moveNodeOutOfAncestor() assumes that the pointer
ancestor.parentNode() is non-null. However, the call to removeNode(node) just before can
lead to arbitrary tree mutations that leaves the ancestor orphan, causing a nullptr deref.
This patch mitigates that issue by exiting early if that situation happens.

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor): Exit early if the ancestor
is no longer connected.

LayoutTests:

Add non-regression test.

editing/execCommand/paste-as-quotation-disconnected-paragraph-ancestor-crash-expected.txt: Added.
editing/execCommand/paste-as-quotation-disconnected-paragraph-ancestor-crash.html: Added.
editing/execCommand/resources/paste-as-quotation-disconnected-paragraph-ancestor-crash-iframe.html: Added.
platform/win/TestExpectations: Skip test on windows, as the test seems to shift expectations with text output

of other execCommand tests.

10:43 AM Changeset in webkit [288307] by Alexey Shvayka

60 edits
34 adds
2 deletes in trunk

Callback functions / interfaces should use global object of its _value_ for errors and lifecycle
https://bugs.webkit.org/show_bug.cgi?id=232387

Reviewed by Geoff Garen.

LayoutTests/imported/w3c:

Import WPT tests from https://github.com/web-platform-tests/wpt/pull/32449.

The remaining failures are due to unrelated spec compat issue with calling cross-realm ProxyObject / JSBoundFunction.

web-platform-tests/dom/events/EventListener-handleEvent-cross-realm-expected.txt: Added.
web-platform-tests/dom/events/EventListener-handleEvent-cross-realm.html: Added.
web-platform-tests/dom/events/resources/empty-document.html: Added.
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-expected.txt:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context-expected.txt:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html:
web-platform-tests/dom/traversal/support/TreeWalker-acceptNode-filter-cross-realm-subframe.html: Removed.
web-platform-tests/dom/traversal/support/empty-document.html: Added.
web-platform-tests/domxpath/resolver-callback-interface-cross-realm-expected.txt: Added.
web-platform-tests/domxpath/resolver-callback-interface-cross-realm.html: Added.
web-platform-tests/domxpath/resources: Added.
web-platform-tests/domxpath/resources/empty-document.html: Added.
web-platform-tests/domxpath/resources/invalid_namespace_test.js: Added.

Source/WebCore:

This is a re-land of r288197 with an IntersectionObserver fixed to rely on its
associated document rather than m_callback's context for time origin as per spec [3].

Before this change, _relevant_ global object was used a) to throw errors in when
invoking callback function / interface, which isn't correct [1], and b) to call
canInvokeCallback() on (lifecycle), which doesn't match other browsers and not
quite useful: _relevant_ event loop stops if document is detached.

This patch:

Removes [SkipCallbackInvokeCheck] extended attribute, while ensuring DOM traversal doesn't crash, which aligns WebKit with other browsers.

Invokes canInvokeCallback() on the global object of _value_, which matches

Gecko but not Blink, which uses _incumbent_ realm to determine if callback
can still be invoked (doesn't make much sense to me).

Throws callback invocation errors (e.g. non-callable method, revoked Proxy) in the global object of _value_, which matches the spec [1] and Blink, but not Gecko, which uses _current_ realm (of the method that was passed callback's _value_) to throw TypeErrors in.

That doesn't make much sense to me either: "registering" a callback and invoking
it could happen in different realms.

The spec on this is worded quite trickily (yet I think I've figured it out):
ECMA's "throw a TypeError exception" uses "running execution context" [2]
to create an object in, which is switched to the realm of _value_ per [1].

AudioWorklet changes are unobservable as worklets can't acquire a cross-realm method.
It's also nicer not to pass JSCallbackDataStrong around.

This patch fixes only JSCallbackData-based callback interfaces / functions, and not
the JSEventListener, which would also benefit from a similar change.

[1] https://webidl.spec.whatwg.org/#ref-for-prepare-to-run-script
[2] https://tc39.es/ecma262/#sec-ecmascript-function-objects-call-thisargument-argumentslist (step 4)
[3] https://w3c.github.io/IntersectionObserver/#dom-intersectionobserverentry-time

Tests: fast/dom/callback-function-detached-frame-intersection-observer.html

fast/dom/callback-function-detached-frame-mutation-observer.html
fast/dom/callback-function-detached-frame-performance-observer.html
fast/dom/callback-function-detached-frame-raf.html
fast/dom/callback-function-detached-frame-resize-observer.html
fast/dom/callback-function-detached-frame-to-blob.html
fast/dom/callback-interface-detached-frame-node-filter.html
fast/dom/callback-interface-detached-frame-xpathnsresolver.html
imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html
imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html
imported/w3c/web-platform-tests/dom/events/EventListener-handleEvent-cross-realm.html
imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.html
imported/w3c/web-platform-tests/intersection-observer/timestamp.html

Modules/webaudio/AudioWorkletGlobalScope.cpp:

(WebCore::AudioWorkletGlobalScope::registerProcessor):
(WebCore::AudioWorkletGlobalScope::createProcessor):

Modules/webaudio/AudioWorkletProcessor.cpp:

(WebCore::AudioWorkletProcessor::create):
(WebCore::AudioWorkletProcessor::AudioWorkletProcessor):
(WebCore::AudioWorkletProcessor::process):
(WebCore::AudioWorkletProcessor::setProcessCallback):

Modules/webaudio/AudioWorkletProcessor.h:

(WebCore::AudioWorkletProcessor::processCallbackWrapper):

bindings/js/JSAudioWorkletProcessorCustom.cpp:

(WebCore::JSAudioWorkletProcessor::visitAdditionalChildren):

bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackData::invokeCallback):

bindings/js/JSCallbackData.h:

(WebCore::JSCallbackData::~JSCallbackData):
(WebCore::JSCallbackDataStrong::JSCallbackDataStrong):
(WebCore::JSCallbackDataStrong::invokeCallback):
(WebCore::JSCallbackDataWeak::JSCallbackDataWeak):
(WebCore::JSCallbackDataWeak::invokeCallback):
(WebCore::JSCallbackData::globalObject): Deleted.
(WebCore::JSCallbackData::JSCallbackData): Deleted.

bindings/js/JSDOMConvertCallbacks.h:

(WebCore::Converter<IDLCallbackFunction<T>>::convert):
(WebCore::Converter<IDLCallbackInterface<T>>::convert):

bindings/js/JSDOMConvertXPathNSResolver.h:

(WebCore::Converter<IDLInterface<XPathNSResolver>>::convert):

bindings/js/JSDOMGlobalObject.cpp:

(WebCore::JSC_DEFINE_HOST_FUNCTION):

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowInstanceFunction_openDatabaseBody):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackHeaderContent):
(GenerateCallbackImplementationContent):
(JSValueToNativeDOMConvertNeedsGlobalObject):

bindings/scripts/IDLAttributes.json:
bindings/scripts/test/JS/*: Updated.
bindings/scripts/test/TestCallbackInterface.idl:
dom/NodeFilter.idl:
dom/Traversal.cpp:

(WebCore::NodeIteratorBase::acceptNode):

page/IntersectionObserver.h:
page/IntersectionObserver.cpp:

(WebCore::IntersectionObserver::nowTimestamp const):

workers/WorkerOrWorkletGlobalScope.h:
worklets/PaintWorkletGlobalScope.cpp:

(WebCore::PaintWorkletGlobalScope::registerPaint):

xml/CustomXPathNSResolver.idl:

LayoutTests:

fast/dom/Geolocation/callback-to-deleted-context-expected.txt:
fast/dom/Geolocation/callback-to-deleted-context.html:
fast/dom/Geolocation/resources/callback-to-deleted-context-inner1.html:

Aligns test assertions with behavior of Blink and Gecko.

fast/dom/Geolocation/disconnected-frame-expected.txt:
fast/dom/Geolocation/disconnected-frame-permission-denied-expected.txt:
fast/dom/Geolocation/disconnected-frame-permission-denied.html:
fast/dom/Geolocation/disconnected-frame.html:

Aligns tests assertions with their initial descriptions.
While other browsers don't call error callback for a disconnected frame,
it seems like a useful thing to do.

fast/events/detached-svg-parent-window-events-expected.txt:
fast/events/detached-svg-parent-window-events.html:

Aligns test assertion with other browsers.
There is no reason why eval() wouldn't throw an error given the <iframe> is connected.

fast/frames/resources/wrong-global-object.html: Removed.
fast/frames/frame-window-as-callback-expected.txt:
fast/frames/frame-window-as-callback.html:

Aligns test assertions with the spec and Blink / Gecko.

fast/dom/callback-function-detached-frame-intersection-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-intersection-observer.html: Added.
fast/dom/callback-function-detached-frame-mutation-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-mutation-observer.html: Added.
fast/dom/callback-function-detached-frame-performance-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-performance-observer.html: Added.
fast/dom/callback-function-detached-frame-raf-expected.txt: Added.
fast/dom/callback-function-detached-frame-raf.html: Added.
fast/dom/callback-function-detached-frame-resize-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-resize-observer.html: Added.
fast/dom/callback-function-detached-frame-to-blob-expected.txt: Added.
fast/dom/callback-function-detached-frame-to-blob.html: Added.
fast/dom/callback-interface-detached-frame-node-filter-expected.txt: Added.
fast/dom/callback-interface-detached-frame-node-filter.html: Added.
fast/dom/callback-interface-detached-frame-xpathnsresolver-expected.txt: Added.
fast/dom/callback-interface-detached-frame-xpathnsresolver.html: Added.
fast/dom/resources/callback-function-detached-frame-common.js: Added.
fast/dom/resources/callback-function-detached-frame-intersection-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-mutation-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-performance-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-raf-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-resize-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-to-blob-iframe.html: Added.
fast/dom/resources/callback-interface-detached-frame-node-filter-iframe.html: Added.
fast/dom/resources/callback-interface-detached-frame-xpathnsresolver-iframe.html: Added.

platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

IntersectionObserver / ResizeObserver are not enabled on these platforms.

10:26 AM Changeset in webkit [288306] by jonlee@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening of GPU Process bots

gpu-process/TestExpectations:

10:18 AM Changeset in webkit [288305] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[JSC] Add section directive in MacroAssemblerX86Common asm blocks
https://bugs.webkit.org/show_bug.cgi?id=235406

Patch by Joseph Griego <jgriego@igalia.com> on 2022-01-20
Reviewed by Yusuke Suzuki.

assembler/MacroAssemblerX86Common.cpp:

10:14 AM Changeset in webkit [288304] by Antti Koivisto

3 edits
3 adds in trunk

[:has() pseudo-class] Ignore :visited inside :has()
https://bugs.webkit.org/show_bug.cgi?id=235404

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

web-platform-tests/css/selectors/has-visited-expected.html: Added.
web-platform-tests/css/selectors/has-visited-ref.html: Added.
web-platform-tests/css/selectors/has-visited.html: Added.

Source/WebCore:

Tests: imported/w3c/web-platform-tests/css/selectors/has-visited.html

css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchHasPseudoClass const):

Make this more similar to :is/:not():
Use the current SelectorChecker with a different context rather than a nested SelectorChecker.
Use matchRecursively.
Setup the functional pseudo-class bits for the context.

10:09 AM Changeset in webkit [288303] by Antti Koivisto

3 edits
2 adds in trunk

[:has pseudo-class] Support :has(:not(foo))
https://bugs.webkit.org/show_bug.cgi?id=235399

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

web-platform-tests/css/selectors/invalidation/has-with-not-expected.txt: Added.
web-platform-tests/css/selectors/invalidation/has-with-not.html: Added.

Source/WebCore:

This already works except for a filter bug.

Test: imported/w3c/web-platform-tests/css/selectors/invalidation/has-with-not.html

style/HasSelectorFilter.h:

(WebCore::Style::HasSelectorFilter::reject const):

We shouldn't reject a selector if we have a null key.

10:06 AM Changeset in webkit [288302] by youenn@apple.com

2 edits in trunk/Source/WebCore

Reconfiguring the CoreAudioSharedUnit should take into account that there is a speaker sample producer
https://bugs.webkit.org/show_bug.cgi?id=235397

Reviewed by Eric Carlson.

Manually tested.

platform/mediastream/mac/CoreAudioCaptureSource.cpp:

When using VPIO to render speaker samples, we might have to reconfigure the VPIO unit to take into account the speaker format.
In that case, we might have a speaker sample producer and we should not stop the audio unit if getting samples from the producer at the same time.
To prevent this, we set the producer temporarily, stop the audio unit, then set back the producer.

9:55 AM Changeset in webkit [288301] by Russell Epstein

1 copy in tags/Safari-613.1.14.11.1

Tag Safari-613.1.14.11.1.

9:53 AM Changeset in webkit [288300] by Russell Epstein

2 edits in branches/safari-613.1.14.11-branch/Source/WebKit

Cherry-pick r288293. rdar://problem/87777915

Prevent empty folders being created during install builds
rdar://87777915

Patch by Elliott Williams <Elliott Williams> on 2022-01-20
Reviewed by Brady Eidson.

The "Copy Daemon Plists" script phase has output files which aren't always written to. Since
Xcode mkdir-p's these output directories, it ends up creating an empty directory under some
circumstances. Fix by removing these declared outputs: since this script is install-only
and executes quickly, it's not really a problem to have it run redundantly.

Once we use XCBuild everywhere, it can be rewritten as a Copy Files phase.

WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9:27 AM Changeset in webkit [288299] by Russell Epstein

9 edits in branches/safari-613.1.14.11-branch/Source

Versioning.

WebKit-7613.1.14.11.1

9:24 AM Changeset in webkit [288298] by sihui_liu@apple.com

27 edits
1 copy in trunk/Source

Make LocalStorage prewarming async
https://bugs.webkit.org/show_bug.cgi?id=235236

Reviewed by Chris Dumez.

Source/WebCore:

page/DOMWindow.cpp:

(WebCore::DOMWindow::prewarmLocalStorageIfNecessary):

page/Frame.cpp:

(WebCore::Frame::didPrewarmLocalStorage): Deleted.
(WebCore::Frame::mayPrewarmLocalStorage const): Deleted.

page/Frame.h:
storage/StorageArea.h:

(WebCore::StorageArea::prewarm):

storage/StorageType.h:

Source/WebKit:

StorageAreaMap in web process needs to sync with a remote StorageArea in network process before it performs any
Web Storage operation. To connect to remote StorageArea, StorageAreaMap currently sends out two sync messages:

ConnectTo*StorageArea: for getting the remote StorageAreaIdentifier
getValues: for getting the content of StorageArea

We can merge these two messages into one message: ConnectToStorageAreaSync, and return both remote
StorageAreaIdentifier and content in its reply. This way, web process will not be blocked twice.

To reduce the wait time for connecting to a local StorageArea, we would prewarm LocalStorage by creating its
StorageAreaMap ahead and making it connected (r247555), but we don't actually need StorageAreaMap to be ready
for operation at this time. Therefore, a new async message ConnectToStorageArea is added to be used for
prewarming.

If LocalStorage is used immediately after prewarming, a StorageAreaMap may send ConnectToStorageAreaSync before
receiving the reply of ConnectToStorageArea. In this case, StorageAreaMap would handle ConnectToStorageAreaSync
reply before ConnectToStorageArea reply (due to the priority of sync message), and also before other async
messages (DispatchStorageEvent / ClearCache) that are sent from network process earlier before the sync reply.
To solve this, we use a message identifier to indicate the order of messages sent from network process, so
StorageAreaMap can ignore previous messages when it is already synced with a more recent version of StorageArea.

NetworkProcess/WebStorage/StorageArea.cpp:

(WebKit::StorageArea::clear):
(WebKit::StorageArea::dispatchEvents const):

NetworkProcess/storage/LocalStorageManager.cpp:

(WebKit::LocalStorageManager::connectToLocalStorageArea):
(WebKit::LocalStorageManager::connectToTransientLocalStorageArea):

NetworkProcess/storage/LocalStorageManager.h:
NetworkProcess/storage/NetworkStorageManager.cpp:

(WebKit::NetworkStorageManager::connectToStorageArea):
(WebKit::NetworkStorageManager::connectToStorageAreaSync):
(WebKit::NetworkStorageManager::connectToLocalStorageArea): Deleted.
(WebKit::NetworkStorageManager::connectToTransientLocalStorageArea): Deleted.
(WebKit::NetworkStorageManager::connectToSessionStorageArea): Deleted.
(WebKit::NetworkStorageManager::getValues): Deleted.

NetworkProcess/storage/NetworkStorageManager.h:
NetworkProcess/storage/NetworkStorageManager.messages.in:
NetworkProcess/storage/SessionStorageManager.cpp:

(WebKit::SessionStorageManager::connectToSessionStorageArea):

NetworkProcess/storage/SessionStorageManager.h:
NetworkProcess/storage/StorageAreaBase.cpp:

(WebKit::StorageAreaBase::nextMessageIdentifier):
(WebKit::StorageAreaBase::StorageAreaBase):
(WebKit::StorageAreaBase::addListener):
(WebKit::StorageAreaBase::notifyListenersAboutClear):
(WebKit::StorageAreaBase::dispatchEvents const):

NetworkProcess/storage/StorageAreaBase.h:
Scripts/webkit/messages.py:

(types_that_cannot_be_forward_declared):
(headers_for_type):

WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::didReceiveMessage):

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::networkProcessConnectionClosed):
(WebKit::WebProcess::registerStorageAreaMap):
(WebKit::WebProcess::unregisterStorageAreaMap):
(WebKit::WebProcess::storageAreaMap const):

WebProcess/WebProcess.h:
WebProcess/WebStorage/StorageAreaImpl.cpp:

(WebKit::StorageAreaImpl::prewarm):
(WebKit::StorageAreaImpl::incrementAccessCount): Deleted.
(WebKit::StorageAreaImpl::decrementAccessCount): Deleted.
(WebKit::StorageAreaImpl::closeDatabaseIfIdle): Deleted.

WebProcess/WebStorage/StorageAreaImpl.h:
WebProcess/WebStorage/StorageAreaMap.cpp:

(WebKit::StorageAreaMap::StorageAreaMap):
(WebKit::StorageAreaMap::~StorageAreaMap):
(WebKit::StorageAreaMap::setItem):
(WebKit::StorageAreaMap::removeItem):
(WebKit::StorageAreaMap::clear):
(WebKit::StorageAreaMap::ensureMap):
(WebKit::StorageAreaMap::dispatchStorageEvent):
(WebKit::StorageAreaMap::clearCache):
(WebKit::StorageAreaMap::sendConnectMessage):
(WebKit::StorageAreaMap::connectSync):
(WebKit::StorageAreaMap::connect):
(WebKit::StorageAreaMap::didConnect):
(WebKit::StorageAreaMap::disconnect):

WebProcess/WebStorage/StorageAreaMap.h:
WebProcess/WebStorage/StorageAreaMap.messages.in:
WebProcess/WebStorage/StorageAreaMapIdentifier.h: Added.

9:16 AM Changeset in webkit [288297] by Russell Epstein

1 copy in branches/safari-613.1.14.11-branch

New branch.

9:04 AM Changeset in webkit [288296] by youenn@apple.com

5 edits in trunk/Source/WebKit

Disable fallback path to WebRTC platform sockets
https://bugs.webkit.org/show_bug.cgi?id=235402

Reviewed by Eric Carlson.

We should not fallback to the legacy WebRTC socket code path in Cocoa ports.
Instead, if we cannot create the corresponding sockets (in case of ssltcp candidates for instance),
we mark the socket as closed.
Minor refactoring to show that NetworkRTCUDPSocketCocoa code path should always be successful.

Manually tested on meet.google.com which can make use of ssltcp candidates.

NetworkProcess/webrtc/NetworkRTCProvider.cpp:
NetworkProcess/webrtc/NetworkRTCProvider.h:
NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:

8:59 AM Changeset in webkit [288295] by Russell Epstein

1 copy in tags/Safari-613.1.12.1.12

Tag Safari-613.1.12.1.12.

8:48 AM Changeset in webkit [288294] by Russell Epstein

9 edits in branches/safari-613.1.12.1-branch/Source

Versioning.

WebKit-7613.1.12.1.12

8:37 AM Changeset in webkit [288293] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

Prevent empty folders being created during install builds
rdar://87777915

Patch by Elliott Williams <Elliott Williams> on 2022-01-20
Reviewed by Brady Eidson.

The "Copy Daemon Plists" script phase has output files which aren't always written to. Since
Xcode mkdir-p's these output directories, it ends up creating an empty directory under some
circumstances. Fix by removing these declared outputs: since this script is install-only
and executes quickly, it's not really a problem to have it run redundantly.

Once we use XCBuild everywhere, it can be rewritten as a Copy Files phase.

WebKit.xcodeproj/project.pbxproj:

8:01 AM Changeset in webkit [288292] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r287867 - null ptr deref in WebCore::LayoutIntegration::LineLayout::collectOverflow()
https://bugs.webkit.org/show_bug.cgi?id=234654
<rdar://problem/86571571>

Reviewed by Antti Koivisto.

Source/WebCore:

needsLayout() check in invalidateLineLayoutPath is insufficient for modern line layout.

m_lineLayout = std::monostate() does not only destroy the line layout object but it also nukes all the IFC geometries.
It is equivalent to having all the child boxes dirty, since in order to re-generate the geometry information,
we have to layout _all_ the boxes (note that nuking the legacy line layout object does not destroy the inline tree).
The bug here is that needsLayout() returns true for cases (e.g. posChildNeedsLayout) when
while the geometry is all gone, we are going to take a special layout codepath which expects pre-computed geometries.

Test: fast/block/line-layout/line-layout-collect-overflow-crash.html

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::invalidateLineLayoutPath):

LayoutTests:

fast/block/line-layout/line-layout-collect-overflow-crash-expected.txt: Added.
fast/block/line-layout/line-layout-collect-overflow-crash.html: Added.

7:58 AM Changeset in webkit [288291] by Alan Bujtas

7 edits in trunk/Source/WebCore

Address post-landing review comments from Darin.

Reviewed by Antti Koivisto and Darin Adler.

css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator UnicodeBidi const):

layout/formattingContexts/inline/InlineItemsBuilder.cpp:

(WebCore::Layout::handleEnterExitBidiContext):
(WebCore::Layout::buildBidiParagraph):
(WebCore::Layout::InlineItemsBuilder::handleInlineBoxStart):
(WebCore::Layout::InlineItemsBuilder::handleInlineBoxEnd):

rendering/LegacyInlineIterator.h:

(WebCore::notifyObserverEnteredObject):
(WebCore::notifyObserverWillExitObject):

rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::adjustInnerStyle):

rendering/style/RenderStyle.h:

(WebCore::RenderStyle::initialUnicodeBidi):

7:55 AM Changeset in webkit [288290] by Adrian Perez de Castro

4 edits
7 adds in releases/WebKitGTK/webkit-2.34

Merge r287812 - null ptr deref in WebCore::ModifySelectionListLevelCommand::appendSiblingNodeRange
https://bugs.webkit.org/show_bug.cgi?id=234862

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2022-01-08
Reviewed by Darin Adler.

Source/WebCore:

ModifySelectionListLevelCommand::appendSiblingNodeRange loops through nodes assuming
existence of siblings, which is not guaranteed, and can result in nullptr deref. Instead,
check for node existence as part of loop condition, and change raw pointer usage to RefPtr.

This addresses the crash but results in ASSERT(isEndOfParagraph(endOfParagraphToMove))
failing in CompositeEditCommand::moveParagraph. We modify WebCore::findEndOfParagraph
to check for HTMLBRElement nodes to avoid unexpectedly changing the AnchorType.

Test: http/tests/lists/list-new-parent-no-sibling-append.html

editing/ModifySelectionListLevel.cpp:

(WebCore::ModifySelectionListLevelCommand::insertSiblingNodeRangeBefore):
(WebCore::ModifySelectionListLevelCommand::insertSiblingNodeRangeAfter):
(WebCore::ModifySelectionListLevelCommand::appendSiblingNodeRange):

editing/VisibleUnits.cpp:

(WebCore::findEndOfParagraph):

LayoutTests:

http/tests/lists/list-new-parent-no-sibling-append-expected.txt: Added.
http/tests/lists/list-new-parent-no-sibling-append.html: Added.
platform/gtk/http/tests/lists/list-new-parent-no-sibling-append-expected.txt: Added.
platform/win/http/tests/lists/list-new-parent-no-sibling-append-expected.txt: Added.

7:49 AM Changeset in webkit [288289] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r287667 - [ Monterey Debug arm64 ] ASSERTION FAILED: result == &worker ./workers/service/server/SWServer.cpp(837) : void WebCore::SWServer::workerContextTerminated(WebCore::SWServerWorker &)
https://bugs.webkit.org/show_bug.cgi?id=233219
<rdar://problem/85478756>

Reviewed by Darin Adler.

The crash would occur when we get notified by the service worker process that a given service worker
was terminated right after we've determined that we no longer needed a given service worker process
and called markAllWorkersForRegistrableDomainAsTerminated(). This race would cause
SWServer::workerContextTerminated() to get called twice for the same worker. During the second call,
we would retrieve a null worker from the HashMap and hit the assertion. I updated the call to ignore
the call to workerContextTerminated() if the worker was already removed from the HashMap and added
an assertion to make sure we've already marked the service worker as "not running" in this case.

No new tests, covered by existing API test that is flakily crashing in debug.

workers/service/server/SWServer.cpp:

(WebCore::SWServer::workerContextTerminated):

7:46 AM Changeset in webkit [288288] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r287428 - Simplify test for startOfLastParagraph in InsertListCommand::doApply
https://bugs.webkit.org/show_bug.cgi?id=234600

Patch by Frederic Wang <fwang@igalia.com> on 2021-12-24
Reviewed by Darin Adler.

Current test is !startOfLastParagraph.deepEquivalent().anchorNode()->isConnected(). It could
be replaced with the less verbose startOfLastParagraph.isOrphan() which is equivalent to
startOfLastParagraph.deepEquivalent().isOrphan() and so to the condition
startOfLastParagraph.deepEquivalent().anchorNode() &&
!startOfLastParagraph.deepEquivalent().anchorNode()->isConnected(). A difference can only
happen for a page where anchorNode() is a null pointer. In such a test case exists, then it
is already crashing with a null ptr deref anyway.

No new tests, behavior essentially unchanged.

editing/InsertListCommand.cpp:

(WebCore::InsertListCommand::doApply): Use startOfLastParagraph.isOrphan().

7:41 AM Changeset in webkit [288287] by Adrian Perez de Castro

3 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r287410 - [GStreamer] MediaPlayerPrivateGStreamer mishandles failure to create WebKitTextCombiner
https://bugs.webkit.org/show_bug.cgi?id=233230

Patch by Philippe Normand <pnormand@igalia.com> on 2021-12-23
Reviewed by Michael Catanzaro.

Gracefully fail when the subenc plugin is not available. It is optional, we should not
assert or crash if it's not found. Two warnings are logged already when it's not found.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

7:39 AM Changeset in webkit [288286] by Adrian Perez de Castro

2 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r287354 - null ptr deref in DocumentTimeline::animate
https://bugs.webkit.org/show_bug.cgi?id=234260

Patch by Frédéric Wang <fwang@igalia.com> on 2021-12-22
Reviewed by Darin Adler.

Source/WebCore:

Test: webanimations/document-timeline-animate-crash.html

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::animate): If the WeakPtr m_document was destroyed, throw a
TypeError exception so that the call to WebAnimation::create won't cause a null ptr deref.

LayoutTests:

Add non-regression test.

webanimations/document-timeline-animate-crash-expected.txt: Added.
webanimations/document-timeline-animate-crash.html: Added.

7:39 AM Changeset in webkit [288285] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r287194 - null ptr deref in WebCore::findPlaceForCounter
https://bugs.webkit.org/show_bug.cgi?id=234375

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-12-17
Reviewed by Alan Bujtas.

Source/WebCore:

Test: fast/css/counters/findPlaceForCounter-parent-renderer-crash.html

When the current renderer's element is an HTML document and root of the tree, parentOrPseudoHostElement can return a nullptr,
so we need to check for nullptr before trying to access the renderer() of the Element pointer it returns.

rendering/RenderCounter.cpp:

(WebCore::findPlaceForCounter):

LayoutTests:

fast/css/counters/findPlaceForCounter-parent-renderer-crash-expected.txt: Added.
fast/css/counters/findPlaceForCounter-parent-renderer-crash.html: Added.

6:55 AM Changeset in webkit [288284] by don.olmstead@sony.com

2 edits in trunk

[WinCairo] Make USE_CF conditional on ENABLE_WEBKIT_LEGACY
https://bugs.webkit.org/show_bug.cgi?id=235393

Reviewed by Fujii Hironori.

CoreFoundation is used heavily in WebKitLegacy on Windows and won't compile without it.
Modern WebKit doesn't have this requirement so tie CoreFoundation usage to whether
WebKitLegacy is being used.

Source/cmake/OptionsWinCairo.cmake:

6:13 AM Changeset in webkit [288283] by Adrian Perez de Castro

7 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r287131 - Mark range boundary point containers
https://bugs.webkit.org/show_bug.cgi?id=233462

Patch by Rob Buis <rbuis@igalia.com> on 2021-12-16
Reviewed by Darin Adler.

Source/WebCore:

Mark range boundary point containers as unreachable for gc.

Test: fast/dom/Range/delete-contents-crash.html

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
bindings/js/JSRangeCustom.cpp: Added.

(WebCore::JSRange::visitAdditionalChildren):

dom/Range.cpp:

(WebCore::Range::visitNodesConcurrently const):

dom/Range.h:
dom/Range.idl:

LayoutTests:

fast/dom/Range/delete-contents-crash-expected.txt: Added.
fast/dom/Range/delete-contents-crash.html: Added.

5:53 AM Changeset in webkit [288282] by Adrian Perez de Castro

4 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r287118 - null ptr deref in WebCore::ApplyStyleCommand::applyRelativeFontStyleChange
https://bugs.webkit.org/show_bug.cgi?id=234312

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-12-15
Reviewed by Chris Dumez.

Source/WebCore:

In some situations calling ApplyStyleCommand::nodeFullySelected forces layout in a
way that disconnects the element. In this situation, we now break out of iteration.

We also add an isOrphan() check in ApplyStyleCommand::applyInlineStyle given
the possibility of this scenario.

Test: fast/editing/apply-relative-font-style-change-crash-004.html

editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
(WebCore::ApplyStyleCommand::applyInlineStyle):

LayoutTests:

TestExpectations:
fast/editing/apply-relative-font-style-change-crash-004-expected.txt: Added.
fast/editing/apply-relative-font-style-change-crash-004.html: Added.

5:53 AM Changeset in webkit [288281] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r287017 - Null pointer crash in FetchResponse::clone
https://bugs.webkit.org/show_bug.cgi?id=234236
<rdar://86327601>

Reviewed by Alex Christensen.

From the log, we are most probably getting a null globalObject from a ScriptExecutionContext in FetchResponse::clone.
This may happen in case the document is navigated away but we still execute some code for it.
Add a null check to ensure we do not crash.

Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::clone):

5:35 AM Changeset in webkit [288280] by Adrian Perez de Castro

4 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r286866 - nullptr deref in ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatLeft>::updateOffsetIfNeeded
https://bugs.webkit.org/show_bug.cgi?id=234018

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-12-10
Reviewed by Alan Bujtas.

Source/WebCore:

Test: fast/rendering/floating-object-renderer-crash.html

When destroying a given renderer, we first remove floats and out-of-flow positioned objects
from their containing block before detaching the renderer from the tree. We do this by obtaining
the renderer’s outermost block containing a floating object and recursively marking all siblings
and descendants for layout.

The criteria for continuing down the list of children require the current block to contain floats
or be able to shrink to avoid floats. However, we can have a scenario where the current child block
doesn’t have a float, but one of its descendants does. In this case, although we should continue to
that descendant and remove the float, we do not.

The proposal in this patch will instead check whether the child block contains a float, or any of its descendants do.
If so we should continue traversing towards that descendant.

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::subtreeContainsFloat const):
(WebCore::RenderBlockFlow::subtreeContainsFloats const):
(WebCore::RenderBlockFlow::markAllDescendantsWithFloatsForLayout):

rendering/RenderBlockFlow.h:

LayoutTests:

fast/rendering/floating-object-renderer-crash-expected.txt: Added.
fast/rendering/floating-object-renderer-crash.html: Added.

4:54 AM Changeset in webkit [288279] by Adrian Perez de Castro

4 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r286827 - Stack-overflow crash in WebCore::RenderBox::computeLogicalHeight()
https://bugs.webkit.org/show_bug.cgi?id=233460

Reviewed by Sergio Villar Senin and Darin Adler.

Source/WebCore:

Like flexibleBox item, deprecatedFlexibleBox item should call clearOverridingContentSize if
it is positioned. Otherwise, RenderReplaced::computeAspectRatioInformationForRenderBox might call
itself recursively.

Test: fast/css/deprecated-flex-box-with-min-content-crashes.html

rendering/RenderBox.cpp:

(WebCore::RenderBox::styleDidChange):

rendering/style/RenderStyle.h:

(WebCore::RenderStyle::isDisplayFlexibleOrGridBoxIncludingDeprecated const):
(WebCore::RenderStyle::isDisplayDeprecatedFlexibleBox):

LayoutTests:

fast/css/deprecated-flex-box-with-min-content-crashes-expected.txt: Added.
fast/css/deprecated-flex-box-with-min-content-crashes.html: Added.

4:37 AM Changeset in webkit [288278] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r286553 - Null check in shouldUseBreakElement
https://bugs.webkit.org/show_bug.cgi?id=229275

Patch by Rob Buis <rbuis@igalia.com> on 2021-12-06
Reviewed by Ryosuke Niwa.

Source/WebCore:

Need to null check node in shouldUseBreakElement.
Also bail out early in InsertLineBreakCommand::doApply
in case position is not editable.

Test: editing/execCommand/insert-line-break-crash.html

editing/InsertLineBreakCommand.cpp:

(WebCore::InsertLineBreakCommand::shouldUseBreakElement):
(WebCore::InsertLineBreakCommand::doApply):

LayoutTests:

editing/execCommand/insert-line-break-crash-expected.txt: Added.
editing/execCommand/insert-line-break-crash.html: Added.

4:37 AM Changeset in webkit [288277] by Adrian Perez de Castro

4 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r286531 - Fix parentNode in CompositeEditCommand::splitTreeToNode
https://bugs.webkit.org/show_bug.cgi?id=230710

Patch by Rob Buis <rbuis@igalia.com> on 2021-12-04
Reviewed by Ryosuke Niwa.

Source/WebCore:

Fix parentNode handling in CompositeEditCommand::splitTreeToNode and
also a few more IndentOutdentCommand methods to support the test case.

Test: editing/execCommand/outdent-cut-crash.html

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::moveParagraphs):

editing/IndentOutdentCommand.cpp:

(WebCore::IndentOutdentCommand::indentIntoBlockquote): do not call positionInParentAfterNode
if insertNodeBefore failed.
(WebCore::IndentOutdentCommand::outdentParagraph): need to check for null positions
before calling moveParagraphs.

LayoutTests:

editing/execCommand/outdent-cut-crash-expected.txt: Added.
editing/execCommand/outdent-cut-crash.html: Added.

2:00 AM Changeset in webkit [288276] by Angelos Oikonomopoulos

2 edits in trunk/Tools

[JSC] Further unification in run-jsc-stress-tests
https://bugs.webkit.org/show_bug.cgi?id=234343

Reviewed by Jonathan Bedard.

Extend defaultRunCfg to be able to omit a subset of the test
modes and change defaultNoNoLLIntRun, defaultNoEagerRun and
defaultNoSamplingProfilerRun to call into it.

When defaultNoNoLLIntRun was added in https://commits.webkit.org/176404@main,
it was a verbatim copy of defaultRun, except for the NoLLInt test
modes. It hasn't diverged further, so after this patch, the set of
tests executed remains the same.

When defaultNoEagerRun was added in https://commits.webkit.org/150033@main,
it was intended to be the same as defaultRun, minus the eager modes. It
hasn't been kept in sync, so this change results in few more testing modes for
the tests explicitly using defaultNoEagerRun.

defaultNoSamplingProfilerRun was ignoring quick mode and was dropping
runFTLNoCJITValidate when added in https://commits.webkit.org/171769@main.
This patch enables more test modes for the handful of tests that use
defaultNoSamplingProfilerRun.

Scripts/run-jsc-stress-tests:

12:36 AM Changeset in webkit [288275] by youenn@apple.com

3 edits in trunk/Source/WebCore

AVAudioSessionCaptureDeviceManager is not always computing the right default input device
https://bugs.webkit.org/show_bug.cgi?id=235362
<rdar://87707090>

Reviewed by Eric Carlson.

Sometimes the defaultInput is not available, in which case it is good to resort to the previous default device if available.
This fix prevents the following case to happen:

We start rendering WebRTC audio on some output, say AirPods
We start capturing microphone, but the default microphone is not the AirPods one (while it probably should, this is not always the case).
We migrate audio rendering to VPIO which will output audio to the same device as the input microphone if feasible (typically builtin speaker).
Audio is now flowing on builtin speaker instead of AirPods.

Manually tested.

platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.h:
platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:

12:31 AM Changeset in webkit [288274] by Adrian Perez de Castro

5 edits
1 delete in releases/WebKitGTK/webkit-2.34

Merge r288219 - [ResourceTiming] nextHopProtocol is exposed regardless of Timing-Allow-Origin
https://bugs.webkit.org/show_bug.cgi?id=235294

Patch by Alex Christensen <achristensen@webkit.org> on 2022-01-19
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt:

Source/WebCore:

Covered by an existing WPT test that starts passing.
This was recently fixed in Chromium in https://chromium-review.googlesource.com/c/chromium/src/+/3354335

page/PerformanceResourceTiming.cpp:

(WebCore::PerformanceResourceTiming::nextHopProtocol const):

12:18 AM Changeset in webkit [288273] by Adrian Perez de Castro

8 edits in releases/WebKitGTK/webkit-2.34

Merge r286299 - ServiceWorkerContainer does not respond well to network process crash
https://bugs.webkit.org/show_bug.cgi?id=233626

Reviewed by Chris Dumez.

Source/WebCore:

Add a boolean to SWClientConnection to identify whether connection is closed.
ServiceWorkerContainer will retrieve a new connection if its existing connection is closed.
Covered by updated test.

workers/service/SWClientConnection.h:

(WebCore::SWClientConnection::isClosed const):
(WebCore::SWClientConnection::setIsClosed):

workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::ensureSWClientConnection):

Source/WebKit:

Set SW client connection as closed when IPC connection gets closed.

WebProcess/Storage/WebSWClientConnection.cpp:

(WebKit::WebSWClientConnection::connectionToServerLost):

LayoutTests:

http/wpt/service-workers/service-worker-networkprocess-crash.html:
platform/mac-wk2/TestExpectations:

Remove flaky expectation as test is no longer flaky according results.webkit.org.

Jan 19, 2022:

10:01 PM Changeset in webkit [288272] by ysuzuki@apple.com

9 edits
1 add in trunk

[JSC] Implement Temporal.Now.instant()
https://bugs.webkit.org/show_bug.cgi?id=234836

Reviewed by Ross Kirsling.

JSTests:

stress/temporal-now-instant.js: Added.

(shouldBe):

Source/JavaScriptCore:

This patch implements Temporal.Now.instant() since Temporal.Instant is now implemented.
It returns an instant which represents current wall time.

runtime/ISO8601.cpp:

(JSC::ISO8601::ExactTime::now):

runtime/ISO8601.h:
runtime/TemporalNow.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

Source/WTF:

Add currentTimeInNanoseconds implementation. Use clock_gettime for non Windows environment
since it is POSIX & it is supported in macOS after Sierra.

We also remove non-QueryPerformanceCounter path on Windows build since (1) it is supported in
all supported Windows versions now and (2) no ports are using that path.

wtf/CurrentTime.cpp:

(WTF::currentTimeInNanoseconds):
(WTF::currentTime):

wtf/PlatformUse.h:
wtf/WallTime.h:

8:54 PM Changeset in webkit [288271] by Kocsen Chung

1 copy in tags/Safari-613.1.12.1.11

Tag Safari-613.1.12.1.11.

8:46 PM Changeset in webkit [288270] by Kocsen Chung

9 edits in branches/safari-613.1.12.1-branch/Source

Versioning.

WebKit-7613.1.12.1.11

8:09 PM Changeset in webkit [288269] by Brent Fulgham

3 edits in trunk/Source/WebKit

Grant access to GlobalPreferences and GlobalPreferences_m uniformly
https://bugs.webkit.org/show_bug.cgi?id=235387
<rdar://problem/86943871>

Reviewed by Per Arne Vollan.

We should allow access to GlobalPreferences_m.plist in the places where we currently
allow GlobalPreferences.plist. We are inconsistent about this in our sandboxes, and
telemetry shows that we need to provide access.

Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:

8:03 PM Changeset in webkit [288268] by ysuzuki@apple.com

8 edits in trunk/Source/JavaScriptCore

[JSC] Fix non-JIT Windows LLInt
https://bugs.webkit.org/show_bug.cgi?id=235388

Reviewed by Mark Lam.

We should implement cCall3 which calls llint_link_call etc. from LLInt code.
This implementation needs to work on Windows too, so it requires stack modification.
While we do not have a problem on JIT Windows build, it is required for non JIT Windows
build. (If JIT is enabled, LLInt is fine. But if JIT is entirely disabled, this change
is required.)

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_link_call):
(JSC::LLInt::llint_virtual_call):

llint/LLIntSlowPaths.h:
llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
offlineasm/cloop.rb:
offlineasm/instructions.rb:

7:53 PM Changeset in webkit [288267] by Simon Fraser

6 edits in trunk

<dialog> with transformed ancestor asserts under RenderGeometryMap
https://bugs.webkit.org/show_bug.cgi?id=235194

Reviewed by Antti Koivisto.

Source/WebCore:

With this change we reparent the RenderLayers of top layer elements under the RenderView's
layer. This makes the RenderLayer hierarchy a closer match to the containing block
hierarchy, and means that all the existing RenderLayer tree walks that use
parent()/firstChild()/nextSibling() traverse the the "top layer" layers as children of the
RenderView. This in turn means that the various bits of RenderLayer state that track the
state of descendants (e.g. m_hasVisibleDescendant, m_hasSelfPaintingLayerDescendant,
m_hasNotIsolatedBlendingDescendants) reflect descendency in the top-layer-aware hierarchy.

Note that m_hasVisibleDescendant is about the inherited visibility property which follows
DOM order, but since we consult it during painting-related tree walks, we want this state to
reflect the top-layer-aware tree.

The patch adds top-layer-aware helpers on RenderElement to find the parent and next sibling,
and uses those when parenting layers.

In addition, when the top layer status changes for a RenderLayer, we unparent and
re-parent its layer (which in turn should toggle the relevant dirty bits).

rendering/RenderElement.cpp:

(WebCore::findNextLayer):
(WebCore::layerNextSiblingRespectingTopLayer):
(WebCore::addLayers):
(WebCore::RenderElement::layerParentRespectingTopLayer const):
(WebCore::RenderElement::layerNextSiblingRespectingTopLayer const):
(WebCore::RenderElement::insertedIntoTree):
(WebCore::RenderElement::willBeRemovedFromTree):
(WebCore::RenderElement::findNextLayer const): Deleted.

rendering/RenderElement.h:
rendering/RenderLayer.cpp:

(WebCore::RenderLayer::insertOnlyThisLayer):
(WebCore::RenderLayer::stackingContext const): No need for the explicit establishesTopLayer() check.
(WebCore::RenderLayer::setHasVisibleContent):
(WebCore::RenderLayer::dirtyAncestorChainVisibleDescendantStatus):
(WebCore::RenderLayer::setAncestorChainHasVisibleDescendant):
(WebCore::RenderLayer::enclosingAncestorForPosition const): No need for the explicit establishesTopLayer() check.
(WebCore::RenderLayer::paintLayerWithEffects): Ditto
(WebCore::RenderLayer::establishesTopLayerWillChange):
(WebCore::RenderLayer::establishesTopLayerDidChange):
(WebCore::RenderLayer::clipCrossesPaintingBoundary const): No need for the explicit establishesTopLayer() check.
(WebCore::RenderLayer::calculateClipRects const): Ditto

LayoutTests:

TestExpectations: imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/top-layer-parent-transform.html

no longer asserts.

6:45 PM Changeset in webkit [288266] by Devin Rousso

12 edits in trunk

Web Inspector: fully blackboxed stack traces don't show the right top call frame
https://bugs.webkit.org/show_bug.cgi?id=235381

Reviewed by Patrick Angle.

Source/WebInspectorUI:

UserInterface/Models/StackTrace.js:

(WI.StackTrace):
(WI.StackTrace.fromPayload):
(WI.StackTrace.prototype.get firstNonNativeNonAnonymousNotBlackboxedCallFrame):
Only assign to firstNonNativeNonAnonymousCallFrame once.
Drive-by: Don't re-fetch the blackbox data for the WI.SourceCode of the WI.CallFrame.
Drive-by: Combine optional parameters into an options = {} for current code cleanliness

and greater flexibility for future changes.

UserInterface/Models/CallFrame.js:

(WI.CallFrame):
(WI.CallFrame.fromDebuggerPayload):
(WI.CallFrame.fromPayload):

UserInterface/Views/ThreadTreeElement.js:

(WI.ThreadTreeElement.prototype.refresh):
Drive-by: Combine optional parameters into an options = {} for current code cleanliness

and greater flexibility for future changes.

UserInterface/Views/CallFrameTreeElement.js:

(WI.CallFrameTreeElement):
(WI.CallFrameTreeElement.prototype.onattach):

UserInterface/Views/CallFrameView.js:

(WI.CallFrameView):
Drive-by: Don't re-fetch the blackbox data for the WI.SourceCode of the WI.CallFrame.

LayoutTests:

inspector/model/stack-trace.html:
inspector/model/stack-trace-expected.txt:

inspector/debugger/resources/async-stack-trace-test.js:

(TestPage.registerInitializer.window.getAsyncStackTrace):

inspector/debugger/resources/log-active-stack-trace.js:

(TestPage.registerInitializer.window.getActiveStackTrace):

inspector/debugger/tail-deleted-frames/resources/stack-trace-utilities.js:

(TestPage.registerInitializer.window.getAsyncStackTrace):
Drive-by: Adopt new WI.StackTrace constructor arguments format.

6:40 PM Changeset in webkit [288265] by ysuzuki@apple.com

6 edits in trunk/Source/bmalloc

[libpas] Disable PAS_ASSERT on Darwin ARM64 (not in ARM64E)
https://bugs.webkit.org/show_bug.cgi?id=235349

Reviewed by Saam Barati.

We have several weak devices which only have ARM64 (not ARM64E).
And in such a weak device, PAS_ASSERT affects on performance.
By disabling PAS_ASSERT, we got 0.5% improvement in PLT in iPhone 6S.

libpas/src/libpas/pas_config.h:
libpas/src/libpas/pas_config_prefix.h:
libpas/src/libpas/pas_internal_config.h:
libpas/src/libpas/pas_platform.h:
libpas/src/libpas/pas_utils.h:

6:05 PM Changeset in webkit [288264] by Chris Dumez

27 edits in trunk

Align our qualified name validation with the specification
https://bugs.webkit.org/show_bug.cgi?id=201699

Reviewed by Geoffrey Garen.

LayoutTests/imported/w3c:

web-platform-tests/dom/nodes/DOMImplementation-createDocument-expected.txt:
web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:

Rebaseline WPT tests now that more checks are passing.

Source/WebCore:

Align our qualified name validation with the latest specification:

No new tests, rebaselined existing tests.

dom/Document.cpp:

(WebCore::isValidNameStart):
(WebCore::isValidNamePart):

LayoutTests:

dom/xhtml/level3/core/canonicalform06-expected.txt:
dom/xhtml/level3/core/infoset06-expected.txt:
dom/xhtml/level3/core/infoset07-expected.txt:
dom/xhtml/level3/core/wellformed01-expected.txt:
dom/xhtml/level3/core/wellformed02-expected.txt:
dom/xhtml/level3/core/wellformed03-expected.txt:
dom/xhtml/level3/core/wellformed04-expected.txt:

Rebaseline outdated imported tests.

fast/dom/DOMImplementation/createDocument-namespace-err-expected.txt:
fast/dom/DOMImplementation/createDocument-namespace-err.html:
fast/dom/Document/createAttributeNS-namespace-err-expected.txt:
fast/dom/Document/createAttributeNS-namespace-err.html:
fast/dom/Document/createElement-invalid-names-expected.txt:
fast/dom/Document/createElement-invalid-names.html:
fast/dom/Document/createElementNS-namespace-err-expected.txt:
fast/dom/Document/createElementNS-namespace-err.html:
fast/dom/Element/setAttributeNS-namespace-err-expected.txt:
fast/dom/Element/setAttributeNS-namespace-err.html:
fast/dom/dataset-expected.txt:
fast/dom/dataset-xhtml-expected.txt:
fast/dom/dataset-xhtml.xhtml:
fast/dom/dataset.html:

Update and rebaseline outdated WebKit tests.

6:05 PM Changeset in webkit [288263] by Kocsen Chung

1 copy in tags/Safari-613.1.14.1.4

Tag Safari-613.1.14.1.4.

5:53 PM Changeset in webkit [288262] by Kocsen Chung

9 edits in branches/safari-613.1.14.1-branch/Source

Versioning.

WebKit-7613.1.14.1.4

5:39 PM Changeset in webkit [288261] by sbarati@apple.com

21 edits
1 move
3 adds in trunk/Source

Update ARM64EHash
https://bugs.webkit.org/show_bug.cgi?id=235192

Reviewed by Mark Lam.

Source/JavaScriptCore:

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
Sources.txt:
assembler/AssemblerBuffer.h:

(JSC::ARM64EHash::ARM64EHash):
(JSC::ARM64EHash::~ARM64EHash):
(JSC::ARM64EHash::allocatePinForCurrentThreadAndInitializeHash):
(JSC::ARM64EHash::deallocatePinForCurrentThread):
(JSC::ARM64EHash::update):
(JSC::ARM64EHash::pin):
(JSC::ARM64EHash::currentHash):
(JSC::ARM64EHash::setUpdatedHash):
(JSC::AssemblerBuffer::AssemblerBuffer):
(JSC::AssemblerBuffer::arm64eHash):
(JSC::AssemblerBuffer::putIntegralUnchecked):
(JSC::ARM64EHash::bitsForDiversifier): Deleted.

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):

assembler/SecureARM64EHashPins.cpp: Added.

(JSC::WriteToJITRegionScope::WriteToJITRegionScope):
(JSC::WriteToJITRegionScope::~WriteToJITRegionScope):
(JSC::ValidateNonReentrancyScope::ValidateNonReentrancyScope):
(JSC::ValidateNonReentrancyScope::~ValidateNonReentrancyScope):
(JSC::allocateInExecutableMemory):
(JSC::SecureARM64EHashPins::Page::Page):
(JSC::initializePage):
(JSC::SecureARM64EHashPins::metadata):
(JSC::SecureARM64EHashPins::initializeAtStartup):
(JSC::SecureARM64EHashPins::allocatePinForCurrentThreadImpl):
(JSC::SecureARM64EHashPins::allocatePinForCurrentThread):
(JSC::SecureARM64EHashPins::deallocatePinForCurrentThread):

assembler/SecureARM64EHashPins.h: Added.

(JSC::SecureARM64EHashPins::firstPage):

assembler/SecureARM64EHashPinsInlines.h: Added.

(JSC::SecureARM64EHashPins::keyForCurrentThread):
(JSC::SecureARM64EHashPins::forEachPage):
(JSC::SecureARM64EHashPins::forEachEntry):
(JSC::SecureARM64EHashPins::findFirstEntry):
(JSC::SecureARM64EHashPins::pinForCurrentThread):

heap/MarkedBlock.h:
heap/MarkedSpace.h:
heap/SlotVisitor.h:
jit/BaselineJITPlan.cpp:

(JSC::BaselineJITPlan::BaselineJITPlan):
(JSC::BaselineJITPlan::compileInThreadImpl):

jit/ExecutableAllocator.cpp:
parser/Parser.h:
runtime/InitializeThreading.cpp:

(JSC::initialize):

runtime/IterationStatus.h: Removed.
runtime/JSCConfig.h:
wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::parseAndCompileAir):

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompileB3):

wasm/WasmBBQPlan.cpp:

(JSC::Wasm::BBQPlan::compileFunction):

Source/WTF:

WTF.xcodeproj/project.pbxproj:
wtf/Bitmap.h:

(WTF::WordType>::set):
(WTF::WordType>::forEachSetBit const):

wtf/CMakeLists.txt:
wtf/IterationStatus.h: Added.

5:35 PM Changeset in webkit [288260] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r286049 - Nullptr crash in SimplifiedBackwardsTextIterator::range() via previousSentencePosition
https://bugs.webkit.org/show_bug.cgi?id=229282

Patch by Frédéric Wang <fwang@igalia.com> on 2021-11-18
Reviewed by Darin Adler.

Source/WebCore:

Constructors of TextIterator and SimplifiedBackwardsTextIterator update layout, which may
make HTMLObjectElement switch to fallback content and invalidate their renderer. As a
consequence their advance() method may incorrectly treat them as replaced elements. This
patch updates the layout at the beginning of FrameSelection::modify and disable post
resolution callbacks in order to prevent this kind of unaverted tree changes while browsing
the tree for selection update.

Test: editing/text-iterator/backward-textiterator-object-crash.html

editing/FrameSelection.cpp:

(WebCore::FrameSelection::modify): Update layout and disable post resolution callback, so that
all iterators used during the execution of the function handle <object>s consistently.

LayoutTests:

Add regression test.

editing/text-iterator/backward-textiterator-object-crash-expected.txt: Added.
editing/text-iterator/backward-textiterator-object-crash.html: Added.

5:34 PM Changeset in webkit [288259] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.34

Merge r285877 - Crash under WebKit::WebPageProxy::commitProvisionalPage()
https://bugs.webkit.org/show_bug.cgi?id=233199
<rdar://57659921>

Reviewed by Youenn Fablet.

Source/WebKit:

In the event where the committed WebProcess would crash while a cross-site provisional load
is going on in a provisional page / WebProcess, we would do a null dereference of the page's
drawing area when trying to commit the provisional page later on. We would also hit various
assertions in debug since the page's state gets completely reset when its WebProcess crashes.

To address the issue, we now clear the provisional page if the page's WebProcess crashes.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::resetStateAfterProcessExited):

Tools:

Add API test coverage.

TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

5:27 PM Changeset in webkit [288258] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r285813 - nullptr deref in CompositeEditCommand::insertNodeAt
https://bugs.webkit.org/show_bug.cgi?id=232837

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-11-15
Reviewed by Wenson Hsieh and Darin Adler.

Source/WebCore:

Check endingSelection is not orphan before inserting nodes at
the start position.

Test: fast/editing/editing-position-crash.html

editing/CreateLinkCommand.cpp:

(WebCore::CreateLinkCommand::doApply):

LayoutTests:

fast/editing/editing-position-crash-expected.txt: Added.
fast/editing/editing-position-crash.html: Added.

5:22 PM Changeset in webkit [288257] by Kocsen Chung

1 copy in tags/Safari-613.1.14.1.3

Tag Safari-613.1.14.1.3.

5:21 PM Changeset in webkit [288256] by Kocsen Chung

1 copy in tags/Safari-613.1.14.0.3

Tag Safari-613.1.14.0.3.

5:19 PM Changeset in webkit [288255] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r285232 - Return nullopt in aspect-ratio+intrinsic width case
https://bugs.webkit.org/show_bug.cgi?id=230769

Patch by Rob Buis <rbuis@igalia.com> on 2021-11-03
Reviewed by Javier Fernandez.

Source/WebCore:

Return nullopt in aspect-ratio+intrinsic width case, while
calculating preferred widths we do not know the container width yet,
so we can't determine the logical height reliably from it.

Test: fast/css-grid-layout/aspect-ratio-auto-repeat-crash.html

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::availableLogicalHeightForPercentageComputation const):

LayoutTests:

fast/css-grid-layout/aspect-ratio-auto-repeat-crash-expected.txt: Added.
fast/css-grid-layout/aspect-ratio-auto-repeat-crash.html: Added.

5:06 PM Changeset in webkit [288254] by Alan Bujtas

12 edits in trunk/Source/WebCore

Turn EUnicodeBidi into an enum class
https://bugs.webkit.org/show_bug.cgi?id=235379

Reviewed by Antti Koivisto.

WebCore.order:
css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator UnicodeBidi const):
(WebCore::CSSPrimitiveValue::operator EUnicodeBidi const): Deleted.

layout/formattingContexts/inline/InlineItemsBuilder.cpp:

(WebCore::Layout::handleEnterExitBidiContext):
(WebCore::Layout::buildBidiParagraph):
(WebCore::Layout::InlineItemsBuilder::breakAndComputeBidiLevels):
(WebCore::Layout::InlineItemsBuilder::handleInlineBoxStart):
(WebCore::Layout::InlineItemsBuilder::handleInlineBoxEnd):

layout/integration/LayoutIntegrationCoverage.cpp:

(WebCore::LayoutIntegration::canUseForStyle):

platform/text/UnicodeBidi.h:

(WebCore::isIsolated):
(WebCore::isOverride):
(): Deleted.

rendering/LegacyInlineIterator.h:

(WebCore::embedCharFromDirection):
(WebCore::notifyObserverEnteredObject):
(WebCore::notifyObserverWillExitObject):

rendering/LegacyLineLayout.cpp:

(WebCore::LegacyLineLayout::updateLogicalWidthForAlignment):
(WebCore::constructBidiRunsForSegment):
(WebCore::LegacyLineLayout::layoutRunsAndFloatsInRange):
(WebCore::LegacyLineLayout::determineStartPosition):

rendering/RenderListItem.cpp:

(WebCore::RenderListItem::computeMarkerStyle const):

rendering/RenderMenuList.cpp:

(WebCore::RenderMenuList::adjustInnerStyle):

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::RenderStyle):

rendering/style/RenderStyle.h:

(WebCore::RenderStyle::unicodeBidi const):
(WebCore::RenderStyle::setUnicodeBidi):
(WebCore::RenderStyle::initialUnicodeBidi):

4:51 PM Changeset in webkit [288253] by Jonathan Bedard

9 edits in trunk/Tools

[git-webkit] pull-request command should print the pr url
https://bugs.webkit.org/show_bug.cgi?id=235358
<rdar://problem/87793470>

Reviewed by Aakash Jain.

Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py: Make created

and modified commits in tests have more issue-friendly titles.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:

(PullRequest.main): Print out PullRequest URL.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/pull_request.py:

(PullRequest.init): Constructor may define printable URL.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/bitbucket.py:

(BitBucket.PRGenerator.PullRequest): Set printable URL.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:

(GitHub.PRGenerator.PullRequest): Set printable URL.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:

Canonical link: https://commits.webkit.org/246203@main

4:22 PM Changeset in webkit [288252] by Adrian Perez de Castro

5 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r284792 - Source/WebCore:
ASSERT(node) triggered after surroundNodeRangeWithElement for node without editable style
https://bugs.webkit.org/show_bug.cgi?id=232133

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-10-25
Reviewed by Wenson Hsieh.

If the last styled node was not parent node of a current text node, but we
wish to style the text node, we will add a style span to surround the text node.
However, this requires the parent to have an editable style, or
we will not properly insert the span in the right location, which
later leads to a traversal into an invalid node. This change
makes it so we return early if the parent node does not have an
editable style, but modifying the existing
CompositeEditCommand::insertNodeBefore to return a boolean in the
early return case.

Test: fast/editing/apply-relative-font-style-change-crash-003.html

editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::surroundNodeRangeWithElement):

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::insertNodeBefore):

editing/CompositeEditCommand.h:

LayoutTests:
ASSERT(node) triggered after surroundNodeRangeWithElement for node without editable style
https://bugs.webkit.org/show_bug.cgi?id=232133

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-10-25
Reviewed by Wenson Hsieh.

fast/editing/apply-relative-font-style-change-crash-003-expected.txt: Added.
fast/editing/apply-relative-font-style-change-crash-003.html: Added.

4:22 PM Changeset in webkit [288251] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r284754 - Null check in traverseNodesForSerialization
https://bugs.webkit.org/show_bug.cgi?id=230704

Patch by Rob Buis <rbuis@igalia.com> on 2021-10-23
Reviewed by Wenson Hsieh.

Source/WebCore:

Pass startNode by value instead of by pointer to
traverseNodesForSerialization.

Test: editing/pasteboard/copy-with-shadow-tree-crash.html

editing/markup.cpp:

(WebCore::StyledMarkupAccumulator::serializeNodes):
(WebCore::StyledMarkupAccumulator::traverseNodesForSerialization):

LayoutTests:

editing/pasteboard/copy-with-shadow-tree-crash-expected.txt: Added.
editing/pasteboard/copy-with-shadow-tree-crash.html: Added.

4:21 PM Changeset in webkit [288250] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r284739 - Source/WebCore:
https://bugs.webkit.org/show_bug.cgi?id=232177
Check if start and end positions are still valid after updating them through mergeEndWithNextIfIdentical

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-10-22
Reviewed by Alan Bujtas.

We currently check if start and end positions are still valid after
updating them through mergeEndWithNextIfIdentical, but not through
mergeStartWithPreviousIfIdentical. Add this check to avoid trying to
deref a nullptr in ApplyStyleCommand::mergeEndWithNextIfIdentical.

Test: fast/editing/create-link-inline-style-change-crash-001.html

editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::applyInlineStyle):

LayoutTests:
Check if start and end positions are still valid after updating them through mergeStartWithPreviousIfIdentical
https://bugs.webkit.org/show_bug.cgi?id=232177

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2021-10-22
Reviewed by Alan Bujtas.

fast/editing/create-link-inline-style-change-crash-001-expected.txt: Added.
fast/editing/create-link-inline-style-change-crash-001.html: Added.

4:10 PM Changeset in webkit [288249] by Said Abou-Hallawa

2 edits in trunk/LayoutTests

Unreviewed test gardening after after r288183

platform/win/TestExpectations:

3:53 PM Changeset in webkit [288248] by Chris Dumez

2 edits
3 adds in trunk/LayoutTests

[ iOS EWS ] imported/w3c/web-platform-tests/dom/events/focus-event-document-move.html is a constant text failure
https://bugs.webkit.org/show_bug.cgi?id=235150
<rdar://problem/87524787>

Unreviewed, land iOS baseline and unskip. The behavior difference is expected as it involves mouse events.

platform/ios-wk2/TestExpectations:
platform/ios/imported/w3c/dom/events/focus-event-document-move-expected.txt: Added.

3:40 PM Changeset in webkit [288247] by Chris Dumez

2 edits in trunk/LayoutTests

[LFC][IFC] imported/w3c/web-platform-tests/html/semantics/forms/the-textarea-element/textarea-newline-bidi.html fails on EWS
https://bugs.webkit.org/show_bug.cgi?id=233393
<rdar://problem/85776836>

Unreviewed, unskip test as it appears it got fixed in r286928.

platform/mac/TestExpectations:

3:27 PM Changeset in webkit [288246] by Jonathan Bedard

3 edits in trunk/Tools

[EWS] Report basic statuses to GitHub
https://bugs.webkit.org/show_bug.cgi?id=235210
<rdar://problem/87576183>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/events.py:

(Events.sendDataToEWS): Renamed from sendData.
(Events.sendDataToGitHub): Post status for a commit to GitHub.
(Events.extractProperty): We need to extract more than patchID from
build properties.
(Events.buildFinishedGitHub): Report the pass/failed state of a build to GitHub.
(Events.buildFinished): Every time a build finishes, send data to GitHub.
(Events.stepStartedGitHub): Update GitHub with the current step being run,
and a failure status if that's already known.
(Events.stepStarted): Every time a new step starts, send data to GitHub.
(Events.stepFinished):
(Events.sendData): Deleted.
(Events.getPatchID): Deleted.

Tools/CISupport/ews-build/steps.py:

(GitHub.commit_status_url): Construct a status url for a commit in a repository.

Canonical link: https://commits.webkit.org/246199@main

3:13 PM Changeset in webkit [288245] by Sam Sneddon

9 edits
2 adds
2 deletes in trunk

Limit the deprecated CSSOMPrimitiveValue to formerly standardized unit types
https://bugs.webkit.org/show_bug.cgi?id=233651
<rdar://problem/85878291>

Reviewed by Darin Adler.

Source/WebCore:

This removes support, and makes it clear that these deprecated APIs shouldn't be exposing
anything more modern than what is standardized in DOM Level 2 Style. Hopefully this avoids
others in future adding support for new units.

Other changes included as they are necessary to make improved test not assert.

Test: fast/css/CSSPrimitiveValue-modern-length.html

css/CSSUnits.cpp:

(WebCore::unitCategory): Ensure this is complete for all units.
(WebCore::canonicalUnitTypeForCategory): Ensure this is complete for all unit categories.

css/DeprecatedCSSOMPrimitiveValue.cpp:

(WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType const): Remove post-DOM Level 2 Style values.
(WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue const): Remove post-DOM Level 2 Style values.
(WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue const): Add comment.

css/DeprecatedCSSOMPrimitiveValue.h: Remove post-DOM Level 2 Style constants.
css/DeprecatedCSSOMPrimitiveValue.idl: Remove post-DOM Level 2 Style constants.
css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::conversionToCanonicalUnitsScaleFactor): Change to return std::optional, making explicit when there is no scaling factor.
(WebCore::CSSPrimitiveValue::doubleValueInternal const): Handle std::optional return.

css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::conversionToCanonicalUnitsScaleFactor): Change to return std::optional, making explicit when there is no scaling factor.

page/PrintContext.cpp:

(WebCore::PrintContext::computedPageMargin): Handle std::optional return.

LayoutTests:

Updated/moved test to cover all modern length units, not just ic.

fast/css/CSSPrimitiveValue-ic-expected.txt: Removed.
fast/css/CSSPrimitiveValue-ic.html: Removed.
fast/css/CSSPrimitiveValue-modern-length-expected.txt: Added.
fast/css/CSSPrimitiveValue-modern-length.html: Added.

2:43 PM Changeset in webkit [288244] by jonlee@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening of GPU Process bot

gpu-process/TestExpectations:

2:38 PM Changeset in webkit [288243] by Devin Rousso

13 edits
1 copy
1 add in trunk/Source/WebInspectorUI

Web Inspector: blackboxed call frames should be grouped everywhere
https://bugs.webkit.org/show_bug.cgi?id=234648
<rdar://problem/87018103>

Reviewed by Patrick Angle.

UserInterface/Controllers/CallFrameTreeController.js:

(WI.CallFrameTreeController.prototype.groupBlackboxedCallFrames): Added.
(WI.CallFrameTreeController.prototype.groupBlackboxedCallFrames.displayable): Added.
(WI.CallFrameTreeController.prototype.set callFrames): Added.

UserInterface/Views/StackTraceView.js:

(WI.StackTraceView):

UserInterface/Views/ThreadTreeElement.js:

(WI.ThreadTreeElement.prototype.refresh):

UserInterface/Views/TimelineDataGrid.js:

(WI.TimelineDataGrid.prototype._createPopoverContent):
(WI.TimelineDataGrid.prototype._popoverCallStackTreeElementRemoved):
Centralize code for creating stack trace views so that the logic that groups blackboxed call
frames (and the associated WI.BlackboxedGroupTreeElement/WI.BlackboxedGroupView) can be
shared without duplication.

UserInterface/Views/BlackboxedGroupTreeElement.js:

(WI.BlackboxedGroupTreeElement):
(WI.BlackboxedGroupTreeElement.prototype.expand):
(WI.BlackboxedGroupTreeElement.prototype.customTitleTooltip): Added.
Add a parameter to control whether to remember when expanding blackboxed call frame groups
so that they can later be auto-expanded. This is needed because that feature is intended so
that stepping doesn't re-collapse previously expanded blackboxed call frame groups. A more
technical reason is that non-debugging call stacks can live (i.e. be shown) for a long time
and therefore there's no good way to clear the remembered state, and we probably don't want
to have a previous expansion in the Timelines Tab or Canvas Tab suddenly cause all matching
blackboxed call frame groups in the Sources Tab to always be expanded.
Drive-by: Override the tooltip to explain that clicking shows the blackboxed call frames.

UserInterface/Views/BlackboxedGroupView.js: Added.

(WI.BlackboxedGroupView):
(WI.BlackboxedGroupView.generateTitle):
(WI.BlackboxedGroupView.generateSubtitle):
(WI.BlackboxedGroupView.generateTooltip):

UserInterface/Views/BlackboxedGroupView.css: Added.

(.blackboxed-group):
(.blackboxed-group > *):
(.blackboxed-group .icon):
(.blackboxed-group .subtitle):
(.blackboxed-group .separator):
(@media (prefers-color-scheme: dark) .blackboxed-group .icon):
(@media (prefers-color-scheme: dark) .blackboxed-group .subtitle):
(@media (prefers-color-scheme: dark) .blackboxed-group .separator):
Add a non-tree UI class for showing blackboxed call frame groups (just like how there's
WI.CallFrameTreeElement for tree UIs and WI.CallFrameView for non-tree UIs). Also
centralize the UI strings for all blackboxed call frame group UIs as static methods.

UserInterface/Views/BlackboxedGroupTreeElement.css:

(.tree-outline .item.blackboxed-group.selected > *): Added.
(.tree-outline:not(:focus-within) .item.blackboxed-group.selected > *, body:is(.window-inactive, .window-docked-inactive) .tree-outline .item.blackboxed-group.selected > *): Added.
(.tree-outline .item.blackboxed-group): Deleted.
(.tree-outline .item.blackboxed-group:not(.selected) > *, .tree-outline:not(:focus-within) .item.blackboxed-group.selected > *, body:is(.window-inactive, .window-docked-inactive) .tree-outline .item.blackboxed-group.selected > *): Deleted.
(.tree-outline .item.blackboxed-group .icon): Deleted.
(@media (prefers-color-scheme: dark) .tree-outline .item.blackboxed-group .icon): Deleted.
Share styles from UserInterface/Views/BlackboxedGroupView.css since both share .blackboxed-group.

UserInterface/Views/CallFrameTreeElement.js:

Drive-by: Combine optional parameters into an options = {} for current code cleanliness

and greater flexibility for future changes.

UserInterface/Views/Variables.css:

(:root):

UserInterface/Views/CallFrameTreeElement.css:

(.tree-outline .item.call-frame.blackboxed:not(.selected)):

UserInterface/Views/CallFrameView.css:

(.call-frame.blackboxed > .title,):
Drive-by: Rename --blackboxed-tree-item-opacity since it's now also used outside trees.

UserInterface/Main.html:
Localizations/en.lproj/localizedStrings.js:

2:28 PM Changeset in webkit [288242] by Russell Epstein

1 edit in branches/safari-613.1.14.0-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj

Apply patch. rdar://problem/86298747

2:20 PM Changeset in webkit [288241] by Chris Dumez

2 edits in trunk/Source/WebKit

WebKit::nsTextAlignmentFromTextAlignment() falls through ASSERT_NOT_REACHED()
https://bugs.webkit.org/show_bug.cgi?id=234989
<rdar://problem/87273264>

Reviewed by Darin Adler.

UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::nsTextAlignmentFromTextAlignment):

1:38 PM Changeset in webkit [288240] by Said Abou-Hallawa

10 edits in trunk/Source

[GPU Process] ImageBuffer::convertToLuminanceMask() and transformToColorSpace() should not access the backend in WebProcess
https://bugs.webkit.org/show_bug.cgi?id=235305
rdar://83437815

Reviewed by Sam Weinig.

Source/WebCore:

When DOM rendering is handled in GPU Process, no backend access will be
allowed. So all the operations that require access to the backend should
be handled in GPU Process. The WebProcess will stream messages for these
operations to GPUProcess.

platform/graphics/displaylists/DisplayListRecorder.h:
platform/graphics/displaylists/DisplayListRecorderImpl.h:

Source/WebKit:

GPUProcess/graphics/RemoteDisplayListRecorder.cpp:

(WebKit::RemoteDisplayListRecorder::convertToLuminanceMask):
(WebKit::RemoteDisplayListRecorder::transformToColorSpace):

GPUProcess/graphics/RemoteDisplayListRecorder.h:
GPUProcess/graphics/RemoteDisplayListRecorder.messages.in:
WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.cpp:

(WebKit::RemoteDisplayListRecorderProxy::convertToLuminanceMask):
(WebKit::RemoteDisplayListRecorderProxy::transformToColorSpace):

WebProcess/GPU/graphics/RemoteDisplayListRecorderProxy.h:
WebProcess/GPU/graphics/RemoteImageBufferProxy.h:

1:35 PM Changeset in webkit [288239] by ysuzuki@apple.com

4 edits in trunk/Source

Do not use pas utils outside of libpas
https://bugs.webkit.org/show_bug.cgi?id=235275

Reviewed by Darin Adler.

Source/WebCore:

We should not use any utility functions from libpas outside of bmalloc.
libpas is designed to be self-contained and used outside of WebKit.
We cannot rely on non PAS_API functions.

If we need these utilities, we should define it in WTF.

platform/graphics/HEVCUtilities.cpp:

(WebCore::parseHEVCCodecParameters):
(WebCore::createHEVCCodecParametersString):
(WebCore::reverseBits): Deleted.

Source/WTF:

wtf/MathExtras.h:

(WTF::reverseBits32):
(WTF::reverseBits64):

1:30 PM Changeset in webkit [288238] by Chris Dumez

2 edits in trunk/Source/WebKit

WebsiteDataStore.cpp uses switch statements for WebKit::ProcessAccessType enum that fall through ASSERT_NOT_REACHED()
https://bugs.webkit.org/show_bug.cgi?id=234986
<rdar://problem/87272534>

Reviewed by Darin Adler.

Clean up / clarify processAccessType logic in WebsiteDataStore.cpp.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::computeNetworkProcessAccessTypeForDataFetch):
(WebKit::computeWebProcessAccessTypeForDataFetch):
(WebKit::WebsiteDataStore::fetchDataAndApply):
(WebKit::computeNetworkProcessAccessTypeForDataRemoval):
(WebKit::computeWebProcessAccessTypeForDataRemoval):
(WebKit::WebsiteDataStore::removeData):

1:24 PM Changeset in webkit [288237] by Chris Dumez

2 edits in trunk/Source/WebKit

WebKit::AuthenticatorPresenterCoordinator() constructor falls through ASSERT_NOT_REACHED()
https://bugs.webkit.org/show_bug.cgi?id=234991
<rdar://problem/87275093>

Reviewed by Darin Adler.

Drop unnecessary default: case in the switch statement since it handles all enum values already.

UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:

(WebKit::AuthenticatorPresenterCoordinator::AuthenticatorPresenterCoordinator):

1:18 PM Changeset in webkit [288236] by Adrian Perez de Castro

6 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r283868 - Remove scrollbars explicitly when destroying render tree
https://bugs.webkit.org/show_bug.cgi?id=229274

Patch by Rob Buis <rbuis@igalia.com> on 2021-10-09
Reviewed by Simon Fraser.

Source/WebCore:

Scrollbars in FrameViews that are hosted by RenderWidget need the RenderView
to exist because of RenderScrollbarPart. So when we are destroying the render tree
the RenderView will be destroyed too, so before that happens remove the scrollbars
and its RenderScrollbarParts.

Test: editing/inserting/insert-html-crash-02.html

page/FrameView.cpp:

(WebCore::FrameView::willBeDestroyed):

page/FrameView.h:
platform/Widget.h:

(WebCore::Widget::willBeDestroyed):

rendering/RenderWidget.cpp:

(WebCore::RenderWidget::willBeDestroyed):

LayoutTests:

editing/inserting/insert-html-crash-02-expected.txt: Added.
editing/inserting/insert-html-crash-02.html: Added.

1:17 PM Changeset in webkit [288235] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Speculative fix for a null pointer dereference in ByteCodeParser::handlePutByVal.
https://bugs.webkit.org/show_bug.cgi?id=231252
rdar://83310320

Reviewed by Yusuke Suzuki.

We're seeing a null pointer dereference in ByteCodeParser::handlePutByVal().
Adding a null check here as a speculative fix to mitigate crashes while we
investigate further.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::handlePutByVal):

12:43 PM Changeset in webkit [288234] by Adrian Perez de Castro

4 edits
6 adds in releases/WebKitGTK/webkit-2.34

Merge r283590 - ASSERT(m_callback->hasCallback()) under IntersectionObserver::notify()
https://bugs.webkit.org/show_bug.cgi?id=231235
<rdar://80837616>

Reviewed by Ryosuke Niwa.

Source/WebCore:

IntersectionObserver's JS callback stays alive as long as its JS wrapper and
its JS wrapper's lifetime relies on the IntersectionObserver::isReachableFromOpaqueRoots()
implementation. isReachableFromOpaqueRoots() keeps the wrapper alive as long
as the JS wrappers of observation / pending targets are alive. However, as per specification,
we always need to dispatch an observation for an observation target, even if that target
is not connected. Our code was already taking care of dispatching such observation. However,
there was nothing keeping the observation target alive in this case and thus nothing keeping
the JS callback alive either.

To address the issue, I am introducing a new m_targetsWaitingForFirstObservation data member
which holds a strong ref to the observation target until the next time we call notify().
This makes sure that the observation target (and its JS wrapper) stays alive long enough for
us to dispatch the first observation for it. I also updated isReachableFromOpaqueRoots() to
return true as long as m_targetsWaitingForFirstObservation is non-empty so that the
IntersectionObserver's JS wrapper (and thus the JS callback) stay alive long enough too.

Tests: intersection-observer/observe-disconnected-target-crash.html

intersection-observer/observe-disconnected-target.html

page/IntersectionObserver.cpp:

(WebCore::IntersectionObserver::observe):
(WebCore::IntersectionObserver::unobserve):
(WebCore::IntersectionObserver::removeAllTargets):
(WebCore::IntersectionObserver::notify):
(WebCore::IntersectionObserver::isReachableFromOpaqueRoots const):

page/IntersectionObserver.h:

LayoutTests:

Add layout test coverage both for the crash and the Web facing behavior.

intersection-observer/observe-disconnected-target-crash-expected.txt: Added.
intersection-observer/observe-disconnected-target-crash.html: Added.
intersection-observer/observe-disconnected-target-expected.txt: Added.
intersection-observer/observe-disconnected-target.html: Added.

12:42 PM Changeset in webkit [288233] by ntim@apple.com

3 edits
2 adds in trunk

Add visibility: visible to modal dialogs in UA sheet
https://bugs.webkit.org/show_bug.cgi?id=235369

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden-expected.txt: Added.
web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden.html: Added.

Source/WebCore:

Test: imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden.html

css/dialog.css:

(dialog:-internal-modal-dialog):

12:38 PM Changeset in webkit [288232] by Chris Dumez

2 edits in trunk/Source/WebKit

WebKit::DownloadProxy::publishProgress() falls through ASSERT_NOT_REACHED()
https://bugs.webkit.org/show_bug.cgi?id=234975
<rdar://problem/87265153>

Reviewed by Darin Adler.

UIProcess/Downloads/DownloadProxy.cpp:

(WebKit::DownloadProxy::publishProgress):
Let's not send the IPC if we failed to create the handle since the recipient code early returns when the handle is
invalid.

12:26 PM Changeset in webkit [288231] by Russell Epstein

1 edit in branches/safari-613.1.14.1-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj

Apply patch. rdar://problem/86298747

12:23 PM Changeset in webkit [288230] by aakash_jain@apple.com

4 edits in trunk/Tools/CISupport/ews-build

[ews] Improve support for required changes for ews uat instance
https://bugs.webkit.org/show_bug.cgi?id=235355

Reviewed by Jonathan Bedard.

Tools/CISupport/ews-build/events.py:
Tools/CISupport/ews-build/master.cfg:
Tools/CISupport/ews-build/send_email.py:
Tools/CISupport/ews-build/steps.py:

Canonical link: https://commits.webkit.org/246187@main

12:21 PM Changeset in webkit [288229] by Robert Jenner

58 edits
2 adds
32 deletes in trunk

Unreviewed, reverting r288197.

Broke a test, slowing down EWS

Reverted changeset:

"Callback functions / interfaces should use global object of
its _value_ for errors and lifecycle"
https://bugs.webkit.org/show_bug.cgi?id=232387
https://commits.webkit.org/r288197

12:18 PM Changeset in webkit [288228] by Russell Epstein

9 edits in branches/safari-613.1.14.1-branch/Source

Versioning.

WebKit-7613.1.14.1.3

12:13 PM Changeset in webkit [288227] by Jonathan Bedard

11 edits in trunk/Tools

[git-webkit] Improve setup usability
https://bugs.webkit.org/show_bug.cgi?id=235051
<rdar://problem/87367948>

Reviewed by Aakash Jain.

Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/init.py: Ditto.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py:

(Tracker.credentials): Retry credential prompt if the user provides an email.

Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/init.py: Ditto.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/credentials.py:

(credentials): Use Terminal's choosing function.
(delete_credentials): Delete credentials for a service.

Tools/Scripts/libraries/webkitcorepy/webkitcorepy/editor.py:

(Editor.vi): Add.
(Editor.programs): Add vi.

Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:

(Setup.git): SSH replacement applies to http and https remotes.
(Setup.main): Include explicit conclusion messages.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:

(GitHub.credentials): Retry credential prompt if the user provides an email.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/setup_unittest.py:

Canonical link: https://commits.webkit.org/246186@main

12:07 PM Changeset in webkit [288226] by commit-queue@webkit.org

2 edits in trunk/Tools

Swap accelerated drawing flag between the two GPU Process iOS simulator bots
https://bugs.webkit.org/show_bug.cgi?id=235366

Patch by Jon Lee <jonlee554@gmail.com> on 2022-01-19
Reviewed by Alex Christensen.

CISupport/build-webkit-org/config.json: Turn the accelerated-drawing flag on the arm64 bot, since that

represents the configuration closest to actual hardware. Turn it off on the Intel bot for now so that we
can see differences in results with accelerated drawing off as we fix bugs in tests.

11:55 AM Changeset in webkit [288225] by Russell Epstein

9 edits in branches/safari-613.1.14.0-branch/Source

Versioning.

WebKit-7613.1.14.0.3

11:52 AM Changeset in webkit [288224] by ysuzuki@apple.com

4 edits in trunk

[JSC] Fix YarrJIT backtrackCharacterClassNonGreedy breakpoint
https://bugs.webkit.org/show_bug.cgi?id=235348

Reviewed by Michael Saboff.

JSTests:

stress/regexp-unicode-surrogate-pair-increment-should-involve-length-check.js:

Source/JavaScriptCore:

YarrJIT's backtrackCharacterClassNonGreedy breakpoint is actually reachable. We should subtract index (since it is already incremented),
and go to the normal nonGreedyFailures path.

yarr/YarrJIT.cpp:

11:48 AM Changeset in webkit [288223] by sihui_liu@apple.com

2 edits in trunk/Source/WebCore

Assertion is not acquired in network process when setting database journal mode
https://bugs.webkit.org/show_bug.cgi?id=235340

Setting database journal mode requires lock, so network process needs to stay active by holding assertion.

Reviewed by Chris Dumez.

platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::useWALJournalMode):

11:47 AM Changeset in webkit [288222] by Jonathan Bedard

4 edits in trunk/Tools

[git-webkit] Improve pr push error message
https://bugs.webkit.org/show_bug.cgi?id=235299
<rdar://problem/87721181>

Reviewed by Aakash Jain.

Scripts/libraries/webkitscmpy/setup.py: Bump version.
Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:

(PullRequest.main): If git push fails, provide the user with options
for resolution.

Canonical link: https://commits.webkit.org/246182@main

11:44 AM Changeset in webkit [288221] by Peng Liu

1 edit
2 adds in trunk/LayoutTests

Add a data URL resource loader performance test
https://bugs.webkit.org/show_bug.cgi?id=235325

Reviewed by Eric Carlson.

This patch is a follow-up of r287899. In local tests, the time taken
by a video element to load a data URL is about 2x of the time to load
the binary form of the media file.

media/video-src-blob-perf-expected.txt: Added.
media/video-src-blob-perf.html: Added.

11:41 AM Changeset in webkit [288220] by Tyler Wilcock

2 edits in trunk/Source/WebCore

AX: Remove unnecessary isolated tree update for AXSelectedTextChanged node
https://bugs.webkit.org/show_bug.cgi?id=235343

Reviewed by Chris Fleizach.

When we get an AXSelectedTextChanged notification, we update the isolated tree with
the node that has gained selection. Sometimes this node is not yet part of the AX tree,
meaning its AXAncestorFlags are not initialized. This results in hitting this ASSERT in AXIsolatedObject::initializeAttributeData:

For all objects besides the root, the ancestry flags should've been set by now.

ASSERT(isRoot

object.ancestorFlagsAreInitialized());

Updating the isolated tree with the selection node was added here to fix accessibility/mac/search-text/search-text.html:

https://bugs.webkit.org/show_bug.cgi?id=208434

But the test passes in ITM with and without updating the isolated tree with this node.
Also, for text selection related operations, isolated tree objects currently defer to the main thread
(e.g. AXIsolatedObject::selectedText, AXIsolatedObject::selectedText).

This patch removes this update since it doesn't seem to be necessary.

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::postTextStateChangeNotification):
(WebCore::AXObjectCache::updateIsolatedTree):

11:37 AM Changeset in webkit [288219] by commit-queue@webkit.org

5 edits
1 delete in trunk

[ResourceTiming] nextHopProtocol is exposed regardless of Timing-Allow-Origin
https://bugs.webkit.org/show_bug.cgi?id=235294

Patch by Alex Christensen <achristensen@webkit.org> on 2022-01-19
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

web-platform-tests/resource-timing/nextHopProtocol-is-tao-protected.https-expected.txt:

Source/WebCore:

Covered by an existing WPT test that starts passing.
This was recently fixed in Chromium in https://chromium-review.googlesource.com/c/chromium/src/+/3354335

page/PerformanceResourceTiming.cpp:

(WebCore::PerformanceResourceTiming::nextHopProtocol const):

11:32 AM Changeset in webkit [288218] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.34

Merge r283283 - [ iOS Debug ] http/tests/xmlhttprequest/access-control-preflight-credential-sync.html is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=228305
<rdar://problem/81136891>

Reviewed by Alex Christensen.

Source/WebKit:

When a NetworkResourceLoader for a synchronous XHR gets aborted (e.g. because the connection to
the WebProcess was severed), NetworkResourceLoader::abort() would fail to call
sendReplyToSynchronousRequest() (sendReplyToSynchronousRequest was only called in didFailLoading() and
didFinishLoading()). As a result, we would hit the following assertion in the NetworkResourceLoader

destructor later on: ASSERT(!isSynchronous()

!m_synchronousLoadData->delayedReply)

No new tests, covered by existing test that I am unskipping.

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::abort):

LayoutTests:

Unskip test that should no longer be flaky.

platform/ios-wk2/TestExpectations:

11:13 AM Changeset in webkit [288217] by commit-queue@webkit.org

3 edits
2 adds in trunk

Null check player in taintsOrigin
https://bugs.webkit.org/show_bug.cgi?id=234257

Patch by Rob Buis <rbuis@igalia.com> on 2022-01-19
Reviewed by Youenn Fablet.

Source/WebCore:

Null check player in taintsOrigin.

Test: fast/media/createImageBitmap-from-video-crash.html

html/ImageBitmap.cpp:

(WebCore::taintsOrigin):

LayoutTests:

fast/media/createImageBitmap-from-video-crash-expected.txt: Added.
fast/media/createImageBitmap-from-video-crash.html: Added.

10:38 AM Changeset in webkit [288216] by commit-queue@webkit.org

9 edits
1 copy in trunk/Source

Allow experimental feature names to be hidden in WebKitAdditions
https://bugs.webkit.org/show_bug.cgi?id=235163

Patch by Alex Christensen <achristensen@webkit.org> on 2022-01-19
Reviewed by Chris Dumez.

Source/WebKit:

Scripts/PreferencesTemplates/WebPreferencesExperimentalFeatures.cpp.erb:

Source/WebKitLegacy/mac:

Scripts/PreferencesTemplates/WebPreferencesExperimentalFeatures.mm.erb:

Source/WTF:

Scripts/GeneratePreferences.rb:
Scripts/Preferences/WebPreferencesExperimental.yaml:
WTF.xcodeproj/project.pbxproj:
wtf/CMakeLists.txt:
wtf/ExperimentalFeatureNames.h: Copied from Source/WebKitLegacy/mac/Scripts/PreferencesTemplates/WebPreferencesExperimentalFeatures.mm.erb.

10:16 AM Changeset in webkit [288215] by commit-queue@webkit.org

3 edits
2 adds in trunk

Null check m_progressTracker in clearProvisionalLoad
https://bugs.webkit.org/show_bug.cgi?id=233063

Patch by Rob Buis <rbuis@igalia.com> on 2022-01-19
Reviewed by Alex Christensen.

Source/WebCore:

Null check m_progressTracker in clearProvisionalLoad.

Test: fast/frames/contentFrame-disconnecting-crash.html

loader/FrameLoader.cpp:

(WebCore::FrameLoader::clearProvisionalLoad):

LayoutTests:

platform/mac/fast/frames/contentFrame-disconnecting-crash-expected.txt: Added.
platform/mac/fast/frames/contentFrame-disconnecting-crash.html: Added.

10:07 AM Changeset in webkit [288214] by achristensen@apple.com

4 edits in trunk

Unreviewed, reverting r288147.
<rdar://87776311>

broke clean command line builds

Reverted changeset:

"Build WebKitSwift when building with make or build-webkit"
https://bugs.webkit.org/show_bug.cgi?id=235093
https://commits.webkit.org/r288147

9:45 AM Changeset in webkit [288213] by commit-queue@webkit.org

2 edits in trunk/JSTests

Unreviewed, skip new test max-typed-array-length-toString.js when memory-limited
https://bugs.webkit.org/show_bug.cgi?id=235217

Patch by Michael Catanzaro <Michael Catanzaro> on 2022-01-19

stress/max-typed-array-length-toString.js:

9:15 AM Changeset in webkit [288212] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r283176 - [MSE][GStreamer] Don't create MediaSourceTrackGStreamer objects twice for the same track
https://bugs.webkit.org/show_bug.cgi?id=230829

Reviewed by Xabier Rodriguez-Calvar.

The existing code in
SourceBufferPrivateGStreamer::didReceiveInitializationSegment()
was not checking if the track already existing, creating and
immediately destroying a MediaSourceTrackGStreamer, which then crashed
on an assertion (ASSERTION FAILED: m_isRemoved).

This fixes the following two tests which were crashing with the former
assertion when running in Debug:

media/media-source/media-mp4-h264-partial-abort.html
media/media-source/media-source-abort-resets-parser.html

platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.cpp:

(WebCore::SourceBufferPrivateGStreamer::didReceiveInitializationSegment):

9:15 AM Changeset in webkit [288211] by Adrian Perez de Castro

3 edits
4 adds in releases/WebKitGTK/webkit-2.34

Merge r282260 - Nullptr crash in CompositeEditCommand::splitTreeToNode via InsertParagraphSeparatorCommand::doApply
https://bugs.webkit.org/show_bug.cgi?id=229276

Patch by Frédéric Wang <fwang@igalia.com> on 2021-09-09
Reviewed by Ryosuke Niwa.

Source/WebCore:

The loop in CompositeEditCommand::splitTreeToNode calls splitElement with the parent node as an
argument. This patch fixes a nullptr crash by following the rule of [1]: store the parent node as
a local smart pointer. Additionally, it ensures that editingIgnoresContent() returns false on the
parent so that the corresponding ASSERT in Position's constructor does not fail when
firstPositionInNode is called.

[1] https://lists.webkit.org/pipermail/webkit-dev/2020-September/031386.html

Tests: editing/execCommand/indent-input-in-image-crash.html

editing/execCommand/indent-input-in-image-editing-ignores-content-assert.html

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::moveParagraphs): Store parent node in a smart pointer and exit loop
if it returns true for editingIgnoresContent.

LayoutTests:

Add regression tests for a crash and an assert in CompositeEditCommand::splitTreeToNode.

editing/execCommand/indent-input-in-image-crash-expected.txt: Added.
editing/execCommand/indent-input-in-image-crash.html: Added.
editing/execCommand/indent-input-in-image-editing-ignores-content-assert-expected.txt: Added.
editing/execCommand/indent-input-in-image-editing-ignores-content-assert.html: Added.

9:15 AM Changeset in webkit [288210] by Adrian Perez de Castro

3 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r282241 - Potential crash under CachedRawResource::didAddClient()
https://bugs.webkit.org/show_bug.cgi?id=230121
<rdar://82936913>

Reviewed by Alex Christensen.

In r280083, I tried to address this crash by holding a strong reference
to the SharedBuffer before calling forEachSegment() on it. However, the
crash is still happening after this fix.

My suspicion is that the SharedBuffer's internal m_segments vector gets
modified as we iterate over it. As a result, I am reverting r280083 and
iterating over a copy of m_segments in forEachSegment() instead.

No new tests, we haven't been able to reproduce.

WebCore.xcodeproj/project.pbxproj:
loader/cache/CachedRawResource.cpp:

(WebCore::CachedRawResource::didAddClient):

platform/SharedBuffer.cpp:

(WebCore::SharedBuffer::forEachSegment const):

9:15 AM Changeset in webkit [288209] by Adrian Perez de Castro

3 edits in releases/WebKitGTK/webkit-2.34/Source/WebKit

Merge r282174 - Remove responsiveness timer in NetworkProcessProxy::getNetworkProcessConnection
https://bugs.webkit.org/show_bug.cgi?id=230016
rdar://problem/80760179

Reviewed by Chris Dumez.

We've seen evidence that network process may be blocked in initializeNetworkProcess. Since we have a 3-second
responsiveness timer in NetworkProcessProxy::getNetworkProcessConnection, blocked network process will be killed
and a new network process will be launched for getting connection. However, the new network process may get
stuck in initializeNetworkProcess too. In this case, web process will crash for not being able to get network
process connection.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::getNetworkProcessConnection):

UIProcess/WebsiteData/WebsiteDataStore.cpp: change RELEASE_ASSERT_NOT_REACHED_WITH_MESSAGE to

RELEASE_LOG_ERROR as the message is not printed in non-debug build.
(WebKit::WebsiteDataStore::getNetworkProcessConnection):

9:14 AM Changeset in webkit [288208] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r282075 - Nullptr crash in DeleteSelectionCommand::removeNodeUpdatingStates
https://bugs.webkit.org/show_bug.cgi?id=229279

Patch by Rob Buis <rbuis@igalia.com> on 2021-09-07
Reviewed by Ryosuke Niwa.

Source/WebCore:

Fix DeleteSelectionCommand::removeNodeUpdatingStates logic
to use m_endBlock rather than m_startBlock here.

Test: editing/deleting/delete-shadow-tree-crash.html

editing/DeleteSelectionCommand.cpp:

(WebCore::DeleteSelectionCommand::removeNodeUpdatingStates):

LayoutTests:

editing/deleting/delete-shadow-tree-crash-expected.txt: Added.
editing/deleting/delete-shadow-tree-crash.html: Added.

9:14 AM Changeset in webkit [288207] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r282074 - Nullptr crash in CSSValue::cssText() via DeleteSelectionCommand::calculateTypingStyleAfterDelete
https://bugs.webkit.org/show_bug.cgi?id=229281

Patch by Rob Buis <rbuis@igalia.com> on 2021-09-07
Reviewed by Ryosuke Niwa.

Source/WebCore:

Null check the CSSValue in EditingStyle::init.

Test: editing/deleting/forward-delete-crash.html

editing/EditingStyle.cpp:

(WebCore::EditingStyle::init):

LayoutTests:

editing/deleting/forward-delete-crash-expected.txt: Added.
editing/deleting/forward-delete-crash.html: Added.

9:14 AM Changeset in webkit [288206] by Adrian Perez de Castro

6 edits in releases/WebKitGTK/webkit-2.34

Merge r281964 - [ BigSur arm64 Debug EWS ] ASSERTION FAILED: m_uncommittedState.state == State::Provisional
https://bugs.webkit.org/show_bug.cgi?id=229769
<rdar://problem/82645706>

Reviewed by Alex Christensen.

Source/WebKit:

I am unable to reproduce the crash but we know that we're crashing when committing the load
after a process-swap, because the WebPageProxy doesn't know that a provisional load is going
on. One possible explanation for this, and the most likely one is that the WebPageProxy got
a DidFailProvisionalLoadForFrame IPC from the current process while the provisional load is
proceeding in the new provisional process. We had logic in WebPageProxy::didFailProvisionalLoadForFrame()
to try and discard such IPC but the check was relying on the navigationID and was therefore
fragile. I updated the check in didFailProvisionalLoadForFrame() to ignore all
DidFailProvisionalLoadForFrame IPCs for the main frame from the current process when there
is a ProvisionalPageProxy, without relying on the navigationID. This should be more robust
and will hopefully fix this flaky crash.

No new tests, unskipped existing tests.

UIProcess/ProvisionalPageProxy.cpp:

(WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame):

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFailProvisionalLoadForFrame):
(WebKit::WebPageProxy::didFailProvisionalLoadForFrameShared):

UIProcess/WebPageProxy.h:

LayoutTests:

Unskip test that should no longer be flakily crashing in debug.

platform/mac-wk2/TestExpectations:

9:14 AM Changeset in webkit [288205] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Tools

Merge r288063 - Bug 234910 - jsc_fuz/wktr: crash with exotic settings
https://bugs.webkit.org/show_bug.cgi?id=234910

Patch by Frédéric Wang <fwang@igalia.com> on 2022-01-15
Reviewed by Michael Saboff.

ASAN release build of WebKitTestRunner and DumpRenderTree may crash when loading the file
with content "<script>'a'+Math.floor()+'a';</script>" when the ASAN option
detect_stack_use_after_return=1 is set and when the JSC option slowPathAllocsBetweenGCs takes
to specific values. This is because the 'TestRendered' string of WTR::sendTestRenderedEvent
can be garbage collected. This patch fixes that issue by protecting that string. The fix has
been verified for all slowPathAllocsBetweenGCs values from 1 to 100.

TestRunnerShared/ReftestFunctions.cpp:

(WTR::sendTestRenderedEvent): Protect "TestRendered" JSString from garbage collection until
the event is dispatched.

9:14 AM Changeset in webkit [288204] by Adrian Perez de Castro

5 edits in releases/WebKitGTK/webkit-2.34/Source

Merge r287914 - Protect DocumentLoader when a reference to its members is used.
https://bugs.webkit.org/show_bug.cgi?id=233464

Patch by Frédéric Wang <fwang@igalia.com> on 2022-01-12
Reviewed by Brady Eidson.

Source/WebCore:

No new tests, due to our infra (bug 127676).

loader/FrameLoader.cpp:

(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ensure that DocumentLoader loader
remains alive while DocumentLoader::m_mainDocumentError is used.

Source/WebKit:

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didFinishLoadForFrame): If the navigationID is obsolete, skip update
of the page load state to avoid failure of debug ASSERT.

WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidFinishLoad): Ensure that DocumentLoader loader
remains alive while DocumentLoader::m_request is used.

9:14 AM Changeset in webkit [288203] by Adrian Perez de Castro

4 edits
4 adds in releases/WebKitGTK/webkit-2.34

Merge r287604 - Protect frame from destruction in HTMLMediaElement::setupAndCallJS
https://bugs.webkit.org/show_bug.cgi?id=234259

Patch by Frédéric Wang <fwang@igalia.com> on 2022-01-04
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/media/media-element-frame-destroyed-crash.html

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setupAndCallJS): Protect the frame before executing the JS code,
so that it is not destroyed before its associated ScriptController.

LayoutTests:

Add non-regression test, embedded in multiple iframes to make regression easily reproducible.

http/conf/mime.types: Ensure that ts files are served with MIME type video/mp2t as that's required

to make the non-regression test work properly.

http/tests/media/media-element-frame-destroyed-crash-expected.txt: Added.
http/tests/media/media-element-frame-destroyed-crash.html: Added.
http/tests/media/resources/empty.ts: Added.
http/tests/media/resources/media-element-frame-destroyed-crash-subframe.html: Added.

9:14 AM Changeset in webkit [288202] by Adrian Perez de Castro

4 edits in releases/WebKitGTK/webkit-2.34

Merge r282365 - Crash under WebPage::runJavaScript()
https://bugs.webkit.org/show_bug.cgi?id=230223
<rdar://80172436>

Reviewed by Brady Eidson.

Source/WebKit:

The resolveFunction() was capturing frame = makeRef(frame) and then calling frame->coreFrame()->script().
This would lead to a null dereference crash in the case where the core frame gets destroyed before the JS
promise gets resolved. Protecting the WebFrame does not keep the core Frame alive as WebFrame::m_coreFrame
is merely a WeakPtr. To address the issue, the lambda now also protects the core frame and uses it to get
the script controller.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::runJavaScript):

Tools:

Add API test coverage.

TestWebKitAPI/Tests/WebKitCocoa/AsyncFunction.mm:

(-[AsyncJSUIDelegate initWithAlertHandler:]):
(-[AsyncJSUIDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
(TestWebKitAPI::TEST):

9:12 AM Changeset in webkit [288201] by youenn@apple.com

36 edits in trunk

Improve computation of service worker FetchEvent.resultingClientId
https://bugs.webkit.org/show_bug.cgi?id=235107

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

web-platform-tests/service-workers/service-worker/clients-get-resultingClientId.https-expected.txt:
web-platform-tests/service-workers/service-worker/clients-get.https-expected.txt:
web-platform-tests/service-workers/service-worker/historical.https.any.serviceworker-expected.txt:

Source/WebCore:

We are now passing the reserved client ID generated by DocumentLoader to the generated document.
Previously, we would register a temporary ID that we would drop later on when creating a new document.
This allows to be closer to spec, though we need to handle the case of a document whose origin gets unique
due to CSP or sandboxing making a document origin unique.
We are also removing targetClientId, which was renamed in the spec to replacesClientId but is also not implemented in any browser yet.

Covered by existing tests.

dom/DOMImplementation.cpp:
dom/DOMImplementation.h:
dom/Document.cpp:
dom/Document.h:
dom/ScriptExecutionContext.cpp:
dom/ScriptExecutionContext.h:
html/FTPDirectoryDocument.cpp:
html/HTMLDocument.cpp:
html/HTMLDocument.h:
html/ImageDocument.cpp:
html/MediaDocument.cpp:
html/ModelDocument.cpp:
html/PluginDocument.cpp:
html/TextDocument.cpp:
html/TextDocument.h:
inspector/DOMPatchSupport.cpp:
loader/DocumentLoader.cpp:
loader/DocumentLoader.h:
loader/DocumentWriter.cpp:
loader/DocumentWriter.h:
loader/SinkDocument.cpp:
workers/service/FetchEvent.cpp:
workers/service/FetchEvent.h:
workers/service/FetchEvent.idl:
workers/service/server/SWServer.cpp:
xml/XMLHttpRequest.cpp:

Source/WebKit:

WebProcess/Network/WebLoaderStrategy.cpp:
WebProcess/Storage/WebSWClientConnection.cpp:

7:55 AM Changeset in webkit [288200] by commit-queue@webkit.org

13 edits in trunk/Source

Fix -Wreturn-type and -Wunused-parameter warnings, January 2022 edition
https://bugs.webkit.org/show_bug.cgi?id=235336

Patch by Michael Catanzaro <Michael Catanzaro> on 2022-01-19
Reviewed by Adrian Perez de Castro.

Source/JavaScriptCore:

wasm/WasmCompilationMode.h:

(JSC::Wasm::isOSREntry):
(JSC::Wasm::isAnyBBQ):
(JSC::Wasm::isAnyOMG):

Source/WebCore:

Modules/push-api/PushCrypto.cpp:

(WebCore::PushCrypto::computeP256DHSharedSecret):

bindings/js/JSCSSRuleCustom.cpp:

(WebCore::toJSNewlyCreated):

contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::toSizeT):

css/CSSComputedStyleDeclaration.cpp:

(WebCore::valueForAnimationDirection):
(WebCore::valueForAnimationFillMode):
(WebCore::valueForAnimationPlayState):

css/CSSPrimitiveValue.cpp:

(WebCore::lengthOfViewportPhysicalAxisForLogicalAxis):

platform/graphics/ColorInterpolation.cpp:

(WebCore::fixupHueComponentsPriorToInterpolation):

platform/graphics/ColorInterpolation.h:

(WebCore::interpolateColors):

platform/graphics/filters/FEColorMatrix.cpp:

(WebCore::FEColorMatrix::createApplier const):

platform/graphics/filters/FEComponentTransfer.cpp:

(WebCore::FEComponentTransfer::createApplier const):

platform/graphics/filters/SourceGraphic.cpp:

(WebCore::SourceGraphic::createApplier const):

7:46 AM Changeset in webkit [288199] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

libvpx firstpass.c is not needed
https://bugs.webkit.org/show_bug.cgi?id=235354

Reviewed by Alexey Proskuryakov.

libwebrtc.xcodeproj/project.pbxproj:

7:21 AM Changeset in webkit [288198] by commit-queue@webkit.org

3 edits in trunk

[WPE][GTK] ENABLE_JOURNALD_LOG has weird value
https://bugs.webkit.org/show_bug.cgi?id=235339

Patch by Michael Catanzaro <Michael Catanzaro> on 2022-01-19
Reviewed by Philippe Normand.

Clean up the code that checks for journald.

Source/cmake/OptionsGTK.cmake:
Source/cmake/OptionsWPE.cmake:

5:52 AM Changeset in webkit [288197] by Alexey Shvayka

58 edits
34 adds
2 deletes in trunk

Callback functions / interfaces should use global object of its _value_ for errors and lifecycle
https://bugs.webkit.org/show_bug.cgi?id=232387

Reviewed by Geoff Garen.

LayoutTests/imported/w3c:

Import WPT tests from https://github.com/web-platform-tests/wpt/pull/32449.

The remaining failures are due to unrelated spec compat issue with calling cross-realm ProxyObject / JSBoundFunction.

web-platform-tests/dom/events/EventListener-handleEvent-cross-realm-expected.txt: Added.
web-platform-tests/dom/events/EventListener-handleEvent-cross-realm.html: Added.
web-platform-tests/dom/events/resources/empty-document.html: Added.
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-expected.txt:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context-expected.txt:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html:
web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html:
web-platform-tests/dom/traversal/support/TreeWalker-acceptNode-filter-cross-realm-subframe.html: Removed.
web-platform-tests/dom/traversal/support/empty-document.html: Added.
web-platform-tests/domxpath/resolver-callback-interface-cross-realm-expected.txt: Added.
web-platform-tests/domxpath/resolver-callback-interface-cross-realm.html: Added.
web-platform-tests/domxpath/resources: Added.
web-platform-tests/domxpath/resources/empty-document.html: Added.
web-platform-tests/domxpath/resources/invalid_namespace_test.js: Added.

Source/WebCore:

This patch:

Removes [SkipCallbackInvokeCheck] extended attribute, while ensuring DOM traversal doesn't crash, which aligns WebKit with other browsers.

Invokes canInvokeCallback() on the global object of _value_, which matches

Gecko but not Blink, which uses _incumbent_ realm to determine if callback
can still be invoked (doesn't make much sense to me).

Throws callback invocation errors (e.g. non-callable method, revoked Proxy) in the global object of _value_, which matches the spec [1] and Blink, but not Gecko, which uses _current_ realm (of the method that was passed callback's _value_) to throw TypeErrors in.

That doesn't make much sense to me either: "registering" a callback and invoking
it could happen in different realms.

The spec on this is worded quite trickily (yet I think I've figured it out):
ECMA's "throw a TypeError exception" uses "running execution context" [2]
to create an object in, which is switched to the realm of _value_ per [1].

AudioWorklet changes are unobservable as worklets can't acquire a cross-realm method.
It's also nicer not to pass JSCallbackDataStrong around.

[1] https://webidl.spec.whatwg.org/#ref-for-prepare-to-run-script
[2] https://tc39.es/ecma262/#sec-ecmascript-function-objects-call-thisargument-argumentslist (step 4)

Tests: fast/dom/callback-function-detached-frame-intersection-observer.html

fast/dom/callback-function-detached-frame-mutation-observer.html
fast/dom/callback-function-detached-frame-performance-observer.html
fast/dom/callback-function-detached-frame-raf.html
fast/dom/callback-function-detached-frame-resize-observer.html
fast/dom/callback-function-detached-frame-to-blob.html
fast/dom/callback-interface-detached-frame-node-filter.html
fast/dom/callback-interface-detached-frame-xpathnsresolver.html
imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html
imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm.html
imported/w3c/web-platform-tests/dom/events/EventListener-handleEvent-cross-realm.html
imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.html

Modules/webaudio/AudioWorkletGlobalScope.cpp:

(WebCore::AudioWorkletGlobalScope::registerProcessor):
(WebCore::AudioWorkletGlobalScope::createProcessor):

Modules/webaudio/AudioWorkletProcessor.cpp:

(WebCore::AudioWorkletProcessor::create):
(WebCore::AudioWorkletProcessor::AudioWorkletProcessor):
(WebCore::AudioWorkletProcessor::process):
(WebCore::AudioWorkletProcessor::setProcessCallback):

Modules/webaudio/AudioWorkletProcessor.h:

(WebCore::AudioWorkletProcessor::processCallbackWrapper):

bindings/js/JSAudioWorkletProcessorCustom.cpp:

(WebCore::JSAudioWorkletProcessor::visitAdditionalChildren):

bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackData::invokeCallback):

bindings/js/JSCallbackData.h:

bindings/js/JSDOMConvertCallbacks.h:

(WebCore::Converter<IDLCallbackFunction<T>>::convert):
(WebCore::Converter<IDLCallbackInterface<T>>::convert):

bindings/js/JSDOMConvertXPathNSResolver.h:

(WebCore::Converter<IDLInterface<XPathNSResolver>>::convert):

bindings/js/JSDOMGlobalObject.cpp:

(WebCore::JSC_DEFINE_HOST_FUNCTION):

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowInstanceFunction_openDatabaseBody):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackHeaderContent):
(GenerateCallbackImplementationContent):
(JSValueToNativeDOMConvertNeedsGlobalObject):

bindings/scripts/IDLAttributes.json:
bindings/scripts/test/JS/*: Updated.
bindings/scripts/test/TestCallbackInterface.idl:
dom/NodeFilter.idl:
dom/Traversal.cpp:

(WebCore::NodeIteratorBase::acceptNode):

workers/WorkerOrWorkletGlobalScope.h:
worklets/PaintWorkletGlobalScope.cpp:

(WebCore::PaintWorkletGlobalScope::registerPaint):

xml/CustomXPathNSResolver.idl:

LayoutTests:

fast/dom/Geolocation/callback-to-deleted-context-expected.txt:
fast/dom/Geolocation/callback-to-deleted-context.html:
fast/dom/Geolocation/resources/callback-to-deleted-context-inner1.html:

Aligns test assertions with behavior of Blink and Gecko.

fast/dom/Geolocation/disconnected-frame-expected.txt:
fast/dom/Geolocation/disconnected-frame-permission-denied-expected.txt:
fast/dom/Geolocation/disconnected-frame-permission-denied.html:
fast/dom/Geolocation/disconnected-frame.html:

Aligns tests assertions with their initial descriptions.
While other browsers don't call error callback for a disconnected frame,
it seems like a useful thing to do.

fast/events/detached-svg-parent-window-events-expected.txt:
fast/events/detached-svg-parent-window-events.html:

Aligns test assertion with other browsers.
There is no reason why eval() wouldn't throw an error given the <iframe> is connected.

fast/frames/resources/wrong-global-object.html: Removed.
fast/frames/frame-window-as-callback-expected.txt:
fast/frames/frame-window-as-callback.html:

Aligns test assertions with the spec and Blink / Gecko.

fast/dom/callback-function-detached-frame-intersection-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-intersection-observer.html: Added.
fast/dom/callback-function-detached-frame-mutation-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-mutation-observer.html: Added.
fast/dom/callback-function-detached-frame-performance-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-performance-observer.html: Added.
fast/dom/callback-function-detached-frame-raf-expected.txt: Added.
fast/dom/callback-function-detached-frame-raf.html: Added.
fast/dom/callback-function-detached-frame-resize-observer-expected.txt: Added.
fast/dom/callback-function-detached-frame-resize-observer.html: Added.
fast/dom/callback-function-detached-frame-to-blob-expected.txt: Added.
fast/dom/callback-function-detached-frame-to-blob.html: Added.
fast/dom/callback-interface-detached-frame-node-filter-expected.txt: Added.
fast/dom/callback-interface-detached-frame-node-filter.html: Added.
fast/dom/callback-interface-detached-frame-xpathnsresolver-expected.txt: Added.
fast/dom/callback-interface-detached-frame-xpathnsresolver.html: Added.
fast/dom/resources/callback-function-detached-frame-common.js: Added.
fast/dom/resources/callback-function-detached-frame-intersection-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-mutation-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-performance-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-raf-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-resize-observer-iframe.html: Added.
fast/dom/resources/callback-function-detached-frame-to-blob-iframe.html: Added.
fast/dom/resources/callback-interface-detached-frame-node-filter-iframe.html: Added.
fast/dom/resources/callback-interface-detached-frame-xpathnsresolver-iframe.html: Added.

platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

IntersectionObserver / ResizeObserver are not enabled on these platforms.

5:43 AM Changeset in webkit [288196] by Antti Koivisto

4 edits
2 adds in trunk

[:has() pseudo-class] Compute specificity correctly
https://bugs.webkit.org/show_bug.cgi?id=235351

Reviewed by Alexey Shvayka.

LayoutTests/imported/w3c:

web-platform-tests/css/selectors/has-complexity.html:

Fix specificity used in this test.

web-platform-tests/css/selectors/has-specificity-expected.txt: Added.
web-platform-tests/css/selectors/has-specificity.html: Added.

Source/WebCore:

"The specificity of an ':is()', ':not()', or ':has()' pseudo-class is replaced by
the specificity of the most specific complex selector in its selector list argument."

https://www.w3.org/TR/selectors-4/#specificity-rules

Test: imported/w3c/web-platform-tests/css/selectors/has-specificity.html

css/CSSSelector.cpp:

(WebCore::simpleSelectorSpecificityInternal):

Compute :has() specificity like :is() and :not().

5:06 AM Changeset in webkit [288195] by Andres Gonzalez

2 edits in trunk/LayoutTests

Enable accessibility/mac/selection-element-tabbing-to-link.html since it is not flaky any longer.
https://bugs.webkit.org/show_bug.cgi?id=235333

Reviewed by Darin Adler.

platform/mac/TestExpectations:

4:59 AM Changeset in webkit [288194] by Adrian Perez de Castro

4 edits
4 adds in releases/WebKitGTK/webkit-2.34

Merge r288078 - database names leak cross-origin within the same browser session
https://bugs.webkit.org/show_bug.cgi?id=233548

Reviewed by Geoff Garen.

Source/WebCore:

Test: http/tests/security/getdatabases-crossorigin.html

Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open

UniqueIDBDatabases, only add them to the results list if their origins match.

page/ClientOrigin.h:

(WebCore::ClientOrigin::operator!= const):

LayoutTests:

http/tests/security/getdatabases-crossorigin-expected.txt: Added.
http/tests/security/getdatabases-crossorigin.html: Added.
http/tests/security/resources/getdatabases-otherframe.html: Added.
http/tests/security/resources/getdatabases-otherwindow.html: Added.

4:59 AM Changeset in webkit [288193] by Adrian Perez de Castro

6 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284576 - We should watch isHavingABadTime if we read from the structureCache
https://bugs.webkit.org/show_bug.cgi?id=232019

Reviewed by Yusuke Suzuki.

We should lock the structure cache when we clear it, and the compiler thread should
watch isHavingABadTime in the case that the cache might get cleared.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::haveABadTime):

runtime/StructureCache.cpp:

(JSC::StructureCache::clear):

runtime/StructureCache.h:

(JSC::StructureCache::clear): Deleted.

4:59 AM Changeset in webkit [288192] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284699 - canDoFastSpread should also check that the Structure is from the global object we're watching
https://bugs.webkit.org/show_bug.cgi?id=231976
<rdar://84340372>

Reviewed by Keith Miller.

Just reorder the checks for clarity.

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::canDoFastSpread):

4:55 AM Changeset in webkit [288191] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284506 - canDoFastSpread should also check that the Structure is from the global object we're watching
https://bugs.webkit.org/show_bug.cgi?id=231976
<rdar://84340372>

Reviewed by Keith Miller.

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::canDoFastSpread):

4:53 AM Changeset in webkit [288190] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284585 - [JSC] ArithAbs should care about INT32_MIN
https://bugs.webkit.org/show_bug.cgi?id=232051
rdar://84338648

Reviewed by Michael Saboff.

ArithAbs (without overflow check) can return negative value if the input is INT32_MIN with Int32Use.

dfg/DFGIntegerRangeOptimizationPhase.cpp:

4:53 AM Changeset in webkit [288189] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284573 - Add missing overflow checks to DFGIntegerRangeOptimizationPhase::isEquivalentTo()
https://bugs.webkit.org/show_bug.cgi?id=232024

Reviewed by Tadeu Zagallo.

Added overflow check before comparing for equality.

dfg/DFGIntegerRangeOptimizationPhase.cpp:

4:53 AM Changeset in webkit [288188] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r284467 - Wasm Table can take arbitrary default value
https://bugs.webkit.org/show_bug.cgi?id=231933
rdar://84327812

Reviewed by Robin Morisset.

wasm/WasmTable.cpp:

(JSC::Wasm::Table::grow):

4:53 AM Changeset in webkit [288187] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebKit

Merge r283386 - Protect WebFrame during invalidatePolicyListener()
https://bugs.webkit.org/show_bug.cgi?id=229981
<rdar://problem/82807413>

Reviewed by Alex Christensen.

WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::invalidatePolicyListeners): Protect the WebFrame while
policy handlers are run.

4:41 AM Changeset in webkit [288186] by Adrian Perez de Castro

7 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r285149 - [JSC] LLIntCallee should have two replacements
https://bugs.webkit.org/show_bug.cgi?id=228552
rdar://81217357

Reviewed by Saam Barati.

LLIntCallee can be used for signaling memory and bounds-checking memory.
Thus it should have two replacements for each mode.

wasm/WasmBBQPlan.cpp:

(JSC::Wasm::BBQPlan::work):

wasm/WasmCallee.h:

(JSC::Wasm::Callee::setOSREntryCallee):

wasm/WasmOMGForOSREntryPlan.cpp:

(JSC::Wasm::OMGForOSREntryPlan::work):

wasm/WasmOMGPlan.cpp:

(JSC::Wasm::OMGPlan::work):

wasm/WasmPlan.cpp:

(JSC::Wasm::Plan::updateCallSitesToCallUs):

wasm/WasmSlowPaths.cpp:

(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::WASM_SLOW_PATH_DECL):

3:38 AM Changeset in webkit [288185] by youenn@apple.com

9 edits in trunk/Source

[Cocoa] Do not change preferred AudioSession buffer size when VPIO is running
https://bugs.webkit.org/show_bug.cgi?id=235317
<rdar://87709485>

Reviewed by Eric Carlson.

Source/WebCore:

Add infra to be notified when audio capture unit is stopped.
Add a check to return early with microphone sample callback if microphone samples are not to be processed.

Manually tested.

platform/mediastream/mac/BaseAudioSharedUnit.cpp:
platform/mediastream/mac/BaseAudioSharedUnit.h:
platform/mediastream/mac/CoreAudioCaptureSource.cpp:
platform/mediastream/mac/CoreAudioCaptureSource.h:

Source/WebKit:

When we stop capturing, we might still use the VPIO unit to render audio.
In that case, it might be problematic to increase the preferred buffer size as:

Audio unit might stop running, hence stopping audio rendering
Increasing the preferred buffer size might increase latency which is not a good thing in VPIO usecases.

GPUProcess/media/RemoteAudioSessionProxy.cpp:
GPUProcess/media/RemoteAudioSessionProxyManager.cpp:
GPUProcess/media/RemoteAudioSessionProxyManager.h:

1:28 AM Changeset in webkit [288184] by svillar@igalia.com

4 edits in trunk

[css-flexbox] Add support for intrinsic sizes to the flex shorthand
https://bugs.webkit.org/show_bug.cgi?id=235314

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

web-platform-tests/css/css-flexbox/parsing/flex-shorthand-expected.txt: Replaced FAIL by PASS expectations.

Source/WebCore:

In r288113 we added support for intrinsic sizes in the flex-basis property. However the flex-basis property
can be also set via the flex shorthand. The flex shorthand was still not accepting the intrinsic sizes as
valid values. That's why the code that was checking idents in flex-basis was refactored so we do perform
now the very same test when parsing flex-basis and flex.

This allows WebKit to pass 8 additional WPT subtests.

css/parser/CSSPropertyParser.cpp:

(WebCore::isFlexBasisIdent): Refactored from consumeFlexBasis. Checks whether a given ident is a valid keyword
for the flex-basis property.
(WebCore::consumeFlexBasis): Use isFlexBasisIdent.
(WebCore::CSSPropertyParser::consumeFlex): Ditto.

12:37 AM Changeset in webkit [288183] by Said Abou-Hallawa

18 edits
2 adds in trunk

filterRegion and outsets of referenced SVG filter are calculated incorrectly
https://bugs.webkit.org/show_bug.cgi?id=235338

Reviewed by Darin Adler.

Source/WebCore:

Calculate the filterRegion of the referenced SVGFilter by calling
SVGLengthContext::resolveRectangle() given the targetBoundingBox of the
CSSFilter.

There is no need to set the filterRegion of the referenced SVG filter
from CSSFilter::setFilterRegion() since its filterRegion is the union
of the filterRegions all its referenced SVGFilters.

Calculate the outsets of the SVGFilter by looping through its expression
of FilterEffects.

Test: css3/filters/reference-filter-outsets.html

platform/graphics/filters/FEDropShadow.cpp:

(WebCore::FEDropShadow::outsets const):

platform/graphics/filters/FEDropShadow.h:
platform/graphics/filters/FEGaussianBlur.cpp:

(WebCore::FEGaussianBlur::outsets const):

platform/graphics/filters/FEGaussianBlur.h:
platform/graphics/filters/FEOffset.cpp:

(WebCore::FEOffset::outsets const):

platform/graphics/filters/FEOffset.h:
platform/graphics/filters/Filter.h:
platform/graphics/filters/FilterFunction.h:

(WebCore::FilterFunction::outsets const):

rendering/CSSFilter.cpp:

(WebCore::createSVGFilter):
(WebCore::CSSFilter::setFilterRegion):
(WebCore::CSSFilter::outsets const):

rendering/CSSFilter.h:
rendering/RenderLayerFilters.cpp:

(WebCore::RenderLayerFilters::beginFilterEffect):

svg/graphics/filters/SVGFilter.cpp:

(WebCore::SVGFilter::create):
(WebCore::SVGFilter::outsets const):
(WebCore::SVGFilter::lastEffect const): Deleted.

svg/graphics/filters/SVGFilter.h:

LayoutTests:

css3/filters/reference-filter-outsets-expected.html: Added.
css3/filters/reference-filter-outsets.html: Added.

css3/filters/reference-filter-set-filter-regions-expected.html:
css3/filters/reference-filter-set-filter-regions.html:

The original expected page is wrong. To test the referenced SVG filter
correctly, the <div> element needs to move such that all its outsets are
not truncated.

platform/win/TestExpectations:

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed