Context Navigation

← Previous Period
Next Period →

Timeline

Feb 7, 2022:

9:47 PM Changeset in webkit [289359] by ysuzuki@apple.com

9 edits in trunk/Source/JavaScriptCore

[JSC] Convert JSString's non-atomic WTF::String to atomic string while concurrent compilers / heap threads run
https://bugs.webkit.org/show_bug.cgi?id=236262

Reviewed by Saam Barati.

Inspired from r289177. This patch introduces a new protocol which allows us to replace JSString's underlying non-atomic String
to atomic String if we once call toIdentifier / toAtomString.

We had a problem that,

We have a JSString, which has a "test" WTF::String.
We already have "test" atomic string in the table.
Then, when we call JSString::toIdentifier, we know that there is an atomic "test" string, but we cannot replace the current JSString's WTF::String because it can be accessed concurrently from concurrent compilers and GC heap helpers.
Thus, JSString keeps non atomic "test" WTF::String.

But this means that we need to lookup atom string table every time we would like to get an atom string from this JSString.

So, in this patch, we introduce a new protocol, which allows swapping existing WTF::String with an atom string.

When we found that JSString has a WTF::String and we already have atom string in the table with the same content (when calling
toIdentifier / toAtomString), we attempt to replace JSString's WTF::String with the atom string, but *keep the old string in JSC::Heap's
vector called m_possiblyAccessedStringsFromConcurrentThreads. Then, we can keep these strings alive until next GC ends. This ensures that
all concurrent compilers / heap helpers can keep accessing to the old strings. And then, in the GC finalize, we clear this vector since
resumed concurrent compilers and GC heap helpers will not touch these old strings in the next GC cycle. Only case we have a problem is
that we keep having StringImpl* of the old string after GC safepoint in the concurrent compiler, and the only use of that is
DFG::Graph::m_copiedStrings. So, I changed the code not to keep old StringImpl* in DFG::Graph::m_copiedStrings. Also, note that we do
this only when we convert non-atom string to atom string so all UniquedStringImpl* from JSString* (it is atom ones) does not matter since
they are already atom one: they will not be replaced.

This does not increase memory usage, rather, improve memory usage since this kept string was anyway held by the wrapper's JSString at least
until the next GC run. And we clear m_possiblyAccessedStringsFromConcurrentThreads in the next GC run, so we can shrink memory.

It improves Speedometer2 by 0.2%.

----------------------------------------------------------------------------------------------------------------------------------
| subtest | ms | ms | b / a | pValue (significance using False Discovery Rate) |
----------------------------------------------------------------------------------------------------------------------------------
| Elm-TodoMVC |106.193333 |105.690000 |0.995260 | 0.050074 |
| VueJS-TodoMVC |21.671667 |21.741667 |1.003230 | 0.715305 |
| EmberJS-TodoMVC |113.146667 |110.871667 |0.979893 | 0.000000 (significant) |
| BackboneJS-TodoMVC |42.481667 |42.346667 |0.996822 | 0.358040 |
| Preact-TodoMVC |15.796667 |16.016667 |1.013927 | 0.226011 |
| AngularJS-TodoMVC |117.568333 |117.345000 |0.998100 | 0.543369 |
| Vanilla-ES2015-TodoMVC |58.348333 |57.905000 |0.992402 | 0.000381 (significant) |
| Inferno-TodoMVC |54.656667 |54.946667 |1.005306 | 0.254310 |
| Flight-TodoMVC |61.106667 |61.141667 |1.000573 | 0.880780 |
| Angular2-TypeScript-TodoMVC |37.030000 |37.065000 |1.000945 | 0.918550 |
| VanillaJS-TodoMVC |47.741667 |47.911667 |1.003561 | 0.497675 |
| jQuery-TodoMVC |205.251667 |203.903333 |0.993431 | 0.000420 (significant) |
| EmberJS-Debug-TodoMVC |312.448333 |308.848333 |0.988478 | 0.000020 (significant) |
| React-TodoMVC |78.381667 |78.268333 |0.998554 | 0.654647 |
| React-Redux-TodoMVC |131.246667 |131.626667 |1.002895 | 0.138912 |
| Vanilla-ES2015-Babel-Webpack-TodoMVC |57.860000 |57.533333 |0.994354 | 0.156536 |
----------------------------------------------------------------------------------------------------------------------------------
a mean = 290.61106
b mean = 291.21768
pValue = 0.1419936818
(Bigger means are better.)
1.002 times better
Results ARE NOT significant

bytecompiler/BytecodeGenerator.cpp:

(JSC::prepareJumpTableForStringSwitch):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGGraph.h:
dfg/DFGLazyJSValue.cpp:

(JSC::DFG::CrossThreadStringTranslator::hash):
(JSC::DFG::CrossThreadStringTranslator::equal):
(JSC::DFG::CrossThreadStringTranslator::translate):
(JSC::DFG::LazyJSValue::tryGetString const):

dfg/DFGLazyJSValue.h:

(JSC::DFG::LazyJSValue::knownStringImpl):

heap/Heap.cpp:

(JSC::Heap::finalize):

heap/Heap.h:

(JSC::Heap::appendPossiblyAccessedStringFromConcurrentThreads):

runtime/JSString.h:

(JSC::JSString::swapToAtomString const):
(JSC::JSString::toIdentifier const):
(JSC::JSString::toAtomString const):

8:59 PM Changeset in webkit [289358] by commit-queue@webkit.org

3 edits
1 copy in trunk/Source/WTF

Unreviewed, reverting r289256.
https://bugs.webkit.org/show_bug.cgi?id=236284

EWS is reporting build failures

Reverted changeset:

"Replace "Copy WTF Headers" with native build phases"
https://bugs.webkit.org/show_bug.cgi?id=235744
https://commits.webkit.org/r289256

8:43 PM Changeset in webkit [289357] by commit-queue@webkit.org

8 edits in trunk/Source/WebCore

Unreviewed, reverting r289227.
https://bugs.webkit.org/show_bug.cgi?id=236282

Crash on AS debug builds

Reverted changeset:

"Move
DocumentTimeline::runningAnimationsForRendererAreAllAccelerated()
to Styleable"
https://bugs.webkit.org/show_bug.cgi?id=236239
https://commits.webkit.org/r289227

8:24 PM Changeset in webkit [289356] by Cameron McCormack

8 edits
2 deletes in trunk/Source/WebCore

Remove HTMLSourceTracker
https://bugs.webkit.org/show_bug.cgi?id=236259

Reviewed by Geoffrey Garen.

Since the removal of the XSS Auditor in bug 230499, the tracking of
attribute locations that HTMLSourceTracker does is unused.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::pumpTokenizerLoop):

html/parser/HTMLDocumentParser.h:
html/parser/HTMLSourceTracker.cpp: Removed.
html/parser/HTMLSourceTracker.h: Removed.
html/parser/HTMLToken.h:

(WebCore::HTMLToken::beginAttribute):
(WebCore::HTMLToken::endAttribute):
(WebCore::HTMLToken::setAttributeBaseOffset): Deleted.

html/parser/HTMLTokenizer.cpp:

(WebCore::HTMLTokenizer::processToken):

html/parser/HTMLTokenizer.h:

(WebCore::HTMLTokenizer::setTokenAttributeBaseOffset): Deleted.

7:31 PM Changeset in webkit [289355] by Andres Gonzalez

4 edits in trunk/Source/WebCore

Prevent removal of isolated objects from a different parent than the current parent.
https://bugs.webkit.org/show_bug.cgi?id=236250
<rdar://problem/88585928>

Reviewed by Chris Fleizach.

AXObjectCache::remove may be called for an object after that object has
been re-parented. In those cases, we don't want to remove the corresponding
isolated object from its new location in the tree.
In addition, AXIsolatedTree:removeSubtreeFromNodeMap now properly updates
the children IDs for the parent of the object being removed.

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::remove):

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::nodeChangeForObject):
(WebCore::AXIsolatedTree::queueChange):
(WebCore::AXIsolatedTree::collectNodeChangesForSubtree):
(WebCore::AXIsolatedTree::nodeAncestryChanges):
(WebCore::AXIsolatedTree::updateChildren):
(WebCore::AXIsolatedTree::removeNode):
(WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):

accessibility/isolatedtree/AXIsolatedTree.h:

(WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):

7:00 PM Changeset in webkit [289354] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

Wasm crash on https://copy.sh/v86/?profile=dsl
https://bugs.webkit.org/show_bug.cgi?id=236037
rdar://88358719

Reviewed by Mark Lam.

Lower stack args in Air had a bug where it was emitting a constant
materialization at the wrong instruction offset for certain types
of spill instructions. This happens when we have a stack slot that
is 8 bytes wide, but we're emitting a zero def Move32. We need to
zero the upper 4 bytes. However, there is also code inside lower
stack args that uses the temp register when encountering offsets
that are too large to encode in a single instruction. However,
this offset materialization code for the second Move32 to zero
the upper bytes was happening before the actual store. For example,
we'd end up with:
movz x16, #k
movz x16, #k2
stur x1, [x16]
stur zr, [x16]

instead of
movz x16, #k
stur x1, [x16]
movz x16, #k2
stur zr, [x16]

b3/air/AirLowerStackArgs.cpp:

(JSC::B3::Air::lowerStackArgs):

b3/air/testair.cpp:

6:58 PM Changeset in webkit [289353] by Ben Nham

21 edits
2 adds in trunk

Add PushService
https://bugs.webkit.org/show_bug.cgi?id=235857

Reviewed by Brady Eidson.

Source/WebKit:

This adds PushService to webpushd. It handles requests to create, remove, and get push
subscriptions. It also decrypts incoming pushes and pass them back to the UI process via the
existing machinery in WebPushDaemon.

PushService primarily interacts with two objects:

PushServiceConnection: this creates and removes push subscriptions from the push server. It also receives incoming pushes from the push server.
PushDatabase: this persists push subscriptions to disk.

Several things are not yet implemented; for instance, we currently always grant a page the
permission to receive pushes. This will be fixed in future patches.

Covered by new API tests. The current tests use a MockPushServiceConnection that vends
subscription with fixed data, but this can be improved in the future.

Shared/API/Cocoa/WKMain.h:
Shared/API/Cocoa/WKMain.mm:

(WKWebPushDaemonMain):

Shared/Cocoa/WebPushMessageCocoa.mm: add ability to distinguish between an empty vs. null payload.

(WebKit::WebPushMessage::fromDictionary):
(WebKit::WebPushMessage::toDictionary const):

Shared/WebPushDaemonConstants.h:

(WebKit::WebPushD::messageTypeSendsReply):

Shared/WebPushMessage.h:

(WebKit::WebPushMessage::decode):

WebKit.xcodeproj/project.pbxproj:
webpushd/MockPushServiceConnection.h:
webpushd/MockPushServiceConnection.mm:

(WebPushD::MockPushServiceConnection::generateClientKeys):
(WebPushD::MockPushServiceConnection::subscribe):
(WebPushD::MockPushServiceConnection::unsubscribe):

webpushd/PushService.h: Added.

(WebPushD::PushService::connection):
(WebPushD::PushService::database):
(WebPushD::PushService::didReceivePushMessage):

webpushd/PushService.mm: Added.

(WebPushD::updateTopicLists):
(WebPushD::PushService::create):
(WebPushD::PushService::createMockService):
(WebPushD::PushService::PushService):
(WebPushD::makePushSubscriptionFromRecord):
(WebPushD::makePushTopic):
(WebPushD::PushServiceRequest::bundleIdentifier):
(WebPushD::PushServiceRequest::scope):
(WebPushD::PushServiceRequest::PushServiceRequest):
(WebPushD::PushServiceRequestImpl::PushServiceRequestImpl):
(WebPushD::PushServiceRequestImpl::fulfill):
(WebPushD::PushServiceRequestImpl::reject):
(WebPushD::GetSubscriptionRequest::GetSubscriptionRequest):
(WebPushD::GetSubscriptionRequest::startInternal):
(WebPushD::SubscribeRequest::SubscribeRequest):
(WebPushD::SubscribeRequest::startImpl):
(WebPushD::SubscribeRequest::attemptToRecoverFromTopicAlreadyInFilterError):
(WebPushD::UnsubscribeRequest::UnsubscribeRequest):
(WebPushD::UnsubscribeRequest::startInternal):
(WebPushD::PushService::enqueuePushServiceRequest):
(WebPushD::PushService::finishedPushServiceRequest):
(WebPushD::PushService::getSubscription):
(WebPushD::PushService::didCompleteGetSubscriptionRequest):
(WebPushD::PushService::subscribe):
(WebPushD::PushService::didCompleteSubscribeRequest):
(WebPushD::PushService::unsubscribe):
(WebPushD::PushService::didCompleteUnsubscribeRequest):
(WebPushD::makeRawPushMessage):
(WebPushD::PushService::didReceivePushMessage):

webpushd/PushServiceConnection.h:
webpushd/PushServiceConnection.mm:

(WebPushD::PushServiceConnection::generateClientKeys):

webpushd/WebPushDaemon.h:
webpushd/WebPushDaemon.mm:

(WebPushD::MessageInfo::injectEncryptedPushMessageForTesting::encodeReply):
(WebPushD::Daemon::startMockPushService):
(WebPushD::Daemon::startPushService):
(WebPushD::Daemon::setPushService):
(WebPushD::Daemon::runAfterStartingPushService):
(WebPushD::Daemon::decodeAndHandleMessage):
(WebPushD::Daemon::injectEncryptedPushMessageForTesting):
(WebPushD::Daemon::handleIncomingPush):
(WebPushD::Daemon::getPendingPushMessages):
(WebPushD::Daemon::subscribeToPushService):
(WebPushD::Daemon::unsubscribeFromPushService):
(WebPushD::Daemon::getPushSubscription):
(WebPushD::Daemon::getPushPermissionState):

webpushd/WebPushDaemonMain.h:
webpushd/WebPushDaemonMain.mm:

(WebKit::WebPushDaemonMain):

webpushd/com.apple.webkit.webpushd.mac.plist:
webpushd/webpushd.cpp:

(main):

Source/WTF:

Add PushAPIEnabled to WebKitLegacy so we can enable it on in API tests via _WKExperimentalFeature.

Scripts/Preferences/WebPreferencesExperimental.yaml:

Tools:

Modifed the existing injected push test to inject different types of real push objects from APS (an empty push, an aesgcm-encrypted push, and an aes128gcm-encrypted push).
Add a few basic test cases for subscribing and unsubscribing from push.

TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm:

(-[NotificationScriptMessageHandler setMessageHandler:]):
(-[NotificationScriptMessageHandler userContentController:didReceiveScriptMessage:]):
(TestWebKitAPI::testWebPushDaemonPList):
(TestWebKitAPI::createMessageDictionary):
(TestWebKitAPI::sendMessageToDaemon):
(TestWebKitAPI::sendMessageToDaemonWaitingForReply):
(TestWebKitAPI::sendConfigurationWithAuditToken):
(TestWebKitAPI::TEST):
(TestWebKitAPI::function): Deleted.

6:58 PM Changeset in webkit [289352] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r289150. rdar://problem/88521016

Don't use adattributiond on iOS
https://bugs.webkit.org/show_bug.cgi?id=236157

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-04
Reviewed by John Wilander.

It is still having configuration issues such as rdar://88334217

UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp: (WebKit::WebsiteDataStoreConfiguration::WebsiteDataStoreConfiguration):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289351] by Russell Epstein

4 edits in branches/safari-613-branch/Source/bmalloc

Cherry-pick r289144. rdar://problem/88585404

[libpas] allocation failure crash should be PAS_NEVER_INLINE
https://bugs.webkit.org/show_bug.cgi?id=236164

Reviewed by Saam Barati.

We introduce pas_allocation_result_crash_on_error function which can leave OOM crash
information in the crash log. To keep this non-inlined, we annotate it PAS_NEVER_INLINE.

libpas/src/libpas/pas_allocation_result.h: (pas_allocation_result_crash_on_error):
libpas/src/libpas/pas_utils.c: (pas_panic_on_out_of_memory_error):
libpas/src/libpas/pas_utils.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289350] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r289123. rdar://problem/88501750

[iOS][macOS] Adjust sysctl sandbox access
https://bugs.webkit.org/show_bug.cgi?id=236082
<rdar://problem/88436174>

Reviewed by Brent Fulgham.

Adjust sysctl sandbox access based on telemetry.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289123 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289349] by Russell Epstein

6 edits in branches/safari-613-branch

Cherry-pick r289108. rdar://problem/88599722

HTMLMediaElement should dispatch the resize event asynchronously
https://bugs.webkit.org/show_bug.cgi?id=230895

Reviewed by Darin Adler.

Source/WebCore:

The HTMLMediaElement is currently queueing a task to dispatch the resize event in the post layout phase.
There is no need to run it synchronously and we could move it to another queue were it will be run
asynchronously as it was done for other similar tasks in the past.

html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::layoutSizeChanged):

LayoutTests:

media/modern-media-controls/media-controller/media-controller-resize.html: Remove the event listener to avoid an extra notification.
platform/mac/TestExpectations: Unskipped tests that pass now.
platform/wincairo/TestExpectations: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289108 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289348] by Russell Epstein

5 edits in branches/safari-613-branch/Source

Cherry-pick r289081. rdar://problem/87163253

Delay writing origin file in NetworkStorageManager
https://bugs.webkit.org/show_bug.cgi?id=235897
rdar://87163253

Reviewed by Geoffrey Garen.

Revert r288924 that delays writing origin file to when OriginStorageManager is destroyed, and take a different
approach that schedules a async task to write origin file. PLT results show that the new approach can also make
up for PLT regresion caused by r286936, where network process started to write origin file before replying sync
storage message from web process.

NetworkProcess/storage/NetworkStorageManager.cpp: (WebKit::NetworkStorageManager::localOriginStorageManager):
NetworkProcess/storage/OriginStorageManager.cpp: (WebKit::OriginStorageManager::OriginStorageManager): (WebKit::OriginStorageManager::~OriginStorageManager): Deleted.
NetworkProcess/storage/OriginStorageManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289347] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r289072. rdar://problem/88439656

[iOS][WP] Add access to required syscalls
https://bugs.webkit.org/show_bug.cgi?id=236087
<rdar://problem/88439656>

Reviewed by Brent Fulgham.

Add access to required syscalls which are rarely used. This is based on recent telemetry.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:58 PM Changeset in webkit [289346] by Russell Epstein

7 edits in branches/safari-613-branch/Source

Cherry-pick r289062. rdar://problem/87617695

Crash at com.apple.WebKit: WebKit::RemoteLayerBackingStore::display
https://bugs.webkit.org/show_bug.cgi?id=236003
Source/WebCore:

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-02-03
Reviewed by Simon Fraser.

platform/graphics/GraphicsLayerContentsDisplayDelegate.h: Add a comment not to call PlatformCALayer::setBackingStoreAttached()

platform/graphics/cocoa/WebProcessGraphicsContextGLCocoa.mm: Clear the PlatformCALayer contents in more explicit way.

Source/WebKit:

<rdar://87617695>

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-02-03
Reviewed by Simon Fraser.

Using UI-side compositing, following chain would be the cause a crash:
PlatformCALayerRemote::recursiveBuildTransaction
RemoteLayerBackingStore::display
PlatformCALayer::platformCALayerLayerDisplay
WebProcessGraphicsContextGLCocoa.mm DisplayBufferDisplayDelegate::display
PlatformCALayer::setContents(nullptr)

The nullptr contents happens when the WebGL context does not have
display buffer yet or when the display buffer creation would fail.

Setting empty layer contents would destroy the RemoteLayerBackingStore,
even though the callstack is in process of displaying the layer to the
backing store.

When setting PlatformCALayer contents "empty", clear the backing store instead
of removing the backing store.

Tested by LayoutTests/webgl (under ASAN, ios simulator)

Shared/RemoteLayerTree/RemoteLayerBackingStore.h:
WebProcess/GPU/graphics/cocoa/RemoteGraphicsContextGLProxyCocoa.mm:
WebProcess/WebPage/RemoteLayerTree/PlatformCALayerRemote.cpp: (WebKit::PlatformCALayerRemote::setContents):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289062 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289345] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r289060. rdar://problem/86337125

null ptr deref in RenderTreeBuilder::Block::attachIgnoringContinuation
https://bugs.webkit.org/show_bug.cgi?id=234170

Patch by Frédéric Wang <fwang@igalia.com> on 2022-02-03
Reviewed by Antti Koivisto.

Source/WebCore:

When an element with "display: contents" is put into the top layer, its computed style for
the display property becomes "block" [1]. However, RenderTreeUpdater::updateElementRenderer
does not manage well this transition. In particular, a null ptr deref happens for some
special configuration involving a <dialog style="display: contents">. To work around that
issue, always force tearing down renderers when updating an element in the top layer.

[1] https://fullscreen.spec.whatwg.org/#new-stacking-layer

Test: fast/layers/top-layer-display-contents-crash.html

rendering/updating/RenderTreeUpdater.cpp: (WebCore::RenderTreeUpdater::updateElementRenderer): Always force tearing down renderers for top layer element.

LayoutTests:

Add regression test.

fast/css/top-layer-display-contents-crash-expected.txt: Added.
fast/css/top-layer-display-contents-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289060 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289344] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r289052. rdar://problem/88382949

[GPUP] Add read access to sysctl properties
https://bugs.webkit.org/show_bug.cgi?id=236018
<rdar://problem/88382949>

Reviewed by Darin Adler.

Add read access to sysctl properties based on telemetry.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289343] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r289026. rdar://problem/87358372

Remove debug log accidentally added with r289018
https://bugs.webkit.org/show_bug.cgi?id=236000

NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289026 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289342] by Russell Epstein

3 edits in branches/safari-613-branch/Source/JavaScriptCore

Cherry-pick r289024. rdar://problem/88222677

SecureARM64EHashPins should check g_jscConfig.useFastJITPermissions
https://bugs.webkit.org/show_bug.cgi?id=236055
<rdar://88222677>

Reviewed by Mark Lam.

assembler/SecureARM64EHashPins.cpp: (JSC::SecureARM64EHashPins::initializeAtStartup): (JSC::SecureARM64EHashPins::allocatePinForCurrentThread): (JSC::SecureARM64EHashPins::deallocatePinForCurrentThread):
assembler/SecureARM64EHashPinsInlines.h: (JSC::SecureARM64EHashPins::pinForCurrentThread):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289024 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289341] by Russell Epstein

5 edits
1 move
1 add
1 delete in branches/safari-613-branch

Cherry-pick r289021. rdar://problem/88599774

CSP: Fix matching wildcard hosts
https://bugs.webkit.org/show_bug.cgi?id=235992

Reviewed by Kate Cheney.

LayoutTests/imported/w3c:

Update expectations.

web-platform-tests/content-security-policy/img-src/img-src-full-host-wildcard-blocked.sub-expected.txt:

Source/WebCore:

As per the spec wildcard hosts must include the leading '.' for matches:
https://www.w3.org/TR/CSP3/#match-hosts.

Test: http/tests/security/contentSecurityPolicy/image-full-host-wildcard-blocked.html

page/csp/ContentSecurityPolicySource.cpp: (WebCore::ContentSecurityPolicySource::hostMatches const):

LayoutTests:

Rewrite test to expect CSP3 compliant behavior.

http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt: Removed.
http/tests/security/contentSecurityPolicy/image-full-host-wildcard-blocked-expected.txt: Added.
http/tests/security/contentSecurityPolicy/image-full-host-wildcard-blocked.html: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289021 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289340] by Russell Epstein

40 edits
1 add in branches/safari-613-branch/Source

Cherry-pick r289018. rdar://problem/87358372

Use private relay for all subresources if the main document main resource was loaded using private relay
https://bugs.webkit.org/show_bug.cgi?id=236000
Source/WebCore:

<rdar://87358372>

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-02
Reviewed by Brady Eidson.

This can be manually tested using instructions in the radar.

loader/DocumentLoader.h: (WebCore::DocumentLoader::setMainResourceWasPrivateRelayed): (WebCore::DocumentLoader::mainResourceWasPrivateRelayed const):

Source/WebCore/PAL:

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-02
Reviewed by Brady Eidson.

pal/spi/cf/CFNetworkSPI.h:

Source/WebKit:

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-02
Reviewed by Brady Eidson.

NetworkProcess/Downloads/PendingDownload.cpp: (WebKit::PendingDownload::didReceiveResponse):
NetworkProcess/Downloads/PendingDownload.h:
NetworkProcess/NetworkCORSPreflightChecker.cpp: (WebKit::NetworkCORSPreflightChecker::didReceiveResponse):
NetworkProcess/NetworkCORSPreflightChecker.h:
NetworkProcess/NetworkDataTask.cpp: (WebKit::NetworkDataTask::didReceiveResponse):
NetworkProcess/NetworkDataTask.h:
NetworkProcess/NetworkDataTaskBlob.cpp: (WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):
NetworkProcess/NetworkLoad.cpp: (WebKit::NetworkLoad::didReceiveResponse): (WebKit::NetworkLoad::notifyDidReceiveResponse):
NetworkProcess/NetworkLoad.h:
NetworkProcess/NetworkLoadClient.h:
NetworkProcess/NetworkLoadParameters.h:
NetworkProcess/NetworkResourceLoadParameters.cpp: (WebKit::NetworkResourceLoadParameters::encode const): (WebKit::NetworkResourceLoadParameters::decode):
NetworkProcess/NetworkResourceLoader.cpp: (WebKit::NetworkResourceLoader::transferToNewWebProcess): (WebKit::NetworkResourceLoader::didReceiveResponse): (WebKit::NetworkResourceLoader::sendDidReceiveResponsePotentiallyInNewBrowsingContextGroup): (WebKit::NetworkResourceLoader::didFinishWithRedirectResponse): (WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
NetworkProcess/NetworkResourceLoader.h:
NetworkProcess/PingLoad.cpp: (WebKit::PingLoad::didReceiveResponse):
NetworkProcess/PingLoad.h:
NetworkProcess/PreconnectTask.cpp: (WebKit::PreconnectTask::didReceiveResponse):
NetworkProcess/PreconnectTask.h:
NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp: (WebKit::ServiceWorkerFetchTask::processResponse):
NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.cpp: (WebKit::ServiceWorkerNavigationPreloader::loadWithCacheEntry): (WebKit::ServiceWorkerNavigationPreloader::willSendRedirectedRequest): (WebKit::ServiceWorkerNavigationPreloader::didReceiveResponse):
NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.h:
NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.cpp: (WebKit::ServiceWorkerSoftUpdateLoader::didReceiveResponse):
NetworkProcess/ServiceWorker/ServiceWorkerSoftUpdateLoader.h:
NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp: (WebKit::NetworkCache::SpeculativeLoad::didReceiveResponse):
NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): (WebKit::NetworkDataTaskCocoa::didReceiveResponse):
NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
Shared/PrivateRelayed.h: Added.
WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/WebLoaderStrategy.cpp: (WebKit::addParametersShared):
WebProcess/Network/WebResourceLoader.cpp: (WebKit::WebResourceLoader::mainFrameMainResource const): (WebKit::WebResourceLoader::willSendRequest): (WebKit::WebResourceLoader::didReceiveResponse):
WebProcess/Network/WebResourceLoader.h:
WebProcess/Network/WebResourceLoader.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289339] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288957. rdar://problem/88300200

[iOS][WP] Add access in sandbox to Mach message
https://bugs.webkit.org/show_bug.cgi?id=236021
<rdar://88300200>

Reviewed by Brent Fulgham.

Add access in sandbox to required Mach message in the WebContent process on iOS.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288957 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289338] by Russell Epstein

5 edits
2 adds in branches/safari-613-branch

Cherry-pick r288949. rdar://problem/88226432

ServiceWorkerNavigationPreloader should only be used once
https://bugs.webkit.org/show_bug.cgi?id=235882
<rdar://88226432>

Reviewed by Chris Dumez.

Source/WebKit:

In case service worker preload is being used and related service worker context crashes (or service worker context sends bad messages),
We can end up in a bad state where we will ask the preload twice for the same response (once for good, and the next one as we go to didNotHandle case).
To prevent this, we add checks in loadResponseFromPreloader and loadBodyFromPreloader.
As part of this investigation, I found out that ServiceWorkerNavigationPreloader is not correctly handling the case of preload responses coming from cache.
In particular, no body will be given since we return early in waitForBody in case the preload network load is null.
Prevent this by making sure waitForBody calls the response completion handler if available, even if the preload network load is null.
And update the response body callback before executing the response completion handler to make sure data received synchronously from the preload is given to the service worker fetch task.

Test: http/wpt/service-workers/fetch-service-worker-preload-cache.https.html

NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp:
NetworkProcess/ServiceWorker/ServiceWorkerNavigationPreloader.cpp:

LayoutTests:

http/wpt/service-workers/fetch-service-worker-preload-cache.https-expected.txt: Added.
http/wpt/service-workers/fetch-service-worker-preload-cache.https.html: Added.
http/wpt/service-workers/resources/fetch-service-worker-preload-script.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288949 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289337] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288933. rdar://problem/87402941

Crash under ScrollingCoordinatorMac::hasNodeWithAnimatedScrollChanged()
https://bugs.webkit.org/show_bug.cgi?id=235989
<rdar://87402941>

Reviewed by Wenson Hsieh.

Crash data suggest that m_scrollingCoordinator can be null in ThreadedScrollingTree::hasNodeWithAnimatedScrollChanged(),
which is true if the scrolling tree keeps ThreadedScrollingTree alive longer than the scrolling coordinator.

As in the other functions in this file, early return if m_scrollingCoordinator is null.

page/scrolling/ThreadedScrollingTree.cpp: (WebCore::ThreadedScrollingTree::hasNodeWithAnimatedScrollChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289336] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288924. rdar://problem/87163253

Write origin file when OriginStorageManager is destroyed
https://bugs.webkit.org/show_bug.cgi?id=235897
rdar://87163253

Reviewed by Darin Adler.

The first WebStorage message sent from web process to network process is sync, and writing origin file when
creating OriginStorageManager will delay the reply. Since we can get the origin information from in-memory map
when OriginStorageManager is present, we may delay the write to until when OriginStorageManager is destroyed.
This fixes the PLT regression from r286936.

NetworkProcess/storage/NetworkStorageManager.cpp: (WebKit::NetworkStorageManager::localOriginStorageManager):
NetworkProcess/storage/OriginStorageManager.cpp: (WebKit::OriginStorageManager::OriginStorageManager): (WebKit::OriginStorageManager::~OriginStorageManager):
NetworkProcess/storage/OriginStorageManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288924 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289335] by Russell Epstein

7 edits in branches/safari-613-branch/Source

Cherry-pick r288922. rdar://problem/88172449

[WP] Remove PostScript conversion code
https://bugs.webkit.org/show_bug.cgi?id=235892
<rdar://88172449>

Reviewed by Tim Horton.

The WebContent process no longer has access to the PostScript conversion service, so there is no need to keep this code.

Source/WebCore:

loader/cache/CachedImage.cpp: (WebCore::CachedImage::convertedDataIfNeeded const):
platform/graphics/cg/PDFDocumentImage.cpp: (WebCore::PDFDocumentImage::convertPostScriptDataToPDF): Deleted.
platform/graphics/cg/PDFDocumentImage.h:

Source/WebKit:

WebProcess/Plugins/PDF/PDFPlugin.h:
WebProcess/Plugins/PDF/PDFPlugin.mm: (WebKit::PDFPlugin::pluginInfo): (WebKit::PDFPlugin::streamDidReceiveResponse): (WebKit::PDFPlugin::manualStreamDidReceiveResponse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288922 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289334] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288898. rdar://problem/87785042

Protect NetworkConnectionToWebProcess::createFetchTask from a null service worker connection
https://bugs.webkit.org/show_bug.cgi?id=235878
<rdar://87785042>

Reviewed by Chris Dumez.

After https://bugs.webkit.org/show_bug.cgi?id=234179, there is no guarantee that we have a SWServer/SWServerConnection per session ID.
This is only guaranteed if there is a corresponding network session.
We add null pointer checks to NetworkConnectionToWebProcess::swConnection() which now returns a pointer.

NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::createFetchTask): (WebKit::NetworkConnectionToWebProcess::swConnection):
NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/ServiceWorker/ServiceWorkerFetchTask.cpp: (WebKit::ServiceWorkerFetchTask::softUpdateIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288898 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289333] by Russell Epstein

10 edits in branches/safari-613-branch/Source

Cherry-pick r288885. rdar://problem/88591342

Enhance sanitizeStackForVM() to assist with crash analysis.
https://bugs.webkit.org/show_bug.cgi?id=235752
rdar://81014601

Reviewed by Michael Saboff.

Source/JavaScriptCore:

Remove the AssemblyHelpers version of sanitizeStack. Instead, make the 3 JIT operation functions call sanitizeStackForVM() instead. This ensures that sanitizeStack crashes are not obscured as generic JIT crashes.

Add sanity check RELEASE_ASSERTs to VM::setLastStackTop() with a capture of the relevant variables for crash analysis.

Fix logSanitizeStack() so that it no longer relies on vm.topCallFrame. vm.topCallFrame may not be properly initialized at all the places that sanitizeStackForVM() is called.

Add a JSLock check to sanitizeStackForVM(), and return early if not owned by the current thread. If the JSLock is not owned by the current thread, we can't rely on vm.lastStackTop() being a sane value. Hence, it's not possible to do stack sanitization correctly.

Add sanity check RELEASE_ASSERTs to sanitizeStackForVM() with a capture of
the relevant variables for crash analysis.

jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::sanitizeStackInline): Deleted.
jit/AssemblyHelpers.h:
jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION):
jit/ThunkGenerators.cpp: (JSC::slowPathFor):
runtime/JSLock.cpp: (JSC::JSLock::didAcquireLock): (JSC::JSLock::grabAllLocks):
runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::setLastStackTop): (JSC::logSanitizeStack): (JSC::sanitizeStackForVM):
runtime/VM.h:

Source/WTF:

wtf/Threading.h: (WTF::Thread::savedStackPointerAtVMEntry const): (WTF::Thread::savedLastStackTop const): (WTF::Thread::savedStackPointerAtVMEntry): Deleted. (WTF::Thread::savedLastStackTop): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:57 PM Changeset in webkit [289332] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288881. rdar://problem/80246192

Animation from scale(0) has missing backing store
https://bugs.webkit.org/show_bug.cgi?id=227733
<rdar://problem/80246192>

Reviewed by Simon Fraser.

Source/WebCore:

Use the style recorded before we applied animations to this element the last
time we resolved style for keyframes that don't set a value for the "transform"
property.

animation/KeyframeEffect.cpp: (WebCore::KeyframeEffect::computeExtentOfTransformAnimation const):

LayoutTests:

Add a new test which animates two squares, one on top of each other. The bottom square uses an animation
that has an explicit "from" value of scale(0) and an explicit "to" value of scale(1) and is black. The top
square uses an animation that has an explicit "from" value of scale(0) but no explicit "to" value, thus
animating to scale(1) as well, and is white, matching the background color.

The bug we are fixing is that the square with an implicit "to" value would not yield a visible animation
since we wouldn't account for the scale(1) target value and assuming we're never animating to a non-0
value.

This test assumes that both animations run at the same time and thus the white square will always cover
the black square (which is smaller to ensure no issues at the edges) and yield a completely white page.

webanimations/accelerated-transform-animation-from-scale-zero-and-implicit-to-kefyrame-expected.html: Added.
webanimations/accelerated-transform-animation-from-scale-zero-and-implicit-to-kefyrame.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289331] by Russell Epstein

5 edits
2 adds in branches/safari-613-branch

Cherry-pick r288879. rdar://problem/88322836

[css-cascade] Fix removal of not yet loaded CSS @import
https://bugs.webkit.org/show_bug.cgi?id=235930

Reviewed by Antti Koivisto.

LayoutTests/imported/w3c:

Add new test.

web-platform-tests/css/css-cascade/import-removal-expected.html: Added.
web-platform-tests/css/css-cascade/import-removal.html: Added.

Source/WebCore:

When removing a not yet loaded CSS @import, the hasPendingSheet() flag
was not cleared. This resulted in a completely blank page.
This patch makes sure to cancel the load before deleting the rule.

Test: imported/w3c/web-platform-tests/css/css-cascade/import-removal.html

css/StyleRuleImport.cpp: (WebCore::StyleRuleImport::cancelLoad):
css/StyleRuleImport.h:
css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::wrapperDeleteRule):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289330] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288874. rdar://problem/88217815

AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
https://bugs.webkit.org/show_bug.cgi?id=235945
rdar://88217815

Reviewed by Andres Gonzalez.

This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.

accessibility/AccessibilityRenderObject.cpp: (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):

m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
the case below.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289329] by Russell Epstein

5 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288867. rdar://problem/86320218

Fix handling of access key events
https://bugs.webkit.org/show_bug.cgi?id=234147
<rdar://problem/86320218>

Reviewed by David Kilzer.

Improve focus handling for HTMLElement-based elements to ensure accessKey events
are properly dispatched.

accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::press): Ensure correct object is used after 'accessKeyAction' is invoked.
dom/EventDispatcher.cpp: (WebCore::callDefaultEventHandlersInBubblingOrder) Protect element during default event bubbling.
html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::reportValidity): Ensure correct element is used after focus event.
page/EventHandler.cpp: (WebCore::EventHandler::handleAccessKey): Ensure correct object is used after 'accessKeyAction' is invoked.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288867 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289328] by Russell Epstein

2 edits in branches/safari-613-branch/Source/bmalloc

Cherry-pick r288866. rdar://problem/88303899

[libpas] get_num_free_bytes_for_each_heap_callback() is called with arg pointing to uninitialized stack memory
<https://webkit.org/b/235931>
<rdar://problem/88303899>

Reviewed by Yusuke Suzuki.

libpas/src/libpas/pas_all_heaps.c: (pas_all_heaps_get_num_free_bytes):
Initialize result stack variable to zero.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289327] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288864. rdar://problem/87192657

[iOS] Don't register undo actions in undoManager overridden by WKWebView client
https://bugs.webkit.org/show_bug.cgi?id=235928
<rdar://problem/87192657>

Patch by Matt Gilligan <matthew_gilligan@apple.com> on 2022-01-31
Reviewed by Tim Horton.

UIProcess/ios/PageClientImplIOS.mm: (WebKit::PageClientImpl::registerEditCommand): Use -[WKContentView undoManagerForWebView] rather than -undoManager to prevent registering actions in an undo manager overridden by a WKWebView subclass. This ensures that all actions are registered in the same manager. If the client has disabled groupsByEvent on the overridden undoManager, this prevents an exception from being thrown due to registering actions outside of an undo group.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289326] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288860. rdar://problem/88584471

[iOS] Clean up some issues in the 'com.apple.WebKit.adattributiond.sb' sandbox
https://bugs.webkit.org/show_bug.cgi?id=235929
<rdar://88081007>

Patch by Brent Fulgham <Brent Fulgham> on 2022-01-31
Reviewed by Alex Christensen.

Revise a few syntax issues in the sandbox.

Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288860 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289325] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288848. rdar://problem/86950638

Web Inspector: [Cocoa] Crash in WebKit::WebInspectorUIProxy::attachmentViewDidChange
https://bugs.webkit.org/show_bug.cgi?id=235842

Reviewed by Timothy Hatcher.

Speculatively fix an occasional crash in WebKit::WebInspectorUIProxy::attachmentViewDidChange by ensuring that
the WebInspectorUIProxy still exists before calling attachmentViewDidChange.

Currently we are sometimes crashing while attempting to m_objCAdapter.get(), which is the first use of a
member variable in WebInspectorUIProxy::attachmentViewDidChange. This retain pointer should never be able to
not exists, since it storing nil is a valid state. This points to the WebInspectorUIProxy itself no longer
existing. The fix is to check that we actually have a WebInspectorUIProxy before calling
attachmentViewDidChange. This is also just good practice since WebPageProxy::inspector() is also able to
return nullptr under certain circumstances, and all other calls to it are guarded to check if the
WebInspectorUIProxy is still around first.

UIProcess/Cocoa/WebViewImpl.mm: (WebKit::WebViewImpl::setInspectorAttachmentView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288848 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289324] by Russell Epstein

4 edits in branches/safari-613-branch/Source

Cherry-pick r288831. rdar://problem/88268450

[iOS] SharePlay is shown prominently for system-provided Share Sheets
https://bugs.webkit.org/show_bug.cgi?id=235895
rdar://88268450

Reviewed by Wenson Hsieh.

Source/WebKit:

Content shared using the Web Share API should not display a SharePlay action.

UIProcess/Cocoa/WKShareSheet.mm: (-[WKShareSheet presentWithShareDataArray:inRect:]):

Use -[UIActivityViewController setExcludedActivityTypes:] to ensure
a SharePlay action is not displayed.

Source/WTF:

wtf/PlatformHave.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289323] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288827. rdar://problem/87815745

Source/WebCore:
Changed playbackRate and defaultPlaybackRate from unrestricted double
to double.
https://bugs.webkit.org/show_bug.cgi?id=235174
rdar://problem/87815745

Patch by Takeshi Sone <takeshi.sone@gmail.com> on 2022-01-31
Reviewed by Eric Carlson.

Test: media/video-playbackrate-undefined.html

html/HTMLMediaElement.idl:

LayoutTests:
Added a test to verify that setting undefined to video.playbackRate
raises an exception.
https://bugs.webkit.org/show_bug.cgi?id=235174
rdar://problem/87815745

Patch by Takeshi Sone <takeshi.sone@gmail.com> on 2022-01-31
Reviewed by Eric Carlson.

media/video-playbackrate-undefined-expected.txt: Added.
media/video-playbackrate-undefined.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288827 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289322] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288825. rdar://problem/88172449

[WP] Remove PostScript conversion code
https://bugs.webkit.org/show_bug.cgi?id=235892
<rdar://88172449>

Reviewed by Brent Fulgham.

The WebContent process no longer has access to the PostScript conversion service, so there is no need to keep this code.

WebProcess/Plugins/PDF/PDFPlugin.h:
WebProcess/Plugins/PDF/PDFPlugin.mm: (WebKit::PDFPlugin::streamDidFinishLoading): (WebKit::PDFPlugin::manualStreamDidFinishLoading): (WebKit::PDFPlugin::convertPostScriptDataIfNeeded): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289321] by Russell Epstein

8 edits
2 adds in branches/safari-613-branch

Cherry-pick r288801. rdar://problem/88186663

(REGRESSION)[IFC][RTL] wpt/css/css-text/white-space/trailing-space-and-text-alignment-rtl-003.html
https://bugs.webkit.org/show_bug.cgi?id=235823
<rdar://problem/88186663>

Reviewed by Antti Koivisto.

Source/WebCore:

Reset the trailing whitespace bidi level before handing them over to visual reordering.
see https://unicode.org/reports/tr9/#L1
"L1. On each line, reset the embedding level of the following characters to the paragraph embedding level:

...
Any sequence of whitespace characters ... at the end of the line."

It ensures that

<div style="width: 2ch; direction: rtl">AB C</div>

and

<div style="direction: rtl">AB </div>

both have the trailing whitespace positioned _visually_ as trailing (and not leading) content.

After the bidi paragraph processing "AB C" gets a uniform bidi level of 2, while "AB " is split into "AB" and " "
with bidi levels of 2 and 1 respectively.
In the latter case, the difference in bidi levels makes the runs flip visually at reordering.
It makes the trailing whitespace "pushed" to the left side of the "AB" making it _visually_ trailing (the content renders as " AB").
However in case of "AB C" with the line breaking position after " ", we would end up with a single run of "AB " with the bidi level of 2.
This run would render as "AB " turning the trailing whitespace into a _visually_ leading whitespace.

In this patch we ensure that the trailing (non-collapsible) whitespace runs

are detached from their adjoining non-whitespace text runs and
they get their bidi levels reset

Test: fast/text/rtl-pre-wrap-hanging-offset.html

layout/formattingContexts/inline/display/InlineDisplayLineBuilder.cpp: (WebCore::Layout::InlineDisplayLineBuilder::build const):

LayoutTests:

fast/text/rtl-pre-wrap-hanging-offset-expected.html: Added.
fast/text/rtl-pre-wrap-hanging-offset.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289320] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288800. rdar://problem/88241513

[LFC][IFC] Do not break content at an inline box boundary
https://bugs.webkit.org/show_bug.cgi?id=235868

Reviewed by Antti Koivisto.

Source/WebCore:

Handle nested inline boxes, when the breaking position is between at an inline box boundary.
e.g.

<div style="width: 1px"><span><span><span>this_content_overflow</span></span></span></div>

while the breaking position is between the 3rd <span> and the letter 't', we should not let the first
line have all the <span><span><span> content only, but instead find a more reasonable breaking position by
looking at the previous runs.
This patch expands "findTrailingRunIndex" to find multiple, subsequent (nested) inline boxes.

Test: fast/inline/nested-inline-box-with-word-break.html

layout/formattingContexts/inline/InlineContentBreaker.cpp: (WebCore::Layout::findTrailingRunIndex):

LayoutTests:

fast/inline/nested-inline-box-with-word-break-expected.html: Added.
fast/inline/nested-inline-box-with-word-break.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289319] by Russell Epstein

12 edits
2 adds in branches/safari-613-branch

Cherry-pick r288789. rdar://problem/88043325

Capturing WebGL canvas through peer connection shows the image flipped
https://bugs.webkit.org/show_bug.cgi?id=235600
<rdar://problem/88043325>

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-01-29
Reviewed by Dean Jackson.

Source/WebCore:

Mirror and rotate the WebGL image at the source since WebRTC
does not support mirroring.

Test: webrtc/canvas-to-peer-connection.html

platform/graphics/cocoa/GraphicsContextGLCocoa.h:
platform/graphics/cocoa/GraphicsContextGLCocoa.mm: (WebCore::GraphicsContextGLCocoa::paintCompositedResultsToMediaSample):
platform/graphics/cocoa/IOSurface.h:
platform/graphics/cocoa/IOSurface.mm: (WebCore::IOSurface::setOwnershipIdentity):
platform/graphics/cv/CVUtilities.h:
platform/graphics/cv/CVUtilities.mm: (WebCore::setOwnershipIdentityForCVPixelBuffer):

LayoutTests:

Test sending WebGL image through a peer connection to a local video
and assert that the image is as drawn.

platform/glib/TestExpectations:
webrtc/canvas-to-peer-connection-expected.txt: Added.
webrtc/canvas-to-peer-connection.html: Added.
webrtc/routines.js:
webrtc/video-replace-track.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289318] by Russell Epstein

7 edits
2 adds in branches/safari-613-branch

Cherry-pick r288783. rdar://problem/88052073

REGRESSION(r281687): Space widths have synthetic bold applied to them in the fast text codepath but not the complex text codepath
https://bugs.webkit.org/show_bug.cgi?id=235755
<rdar://problem/88052073>

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

web-platform-tests/css/css-fonts/synthetic-bold-space-width-expected.html: Added.
web-platform-tests/css/css-fonts/synthetic-bold-space-width.html: Added.

Source/WebCore:

r281687 made Font::widthForGlyph() return the non-synthetically-expanded width,
instead of the synthetically-expanded width.

I think this is philosophically correct, because Font::widthForGlyph() is called before shaping,
and shaping requires the original width. If some custom code is asking for the width of specific
characters without going through WidthIterator or ComplexTextController, that code needs to
determine whether or not it's going to run shaping, and thus when it should be adding in the
synthetic offset.

adjustGlyphsAndAdvances() used to subtract out the synthetic offset because it was expecting
Font::widthForGlyph() to return the already-expanded width. So, the solution is just stop subtracting
the offset, because it hasn't been applied in the first place.

Test: imported/w3c/web-platform-tests/css/css-fonts/synthetic-bold-space-width.html

platform/graphics/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
platform/graphics/Font.h:

LayoutTests:

platform/mac/fast/text/atsui-multiple-renderers-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288783 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289317] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288776. rdar://problem/88214729

[macOS][WP] Temporarily add syscall to sandbox
https://bugs.webkit.org/show_bug.cgi?id=235841
<rdar://88197549>

Reviewed by Brent Fulgham.

Temporarily add syscall to sandbox in the WebContent process on macOS. This can be removed when <rdar://88210738> is fixed.

WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289316] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288754. rdar://problem/88035818

Ensure session is added in network process when it creates connection to web process
https://bugs.webkit.org/show_bug.cgi?id=235754

Reviewed by Chris Dumez.

In NetworkProcess::CreateNetworkConnectionToWebProcess, if the session that web process is using is not added
yet, WorkQueueMessageReceiver cannot be added to the connection and storage messages will be dropped. Usually
session is added in NetworkProcess::AddWebsiteDataStore, which is sent from UI process before
NetworkProcess::CreateNetworkConnectionToWebProcess; but CreateNetworkConnectionToWebProcess message has
DispatchMessageEvenWhenWaitingForSyncReply flag set, so it might get processed earlier.

To fix the issue, now we send set DispatchMessageEvenWhenWaitingForSyncReply flag on AddWebsiteDataStore message
too, so it's processed before CreateNetworkConnectionToWebProcess.

UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::addSession):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288754 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:56 PM Changeset in webkit [289315] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288711. rdar://problem/88160246

[iOS][macOS] Removed unneeded telemetry
https://bugs.webkit.org/show_bug.cgi?id=235742

Reviewed by Darin Adler.

Remove some telemetry we have sufficient data for.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289314] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WTF

Cherry-pick r288706. rdar://problem/88152385

Change version number for HAVE_PASSKIT_DEFAULT_SHIPPING_METHOD
https://bugs.webkit.org/show_bug.cgi?id=235732
<rdar://problem/88152385>

Reviewed by Wenson Hsieh.

wtf/PlatformHave.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289313] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288659. rdar://problem/88593390

Unreviewed, reverting r288614.

Caused layout test crashes

Reverted changeset:

"REGRESSION(r287684) speedtest.net uses many GB of memory"
https://bugs.webkit.org/show_bug.cgi?id=235615
https://commits.webkit.org/r288614

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288659 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289312] by Russell Epstein

20 edits in branches/safari-613-branch

Cherry-pick r288631. rdar://problem/88020080

Unreviewed, revert r286855 as it caused form submission issues
https://bugs.webkit.org/show_bug.cgi?id=235645
<rdar://88020080>

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valid-expected.txt:
web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valueMissing-expected.txt:
web-platform-tests/html/semantics/forms/the-input-element/radio-expected.txt:

Source/WebCore:

html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::setChecked): (WebCore::HTMLInputElement::didChangeForm): (WebCore::HTMLInputElement::insertedIntoAncestor): (WebCore::HTMLInputElement::removedFromAncestor): (WebCore::HTMLInputElement::checkedRadioButtonForGroup const):
html/InputType.h: (WebCore::InputType::willUpdateCheckedness): Deleted.
html/RadioInputType.cpp: (WebCore::RadioInputType::valueMissing const): (WebCore::RadioInputType::willUpdateCheckedness): Deleted.
html/RadioInputType.h:

LayoutTests:

fast/forms/radio/ValidityState-valueMissing-radio-expected.txt:
fast/forms/radio/ValidityState-valueMissing-radio.html:
fast/forms/radio/radio-live-validation-style-expected.txt:
fast/forms/radio/radio-live-validation-style.html:
platform/ios-wk2/imported/w3c/web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valid-expected.txt:
platform/ios-wk2/imported/w3c/web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valueMissing-expected.txt:
platform/mac-wk2/imported/w3c/web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valid-expected.txt:
platform/mac-wk2/imported/w3c/web-platform-tests/html/semantics/forms/constraints/form-validation-validity-valueMissing-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288631 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289311] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288620. rdar://problem/87771490

[MacOS] Set kAudioOutputUnitProperty_CurrentDevice on CoreAudioSharedUnit outputBus
https://bugs.webkit.org/show_bug.cgi?id=235632
<rdar://87771490>

Reviewed by Eric Carlson.

When VPIO is used for rendering audio, it is not always updating the audio route when system default speaker is updated.
While it is doing so when capturing using the built-in microphone, it is not doing so with BT microphones.

To make it reliable, we are now setting kAudioOutputUnitProperty_CurrentDevice on the output bus to the default output device.
Whenever we detect a change of default output device, we reconfigure the audio unit to select the new default output device.

Manually tested.

platform/mediastream/mac/BaseAudioSharedUnit.cpp: (WebCore::BaseAudioSharedUnit::devicesChanged):
platform/mediastream/mac/BaseAudioSharedUnit.h: (WebCore::BaseAudioSharedUnit::setOutputDeviceID): (WebCore::BaseAudioSharedUnit::validateOutputDevice):
platform/mediastream/mac/CoreAudioCaptureSource.cpp: (WebCore::CoreAudioSharedUnit::setupAudioUnit): (WebCore::CoreAudioSharedUnit::validateOutputDevice):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288620 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289310] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288617. rdar://problem/88046988

ASSERTION FAILED: !hasPendingSheets() under WebCore::Style::Scope::~Scope()
https://bugs.webkit.org/show_bug.cgi?id=235612
<rdar://problem/88046988>

Reviewed by Alan Bujtas.

dom/Document.cpp: (WebCore::Document::didRemoveAllPendingStylesheet):

Don't try to scroll to anchor if we don't have a view. This avoids hitting ASSERT(!m_inRemovedLastRefFunction)
trying to ref the document during teardown (with refererencing node count still non-zero).

dom/InlineStyleSheetOwner.cpp: (WebCore::InlineStyleSheetOwner::removedFromDocument):

Ensure we always remove the Element from the pending sheet list when it is removed from the document.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288617 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289309] by Russell Epstein

12 edits in branches/safari-613-branch

Cherry-pick r288605. rdar://problem/87948317

REGRESSION (iOS 15.2): Loading gets stuck after back-navigation involving COOP header
https://bugs.webkit.org/show_bug.cgi?id=235475
<rdar://problem/87948317>

Reviewed by Geoffrey Garen.

Source/WebCore:

Make sure ShouldTreatAsContinuingLoad is properly propagated for back/forward navigations,
not just regular loadRequests.

loader/FrameLoader.cpp: (WebCore::FrameLoader::loadURL): (WebCore::FrameLoader::loadWithNavigationAction): (WebCore::FrameLoader::loadPostRequest): (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): (WebCore::FrameLoader::loadDifferentDocumentItem):
loader/FrameLoader.h:

Source/WebKit:

WebPageProxy::continueNavigationInNewProcess() was failing to pass the identifier of the
NetworkResourceLoader that needs to be resumed to ProvisionalPageProxy::goToBackForwardItem().
It was only passing it to ProvisionalPageProxy::loadRequest(), which is used for non-back/forward
navigations. As a result, in case of COOP process-swap on back/forward navigation, the network
process would start a fresh load instead of resuming the existing one. The fresh load would get
a COOP header and thus trigger yet another process swap (and so on in a loop).

Also fix an issue where ProvisionalPageProxy::goToBackForwardItem() would always use
ShouldTreatAsContinuingLoad::YesAfterNavigationPolicyDecision even in the case of a COOP
process-swap. In the case of a COOP process-swap, we should pass in
ShouldTreatAsContinuingLoad::YesAfterProvisionalLoadStarted. This was causing us to
do an extra call to didStartProvisionalLoad() and was causing the new API test to hit
an assertion on debug builds.

Covered by new API test.

UIProcess/ProvisionalPageProxy.cpp: (WebKit::ProvisionalPageProxy::goToBackForwardItem):
UIProcess/ProvisionalPageProxy.h:
UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::launchProcessForReload): (WebKit::WebPageProxy::goToBackForwardItem): (WebKit::WebPageProxy::continueNavigationInNewProcess): (WebKit::WebPageProxy::triggerBrowsingContextGroupSwitchForNavigation):
WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::loadRequest): (WebKit::WebPage::loadData): (WebKit::WebPage::goToBackForwardItem):
WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

Tools:

Add API test coverage.

TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288605 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289308] by Russell Epstein

16 edits in branches/safari-613-branch

Cherry-pick r288590. rdar://problem/87984277

Disable input-security CSS property
https://bugs.webkit.org/show_bug.cgi?id=235557
rdar://87984277

Reviewed by Dean Jackson.

Source/WebCore:

CSSWG is planning to remove input-security from CSS UI 4
(https://github.com/w3c/csswg-drafts/issues/6788).

Keep the property around as an experimental feature, so that
it can be used in the UA stylesheet, and easily turned on if the
resolution is not finalized.

css/CSSComputedStyleDeclaration.cpp: (WebCore::ComputedStyleExtractor::valueForPropertyInStyle):
css/CSSProperties.json:
css/parser/CSSParserContext.cpp: (WebCore::CSSParserContext::CSSParserContext):

Enable input-security when parsing the UA stylesheet, as it is used to
obscure text in password inputs.

(WebCore::operator==):
(WebCore::add):
(WebCore::CSSParserContext::isPropertyRuntimeDisabled const):

css/parser/CSSParserContext.h:
css/parser/CSSParserFastPaths.cpp: (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):

Source/WebKitLegacy/win:

Add support for tests enabling the CSSInputSecurityEnabled preference.

WebPreferences.cpp: (WebPreferences::cssInputSecurityEnabled):
WebPreferences.h:
WebView.cpp: (WebView::notifyPreferencesChanged):

Source/WTF:

Scripts/Preferences/WebPreferencesExperimental.yaml:

Make input-security a disabled-by-default experimental feature.

Tools:

DumpRenderTree/TestOptions.cpp: (WTR::TestOptions::defaults):

Add default for WebKitLegacy on Windows.

LayoutTests:

fast/css/computed-text-security-for-input-security.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288590 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289307] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288586. rdar://problem/87994712

[macOS] Observe CFNetwork preference domain
https://bugs.webkit.org/show_bug.cgi?id=235603
<rdar://87994712>

Reviewed by Darin Adler.

Since the Networking process is now using CF prefs direct mode, the CFNetwork preference domain should be observed for changes.

UIProcess/Cocoa/PreferenceObserver.mm: (-[WKPreferenceObserver init]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288586 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289306] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288564. rdar://problem/87268956

REGRESSION(r281419): iCloud.com Notes web app fonts render incorrectly
https://bugs.webkit.org/show_bug.cgi?id=235559
<rdar://problem/87268956>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

web-platform-tests/html/canvas/element/drawing-text-to-the-canvas/null-character-expected.txt: Added.
web-platform-tests/html/canvas/element/drawing-text-to-the-canvas/null-character.html: Added.

Source/WebCore:

Chrome and Firefox render U+0000 NULL as invisible. We should do the same, despite it technically being classified as a control character.

https://github.com/w3c/csswg-drafts/pull/6983

Test: imported/w3c/web-platform-tests/html/canvas/element/drawing-text-to-the-canvas/null-character.html

platform/graphics/WidthIterator.cpp: (WebCore::WidthIterator::applyCSSVisibilityRules):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289305] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288553. rdar://problem/87976757

Missing EnabledBySetting=WebXREnabled where Conditional=WEBXR exists
https://bugs.webkit.org/show_bug.cgi?id=235527

Reviewed by Darin Adler.

Manually tested.

Modules/webxr/XRFrameRequestCallback.idl:
html/canvas/WebGLContextAttributes.idl:
html/canvas/WebGLRenderingContextBase.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288553 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289304] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288549. rdar://problem/86452550

Unreviewed, reverting r282374.
https://bugs.webkit.org/show_bug.cgi?id=235587

Introduced perf regression

Reverted changeset:

"Playback stops although the progress bar moves"
https://bugs.webkit.org/show_bug.cgi?id=230210
https://commits.webkit.org/r282374

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289303] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288547. rdar://problem/87824766

(REGRESSION r287485) [LFC][IFC] Incorrect RTL content position when intrusive float is present
https://bugs.webkit.org/show_bug.cgi?id=235547
<rdar://87824766>

Reviewed by Antti Koivisto.

Source/WebCore:

The float box coordinates are always visual. They need to be converted to
logical to be able to properly constrain the available space on the current line.

Test: fast/inline/intrusive-float-with-rtl-content.html

layout/formattingContexts/inline/InlineLineBuilder.cpp: (WebCore::Layout::LineBuilder::floatConstraints const):

LayoutTests:

fast/inline/intrusive-float-with-rtl-content-expected.html: Added.
fast/inline/intrusive-float-with-rtl-content.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288547 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289302] by Russell Epstein

5 edits
2 adds in branches/safari-613-branch

Cherry-pick r288543. rdar://problem/84958961

REGRESSION(r282320): [Cocoa] User-installed fonts don't work in the GPU Process (in WKWebView)
https://bugs.webkit.org/show_bug.cgi?id=235449
<rdar://problem/84958961>

Reviewed by Darin Adler.

Source/WebCore/PAL:

pal/spi/cf/CoreTextSPI.h:

Source/WebKit:

The reason for this bug was I was misusing kCTFontOptionsSystemUIFont. I thought this flag just
meant "allow the creation of system fonts" but it turns out it means something more subtle than
that. Instead of unconditionally specifying this flag, we should just pull out the options field
from the source font (which will include that flag if the font was a system font) and use that
instead.

Test: fast/text/user-installed-canvas.html

Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::ArgumentCoder<Ref<WebCore::Font>>::encodePlatformData): (IPC::createCTFont): (IPC::ArgumentCoder<Ref<WebCore::Font>>::decodePlatformData):

LayoutTests:

fast/text/user-installed-canvas-expected.html: Added.
fast/text/user-installed-canvas.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288543 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289301] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288539. rdar://problem/87986840

Expand RefPtr / Ref use in FrameLoader
https://bugs.webkit.org/show_bug.cgi?id=235551
rdar://87986840

Reviewed by Mark Lam.

Apply Ref / RefPtr instead of taking SerializedScriptValue*.

loader/FrameLoader.cpp: (WebCore::FrameLoader::loadInSameDocument): (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy):
loader/FrameLoader.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:55 PM Changeset in webkit [289300] by Russell Epstein

5 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288536. rdar://problem/87981122

REGRESSION (r286932): Fixed position elements jiggle sometimes (Twitter, Facebook)
https://bugs.webkit.org/show_bug.cgi?id=235543
<rdar://87981122>

Reviewed by Tim Horton.

In r286932 we ensure that the scrolling layer's position gets committed in the scrolling
thread to reduce stutters. However, we also have to do the same for fixed and sticky
layers, because they need to committed in synchrony with the scrolling layer.

Also change some 'override' to 'final' and add locking annotations.

page/scrolling/cocoa/ScrollingTreeFixedNode.h:
page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions):
page/scrolling/cocoa/ScrollingTreeStickyNodeCocoa.h:
page/scrolling/cocoa/ScrollingTreeStickyNodeCocoa.mm: (WebCore::ScrollingTreeStickyNodeCocoa::applyLayerPositions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289299] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288493. rdar://problem/82554226

REGRESSION (iOS 15): HTMLAudioElement fails to load new audio when device is locked or safari is in background
https://bugs.webkit.org/show_bug.cgi?id=229688
<rdar://problem/82554226>

Unreviewed, adress post-review feedback.

platform/audio/cocoa/MediaSessionManagerCocoa.mm: (WebCore::MediaSessionManagerCocoa::updateSessionState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289298] by Russell Epstein

4 edits in branches/safari-613-branch

Cherry-pick r288478. rdar://problem/72567903

Regression (r286936): SessionStorage data is not cleared when deleting website data by modification time
https://bugs.webkit.org/show_bug.cgi?id=235542

Reviewed by Chris Dumez.

Source/WebKit:

The old behavior before r286936 is to delete SessionStorage data regardless of the modifiedSince parameter.
r286936 made it check modifiedSince and perform deleteion when modifiedSince time is -Walltime::infinity. This
patch corrects it by deleting SessionStorage data when modifiedSince time is in the past.

API test: SessionStorage.ClearByModificationTime

NetworkProcess/storage/OriginStorageManager.cpp: (WebKit::OriginStorageManager::StorageBucket::deleteData):

Tools:

TestWebKitAPI/Tests/WebKitCocoa/SessionStorage.mm: (TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289297] by Russell Epstein

9 edits
2 adds in branches/safari-613-branch

Cherry-pick r288466. rdar://problem/82554226

REGRESSION (iOS 15): HTMLAudioElement fails to load new audio when device is locked or safari is in background
https://bugs.webkit.org/show_bug.cgi?id=229688
<rdar://problem/82554226>

Reviewed by Jer Noble.
Source/WebCore:

An iOS application loses its NowPlaying status as soon as the AudioSession category
is set to Ambient, and it can only get it back again by changing the category
to Playback *and* starting playback. When an application is in the background, however,
it can't start playback unless it *already* has NowPlaying status. So, ipso facto,
background playback will always fail once the category is set to Ambient.

If an AudioSession's category is set to Playback when it is activated, it will
interrupt another application playing audio, activate Bluetooth routes, etc.
This means WebKit has to relinquish Playback when a page is unable to produce audio
because AVFoundation automatically activates the audio session when playback starts

even if the AVPlayer is muted or has no audio.

To allow pages that were playing audio when WebKit went into the background to
continue to play after switching urls or activating another media element, add a
grace period when switch from Playback to Ambient.

Test: media/audio-session-category.html

platform/audio/cocoa/MediaSessionManagerCocoa.mm: (WebCore::MediaSessionManagerCocoa::updateSessionState):

Source/WebKit:

WebProcess/GPU/media/RemoteAudioSession.cpp: (WebKit::RemoteAudioSession::category const): Return the most recently set category on all platforms so it is possible to test.

LayoutTests:

fast/mediasession/metadata/audio-track-enabled.html: Wait longer for the audio session category to be reset.
media/audio-session-category-expected.txt: Added.
media/audio-session-category.html: Added.
platform/gtk/TestExpectations: Skip new test.
platform/mac-wk1/TestExpectations: Skip new test, MediaStream isn't supported on WK1.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288466 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289296] by Russell Epstein

9 edits in branches/safari-613-branch/Source/ThirdParty/libwebrtc

Cherry-pick r288464. rdar://problem/87884184

Cherry-pick WebRTC 235826 change
https://bugs.webkit.org/show_bug.cgi?id=235510
<rdar://87884184>

Reviewed by Eric Carlson.

Cherry-picking above fixing for compliance.

Source/webrtc/media/engine/webrtc_media_engine.cc:
Source/webrtc/media/engine/webrtc_media_engine.h:
Source/webrtc/media/engine/webrtc_media_engine_unittest.cc:
Source/webrtc/media/engine/webrtc_video_engine.cc:
Source/webrtc/media/engine/webrtc_video_engine.h:
Source/webrtc/media/engine/webrtc_voice_engine.cc:
Source/webrtc/modules/rtp_rtcp/source/rtp_header_extension_map.cc:
Source/webrtc/modules/rtp_rtcp/source/rtp_header_extension_map_unittest.cc:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288464 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289295] by Russell Epstein

5 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288463. rdar://problem/87977499

file.stream() is slow and CPU-bound
https://bugs.webkit.org/show_bug.cgi?id=235448

Reviewed by Alex Christensen.

We introduce a ReadAsBinaryChunks mode to prevent storing the whole file in memory.
Use this in Blob stream implementation.
The new implementation is much faster for big files given it does not need to keep in memory the whole file.
Covered by existing tests.

fileapi/Blob.cpp:
fileapi/FileReaderLoader.cpp:
fileapi/FileReaderLoader.h:
fileapi/FileReaderLoaderClient.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289294] by Russell Epstein

3 edits in branches/safari-613-branch/Source/ThirdParty/libwebrtc

Cherry-pick r288461. rdar://problem/87969456

Reject large number of WebRTC audio channels
https://bugs.webkit.org/show_bug.cgi?id=235511

Reviewed by Eric Carlson.

Cherry-picking WebRTC upstream fix for compliance.

Source/webrtc/pc/webrtc_sdp.cc:
Source/webrtc/pc/webrtc_sdp_unittest.cc:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289293] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288439. rdar://problem/88592095

Reconfiguring the CoreAudioSharedUnit should take into account that there is a speaker sample producer
https://bugs.webkit.org/show_bug.cgi?id=235397
<rdar://problem/87819949>

Reviewed by Eric Carlson and Geoff Garen.

Address post-commit comments.
Introduce a boolean to make high priority thread callbacks no-ops when reconfiguring the audio unit.

platform/mediastream/mac/CoreAudioCaptureSource.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289292] by Russell Epstein

12 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288387. rdar://problem/87468788

Inject Launch Services database before NSApplication is initialized
https://bugs.webkit.org/show_bug.cgi?id=235186
<rdar://87468788>

Reviewed by Chris Dumez.

To avoid the main thread getting stuck, the Launch Services database should be injected before NSApplication
is initialized, since the initialization now depends on the database. To make sure also prewarmed WebContent
processes are receiving the Launch Services database, the WebsiteDataStore method
sendNetworkProcessXPCEndpointToProcess is moved to the class NetworkProcessProxy, since prewarmed processes
will not have a data store initially. This allows us to simplify the code, since we are no longer depending
on having a Website data store before sending the XPC endpoint.

UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::didFinishLaunching):
UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm: (WebKit::WebsiteDataStore::sendNetworkProcessXPCEndpointToProcess): (WebKit::WebsiteDataStore::sendNetworkProcessXPCEndpointToProcess const): Deleted.
UIProcess/WebsiteData/WebsiteDataStore.h:
WebProcess/WebPage/Cocoa/WebPageCocoa.mm: (WebKit::WebPage::platformDidReceiveLoadParameters):
WebProcess/cocoa/LaunchServicesDatabaseManager.h:
WebProcess/cocoa/LaunchServicesDatabaseManager.mm: (WebKit::LaunchServicesDatabaseManager::waitForDatabaseUpdate):
WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289291] by Russell Epstein

6 edits
2 adds in branches/safari-613-branch

Cherry-pick r288362. rdar://problem/87832940

WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
https://bugs.webkit.org/show_bug.cgi?id=235434
rdar://87832940

Reviewed by Alan Bujtas.

LayoutTests/imported/w3c:

web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html:

Update to WPT version.

Source/WebCore:

Test: fast/css/insert-import-rule-crash.html

css/StyleRuleImport.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet):

Null check the parent stylesheet. It can be null if the rule has been removed.

dom/InlineStyleSheetOwner.cpp: (WebCore::InlineStyleSheetOwner::startLoadingDynamicSheet):

Also fix a debug assert in addPendingSheet, this can get called multiple times.

LayoutTests:

fast/css/insert-import-rule-crash-expected.txt: Added.
fast/css/insert-import-rule-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289290] by Russell Epstein

13 edits in branches/safari-613-branch/Source/bmalloc

Cherry-pick r288342. rdar://problem/87249133

[libpas] medium directory lookup should bail if begin_index is zero to catch races with expendable memory decommit (cherry pick 434465bfb8e0c285d6763cf6aa0e04982199f824)
https://bugs.webkit.org/show_bug.cgi?id=235280

Reviewed by Yusuke Suzuki.

I've been seeing crashes in pas_segregated_heap_ensure_allocator_index where the directory that is
passed to the function doesn't match the size. The most likely reason why this is happening is that
the medium directory lookup raced with expendable memory decommit and returned the wrong directory.
To figure out how this happens, I added a bunch of tests to ExpendableMemoryTests. This change
includes various small fixes (like removing assertions) that were found by doing such testing, and it
also includes a test and a change that I think exactly catches what is going on:

Expendable memory is decommitted so that the medium lookup sees begin_index == 0, but end_index still has its original value. This will cause it to return a tuple that is for a too-large size class.
Some other thread rematerializes the expendable memory right after the medium lookup finishes, but before it loads the directory.
The medium lookup finally loads the directory from the tuple, and now sees a non-NULL directory, so it thinks that everything is fine.

This race barely "works" since:

Any other field in the medium tuple being zero would cause the medium lookup to fail, which would then cause a slow path that rematerializes expendable memory under a lock.
Rematerialization of expendable memory adjusts the mutation count, so this race would only go undetected if the rematerialization happened after the medium lookup search but before when the medium lookup loads the directory.

The solution is to just have the medium lookup fail if begin_index == 0. Begin_index can never
legitimately be zero, because there's no way that a size class would want to be responsible for both
index 0 (i.e. the zero-byte object) and objects big enough to require medium lookup.

This adds new tests. While running those new tests, I found and fixed two other bugs:

Recomputation of the index_to_small_allocator_index table subtly mishandles the cached_index case. Previously, it was only special-casing it only when the directory was not participating in lookup tables at all, but actually it needs to special-case it anytime that the directory doesn't otherwise think that it should set the entry at cached_index.

Expendable memory commit/decommit was playing fast-and-loose with version numbers. This fixes it so that there is a global monotonically increasing version number.

libpas/src/libpas/bmalloc_heap.c: (bmalloc_flex_heap_ref_get_heap): (bmalloc_auxiliary_heap_ref_get_heap): (bmalloc_get_heap):
libpas/src/libpas/bmalloc_heap.h:
libpas/src/libpas/pas_expendable_memory.c: (pas_expendable_memory_state_version_next): (pas_expendable_memory_construct): (pas_expendable_memory_commit_if_necessary): (scavenge_impl): (pas_expendable_memory_scavenge):
libpas/src/libpas/pas_expendable_memory.h:
libpas/src/libpas/pas_scavenger.c: (handle_expendable_memory): (scavenger_thread_main): (pas_scavenger_decommit_expendable_memory): (pas_scavenger_fake_decommit_expendable_memory):
libpas/src/libpas/pas_scavenger.h:
libpas/src/libpas/pas_segregated_heap.c: (medium_directory_tuple_for_index_impl): (pas_segregated_heap_medium_directory_tuple_for_index): (pas_segregated_heap_medium_allocator_index_for_index): (recompute_size_lookup): (rematerialize_size_lookup_set_medium_directory_tuple): (pas_segregated_heap_ensure_allocator_index): (check_size_lookup_recomputation_set_medium_directory_tuple): (check_size_lookup_recomputation_dump_directory): (check_size_lookup_recomputation): (check_size_lookup_recomputation_if_appropriate): (pas_segregated_heap_ensure_size_directory_for_size):
libpas/src/libpas/pas_segregated_heap.h:
libpas/src/libpas/pas_segregated_size_directory.h: (pas_segregated_size_directory_get_tlc_allocator_index):
libpas/src/libpas/pas_try_allocate_primitive.h: (pas_try_allocate_primitive_impl_casual_case): (pas_try_allocate_primitive_impl_inline_only):
libpas/src/test/ExpendableMemoryTests.cpp: (std::testRage): (std::testRematerializeAfterSearchOfDecommitted): (std::testBasicSizeClass): (addExpendableMemoryTests):
libpas/src/test/TestHarness.cpp: (RuntimeConfigTestScope::RuntimeConfigTestScope):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288342 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289289] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288327. rdar://problem/87423185

[macOS] Various tests hit debug assertions under SearchBuffer::search after system ICU changes
https://bugs.webkit.org/show_bug.cgi?id=235413
rdar://87423185

Reviewed by Darin Adler.

After upgrading the system ICU version to ICU 70, many layout tests that attempt to use TextIterator on macOS
(e.g. tests in accessibility/mac) hit debug assertions underneath WebCore::SearchBuffer::search; this is
because ICU now emits U_USING_DEFAULT_WARNING as the error code when calling usearch_next(), instead of
U_ZERO_ERROR, like it did in previous versions.

This warning is propagated due to ICU falling back to the root locale (kRootLocaleName) when creating an
icu::BreakIterator, and appears to be benign. We can address this by relaxing the debug assertion in this
method to just check that the error code indicates success (i.e. "warning, or no error"), rather than strictly
being equal to U_ZERO_ERROR.

editing/TextIterator.cpp: (WebCore::SearchBuffer::search):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289288] by Russell Epstein

5 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288296. rdar://problem/88593227

Disable fallback path to WebRTC platform sockets
https://bugs.webkit.org/show_bug.cgi?id=235402

Reviewed by Eric Carlson.

We should not fallback to the legacy WebRTC socket code path in Cocoa ports.
Instead, if we cannot create the corresponding sockets (in case of ssltcp candidates for instance),
we mark the socket as closed.
Minor refactoring to show that NetworkRTCUDPSocketCocoa code path should always be successful.

Manually tested on meet.google.com which can make use of ssltcp candidates.

NetworkProcess/webrtc/NetworkRTCProvider.cpp:
NetworkProcess/webrtc/NetworkRTCProvider.h:
NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289287] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288233. rdar://problem/87781796

Add visibility: visible to modal dialogs in UA sheet
https://bugs.webkit.org/show_bug.cgi?id=235369

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden-expected.txt: Added.
web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden.html: Added.

Source/WebCore:

Test: imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/modal-dialog-in-visibility-hidden.html

css/dialog.css: (dialog:-internal-modal-dialog):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288233 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289286] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288223. rdar://problem/87741289

Assertion is not acquired in network process when setting database journal mode
https://bugs.webkit.org/show_bug.cgi?id=235340

Setting database journal mode requires lock, so network process needs to stay active by holding assertion.

Reviewed by Chris Dumez.

platform/sql/SQLiteDatabase.cpp: (WebCore::SQLiteDatabase::useWALJournalMode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289285] by Russell Epstein

2 edits in branches/safari-613-branch/JSTests

Cherry-pick r288213. rdar://problem/87538657

Unreviewed, skip new test max-typed-array-length-toString.js when memory-limited
https://bugs.webkit.org/show_bug.cgi?id=235217

Patch by Michael Catanzaro <Michael Catanzaro> on 2022-01-19

stress/max-typed-array-length-toString.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:54 PM Changeset in webkit [289284] by Russell Epstein

4 edits
2 adds in branches/safari-613-branch

Cherry-pick r288196. rdar://problem/87768936

[:has() pseudo-class] Compute specificity correctly
https://bugs.webkit.org/show_bug.cgi?id=235351

Reviewed by Alexey Shvayka.

LayoutTests/imported/w3c:

web-platform-tests/css/selectors/has-complexity.html:

Fix specificity used in this test.

web-platform-tests/css/selectors/has-specificity-expected.txt: Added.
web-platform-tests/css/selectors/has-specificity.html: Added.

Source/WebCore:

"The specificity of an ':is()', ':not()', or ':has()' pseudo-class is replaced by
the specificity of the most specific complex selector in its selector list argument."

https://www.w3.org/TR/selectors-4/#specificity-rules

Test: imported/w3c/web-platform-tests/css/selectors/has-specificity.html

css/CSSSelector.cpp: (WebCore::simpleSelectorSpecificityInternal):

Compute :has() specificity like :is() and :not().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289283] by Russell Epstein

9 edits in branches/safari-613-branch/Source

Cherry-pick r288185. rdar://problem/87709485

[Cocoa] Do not change preferred AudioSession buffer size when VPIO is running
https://bugs.webkit.org/show_bug.cgi?id=235317
<rdar://87709485>

Reviewed by Eric Carlson.

Source/WebCore:

Add infra to be notified when audio capture unit is stopped.
Add a check to return early with microphone sample callback if microphone samples are not to be processed.

Manually tested.

platform/mediastream/mac/BaseAudioSharedUnit.cpp:
platform/mediastream/mac/BaseAudioSharedUnit.h:
platform/mediastream/mac/CoreAudioCaptureSource.cpp:
platform/mediastream/mac/CoreAudioCaptureSource.h:

Source/WebKit:

When we stop capturing, we might still use the VPIO unit to render audio.
In that case, it might be problematic to increase the preferred buffer size as:

Audio unit might stop running, hence stopping audio rendering
Increasing the preferred buffer size might increase latency which is not a good thing in VPIO usecases.

GPUProcess/media/RemoteAudioSessionProxy.cpp:
GPUProcess/media/RemoteAudioSessionProxyManager.cpp:
GPUProcess/media/RemoteAudioSessionProxyManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289282] by Russell Epstein

14 edits
2 adds in branches/safari-613-branch

Cherry-pick r288178. rdar://problem/79296770

REGRESSION (r264352): Mail compose body field does not avoid the keyboard when scrolling after focus
https://bugs.webkit.org/show_bug.cgi?id=235331
rdar://79296770

Reviewed by Tim Horton.

Source/WebKit:

After r264352 added the call to _page->scheduleFullEditorStateUpdate(); during element focus, scrolling to
reveal the selection in the focused body field in Mail stopped working. This is because Mail:

Sets firstResponderKeyboardAvoidanceEnabled to NO on the WKScrollView, which prevents automatic inset

adjustment logic in UIKit from taking effect and adding the keyboard height to the bottom system content
inset.

Manually sets -contentScrollInset on the WKScrollView during a UIKeyboardDidShowNotification, which occurs

after we've already attempted to zoom to the selection.

...combined with the fact that without the call to scheduleFullEditorStateUpdate(), the next EditorState
would've arrived only after the keyboard animation finished.

The end result is that we don't end up avoiding the keyboard at all when focusing the body field in Mail
compose. While rdar://87733414 tracks refactoring logic in WebKit2 Mail compose to ensure that the content
scroll insets on WKScrollView are applied during UIKeyboardWillShowNotification instead of after the keyboard
has finished animating in, this patch provides a short-term workaround by restoring pre-r264352 behavior, with
respect to when the element is scrolled into view.

Test: editing/selection/ios/scroll-to-reveal-selection-with-keyboard-avoidance-disabled.html

Platform/spi/ios/UIKitSPI.h:

Add a declaration for the -firstResponderKeyboardAvoidanceEnabled SPI property on non-internal iOS SDKs.

UIProcess/API/ios/WKWebViewIOS.mm: (-[WKWebView _keyboardDidShow:]):

Plumb this through to the WKContentView, so we can zoom/scroll to the focused element if needed.

UIProcess/WebPageProxy.h:
UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView cleanUpInteraction]): (-[WKContentView _keyboardDidShow]):

If we previously deferred the call to -_zoomToRevealFocusedElement due to the keyboard still animating in,
schedule a call to it now on a 0-delay timer; this delay is necessary to ensure that this zoom occurs *after*
Mail has already set the content inset, which also happens underneath a "KeyboardDidShow" notification.

(-[WKContentView _zoomToRevealFocusedElement]):

In the case where the (presumably internal) client has set firstResponderKeyboardAvoidanceEnabled to NO and
the keyboard is animating in, defer the actual call into the web view to -_zoomToRevealFocusedElement until
after the keyboard animation is finished. This ensures compatibility with existant logic in Mail for manually
setting the content scroll inset on the WKScrollView after the keyboard animation is complete.

(-[WKContentView resetShouldZoomToFocusRectAfterShowingKeyboard]):
(-[WKContentView _elementDidBlur]):

Tools:

Add support for a UIScriptController hook to override firstResponderKeyboardAvoidanceEnabled on WKScrollView.
See LayoutTests for more details.

TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
TestRunnerShared/UIScriptContext/UIScriptController.h: (WTR::UIScriptController::setScrollViewKeyboardAvoidanceEnabled):
WebKitTestRunner/ios/TestControllerIOS.mm: (WTR::TestController::platformResetStateToConsistentValues):
WebKitTestRunner/ios/UIScriptControllerIOS.h:
WebKitTestRunner/ios/UIScriptControllerIOS.mm: (WTR::UIScriptControllerIOS::setScrollViewKeyboardAvoidanceEnabled):

LayoutTests:

Add a layout test that (at least) exercises the newly added codepath, where focusing an editor when the scroll
view has firstResponderKeyboardAvoidanceEnabled set to NO will still allow us to scroll to the selection.

editing/selection/ios/scroll-to-reveal-selection-with-keyboard-avoidance-disabled-expected.txt: Added.
editing/selection/ios/scroll-to-reveal-selection-with-keyboard-avoidance-disabled.html: Added.
resources/ui-helper.js: (window.UIHelper.setScrollViewKeyboardAvoidanceEnabled):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288178 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289281] by Russell Epstein

41 edits
1 add in branches/safari-613-branch

Cherry-pick r288132. rdar://problem/87569029

CSP: Improve handling of multiple policies
https://bugs.webkit.org/show_bug.cgi?id=235199

Reviewed by Kate Cheney.

LayoutTests/imported/w3c:

Add new test expectations with more passes.

web-platform-tests/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms-expected.txt:
web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted-expected.txt:
web-platform-tests/content-security-policy/style-src/style-src-error-event-fires-expected.txt:
web-platform-tests/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event-expected.txt:
web-platform-tests/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms-expected.txt: Added.

Source/WebCore:

This fixes many issues with multiple CSP policies.

To quote the spec for script-src:

Their behavior will be blocked unless every policy allows inline script, either implicitly by not

specifying a script-src (or default-src) directive, or explicitly, by specifying "unsafe-inline",
a nonce-source or a hash-source that matches the inline block.

The previous structure was many distinct calls to check if there was a nonce in any policy, then if there
was a hash in any policy, etc, rather than actually checking the policies as a whole to know if they
allow or block a behavior. This lead to various issues where polices were not properly respected and where
reports were inaccurate.

The allScriptPoliciesAllow() function did try to consider all policies but was not very flexible and had buggy
behavior like for each policy it would call findHashOfContentInPolicies() meaning hashes from other policies
incorrectly applied to the current policy, plus general inefficiency of hashing the same content many
times over.

The new behavior relies more on passing all required information in a single function call to verify all
policies in a single pass.

bindings/js/CachedScriptFetcher.cpp: (WebCore::CachedScriptFetcher::requestScriptWithCache const):
dom/InlineStyleSheetOwner.cpp: (WebCore::InlineStyleSheetOwner::createSheet):
dom/ScriptElement.cpp: (WebCore::ScriptElement::requestModuleScript): (WebCore::ScriptElement::executeClassicScript):
dom/StyledElement.cpp: (WebCore::StyledElement::styleAttributeChanged):
html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process):
loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):
loader/ResourceLoaderOptions.h:
loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
page/csp/ContentSecurityPolicy.cpp: (WebCore::parseSubResourceIntegrityIntoDigests): (WebCore::generateHashesForContent): (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const): (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const): (WebCore::ContentSecurityPolicy::allowNonParserInsertedScripts const): (WebCore::ContentSecurityPolicy::allowInlineScript const): (WebCore::ContentSecurityPolicy::allowInlineStyle const): (WebCore::ContentSecurityPolicy::allowScriptFromSource const): (WebCore::ContentSecurityPolicy::allowStyleFromSource const): (WebCore::ContentSecurityPolicy::allScriptPoliciesAllow const): Deleted. (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies const): Deleted. (WebCore::ContentSecurityPolicy::checkHashAndReportViolation const): Deleted.
page/csp/ContentSecurityPolicy.h:
page/csp/ContentSecurityPolicyDirectiveList.cpp: (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineScriptElement const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForInlineJavascriptURL const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForInlineEventHandlers const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForNonParserInsertedScripts const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineStyleElement const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineStyleAttribute const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScript const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle const): (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeHashScript const): Deleted. (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeHashStyle const): Deleted. (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForParserInsertedScript const): Deleted. (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineScriptAttribute const): Deleted. (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScriptHash const): Deleted. (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyleHash const): Deleted.
page/csp/ContentSecurityPolicyDirectiveList.h:

LayoutTests:

Update test expectations, Some newly passing tests are no longer skipped and some have new reports.

TestExpectations:
http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-in-enforced-policy-and-not-in-report-only-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-multiple-policies-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scripthash-multiple-policies-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only-expected.txt:
http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies-expected.txt:
http/tests/security/contentSecurityPolicy/inline-script-blocked-javascript-url-expected.txt:
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star-expected.txt:
http/tests/security/contentSecurityPolicy/javascript-url-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/window-open-javascript-url-with-target-blocked-expected.txt:
platform/glib/TestExpectations:
platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289280] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r288128. rdar://problem/87711220

Copy com.apple.WebKit.adattributiond.sb into place with other iOS sandbox profiles
https://bugs.webkit.org/show_bug.cgi?id=235320
<rdar://87711220>

Patch by Alex Christensen <achristensen@webkit.org> on 2022-01-18
Reviewed by Per Arne Vollan.

Ever since r287100 we are using the sandbox profile, but it doesn't exist so we just crash.

WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289279] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288124. rdar://problem/87721737

Reduce failure timer in CoreAudioSharedUnit in the case we only render audio samples
https://bugs.webkit.org/show_bug.cgi?id=235318

Reviewed by Eric Carlson.

As shown in https://bugs.webkit.org/show_bug.cgi?id=235317, it might be possible for a VPIO that is only used for
audio rendering to fail sometimes. Waiting for 10 seconds in that case is very long, so we reduce the verification delay to 2 seconds.
Manually tested.

platform/mediastream/mac/BaseAudioSharedUnit.cpp:
platform/mediastream/mac/BaseAudioSharedUnit.h:
platform/mediastream/mac/CoreAudioCaptureSource.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288124 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289278] by Russell Epstein

2 edits in branches/safari-613-branch/JSTests

Cherry-pick r288120. rdar://problem/87538657

Gardening: resolve test failure on CLoop.

Not reviewed.

Change test to not rely on WebAssembly.

stress/max-typed-array-length-toString.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289277] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288110. rdar://problem/87699178

BaseAudioSharedUnit::devicesChanged is failing capture too much in GPUProcess
https://bugs.webkit.org/show_bug.cgi?id=235288

Reviewed by Eric Carlson.

Manually tested.

platform/mediastream/mac/CoreAudioCaptureDeviceManager.h: In GPUProcess, we do not need to filter tap enabled devices, since this may filter out valid devices, which may break capture. Given we only need to filter tap enabled devices in the process that enumerates devices for selecting the one to use, We can reverse the default value to not filter, and enable the filtering in UIProcess as done currently based on whether capturing in GPUProcess or not.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288110 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289276] by Russell Epstein

9 edits in branches/safari-613-branch/Source

Cherry-pick r288076. rdar://problem/83863292

Ensure in flight layer transactions don't accumulate further canvas drawing
https://bugs.webkit.org/show_bug.cgi?id=231163
<rdar://problem/83863292>

Reviewed by Simon Fraser.

Source/WebCore:

When UI side compositing is enabled (as it is on iOS), we build a
layer tree transaction in RemoteLayerTreeDrawingArea::updateRendering to
send off to the UI process. At a high level, updateRendering does this:

Run any requestAnimationFrame callbacks
Iterate over the composited layers to draw their contents into the layer backing stores
Dispatch a task to a different thread to flush the contexts of the layer backing stores and then send the transaction to the UI process

Step 3 is done off a separate task as an optimization, to get the
drawing work queued up by step 2 happening in parallel to any work the
page may day once updateRendering is finished. This can be a problem
when:

GPU process canvas rendering is enabled (but DOM rendering is disabled)
we have accelerated ImageBuffers for both layer backing stores and canvas backing stores
the page does canvas drawing between steps 2 and 3, which affects the contents of a canvas backing store IOSurface that was drawn into a layer backing store IOSurface while building the transaction

The way we draw the canvas contents into the layer is by creating a
CGImage from the canvas backing store ImageBuffer's IOSurface.
Normally, if we draw into an IOSurface that has been wrapped by a
CGImage, this will cause the CGImage to obtain a unique copy of the
IOSurface's pixels, rather than continue holding on to the IOSurface
itself.

When the drawing of this CGImage on to the layer backing store
IOSurface happens, the "draw image" command is queued up to be
processed later. It's only when the flush happens in step 3 above that
the drawing occurs. This means that the CGImage wrapping the IOSurface
exists until that flush.

But while the CGImage does exist, it's in the Web process, and the
canvas drawing on to the same IOSurface happens in the GPU process.
Since QuartzCore doesn't know of its existence, it doesn't cause the
copy-on-write to occur. The effect of this is that subsequent page
drawing on to the canvas can make its way into the layer transaction
unexpectedly.

This patch induces the copy-on-write in the Web process when needed,
by tracking whether a canvas has been drawn into a layer backing
store and the layer transaction flush hasn't happened yet. Just before
we do any more drawing on the canvas, if we are in this state, we
perform a no-op drawing command on the IOSurface, then flush, to make
the CGImage copy the IOSurface data out.

html/HTMLCanvasElement.cpp: (WebCore::imageDrawingRequiresGuardAgainstUseByPendingLayerTransaction): We only need to induce the CGImage copy-on-write behavior if both the layer and canvas backing stores are accelerated, the canvas ImageBuffer is remote, and the layer ImageBuffer is not remote. (WebCore::HTMLCanvasElement::paint): (WebCore::HTMLCanvasElement::drawingContext const): Use drawingContext as a convenient single place to check whether we are performing the first drawing command before the layer tree transaction flush has happened.
html/HTMLCanvasElement.h:
page/Page.h: (WebCore::Page::setIsAwaitingLayerTreeTransactionFlush): (WebCore::Page::isAwaitingLayerTreeTransactionFlush const):
platform/graphics/ImageBufferBackend.h: (WebCore::ImageBufferBackend::ensureNativeImagesHaveCopiedBackingStore):
platform/graphics/cg/ImageBufferIOSurfaceBackend.cpp: (WebCore::ImageBufferIOSurfaceBackend::ensureNativeImagesHaveCopiedBackingStore): The flush is needed since the CGImage wrapping the IOSurface will only copy the pixel data out once the no-op drawing command is processed.
platform/graphics/cg/ImageBufferIOSurfaceBackend.h:

Source/WebKit:

WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::willCommitLayerTree): (WebKit::WebPage::didFlushLayerTreeAtTime): Inform the WebCore::Page about the state of the layer tree transaction building.
WebProcess/WebPage/WebPage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289275] by Russell Epstein

3 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r288053. rdar://problem/85760433

Unable to playback portrait videos on HTML canvas elements
https://bugs.webkit.org/show_bug.cgi?id=235238

Reviewed by Jer Noble.

We need to make sure the destination pixel buffer is IOSurface-backed.
Otherwise, VTImageRotationSession cannot rotate a pixel buffer with
a compressed pixel format.

Manually tested.

Layout tests for this exist, but unless they run on an iPhone 12 or
later HW, they won't fail. For example:

media/video-orientation-canvas.html

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastPixelBuffer):
platform/graphics/cv/ImageRotationSessionVT.mm: (WebCore::ImageRotationSessionVT::rotate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288053 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289274] by Russell Epstein

3 edits
1 add in branches/safari-613-branch

Cherry-pick r288037. rdar://problem/87538657

JSStringJoiner's constructor should take a size_t length.
https://bugs.webkit.org/show_bug.cgi?id=235217
rdar://87538657

Reviewed by Yusuke Suzuki.

JSTests:

stress/max-typed-array-length-toString.js: Added.

Source/JavaScriptCore:

Also removed an unnecessary exception check in JSStringJoiner::append().
This is because appendWithoutSideEffects() cannot throw any exceptions.

runtime/JSStringJoiner.h: (JSC::JSStringJoiner::JSStringJoiner): (JSC::JSStringJoiner::append):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289273] by Russell Epstein

12 edits
6 adds in branches/safari-613-branch

Cherry-pick r288031. rdar://problem/82997136

[Cocoa] rVFC() isn't called for initial video load
https://bugs.webkit.org/show_bug.cgi?id=235006

Reviewed by Eric Carlson.

Source/WebCore:

Tests: media/request-video-frame-loadstart.html

media/request-video-frame-seek.html

Add a new utility class, QueuedVideoOutput, which will pull pixel buffers out of an AVPlayerItemVideoOutput
pre-emptively. Once those pixel buffers are enqueued locally, their associated timing information can be used to
fire a callback for that buffer's display time.

Previously, paints were blocked from pulling new pixel buffers from the video output. With the QueuedVideoOutput
class, this is no longer necessary. The QueuedVideoOutput will notify its client when the image for currentTime
changes, and other clients can freely ask for the currentTime's image.

To curb runaway memory growth, frames are purged as soon as a new image for the current time is available, and when
the video output signals that its own queues were purged.

WebCore.xcodeproj/project.pbxproj:
html/HTMLVideoElement.cpp: (WebCore::HTMLVideoElement::cancelVideoFrameCallback): (WebCore::HTMLVideoElement::serviceRequestVideoFrameCallbacks):
html/HTMLVideoElement.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC): (WebCore::MediaPlayerPrivateAVFoundationObjC::hasAvailableVideoFrame const): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoFullscreenInlineImage): (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): (WebCore::MediaPlayerPrivateAVFoundationObjC::startVideoFrameMetadataGathering): (WebCore::MediaPlayerPrivateAVFoundationObjC::checkNewVideoFrameMetadata): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput): (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoOutput): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastPixelBuffer): (WebCore::MediaPlayerPrivateAVFoundationObjC::videoOutputHasAvailableFrame): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage): (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput): (WebCore::MediaPlayerPrivateAVFoundationObjC::pixelBufferForCurrentTime): (WebCore::MediaPlayerPrivateAVFoundationObjC::nativeImageForCurrentTime): (WebCore::MediaPlayerPrivateAVFoundationObjC::colorSpace): (WebCore::MediaPlayerPrivateAVFoundationObjC::outputMediaDataWillChange): (WebCore::globalPullDelegateQueue): Deleted. (WebCore::MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange): Deleted. (-[WebCoreAVFPullDelegate initWithPlayer:]): Deleted. (-[WebCoreAVFPullDelegate outputMediaDataWillChange:]): Deleted. (-[WebCoreAVFPullDelegate outputSequenceWasFlushed:]): Deleted.
platform/graphics/avfoundation/objc/QueuedVideoOutput.h: Added.
platform/graphics/avfoundation/objc/QueuedVideoOutput.mm: Added. (-[WebQueuedVideoOutputDelegate initWithParent:]): (-[WebQueuedVideoOutputDelegate outputMediaDataWillChange:]): (-[WebQueuedVideoOutputDelegate outputSequenceWasFlushed:]): (-[WebQueuedVideoOutputDelegate observeValueForKeyPath:ofObject:change:context:]): (WebCore::globalOutputDelegateQueue): (WebCore::QueuedVideoOutput::create): (WebCore::QueuedVideoOutput::QueuedVideoOutput): (WebCore::QueuedVideoOutput::~QueuedVideoOutput): (WebCore::QueuedVideoOutput::invalidate): (WebCore::decltype): (WebCore::QueuedVideoOutput::hasImageForTime const): (WebCore::QueuedVideoOutput::takeVideoFrameEntryForTime): (WebCore::QueuedVideoOutput::addCurrentImageChangedObserver): (WebCore::QueuedVideoOutput::configureNextImageObserver): (WebCore::QueuedVideoOutput::imageForCurrentTimeChanged): (WebCore::QueuedVideoOutput::addVideoFrameEntries): (WebCore::QueuedVideoOutput::purgeVideoFrameEntries): (WebCore::QueuedVideoOutput::purgeImagesBeforeTime): (WebCore::QueuedVideoOutput::rateChanged):

Source/WebCore/PAL:

pal/spi/cocoa/AVFoundationSPI.h:

LayoutTests:

media/request-video-frame-loadstart-expected.txt: Added.
media/request-video-frame-loadstart.html: Added.
media/request-video-frame-seek-expected.txt: Added.
media/request-video-frame-seek.html: Added.
platform/ios-wk2/TestExpectations:
platform/mac-wk1/TestExpectations:
platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289272] by Russell Epstein

3 edits
2 adds in branches/safari-613-branch

Cherry-pick r288003. rdar://problem/85505101

Only apply automatic minimum block-size aspect-ratio rules to non-replaced elements
https://bugs.webkit.org/show_bug.cgi?id=235058
<rdar://85505101>

Reviewed by Alan Bujtas.

Source/WebCore:

The rules in https://www.w3.org/TR/css-sizing-4/#aspect-ratio-minimum
that define the automatic minimum size of an element subject to an
aspect-ratio only apply if the element is non-replaced.

In constrainLogicalHeightByMinMax specifically, when min-height is
auto, after applying the aspect-ratio to produce an automatic minimum
height, we bump it up to the content height if the element has
children. This, presumably, is to account for the way the height of a
block is computed in CSS 2.2. (As CSS 2.2 doesn't have an auto value
for min-height, and a CSS Block Layout module has not been written in
terms of CSS Sizing concepts, there is no clear definition of
automatic minimum sizing for blocks at the moment.) If we erroneously
apply this to a replaced element, such as an image or video, it can
get a computed min-height equal to the intrinsic height of the image,
which may be much larger than expected.

This commit adds an is<RenderReplaced>() check for both automatic
minimum logical width and height calculations, although I was unable to
produce a test to exercise the logical width case (which does not take
the intrinsic size into account when computing the automatic minimum).

Test: fast/css/aspect-ratio-min-height-replaced.html

rendering/RenderBox.cpp: (WebCore::RenderBox::constrainLogicalWidthInFragmentByMinMax const): (WebCore::RenderBox::constrainLogicalHeightByMinMax const):

LayoutTests:

Test that replaced elements with child content (in this case, a
<video> element's controls in the UA shadow tree) don't influence the
automatic minimum size calculation.

fast/css/aspect-ratio-min-height-replaced-expected.html: Added.
fast/css/aspect-ratio-min-height-replaced.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:53 PM Changeset in webkit [289271] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r287995. rdar://problem/87458502

Avoid unnecessary call to windowScreenDidChange
https://bugs.webkit.org/show_bug.cgi?id=235198
<rdar://87458502>

Reviewed by Geoffrey Garen.

It is a page load performance progression to avoid this call in initWithDrawingAreaProxy.

UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm: (-[WKOneShotDisplayLinkHandler initWithDrawingAreaProxy:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287995 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289270] by Russell Epstein

3 edits in branches/safari-613-branch/Source/bmalloc

Cherry-pick r287994. rdar://problem/87055595

[libpas] pas_segregated_page_lock_with_mode in try_lock mode should check that the page still uses the lock after the try_lock
https://bugs.webkit.org/show_bug.cgi?id=235203

Reviewed by Yusuke Suzuki.

The bug I was trying to find by assertions in bug 235190 is that lock_with_mode has an incorrect
implementation of the try_lock case. It forgets to check if the lock it acquired is the right one
after locking.

I don't know how to test this without writing a test that is very gross. It's a super subtle race
condition - one that would be hard to reliably trigger even if I used the race_test_hooks
functionality.

libpas/src/libpas/pas_local_allocator.c: (stop_impl):
libpas/src/libpas/pas_segregated_page_inlines.h: (pas_segregated_page_switch_lock_with_mode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287994 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289269] by Russell Epstein

6 edits
1 add in branches/safari-613-branch

Cherry-pick r287992. rdar://problem/74845918

Crash in Document::updateStyleIfNeeded() when removing a node containing the drag caret
https://bugs.webkit.org/show_bug.cgi?id=235184
rdar://74845918

Reviewed by Darin Adler.

Source/WebCore:

While performing drag and drop over editable content, DragCaretController handles updating and painting a drag
caret, which indicates where the dragged content will be inserted upon drop. If the node containing this drag
caret is disconnected, DragCaretController::nodeWillBeRemoved() resets the drag caret position and issues a
repaint on the renderer responsible for drawing the drag caret. This call to nodeWillBeRemoved() occurs in the
middle of node removal, so it's encapsulated by a ScriptDisallowedScope::InMainThread scope which causes a
release assertion in WebKit2 if anything tries to trigger layout or style updates.

Currently, if the node being removed would cause the caret position to be removed as well, DragCaretController
calls into setCaretPosition() with a null visible position, which then calls into invalidateCaretRect with
the current caret position's anchor node. In turn, invalidateCaretRect contains logic to issue a repaint on
the anchor node's renderer if the node is editable. However, to check whether the node is editable, we use the
helper function WebCore::isEditableNode(), which triggers a style update if needed, only in the case where:

A style recalc is needed, and...
The document contains an element with the -webkit-user-modify CSS property.

As such, dirtying element styles right before removing the drag caret's anchor node from the document while
dispatching a drag or drop event in an editor with -webkit-user-modify: read-write; is sufficient to
trigger the release assertion and cause a crash.

To address this, instead of calling clear() inside of DragCaretController::nodeWillBeRemoved(), we can
instead directly invalidate the caret rect using the current drag caret anchor (passing in true for
caretRectChanged() since we already know that the drag caret is being cleared out), and then reset the current
drag caret position and caret rect. This allows us to avoid the isEditableNode() check in this scenario when
deciding whether to trigger paint invalidation, which is unnecessary because we already know that the node
containing the caret is being removed, so the renderer is going to be repainted anyways. We also pull this logic
out into a separate helper method, clearCaretPositionWithoutUpdatingStyle(), to make it clear that we must
avoid triggering style recalc here.

Test: DragAndDropTests.DoNotCrashWhenRemovingNodeOnDrop

editing/FrameSelection.cpp: (WebCore::DragCaretController::nodeWillBeRemoved): (WebCore::DragCaretController::clearCaretPositionWithoutUpdatingStyle):
editing/FrameSelection.h:

Tools:

Add a test to exercise the crash using drag and drop in WebKit2, on both iOS and macOS.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/remove-node-on-drop.html: Added.
TestWebKitAPI/Tests/WebKitCocoa/DragAndDropTests.mm: (TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287992 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289268] by Russell Epstein

4 edits in branches/safari-613-branch/Source/bmalloc

Cherry-pick r287991. rdar://problem/87557006

[libpas] add assertions that we aren't switching to a NULL lock
https://bugs.webkit.org/show_bug.cgi?id=235190

Reviewed by Yusuke Suzuki.

This adds a pas_panic call when pas_local_allocator_stop sees a NULL page->lock_ptr. That's one
possible explanation of a very rare crash I'm seeing where return_memory_to_page fails its assertion
that we are holding the page lock.

This also adds TESTING asserts in a bunch of other places. The PAS_TESTING_ASSERTS about this are in
places that are perf-sensitive, so we probably cannot assert in production. The hope behind those is
that it will help to catch this issue in test_pas.

libpas/src/libpas/pas_local_allocator.c: (stop_impl):
libpas/src/libpas/pas_segregated_page.c: (pas_segregated_page_switch_lock_and_rebias_while_ineligible_impl):
libpas/src/libpas/pas_segregated_page_inlines.h: (pas_segregated_page_lock_with_unbias_not_utility): (pas_segregated_page_lock_with_unbias): (pas_segregated_page_lock): (pas_segregated_page_switch_lock_impl): (pas_segregated_page_switch_lock_with_mode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287991 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289267] by Russell Epstein

4 edits
2 adds in branches/safari-613-branch

Cherry-pick r287981. rdar://problem/84069534

REGRESSION (r278561): Right clicking a link selects the full line with unrelated text
https://bugs.webkit.org/show_bug.cgi?id=235172
<rdar://84069534>

Reviewed by Dean Jackson.

Source/WebCore:

r278561 slightly change highlightStateForTextBox's behavior which now (correctly) returns HighlightState::None when the
RenderText content is not part of the current selection. Prior to r278561, it returned the RenderText's original selection state
which in this case was HighlightState::End.

<div><span>A<br>B<span style="position: absolute"></span></span>C</div>

In this specific case when we select the outer <span>, we end up with the following selection states for the generated line boxes:

(B) -> "Inside"
(C) -> "None"

while previously (C) came back as "End" (note that the absolute positioned element does not generate line boxes).

Now as Line::selectionState traverses through the line boxes, it comes across an unexpected "Inside -> None" transition at the selection end boundary (B -> C)
which incorrectly leaves the line state in "Inside" and we paint the selection all the way to the end of the block.

Test: fast/editing/selection-with-absolute-positioned-empty-content.html

layout/integration/InlineIteratorLine.cpp: (WebCore::InlineIterator::Line::selectionState const):

LayoutTests:

fast/editing/selection-with-absolute-positioned-empty-content-expected.txt: Added.
fast/editing/selection-with-absolute-positioned-empty-content.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287981 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289266] by Russell Epstein

6 edits
2 adds in branches/safari-613-branch

Cherry-pick r287970. rdar://problem/87423294

PCM: Same-site triggering events should support ephemeral measurement
https://bugs.webkit.org/show_bug.cgi?id=235160
<rdar://87423294>

Reviewed by Alex Christensen.

Source/WebCore:

We added ephemeral measurement for direct response advertising in https://bugs.webkit.org/show_bug.cgi?id=228984.
We added support for same-site triggering events in https://bugs.webkit.org/show_bug.cgi?id=233173.
These two features should work together.

The bug was that WebKit::NetworkSession::handlePrivateClickMeasurementConversion()
only checked for cross-site triggering events when handling ephemeral measurements.

Test: http/tests/privateClickMeasurement/triggering-event-with-attribution-source-through-fetch-keepalive-ephemeral.html

loader/PrivateClickMeasurement.cpp: (WebCore::PrivateClickMeasurement::isNeitherSameSiteNorCrossSiteTriggeringEvent):

New convenience function to enhance readability in
WebKit::NetworkSession::handlePrivateClickMeasurementConversion().

loader/PrivateClickMeasurement.h:

Source/WebKit:

We added ephemeral measurement for direct response advertising in https://bugs.webkit.org/show_bug.cgi?id=228984.
We added support for same-site triggering events in https://bugs.webkit.org/show_bug.cgi?id=233173.
These two features should work together.

NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::handlePrivateClickMeasurementConversion):

This function previously only checked for cross-site triggering events when
handling ephemeral measurements. Now it also checks for same-site triggering
events.

LayoutTests:

http/tests/privateClickMeasurement/triggering-event-with-attribution-source-through-fetch-keepalive-ephemeral-expected.txt: Added.
http/tests/privateClickMeasurement/triggering-event-with-attribution-source-through-fetch-keepalive-ephemeral.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287970 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289265] by Russell Epstein

12 edits
5 adds in branches/safari-613-branch/Source/bmalloc

Cherry-pick r287968. rdar://problem/87256207

[libpas] thread_local_cache should not be allocated in the compact heap (cherry pick 11afcedfb5968f6894379ff1a41dd449ba7745f6)
https://bugs.webkit.org/show_bug.cgi?id=235096

Reviewed by Yusuke Suzuki.

Thread local caches can get quite large because of how libpas uses them, we can allocate one per
thread, and we reallocate them with exponential resizing, so there's a lot of wasted space and a
decent amount of fragmentation. This shows up as occasional crashes trying to allocate a thread local
cache out of the compact heap.

This moves thread local caches out of the compact heap. They were only ever there because partial views
sometimes need to point to the local_allocator's bitvector, but that's part of the thread local cache.
So, that means that either the partial views' bits pointer cannot be a compact pointer, or the
thread_local_cache needs to be in the compact heap. So, the thread_local_cache ended up in the compact
heap to keep that pointer small.

This change works around the problem: it's rare that the partial views' bits pointer points at
the local_allocator's bits, and none of the fast path cases where we access that pointer will ever see
it in that state. So, this makes the pointer either point to a utility-heap-allocated box that contains
the full pointer, or it points at the actual array allocated in the compact heap. The utility heap is
in the compact heap, so the compact pointer can point at either one. The implementation of this is
encapsulated as pas_lenient_compact_ptr. It's a bit gross; storing to it only works when you're holding
the heap lock, for example.

This is perf-neutral on Speedometer. This is perf-neutral on JS2 cli with full JSC isoheaps (i.e. the
patch from bug 231938). It's a 0.4% regression on RAMification with full JSC isoheaps, but I'm not
going to worry about that because trunk doesn't have full JSC isoheaps, and JSC isoheaps requires some
change like this to work reliably (currently it'll randomly run out of compact heap).

bmalloc.xcodeproj/project.pbxproj:
libpas/libpas.xcodeproj/project.pbxproj:
libpas/src/libpas/pas_enumerate_segregated_heaps.c: (enumerate_partial_view):
libpas/src/libpas/pas_full_alloc_bits_inlines.h: (pas_full_alloc_bits_create_for_partial_but_not_primordial): (pas_full_alloc_bits_create_for_partial):
libpas/src/libpas/pas_lenient_compact_ptr.h: Added.
libpas/src/libpas/pas_lenient_compact_ptr_inlines.h: Added.
libpas/src/libpas/pas_lenient_compact_unsigned_ptr.c: Added.
libpas/src/libpas/pas_lenient_compact_unsigned_ptr.h: Added.
libpas/src/libpas/pas_local_allocator.c: (pas_local_allocator_move):
libpas/src/libpas/pas_local_allocator_inlines.h: (pas_local_allocator_set_up_free_bits): (pas_local_allocator_start_allocating_in_primordial_partial_view): (pas_local_allocator_bless_primordial_partial_view_before_stopping):
libpas/src/libpas/pas_segregated_partial_view.c: (pas_segregated_partial_view_create): (compute_summary):
libpas/src/libpas/pas_segregated_partial_view.h:
libpas/src/libpas/pas_segregated_view_allocator_inlines.h: (pas_segregated_view_will_start_allocating):
libpas/src/libpas/pas_thread_local_cache.c: (deallocate): (allocate_cache):
libpas/src/test/LotsOfHeapsAndThreads.cpp: Added. (std::testLotsOfHeapsAndThreads): (addLotsOfHeapsAndThreadsTests):
libpas/src/test/TestHarness.cpp: (main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287968 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289264] by Russell Epstein

15 edits in branches/safari-613-branch/Source

Cherry-pick r287959. rdar://problem/80213097

Add to Contact menu item does nothing on mac.
https://bugs.webkit.org/show_bug.cgi?id=235154
Source/WebCore:

Reviewed by Tim Horton.

Add to Context menu item for telephone numbers did not actually show the contact card.
This was because the delgate did not tell the menu where to display the card from, so it just failed.
Plumbing that information through fixes the issue.

page/ChromeClient.h: (WebCore::ChromeClient::handleTelephoneNumberClick):
page/mac/ServicesOverlayController.mm: (WebCore::ServicesOverlayController::handleClick):

Source/WebKit:

rdar://80213097

Reviewed by Tim Horton.

Add to Context menu item for telephone numbers did not actually show the contact card.
This was because the delgate did not tell the menu where to display the card from, so it just failed.
Plumbing that information through fixes the issue.

Platform/mac/MenuUtilities.h:
Platform/mac/MenuUtilities.mm: (-[WKEmptyPresenterHighlightDelegate initWithRect:]): (-[WKEmptyPresenterHighlightDelegate revealContext:rectsForItem:]): (-[WKEmptyPresenterHighlightDelegate revealContext:shouldUseDefaultHighlightForItem:]): (WebKit::menuForTelephoneNumber):
UIProcess/PageClient.h:
UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
UIProcess/mac/PageClientImplMac.h:
UIProcess/mac/WebPageProxyMac.mm: (WebKit::WebPageProxy::showTelephoneNumberMenu):
WebProcess/WebCoreSupport/WebChromeClient.cpp: (WebKit::WebChromeClient::handleTelephoneNumberClick):
WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/mac/WebPageMac.mm: (WebKit::WebPage::handleTelephoneNumberClick):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287959 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289263] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebKitLegacy/mac

Cherry-pick r287951. rdar://problem/83501315

_paintBehaviorForDestinationContext should consider kCGContextTypeDisplayList type contexts as potentially being snapshots
https://bugs.webkit.org/show_bug.cgi?id=234626
<rdar://83501315>

Patch by Matt Woodrow <Matt Woodrow> on 2022-01-12
Reviewed by Simon Fraser.

_paintBehaviorForDestinationContext currently always returns Normal for contexts that aren't a bitmap context.
AppKit now provides a context that is of type kCGContextTypeDisplayList, and we want to still potentially consider it a
snapshot paint (if the other conditions below are met). This ensure images are sync decoded for consumers that just
want a single paint.

WebView/WebFrame.mm: (-[WebFrame _paintBehaviorForDestinationContext:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289262] by Russell Epstein

4 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r287939. rdar://problem/85082354

Correctly dirty z-order lists when showing a modal dialog
https://bugs.webkit.org/show_bug.cgi?id=232762
<rdar://problem/85082354>

Reviewed by Alan Bujtas.

When showing a dialog element which is split into continuations, we need to ensure
to call establishesTopLayerWillChange()/establishesTopLayerDidChange() on the
layers of all the continuation renderers.

dom/Element.cpp: (WebCore::forEachRenderLayer): Call the provided function on the layers for all the associated render objects. It's a little cumbersome because layers relate to RenderLayerModelObject, but continuations relate to RenderBoxModelObject. (WebCore::Element::addToTopLayer): (WebCore::Element::removeFromTopLayer): (WebCore::renderLayerForElement): Deleted.
rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::forRendererAndContinuations):
rendering/RenderBoxModelObject.h: Provider a static helper to call a function on a renderer and all its continuations, if any.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287939 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289261] by Russell Epstein

10 edits in branches/safari-613-branch/Source/WebKit

Cherry-pick r287930. rdar://problem/85790203

[iOS] Page loading hangs for ~10s on WebProcess launch
https://bugs.webkit.org/show_bug.cgi?id=235089

Reviewed by Eric Carlson.

WebPage::setMuted() will result in calling into the current audioCaptureFactory,
which will be by default CoreAudioAudioCaptureFactory unless replaced.
CoreAudioAudioCaptureFactory will in turn call into AVAudioSession, which will block
for multiple seconds due to the WebContent process sandbox.

Change the order in which these calls occur by configuring the audioCaptureFactory
in platformInitialize(), which occurs near the top of the constructor. This requires
access to the WebPageCreationParameters passed into the constructor, modify that method
to take a WebPageCreationParameters, and modify all the platform-specific definitions of
that method.

WebProcess/WebPage/Cocoa/WebPageCocoa.mm: (WebKit::WebPage::platformInitialize):
WebProcess/WebPage/WebPage.cpp: (WebKit::m_appHighlightsVisible):
WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/gtk/WebPageGtk.cpp: (WebKit::WebPage::platformInitialize):
WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformInitialize): Deleted.
WebProcess/WebPage/mac/WebPageMac.mm: (WebKit::WebPage::platformInitializeAccessibility): (WebKit::WebPage::platformInitialize): Deleted.
WebProcess/WebPage/playstation/WebPagePlayStation.cpp: (WebKit::WebPage::platformInitialize):
WebProcess/WebPage/win/WebPageWin.cpp: (WebKit::WebPage::platformInitialize):
WebProcess/WebPage/wpe/WebPageWPE.cpp: (WebKit::WebPage::platformInitialize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287930 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289260] by Russell Epstein

5 edits in branches/safari-613-branch/Source

Cherry-pick r287914. rdar://problem/85451366

Protect DocumentLoader when a reference to its members is used.
https://bugs.webkit.org/show_bug.cgi?id=233464

Patch by Frédéric Wang <fwang@igalia.com> on 2022-01-12
Reviewed by Brady Eidson.

Source/WebCore:

No new tests, due to our infra (bug 127676).

loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ensure that DocumentLoader loader remains alive while DocumentLoader::m_mainDocumentError is used.

Source/WebKit:

UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didFinishLoadForFrame): If the navigationID is obsolete, skip update of the page load state to avoid failure of debug ASSERT.
WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::dispatchDidFinishLoad): Ensure that DocumentLoader loader remains alive while DocumentLoader::m_request is used.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289259] by Russell Epstein

2 edits in branches/safari-613-branch/Source/WebCore

Cherry-pick r287899. rdar://problem/83925935

DataURLResourceMediaLoader decodes the URL repeatedly during a video playback
https://bugs.webkit.org/show_bug.cgi?id=234940

Reviewed by Darin Adler.

In r264864, we adopted a new SPI to tell AVFoundation that the entire file is available for custom URLs.
As a result, during a video playback, AVFoundation will request small data ranges instead of "caching"
the whole file again.

However, that leads to efficiency issue for DataURLResourceMediaLoader. Because it needs to decode the whole
URL when AVFoundation requests a data range, which is inefficient when the URL is very long.

This patch reverts the change in r264864 for the DataURLResourceMediaLoader case to fix the performance issue.
If DataURLDecoder::decode() supports decoding a data range in the future, we can change it back for better
memory efficiency.

platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm: (WebCore::WebCoreAVFResourceLoader::responseReceived):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289258] by Russell Epstein

7 edits in branches/safari-613-branch

Cherry-pick r287891. rdar://problem/85345180

REGRESSION (r283723): Web Inspector: CSS declarations unexpectedly removed when editing property value
https://bugs.webkit.org/show_bug.cgi?id=233195

Reviewed by Devin Rousso.

Source/WebInspectorUI:

Re-attach CSS property if it was detached while editing.

CSSProperty is detached when focusing on property name and deleting it. Consequent edits of the detached
CSSProperty were not saved. This patch re-attaches detached property at the previous position.

UserInterface/Models/CSSProperty.js: (WI.CSSProperty.prototype.set name):
UserInterface/Models/CSSStyleDeclaration.js: (WI.CSSStyleDeclaration.prototype.newBlankProperty): (WI.CSSStyleDeclaration.prototype.insertProperty): Introduce this method since the logic is used in two different places now.

LayoutTests:

Test removing CSS property name.

inspector/css/modify-css-property-expected.txt:
inspector/css/modify-css-property.html:
inspector/css/resources/modify-css-property.css: (.rule-e):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287891 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:52 PM Changeset in webkit [289257] by Russell Epstein

4 edits in branches/safari-613-branch

Cherry-pick r287847. rdar://problem/86488039

ASSERTION FAILED in RenderLayer::updateClipRects
https://bugs.webkit.org/show_bug.cgi?id=234315

Reviewed by Simon Fraser.

Source/WebCore:

In clippingRootForPainting(), the dialog element uses the top layer as its clipping root layer.
When it caculates the clip rects, it caculates all its ancestors' clip rects and caches them
including the clipping root layer. However, if the ancestor is a transformed layer, it should be
treated as a root layer. When the transformed layer updates its clip rects, the root layer won't
match the one in cache. This patch stops the dialog descendant propagating its clipping root layer
to the ancestors' in cache.

rendering/RenderLayer.cpp: (WebCore::RenderLayer::clipCrossesPaintingBoundary const):

LayoutTests:

TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@287847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:13 PM Changeset in webkit [289256] by Elliott Williams

3 edits
1 delete in trunk/Source/WTF

Replace "Copy WTF Headers" with native build phases
https://bugs.webkit.org/show_bug.cgi?id=235744

Reviewed by Alexey Proskuryakov.

Replace the rsync-based script that copied WTF headers with Xcode-native copy file phases.
Unfortunately, this entails having separate build phases for each subdirectory of <wtf/...>.

Workspace builds may have dependencies on individual headers in WTF, and the native copy
phases provide the build system with enough information to form those task dependencies.

Configurations/WTF.xcconfig: Set PRIVATE_HEADERS_FOLDER_PATH.
Configurations/CopyWTFHeaders.xcconfig: Removed.
WTF.xcodeproj/project.pbxproj: Remove "Copy WTF Headers" and add copy file phases.

6:05 PM Changeset in webkit [289255] by Brent Fulgham

8 edits in trunk

Always sync ResourceRequest isAppInitiated request with NSURLRequest attribution value
https://bugs.webkit.org/show_bug.cgi?id=236167
<rdar://88490742>

Reviewed by Darin Adler.

Source/WebCore:

We should always keep the state of our 'isAppInitiated' flag in sync with the underlying
NSURLRequest object. This also corrects a problem where the 'setIsAppInitiated' method
does not mark the platform URL request as dirty, so it does not update with the correct
state of the flag.

Tests: New TestWebKitAPI Test (AppPrivacyReport.NSURLRequestConstructorAttribution)

platform/network/ResourceRequestBase.cpp:

(WebCore::ResourceRequestBase::setIsAppInitiated):

platform/network/ResourceRequestBase.h:
platform/network/cf/ResourceRequest.h:
platform/network/cocoa/ResourceRequestCocoa.mm:

(WebCore::ResourceRequest::ResourceRequest):
(WebCore::ResourceRequest::doUpdatePlatformRequest):
(WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
(WebCore::copyRequestWithStorageSession):

rendering/RenderThemeIOS.mm:

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/xcshareddata/xcschemes/TestWebKitAPI.xcscheme:
TestWebKitAPI/Tests/WebKitCocoa/AppPrivacyReport.mm:

5:45 PM Changeset in webkit [289254] by ddkilzer@apple.com

2 edits in trunk/Source/WTF

WTF::HashAndUTF8CharactersTranslator::translate() falls through ASSERT_NOT_REACHED()
<https://webkit.org/b/234944>
<rdar://problem/87230618>

Reviewed by Darin Adler.

wtf/text/AtomStringImpl.cpp:

(WTF::HashAndUTF8CharactersTranslator::translate):

Change ASSERT_NOT_REACHED() to RELEASE_ASSERT_NOT_REACHED().

5:33 PM Changeset in webkit [289253] by jonlee@apple.com

11 edits in trunk/LayoutTests

Unreviewed gardening.

Add fuzzy data to tests.

compositing/patterns/direct-pattern-compositing-cover.html:
compositing/patterns/direct-pattern-compositing-size.html:
css3/calc/block-mask-overlay-image-outset.html:
fast/backgrounds/background-opaque-clipped-gradients.html:
fast/borders/border-image-repeat-stretch.html:
fast/layers/overflow-scroll-transform-border-radius.html:
fast/text/international/system-language/hindi-system-font-punctuation.html:
fast/text/simple-lines-float.html:
http/tests/security/svg-image-with-cached-remote-image.html:
svg/clip-path/clip-opacity.html:

5:13 PM Changeset in webkit [289252] by Lauro Moura

3 edits in trunk/Source/WebCore

Unreviewed, non-unified build fixes after 246907@main
https://bugs.webkit.org/show_bug.cgi?id=236256

style/ContainerQueryEvaluator.cpp:
style/ContainerQueryEvaluator.h:

5:13 PM Changeset in webkit [289251] by Jonathan Bedard

2 edits in trunk/Tools

[webkitscmpy] Adopt webkitbugspy for GitHub issues (Part 3)
https://bugs.webkit.org/show_bug.cgi?id=235899
<rdar://problem/88280520>

Reviewed by Dewei Zhu.

Tools/Scripts/webkitpy/init.py: Add webkitbugspy as a local dependency,

bump local dependency version dependencies.

Canonical link: https://commits.webkit.org/246935@main

5:13 PM Changeset in webkit [289250] by Jonathan Bedard

7 edits in trunk/Tools

[webkitscmpy] Adopt webkitbugspy for GitHub issues (Part 2)
https://bugs.webkit.org/show_bug.cgi?id=235899
<rdar://problem/88280520>

Reviewed by Dewei Zhu.

Tools/Scripts/libraries/webkitscmpy/setup.py: Add webkitbugspy dependency.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/remote/git_hub.py:

(GitHub): Build on top of webkitbugspy's mock GitHub server.
(GitHub.init): Pass mock environment to base class.
(GitHub.request): Let webkitbugspy handle issues.
(GitHub.enter): Deleted.
(GitHub.exit): Deleted.
(GitHub._users): Deleted.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/remote/git_hub.py:

(GitHub.PRGenerator.PullRequest): Linked issue should be an "issue" object.
(GitHub.PRGenerator.create): Ditto.
(GitHub.PRGenerator.update): Ditto.
(GitHub.PRGenerator._contributor): Leverage webkitbugpy to retrieve information
about unknown contributors.
(GitHub.PRGenerator.comment): Leverage webkitbugspy to create comments.
(GitHub.PRGenerator.comments): Leverage webkitbugspy to retrieve comments.
(GitHub.init): Construct a tracker, populate it's user mapping.
(GitHub.credentials): Leverage webkitbugspy to retrieve credentials.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/land_unittest.py:

(TestLandGitHub.webserver): Create a mock issue.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:

(TestNetworkPullRequestGitHub.webserver): Create a mock issue.

Canonical link: https://commits.webkit.org/246934@main

5:13 PM Changeset in webkit [289249] by Jonathan Bedard

7 edits in trunk/Tools

[webkitscmpy] Adopt webkitbugspy for GitHub issues (Part 1)
https://bugs.webkit.org/show_bug.cgi?id=235899
<rdar://problem/88280520>

Reviewed by Dewei Zhu.

Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/init.py: Ditto.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py:

(Tracker.Encoder.default): Handle API url regexes.
(Tracker.init): Match API urls.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/github.py:

(GitHub.init): Spell "username" correctly.
(GitHub._issue): Handle case where assignee or watchers is undefined.
(GitHub.request): Rename "api_host" to "api_remote" to match webkitscmpy.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/github_unittest.py:

(TestGitHub.test_link):

Canonical link: https://commits.webkit.org/246933@main

4:22 PM Changeset in webkit [289248] by Tyler Wilcock

9 edits
5 adds in trunk

AX: Move node-dependent role computation to AccessibilityNodeObject from AccessibilityRenderObject
https://bugs.webkit.org/show_bug.cgi?id=236166

Reviewed by Chris Fleizach.

Source/WebCore:

AccessibilityRenderObject::determineAccessibilityRole has a lot of
logic for computing the object's role that depends only on the node
associated with the object, not the renderer. This means that objects
that typically have renderers but sometimes don't (e.g. objects with
hidden + aria-hidden="false", objects with display: contents)
can't have these roles, which is wrong.

This patch improves this by moving these node-dependent role
calcuations to a new determineAccessibilityRoleFromNode function, and
changing AccessibilityRenderObject to use that.

Test: accessibility/aria-visible-element-roles.html

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::determineAccessibilityRole):
(WebCore::AccessibilityNodeObject::determineAccessibilityRoleFromNode const):
Added.
(WebCore::AccessibilityNodeObject::isDescendantOfElementType const):
(WebCore::AccessibilityNodeObject::isFileUploadButton const):
Moved to AccessibilityObject.

accessibility/AccessibilityNodeObject.h:
accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::isButton const):
Remove unnecessary whitespace.
(WebCore::AccessibilityObject::isFileUploadButton const):

accessibility/AccessibilityObject.h:
accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::determineAccessibilityRole):
If properties of m_renderer don't yield a role, fallback to
determineAccessibilityRoleFromNode.
(WebCore::AccessibilityRenderObject::isDescendantOfElementType const):
Moved to AccessibilityNodeObject.

accessibility/AccessibilityRenderObject.h:

LayoutTests:

Add test to verify ARIA visible objects (e.g. those with hidden and
aria-hidden="false") compute their role and subrole properly based
on their DOM element.

accessibility/aria-visible-element-roles.html: Added.
platform/glib/accessibility/aria-visible-element-roles-expected.txt: Added.
platform/mac-wk1/accessibility/aria-visible-element-roles-expected.txt: Added.
platform/mac-wk2/accessibility/aria-visible-element-roles-expected.txt: Added.
platform/win/accessibility/aria-visible-element-roles-expected.txt: Added.

platform/mac-wk2/accessibility/roles-exposed-expected.txt:

This patch results in a progression in computing the role of these
inputs, which before were all consided to be AXGroup:

input[type='date']
input[type='datetime-local']
input[type='month']
input[type='time']
input[type='week']

4:18 PM Changeset in webkit [289247] by Chris Dumez

82 edits
6 copies
27 adds
2 deletes in trunk

Add support for sharing Shared Workers (including across WebProcesses)
https://bugs.webkit.org/show_bug.cgi?id=235958
<rdar://problem/88330666>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline existing WPT tests involving shared workers.

web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub-expected.txt:
web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub-expected.txt:
web-platform-tests/content-security-policy/inside-worker/sharedworker-report-only.sub-expected.txt:
web-platform-tests/content-security-policy/inside-worker/sharedworker-script-src.sub-expected.txt:
web-platform-tests/content-security-policy/script-src/worker-set-timeout.sub-expected.txt:
web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.https-expected.txt:
web-platform-tests/html/cross-origin-embedder-policy/cross-origin-isolated-permission.https-expected.txt:
web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https-expected.txt:
web-platform-tests/html/cross-origin-embedder-policy/worker-inheritance.sub.https-expected.txt:
web-platform-tests/service-workers/service-worker/claim-shared-worker-fetch.https-expected.txt:
web-platform-tests/workers/SharedWorker_dataUrl-expected.txt:
web-platform-tests/workers/modules/shared-worker-import-blob-url.window-expected.txt:
web-platform-tests/workers/modules/shared-worker-import-data-url-cross-origin-expected.txt:
web-platform-tests/workers/modules/shared-worker-import-data-url.window-expected.txt:
web-platform-tests/workers/modules/shared-worker-import-referrer-expected.txt:
web-platform-tests/workers/modules/shared-worker-import.window-expected.txt:
web-platform-tests/workers/modules/shared-worker-options-credentials-expected.txt:
web-platform-tests/workers/semantics/multiple-workers/004-expected.txt:
web-platform-tests/workers/semantics/multiple-workers/008-expected.txt:
web-platform-tests/workers/shared-worker-from-blob-url.window-expected.txt:
web-platform-tests/workers/shared-worker-name-via-options-expected.txt:
web-platform-tests/workers/shared-worker-options-mismatch-expected.txt:
web-platform-tests/xhr/open-url-redirected-sharedworker-origin-expected.txt:

Source/WebCore:

Add support for sharing Shared Workers, including across WebProcesses. The architecture
is modeled after the one we use for Service Workers since they are very similar. I tried
sharing as much code as possible with Service Workers but some more work can probably be
done in this area.

With this change, shared workers should be mostly functional and spec compliant. However,
the feature remains disabled by default for now as there are still WPT tests failures I
need to investigate. Also, I need to implement a better process suspension logic on iOS
to replace the hack I added in this patch (to make the tests run reliably on iOS).

As with Service Workers, Shared Workers are partitioned by (Top Origin + Frame Origin)
for privacy reasons. This is achieved via the SharedWorkerKey object that we use as
HashMap key.

No new tests, covered by existing WPT tests.

Headers.cmake:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
platform/Logging.h:
workers/shared/SharedWorker.cpp:

(WebCore::SharedWorker::fromIdentifier):
(WebCore::SharedWorker::create):
(WebCore::SharedWorker::SharedWorker):
(WebCore::SharedWorker::~SharedWorker):
(WebCore::SharedWorker::didFinishLoading):
(WebCore::SharedWorker::virtualHasPendingActivity const):
(WebCore::SharedWorker::stop):
(WebCore::SharedWorker::terminate): Deleted.

workers/shared/SharedWorker.h:
workers/shared/SharedWorker.idl:
workers/shared/SharedWorkerKey.h: Added.

(WebCore::SharedWorkerKey::hash const):
(WebCore::SharedWorkerKey::encode const):
(WebCore::SharedWorkerKey::decode):
(WebCore::operator==):
(WTF::DefaultHash<WebCore::SharedWorkerKey>::hash):
(WTF::DefaultHash<WebCore::SharedWorkerKey>::equal):
(WTF::HashTraits<WebCore::SharedWorkerKey>::constructDeletedValue):
(WTF::HashTraits<WebCore::SharedWorkerKey>::isDeletedValue):

workers/shared/SharedWorkerManager.cpp: Removed.

(WebCore::SharedWorkerManager::singleton): Deleted.
(WebCore::SharedWorkerManager::connect): Deleted.
(WebCore::SharedWorkerManager::scriptLoadFailed): Deleted.
(WebCore::SharedWorkerManager::scriptLoadedSuccessfully): Deleted.

workers/shared/SharedWorkerManager.h: Removed.
workers/shared/SharedWorkerObjectConnection.cpp:

(WebCore::SharedWorkerObjectConnection::fetchScriptInClient):
(WebCore::SharedWorkerObjectConnection::notifyWorkerObjectOfLoadCompletion):
(WebCore::SharedWorkerObjectConnection::postExceptionToWorkerObject):

workers/shared/SharedWorkerObjectConnection.h:
workers/shared/SharedWorkerObjectIdentifier.h: Copied from Source/WebCore/workers/shared/SharedWorkerObjectConnection.cpp.
workers/shared/SharedWorkerScriptLoader.cpp:

(WebCore::SharedWorkerScriptLoader::SharedWorkerScriptLoader):
(WebCore::SharedWorkerScriptLoader::load):
(WebCore::SharedWorkerScriptLoader::notifyFinished):

workers/shared/SharedWorkerScriptLoader.h:

(WebCore::SharedWorkerScriptLoader::options const):
(WebCore::SharedWorkerScriptLoader::identifier const): Deleted.
(WebCore::SharedWorkerScriptLoader::options): Deleted.

workers/shared/context/SharedWorkerContextManager.cpp: Added.

(WebCore::SharedWorkerContextManager::singleton):
(WebCore::SharedWorkerContextManager::sharedWorker const):
(WebCore::SharedWorkerContextManager::stopSharedWorker):
(WebCore::SharedWorkerContextManager::stopAllSharedWorkers):
(WebCore::SharedWorkerContextManager::setConnection):
(WebCore::SharedWorkerContextManager::connection const):
(WebCore::SharedWorkerContextManager::registerSharedWorkerThread):
(WebCore::SharedWorkerContextManager::Connection::postConnectEvent):
(WebCore::SharedWorkerContextManager::Connection::terminateSharedWorker):

workers/shared/context/SharedWorkerContextManager.h: Added.

(WebCore::SharedWorkerContextManager::Connection::~Connection):
(WebCore::SharedWorkerContextManager::Connection::isClosed const):
(WebCore::SharedWorkerContextManager::Connection::setAsClosed):

workers/shared/context/SharedWorkerThreadProxy.cpp:

(WebCore::generateWorkerParameters):
(WebCore::SharedWorkerThreadProxy::SharedWorkerThreadProxy):
(WebCore::SharedWorkerThreadProxy::~SharedWorkerThreadProxy):
(WebCore::SharedWorkerThreadProxy::notifyNetworkStateChange):
(WebCore::SharedWorkerThreadProxy::postExceptionToWorkerObject):
(WebCore::SharedWorkerThreadProxy::createCacheStorageConnection):
(WebCore::SharedWorkerThreadProxy::createRTCDataChannelRemoteHandlerConnection):
(WebCore::SharedWorkerThreadProxy::postTaskToLoader):
(WebCore::SharedWorkerThreadProxy::postTaskForModeToWorkerOrWorkletGlobalScope):
(WebCore::SharedWorkerThreadProxy::networkStateChanged):
(WebCore::SharedWorkerThreadProxy::startWorkerGlobalScope): Deleted.
(WebCore::SharedWorkerThreadProxy::terminateWorkerGlobalScope): Deleted.
(WebCore::SharedWorkerThreadProxy::postMessageToWorkerGlobalScope): Deleted.
(WebCore::SharedWorkerThreadProxy::postTaskToWorkerGlobalScope): Deleted.
(WebCore::SharedWorkerThreadProxy::hasPendingActivity const): Deleted.
(WebCore::SharedWorkerThreadProxy::workerObjectDestroyed): Deleted.
(WebCore::SharedWorkerThreadProxy::suspendForBackForwardCache): Deleted.
(WebCore::SharedWorkerThreadProxy::resumeForBackForwardCache): Deleted.
(WebCore::SharedWorkerThreadProxy::workerGlobalScopeDestroyed): Deleted.
(WebCore::SharedWorkerThreadProxy::postMessageToWorkerObject): Deleted.
(WebCore::SharedWorkerThreadProxy::confirmMessageFromWorkerObject): Deleted.
(WebCore::SharedWorkerThreadProxy::reportPendingActivity): Deleted.
(WebCore::SharedWorkerThreadProxy::workerGlobalScopeDestroyedInternal): Deleted.

workers/shared/context/SharedWorkerThreadProxy.h:

Source/WebKit:

As with Service Workers, Shared Workers are partitioned by (Top Origin + Frame Origin)
for privacy reasons. This is achieved via the SharedWorkerKey object that we use as
HashMap key.

CMakeLists.txt:
DerivedSources-input.xcfilelist:
DerivedSources-output.xcfilelist:
DerivedSources.make:
NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::m_schemeRegistry):
(WebKit::NetworkConnectionToWebProcess::~NetworkConnectionToWebProcess):
(WebKit::NetworkConnectionToWebProcess::didReceiveMessage):
(WebKit::NetworkConnectionToWebProcess::didClose):
(WebKit::NetworkConnectionToWebProcess::establishSharedWorkerContextConnection):
(WebKit::NetworkConnectionToWebProcess::establishSharedWorkerServerConnection):
(WebKit::NetworkConnectionToWebProcess::closeSharedWorkerContextConnection):
(WebKit::NetworkConnectionToWebProcess::unregisterSharedWorkerConnection):
(WebKit::NetworkConnectionToWebProcess::sharedWorkerServerToContextConnectionIsNoLongerNeeded):
(WebKit::NetworkConnectionToWebProcess::sharedWorkerConnection):

NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::ensureSharedWorkerServer):

NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::sharedWorkerServer):

NetworkProcess/SharedWorker/WebSharedWorker.cpp: Copied from Source/WebKit/WebProcess/Storage/WebSharedWorkerObjectConnection.cpp.

(WebKit::WebSharedWorker::WebSharedWorker):
(WebKit::WebSharedWorker::~WebSharedWorker):
(WebKit::WebSharedWorker::fromIdentifier):
(WebKit::WebSharedWorker::registrableDomain const):

NetworkProcess/SharedWorker/WebSharedWorker.h: Added.

(WebKit::WebSharedWorker::identifier const):
(WebKit::WebSharedWorker::key const):
(WebKit::WebSharedWorker::workerOptions const):
(WebKit::WebSharedWorker::origin const):
(WebKit::WebSharedWorker::url const):
(WebKit::WebSharedWorker::sharedWorkerObjects):
(WebKit::WebSharedWorker::isRunning const):
(WebKit::WebSharedWorker::markAsRunning):
(WebKit::WebSharedWorker::fetchResult const):
(WebKit::WebSharedWorker::setFetchResult):
(WebKit::WebSharedWorker::didFinishFetching const):

NetworkProcess/SharedWorker/WebSharedWorkerServer.cpp: Added.

(WebKit::WebSharedWorkerServer::WebSharedWorkerServer):
(WebKit::WebSharedWorkerServer::sessionID):
(WebKit::WebSharedWorkerServer::requestSharedWorker):
(WebKit::WebSharedWorkerServer::didFinishFetchingSharedWorkerScript):
(WebKit::WebSharedWorkerServer::needsContextConnectionForRegistrableDomain const):
(WebKit::WebSharedWorkerServer::createContextConnection):
(WebKit::WebSharedWorkerServer::addContextConnection):
(WebKit::WebSharedWorkerServer::removeContextConnection):
(WebKit::WebSharedWorkerServer::contextConnectionCreated):
(WebKit::WebSharedWorkerServer::sharedWorkerObjectIsGoingAway):
(WebKit::WebSharedWorkerServer::shutDownSharedWorker):
(WebKit::WebSharedWorkerServer::addConnection):
(WebKit::WebSharedWorkerServer::removeConnection):
(WebKit::WebSharedWorkerServer::contextConnectionForRegistrableDomain const):
(WebKit::WebSharedWorkerServer::postExceptionToWorkerObject):

NetworkProcess/SharedWorker/WebSharedWorkerServer.h: Added.
NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp: Added.

(WebKit::WebSharedWorkerServerConnection::WebSharedWorkerServerConnection):
(WebKit::WebSharedWorkerServerConnection::~WebSharedWorkerServerConnection):
(WebKit::WebSharedWorkerServerConnection::messageSenderConnection const):
(WebKit::WebSharedWorkerServerConnection::sessionID):
(WebKit::WebSharedWorkerServerConnection::session):
(WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
(WebKit::WebSharedWorkerServerConnection::sharedWorkerObjectIsGoingAway):
(WebKit::WebSharedWorkerServerConnection::fetchScriptInClient):
(WebKit::WebSharedWorkerServerConnection::notifyWorkerObjectOfLoadCompletion):
(WebKit::WebSharedWorkerServerConnection::postExceptionToWorkerObject):

NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.h: Added.

(WebKit::WebSharedWorkerServerConnection::server):
(WebKit::WebSharedWorkerServerConnection::server const):
(WebKit::WebSharedWorkerServerConnection::webProcessIdentifier const):

NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.messages.in: Added.
NetworkProcess/SharedWorker/WebSharedWorkerServerToContextConnection.cpp: Added.

(WebKit::WebSharedWorkerServerToContextConnection::WebSharedWorkerServerToContextConnection):
(WebKit::WebSharedWorkerServerToContextConnection::~WebSharedWorkerServerToContextConnection):
(WebKit::WebSharedWorkerServerToContextConnection::webProcessIdentifier const):
(WebKit::WebSharedWorkerServerToContextConnection::ipcConnection const):
(WebKit::WebSharedWorkerServerToContextConnection::messageSenderConnection const):
(WebKit::WebSharedWorkerServerToContextConnection::messageSenderDestinationID const):
(WebKit::WebSharedWorkerServerToContextConnection::connectionIsNoLongerNeeded):
(WebKit::WebSharedWorkerServerToContextConnection::postExceptionToWorkerObject):
(WebKit::WebSharedWorkerServerToContextConnection::launchSharedWorker):
(WebKit::WebSharedWorkerServerToContextConnection::postConnectEvent):
(WebKit::WebSharedWorkerServerToContextConnection::terminateSharedWorker):

NetworkProcess/SharedWorker/WebSharedWorkerServerToContextConnection.h: Added.
NetworkProcess/SharedWorker/WebSharedWorkerServerToContextConnection.messages.in: Added.
Platform/Logging.h:
Scripts/webkit/messages.py:

(types_that_cannot_be_forward_declared):

Sources.txt:
UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::terminateUnresponsiveServiceWorkerProcesses):
(WebKit::NetworkProcessProxy::establishSharedWorkerContextConnectionToNetworkProcess):
(WebKit::NetworkProcessProxy::establishServiceWorkerContextConnectionToNetworkProcess):
(WebKit::NetworkProcessProxy::serviceWorkerContextConnectionNoLongerNeeded):
(WebKit::NetworkProcessProxy::sharedWorkerContextConnectionNoLongerNeeded):

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/Network/NetworkProcessProxy.messages.in:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setUserAgent):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::establishServiceWorkerContextConnectionToNetworkProcess):
(WebKit::WebProcessPool::removeFromWorkerProcesses):
(WebKit::WebProcessPool::establishSharedWorkerContextConnectionToNetworkProcess):
(WebKit::WebProcessPool::disconnectProcess):
(WebKit::WebProcessPool::userContentControllerIdentifierForWorkers):
(WebKit::WebProcessPool::createWebPage):
(WebKit::WebProcessPool::updateWorkerUserAgent):
(WebKit::WebProcessPool::terminateServiceWorkers):
(WebKit::WebProcessPool::workerProcesses):
(WebKit::WebProcessPool::updateProcessAssertions):
(WebKit::WebProcessPool::isServiceWorkerPageID const):
(WebKit::WebProcessPool::serviceWorkerProxiesCount const):
(WebKit::WebProcessPool::hasServiceWorkerForegroundActivityForTesting const):
(WebKit::WebProcessPool::hasServiceWorkerBackgroundActivityForTesting const):
(WebKit::WebProcessPool::removeFromServiceWorkerProcesses): Deleted.
(WebKit::WebProcessPool::userContentControllerIdentifierForServiceWorkers): Deleted.
(WebKit::WebProcessPool::updateServiceWorkerUserAgent): Deleted.
(WebKit::WebProcessPool::serviceWorkerProcesses): Deleted.

UIProcess/WebProcessPool.h:
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::createForWorkers):
(WebKit::WebProcessProxy::didBecomeUnresponsive):
(WebKit::WebProcessProxy::didStartProvisionalLoadForMainFrame):
(WebKit::WebProcessProxy::setWorkerUserAgent):
(WebKit::WebProcessProxy::updateWorkerPreferencesStore):
(WebKit::WebProcessProxy::updateWorkerProcessAssertion):
(WebKit::WebProcessProxy::establishSharedWorkerContext):
(WebKit::WebProcessProxy::registerServiceWorkerClientProcess):
(WebKit::WebProcessProxy::unregisterServiceWorkerClientProcess):
(WebKit::WebProcessProxy::startServiceWorkerBackgroundProcessing):
(WebKit::WebProcessProxy::endServiceWorkerBackgroundProcessing):
(WebKit::WebProcessProxy::disableWorkers):
(WebKit::WebProcessProxy::enableWorkers):
(WebKit::WebProcessProxy::createForServiceWorkers): Deleted.
(WebKit::WebProcessProxy::setServiceWorkerUserAgent): Deleted.
(WebKit::WebProcessProxy::updateServiceWorkerPreferencesStore): Deleted.
(WebKit::WebProcessProxy::updateServiceWorkerProcessAssertion): Deleted.
(WebKit::WebProcessProxy::disableServiceWorkers): Deleted.
(WebKit::WebProcessProxy::enableServiceWorkers): Deleted.

UIProcess/WebProcessProxy.h:

(WebKit::WebProcessProxy::isRunningSharedWorkers const):
(WebKit::WebProcessProxy::isStandaloneSharedWorkerProcess const):
(WebKit::WebProcessProxy::isRunningWorkers const):
(WebKit::WebProcessProxy::hasServiceWorkerPageProxy):

WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::didReceiveMessage):

WebProcess/Network/NetworkProcessConnection.h:
WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp: Added.

(WebKit::WebSharedWorkerContextManagerConnection::WebSharedWorkerContextManagerConnection):
(WebKit::m_userContentController):
(WebKit::WebSharedWorkerContextManagerConnection::establishConnection):
(WebKit::WebSharedWorkerContextManagerConnection::postExceptionToWorkerObject):
(WebKit::WebSharedWorkerContextManagerConnection::updatePreferencesStore):
(WebKit::WebSharedWorkerContextManagerConnection::launchSharedWorker):
(WebKit::WebSharedWorkerContextManagerConnection::close):

WebProcess/Storage/WebSharedWorkerContextManagerConnection.h: Added.
WebProcess/Storage/WebSharedWorkerContextManagerConnection.messages.in: Added.
WebProcess/Storage/WebSharedWorkerObjectConnection.cpp:

(WebKit::WebSharedWorkerObjectConnection::WebSharedWorkerObjectConnection):
(WebKit::WebSharedWorkerObjectConnection::~WebSharedWorkerObjectConnection):
(WebKit::WebSharedWorkerObjectConnection::requestSharedWorker):
(WebKit::WebSharedWorkerObjectConnection::sharedWorkerObjectIsGoingAway):

WebProcess/Storage/WebSharedWorkerObjectConnection.h:
WebProcess/Storage/WebSharedWorkerObjectConnection.messages.in: Added.
WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveMessage):
(WebKit::WebProcess::establishSharedWorkerContextConnectionToNetworkProcess):

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:

LayoutTests:

Rebaseline existing WPT tests involving shared workers.

TestExpectations:
platform/gtk-wk2/imported/w3c/web-platform-tests/content-security-policy/inside-worker/sharedworker-connect-src.sub-expected.txt: Added.
platform/gtk-wk2/imported/w3c/web-platform-tests/content-security-policy/inside-worker/sharedworker-report-only.sub-expected.txt: Added.
platform/gtk-wk2/imported/w3c/web-platform-tests/content-security-policy/inside-worker/sharedworker-script-src.sub-expected.txt: Added.
platform/gtk-wk2/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-blob-url.window-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-blob-url.window-expected.txt.
platform/gtk-wk2/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-data-url.window-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-data-url.window-expected.txt.
platform/gtk-wk2/imported/w3c/web-platform-tests/workers/modules/shared-worker-import.window-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/workers/modules/shared-worker-import.window-expected.txt.
platform/gtk-wk2/imported/w3c/web-platform-tests/workers/modules/shared-worker-options-credentials-expected.txt: Added.
platform/gtk-wk2/imported/w3c/web-platform-tests/xhr/open-url-redirected-sharedworker-origin-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/xhr/open-url-redirected-sharedworker-origin-expected.txt.

3:17 PM Changeset in webkit [289246] by Megan Gardner

13 edits in trunk/Source

Update hover state based on pointer type.
https://bugs.webkit.org/show_bug.cgi?id=236249

Reviewed by Tim Horton.

Source/WebCore:

dom/Document.cpp:

(WebCore::Document::updateHoverActiveState):

dom/Element.cpp:

(WebCore::Element::setHovered):

dom/Element.h:
html/HTMLLabelElement.cpp:

(WebCore::HTMLLabelElement::setHovered):

html/HTMLLabelElement.h:
html/HTMLTextFormControlElement.cpp:

(WebCore::pointerTypeFromHitTestRequest):
(WebCore::showPlaceholderForPointer):
(WebCore::HTMLTextFormControlElement::setHovered):
(WebCore::HTMLTextFormControlElement::placeholderShouldBeVisible const):

html/HTMLTextFormControlElement.h:
html/shadow/SpinButtonElement.cpp:

(WebCore::SpinButtonElement::setHovered):

html/shadow/SpinButtonElement.h:
page/EventHandler.cpp:

(addPointerTypeToHitTestRequest):
(WebCore::EventHandler::handleMouseMoveEvent):

Source/WebKit:

UIProcess/ios/WKMouseGestureRecognizer.mm:

(pointerTypeForUITouchType):
(-[WKMouseGestureRecognizer createMouseEventWithType:wasCancelled:]):
(-[WKMouseGestureRecognizer checkTouches:]):

3:13 PM Changeset in webkit [289245] by commit-queue@webkit.org

21 edits
2 deletes in trunk

Unreviewed, reverting r289239.
https://bugs.webkit.org/show_bug.cgi?id=236264

broke builds on older internal SDKs

Reverted changeset:

"Add PushService"
https://bugs.webkit.org/show_bug.cgi?id=235857
https://commits.webkit.org/r289239

3:06 PM Changeset in webkit [289244] by Chris Dumez

3 edits
1 delete in trunk/LayoutTests

Unreviewed, rename test in TestExpectations to match the actual test name.

The test was likely renamed but TestExpectations were not updated accordingly.
As per the bots, the test is still flaky.

TestExpectations:
platform/mac-wk1/TestExpectations:
platform/mac-wk1/imported/w3c/web-platform-tests/html/rendering/replaced-elements/attributes-for-embedded-content-and-images/img-aspect-ratio-lazy.tentative-expected.txt: Removed.

3:05 PM Changeset in webkit [289243] by Jonathan Bedard

15 edits in trunk/Tools

[webkitbugspy] Assign and close issues
https://bugs.webkit.org/show_bug.cgi?id=235835
<rdar://problem/88203672>

Reviewed by Dewei Zhu.

Allow webkitbugspy to edit the assignee and open or close issues.

Tools/Scripts/libraries/webkitbugspy/setup.py: Bump version.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/init.py: Ditto.
Tools/Scripts/libraries/webkitbugspy/webkitbugspy/bugzilla.py:

(Tracker.set): Send a put request to modify assignee or bug state.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/github.py:

(Tracker.set): Send a patch request to modify assignee or bug state.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/issue.py:

(Issue.open): Re-open a closed issue, provide an optional reason.
(Issue.close): Close an open issue, with an optional reason.
(Issue.assign): Assign issue to the provided user, along with an optional reason.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/bugzilla.py:

(Bugzilla._issue): Edit mocked representation of an issue.
(Bugzilla.request): Handle put request modifying issue.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/github.py:

(GitHub._issue): Edit mocked representation of an issue.
(GitHub.request): Handle patch request modifying issue.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/mocks/radar.py:

(RadarModel.Person.init): Accept dictionary.
(RadarModel.init): Correct 'state' values, mock radar parameters.
(RadarModel.commit_changes): Modify assignee and state.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/radar.py:

(Priority): Add radar priority integers.
(Tracker.set): Modify assignee and state.

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/bugzilla_unittest.py:

(TestBugzilla.test_assign):
(TestBugzilla.test_assign_why):
(TestBugzilla.test_state):
(TestBugzilla.test_state_why):

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/github_unittest.py:

(TestGitHub.test_assign):
(TestGitHub.test_assign_why):
(TestGitHub.test_state):
(TestGitHub.test_state_why):

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tests/radar_unittest.py:

(TestRadar.test_assign):
(TestRadar.test_assign_why):
(TestRadar.test_state):
(TestRadar.test_state_why):

Tools/Scripts/libraries/webkitbugspy/webkitbugspy/tracker.py:

(Tracker.set): Generic API for Issues to modify their representation in their
respective tracker.

Canonical link: https://commits.webkit.org/246927@main

3:03 PM Changeset in webkit [289242] by Jean-Yves Avenard

2 edits in trunk/Source/WebKit

Improve fullscreen transition when going to/from fullscreen
https://bugs.webkit.org/show_bug.cgi?id=236058
rdar://88415100

Reviewed by Dean Jackson.

UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:

(-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]):
(-[WKFullScreenWindowController beganExitFullScreenWithInitialFrame:finalFrame:]):

2:27 PM Changeset in webkit [289241] by Alan Bujtas

4 edits
2 adds in trunk

Updating grid gap value does not recalculate styles
https://bugs.webkit.org/show_bug.cgi?id=233252
<rdar://problem/85727334>

Reviewed by Simon Fraser.

Source/WebCore:

Both column and row gap style value change need to initiate layout in order to update their geometries.

Test: fast/dynamic/gap-style-change-should-initiate-layout.html

rendering/style/RenderStyle.cpp:

(WebCore::rareNonInheritedDataChangeRequiresLayout):

LayoutTests:

fast/dynamic/gap-style-change-should-initiate-layout-expected.html: Added.
fast/dynamic/gap-style-change-should-initiate-layout.html: Added.

2:26 PM Changeset in webkit [289240] by Simon Fraser

14 edits in trunk

Tidy up some ImageBuffer-related classes
https://bugs.webkit.org/show_bug.cgi?id=236170

Reviewed by Darin Adler.
Source/WebCore:

Remove some forward declarations in ImageBuffer.h unused by ImageBuffer.

DisplayList::ImageBuffer can be final.
ImageBufferCGBitmapBackend can be final.

No need to WEBCORE_EXPORT ImageBufferCGBitmapBackend functions now that TestWebKitAPI
is using ImageBuffer functions.

html/canvas/CanvasRenderingContext2DBase.h:
platform/graphics/ImageBuffer.h:
platform/graphics/cg/ImageBufferCGBitmapBackend.h:
platform/graphics/displaylists/DisplayListImageBuffer.h:

(WebCore::DisplayList::ImageBuffer::create): Deleted.
(WebCore::DisplayList::ImageBuffer::ImageBuffer): Deleted.
(WebCore::DisplayList::ImageBuffer::~ImageBuffer): Deleted.

Source/WebKit:

CGDisplayListImageBufferBackend can be final.
ImageBufferShareableBitmapBackend can be final.
Functions on ImageBufferShareableIOSurfaceBackend can be final.

Shared/RemoteLayerTree/CGDisplayListImageBufferBackend.h:
WebProcess/GPU/graphics/ImageBufferShareableBitmapBackend.h:

(WebKit::ImageBufferShareableBitmapBackend::setOwnershipIdentity): Deleted.

WebProcess/GPU/graphics/cocoa/ImageBufferShareableIOSurfaceBackend.h:

Tools:

ImageBufferTests should use the functions on ImageBuffer, not WebCore-internal
classes.

TestWebKitAPI/Tests/WebCore/ImageBufferTests.cpp:

(TestWebKitAPI::TEST):

2:07 PM Changeset in webkit [289239] by Ben Nham

21 edits
2 adds in trunk

Add PushService
https://bugs.webkit.org/show_bug.cgi?id=235857

Reviewed by Brady Eidson.

Source/WebKit:

PushService primarily interacts with two objects:

PushServiceConnection: this creates and removes push subscriptions from the push server. It also receives incoming pushes from the push server.
PushDatabase: this persists push subscriptions to disk.

Several things are not yet implemented; for instance, we currently always grant a page the
permission to receive pushes. This will be fixed in future patches.

Covered by new API tests. The current tests use a MockPushServiceConnection that vends
subscription with fixed data, but this can be improved in the future.

Shared/API/Cocoa/WKMain.h:
Shared/API/Cocoa/WKMain.mm:

(WKWebPushDaemonMain):

Shared/Cocoa/WebPushMessageCocoa.mm: add ability to distinguish between an empty vs. null payload.

(WebKit::WebPushMessage::fromDictionary):
(WebKit::WebPushMessage::toDictionary const):

Shared/WebPushDaemonConstants.h:

(WebKit::WebPushD::messageTypeSendsReply):

Shared/WebPushMessage.h:

(WebKit::WebPushMessage::decode):

WebKit.xcodeproj/project.pbxproj:
webpushd/MockPushServiceConnection.h:
webpushd/MockPushServiceConnection.mm:

(WebPushD::MockPushServiceConnection::generateClientKeys):
(WebPushD::MockPushServiceConnection::subscribe):
(WebPushD::MockPushServiceConnection::unsubscribe):

webpushd/PushService.h: Added.

(WebPushD::PushService::connection):
(WebPushD::PushService::database):
(WebPushD::PushService::didReceivePushMessage):

webpushd/PushService.mm: Added.

webpushd/PushServiceConnection.h:
webpushd/PushServiceConnection.mm:

(WebPushD::PushServiceConnection::generateClientKeys):

webpushd/WebPushDaemon.h:
webpushd/WebPushDaemon.mm:

webpushd/WebPushDaemonMain.h:
webpushd/WebPushDaemonMain.mm:

(WebKit::WebPushDaemonMain):

webpushd/com.apple.webkit.webpushd.mac.plist:
webpushd/webpushd.cpp:

(main):

Source/WTF:

Add PushAPIEnabled to WebKitLegacy so we can enable it on in API tests via _WKExperimentalFeature.

Scripts/Preferences/WebPreferencesExperimental.yaml:

Tools:

Modifed the existing injected push test to inject different types of real push objects from APS (an empty push, an aesgcm-encrypted push, and an aes128gcm-encrypted push).
Add a few basic test cases for subscribing and unsubscribing from push.

TestWebKitAPI/Tests/WebKitCocoa/WebPushDaemon.mm:

1:19 PM Changeset in webkit [289238] by Tyler Wilcock

11 edits
3 adds in trunk

AX: The isolated tree needs to fix-up table cell parent relationships
https://bugs.webkit.org/show_bug.cgi?id=236156

Reviewed by Chris Fleizach.

Source/WebCore:

Tables are not very navigable by AX clients in isolated tree mode.
This is because our current representation of table elements doesn't
perfectly follow the normal parent-child relationship of other elements,
i.e. some non-row elements can return cells from children(), but the cells
must regard their row as the "real" parent.

We've had to work around this in the live tree in AccessibilityObject::insertChild, too:

https://github.com/WebKit/WebKit/blob/main/Source/WebCore/accessibility/AccessibilityObject.cpp#L626#L628

In this patch, when creating an isolated object, we override the "assumed" parent ID
to the correct parent ID for cell-like elements.

Test: accessibility/table-search-traversal.html

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::parentIDForObject):
Added.
(WebCore::AXIsolatedTree::nodeChangeForObject):
Call parentIDForObject to determine the correct parent for the
to-be-created isolated object.

accessibility/isolatedtree/AXIsolatedTree.h:

Tools:

Add AccessibilityUIElement::role implementation for use in new
accessibility/table-search-traversal.html test.

DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::role):
Added implementation.

WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::role):
Added implementation.

LayoutTests:

Add test verifying the the new, more correct isolated tree behavior.

platform/glib/TestExpectations:
platform/win/TestExpectations:

Skip new accessibility/table-search-traversal.html test due to
missing AccessibilityUIElement::uiElementForSearchPredicate implementation.

platform/ios/TestExpectations:

Enable new accessibility/table-search-traversal.html test.

accessibility/table-search-traversal.html: Added.
platform/ios/accessibility/table-search-traversal-expected.txt: Added.
platform/mac/accessibility/table-search-traversal-expected.txt: Added.

platform/ios/imported/blink/accessibility/link-inside-label-expected.txt:

This patch implements AccessibilityUIElement::role on iOS, which
changes this test's output (in a positive way).

12:18 PM Changeset in webkit [289237] by Wenson Hsieh

12 edits in trunk/Source

Add PageClient plumbing for video frame extraction
https://bugs.webkit.org/show_bug.cgi?id=236100
rdar://86237608

Reviewed by Eric Carlson.

Source/WebCore:

Add a method to grab the AVPlayerViewController from a VideoFullscreenInterfaceAVKit. See WebKit/ChangeLog for
more details.

platform/ios/VideoFullscreenInterfaceAVKit.h:
platform/ios/VideoFullscreenInterfaceAVKit.mm:

(-[WebAVPlayerViewController avPlayerViewController]):
(VideoFullscreenInterfaceAVKit::avPlayerViewController const):

Source/WebKit:

Finish off support for fullscreen video extraction by adding a new iOS PageClient hook, and calling into it
after grabbing a video frame from the GPU process when the video extraction timer fires.

UIProcess/Cocoa/VideoFullscreenManagerProxy.h:
UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:

(WebKit::VideoFullscreenManagerProxy::findInterface const):
(WebKit::VideoFullscreenManagerProxy::playerViewController const):
(WebKit::VideoFullscreenManagerProxy::findInterface): Deleted.

Mark this method as const, so that we can invoke it from VideoFullscreenManagerProxy::playerViewController.

UIProcess/Cocoa/WebPageProxyCocoa.mm:

(WebKit::WebPageProxy::updateFullscreenVideoExtraction):
(WebKit::WebPageProxy::fullscreenVideoExtractionTimerFired):

Request video frame data from the GPU process and hand it over to the page client along with the
AVPlayerViewController corresponding to the current fullscreen video.

UIProcess/PageClient.h:

(WebKit::PageClient::isFullscreenVideoExtractionEnabled const):

UIProcess/ios/PageClientImplIOS.h:
UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::beginFullscreenVideoExtraction):
(WebKit::PageClientImpl::cancelFullscreenVideoExtraction):
(WebKit::PageClientImpl::isFullscreenVideoExtractionEnabled const):

UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm:

Add a new WebKitAdditions extension point that contains the implementations of the three methods below; when
compiling without WebKitAdditions, we simply stub out these methods.

(-[WKContentView beginFullscreenVideoExtraction:playerViewController:]):
(-[WKContentView cancelFullscreenVideoExtraction:]):
(-[WKContentView isFullscreenVideoExtractionEnabled]):

11:57 AM Changeset in webkit [289236] by Chris Dumez

4 edits in trunk

WorkerGlobalScope.importScripts() should protect blob urls that were passed in until the imports are done
https://bugs.webkit.org/show_bug.cgi?id=236168

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline WPT test that is now passing.

web-platform-tests/workers/interfaces/WorkerUtils/importScripts/blob-url.worker-expected.txt:

Source/WebCore:

No new tests, rebaselined existing test.

workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::importScripts):

11:42 AM Changeset in webkit [289235] by graouts@webkit.org

4 edits in trunk/Source

[model] improve sizing on iOS
https://bugs.webkit.org/show_bug.cgi?id=236234
<rdar://problem/88569898>

Reviewed by Darin Adler.

Source/WebCore/PAL:

Add newly-used -[ASVInlinePreview setFrameWithinFencedTransaction:] SPI on iOS.

pal/spi/ios/SystemPreviewSPI.h:

Source/WebKit:

We must install the fence and invalidate it on the main queue and call
-[ASVInlinePreview setFrameWithinFencedTransaction:] to complete the
resizing process on iOS.

UIProcess/ios/WKModelView.mm:

(-[WKModelView updateBounds]):

11:36 AM Changeset in webkit [289234] by graouts@webkit.org

4 edits in trunk/LayoutTests

[css-logical] css/css-logical/animation-003.tentative is no longer a failure
https://bugs.webkit.org/show_bug.cgi?id=236242

Unreviewed test gardening following a likely progression with bug 218092.

LayoutTests/imported/w3c:

web-platform-tests/css/css-logical/animation-003.tentative-expected.txt:

LayoutTests:

TestExpectations:

10:44 AM Changeset in webkit [289233] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Enable sandbox state rules for Mach messages
https://bugs.webkit.org/show_bug.cgi?id=236027
<rdar://problem/88387937>

Reviewed by Brent Fulgham.

Until <rdar://85931614> has been fixed, we can enable sandbox state rules for Mach messages with a minor workaround.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

10:26 AM Changeset in webkit [289232] by Megan Gardner

3 edits in trunk/Source/WebKit

Setup alternate mouse gesture recognizer.
https://bugs.webkit.org/show_bug.cgi?id=236127

Reviewed by Tim Horton.

UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm:

(shouldEnableAlternativeMouseGestureRecognizers):
(-[WKContentView cleanUpInteraction]):
(-[WKContentView _removeDefaultGestureRecognizers]):
(-[WKContentView _addDefaultGestureRecognizers]):
(-[WKContentView gestureRecognizer:shouldReceiveTouch:]):
(-[WKContentView deferringGestureRecognizer:shouldDeferOtherGestureRecognizer:]):
(-[WKContentView setUpMouseGestureRecognizer]):
(-[WKContentView _configureMouseGestureRecognizer]):

10:20 AM Changeset in webkit [289231] by pvollan@apple.com

5 edits in trunk/Source/WebKit

Remove cfprefs shmem access
https://bugs.webkit.org/show_bug.cgi?id=231068
<rdar://73520381>

Reviewed by Brent Fulgham.

After enabling CFPrefs direct mode, we can remove cfprefs shmem access.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

10:16 AM Changeset in webkit [289230] by ntim@apple.com

2 edits in trunk/Websites/webkit.org

Unreviewed, make <dialog> demos dark theme work in iframes

Add rules for <body>.

demos/dialog-element/dark-theme.css:

(@media (prefers-color-scheme: dark) body):

10:04 AM Changeset in webkit [289229] by Russell Epstein

1 copy in branches/safari-614.1.3-branch

New branch.

10:02 AM Changeset in webkit [289228] by Russell Epstein

9 edits in trunk/Source

Versioning.

WebKit-7614.1.4

10:00 AM Changeset in webkit [289227] by graouts@webkit.org

8 edits in trunk/Source/WebCore

Move DocumentTimeline::runningAnimationsForRendererAreAllAccelerated() to Styleable
https://bugs.webkit.org/show_bug.cgi?id=236239

Reviewed by Dean Jackson.

This method has nothing to do with DocumentTimeline and everything to do with Styleable and its associated
effect stack. This also allows us to remove WebAnimation::isRunningAccelerated() since we don't need to go
through the animation as we iterate over keyframe effects directly.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::runningAnimationsForRendererAreAllAccelerated const): Deleted.

animation/DocumentTimeline.h:
animation/WebAnimation.cpp:

(WebCore::WebAnimation::isRunningAccelerated const): Deleted.

animation/WebAnimation.h:
rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasRunningAcceleratedAnimations const):

style/Styleable.cpp:

(WebCore::Styleable::runningAnimationsAreAllAccelerated const):

style/Styleable.h:

9:46 AM Changeset in webkit [289226] by graouts@webkit.org

6 edits in trunk

[css-logical] [web-animations] changing direction or writing-mode should clear computed keyframes
https://bugs.webkit.org/show_bug.cgi?id=236241

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark WPT progressions.

web-platform-tests/css/css-logical/animation-001-expected.txt:

Source/WebCore:

Any time the "direction" or "writing-mode" property changes, we must clear the computed keyframes
as we should re-resolve any logical properties used on the source keyframes.

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::propertyAffectingLogicalPropertiesDidChange):

animation/KeyframeEffect.h:
animation/KeyframeEffectStack.cpp:

(WebCore::KeyframeEffectStack::applyKeyframeEffects):

9:35 AM Changeset in webkit [289225] by graouts@webkit.org

12 edits in trunk/Source/WebCore

Remove unnecessary DocumentTimeline.h includes
https://bugs.webkit.org/show_bug.cgi?id=236236

Reviewed by Dean Jackson.

css/CSSComputedStyleDeclaration.cpp:
dom/Element.cpp:
dom/PseudoElement.cpp:
history/CachedFrame.cpp:
page/Frame.cpp:
page/Page.cpp:
rendering/RenderElement.cpp:
rendering/RenderLayer.cpp:
rendering/RenderLayerBacking.cpp:
rendering/updating/RenderTreeUpdater.cpp:
style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::createAnimatedElementUpdate):

9:33 AM Changeset in webkit [289224] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

[GTK] Remove failure expections for newly passing tests. Unreviewed test gardening.
https://bugs.webkit.org/show_bug.cgi?id=236243

Patch by Arcady Goldmints-Orlov <Arcady Goldmints-Orlov> on 2022-02-07

platform/gtk/TestExpectations:

9:01 AM Changeset in webkit [289223] by commit-queue@webkit.org

12 edits in trunk/Source

[WebXR] Handle updating session visibility state from PlatformXRCoordinator
https://bugs.webkit.org/show_bug.cgi?id=236150

Patch by Ada Chan <ada.chan@apple.com> on 2022-02-07
Reviewed by Dean Jackson.

Source/WebCore:

Add EnumTraits for PlatformXR::VisibilityState

platform/xr/PlatformXR.h:

Source/WebKit:

Add plumbing to allow PlatformXRCoordinator to communicate session visibility
state changes to XRDeviceProxy.

Scripts/webkit/messages.py:

(types_that_cannot_be_forward_declared):
(headers_for_type):

Shared/XR/XRDeviceProxy.cpp:

(WebKit::XRDeviceProxy::updateSessionVisibilityState):
Notify the PlatformXR::TrackingAndRenderingClient about the visibility state change.

Shared/XR/XRDeviceProxy.h:
UIProcess/XR/PlatformXRCoordinator.h:

Introduce a new protocol for PlatformXRCoordinator to communicate back
to PlatformXRSystem. This protocol so far has methods for notifying the
end of a session and visibility state changes in the session.

UIProcess/XR/PlatformXRSystem.cpp:

(WebKit::PlatformXRSystem::initializeTrackingAndRendering):
startSession() now takes in the PlatformXRSystem instance as it now implements
SessionEventClient.
(WebKit::PlatformXRSystem::sessionDidEnd):
(WebKit::PlatformXRSystem::sessionDidUpdateVisibilityState):

UIProcess/XR/PlatformXRSystem.h:
WebProcess/XR/PlatformXRSystemProxy.cpp:

(WebKit::PlatformXRSystemProxy::sessionDidUpdateVisibilityState):

WebProcess/XR/PlatformXRSystemProxy.h:
WebProcess/XR/PlatformXRSystemProxy.messages.in:

8:21 AM Changeset in webkit [289222] by Antti Koivisto

37 edits
2 adds in trunk

[CSS Container Queries] Add ContainerQueryEvaluator
https://bugs.webkit.org/show_bug.cgi?id=236096

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

web-platform-tests/css/css-contain/container-queries/animation-container-type-dynamic-expected.txt:
web-platform-tests/css/css-contain/container-queries/animation-nested-animation-expected.txt:
web-platform-tests/css/css-contain/container-queries/animation-nested-transition-expected.txt:
web-platform-tests/css/css-contain/container-queries/aspect-ratio-feature-evaluation-expected.txt:
web-platform-tests/css/css-contain/container-queries/at-container-parsing-expected.txt:
web-platform-tests/css/css-contain/container-queries/auto-scrollbars-expected.txt:
web-platform-tests/css/css-contain/container-queries/container-for-shadow-dom.tentative-expected.txt:
web-platform-tests/css/css-contain/container-queries/container-name-invalidation-expected.txt:
web-platform-tests/css/css-contain/container-queries/container-selection-expected.txt:
web-platform-tests/css/css-contain/container-queries/container-size-invalidation-expected.txt:
web-platform-tests/css/css-contain/container-queries/container-type-invalidation-expected.txt:
web-platform-tests/css/css-contain/container-queries/display-contents-expected.txt:
web-platform-tests/css/css-contain/container-queries/display-none-expected.txt:
web-platform-tests/css/css-contain/container-queries/font-relative-units-dynamic-expected.txt:
web-platform-tests/css/css-contain/container-queries/font-relative-units-expected.txt:
web-platform-tests/css/css-contain/container-queries/get-animations-expected.txt:
web-platform-tests/css/css-contain/container-queries/iframe-invalidation-expected.txt:
web-platform-tests/css/css-contain/container-queries/inline-size-containment-expected.txt:
web-platform-tests/css/css-contain/container-queries/inline-size-containment-vertical-rl-expected.txt:
web-platform-tests/css/css-contain/container-queries/orthogonal-wm-container-query-expected.txt:
web-platform-tests/css/css-contain/container-queries/percentage-padding-orthogonal-expected.txt:
web-platform-tests/css/css-contain/container-queries/query-content-box-expected.txt:
web-platform-tests/css/css-contain/container-queries/query-evaluation-expected.txt:
web-platform-tests/css/css-contain/container-queries/reattach-container-with-dirty-child-expected.txt:
web-platform-tests/css/css-contain/container-queries/size-container-no-principal-box-expected.txt:
web-platform-tests/css/css-contain/container-queries/size-feature-evaluation-expected.txt:
web-platform-tests/css/css-contain/container-queries/top-layer-dialog-expected.txt:
web-platform-tests/css/css-contain/container-queries/top-layer-nested-dialog-expected.txt:
web-platform-tests/css/css-contain/container-queries/transition-scrollbars-expected.txt:
web-platform-tests/css/css-contain/container-queries/unsupported-axis-expected.txt:
web-platform-tests/css/css-contain/container-queries/viewport-units-expected.txt:

Source/WebCore:

Add ContainerQueryEvaluator. Initially it evaluates simple min/max-width/height queries.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
style/ContainerQueryEvaluator.h: Added.
style/ContainerQueryEvaluator.cpp: Added.

(WebCore::Style::ContainerQueryEvaluator::ContainerQueryEvaluator):
(WebCore::Style::computeLength):
(WebCore::Style::ContainerQueryEvaluator::evaluate const):

style/ElementRuleCollector.cpp:

(WebCore::Style::ElementRuleCollector::containerQueryMatches):

Start to actually evaluate container queries.

LayoutTests:

TestExpectations:

8:01 AM Changeset in webkit [289221] by Wenson Hsieh

10 edits in trunk/Source/WebKit

Add a helper method on VideoFullscreenManagerProxy to request video frame data
https://bugs.webkit.org/show_bug.cgi?id=236094

Reviewed by Darin Adler.

Add a helper method on VideoFullscreenManagerProxy to asynchronously grab an image bitmap for the fullscreen
video corresponding to the given PlaybackSessionContextIdentifier, by sending IPC to the GPU process. This
mechanism will be used in a subsequent patch to support "fullscreen video extraction", which involves capturing
image data for paused, fullscreen videos.

See below for more details.

GPUProcess/GPUProcess.cpp:

(WebKit::GPUProcess::requestBitmapImageForCurrentTime):

GPUProcess/GPUProcess.h:
GPUProcess/GPUProcess.messages.in:
GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp:

(WebKit::RemoteMediaPlayerManagerProxy::bitmapImageForCurrentTime):

GPUProcess/media/RemoteMediaPlayerManagerProxy.h:
UIProcess/Cocoa/VideoFullscreenManagerProxy.h:
UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:

(WebKit::VideoFullscreenManagerProxy::requestBitmapImageForCurrentTime):

Map the given PlaybackSessionContextIdentifier to a MediaPlayerIdentifier, and then send the (web process ID,
media player ID) identifier pair to the GPU process to request frame data for the given media player.

UIProcess/GPU/GPUProcessProxy.cpp:

(WebKit::GPUProcessProxy::requestBitmapImageForCurrentTime):

UIProcess/GPU/GPUProcessProxy.h:

7:40 AM Changeset in webkit [289220] by graouts@webkit.org

2 edits in trunk/Source/WebCore

Improve DocumentTimeline::animationCanBeRemoved()
https://bugs.webkit.org/show_bug.cgi?id=236230

Reviewed by Dean Jackson.

While fixing bug 236229, it appeared that DocumentTimeline::animationCanBeRemoved() could be improved while
creating the "animations" list:

the name should make it clear that the purpose here is to create a list of animations that are protected since otherwise we wouldn't need that specific loop and could just run the code below directly,
calling isRelevant() on the effect's animation is redundant since animations are guaranteed to be relevant if found within the effect stack,
since we now know that we would add all animations associated with an effect in the effect stack, we could use Vector::map() to create the list since the lengths would match.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::animationCanBeRemoved):

7:30 AM Changeset in webkit [289219] by Martin Robinson

7 edits in trunk/Source/WebCore

Fix some compilation warnings coming from unhandled execution paths for unexpected enum values
https://bugs.webkit.org/show_bug.cgi?id=236228

Reviewed by Darin Adler.

No new tests. This should not change behavior.

animation/CompositeOperationOrAuto.h:

(WebCore::toCompositeOperationOrAuto):

bindings/js/JSCSSStyleValueCustom.cpp:

(WebCore::toJSNewlyCreated):

bindings/js/JSCSSTransformComponentCustom.cpp:

(WebCore::toJSNewlyCreated):

css/CSSComputedStyleDeclaration.cpp:

(WebCore::valueForAnimationComposition):

css/CSSUnits.cpp:

(WebCore::unitCategory):
(WebCore::canonicalUnitTypeForCategory):

platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:

(WebCore::LibWebRTCProvider::receiverCapabilities):
(WebCore::LibWebRTCProvider::senderCapabilities):

7:27 AM Changeset in webkit [289218] by Adrian Perez de Castro

2 edits in trunk

[CMake] REGRESSION(r288994): Linker does not get passed --disable-new-dtags
https://bugs.webkit.org/show_bug.cgi?id=236205

Reviewed by Darin Adler.

Source/cmake/OptionsCommon.cmake: Arrange passing --disable-new-dtags to linkers that

are known to support the option. While at it, reorganize a bit how detected linker/archiver
features are printed out for better readability.

7:22 AM Changeset in webkit [289217] by rreapor@apple.com

2 edits in trunk/Tools

[webkitcorepy] Autoinstaller may fail to install wheels
https://bugs.webkit.org/show_bug.cgi?id=236174

Reviewed by Jonathan Bedard.

Upgrading packaging module autoinstalls abi3 universal2 wheel
distributions that were previously being skipped.

Scripts/libraries/webkitcorepy/webkitcorepy/init.py:

7:10 AM Changeset in webkit [289216] by graouts@webkit.org

7 edits in trunk

[css-logical] [web-animations] Add support for logical properties in JS-originated animations
https://bugs.webkit.org/show_bug.cgi?id=236229

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark WPT progressions.

web-platform-tests/css/css-logical/animation-001-expected.txt:
web-platform-tests/web-animations/interfaces/Animation/commitStyles-expected.txt:
web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement-expected.txt:

Source/WebCore:

We need to resolve logical properties when parsing keyframes provided by the Web Animations bindings
and when considering whether an animation can be removed based on properties found on the effect stack.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::animationCanBeRemoved):

animation/KeyframeEffect.cpp:

(WebCore::processKeyframeLikeObject):

6:48 AM Changeset in webkit [289215] by graouts@webkit.org

2 edits in trunk/Source/WebCore

Remove RenderObject::documentTimeline()
https://bugs.webkit.org/show_bug.cgi?id=236225

Reviewed by Dean Jackson.

Following some recent DocumentTimeline / Styleable refactoring (see bugs
236176, 236204 and 236224), this method is no longer in use.

rendering/RenderObject.h:

(WebCore::RenderObject::documentTimeline const): Deleted.

6:45 AM Changeset in webkit [289214] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC][IFC] WritingMode::LeftToRight expects line content flipped within the line
https://bugs.webkit.org/show_bug.cgi?id=236207

Reviewed by Antti Koivisto.

Vertical writing mode requires to

flip the line coordinate inside the block
but also to flip the content coordinate inside the line box, where vertical-lr expects the content top (which turns into the visual left) to be relative to the bottom of the line.

In this patch we decouple the line and the line content flipping logic. It helps to reason about the
type of coordinate translations at different levels (line inside the block and content inside the line).
This patch fixes the vertical-align tests under imported/w3c/web-platform-tests/css/css-writing-modes.

layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:

(WebCore::Layout::InlineDisplayContentBuilder::processNonBidiContent):
(WebCore::Layout::InlineDisplayContentBuilder::processBidiContent):
(WebCore::Layout::InlineDisplayContentBuilder::flipLogicalRectToVisualForWritingModeWithinLine const):
(WebCore::Layout::InlineDisplayContentBuilder::flipLogicalRectToVisualForWritingMode): Deleted.

layout/formattingContexts/inline/display/InlineDisplayContentBuilder.h:
layout/formattingContexts/inline/display/InlineDisplayLineBuilder.cpp:

(WebCore::Layout::InlineDisplayLineBuilder::build const):
(WebCore::Layout::InlineDisplayLineBuilder::flipLogicalLineRectToVisualForWritingMode const):

layout/formattingContexts/inline/display/InlineDisplayLineBuilder.h:

6:23 AM Changeset in webkit [289213] by Nikolas Zimmermann

2 edits in trunk/Source/WebCore

[LBSE] Introduce RenderSVGModelObject aware geometry-query helpers in RenderLayerBacking
https://bugs.webkit.org/show_bug.cgi?id=236184

Reviewed by Rob Buis.

Let clippingLayerBox() take a RenderLayerModelObject instead of a RenderBox, to
allow for a RenderSVGModelObject specific implementation. Furthermore, introduce
rendererBorderBoxRect(), which can be used instead of renderBox()->borderBoxRect()
to query geometry in the CSS coordinate system. RenderSVGModelObject specifically offers
a 'borderBoxRectEquivalent()' method, returning SVG geometry information in the desired
CSS coordinate system - which is expected in the layer/compositing subsystem.

Covered by existing tests, no change in behaviour.

rendering/RenderLayerBacking.cpp:

(WebCore::rendererBorderBoxRect):
(WebCore::clippingLayerBox):
(WebCore::RenderLayerBacking::updateChildrenTransformAndAnchorPoint):
(WebCore::RenderLayerBacking::updateGeometry):
(WebCore::RenderLayerBacking::offsetRelativeToRendererOriginForDescendantLayers const):
(WebCore::RenderLayerBacking::startAnimation):
(WebCore::RenderLayerBacking::transformMatrixForProperty const):

6:06 AM Changeset in webkit [289212] by graouts@webkit.org

7 edits in trunk/Source/WebCore

Refactor DocumentTimeline::isRunningAcceleratedAnimationOnRenderer() into a Styleable method
https://bugs.webkit.org/show_bug.cgi?id=236224

Reviewed by Dean Jackson.

This method has nothing to do with DocumentTimeline, so let's instead expose it on Styleable.
While we're at it, since it's only ever called with CSSPropertyTransform as a parameter, let's
make it specific to that property.

Next, we'll make that method account for other transform-related properties in bug 236019.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::isRunningAcceleratedAnimationOnRenderer const): Deleted.

animation/DocumentTimeline.h:
rendering/RenderLayer.cpp:

(WebCore::RenderLayer::currentTransform const):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

style/Styleable.cpp:

(WebCore::Styleable::isRunningAcceleratedTransformAnimation const):

style/Styleable.h:

5:57 AM Changeset in webkit [289211] by graouts@webkit.org

11 edits
3 adds
2 deletes in trunk

[Web Animations] Starting a transform animation with a 1ms delay doesn't run it accelerated
https://bugs.webkit.org/show_bug.cgi?id=236080
<rdar://problem/88432373>

Reviewed by Dean Jackson.

Source/WebCore:

Accelerated animations can only be started if the keyframe effect's renderer is composited.
Keyframe effects enqueue a list of accelerated actions (play, pause, seek, stop, etc.) when
they can be accelerated, and these actions are performed in sync as the document timeline
is finishing up its "update animations and send events" procedure as we update the page
rendering.

When an animation is started _without_ a delay, the machinery to consider making a renderer
composited happens _before_ we update animations and send events, and since at this stage the
new animation's effect is already in its target's effect stack because it is immediately
"relevant" (per the Web Animations terminology) and targets a property that can be accelerated,
its renderer is indeed composited.

Thus by the time we consider starting this animation's effect with acceleration, it is in a
condition to do so since its renderer is already composited.

However, when an animation is started _with_ a delay, it is not immediately "relevant" and thus
won't appear in its target's effect stack. That will happen once we run the "update animations
and send events procedure" the next time we update the page rendering. But before that, the
effect's renderer will be considered to be made composited and _will not_ be because at this
point there is no effect animating a property that can be accelerated.

As we eventually run the "update animations and send events" procedure, we'll enqueue an
accelerated action to play the animation now that it became relevant, and when that procedure
completes and we try to apply that accelerated action, we'll fail to start an accelerated
animation since the renderer is not composited.

To address this, we only enqueue accelerated actions when the renderer is composited, thus
matching the condition to actually be able to apply this action.

This means we no longer need the animationDidPlay() on effects since we wouldn't be able to
honor enqueuing a "play" accelerated action since the renderer won't be composited yet at this
time in the vast majority of cases.

Test: webanimations/transform-animation-with-delay-yields-accelerated-animation.html

animation/AnimationEffect.h:

(WebCore::AnimationEffect::animationDidTick):
(WebCore::AnimationEffect::animationDidPlay): Deleted.

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::updateAcceleratedActions):
(WebCore::KeyframeEffect::animationDidPlay): Deleted.

animation/KeyframeEffect.h:
animation/WebAnimation.cpp:

(WebCore::WebAnimation::play):

animation/AnimationEffect.h:

(WebCore::AnimationEffect::animationDidTick):
(WebCore::AnimationEffect::animationDidPlay): Deleted.

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::updateAcceleratedActions):
(WebCore::KeyframeEffect::animationDidPlay): Deleted.

animation/KeyframeEffect.h:

(WebCore::KeyframeEffect::isAboutToRunAccelerated const):

animation/WebAnimation.cpp:

(WebCore::WebAnimation::play):

LayoutTests:

Add a test that runs a "transform" animation with a small delay and checks that it yielded
an accelerated animation. We also rewrite some existing tests to use internals.acceleratedAnimationsForElement()
since relying on a layer tree dump was not reliable, which also resolves some platform-specific
issues.

platform/glib/TestExpectations:
platform/gtk/webanimations/partly-accelerated-transition-by-removing-property-expected.txt: Removed.
platform/mac-wk1/webanimations/partly-accelerated-transition-by-removing-property-expected.txt: Removed.
platform/win/TestExpectations:
webanimations/accelerated-css-transition-with-easing-y-axis-above-1.html: Make sure overflow doesn't cause an image failure.
webanimations/partly-accelerated-transition-by-removing-property-expected.txt:
webanimations/partly-accelerated-transition-by-removing-property.html: Rewrite test to check on the accelerated

animation count and ensure the element is already composited to make the test work on WK1 and GTK.

webanimations/resources/request-frames-until-true.js: Added.

(const.requestFramesUntilTrue.async resolveCondition):

webanimations/transform-animation-with-delay-yields-accelerated-animation-expected.txt: Added.
webanimations/transform-animation-with-delay-yields-accelerated-animation.html: Added.

5:53 AM Changeset in webkit [289210] by Nikolas Zimmermann

7 edits
1 copy in trunk/Source/WebCore

[LBSE] Generalize RenderLayer::renderBoxLocation(), adding support for SVG layers
https://bugs.webkit.org/show_bug.cgi?id=236186

Reviewed by Rob Buis.

The layer-aware RenderSVGModelObject exposes a 'layoutLocation()' method which mimics
the CSS 'location()' of a RenderBox -- the layout procedure itself takes care of
computing these quantities in the correct CSS coordinate system. Therefore, in
RenderLayer we can use RenderSVGModelObject layoutLocation() as drop-in replacment
for the location() method of a RenderBox when handling SVG primitives, while
keeping the rest of RenderLayer as much "SVG unaware" as possible.

renderBoxLocation() is renamed to rendererLocation() and extended to support
RenderSVGModelObject. To keep rendererLocation() inline, RenderLayer needs to
include RenderSVGModelObject, which currently includes the RenderLayer header.
Fix that, by including RenderBox.h and inlining the 'element()' function, in
RenderSVGModelObjectInlines.h - in the same spirit as RenderSVGShapeInlines.h.

Covered by existing tests, no change in behaviour.

Headers.cmake: Add new PrivateHeaders: RenderSVGModelObject.h / SVGBoundingBoxComputation.h / SVGRenderSupport.h.
WebCore.xcodeproj/project.pbxproj: Ditto.
rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintBackgroundForFragments):
(WebCore::RenderLayer::paintForegroundForFragmentsWithPhase):
(WebCore::RenderLayer::paintOutlineForFragments):
(WebCore::RenderLayer::paintMaskForFragments):
(WebCore::RenderLayer::paintChildClippingMaskForFragments):
(WebCore::RenderLayer::paintOverflowControlsForFragments):
(WebCore::RenderLayer::collectEventRegionForFragments):
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::hitTestContents const):

rendering/RenderLayer.h:

(WebCore::RenderLayer::rendererLocation const):
(WebCore::RenderLayer::renderBoxLocation const): Deleted.

rendering/svg/RenderSVGModelObject.h:

(WebCore::RenderSVGModelObject::element const): Deleted.

rendering/svg/RenderSVGModelObjectInlines.h: Copied from Source/WebCore/rendering/svg/RenderSVGShapeInlines.h.

(WebCore::RenderSVGModelObject::element const):

rendering/svg/RenderSVGShapeInlines.h:

5:51 AM Changeset in webkit [289209] by Ziran Sun

4 edits in trunk

[Forms] Use min as default value when min > max for input type="range"
https://bugs.webkit.org/show_bug.cgi?id=236223

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update the sub test expectation that is now passing.

web-platform-tests/html/semantics/forms/the-input-element/range-expected.txt:

Source/WebCore:

As per spec https://html.spec.whatwg.org/multipage/input.html#concept-input-value-default-range,
in the case of "the maximum is less than the minimum, in which case the default value is the minimum".

html/RangeInputType.cpp:

(WebCore::ensureMaximum):
(WebCore::RangeInputType::createStepRange const):

5:49 AM Changeset in webkit [289208] by jh718.park@samsung.com

2 edits in trunk/Source/WebCore

Remove unused CSSCalcExpressionNodeParser::parseValueTerm from CSSCalcExpressionNodeParser.h.
https://bugs.webkit.org/show_bug.cgi?id=236226

Reviewed by Darin Adler.

CSSCalcExpressionNodeParser::parseCalcValue replaces CSSCalcExpressionNodeParser::parseValueTerm
in r253079, but parseValueTerm still remains in CSSCalcExpressionNodeParser.h.

No new tests, no new behaviors.

css/calc/CSSCalcExpressionNodeParser.h:

4:51 AM Changeset in webkit [289207] by Nikolas Zimmermann

2 edits in trunk/Source/WebCore

[LBSE] Apply position / size to SVG layers
https://bugs.webkit.org/show_bug.cgi?id=236187

Reviewed by Rob Buis.

Teach RenderLayer::updateLayerPosition() about RenderSVGModelObject
derived renderers that create layers. Grab size and position information
from the SVG render tree, just as done for CSS boxes in the render tree.

To minimize the RenderLayer changes, and most importantly to let SVG
look like a regular CSS object from the outside a compatibility layer
is exposed offering methods such as 'frameRectEquivalent()',
'visualOverflowRectEquivalent()' and offers utility methods such as
'applyTopLeftLocationOffsetEquivalent(localPoint)'. The terminology
stems from CSS and is usually not present in SVG -- however to simplify
the RenderLayer implementation and emphazise the analogy between
RenderBox and RenderSVGModelObject the utility methods help a lot.

SVG no longer looks special and one doesn't need to think hard what
the best matching equivalent to a 'visualOverflowRect' in SVG, or
if coordinate system origins are identical or not, etc.

Covered by existing tests, no change in behaviour.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::recursiveUpdateLayerPositions):
(WebCore::RenderLayer::updateLayerPosition):
(WebCore::RenderLayer::calculateClipRects const):

3:47 AM Changeset in webkit [289206] by Adrian Perez de Castro

6 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Unreviewed non-unified build fixes.

Modules/webxr/XRReferenceSpaceEvent.cpp: Add missing wtf/IsoMallocInlines.h header.
Modules/webxr/XRReferenceSpaceEvent.h: Add missing wtf/IsoMalloc.h header.
css/calc/CSSCalcOperationNode.cpp: Add missing Logging.h header.
css/calc/CSSCalcPrimitiveValueNode.cpp: Ditto.
layout/formattingContexts/FormattingQuirks.cpp: Add missing LayoutState.h header.

3:40 AM Changeset in webkit [289205] by Nikolas Zimmermann

2 edits in trunk/Source/WebCore

[LBSE] Suppress non-foreground paint phases for SVG shapes & images
https://bugs.webkit.org/show_bug.cgi?id=236189

Reviewed by Rob Buis.

Suppress all paint phases except PaintPhase::Foreground for SVG primitives
such as paths, rects, images, etc. - all but RenderSVGContainer. We still
have to propagate the paint phases down the SVG render tree through the
container hierachy, as there could be <foreignObject> elements that do
need all paint phases.

If this ever turns out as bottleneck we can keep track of the presence
of <foreignObject> elements in a SVG subtree and only selectively propagate
the paint phases to those leafs that need them.

This optimization was used and tested with all SVG pixel tests in
the downstream branch -- so it's well tested that this works fine.

Covered by existing tests, no change in behaviour.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintForegroundForFragments):

3:36 AM Changeset in webkit [289204] by Nikolas Zimmermann

2 edits in trunk/Source/WebCore

[LBSE] Extend overflow/clip rect handling for SVG layers
https://bugs.webkit.org/show_bug.cgi?id=236188

Reviewed by Rob Buis.

Non-visible overflow implies a clip, that potentially influences the layer
geometry. The 'foregroundRect' is intersected with the 'overflowClipRect'
of the renderer - usually provided via RenderBox::overflowClipRect().

The CSS overflow handling is applicable to SVG as well, most noticeable
the outermost <svg> element (RenderSVGRoot), already uses the CSS overflow
handling, as it is RenderBox derived (via its RenderReplaced inheritance)
and not RenderSVGModelObject derived.

However inner <svg> elements (RenderSVGViewportContainer) and <marker>
elements also require overflow handling -- this patch allows them to
participate in the layer overflow handling and therefore extends both
RenderLayer::calculateClipRects() and RenderLayer::calculateRects()
to support RenderSVGModelObject.

Covered by existing tests, no change in behaviour.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

3:12 AM Changeset in webkit [289203] by commit-queue@webkit.org

4 edits
2 adds in trunk

Bail out early in stopForUserCancel
https://bugs.webkit.org/show_bug.cgi?id=223536

Patch by Rob Buis <rbuis@igalia.com> on 2022-02-07
Reviewed by Darin Adler.

Source/WebCore:

Bail out early in stopForUserCancel in case
the frame is already in the process of stopping.

Test: fast/loader/commit-provisional-load-crash.html

loader/FrameLoader.cpp:

(WebCore::FrameLoader::stopForBackForwardCache):
(WebCore::FrameLoader::stopForUserCancel):

loader/FrameLoader.h:

LayoutTests:

Add test for this.

fast/loader/commit-provisional-load-crash-expected.txt: Added.
fast/loader/commit-provisional-load-crash.html: Added.

2:25 AM Changeset in webkit [289202] by Carlos Garcia Campos

11 edits in trunk

[WebDriver] Add support for shadow roots
https://bugs.webkit.org/show_bug.cgi?id=230614
<rdar://problem/83667535>

Reviewed by Adrian Perez de Castro.

Source/WebDriver:

Add implementation of new shadow root commands.

CommandResult.cpp:

(WebDriver::CommandResult::httpStatusCode const): Handle NoSuchShadowRoot and DetachedShadowRoot errors
(WebDriver::CommandResult::errorString const): Ditto.

CommandResult.h:
Session.cpp:

(WebDriver::Session::shadowRootIdentifier): Return shadow root identifier.
(WebDriver::Session::createShadowRoot): Create shadow root elment using the shadow root identifier.
(WebDriver::Session::findElements): Add ElementIsShadowRoot parameters to handle DetachedShadowRoot error.
(WebDriver::Session::getElementShadowRoot): Return the element shadow root.

Session.h:
WebDriverService.cpp:

(WebDriver::WebDriverService::findElement): Pass ElementIsShadowRoot::No to Session::findElements().
(WebDriver::WebDriverService::findElements): Ditto.
(WebDriver::WebDriverService::findElementFromElement): Ditto.
(WebDriver::WebDriverService::findElementsFromElement): Ditto.
(WebDriver::WebDriverService::findElementFromShadowRoot):
(WebDriver::WebDriverService::findElementsFromShadowRoot):
(WebDriver::WebDriverService::getElementShadowRoot):

WebDriverService.h:

Source/WebKit:

Use querySelectorAll() instead of getElementsByTagName() because it is also available for shadow root.

UIProcess/Automation/atoms/FindNodes.js:

(tryToFindNode):

WebDriverTests:

Update test expectations.

TestExpectations.json:

1:22 AM Changeset in webkit [289201] by Ziran Sun

6 edits in trunk

[Forms] Alias appearance <compat-auto> keywords to 'auto'
https://bugs.webkit.org/show_bug.cgi?id=235944

Reviewed by Aditya Keerthi.

Source/WebCore:

This CL alias the <compat-auto> keywords 'auto'. We need to address the cases of MenuList, button,
square-button, push-button and slider-horizontal etc. separately.

Spec ref: https://drafts.csswg.org/css-ui-4/#typedef-appearance-compat-auto

rendering/RenderTheme.cpp:

(WebCore::RenderTheme::adjustAppearanceWithElementType const):
(WebCore::RenderTheme::adjustStyle):
(WebCore::RenderTheme::paint):

rendering/RenderTheme.h:

LayoutTests:

Unskip tests in test expactation files that are now passing.

TestExpectations:
platform/gtk/TestExpectations:

Feb 6, 2022:

9:45 PM Changeset in webkit [289200] by sihui_liu@apple.com

2 edits in trunk/Source/WebKit

REGRESSION(r286936): Crash in WebKit::OriginStorageManager::StorageBucket::deleteLocalStorageData
https://bugs.webkit.org/show_bug.cgi?id=236209

Reviewed by Darin Adler.

Add null check for modificationTime returned by FileSystem::fileModificationTime.

NetworkProcess/storage/OriginStorageManager.cpp:

(WebKit::OriginStorageManager::StorageBucket::deleteLocalStorageData):

9:29 PM Changeset in webkit [289199] by Lauro Moura

5 edits in trunk/Source

Unreviewed, non-unified build fixes
https://bugs.webkit.org/show_bug.cgi?id=236216

Source/JavaScriptCore:

This missing include was causing non-unified builds to fail linking
libWPEWebkit with undefined JSC::Structure::get(...) after dropping
gold as the default linker in 246713@main.

wasm/js/JSWebAssemblyException.cpp:

Source/WebCore:

layout/formattingContexts/inline/InlineLineBoxVerticalAligner.h:
workers/shared/context/SharedWorkerThread.cpp:

9:02 PM Changeset in webkit [289198] by Alan Bujtas

2 edits in trunk/Source/WebCore

Address a post-commit review comment after r289171.

Reviewed by Darin Adler.

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

8:42 PM Changeset in webkit [289197] by Fujii Hironori

2 edits in trunk/Tools

REGRESSION(r288878) webkitpy.layout_tests.controllers.layout_test_finder_legacy_unittest.LayoutTestFinderTests tests are failing with Windows Python
https://bugs.webkit.org/show_bug.cgi?id=236043
<rdar://problem/88449289>

Reviewed by Darin Adler.

Since r288878 started to use pyfakefs, Port.relative_test_filename
didn't work as expected in unit tests with Windows Python because
TestPort.layout_tests_dir returned Unix-style path while the path
name of layout test is Windows-style path.

Scripts/webkitpy/port/test.py: Use abspath to convert Unix-style

path to Windows-style for Windows Python.

8:18 PM Changeset in webkit [289196] by Jean-Yves Avenard

3 edits in trunk/LayoutTests

media/media-source/media-webm-vorbis-partial.html is failing
https://bugs.webkit.org/show_bug.cgi?id=236211
rdar://88298267

Reviewed by Darin Adler.

The manifest data was incorrect, the webm cluster size is 10004 bytes long.
Expand the test so it's consistent with the webm/opus one.

media/media-source/content/test-vorbis-manifest.json:
media/media-source/media-webm-vorbis-partial.html:

7:58 PM Changeset in webkit [289195] by Diego Pino Garcia

3 edits in trunk/Source/WebCore

[GTK][WPE] Unreviewed build fix for Debian Stable after r288872
https://bugs.webkit.org/show_bug.cgi?id=236215

dom/AbortSignal.cpp:

(WebCore::AbortSignal::timeout):

platform/graphics/PlatformDisplay.cpp:

7:44 PM Changeset in webkit [289194] by weinig@apple.com

7 edits in trunk

Update serialization of rgb() functions with none components to latest spec
https://bugs.webkit.org/show_bug.cgi?id=236210

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Update tests for new serialization behavior.

web-platform-tests/css/css-color/parsing/color-computed.html:
web-platform-tests/css/css-color/parsing/color-valid.html:
web-platform-tests/css/css-color/parsing/relative-color-computed.html:
web-platform-tests/css/css-color/parsing/relative-color-valid.html:

Source/WebCore:

The CSS Color spec now states that rgb() with none components should serialize none
compoonents as 0. This means we can remove a bunch of special serialization code
and use the old code path once again.

platform/graphics/ColorSerialization.cpp:

(WebCore::serializationForCSS):
(WebCore::decimalDigit):
(WebCore::fractionDigitsForFractionalAlphaValue):
(WebCore::legacyRGBComponent): Deleted.
(WTF::StringTypeAdapter<WebCore::LegacyRGBComponent>::StringTypeAdapter): Deleted.
(WTF::StringTypeAdapter<WebCore::LegacyRGBComponent>::length const): Deleted.
(WTF::StringTypeAdapter<WebCore::LegacyRGBComponent>::is8Bit const): Deleted.
(WTF::StringTypeAdapter<WebCore::LegacyRGBComponent>::writeTo const): Deleted.
(WTF::StringTypeAdapter<WebCore::LegacyRGBComponent>::buffer const): Deleted.

7:43 PM Changeset in webkit [289193] by weinig@apple.com

3 edits
10 deletes in trunk/LayoutTests

Remove duplicate tests that have been upstreamed to WPT
https://bugs.webkit.org/show_bug.cgi?id=236214

Reviewed by Darin Adler.

fast/css/parsing-color-contrast-expected.txt: Removed.
fast/css/parsing-color-contrast.html: Removed.
fast/css/parsing-color-function-expected.txt: Removed.
fast/css/parsing-color-function.html: Removed.
fast/css/parsing-color-mix-expected.txt: Removed.
fast/css/parsing-color-mix.html: Removed.
fast/css/parsing-lab-colors-expected.txt: Removed.
fast/css/parsing-lab-colors.html: Removed.
fast/css/parsing-relative-color-syntax-expected.txt: Removed.
fast/css/parsing-relative-color-syntax.html: Removed.

These have all been added to wpt's css/css-color test suite.

platform/glib/TestExpectations:
platform/win/TestExpectations:

Update to account for removed tests.

6:01 PM Changeset in webkit [289192] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC][IFC] LineBox should hold on to its logical rect
https://bugs.webkit.org/show_bug.cgi?id=236201

Reviewed by Antti Koivisto.

Now that the Display::Line has all visual coords, we don't have a way to retrieve the line's logical rect
(we never did, it just happened to match the Display::Line's rect).
This is also in preparation for adding vertical writing mode support.

layout/formattingContexts/inline/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::computeGeometryForLineContent):

layout/formattingContexts/inline/InlineLineBox.h:

(WebCore::Layout::LineBox::logicalRect const):
(WebCore::Layout::LineBox::setLogicalRect):

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::build):

layout/formattingContexts/inline/InlineLineBoxBuilder.h:

5:50 PM Changeset in webkit [289191] by Alan Bujtas

6 edits in trunk/Source/WebCore

[LFC][IFC] Logical rect for text run does not require the parent inline box's FontMetrics:ascent
https://bugs.webkit.org/show_bug.cgi?id=236195

Reviewed by Antti Koivisto.

Let's compute the text run's logical top using the parent inline box geometry only.
This patch also renames InlineLevelBox::baseline to ascent to indicate that it's an ascent value.

layout/formattingContexts/inline/InlineLevelBox.h:

(WebCore::Layout::InlineLevelBox::ascent const):
(WebCore::Layout::InlineLevelBox::setAscent):
(WebCore::Layout::InlineLevelBox::baseline const): Deleted.
(WebCore::Layout::InlineLevelBox::setBaseline): Deleted.

layout/formattingContexts/inline/InlineLineBox.cpp:

(WebCore::Layout::LineBox::logicalRectForTextRun const):

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::setBaselineAndLayoutBounds const):
(WebCore::Layout::LineBoxBuilder::constructInlineLevelBoxes):

layout/formattingContexts/inline/InlineLineBoxVerticalAligner.cpp:

(WebCore::Layout::LineBoxVerticalAligner::computeLogicalHeightAndAlign const):
(WebCore::Layout::LineBoxVerticalAligner::simplifiedVerticalAlignment const):
(WebCore::Layout::LineBoxVerticalAligner::computeLineBoxLogicalHeight const):
(WebCore::Layout::LineBoxVerticalAligner::computeRootInlineBoxVerticalPosition const):
(WebCore::Layout::LineBoxVerticalAligner::alignInlineLevelBoxes const):

layout/formattingContexts/inline/display/InlineDisplayLineBuilder.cpp:

(WebCore::Layout::InlineDisplayLineBuilder::build const):

4:38 PM Changeset in webkit [289190] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r289060 - null ptr deref in RenderTreeBuilder::Block::attachIgnoringContinuation
https://bugs.webkit.org/show_bug.cgi?id=234170

Patch by Frédéric Wang <fwang@igalia.com> on 2022-02-03
Reviewed by Antti Koivisto.

Source/WebCore:

When an element with "display: contents" is put into the top layer, its computed style for
the display property becomes "block" [1]. However, RenderTreeUpdater::updateElementRenderer
does not manage well this transition. In particular, a null ptr deref happens for some
special configuration involving a <dialog style="display: contents">. To work around that
issue, always force tearing down renderers when updating an element in the top layer.

[1] https://fullscreen.spec.whatwg.org/#new-stacking-layer

Test: fast/layers/top-layer-display-contents-crash.html

rendering/updating/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::updateElementRenderer): Always force tearing down renderers
for top layer element.

LayoutTests:

Add regression test.

fast/css/top-layer-display-contents-crash-expected.txt: Added.
fast/css/top-layer-display-contents-crash.html: Added.

4:33 PM Changeset in webkit [289189] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] Check if fallback font glyphs initiate ideographic baseline
https://bugs.webkit.org/show_bug.cgi?id=236182

Reviewed by Antti Koivisto.

This patch is in preparation for supporting vertical writing mode.

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::fallbackFontHasVerticalGlyph):
(WebCore::Layout::LineBoxBuilder::constructInlineLevelBoxes):
(WebCore::Layout::LineBoxBuilder::adjustIdeographicBaselineIfApplicable):

layout/formattingContexts/inline/InlineLineBoxBuilder.h:

4:16 PM Changeset in webkit [289188] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r288937 - Check AccessibilityRenderObject::m_renderer for null before using it.
https://bugs.webkit.org/show_bug.cgi?id=235950
<rdar://problem/88326438>

Reviewed by Chris Fleizach.

AccessibilityRenderObject::m_renderer is a WeakPtr that can become null
due to a variety of changes in the render tree. This patch fixes a
number of cases where AccessibilityRenderObject::m_renderer was being
used without checking for null which leads to crashes such as:
https://bugs.webkit.org/show_bug.cgi?id=235945
https://bugs.webkit.org/show_bug.cgi?id=235827

accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::parentObjectIfExists const):
(WebCore::AccessibilityRenderObject::selection const):
(WebCore::AccessibilityRenderObject::setSelectedTextRange):
(WebCore::AccessibilityRenderObject::documentLinks):
(WebCore::AccessibilityRenderObject::setSelectedVisiblePositionRange const):

4:16 PM Changeset in webkit [289187] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebCore

Merge r288874 - AX: nullptr crash under AccessibilityRenderObject::computeAccessibilityIsIgnored
https://bugs.webkit.org/show_bug.cgi?id=235945
rdar://88217815

Reviewed by Andres Gonzalez.

This is similar to https://bugs.webkit.org/show_bug.cgi?id=161276.

accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):

m_renderer is a WeakPtr and can become null during parentObjectUnignored call, same as
the case below.

4:16 PM Changeset in webkit [289186] by Adrian Perez de Castro

5 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r288672 - jsc_fuz/wktr: crash with new XRReferenceSpaceEvent(, {referenceSpace})
https://bugs.webkit.org/show_bug.cgi?id=235456

Patch by Gabriel Nava Marino <gnavamarino@apple.com> on 2022-01-27
Reviewed by Chris Dumez.

Source/WebCore:

FastMalloc.h specifies that each derived class needs to be annotated as well with WTF_MAKE_ISO_ALLOCATED
if the base class is annotated with WTF_MAKE_ISO_ALLOCATED.

After doing this, the crash in WebCore::Event::operator new(unsigned long) is no longer reproducible.
However, this caused ASSERT(m_transform) to be hit in debug builds with the attached test case.

The XRReferenceSpaceEvent spec specifies the transform attribute as nullable
(https://immersive-web.github.io/webxr/#dictdef-xrreferencespaceeventinit), so this patch updates the
XRReferenceSpaceEvent IDL and implementation to match the spec, and removes the ASSERT accordingly.

Test: webxr/xr-reference-space-event-crash.html

Modules/webxr/XRReferenceSpaceEvent.cpp:

(WebCore::XRReferenceSpaceEvent::XRReferenceSpaceEvent):
(WebCore::XRReferenceSpaceEvent::transform const):

Modules/webxr/XRReferenceSpaceEvent.h:
Modules/webxr/XRReferenceSpaceEvent.idl:

LayoutTests:

webxr/xr-reference-space-event-crash.html: Added.

3:45 PM Changeset in webkit [289185] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r288589 - XPath::Step::nodesInAxis(): add null checks after Attr::ownerElement() calls
https://bugs.webkit.org/show_bug.cgi?id=235500

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Import WPT tests from https://github.com/web-platform-tests/wpt/pull/32544.

web-platform-tests/domxpath/xpath-evaluate-crash-expected.txt: Added.
web-platform-tests/domxpath/xpath-evaluate-crash.html: Added.

Source/WebCore:

This patch adds null checks for results of Attr::ownerElement() to avoid crashes
when evaluating XPath expressions with an orphaned Attr as the context node.

Inspired by the recent Blink fix [1], yet this change covers all null pointer
dereferencing sites, as proven by the updated test.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=1236967

Test: imported/w3c/web-platform-tests/domxpath/xpath-evaluate-crash.html

xml/XPathStep.cpp:

(WebCore::XPath::Step::nodesInAxis const):

3:42 PM Changeset in webkit [289184] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r288423 - m_lastStyleChangeEventStyle null ptr deref for accelerated CSS Animation with no duration and an implicit keyframe
https://bugs.webkit.org/show_bug.cgi?id=235394
<rdar://problem/87701738>

Reviewed by Antti Koivisto.

Source/WebCore:

Test: webanimations/accelerated-animation-without-duration-crash.html

In r287827, the fix for bug 235014, we stopped filling implicit keyframes for CSS Animations at creation
time such that the output of getKeyframes() would correctly account for the missing keyframes. This meant
that we have to fill in those implicit keyframes when running an accelerated animation before we pass it
on to GraphicsLayer.

We would always use the value stored by lastStyleChangeEventStyle() with an assert that this value was
never null. However, in the case of an animation that is not relevant, such as a CSS Animation with no
duration, we've never had a chance to set that style since Style::TreeResolver::createAnimatedElementUpdate()
would not see any "relevant" (a term defined by the Web Animations specification to specify an animation
that has an effect on its target) animations.

We now use the renderer's style as a fallback, which is guaranteed to be defined at this stage.

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::applyPendingAcceleratedActions):

LayoutTests:

New test, created by Gabriel Nava Marino, that creates an accelerated animation with no
duration and with implicit keyframes that would crash prior to this patch.

webanimations/accelerated-animation-without-duration-crash-expected.txt: Added.
webanimations/accelerated-animation-without-duration-crash.html: Added.

2:28 PM Changeset in webkit [289183] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] Add initial ideographic baseline support
https://bugs.webkit.org/show_bug.cgi?id=236177

Reviewed by Antti Koivisto.

This patch is in preparation for supporting vertical writing mode.

We don't know in advance if the style/content requires ideographic or alphabetic baseline, so
either we pre-compute it by going through all the individual runs or post-adjust it
by looping through the newly constructed inline boxes (which most of the time is the root inline box only).
This patch implements the post-adjust version where after constructInlineLevelBoxes(), we call
adjustIdeographicBaselineIfApplicable and reset the ascent/descent values accordingly.

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::build):
(WebCore::Layout::LineBoxBuilder::adjustIdeographicBaselineIfApplicable):
(WebCore::Layout::computedHeightAndLayoutBounds):
(WebCore::Layout::LineBoxBuilder::setVerticalGeometryForLineBreakBox const):
(WebCore::Layout::LineBoxBuilder::setInitialVerticalGeometryForInlineBox const):

2:21 PM Changeset in webkit [289182] by ysuzuki@apple.com

4 edits
1 add in trunk

[Wasm] ref.null check should be done first in B3 call_ref
https://bugs.webkit.org/show_bug.cgi?id=236206

Reviewed by Mark Lam.

JSTests:

wasm.yaml:
wasm/function-references-spec-tests/call-null-ref.wast.js: Added.

Source/JavaScriptCore:

We should first check ref.null before loading data from the reference in B3 call_ref.

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::addCallRef):

1:10 PM Changeset in webkit [289181] by graouts@webkit.org

4 edits in trunk

[css-logical] Animations should convert logical properties to their physical equivalents
https://bugs.webkit.org/show_bug.cgi?id=218092
<rdar://problem/70579530>

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark WPT progressions.

web-platform-tests/css/css-logical/animation-002-expected.txt:

Source/WebCore:

When computing the keyframe styles for a CSS animation, resolve the logical properties
to their physical equivalent.

style/StyleResolver.cpp:

(WebCore::Style::Resolver::styleForKeyframe):

12:59 PM Changeset in webkit [289180] by Adrian Perez de Castro

5 edits
3 adds in releases/WebKitGTK/webkit-2.34

Merge r288362 - WPT version of css/css-cascade/parsing/layer-import-parsing.html crashes with nullptr
https://bugs.webkit.org/show_bug.cgi?id=235434
rdar://87832940

Reviewed by Alan Bujtas.

LayoutTests/imported/w3c:

web-platform-tests/css/css-cascade/parsing/layer-import-parsing.html:

Update to WPT version.

Source/WebCore:

Test: fast/css/insert-import-rule-crash.html

css/StyleRuleImport.cpp:

(WebCore::StyleRuleImport::setCSSStyleSheet):

Null check the parent stylesheet. It can be null if the rule has been removed.

dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::startLoadingDynamicSheet):

Also fix a debug assert in addPendingSheet, this can get called multiple times.

LayoutTests:

fast/css/insert-import-rule-crash-expected.txt: Added.
fast/css/insert-import-rule-crash.html: Added.

12:46 PM Changeset in webkit [289179] by Adrian Perez de Castro

3 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r288217 - Null check player in taintsOrigin
https://bugs.webkit.org/show_bug.cgi?id=234257

Patch by Rob Buis <rbuis@igalia.com> on 2022-01-19
Reviewed by Youenn Fablet.

Source/WebCore:

Null check player in taintsOrigin.

Test: fast/media/createImageBitmap-from-video-crash.html

html/ImageBitmap.cpp:

(WebCore::taintsOrigin):

LayoutTests:

fast/media/createImageBitmap-from-video-crash-expected.txt: Added.
fast/media/createImageBitmap-from-video-crash.html: Added.

12:42 PM Changeset in webkit [289178] by graouts@webkit.org

6 edits in trunk/Source/WebCore

[web-animations] DocumentTimeline::computeExtentOfAnimation() should be defined on Styleable
https://bugs.webkit.org/show_bug.cgi?id=236204

Reviewed by Dean Jackson.

There is no need to go through the DocumentTimeline to compute the animated
bounds for a renderer. Styleable is a more appropriate place for this.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::computeExtentOfAnimation const): Deleted.

animation/DocumentTimeline.h:
rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

style/Styleable.cpp:

(WebCore::Styleable::computeAnimationExtent const):

style/Styleable.h:

12:37 PM Changeset in webkit [289177] by Cameron McCormack

3 edits in trunk/Source/JavaScriptCore

Cache the most recent AtomString produced by JSString::toIdentifier
https://bugs.webkit.org/show_bug.cgi?id=236124

Reviewed by Yusuke Suzuki.

JSString::toIdentifier does not store the result of atomizing its string
value, except when it is a rope. We can often end up atomizing the same
JSString a number of times.

This patch caches the last atomized string produced from
JSString::toIdentifier in a given VM. From local testing, this is a 0.5%
Speedometer2 improvement on an M1 MacBook Air, although surprisingly is
neutral on a recent Intel MacBook Pro.

runtime/JSString.h:

(JSC::JSRopeString::toIdentifier const):
(JSC::JSString::toIdentifier const):

runtime/VM.h:

12:25 PM Changeset in webkit [289176] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Unreviewed non-unified build fix.

runtime/DeferredWorkTimer.h: Add missing JSCast.h header inclusion.

12:04 PM Changeset in webkit [289175] by ddkilzer@apple.com

2 edits in trunk/Source/JavaScriptCore

[WASM] Fix clang tidy bugprone-move-forwarding-reference static analyzer warnings in WasmLLIntGenerator.cpp
<https://webkit.org/b/236202>
<rdar://problem/88545940>

Reviewed by Yusuke Suzuki.

wasm/WasmLLIntGenerator.cpp:

(JSC::Wasm::LLIntGenerator::ControlType::ControlType):

Replace WTFMove() with std::forward<>().

11:32 AM Changeset in webkit [289174] by Adrian Perez de Castro

14 edits in releases/WebKitGTK/webkit-2.34

Merge r289129 - [GTK] Crash when starting DND on touchscreen
https://bugs.webkit.org/show_bug.cgi?id=235694

Reviewed by Adrian Perez de Castro.

Source/WebCore:

page/DragController.cpp:

(WebCore::DragController::startDrag):
Skip drags for touch events on GTK.

platform/PlatformMouseEvent.h:

(WebCore::PlatformMouseEvent::isTouchEvent const):

Source/WebKit:

Drag-n-drop on touch has never worked correctly in GTK, and is usually
just disabled. Do the same thing and ignore it for synthesized mouse
events.

Shared/NativeWebMouseEvent.h:
Shared/WebEventConversion.cpp:

(WebKit::WebKit2PlatformMouseEvent::WebKit2PlatformMouseEvent):

Shared/WebMouseEvent.cpp:

(WebKit::WebMouseEvent::WebMouseEvent):
(WebKit::WebMouseEvent::encode const):
(WebKit::WebMouseEvent::decode):

Shared/WebMouseEvent.h:

(WebKit::WebMouseEvent::isTouchEvent const):

Shared/gtk/NativeWebMouseEventGtk.cpp:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchRelease):
(webkitWebViewBaseTouchDragUpdate):
(webkitWebViewBaseTouchDragEnd):
(webkitWebViewBaseSynthesizeMouseEvent):

UIProcess/API/gtk/WebKitWebViewBaseInternal.h:
UIProcess/gtk/PointerLockManager.cpp:

(WebKit::PointerLockManager::handleMotion):

Tools:

TestWebKitAPI/glib/CMakeLists.txt: Define BUILDING_TestWebKit

11:25 AM Changeset in webkit [289173] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, follow-up after r289172
https://bugs.webkit.org/show_bug.cgi?id=236180

runtime/JSGlobalObjectFunctions.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

11:17 AM Changeset in webkit [289172] by ysuzuki@apple.com

6 edits in trunk

[WTF] Make Bitmap constexpr friendly
https://bugs.webkit.org/show_bug.cgi?id=236180

Reviewed by Darin Adler.

Source/JavaScriptCore:

This patch makes Bitmap more constexpr friendly so that JSGlobalObjectFunctions's
functions can compile Bitmap as constexpr, which avoids possible race condition.

runtime/JSGlobalObjectFunctions.cpp:

(JSC::makeCharacterBitmap):
(JSC::JSC_DEFINE_HOST_FUNCTION):

Source/WTF:

Attach constexpr to constructor and methods if it is possible.

wtf/Bitmap.h:

(WTF::WordType>::set):
(WTF::WordType>::testAndSet):
(WTF::WordType>::testAndClear):
(WTF::WordType>::clear):
(WTF::WordType>::invert):
(WTF::WordType>::nextPossiblyUnset const):
(WTF::WordType>::isEmpty const):
(WTF::WordType>::isFull const):
(WTF::WordType>::merge):
(WTF::WordType>::filter):
(WTF::WordType>::exclude):
(WTF::WordType>::subsumes const):
(WTF::WordType>::mergeAndClear):
(WTF::WordType>::setAndClear):
(WTF::= const):
(WTF::=):
(WTF::WordType>::Bitmap): Deleted.

Tools:

TestWebKitAPI/Tests/WTF/Bitmap.cpp:

11:00 AM Changeset in webkit [289171] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] Introduce LineBoxBuilder::setBaselineAndLayoutBounds/layoutBoundsMetricsForInlineBox
https://bugs.webkit.org/show_bug.cgi?id=236183

Reviewed by Antti Koivisto.

This patch is in preparation for adding ideographic baseline support. It helps to
simplify the ideographic baseline adjustment by just making the following call

setBaselineAndLayoutBounds(inlineBox, layoutBoundsMetricsForInlineBox(inlineBox, IdeographicBaseline));

to adjust the inline box's vertical geometry when in vertical writing mode.

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::adjustLayoutBoundsWithFallbackFonts const):
(WebCore::Layout::layoutBoundsMetricsForInlineBox):
(WebCore::Layout::LineBoxBuilder::setBaselineAndLayoutBounds const):
(WebCore::Layout::LineBoxBuilder::constructInlineLevelBoxes):
(WebCore::Layout::LineBoxBuilder::adjustVerticalGeometryForInlineBoxWithFallbackFonts const): Deleted.
(WebCore::Layout::computedHeightAndLayoutBounds): Deleted.
(WebCore::Layout::LineBoxBuilder::setVerticalGeometryForLineBreakBox const): Deleted.
(WebCore::Layout::LineBoxBuilder::setInitialVerticalGeometryForInlineBox const): Deleted.

layout/formattingContexts/inline/InlineLineBoxBuilder.h:

9:33 AM Changeset in webkit [289170] by Tyler Wilcock

10 edits in trunk

AX: Add internal-only flag to enable WIP display: contents support
https://bugs.webkit.org/show_bug.cgi?id=236179

Reviewed by Chris Fleizach.

Source/WebCore:

Shipping half-done accessibility support for display: contents will
probably be a worse experience than status quo in some scenarios, so
we should gate it behind an internal-only feature flag until we're
confident it's ready.

page/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::setCSSDisplayContentsAXSupportEnabled):
(WebCore::RuntimeEnabledFeatures::cssDisplayContentsAXSupportEnabled const):

Source/WebKitLegacy/mac:

WebView/WebPreferenceKeysPrivate.h:
WebView/WebPreferences.mm:

(-[WebPreferences cssDisplayContentsAXSupportEnabled]):
(-[WebPreferences setCSSDisplayContentsAXSupportEnabled:]):

WebView/WebPreferencesPrivate.h:

Source/WTF:

Scripts/Preferences/WebPreferencesInternal.yaml:

Tools:

DumpRenderTree/TestOptions.cpp:

(WTR::TestOptions::defaults):

8:14 AM Changeset in webkit [289169] by Wenson Hsieh

4 edits
2 adds in trunk/Tools

Adjust platformResetStateToConsistentValues to avoid grabbing the general pasteboard when possible
https://bugs.webkit.org/show_bug.cgi?id=236196

Reviewed by Darin Adler.

For reasons that are still unknown, when running layout tests in the iOS 15.4 simulator, the iOS simulator's
pasted sometimes gets into a state where the work queue (com.apple.pasteboard.PBPasteboardModel-work-queue)
gets permanently stuck while attempting to save pasteboard items.

Once in this state, all subsequent layout tests will time out (regardless of whether the tests themselves
exercise copy and paste), since the process of resetting the harness to a consistent state always tries to clear
the general pasteboard by setting items to an empty array. This means that every layout test that tries to
start after getting into the above state will hang during state reset, before it even gets a chance to load the
layout test.

To avoid this, only clear the general pasteboard if the test actually attempted to add data to the pasteboard.
While this doesn't fix a large number of editing and copy/paste-related layout tests on iOS 15.4, it does allow
us to skip these tests for now and continue running the remaining layout tests.

WebKitTestRunner/TestController.h:
WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
WebKitTestRunner/ios/TestControllerIOS.mm:

(WTR::TestController::platformResetStateToConsistentValues):
(WTR::TestController::pasteboardConsistencyEnforcer):

WebKitTestRunner/ios/UIPasteboardConsistencyEnforcer.h: Added.

Add a helper class that listens for notifications whenever the contents of any pasteboard changes; if the name
of the changed pasteboard matches, we clear out its items when -clearPasteboard is invoked. It's critical to
pass only a pasteboard name here instead of a pasteboard itself, since even calling +generalPasteboard causes
the test to hang.

WebKitTestRunner/ios/UIPasteboardConsistencyEnforcer.mm: Added.

(-[UIPasteboardConsistencyEnforcer initWithPasteboardName:]):
(-[UIPasteboardConsistencyEnforcer clearPasteboard]):
(-[UIPasteboardConsistencyEnforcer pasteboardChanged:]):

7:39 AM Changeset in webkit [289168] by graouts@webkit.org

2 edits in trunk/Source/WebCore

[css-transitions] remove duplicate code dealing with completed transitions
https://bugs.webkit.org/show_bug.cgi?id=236198

Reviewed by Dean Jackson.

We already mark transitions as completed in DocumentTimeline::transitionDidComplete()
and doing this again in updateCSSTransitionsForStyleableAndProperty() is unnecessary.

style/Styleable.cpp:

(WebCore::updateCSSTransitionsForStyleableAndProperty):

7:17 AM Changeset in webkit [289167] by graouts@webkit.org

4 edits in trunk

[css-logical] [css-transitions] Resolve logic properties when compiling the list of transition properties
https://bugs.webkit.org/show_bug.cgi?id=236197

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark WPT progressions.

web-platform-tests/css/css-logical/animation-004-expected.txt:

Source/WebCore:

In r289161 we added initial support for transitions of logical properties. However, we would resolve the
transition-property in updateCSSTransitionsForStyleableAndProperty() whereas we should resolve them earlier
when compiling the list of transition-property values found in the previous style and the new style.

style/Styleable.cpp:

(WebCore::keyframeEffectForElementAndProperty):
(WebCore::compileTransitionPropertiesInStyle):
(WebCore::updateCSSTransitionsForStyleableAndProperty):

4:34 AM Changeset in webkit [289166] by commit-queue@webkit.org

6 edits
2 adds in trunk

Object literal doesn't properly resolve name clash between an accessor and a constant property
https://bugs.webkit.org/show_bug.cgi?id=220574

Patch by Alexey Shvayka <ashvayka@apple.com> on 2022-02-06
Reviewed by Yusuke Suzuki.

JSTests:

stress/class-static-accessor-name-clash-with-field.js: Added.
stress/object-literal-accessor-name-clash-with-constant.js: Added.

Source/JavaScriptCore:

The spec [1] calls DefineOwnProperty for every property node, whether it's a
getter, a setter, or a value. JSC attempts to reduce emitted bytecodes by setting
up a getter and a setter at once.

However, there is a slower path that exactly matches the spec, which was called only
if a spread syntax or a computed property was encountered. With this patch, the slower
path is also taken in case of a constant property (including a shorthand) with the
same name as an accessor.

That causes an incomplete accessor descriptor to correctly overwrite the existing
data one, which aligns JSC with V8 and SpiderMonkey.

This bug doesn't exist for static class fields and accessors because initialization
of class fields is deferred [2] and they always overwrite eponymous static methods /
accessors, no matter the order in source code. No reproduction for private elements either.

[1]: https://tc39.es/ecma262/#sec-runtime-semantics-methoddefinitionevaluation (step 11 of "get", step 10 of "set")
[2]: https://tc39.es/ecma262/#sec-runtime-semantics-classdefinitionevaluation (step 31.a)

bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

LayoutTests:

Adjusted test now passes on V8 and SpiderMonkey as well.

js/class-syntax-method-names-expected.txt:
js/script-tests/class-syntax-method-names.js:

Feb 5, 2022:

4:54 PM Changeset in webkit [289165] by Chris Dumez

19 edits
2 copies
4 moves
7 adds
16 deletes in trunk/LayoutTests

Resync web-platform-tests/dom from upstream
https://bugs.webkit.org/show_bug.cgi?id=236147

Reviewed by Darin Adler.

Resync web-platform-tests/dom from upstream 893e71aa9c0a97d259ff.

LayoutTests/imported/w3c:

resources/import-expectations.json:
resources/resource-files.json:
web-platform-tests/dom/eventPathRemoved-expected.txt: Added.
web-platform-tests/dom/eventPathRemoved.html: Added.
web-platform-tests/dom/events/AddEventListenerOptions-once-expected.txt: Removed.
web-platform-tests/dom/events/AddEventListenerOptions-passive-expected.txt: Removed.
web-platform-tests/dom/events/Event-constructors-expected.txt: Removed.
web-platform-tests/dom/events/EventTarget-add-remove-listener-expected.txt: Removed.
web-platform-tests/dom/events/EventTarget-addEventListener-expected.txt: Removed.
web-platform-tests/dom/events/EventTarget-removeEventListener-expected.txt: Removed.
web-platform-tests/dom/events/ProgressEvent-expected.txt: Removed.
web-platform-tests/dom/events/ProgressEvent.html: Removed.
web-platform-tests/dom/events/document-level-touchmove-event-listener-passive-by-default.tentative-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/dom/events/document-level-touchmove-event-listener-passive-by-default-expected.txt.
web-platform-tests/dom/events/document-level-wheel-event-listener-passive-by-default-expected.txt: Removed.
web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any-expected.txt: Removed.
web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any.worker-expected.txt: Removed.
web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.window-expected.txt: Added.
web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.window.html: Copied from LayoutTests/imported/w3c/web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any.html.
web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any.js.
web-platform-tests/dom/events/focus-event-document-move-expected.txt: Removed.
web-platform-tests/dom/events/resources/w3c-import.log:
web-platform-tests/dom/events/scrolling/overscroll-deltas-expected.txt: Added.
web-platform-tests/dom/events/w3c-import.log:
web-platform-tests/dom/idlharness-shadowrealm.window-expected.txt: Added.
web-platform-tests/dom/idlharness-shadowrealm.window.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any.worker.html.
web-platform-tests/dom/idlharness-shadowrealm.window.js: Added.
web-platform-tests/dom/idlharness.any.serviceworker-expected.txt:
web-platform-tests/dom/idlharness.any.sharedworker-expected.txt: Added.
web-platform-tests/dom/idlharness.any.sharedworker.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/dom/events/event-global-set-before-handleEvent-lookup.any.html.
web-platform-tests/dom/idlharness.any.worker-expected.txt:
web-platform-tests/dom/idlharness.window-expected.txt:
web-platform-tests/dom/nodes/Document-characterSet-normalization-expected.txt: Removed.
web-platform-tests/dom/nodes/Node-cloneNode-expected.txt: Removed.
web-platform-tests/dom/nodes/Node-insertBefore-expected.txt:
web-platform-tests/dom/nodes/Node-insertBefore.html:
web-platform-tests/dom/nodes/getElementsByClassNameFrame-expected.txt: Removed.
web-platform-tests/dom/ranges/Range-mutations-expected.txt: Removed.
web-platform-tests/dom/ranges/Range-mutations.html: Removed.
web-platform-tests/dom/ranges/Range-test-iframe-expected.txt: Removed.
web-platform-tests/dom/traversal/support/w3c-import.log:
web-platform-tests/dom/w3c-import.log:
web-platform-tests/interfaces/dom.idl:

LayoutTests:

platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:

4:14 PM Changeset in webkit [289164] by Alexey Shvayka

3 edits
1 add in trunk

Attempting to Set JSArray's read-only "length" should throw even with current Value
https://bugs.webkit.org/show_bug.cgi?id=221177

Reviewed by Saam Barati.

JSTests:

stress/array-prototype-methods-set-length.js: Added.

Source/JavaScriptCore:

As per OrdinarySet algorithm [1]. To achieve that, while ensuring no error is thrown
if read-only "length" isn't actually changed via DefineOwnProperty [2], this patch
moves newLength == oldLength check to JSArray::defineOwnProperty().

That is guaranteed to be correct because:

a) it's the only caller of setLengthWithArrayStorage() that performs DefineOwnProperty,

while others implement Set;

b) there can't possibly be array indices that JSArray::defineOwnProperty() has to remove,

and even the spec a shortcut here [3].

All code paths in pop() / shift() / push() / unshift() are covered by the newly added test,
as well as JSArray's DefineOwnProperty, while slice() / splice() / etc were vetted to
Set "length" according to the spec.

Aligns JSC with SpiderMonkey and partly with V8, which is correct for Object.freeze()
but not for Object.defineProperty(array, "length", { writable: false }).

[1]: https://tc39.es/ecma262/#sec-ordinarysetwithowndescriptor (step 2.a)
[2]: https://tc39.es/ecma262/#sec-validateandapplypropertydescriptor (step 5 and 7)
[3]: https://tc39.es/ecma262/#sec-arraysetlength (step 11)

runtime/JSArray.cpp:

(JSC::JSArray::defineOwnProperty):
(JSC::JSArray::setLengthWithArrayStorage):

3:42 PM Changeset in webkit [289163] by Nikolas Zimmermann

2 edits in trunk/Source/WebCore

[LBSE] Handle RenderSVGShape in SVGRenderSupport::applyStrokeStyleToContext()
https://bugs.webkit.org/show_bug.cgi?id=236077

Reviewed by Darin Adler.

Activate path length calculation for RenderSVGShape -- this bit
was missing when the layer-aware RenderSVGShape implementation was
upstreamed in r287832.

Currently the functionality is not observable, as we don't create
LBSE renderers yet.

Covered by existing tests, no change in behaviour.

rendering/svg/SVGRenderSupport.cpp:

(WebCore::SVGRenderSupport::applyStrokeStyleToContext):

3:39 PM Changeset in webkit [289162] by ddkilzer@apple.com

2 edits in trunk/Source/WTF

[WTF] Fix clang tidy bugprone-move-forwarding-reference static analyzer warnings in CompletionHandler.h
<https://webkit.org/b/236181>
<rdar://problem/88529996>

Reviewed by Chris Dumez.

wtf/CompletionHandler.h:

(WTF::CompletionHandler<Out):
(WTF::CompletionHandlerWithFinalizer<Out):

Replace WTFMove() with std::forward<>().

1:25 PM Changeset in webkit [289161] by graouts@webkit.org

4 edits in trunk

[CSS transition] can't use CSS logical properties in transition syntax
https://bugs.webkit.org/show_bug.cgi?id=232361
<rdar://problem/84958347>

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark some WPT progressions. The new FAIL result isn't a real regression, that test
simply passed by virtue of not ever starting a transition for a logical property.

web-platform-tests/css/css-logical/animation-004-expected.txt:

Source/WebCore:

Resolve logical properties when considering properties that should trigger a transition.
To do so, we must pass the newly-set style to some methods such that they may be able to
reolve logical properties as well.

style/Styleable.cpp:

(WebCore::keyframeEffectForElementAndProperty):
(WebCore::transitionMatchesProperty):
(WebCore::updateCSSTransitionsForStyleableAndProperty):

11:44 AM Changeset in webkit [289160] by Simon Fraser

5 edits in trunk/Source/WebKit

Refactor RemoteLayerBackingStoreCollection to have a single backing store traversal function
https://bugs.webkit.org/show_bug.cgi?id=236040

Reviewed by Tim Horton.

Instead of traversing m_liveBackingStore and m_unparentedBackingStore in two places (from the volatilityTimerFired()
and from tryMarkAllBackingStoreVolatile()), factor into a single function with two behavior flags.

Also make VolatilityMarkingFlags an OptionSet<> and add an option to consider last display time.

Shared/RemoteLayerTree/RemoteLayerBackingStore.h:
Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::RemoteLayerBackingStore):

Shared/RemoteLayerTree/RemoteLayerBackingStoreCollection.h:

(WebKit::RemoteLayerBackingStoreCollection::markBackingStoreVolatile):

Shared/RemoteLayerTree/RemoteLayerBackingStoreCollection.mm:

(WebKit::RemoteLayerBackingStoreCollection::markBackingStoreVolatile):
(WebKit::RemoteLayerBackingStoreCollection::backingStoreBecameUnreachable):
(WebKit::RemoteLayerBackingStoreCollection::markAllBackingStoreVolatile):
(WebKit::RemoteLayerBackingStoreCollection::tryMarkAllBackingStoreVolatile):
(WebKit::RemoteLayerBackingStoreCollection::volatilityTimerFired):
(WebKit::RemoteLayerBackingStoreCollection::markBackingStoreVolatileImmediately): Deleted.

10:06 AM Changeset in webkit [289159] by ysuzuki@apple.com

21 edits
2 copies in trunk

Thread suspend and resume should take a global lock to avoid deadlock
https://bugs.webkit.org/show_bug.cgi?id=236159

Reviewed by Geoffrey Garen.

Source/bmalloc:

Introduce pas_thread_suspend_lock and take it when suspending and resuming threads.

CMakeLists.txt:
bmalloc.xcodeproj/project.pbxproj:
libpas/src/libpas/pas_scavenger.c:

(scavenger_thread_main):
(pas_scavenger_clear_all_caches):

libpas/src/libpas/pas_thread_local_cache.c:

(pas_thread_local_cache_for_all):

libpas/src/libpas/pas_thread_local_cache.h:
libpas/src/libpas/pas_thread_suspend_lock.c: Copied from Source/WTF/wtf/ThreadMessage.cpp.
libpas/src/libpas/pas_thread_suspend_lock.h: Copied from Source/WTF/wtf/ThreadMessage.cpp.

Source/JavaScriptCore:

heap/MachineStackMarker.cpp:

(JSC::MachineThreads::tryCopyOtherThreadStack):
(JSC::MachineThreads::tryCopyOtherThreadStacks):

heap/MachineStackMarker.h:
runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::takeSample):

runtime/VMTraps.cpp:
wasm/WasmMachineThreads.cpp:

(JSC::Wasm::resetInstructionCacheOnAllThreads):

Source/WTF:

This patch introduces a global lock which should be taken while suspending and resuming a thread.
It is possible that two different threads suspend and resume threads. And if threads suspend
each other without critical section, it can cause a dead lock.

To avoid this problem, we introduce a global lock which should be taken when suspending and resuming
threads. Since libpas is also using thread suspension, we expose a global pas_thread_suspend_lock
when libpas is used, and we use this lock in WTF's Thread suspension code.

wtf/ThreadMessage.cpp:

(WTF::sendMessageScoped):

wtf/ThreadMessage.h:

(WTF::sendMessage):

wtf/Threading.cpp:

(WTF::ThreadSuspendLocker::ThreadSuspendLocker):
(WTF::ThreadSuspendLocker::~ThreadSuspendLocker):

wtf/Threading.h:
wtf/posix/ThreadingPOSIX.cpp:

(WTF::Thread::suspend):
(WTF::Thread::resume):
(WTF::Thread::getRegisters):

wtf/win/ThreadingWin.cpp:

(WTF::Thread::suspend):
(WTF::Thread::resume):
(WTF::Thread::getRegisters):

Tools:

TestWebKitAPI/Tests/WTF/ThreadMessages.cpp:

(runThreadMessageTest):

9:51 AM Changeset in webkit [289158] by graouts@webkit.org

2 edits in trunk/Source/WebCore

[Web Animations] Address KeyframeEffect::isAboutToRunAccelerated() FIXME
https://bugs.webkit.org/show_bug.cgi?id=236178

Reviewed by Dean Jackson.

The canBeAccelerated() function catches all the cases to determine whether an effect
can be accelerated prior to being committed to a GraphicsLayerCA animation.

animation/KeyframeEffect.h:

(WebCore::KeyframeEffect::isAboutToRunAccelerated const):

8:37 AM Changeset in webkit [289157] by Alan Bujtas

6 edits
4 adds in trunk

[RenderTreeBuilder] Clean up column spanners when style change affects containing block
https://bugs.webkit.org/show_bug.cgi?id=236042
<rdar://83975391>

Reviewed by Antti Koivisto.

Source/WebCore:

In addition to removing the leftover spanners after style change, this patch also expands on the type of style changes that may affect
subtree state inside a multicolumn flow.

Tests: fast/multicol/leftover-spanner-on-style-change-crash.html

fast/multicol/leftover-spanner-on-style-change-crash2.html

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::styleDidChange):

rendering/RenderElement.cpp:

(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded):

rendering/RenderElement.h:
rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::normalizeTreeAfterStyleChange):

LayoutTests:

fast/multicol/leftover-spanner-on-style-change-crash-expected.txt: Added.
fast/multicol/leftover-spanner-on-style-change-crash.html: Added.
fast/multicol/leftover-spanner-on-style-change-crash2-expected.txt: Added.
fast/multicol/leftover-spanner-on-style-change-crash2.html: Added.

8:35 AM Changeset in webkit [289156] by graouts@webkit.org

6 edits in trunk/Source/WebCore

[Web Animations] DocumentTimeline::getAnimatedStyle() should be on Styleable
https://bugs.webkit.org/show_bug.cgi?id=236176

Reviewed by Dean Jackson.

There is no need to go through the DocumentTimeline to compute the animated
style for a renderer. Styleable is a more appropriate place for this.

animation/DocumentTimeline.cpp:

(WebCore::DocumentTimeline::animatedStyleForRenderer): Deleted.

animation/DocumentTimeline.h:
rendering/RenderElement.cpp:

(WebCore::RenderElement::animatedStyle):

style/Styleable.cpp:

(WebCore::Styleable::computeAnimatedStyle const):

style/Styleable.h:

8:28 AM Changeset in webkit [289155] by Alan Bujtas

5 edits in trunk/Source/WebCore

[LFC][IFC] Move all the line box vertical alignment logic to LineBoxVerticalAligner
https://bugs.webkit.org/show_bug.cgi?id=236171

Reviewed by Antti Koivisto.

This patch is in preparation for adding ideographic baseline support (vertical writing mode).

LineBoxBuilder::constructAndAlignInlineLevelBoxes has grown large and it's time to move some
code out of this function (the "align" part). Now all the vertical alignment logic, including
the check for simplified vertical alignment is part of the LineBoxVerticalAligner class.
While in this patch we initiate an extra loop on LineBox::nonRootInlineLevelBoxes(), it may very well be a
perf win for the most common cases where the root inline box has no child inline boxes at all
(as previously we called updateCanUseSimplifiedAlignment() on every text run by passing in the parent inline box).

layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:

(WebCore::Layout::LineBoxBuilder::build):
(WebCore::Layout::LineBoxBuilder::constructInlineLevelBoxes):
(WebCore::Layout::LineBoxBuilder::constructAndAlignInlineLevelBoxes): Deleted.

layout/formattingContexts/inline/InlineLineBoxBuilder.h:
layout/formattingContexts/inline/InlineLineBoxVerticalAligner.cpp:

(WebCore::Layout::LineBoxVerticalAligner::LineBoxVerticalAligner):
(WebCore::Layout::LineBoxVerticalAligner::computeLogicalHeightAndAlign const):
(WebCore::Layout::LineBoxVerticalAligner::canUseSimplifiedAlignmentForInlineLevelBox): Deleted.

layout/formattingContexts/inline/InlineLineBoxVerticalAligner.h:

(WebCore::Layout::LineBoxVerticalAligner::formattingContext const):
(WebCore::Layout::LineBoxVerticalAligner::layoutState const):

3:24 AM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

1:25 AM Changeset in webkit [289154] by commit-queue@webkit.org

16 edits
3 deletes in trunk

[Flatpak SDK] Update to FDO 21.08.10 and GStreamer 1.20 releases
https://bugs.webkit.org/show_bug.cgi?id=236136

Patch by Philippe Normand <pnormand@igalia.com> on 2022-02-05
Reviewed by Adrian Perez de Castro.

Source/WebCore:

Switch GStreamer 1.19 version checks to 1.20 now that it is officially released. Also
include a couple fixes that are needed with GStreamer 1.20 and one that is useful whatever
the GStreamer version:

GStreamer 1.20 ships a vp8alphadecodebin element able to handle video/x-vp8 caps, so our libwebrtc decoder factory needs to account for its presence, in addition to vp8dec.
With GStreamer 1.20 media/media-source/media-source-seek-back.html started racy crashing in the VideoTrackPrivateGStreamer configuration update, where the track was disconnected (hence its stream was cleared) and then a GObject notification was emitted by decodebin3. We should actually disconnect the GObject signal handlers before clearing the stream, to prevent potential null pointer access.

platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:

(WebCore::AudioFileReader::handleNewDeinterleavePad):

platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:

(WebCore::AudioSourceProviderGStreamer::handleNewDeinterleavePad):

platform/graphics/gstreamer/AudioTrackPrivateGStreamer.cpp:

(WebCore::AudioTrackPrivateGStreamer::updateConfigurationFromCaps):
(WebCore::AudioTrackPrivateGStreamer::disconnect):

platform/graphics/gstreamer/GStreamerCommon.h:
platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:

(WebCore::ImageDecoderGStreamer::InnerDecoder::connectDecoderPad):

platform/graphics/gstreamer/VideoTrackPrivateGStreamer.cpp:

(WebCore::VideoTrackPrivateGStreamer::updateConfigurationFromCaps):
(WebCore::VideoTrackPrivateGStreamer::disconnect):

platform/mediastream/libwebrtc/gstreamer/GStreamerVideoDecoderFactory.cpp:

(WebCore::VP8Decoder::Create):

Tools/buildstream:

Update from GStreamer 1.18.5 to 1.20.0, along with the FDO SDK 21.08.10 release, allowing us
to remove 3 vendored patches, all upstreamed.

elements/freedesktop-sdk.bst:
elements/sdk/gst-libav.bst:
elements/sdk/gst-plugins-bad.bst:
elements/sdk/gst-plugins-base.bst:
elements/sdk/gst-plugins-good.bst:
elements/sdk/gst-plugins-ugly.bst:
elements/sdk/gstreamer.bst:
patches/0001-binutils-import-upstream-patches-for-thin-archive-su.patch: Removed.
patches/gst-plugins-bad-0001-debugutils-Add-fakeaudiosink-element.patch: Removed.
patches/gstreamer-0001-devicemonitor-Stop-only-the-already-started-provider.patch: Removed.

12:10 AM Changeset in webkit [289153] by beidson@apple.com

18 edits in trunk/Source

Notification refactoring
https://bugs.webkit.org/show_bug.cgi?id=236169

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No behavior change)

Some "no behavior change" refactors broken out from an upcoming larger patch, including:

Make Notification objects reliant on ScriptExecutionContext instead of Document
Give them a direct path to a NotificationClient instead of having to go through a Page's NotificationController
Give ScriptExecutionContext's a sessionID() accessor for future use
Some Notification object threading hardening

Modules/notifications/Notification.cpp:

(WebCore::Notification::create):
(WebCore::Notification::Notification):
(WebCore::Notification::show):
(WebCore::Notification::close):
(WebCore::Notification::clientFromContext):
(WebCore::Notification::stop):
(WebCore::Notification::dispatchErrorEvent):
(WebCore::Notification::permission):
(WebCore::Notification::requestPermission):
(WebCore::Notification::data const):
(WebCore::Notification::document const): Deleted.

Modules/notifications/Notification.h:

Modules/notifications/NotificationClient.h:

Modules/notifications/NotificationData.h:

(WebCore::NotificationData::encode const):
(WebCore::NotificationData::decode):

dom/Document.cpp:

(WebCore::Document::notificationClient):
(WebCore::Document::sessionID const):

dom/Document.h:

dom/ScriptExecutionContext.h:

(WebCore::ScriptExecutionContext::isServiceWorkerGlobalScope const):
(WebCore::ScriptExecutionContext::notificationClient):
(WebCore::ScriptExecutionContext::sessionID const):

workers/WorkerThread.h:

workers/service/ServiceWorkerGlobalScope.cpp:

(WebCore::ServiceWorkerGlobalScope::create):
(WebCore::ServiceWorkerGlobalScope::ServiceWorkerGlobalScope):

workers/service/ServiceWorkerGlobalScope.h:

workers/service/context/ServiceWorkerThread.cpp:

(WebCore::generateWorkerParameters):
(WebCore::ServiceWorkerThread::ServiceWorkerThread):
(WebCore::m_notificationClient):
(WebCore::ServiceWorkerThread::createWorkerGlobalScope):

workers/service/context/ServiceWorkerThread.h:

workers/service/context/ServiceWorkerThreadProxy.cpp:

(WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):

workers/service/context/ServiceWorkerThreadProxy.h:

Source/WebKit:

WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::WebSWContextManagerConnection::installServiceWorker):

Feb 4, 2022:

11:26 PM Changeset in webkit [289152] by ysuzuki@apple.com

9 edits in trunk

WeakRef deref can return null instead of undefined
https://bugs.webkit.org/show_bug.cgi?id=235880

Reviewed by Sam Weinig and Alexey Shvayka.

JSTests:

stress/v8-finalizationregistry-and-weakref.js:

(setTimeout):

Source/JavaScriptCore:

WeakRef#deref should return undefined[1] when a wrapped object is collected.

[1]: https://tc39.es/ecma262/#sec-weakrefderef

runtime/WeakObjectRefPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

LayoutTests:

js/script-tests/weakref-async-is-collected.js:

(async test):

js/script-tests/weakref-eventually-collects-values.js:

(let.weakRefs.async test):

js/script-tests/weakref-finalizationregistry.js:

(async test):

js/script-tests/weakref-microtasks-dont-collect.js:

(async test):

10:38 PM Changeset in webkit [289151] by mmaxfield@apple.com

5 edits
2 adds in trunk

ch unit fallback size doesn't match the spec
https://bugs.webkit.org/show_bug.cgi?id=236073
<rdar://problem/88513297>

Reviewed by Cameron McCormack.

Source/WebCore:

The spec (https://drafts.csswg.org/css-values-4/#ch) says:

In the cases where it is impossible or impractical to determine the measure of the â0â glyph, it must be assumed to be 0.5em wide

Test: fast/text/ch-unit-without-zero-glyph.html

css/CSSPrimitiveValue.cpp:

(WebCore::CSSPrimitiveValue::computeUnzoomedNonCalcLengthDouble):
(WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble):

platform/graphics/Font.cpp:

(WebCore::Font::platformGlyphInit):

platform/graphics/FontMetrics.h:

(WebCore::FontMetrics::zeroWidth const):
(WebCore::FontMetrics::reset):

LayoutTests:

This can't be a WPT test because it uses an SVG font which we're the only browser to support.

fast/text/ch-unit-without-zero-glyph-expected.html: Added.
fast/text/ch-unit-without-zero-glyph.html: Added.

10:11 PM Changeset in webkit [289150] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

Don't use adattributiond on iOS
https://bugs.webkit.org/show_bug.cgi?id=236157

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-04
Reviewed by John Wilander.

It is still having configuration issues such as rdar://88334217

UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp:

(WebKit::WebsiteDataStoreConfiguration::WebsiteDataStoreConfiguration):

9:32 PM Changeset in webkit [289149] by eric.carlson@apple.com

9 edits in trunk/Source/WebCore

Update MediaStreamTrack understanding of source type
https://bugs.webkit.org/show_bug.cgi?id=236165
<rdar://problem/88513632>

Reviewed by Jer Noble.

Before bug 235838, RealtimeMediaSource::Type was either Audio or Video. That bug
added new types for screen, window, and system audio capture, but MediaStreamTrack
wasn't updated to account for them. Instead of checking a source's type, use the new
hasAudio and 'hasVideo` methods.

No new tests, covered by existing tests.

Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::getAudioTracks const):
(WebCore::MediaStream::getVideoTracks const):
(WebCore::MediaStream::filteredTracks const):
(WebCore::MediaStream::trackVectorForType const): Deleted.

Modules/mediastream/MediaStream.h:

Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::MediaStreamTrack):
(WebCore::MediaStreamTrack::~MediaStreamTrack):
(WebCore::MediaStreamTrack::kind const):
(WebCore::MediaStreamTrack::setContentHint):
(WebCore::MediaStreamTrack::trackEnded):
(WebCore::MediaStreamTrack::isCapturingAudio const):

Modules/mediastream/MediaStreamTrack.h:

(WebCore::MediaStreamTrack::hasVideo const):
(WebCore::MediaStreamTrack::hasAudio const):

platform/mediastream/MediaStreamTrackPrivate.h:

platform/mediastream/RealtimeMediaSource.cpp:

(WebCore::RealtimeMediaSource::setType):

platform/mediastream/RealtimeMediaSource.h:

platform/mediastream/cocoa/DisplayCaptureSourceCocoa.cpp:

(WebCore::sourceTypeForDevice):
(WebCore::DisplayCaptureSourceCocoa::DisplayCaptureSourceCocoa): Set the correct
source type.

8:04 PM Changeset in webkit [289148] by weinig@apple.com

2 edits in trunk/Source/WTF

Make isNaNConstExpr actually constexpr
https://bugs.webkit.org/show_bug.cgi?id=236162

Reviewed by Darin Adler.

wtf/MathExtras.h:

(WTF::isNaNConstExpr): Add missing constexpr.

7:30 PM Changeset in webkit [289147] by pvollan@apple.com

7 edits in trunk/Source/WebKit

[AX] Stop creating sandbox extensions for preference services
https://bugs.webkit.org/show_bug.cgi?id=232956
<rdar://problem/85260698>

Reviewed by Geoffrey Garen.

Stop creating sandbox extensions for preference services when AX is enabled. There have been many code changes
related to updating AX preferences in the WebContent process, which is why we think this is not needed anymore.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::WebProcessPool::registerNotificationObservers):

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

WebProcess/com.apple.WebProcess.sb.in:

6:54 PM Changeset in webkit [289146] by Simon Fraser

9 edits in trunk/Source/WebKit

Lay the groundwork for markLayersVolatileImmediatelyIfPossible() being an asynchronous operation
https://bugs.webkit.org/show_bug.cgi?id=236034

Reviewed by Tim Horton.

With DOM rendering in the GPU Process, markLayersVolatileImmediatelyIfPossible() will need
to do IPC to mark surfaces volatile, and we want that to be async IPC. So change the plumbing from
WebPage to RemoteLayerBackingStoreCollection to be callback-based, with a completion handler.

Shared/RemoteLayerTree/RemoteLayerBackingStoreCollection.h:
Shared/RemoteLayerTree/RemoteLayerBackingStoreCollection.mm:

(WebKit::RemoteLayerBackingStoreCollection::tryMarkAllBackingStoreVolatile):
(WebKit::RemoteLayerBackingStoreCollection::markAllBackingStoreVolatileImmediatelyIfPossible): Deleted.

WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::tryMarkLayersVolatile):

WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::markLayersVolatileImmediatelyIfPossible): Deleted.

WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::tryMarkLayersVolatile):
(WebKit::RemoteLayerTreeDrawingArea::markLayersVolatileImmediatelyIfPossible): Deleted.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::tryMarkLayersVolatile):
(WebKit::WebPage::layerVolatilityTimerFired):
(WebKit::WebPage::markLayersVolatile):
(WebKit::WebPage::markLayersVolatileOrRetry):
(WebKit::WebPage::tryMarkLayersVolatileCompletionHandler):
(WebKit::WebPage::markLayersVolatileImmediatelyIfPossible): Deleted.

WebProcess/WebPage/WebPage.h:

5:55 PM Changeset in webkit [289145] by ysuzuki@apple.com

2 edits in trunk/Source/bmalloc

[libpas] Use os_unfair_lock instead of spinlock
https://bugs.webkit.org/show_bug.cgi?id=236158

Reviewed by Geoffrey Garen.

os_unfair_lock is very fast while it can properly suspend threads.
A/B test result was neutral on Speedometer2 and JetStream2. So, to
reduce unnecessary CPU spins, let's replace spinlock with os_unfair_lock
if it is supported (if OS is Darwin).

libpas/src/libpas/pas_config.h:

4:51 PM Changeset in webkit [289144] by ysuzuki@apple.com

4 edits in trunk/Source/bmalloc

[libpas] allocation failure crash should be PAS_NEVER_INLINE
https://bugs.webkit.org/show_bug.cgi?id=236164

Reviewed by Saam Barati.

We introduce pas_allocation_result_crash_on_error function which can leave OOM crash
information in the crash log. To keep this non-inlined, we annotate it PAS_NEVER_INLINE.

libpas/src/libpas/pas_allocation_result.h:

(pas_allocation_result_crash_on_error):

libpas/src/libpas/pas_utils.c:

(pas_panic_on_out_of_memory_error):

libpas/src/libpas/pas_utils.h:

4:48 PM Changeset in webkit [289143] by commit-queue@webkit.org

2 edits in trunk/Tools

Add test for the fix in https://bugs.webkit.org/show_bug.cgi?id=235928
https://bugs.webkit.org/show_bug.cgi?id=236152

Patch by Matt Gilligan <matthew_gilligan@apple.com> on 2022-02-04
Reviewed by Tim Horton.

TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm:

(TestWebKitAPI::TEST):

4:28 PM Changeset in webkit [289142] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

[macOS] ScreenCaptureKitCaptureSource only outputs one frame
https://bugs.webkit.org/show_bug.cgi?id=236161
<rdar://problem/88510634>

Reviewed by Jer Noble.

Don't WTFMove() a lambda-captured variable if the lambda will be called again.

platform/mediastream/mac/ScreenCaptureKitCaptureSource.mm:

(WebCore::ScreenCaptureKitCaptureSource::frameAvailableHandler):

4:05 PM Changeset in webkit [289141] by jonlee@apple.com

65 edits in trunk/LayoutTests/imported/w3c

Unreviewed, land missing baseline for Shared Worker test.

Patch by Chris Dumez <Chris Dumez> on 2022-02-04

web-platform-tests/service-workers/service-worker/claim-shared-worker-fetch.https-expected.txt: Added.

3:39 PM Changeset in webkit [289140] by commit-queue@webkit.org

19 edits in trunk

REGRESSION(r280077): [GTK] It caused 155 new test failures
https://bugs.webkit.org/show_bug.cgi?id=228153

Patch by Arcady Goldmints-Orlov <Arcady Goldmints-Orlov> on 2022-02-04
Reviewed by Michael Catanzaro.

Source/WebKit:

Pass the GTKSettingsState in the WebProcessCreationParameters rather
than the WebPageCreationParameters, to ensure the correct GTK settings
are always applied in a new WebProcess.

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode const):
(WebKit::WebPageCreationParameters::decode):

Shared/WebPageCreationParameters.h:
Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

Shared/WebProcessCreationParameters.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):

UIProcess/glib/WebProcessPoolGLib.cpp:

(WebKit::WebProcessPool::platformInitializeWebProcess):

WebProcess/WebPage/WebPage.cpp:

(WebKit::m_appHighlightsVisible):
(WebKit::WebPage::reinitializeWebPage):

WebProcess/glib/WebProcessGLib.cpp:

(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

Move initializeGtkSettings() from the InjectedBundle to the test runner,
since GTK settings are automatically propagated from the UI process to
the web processes.

WebKitTestRunner/InjectedBundle/gtk/ActivateFontsGtk.cpp:

(WTR::activateFonts):
(WTR::initializeGtkSettings): Deleted.

WebKitTestRunner/gtk/main.cpp:

(initializeGtkSettings):
(main):

LayoutTests:

platform/glib/TestExpectations:
platform/gtk/TestExpectations: Garden tests that no longer fail.
platform/gtk/css1/font_properties/font-expected.txt:
platform/gtk/css1/pseudo/multiple_pseudo_elements-expected.txt:
platform/gtk/imported/w3c/web-platform-tests/css/css-fonts/animations/system-fonts-expected.txt:
platform/wpe/TestExpectations:

3:21 PM Changeset in webkit [289139] by Ben Nham

9 edits
3 adds in trunk

Add PushDatabase
https://bugs.webkit.org/show_bug.cgi?id=234194

Reviewed by Brady Eidson.

Source/WebCore:

This adds a persistence layer for push subscriptions stored in webpushd. The operations
that we support for now are:

inserting a record (used when subscribing)
removing a record (used when unsubscribing)
retrieving a record (used when receiving a push)
enumerating all records by wake state (used to provide the push service the list of all topics that we are subscribed to by wake state)

There are two basic data types in this data model:

Subscriptions, which are uniquely identified by (bundleID, serviceWorkerScope). This stores data that is unique to each subscription, e.g. encryption keys and the HTTP endpoint used by the server to send pushes to this subscription.
SubscriptionSets, which encompass one or more Subscriptions, and are uniquely identified by (bundleID, securityOrigin). This stores state this common to multiple subscriptions, e.g. whether or not all pushes sent by a particular origin should be non-waking.

For instance, suppose webkit.org in Safari has two service worker registrations scoped to
webkit.org/foo and webkit.org/bar. Each registration has successfully registered for push.
This would result in three rows in the database:

Subscription row identified by (bundleID=safari, scope=webkit.org/foo)
Subscription row identified by (bundleID=safari, scope=webkit.org/bar)
SubscriptionSet row identified by (bundleID=safari, securityOrigin=webkit.org)

Both subscriptions (1) and (2) are part of the subscription set (3).

Covered by new API tests.

Headers.cmake:
Modules/push-api/PushDatabase.cpp: Added.

(WebCore::PushRecord::isolatedCopy const):
(WebCore::PushRecord::isolatedCopy):
(WebCore::openAndMigrateDatabaseImpl):
(WebCore::openAndMigrateDatabase):
(WebCore::PushDatabase::create):
(WebCore::PushDatabase::PushDatabase):
(WebCore::PushDatabase::~PushDatabase):
(WebCore::PushDatabase::dispatchOnWorkQueue):
(WebCore::PushDatabase::cachedStatementOnQueue):
(WebCore::bindExpirationTime):
(WebCore::expirationTimeFromValue):
(WebCore::completeOnMainQueue):
(WebCore::PushDatabase::insertRecord):
(WebCore::PushDatabase::removeRecordByIdentifier):
(WebCore::makePushRecordFromRow):
(WebCore::PushDatabase::getRecordByTopic):
(WebCore::PushDatabase::getRecordByBundleIdentifierAndScope):
(WebCore::PushDatabase::getIdentifiers):
(WebCore::PushDatabase::getTopicsByWakeState):

Modules/push-api/PushDatabase.h: Added.
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
platform/Logging.h:
platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::inMemoryPath):
(WebCore::SQLiteDatabase::open):

platform/sql/SQLiteDatabase.h:

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebCore/PushDatabase.cpp: Added.

(TestWebKitAPI::getTopicsByWakeStateSync):
(TestWebKitAPI::PushDatabaseTest::insertRecord):
(TestWebKitAPI::PushDatabaseTest::removeRecordByRowIdentifier):
(TestWebKitAPI::PushDatabaseTest::getRecordByTopic):
(TestWebKitAPI::PushDatabaseTest::getRecordByBundleIdentifierAndScope):
(TestWebKitAPI::PushDatabaseTest::getRowIdentifiers):
(TestWebKitAPI::PushDatabaseTest::getTopicsByWakeState):
(TestWebKitAPI::operator==):
(TestWebKitAPI::TEST_F):
(TestWebKitAPI::makeTemporaryDatabasePath):
(TestWebKitAPI::TEST):

2:49 PM Changeset in webkit [289138] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

Unreviewed, reverting r289124.
https://bugs.webkit.org/show_bug.cgi?id=236160

Introduced crash

Reverted changeset:

"[macOS][WP] Add telemetry for syscalls used during launch"
https://bugs.webkit.org/show_bug.cgi?id=235865
https://commits.webkit.org/r289124

2:17 PM Changeset in webkit [289137] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Block access to syscalls that are only used during launch
https://bugs.webkit.org/show_bug.cgi?id=236102
<rdar://problem/88454893>

Reviewed by Brent Fulgham.

On iOS, block access to 12 Unix syscalls and 4 Mach syscalls after the WebContent process has finished launching.
These syscalls are only used during launch.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

1:34 PM Changeset in webkit [289136] by Alan Coon

1 copy in tags/Safari-614.1.2

Tag Safari-614.1.2.

1:29 PM Changeset in webkit [289135] by commit-queue@webkit.org

6 edits
2 deletes in trunk

Unreviewed, reverting r289098.
https://bugs.webkit.org/show_bug.cgi?id=236154

caused some unexpected crashes

Reverted changeset:

"[RenderTreeBuilder] Clean up column spanners when style
change affects containing block"
https://bugs.webkit.org/show_bug.cgi?id=236042
https://commits.webkit.org/r289098

11:50 AM Changeset in webkit [289134] by commit-queue@webkit.org

19 edits in trunk/Source

Remember whether cached main resources used private relay when considering whether to call _setPrivacyProxyFailClosed
https://bugs.webkit.org/show_bug.cgi?id=236125

Patch by Alex Christensen <achristensen@webkit.org> on 2022-02-04
Reviewed by Geoffrey Garen.

Source/WebCore:

Use an unused bit on disk to remember whether the response was originally received over private relay.
Also, instead of remembering on the main frame's DocumentLoader, remember on the WebProcess.
This makes it so if you enter the same URL twice, which loads from the MemoryCache from different WebCore::Pages, it still remembers.
If you load a different domain, it will load in a different WebProcess anyways, at which point you will not be using the same MemoryCache.

loader/DocumentLoader.h:

(WebCore::DocumentLoader::setMainResourceWasPrivateRelayed): Deleted.
(WebCore::DocumentLoader::mainResourceWasPrivateRelayed const): Deleted.

Source/WebKit:

NetworkProcess/NetworkLoadParameters.h:
NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didReceiveResponse):
(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):

NetworkProcess/NetworkResourceLoader.h:
NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::makeEntry):
(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::update):

NetworkProcess/cache/NetworkCache.h:
NetworkProcess/cache/NetworkCacheEntry.cpp:

(WebKit::NetworkCache::Entry::Entry):
(WebKit::NetworkCache::Entry::encodeAsStorageRecord const):
(WebKit::NetworkCache::Entry::decodeStorageRecord):

NetworkProcess/cache/NetworkCacheEntry.h:

(WebKit::NetworkCache::Entry::privateRelayed const):

NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::didReceiveResponse):
(WebKit::NetworkCache::SpeculativeLoad::didFinishLoading):

NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:
NetworkProcess/cache/PrefetchCache.cpp:

(WebKit::PrefetchCache::Entry::Entry):
(WebKit::PrefetchCache::store):

NetworkProcess/cache/PrefetchCache.h:
NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::addParametersShared):

WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponse):

WebProcess/WebProcess.h:

(WebKit::WebProcess::setHadMainFrameMainResourcePrivateRelayed):
(WebKit::WebProcess::hadMainFrameMainResourcePrivateRelayed const):

11:46 AM Changeset in webkit [289133] by commit-queue@webkit.org

2 edits in trunk/Tools

Unreviewed, reverting r289067.
https://bugs.webkit.org/show_bug.cgi?id=236149

Broke WinCairo LayoutTests

Reverted changeset:

"REGRESSION(r288878)
webkitpy.layout_tests.controllers.layout_test_finder_legacy_unittest.LayoutTestFinderTests
tests are failing with Windows Python"
https://bugs.webkit.org/show_bug.cgi?id=236043
https://commits.webkit.org/r289067

11:36 AM Changeset in webkit [289132] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][Integration] Input geometry to layout (BoxGeometry) should be all logical
https://bugs.webkit.org/show_bug.cgi?id=236120

Reviewed by Antti Koivisto.

Now (after adding support for inline base direction), it's clear that BoxGeometry, as input to inline line layout,
should hold logical values only (this is somewhat of a revert of r269818).
It also fixes ~40 tests under imported/w3c/web-platform-tests/css/css-writing-modes.

(WebCore::LayoutIntegration::LineLayout::updateLayoutBoxDimensions): We need logical vs. visual flip based on
in what writing direction the box lives in and not what it establishes for its descendants.

11:19 AM Changeset in webkit [289131] by Andres Gonzalez

4 edits in trunk/Source/WebCore

Cache some expensive AXIsolatedObject properties lazily.
https://bugs.webkit.org/show_bug.cgi?id=236115
<rdar://problem/88467667>

Reviewed by Chris Fleizach.

Some properties can be very expensive to compute for every object, and
may not even be used by the clients. Furthermore
descriptionAttributeValue() and titleAttributeValue() call
textUnderElement() which may crash if it is called in the middle of a
layout. This is the actual cause of
https://bugs.webkit.org/show_bug.cgi?id=220446.
In this patch, we delay the computation and caching of these two
properties until they are first requested. This solves both the wasteful
computation if these properties are not used, and more importantly the
crash in the above mentioned bug.
This is a follow up change to:
https://bugs.webkit.org/show_bug.cgi?id=236053

accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::getOrRetrieveStringPropertyValue):
New method to lazily retrieve and cache any String property.
(WebCore::AXIsolatedObject::innerHTML const): Uses getOrRetrieveStringPropertyValue.
(WebCore::AXIsolatedObject::outerHTML const): Dito.

accessibility/isolatedtree/AXIsolatedObject.h:
accessibility/isolatedtree/mac/AXIsolatedObjectMac.mm:

(WebCore::AXIsolatedObject::initializePlatformProperties):
No longer caches the above mentioned properties.
(WebCore::AXIsolatedObject::descriptionAttributeValue const): Uses getOrRetrieveStringPropertyValue.
(WebCore::AXIsolatedObject::titleAttributeValue const): Dito.

10:58 AM Changeset in webkit [289130] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

Unreviewed, reverting r289069.
https://bugs.webkit.org/show_bug.cgi?id=236146

Introduced sandbox violation

Reverted changeset:

"[iOS][WP] Enable sandbox state rules for Mach messages"
https://bugs.webkit.org/show_bug.cgi?id=236027
https://commits.webkit.org/r289069

10:53 AM Changeset in webkit [289129] by Alexander Mikhaylenko

14 edits in trunk

[GTK] Crash when starting DND on touchscreen
https://bugs.webkit.org/show_bug.cgi?id=235694

Reviewed by Adrian Perez de Castro.

Source/WebCore:

page/DragController.cpp:

(WebCore::DragController::startDrag):
Skip drags for touch events on GTK.

platform/PlatformMouseEvent.h:

(WebCore::PlatformMouseEvent::isTouchEvent const):

Source/WebKit:

Drag-n-drop on touch has never worked correctly in GTK, and is usually
just disabled. Do the same thing and ignore it for synthesized mouse
events.

Shared/NativeWebMouseEvent.h:
Shared/WebEventConversion.cpp:

(WebKit::WebKit2PlatformMouseEvent::WebKit2PlatformMouseEvent):

Shared/WebMouseEvent.cpp:

(WebKit::WebMouseEvent::WebMouseEvent):
(WebKit::WebMouseEvent::encode const):
(WebKit::WebMouseEvent::decode):

Shared/WebMouseEvent.h:

(WebKit::WebMouseEvent::isTouchEvent const):

Shared/gtk/NativeWebMouseEventGtk.cpp:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchRelease):
(webkitWebViewBaseTouchDragUpdate):
(webkitWebViewBaseTouchDragEnd):
(webkitWebViewBaseSynthesizeMouseEvent):

UIProcess/API/gtk/WebKitWebViewBaseInternal.h:
UIProcess/gtk/PointerLockManager.cpp:

(WebKit::PointerLockManager::handleMotion):

Tools:

TestWebKitAPI/glib/CMakeLists.txt: Define BUILDING_TestWebKit

10:50 AM Changeset in webkit [289128] by chris.reid@sony.com

6 edits in trunk/Source

Revert some structured binding workarounds with Clang
https://bugs.webkit.org/show_bug.cgi?id=236098

Reviewed by Sam Weinig.

Revert structured bindings workarounds made in r288309, r261572, r249524 now that this is fixed in clang.

Source/WebCore:

Modules/indexeddb/server/MemoryObjectStore.cpp:
Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
inspector/agents/InspectorNetworkAgent.cpp:

Source/WebKit:

NetworkProcess/storage/StorageAreaBase.cpp:

10:42 AM Changeset in webkit [289127] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit

Unreviewed, reverting r289125.
https://bugs.webkit.org/show_bug.cgi?id=236145

Introduced sandbox violation

Reverted changeset:

"[iOS][WP] Block access to syscalls that are only used during
launch"
https://bugs.webkit.org/show_bug.cgi?id=236102
https://commits.webkit.org/r289125

10:23 AM Changeset in webkit [289126] by ntim@apple.com

1 edit
5 adds in trunk/Websites/webkit.org

Add <dialog> element demos for blog post
https://bugs.webkit.org/show_bug.cgi?id=236143

Reviewed by Simon Fraser.

demos/dialog-element/confirmation-dialog-basic.html: Added.
demos/dialog-element/confirmation-dialog-form.html: Added.
demos/dialog-element/dark-theme.css: Added.

(body):
(@media (prefers-color-scheme: dark) dialog):

demos/dialog-element/styled-dialog.html: Added.

10:21 AM Changeset in webkit [289125] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Block access to syscalls that are only used during launch
https://bugs.webkit.org/show_bug.cgi?id=236102
<rdar://problem/88454893>

Reviewed by Brent Fulgham.

On iOS, block access to 12 Unix syscalls and 4 Mach syscalls after the WebContent process has finished launching.
These syscalls are only used during launch.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

10:19 AM Changeset in webkit [289124] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[macOS][WP] Add telemetry for syscalls used during launch
https://bugs.webkit.org/show_bug.cgi?id=235865
<rdar://problem/88228583>

Reviewed by Brent Fulgham.

Add telemetry in the WebContent process' sandbox on macOS to determine which syscalls are used only during launch.

WebProcess/com.apple.WebProcess.sb.in:

10:17 AM Changeset in webkit [289123] by pvollan@apple.com

4 edits in trunk/Source/WebKit

[iOS][macOS] Adjust sysctl sandbox access
https://bugs.webkit.org/show_bug.cgi?id=236082
<rdar://problem/88436174>

Reviewed by Brent Fulgham.

Adjust sysctl sandbox access based on telemetry.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

9:26 AM Changeset in webkit [289122] by weinig@apple.com

9 edits
2 adds in trunk

Gradients don't correctly interpolate missing/none color components correctly
https://bugs.webkit.org/show_bug.cgi?id=236025

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/gradients/gradient-with-missing-components.html

platform/graphics/Color.cpp:

(WebCore::Color::anyComponentIsNone const):

platform/graphics/Color.h:

Add helper to check if any component is 'none'.

platform/graphics/ColorComponents.h:

(WebCore::operator==):
Update operator== for ColorComponents to be none-aware and treat
two components that are both none as equal.

platform/graphics/ColorTypes.h:

(WebCore::assertInRange):
(WebCore::constexprIsNaN): Deleted.
Adopt shared version of the constexpr isnan.

platform/graphics/cg/GradientRendererCG.cpp:

(WebCore::anyComponentIsNone):
(WebCore::GradientRendererCG::pickStrategy const):
(WebCore::GradientRendererCG::makeShading const):
Use the CGShaderRef strategy if any component of any stop is none, as it
is the only one that currently supports it correctly. Ensure none is preserved
by utilizing the unresolved component values. This can be optimized in the
future by preprocessing the color stops to pre-resolve the none components,
even allowing the CGGradientRef path to be used for supported cases.

Source/WTF:

Move isNaNConstExpr to MathExtras.h from WebCore so it can used in multiple places.

wtf/MathExtras.h:

(WTF::isNaNConstExpr):

LayoutTests:

Add tests of gradients with explicit 'none' components in some of the colors.

fast/gradients/gradient-with-missing-components-expected.html: Added.
fast/gradients/gradient-with-missing-components.html: Added.

9:06 AM Changeset in webkit [289121] by Kate Cheney

5 edits
5 adds in trunk

Fix App Privacy Report redirect attribution
https://bugs.webkit.org/show_bug.cgi?id=236111

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/app-privacy-report/user-attribution-redirect.html
Test: http/tests/app-privacy-report/app-attribution-redirect.html

platform/network/cf/ResourceRequestCFNet.cpp:

(WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties):

Source/WebKit:

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):

LayoutTests:

http/tests/app-privacy-report/resources/redirect.js: Added.
http/tests/app-privacy-report/app-attribution-redirect-expected.txt: Added.
http/tests/app-privacy-report/app-attribution-redirect.html: Added.
http/tests/app-privacy-report/user-attribution-redirect-expected.txt: Added.
http/tests/app-privacy-report/user-attribution-redirect.html: Added.

9:04 AM Changeset in webkit [289120] by Chris Dumez

1 edit
1 add in trunk/LayoutTests/imported/w3c

Unreviewed, land missing baseline for Shared Worker test.

web-platform-tests/service-workers/service-worker/claim-shared-worker-fetch.https-expected.txt: Added.

9:02 AM Changeset in webkit [289119] by Chris Dumez

12 edits
2 adds in trunk/LayoutTests

Unreviewed, unskip more Shared Worker layout tests on WK2.

LayoutTests/imported/w3c:

web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub-expected.txt: Added.
web-platform-tests/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub-expected.txt: Added.
web-platform-tests/eventsource/shared-worker/eventsource-close-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-constructor-non-same-origin-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-eventtarget-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-onmessage-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-onopen-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-prototype-expected.txt:
web-platform-tests/eventsource/shared-worker/eventsource-url-expected.txt:

LayoutTests:

TestExpectations:
platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:

8:50 AM Changeset in webkit [289118] by commit-queue@webkit.org

3 edits in trunk/Tools/buildstream

[Flatpak SDK] Extension points for the Flatpak Sparkle-CDM extension
https://bugs.webkit.org/show_bug.cgi?id=235490

Patch by Philippe Normand <pnormand@igalia.com> on 2022-02-04
Reviewed by Adrian Perez de Castro.

Allow Sparkle-CDM extension in Sdk/Platform runtimes. A follow-up patch will add support for
the extension installation.

elements/flatpak/platform.bst:
elements/flatpak/sdk.bst:

8:41 AM Changeset in webkit [289117] by Alexey Shvayka

145 edits in trunk/Source/WebCore

[WebIDL] Rename Document / ScriptExecutionContext / GlobalObject values of [*CallWith] to include "Current"
https://bugs.webkit.org/show_bug.cgi?id=236137

Reviewed by Chris Dumez.

Before this change, _current_ realm was kinda an implicit default, which didn't
match all newer standards that use _relevant_ per recommendation for spec authors [1].

Making _relevant_ a default isn't feasible either: there are plenty usages of
[CallWith=GlobalObject] for converting JS values to WebIDL, which are correct,
and some older specs like IndexedDB require it.

Since there is no way for static operations / attributes to acquire a _relevant_
realm, this patch asserts that Relevant* values aren't used with them.

That could probably be expanded for constructors, given their "prototype"s are
unforgeable, yet before doing that we should investigate how other vendors are
handling cross-realm NewTarget.

[1] https://html.spec.whatwg.org/multipage/webappapis.html#realms-settings-objects-global-objects:concept-relevant-everything-2

No new tests, no behavior change.

Modules/WebGPU/GPUAdapter.idl:
Modules/applepay/ApplePaySession.idl:
Modules/applepay/ApplePaySetup.idl:
Modules/beacon/Navigator+Beacon.idl:
Modules/cache/WindowOrWorkerGlobalScope+Caches.idl:
Modules/encryptedmedia/MediaKeyStatusMap.idl:
Modules/encryptedmedia/MediaKeySystemAccess.idl:
Modules/encryptedmedia/MediaKeys.idl:
Modules/encryptedmedia/Navigator+EME.idl:
Modules/encryptedmedia/legacy/WebKitMediaKeys.idl:
Modules/entriesapi/DOMFileSystem.idl:
Modules/entriesapi/FileSystemDirectoryEntry.idl:
Modules/entriesapi/FileSystemDirectoryReader.idl:
Modules/entriesapi/FileSystemEntry.idl:
Modules/entriesapi/FileSystemFileEntry.idl:
Modules/entriesapi/HTMLInputElement+EntriesAPI.idl:
Modules/fetch/FetchBody.idl:
Modules/fetch/FetchRequest.idl:
Modules/fetch/FetchResponse.idl:
Modules/indexeddb/IDBCursor.idl:
Modules/indexeddb/IDBFactory.idl:
Modules/indexeddb/IDBIndex.idl:
Modules/indexeddb/IDBKeyRange.idl:
Modules/indexeddb/IDBObjectStore.idl:
Modules/mediacapabilities/MediaCapabilities.idl:
Modules/mediarecorder/MediaRecorder.idl:
Modules/mediasession/MediaMetadata.idl:
Modules/mediasession/MediaSessionPlaylistMixin.idl:
Modules/mediasource/DOMURL+MediaSource.idl:
Modules/mediasource/MediaSource.idl:
Modules/mediastream/MediaStream.idl:
Modules/mediastream/RTCPeerConnection.idl:
Modules/mediastream/RTCRtpReceiver.idl:
Modules/mediastream/RTCRtpSFrameTransform.idl:
Modules/mediastream/RTCRtpScriptTransform.idl:
Modules/mediastream/RTCRtpScriptTransformer.idl:
Modules/mediastream/RTCRtpSender.idl:
Modules/notifications/Notification.idl:
Modules/paymentrequest/MerchantValidationEvent.idl:
Modules/paymentrequest/PaymentRequest.idl:
Modules/paymentrequest/PaymentResponse.idl:
Modules/push-api/PushManager.idl:
Modules/push-api/PushMessageData.idl:
Modules/push-api/PushSubscription.idl:
Modules/speech/SpeechRecognition.idl:
Modules/speech/SpeechSynthesisUtterance.idl:
Modules/streams/WritableStream.idl:
Modules/streams/WritableStreamSink.idl:
Modules/webaudio/AudioBuffer.idl:
Modules/webaudio/AudioContext.idl:
Modules/webaudio/AudioWorkletNode.idl:
Modules/webaudio/AudioWorkletProcessor.idl:
Modules/webaudio/BaseAudioContext.idl:
Modules/webaudio/IIRFilterNode.idl:
Modules/webaudio/OfflineAudioContext.idl:
Modules/webauthn/PublicKeyCredential.idl:
Modules/websockets/WebSocket.idl:
Modules/webxr/WebXRFrame.idl:
Modules/webxr/WebXRSystem.idl:
animation/Animatable.idl:
animation/DocumentTimeline.idl:
animation/KeyframeEffect.idl:
bindings/scripts/CodeGenerator.pm:

(ExtendedAttributeContains):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateAttributeGetterBodyDefinition):
(GenerateCallWith):
(GenerateParametersCheck):

bindings/scripts/IDLAttributes.json:
bindings/scripts/test/JS/*: Updated.
bindings/scripts/test/TestInterface.idl:
bindings/scripts/test/TestLegacyFactoryFunction.idl:
bindings/scripts/test/TestMixinInterface.idl:
bindings/scripts/test/TestObj.idl:
bindings/scripts/test/TestPromiseRejectionEvent.idl:
bindings/scripts/test/TestSupplemental.idl:
crypto/SubtleCrypto.idl:
css/DOMCSSNamespace+CSSPainting.idl:
css/DOMCSSNamespace+CSSPropertiesandValues.idl:
css/DOMCSSNamespace.idl:
css/DOMMatrix.idl:
css/DOMMatrixReadOnly.idl:
css/FontFace.idl:
css/FontFaceSet.idl:
dom/AbortController.idl:
dom/AbortSignal.idl:
dom/BroadcastChannel.idl:
dom/Comment.idl:
dom/DataTransfer.idl:
dom/DataTransferItem.idl:
dom/DeviceMotionEvent.idl:
dom/DeviceOrientationEvent.idl:
dom/Document.idl:
dom/DocumentFragment.idl:
dom/Element.idl:
dom/ErrorEvent.idl:
dom/EventTarget.idl:
dom/MessageChannel.idl:
dom/MessagePort.idl:
dom/MouseEvent.idl:
dom/Range.idl:
dom/Text.idl:
fileapi/Blob.idl:
fileapi/File.idl:
fileapi/FileReader.idl:
fileapi/FileReaderSync.idl:
html/DOMURL.idl:
html/HTMLAudioElement.idl:
html/HTMLCanvasElement.idl:
html/HTMLFrameElement.idl:
html/HTMLImageElement.idl:
html/HTMLOptionElement.idl:
html/HTMLOutputElement.idl:
html/MediaController.idl:
html/OffscreenCanvas.idl:
html/track/DataCue.idl:
html/track/TextTrackCue.idl:
html/track/VTTCue.idl:
html/track/VTTRegion.idl:
inspector/CommandLineAPIHost.idl:
inspector/InspectorAuditAccessibilityObject.idl:
inspector/InspectorAuditResourcesObject.idl:
page/DOMWindow.idl:
page/EventSource.idl:
page/IntersectionObserver.idl:
page/NavigatorServiceWorker.idl:
page/NavigatorShare.idl:
page/Performance+UserTiming.idl:
page/PerformanceMark.idl:
page/PerformanceMeasure.idl:
page/PerformanceObserver.idl:
page/RemoteDOMWindow.idl:
page/ResizeObserver.idl:
page/WindowOrWorkerGlobalScope.idl:
testing/Internals.idl:
testing/ServiceWorkerInternals.idl:
testing/WebXRTest.idl:
workers/DedicatedWorkerGlobalScope.idl:
workers/Worker.idl:
workers/service/FetchEvent.idl:
workers/service/ServiceWorker.idl:
workers/service/ServiceWorkerClient.idl:
workers/service/ServiceWorkerClients.idl:
workers/service/ServiceWorkerRegistration.idl:
workers/shared/SharedWorker.idl:
worklets/PaintWorkletGlobalScope.idl:
xml/DOMParser.idl:
xml/XMLHttpRequest.idl:

8:35 AM Changeset in webkit [289116] by Chris Dumez

48 edits
32 copies
11 moves
46 adds
22 deletes in trunk

Fix WPT test importer and resync web-platform-tests/workers from upstream
https://bugs.webkit.org/show_bug.cgi?id=236101

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Resync web-platform-tests/workers from upstream a9f3552a2b771569201879ef1.

resources/import-expectations.json:
resources/resource-files.json:
web-platform-tests/workers: Updated.

Tools:

Fix WPT test importer because:

It wasn't creating tests with sharedworker.html suffix for .js tests with:
- META: global=sharedworker
- META: global=worker
It was wrongly creating tests with a serviceworker.html suffix for .js tests with:
- META: global=dedicatedworker
- META without a global (upstream WPT only generates a .html and .worker.html in such case)

Scripts/webkitpy/w3c/test_importer.py:

(TestImporter.init):
(TestImporter.readEnvironmentsForTemplateTest):

LayoutTests:

TestExpectations:

8:20 AM Changeset in webkit [289115] by Chris Dumez

2 edits
3 deletes in trunk/LayoutTests

Unreviewed, drop badly imported test due to WPT importer bug getting fixed in Bug 236101.

LayoutTests/imported/w3c:

web-platform-tests/css/filter-effects/idlharness.any.serviceworker-expected.txt: Removed.
web-platform-tests/css/filter-effects/idlharness.any.serviceworker.html: Removed.

LayoutTests:

platform/ios-wk2/imported/w3c/web-platform-tests/css/filter-effects/idlharness.any.serviceworker-expected.txt: Removed.

8:06 AM Changeset in webkit [289114] by Ben Nham

2 edits
7 adds in trunk/Source/WebKit

Import APSConnection-related SPI
https://bugs.webkit.org/show_bug.cgi?id=235856

Reviewed Youenn Fablet.

This imports the SPI declarations necessary to build against ApplePushService in WebKit. It
also includes a PushServiceConnection interface that can sit in front of APSConnection, and
a fake interface that will be fleshed out for testing purposes.

Platform/spi/Cocoa/ApplePushServiceSPI.h: Added.
WebKit.xcodeproj/project.pbxproj:
webpushd/ApplePushServiceConnection.h: Added.
webpushd/ApplePushServiceConnection.mm: Added.

(-[_WKAPSConnectionDelegate initWithConnection:]):
(-[_WKAPSConnectionDelegate connection:didReceivePublicToken:]):
(-[_WKAPSConnectionDelegate connection:didReceiveIncomingMessage:]):
(WebPushD::ApplePushServiceConnection::ApplePushServiceConnection):
(WebPushD::makeTokenInfo):
(WebPushD::ApplePushServiceConnection::subscribe):
(WebPushD::ApplePushServiceConnection::unsubscribe):
(WebPushD::ApplePushServiceConnection::enabledTopics):
(WebPushD::ApplePushServiceConnection::ignoredTopics):
(WebPushD::ApplePushServiceConnection::opportunisticTopics):
(WebPushD::ApplePushServiceConnection::nonWakingTopics):
(WebPushD::ApplePushServiceConnection::setEnabledTopics):
(WebPushD::ApplePushServiceConnection::setIgnoredTopics):
(WebPushD::ApplePushServiceConnection::setOpportunisticTopics):
(WebPushD::ApplePushServiceConnection::setNonWakingTopics):
(WebPushD::ApplePushServiceConnection::setTopicLists):

webpushd/MockPushServiceConnection.h: Added.
webpushd/MockPushServiceConnection.mm: Added.

(WebPushD::MockPushServiceConnection::MockPushServiceConnection):
(WebPushD::MockPushServiceConnection::subscribe):
(WebPushD::MockPushServiceConnection::unsubscribe):
(WebPushD::MockPushServiceConnection::enabledTopics):
(WebPushD::MockPushServiceConnection::ignoredTopics):
(WebPushD::MockPushServiceConnection::opportunisticTopics):
(WebPushD::MockPushServiceConnection::nonWakingTopics):
(WebPushD::MockPushServiceConnection::setEnabledTopics):
(WebPushD::MockPushServiceConnection::setIgnoredTopics):
(WebPushD::MockPushServiceConnection::setOpportunisticTopics):
(WebPushD::MockPushServiceConnection::setNonWakingTopics):
(WebPushD::MockPushServiceConnection::setTopicLists):

webpushd/PushServiceConnection.h: Added.
webpushd/PushServiceConnection.mm: Added.

(WebPushD::PushServiceConnection::startListeningForPushMessages):
(WebPushD::PushServiceConnection::didReceivePushMessage):

8:05 AM Changeset in webkit [289113] by pvollan@apple.com

3 edits in trunk/Source/WebKit

[iOS][macOS] Adjust sandbox access to system-fcntl
https://bugs.webkit.org/show_bug.cgi?id=236095
<rdar://problem/88448068>

Reviewed by Brent Fulgham.

Adjust sandbox access in the WebContent process to system-fcntl based on telemetry.
This patch is blocking access to some unused fcntl commands, as well as blocking
access to fcntl commands that are only used when AppCache is enabled. This is
achieved by using sandbox state variables.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

7:47 AM Changeset in webkit [289112] by commit-queue@webkit.org

6 edits
1 delete in trunk

Unreviewed, reverting r288996.
https://bugs.webkit.org/show_bug.cgi?id=236141

Causing debug asserts

Reverted changeset:

"No breakpoints hit on github.com, and some are invalid"
https://bugs.webkit.org/show_bug.cgi?id=235607
https://commits.webkit.org/r288996

6:56 AM Changeset in webkit [289111] by Jonathan Bedard

3 edits in trunk/Tools

[EWS] Rename CompileJSCWithoutPatch
https://bugs.webkit.org/show_bug.cgi?id=236104
<rdar://problem/88455463>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/steps.py:

(CompileWebKit.evaluateCommand):
(AnalyzeCompileWebKitResults.analyzeResults):
(CompileJSCWithoutChange): Renamed from CompileJSCWithoutPatch.
(CompileJSCWithoutPatch): Rename to CompileJSCWithoutChange.

Tools/CISupport/ews-build/steps_unittest.py:

Canonical link: https://commits.webkit.org/246808@main

6:50 AM Changeset in webkit [289110] by Jonathan Bedard

3 edits in trunk/Tools

[EWS] Rename RunWebKitTestsWithoutPatch
https://bugs.webkit.org/show_bug.cgi?id=236107
<rdar://problem/88459194>

Reviewed by Aakash Jain.

Tools/CISupport/ews-build/steps.py:

(ReRunWebKitTests.evaluateCommand):
(RunWebKitTestsWithoutChange): Renamed from RunWebKitTestsWithoutPatch.
(RunWebKitTestsWithoutPatch): Renamed to RunWebKitTestsWithoutChange.
(RunWebKitTestsWithoutChangeRedTree): Renamed from RunWebKitTestsWithoutPatchRedTree.
(RunWebKitTestsWithoutPatchRedTree): Renamed to RunWebKitTestsWithoutChangeRedTree.

Tools/CISupport/ews-build/steps_unittest.py:

Canonical link: https://commits.webkit.org/246807@main

5:52 AM Changeset in webkit [289109] by commit-queue@webkit.org

5 edits in trunk/Source/WebCore

[GTK][WPE] Use a Vector when defining the EGLImage attributes in the createImage
https://bugs.webkit.org/show_bug.cgi?id=236133

Patch by Alejandro G. Castro <alex@igalia.com> on 2022-02-04
Reviewed by Žan Doberšek.

No new tests, no change in behaviour

platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::createImage const): Replace the parameter
of createImage with a Vector, and use map to transform in case we
have to use the extension function.

platform/graphics/egl/GLContextEGL.h: Ditto.
platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:

(WebCore::TextureMapperPlatformLayerBuffer::TextureMapperPlatformLayerBuffer):
Fix a warning caused by the order of the parameter initialization.

platform/graphics/texmap/TextureMapperPlatformLayerDmabuf.cpp:

(WebCore::TextureMapperPlatformLayerDmabuf::validateTexture):
Replace the C array with a Vector object.

3:58 AM Changeset in webkit [289108] by svillar@igalia.com

6 edits in trunk

HTMLMediaElement should dispatch the resize event asynchronously
https://bugs.webkit.org/show_bug.cgi?id=230895

Reviewed by Darin Adler.

Source/WebCore:

The HTMLMediaElement is currently queueing a task to dispatch the resize event in the post layout phase.
There is no need to run it synchronously and we could move it to another queue were it will be run
asynchronously as it was done for other similar tasks in the past.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

LayoutTests:

media/modern-media-controls/media-controller/media-controller-resize.html: Remove the event

listener to avoid an extra notification.

platform/mac/TestExpectations: Unskipped tests that pass now.
platform/wincairo/TestExpectations: Ditto.

12:14 AM Changeset in webkit [289107] by Pablo Saavedra

2 edits in trunk/Source/WebCore

Fix for non-unified builds after r286821 (245056@main)
https://bugs.webkit.org/show_bug.cgi?id=236129

Unreviewed, fixes missing header.

workers/shared/SharedWorkerScriptLoader.h:

Feb 3, 2022:

11:16 PM Changeset in webkit [289106] by Chris Lord

15 edits
5 adds in trunk/Source/WebCore

[GTK][WPE] Use dmabuf when possible to transfer ANGLE rendering to the compositor
https://bugs.webkit.org/show_bug.cgi?id=235946

Reviewed by Žan Doberšek.

Use dmabuf when available to transfer ANGLE WebGL rendering contents
to the compositor.

No new tests, no change in behaviour.

PlatformGTK.cmake:
PlatformWPE.cmake:
SourcesGTK.txt:
SourcesWPE.txt:
platform/TextureMapper.cmake:
platform/graphics/OpenGLShims.cpp:

(WebCore::initializeOpenGLShims):

platform/graphics/OpenGLShims.h:
platform/graphics/angle/GraphicsContextGLANGLE.cpp:

(WebCore::GraphicsContextGLANGLE::prepareTextureImpl):

platform/graphics/angle/GraphicsContextGLANGLE.h:
platform/graphics/egl/GLContextEGL.cpp:

(WebCore::GLContextEGL::GLContextEGL):
(WebCore::GLContextEGL::createImage const):
(WebCore::GLContextEGL::destroyImage const):

platform/graphics/egl/GLContextEGL.h:
platform/graphics/gbm/GBMDevice.cpp: Added.

(WebCore::threadSpecificDevice):
(WebCore::GBMDevice::get):
(WebCore::GBMDevice::GBMDevice):
(WebCore::GBMDevice::~GBMDevice):

platform/graphics/gbm/GBMDevice.h: Added.

(WebCore::GBMDevice::device const):

platform/graphics/nicosia/texmap/NicosiaGCGLANGLEPipe.cpp:

(Nicosia::GCGLANGLEPipeSource::swapBuffersIfNeeded):

platform/graphics/texmap/GraphicsContextGLTextureMapperANGLE.cpp:

(WebCore::GraphicsContextGLANGLE::GraphicsContextGLANGLE):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::EGLImageBacking):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::~EGLImageBacking):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::format const):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::stride const):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::releaseResources):
(WebCore::GraphicsContextGLANGLE::EGLImageBacking::reset):
(WebCore::GraphicsContextGLANGLE::~GraphicsContextGLANGLE):
(WebCore::GraphicsContextGLANGLE::reshapeDisplayBufferBacking):

platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:

(WebCore::TextureMapperPlatformLayerBuffer::textureVariant const):
(WebCore::TextureMapperPlatformLayerBuffer::size const):
(WebCore::TextureMapperPlatformLayerBuffer::textureVariant): Deleted.

platform/graphics/texmap/TextureMapperPlatformLayerDmabuf.cpp: Added.

(WebCore::createFourCC):
(WebCore::fourCCToGLFormat):
(WebCore::formatHasAlpha):
(WebCore::TextureMapperPlatformLayerDmabuf::TextureMapperPlatformLayerDmabuf):
(WebCore::m_fd):
(WebCore::TextureMapperPlatformLayerDmabuf::~TextureMapperPlatformLayerDmabuf):
(WebCore::TextureMapperPlatformLayerDmabuf::validateTexture):
(WebCore::TextureMapperPlatformLayerDmabuf::paintToTextureMapper):
(WebCore::TextureMapperPlatformLayerDmabuf::clone):

platform/graphics/texmap/TextureMapperPlatformLayerDmabuf.h: Added.

10:58 PM Changeset in webkit [289105] by jonlee@apple.com

16 edits in trunk/LayoutTests/imported/w3c

Pull selective WPT tests in preparation of https://bugs.webkit.org/show_bug.cgi?id=235685

These remove the empty <meta name="flags">.

web-platform-tests/css/css-flexbox/align-content-001.htm:
web-platform-tests/css/css-flexbox/align-content-002.htm:
web-platform-tests/css/css-flexbox/align-content-003.htm:
web-platform-tests/css/css-flexbox/align-content-004.htm:
web-platform-tests/css/css-flexbox/align-content-005.htm:
web-platform-tests/css/css-flexbox/align-items-001.htm:
web-platform-tests/css/css-flexbox/align-items-002.htm:
web-platform-tests/css/css-flexbox/align-items-003.htm:
web-platform-tests/css/css-text/white-space/white-space-intrinsic-size-017.html:
web-platform-tests/css/css-text/white-space/white-space-intrinsic-size-018.html:
web-platform-tests/css/css-values/angle-units-002.html:
web-platform-tests/css/css-values/angle-units-003.html:
web-platform-tests/css/css-values/angle-units-004.html:
web-platform-tests/css/css-values/angle-units-005.html:

Convert tabs to spaces.

web-platform-tests/css/css-variables/vars-background-shorthand-001.html:

10:37 PM Changeset in webkit [289104] by rniwa@webkit.org

14 edits in trunk/Source

Delete SelectionAcrossShadowBoundariesEnabled
https://bugs.webkit.org/show_bug.cgi?id=235993

Reviewed by Darin Adler.

Source/WebCore:

Delete this runtime flag which has always been enabled for a while.

editing/Editor.cpp:

(WebCore::Editor::selectedText const):
(WebCore::Editor::selectedTextForDataTransfer const):

editing/VisibleSelection.cpp:

(WebCore::VisibleSelection::adjustSelectionToAvoidCrossingShadowBoundaries):

editing/cocoa/EditorCocoa.mm:

(WebCore::Editor::selectionInHTMLFormat):

editing/gtk/EditorGtk.cpp:

(WebCore::Editor::writeSelectionToPasteboard):

editing/libwpe/EditorLibWPE.cpp:

(WebCore::Editor::writeSelectionToPasteboard):

editing/mac/EditorMac.mm:

(WebCore::Editor::writeImageToPasteboard):

loader/archive/cf/LegacyWebArchive.cpp:

(WebCore::LegacyWebArchive::createFromSelection):

Source/WebKitLegacy/mac:

WebView/WebPreferenceKeysPrivate.h:
WebView/WebPreferences.mm:

(-[WebPreferences keygenElementEnabled]):
(-[WebPreferences selectionAcrossShadowBoundariesEnabled]):
(-[WebPreferences setSelectionAcrossShadowBoundariesEnabled:]):
(-[WebPreferences isXSSAuditorEnabled]):

WebView/WebPreferencesPrivate.h:

Source/WTF:

Scripts/Preferences/WebPreferencesInternal.yaml:

10:35 PM Changeset in webkit [289103] by Megan Gardner

4 edits in trunk/Source/WebKit

Plumb pointer type though native to web events.
https://bugs.webkit.org/show_bug.cgi?id=236118

Reviewed by Tim Horton.

Shared/NativeWebMouseEvent.h:
Shared/ios/NativeWebMouseEventIOS.mm:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

UIProcess/ios/WKMouseGestureRecognizer.mm:

(-[WKMouseGestureRecognizer createMouseEventWithType:wasCancelled:]):

7:13 PM Changeset in webkit [289102] by Megan Gardner

2 edits in trunk/Source/WebCore

Add pen type for HitTestRequest.
https://bugs.webkit.org/show_bug.cgi?id=236112

Reviewed by Tim Horton.

rendering/HitTestRequest.h:

(WebCore::HitTestRequest::mouseEvent const):
(WebCore::HitTestRequest::penEvent const):

6:53 PM Changeset in webkit [289101] by mmaxfield@apple.com

5 edits
7 adds in trunk

Two bopomofo tone marks are not moved to the correct place in vertical text with a particular bopomofo font
https://bugs.webkit.org/show_bug.cgi?id=235257
<rdar://problem/87625596>

Reviewed by Darin Adler.

Thank you so much to Bobby Tung and But Ko for reporting this bug and providing a test font for it!!!

metadata/contributors.json:

Source/WebCore:

Turns out one of our character data tables was missing some characters.

I really dislike these kinds of fixes, because it's just perpetuating the fact that WebKit has big tables of characters
in its source code. A long-term fix would be a systemic replacement of this entire table with either Unicode property
lookup, or more ideally, removing the need for it in the first place. Unfortunately, at this point in the release cycle,
this fix probably needs to be smaller and more targetted.

Tests: fast/text/bopomofo-tone-marks-2.html

fast/text/bopomofo-tone-marks.html

platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::isCJKIdeographOrSymbol):

LayoutTests:

This can't be a WPT test because we only have permission to add the test font to the WebKit repository.

Thank you so much to Bobby Tung and But Ko for reporting this bug and providing a test font for it!!!

fast/text/bopomofo-tone-marks-2-expected-mismatch.html: Added.
fast/text/bopomofo-tone-marks-2.html: Added.
fast/text/bopomofo-tone-marks-expected-mismatch.html: Added.
fast/text/bopomofo-tone-marks.html: Added.
fast/text/resources/BopomofoGposSubset-Regular/BopomofoGposSubset-Regular.ttf: Added.
fast/text/resources/BopomofoGposSubset-Regular/LICENSE: Added.

6:45 PM Changeset in webkit [289100] by Wenson Hsieh

12 edits in trunk/Source

Teach VideoFullscreenInterface to keep track of its corresponding MediaPlayer's MediaPlayerIdentifier
https://bugs.webkit.org/show_bug.cgi?id=236090

Reviewed by Eric Carlson.

Source/WebCore:

Add plumbing for an optional MediaPlayerIdentifier through the video fullscreen model. This identifier is
invalidated upon loadstart, and updated once we observe loadedmetadata, which ensures that if the media
engine (and media player) changes out from underneath the video fullscreen model, we still keep the new player
ID up to date.

See WebKit/ChangeLog for more details.

platform/cocoa/VideoFullscreenModel.h:

(WebCore::VideoFullscreenModelClient::setPlayerIdentifier):

platform/cocoa/VideoFullscreenModelVideoElement.h:
platform/cocoa/VideoFullscreenModelVideoElement.mm:

(WebCore::VideoFullscreenModelVideoElement::updateForEventName):
(WebCore::VideoFullscreenModelVideoElement::observedEventNames):

Additionally listen for loadstartEvent and loadedmetadataEvent (see above).

(WebCore::VideoFullscreenModelVideoElement::setPlayerIdentifier):

platform/ios/VideoFullscreenInterfaceAVKit.h:
platform/mac/VideoFullscreenInterfaceMac.h:

(WebCore::VideoFullscreenInterfaceMac::playerIdentifier const):

Source/WebKit:

Add an IPC message between VideoFullscreenManager and VideoFullscreenManagerProxy to update the media player ID
corresponding to a given PlaybackSessionContextIdentifier. This is sent if the underlying media player changes
(and subsequently fires loadstart and loadedmetadata events), and also sent upon entering fullscreen video.

In a future patch, this mechanism will be used to teach VideoFullscreenManagerProxy to grab an image bitmap from
the GPU process for a given PlaybackSessionContextIdentifier.

UIProcess/Cocoa/VideoFullscreenManagerProxy.h:
UIProcess/Cocoa/VideoFullscreenManagerProxy.messages.in:
UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:

(WebKit::VideoFullscreenManagerProxy::setPlayerIdentifier):

WebProcess/cocoa/VideoFullscreenManager.h:
WebProcess/cocoa/VideoFullscreenManager.mm:

(WebKit::VideoFullscreenInterfaceContext::setPlayerIdentifier):
(WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement):
(WebKit::VideoFullscreenManager::setPlayerIdentifier):

6:26 PM Changeset in webkit [289099] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Unreviewed, reverting r289096.
https://bugs.webkit.org/show_bug.cgi?id=236114

will break build

Reverted changeset:

"[WebAuthn] Remove misspelled constant
"LocalAuthenticatiorAccessGroup""
https://bugs.webkit.org/show_bug.cgi?id=235894
https://commits.webkit.org/r289096

6:24 PM Changeset in webkit [289098] by Alan Bujtas

6 edits
2 adds in trunk

[RenderTreeBuilder] Clean up column spanners when style change affects containing block
https://bugs.webkit.org/show_bug.cgi?id=236042
<rdar://83975391>

Reviewed by Antti Koivisto.

Source/WebCore:

In addition to removing the leftover spanners after style change, this patch also expands on the type of style changes that may affect the subtree state inside a multicolumn flow.

Test: fast/multicol/leftover-spanner-on-style-change-crash.html

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::styleDidChange):

rendering/RenderElement.cpp:

(WebCore::RenderElement::setStyle):
(WebCore::RenderElement::adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded):

rendering/RenderElement.h:
rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::normalizeTreeAfterStyleChange):

LayoutTests:

fast/multicol/leftover-spanner-on-style-change-crash-expected.txt: Added.
fast/multicol/leftover-spanner-on-style-change-crash.html: Added.

6:22 PM Changeset in webkit [289097] by Tyler Wilcock

3 edits in trunk/Source/WebCore

AXIsolatedTree::updateChildren removes subtrees that should instead be moved
https://bugs.webkit.org/show_bug.cgi?id=236057

Reviewed by Andres Gonzalez.

In AXIsolatedTree::updateChildren, we can sometimes remove subtrees from the nodemap that are
queued to be added somewhere else in the tree. Specifically, this can happen when:

Object 123 is considered to be a new child based on the live AX tree, and we collect node changes for it.
Object 123 is currently a member of a subtree of some other object in oldChildrenIDs.
Because of 2, Object 123 is removed from the node map in removeSubtreeFromNodeMap
We try to queue the addition of this node somewhere in tree in queueChange, but ASSERT because Object 123 is not in the nodemap anymore.

This causes us to hit ASSERT(m_nodeMap.contains(objectID) in AXIsolatedTree::queueChange(const NodeChange&).

This patch fixes this problem by keeping track of the IDs we are queuing for addition
to the tree and making sure we don't remove those IDs.

accessibility/isolatedtree/AXIsolatedTree.cpp:

(WebCore::AXIsolatedTree::queueChange):
(WebCore::AXIsolatedTree::collectNodeChangesForSubtree):
(WebCore::AXIsolatedTree::nodeAncestryChanges):
Keep track of IDs we are queueing changes for.
(WebCore::AXIsolatedTree::updateChildren):
Keep track of IDs we are queueing changes for and don't remove them,
even if they are part of oldChildrenIDs.
(WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):

accessibility/isolatedtree/AXIsolatedTree.h:

(WebCore::AXIsolatedTree::removeSubtreeFromNodeMap):
Accept another paramter listing IDs to keep.
(WebCore::AXIsolatedTree::collectNodeChangesForSubtree):
Keep track of IDs we are queueing changes for.

6:09 PM Changeset in webkit [289096] by J Pascoe

2 edits in trunk/Source/WebCore

[WebAuthn] Remove misspelled constant "LocalAuthenticatiorAccessGroup"
https://bugs.webkit.org/show_bug.cgi?id=235894
rdar://88104045

Reviewed by Darin Adler.

This change removes a constant with a misspelled variable name after all
downstream usage is removed.

Modules/webauthn/WebAuthenticationConstants.h:

5:41 PM Changeset in webkit [289095] by Russell Epstein

1 copy in tags/Safari-613.1.14.5.8

Tag Safari-613.1.14.5.8.

5:40 PM Changeset in webkit [289094] by Russell Epstein

20 edits in branches/safari-613.1.14.5-branch/Source

Cherry-pick r289091. rdar://problem/88387438

WebKit projects have incorrect install name for the frameworks for Catalyst builds with the system content path
https://bugs.webkit.org/show_bug.cgi?id=236105

Reviewed by Saam Barati.

Source/JavaScriptCore:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to use JAVASCRIPTCORE_FRAMEWORKS_DIR, which doesn't have the
system content path prefix.

Configurations/JavaScriptCore.xcconfig:

Source/ThirdParty/ANGLE:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to not use the system content path prefix.

Configurations/ANGLE-dynamic.xcconfig:

Source/ThirdParty/libwebrtc:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to not use the system content path prefix.

Configurations/libwebrtc.xcconfig:

Source/WebCore:

Added WK_USE_ALTERNATE_FRAMEWORKS_DIR based computation to the WEBCORE_FRAMEWORKS_DIR production.
This allowed the simplification of NORMAL_PRODUCTION_FRAMEWORKS_DIR.
Changed DYLIB_INSTALL_NAME_BASE_PLATFORM for Catalyst builds to use WEBCORE_FRAMEWORKS_DIR.

Configurations/WebCore.xcconfig:

Source/WebKit:

Refactored build variable computation so that WEBKIT_FRAMEWORKS_DIR doesn't have the system content path
prepended. This refactoring includes:

Created INSTALL_PATH_PREFIX to have the system content path when in use.
Changed WEBKIT_FRAMEWORKS_DIR computation to eliminate the inclusion the SYSTEM_CONTENT_PATH.
Added INSTALL_PATH_PREFIX to the various INSTALL_PATH computations.
Changed the various DYLIB_INSTALL_NAME_BASE computations for Catalyst builds to use WEBKIT_FRAMEWORKS_DIR.

Configurations/Base.xcconfig:
Configurations/BaseTarget.xcconfig:
Configurations/BaseXPCService.xcconfig:
Configurations/Shim.xcconfig:
Configurations/WebKit.xcconfig:
Configurations/WebKitSwift.xcconfig:
Configurations/adattributiond.xcconfig:
Configurations/webpushd.xcconfig:

Source/WebKitLegacy/mac:

Refactored build variable computation so that WEBKIT_LEGACY_FRAMEWORKS_DIR doesn't have the system content path
prepended. This refactoring includes:

Created INSTALL_PATH_PREFIX to have the system content path when in use.
Changed WEBKIT_LEGACY_FRAMEWORKS_DIR computation to eliminate the inclusion the SYSTEM_CONTENT_PATH.
Reworked INSTALL_PATH to use INSTALL_PATH_PREFIX in the main productions instead of each of variants.
Changed DYLIB_INSTALL_NAME_BASE computation for Catalyst builds to use WEBKIT_LEGACY_FRAMEWORKS_DIR.

Configurations/Base.xcconfig:
Configurations/WebKitLegacy.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5:32 PM Changeset in webkit [289093] by Elliott Williams

7 edits in trunk/Tools

[XCBuild] Add headers-only dependencies to projects in Tools/
https://bugs.webkit.org/show_bug.cgi?id=235751

Reviewed by Alexey Proskuryakov.

Many projects in Tools/ depend on WebKit.framework or other products which are upstream in
the build graph. In Make-based sequential builds, WebKit and friends would always build
before Tools; in workspaces, the targets may build in any order.

Add "product dependencies" build phases to targets which do not express
their dependencies through linker options, in the same manner as
https://commits.webkit.org/246026@main.

The legacy build system doesn't understand the "Product Dependencies" phase and thinks we're
trying to copy our own build products, so add an EXCLUDED_SOURCE_FILE_NAMES setting as a
workaround.

DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj: Add product dependencies.
DumpRenderTree/mac/Configurations/Base.xcconfig: Add WK_WHICH_BUILD_SYSTEM.
DumpRenderTree/mac/Configurations/DumpRenderTreeLibrary.xcconfig: Legacy support.
TestWebKitAPI/Configurations/Base.xcconfig: Legacy support.
TestWebKitAPI/Configurations/TestWTFLibrary.xcconfig: Add WK_WHICH_BUILD_SYSTEM.
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add product dependencies.

5:27 PM Changeset in webkit [289092] by Russell Epstein

9 edits in branches/safari-613.1.14.5-branch/Source

Versioning.

WebKit-7613.1.14.5.8

5:16 PM Changeset in webkit [289091] by msaboff@apple.com

20 edits in trunk/Source

WebKit projects have incorrect install name for the frameworks for Catalyst builds with the system content path
https://bugs.webkit.org/show_bug.cgi?id=236105

Reviewed by Saam Barati.

Source/JavaScriptCore:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to use JAVASCRIPTCORE_FRAMEWORKS_DIR, which doesn't have the
system content path prefix.

Configurations/JavaScriptCore.xcconfig:

Source/ThirdParty/ANGLE:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to not use the system content path prefix.

Configurations/ANGLE-dynamic.xcconfig:

Source/ThirdParty/libwebrtc:

Updated DYLIB_INSTALL_NAME_BASE for Catalyst builds to not use the system content path prefix.

Configurations/libwebrtc.xcconfig:

Source/WebCore:

Added WK_USE_ALTERNATE_FRAMEWORKS_DIR based computation to the WEBCORE_FRAMEWORKS_DIR production.
This allowed the simplification of NORMAL_PRODUCTION_FRAMEWORKS_DIR.
Changed DYLIB_INSTALL_NAME_BASE_PLATFORM for Catalyst builds to use WEBCORE_FRAMEWORKS_DIR.

Configurations/WebCore.xcconfig:

Source/WebKit:

Refactored build variable computation so that WEBKIT_FRAMEWORKS_DIR doesn't have the system content path
prepended. This refactoring includes:

Created INSTALL_PATH_PREFIX to have the system content path when in use.
Changed WEBKIT_FRAMEWORKS_DIR computation to eliminate the inclusion the SYSTEM_CONTENT_PATH.
Added INSTALL_PATH_PREFIX to the various INSTALL_PATH computations.
Changed the various DYLIB_INSTALL_NAME_BASE computations for Catalyst builds to use WEBKIT_FRAMEWORKS_DIR.

Configurations/Base.xcconfig:
Configurations/BaseTarget.xcconfig:
Configurations/BaseXPCService.xcconfig:
Configurations/Shim.xcconfig:
Configurations/WebKit.xcconfig:
Configurations/WebKitSwift.xcconfig:
Configurations/adattributiond.xcconfig:
Configurations/webpushd.xcconfig:

Source/WebKitLegacy/mac:

Refactored build variable computation so that WEBKIT_LEGACY_FRAMEWORKS_DIR doesn't have the system content path
prepended. This refactoring includes:

Created INSTALL_PATH_PREFIX to have the system content path when in use.
Changed WEBKIT_LEGACY_FRAMEWORKS_DIR computation to eliminate the inclusion the SYSTEM_CONTENT_PATH.
Reworked INSTALL_PATH to use INSTALL_PATH_PREFIX in the main productions instead of each of variants.
Changed DYLIB_INSTALL_NAME_BASE computation for Catalyst builds to use WEBKIT_LEGACY_FRAMEWORKS_DIR.

Configurations/Base.xcconfig:
Configurations/WebKitLegacy.xcconfig:

5:06 PM Changeset in webkit [289090] by Wenson Hsieh

9 edits
1 move in trunk/Source/WebKit

Add plumbing to inform WebPageProxy when videos play, pause, seek, and enter or exit fullscreen
https://bugs.webkit.org/show_bug.cgi?id=236083

Reviewed by Eric Carlson.

Add several methods on WebPageProxy which are called from both VideoFullscreenManagerProxy as well as
PlaybackSessionManagerProxy; in future patches, these will be used to detect when a fullscreen video has been
paused for at least 250 ms, and call out to the page client to perform "video frame extraction".

No change in behavior (yet).

Shared/Cocoa/PlaybackSessionContextIdentifier.h: Renamed from Source/WebKit/WebProcess/cocoa/PlaybackSessionContextIdentifier.h.

Move this from Source/WebKit/WebProcess/cocoa to Shared/Cocoa. This enum type is passed around in media code in
both the UI and web processes, so it should be in the Shared folder instead of the WebProcess folder.

UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:

(WebKit::PlaybackSessionManagerProxy::currentTimeChanged):
(WebKit::PlaybackSessionManagerProxy::rateChanged):
(WebKit::PlaybackSessionManagerProxy::isPaused const):

Add a helper method to return whether or not the session for a given PlaybackSessionContextIdentifier is paused
(that is, neither playing nor stalled).

UIProcess/Cocoa/VideoFullscreenManagerProxy.h:

Drive-by fix: remove an unused member variable.

UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:

(WebKit::VideoFullscreenManagerProxy::didExitFullscreen):
(WebKit::VideoFullscreenManagerProxy::didEnterFullscreen):

Add another version of these methods that includes the session context ID as an argument.

UIProcess/Cocoa/WebPageProxyCocoa.mm:

(WebKit::WebPageProxy::didChangePlaybackRate):
(WebKit::WebPageProxy::didChangeCurrentTime):
(WebKit::WebPageProxy::updateFullscreenVideoExtraction):
(WebKit::WebPageProxy::fullscreenVideoExtractionTimerFired):

UIProcess/WebPageProxy.cpp:

(WebKit::m_fullscreenVideoExtractionTimer):
(WebKit::WebPageProxy::didEnterFullscreen):
(WebKit::WebPageProxy::didExitFullscreen):
(WebKit::WebPageProxy::resetStateAfterProcessExited):
(WebKit::m_notificationManagerMessageHandler): Deleted.

UIProcess/WebPageProxy.h:
WebKit.xcodeproj/project.pbxproj:

4:35 PM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

4:22 PM Changeset in webkit [289089] by Jonathan Bedard

3 edits in trunk/Tools

[EWS] Rename RunJSCTestsWithoutPatch
https://bugs.webkit.org/show_bug.cgi?id=236106
<rdar://problem/88457767>

Reviewed by Alexey Proskuryakov.

Tools/CISupport/ews-build/steps.py:

(RunJavaScriptCoreTests.evaluateCommand):
(RunJSCTestsWithoutChange): Renamed from RunJSCTestsWithoutPatch.
(RunJSCTestsWithoutPatch): Renamed to RunJSCTestsWithoutChange.

Tools/CISupport/ews-build/steps_unittest.py:

Canonical link: https://commits.webkit.org/246789@main

3:47 PM Changeset in webkit [289088] by Adrian Perez de Castro

26 edits in releases/WebKitGTK/webkit-2.34

Merge r286094 - Report the initiating url instead of the redirected one
https://bugs.webkit.org/show_bug.cgi?id=233037

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2021-11-20
Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

web-platform-tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub-expected.txt:

Source/WebCore:

As per the spec, blockedURI should use the requested URL of original request instead of redirected location.

loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):

loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
(WebCore::CachedResourceLoader::canRequestAfterRedirection const):
(WebCore::CachedResourceLoader::updateRequestAfterRedirection):

loader/cache/CachedResourceLoader.h:
page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::allowChildContextFromSource const):
(WebCore::ContentSecurityPolicy::allowScriptFromSource const):
(WebCore::ContentSecurityPolicy::allowImageFromSource const):
(WebCore::ContentSecurityPolicy::allowStyleFromSource const):
(WebCore::ContentSecurityPolicy::allowFontFromSource const):
(WebCore::ContentSecurityPolicy::allowManifestFromSource const):
(WebCore::ContentSecurityPolicy::allowMediaFromSource const):

page/csp/ContentSecurityPolicy.h:

Source/WebKit:

Pass pre-redirect URL to allowChildContextFromSource() and allowScriptFromSource().

NetworkProcess/NetworkLoadChecker.cpp:

(WebKit::NetworkLoadChecker::isAllowedByContentSecurityPolicy):

LayoutTests:

TestExpectations: Unskip imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html
http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/audio-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/font-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/image-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/script-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/track-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/video-redirect-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/xsl-redirect-blocked-expected.txt:

3:46 PM Changeset in webkit [289087] by Adrian Perez de Castro

8 edits
2 adds in releases/WebKitGTK/webkit-2.34

Merge r285320 - Form action with a redirect should report correct blocked URI
https://bugs.webkit.org/show_bug.cgi?id=232660
<rdar://problem/84969024>

Patch by Kate Cheney <Kate Cheney> on 2021-11-04
Reviewed by Brent Fulgham.

Source/WebCore:

We currently report the blocked URI as the target of a redirect, per
the spec it should actually be the initiating url.

Test: http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::willSendRequest):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::checkIfFormActionAllowedByCSP const):

loader/FrameLoader.h:
page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::allowResourceFromSource const):
(WebCore::ContentSecurityPolicy::allowFormAction const):

page/csp/ContentSecurityPolicy.h:

LayoutTests:

http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri-expected.txt: Added.
http/tests/security/contentSecurityPolicy/form-action-redirect-with-correct-blocked-uri.html: Added.
http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:

Update console logging to report the correct URL.

3:45 PM Changeset in webkit [289086] by jonlee@apple.com

2 edits in trunk/LayoutTests

Unreviewed gardening.

gpu-process/TestExpectations: Tests are no longer crashing.

3:27 PM Changeset in webkit [289085] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

[JSC] MultiDeleteByOffset should not define value
https://bugs.webkit.org/show_bug.cgi?id=236103

Reviewed by Saam Barati.

MultiDeleteByOffset should not define any values in clobberizing.

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

3:21 PM Changeset in webkit [289084] by Elliott Williams

2 edits in trunk

Add Elliott Williams to contributors.json

3:14 PM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

3:14 PM Changeset in webkit [289083] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebKit

Merge r288809 - REGRESSION(r288644): [GTK4] Criticals when using pinch zoom
https://bugs.webkit.org/show_bug.cgi?id=235883

Reviewed by Carlos Garcia Campos.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseZoomBegin):
Only cancel the click gesture on GTK3. We don't use g_object_set_data() on GTK4.

3:13 PM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

3:13 PM Changeset in webkit [289082] by Adrian Perez de Castro

2 edits in releases/WebKitGTK/webkit-2.34/Source/WebKit

Merge r288644 - [GTK3] Pinch zooming from a link activates it
https://bugs.webkit.org/show_bug.cgi?id=235639

Reviewed by Carlos Garcia Campos.

Turns out gestures behave differently between GTK3 and 4. On GTK4 it works
fine, but on GTK3 starting a pinch zoom triggers the multipress gesture
when one finger is down, and completes it when the second finger is down.

This results in a bogus click, with no way to prevent it as it happens
before any of the zoom callbacks are called. Since we can't know if there
will be a zoom afterwards or not, we can't do anything about it.

However, what we can do is reorder these gestures. In GTK3 the order the
gestures are processed in depends on which order they were created in.

At that point, there's a problem with the fact the gestures are grouped.
Grouping means that these 2 gestures are triggered at the same time. While
somehow the press gesture is still triggered without grouping with the
original order, they become properly decoupled in reverse order and
ungrouped.

At that point, we can safely cancel the press gesture when the zoom gesture
starts, and fix the issue.

This seems to still work fine for GTK4.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseZoomBegin):
(webkitWebViewBaseConstructed):

3:09 PM Changeset in webkit [289081] by sihui_liu@apple.com

5 edits in trunk/Source

Delay writing origin file in NetworkStorageManager
https://bugs.webkit.org/show_bug.cgi?id=235897
rdar://87163253

Reviewed by Geoffrey Garen.

Revert r288924 that delays writing origin file to when OriginStorageManager is destroyed, and take a different
approach that schedules a async task to write origin file. PLT results show that the new approach can also make
up for PLT regresion caused by r286936, where network process started to write origin file before replying sync
storage message from web process.

NetworkProcess/storage/NetworkStorageManager.cpp:

(WebKit::NetworkStorageManager::localOriginStorageManager):

NetworkProcess/storage/OriginStorageManager.cpp:

(WebKit::OriginStorageManager::OriginStorageManager):
(WebKit::OriginStorageManager::~OriginStorageManager): Deleted.

NetworkProcess/storage/OriginStorageManager.h:

3:09 PM WebKitGTK/2.34.x edited by Adrian Perez de Castro

(diff)

2:27 PM Changeset in webkit [289080] by Adrian Perez de Castro

9 edits in releases/WebKitGTK/webkit-2.34

Merge r288609 - [GTK] REGRESSION: Touch scrolling is broken
https://bugs.webkit.org/show_bug.cgi?id=235436

Reviewed by Chris Lord.

Source/WebKit:

Remove webkitWebViewBaseSetWheelHasPreciseDeltas(), instead add a parameter
to webkitWebViewBaseSynthesizeWheelEvent() that specifies whether the event
should have precise deltas or not.

Correct the touch swipe velocity, since it won't get multiplied by
pixelsPerLineStep().

UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::navigationGestureDidBegin):

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseZoomBegin):
(webkitWebViewBaseTouchDragBegin):
(webkitWebViewBaseTouchDragUpdate):
(webkitWebViewBaseTouchSwipe):
(webkitWebViewBaseSynthesizeWheelEvent):
(webkitWebViewBaseSetWheelHasPreciseDeltas): Deleted.

UIProcess/API/gtk/WebKitWebViewBaseInternal.h:
UIProcess/API/gtk/WebKitWebViewBasePrivate.h:
UIProcess/Automation/gtk/WebAutomationSessionGtk.cpp:

(WebKit::WebAutomationSession::platformSimulateWheelInteraction):

Tools:

Stop using webkitWebViewBaseSetWheelHasPreciseDeltas(), instead pass the correct parameter into
webkitWebViewBaseSynthesizeWheelEvent().

WebKitTestRunner/EventSenderProxy.h:
WebKitTestRunner/gtk/EventSenderProxyGtk.cpp:

(WTR::EventSenderProxy::~EventSenderProxy):
(WTR::EventSenderProxy::mouseScrollBy):
(WTR::EventSenderProxy::continuousMouseScrollBy):
(WTR::EventSenderProxy::mouseScrollByWithWheelAndMomentumPhases):
(WTR::EventSenderProxy::setWheelHasPreciseDeltas):

2:27 PM Changeset in webkit [289079] by Adrian Perez de Castro

12 edits in releases/WebKitGTK/webkit-2.34

Merge r282952 - [GTK] Allow sending precise mouse wheel events in LayoutTests
https://bugs.webkit.org/show_bug.cgi?id=230541

Reviewed by Tim Horton.

Source/WebKit:

Add code to be able to send precise synthetic mouse-wheel events in GTK.

Shared/NativeWebWheelEvent.h:
Shared/gtk/NativeWebWheelEventGtk.cpp:

(WebKit::NativeWebWheelEvent::NativeWebWheelEvent):

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseSynthesizeWheelEvent):
(webkitWebViewBaseSetWheelHasPreciseDeltas):

UIProcess/API/gtk/WebKitWebViewBaseInternal.h:

Tools:

Add API to be able to send precise mouse-wheel events in EventSender.

WebKitTestRunner/EventSenderProxy.h:
WebKitTestRunner/InjectedBundle/Bindings/EventSendingController.idl:
WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::setWheelHasPreciseDeltas):

WebKitTestRunner/InjectedBundle/EventSendingController.h:
WebKitTestRunner/TestController.cpp:

(WTR::TestController::didReceiveMessageFromInjectedBundle):

WebKitTestRunner/gtk/EventSenderProxyGtk.cpp:

(WTR::toWebKitGLibAPI):
(WTR::EventSenderProxy::~EventSenderProxy):
(WTR::EventSenderProxy::setWheelHasPreciseDeltas):

2:12 PM Changeset in webkit [289078] by Ben Nham

2 edits in trunk/Source/WebCore

LocalStorage values should be 8-bit strings in memory if possible
https://bugs.webkit.org/show_bug.cgi?id=235484

Reviewed by Chris Dumez.

LocalStorage values are stored into a SQLite column as 16-bit strings and are deserialized
back into memory as 16-bit strings. To save memory, this makes it so that we deserialize the
string into an 8-bit string in memory if possible.

Estimated win of ~3MB on Membuster5.

platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::columnBlobAsString):

1:47 PM Changeset in webkit [289077] by Jonathan Bedard

15 edits
1 add in trunk

[git-webkit] Configure default branch management
https://bugs.webkit.org/show_bug.cgi?id=235378
<rdar://problem/87989533>

Reviewed by Dewei Zhu.

Tools/Scripts/libraries/webkitcorepy/setup.py: Bump version.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/init.py: Ditto.
Tools/Scripts/libraries/webkitcorepy/webkitcorepy/decorators.py:

(hybridmethod.get): Forward certain attributes, namely those used by Memoize.

Tools/Scripts/libraries/webkitscmpy/setup.py: Bump version.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/init.py: Ditto.
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/local/git.py:

(Git):
(Git.config): Add project config to fall back on.
(Git.url): Move memoize to config.
(Git.checkout): Clear Git.config, since that owns memoization.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/mocks/local/git.py:
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/pull_request.py:

(PullRequest.parser): Add --overwrite and --append flags.
(PullRequest.create_commit): Either amend an existing commit or create a new one,
depending on the repository settings and arguments passed.
(PullRequest.main): Only keep track of branch history if the user explicitly requests
it or we're using an overwrite workflow with a user owned fork. If repository settings
indicate such branches should never be created, return an error if the user attempts to do so.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/program/setup.py:

(Setup.git): Add project config to repository config, prompt the user about their prefered
history retention strategy if the project is using an overwrite workflow.
(Setup.parser): Use the project's default merge behavior.

Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/git_unittest.py:
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/pull_request_unittest.py:
Tools/Scripts/libraries/webkitscmpy/webkitscmpy/test/setup_unittest.py:

Canonical link: https://commits.webkit.org/246783@main

1:42 PM Changeset in webkit [289076] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove UnlinkedMetadataTable::offsetInMetadataTable since it is no longer used
https://bugs.webkit.org/show_bug.cgi?id=236063

Follow-up after Saam's comment.

bytecode/UnlinkedMetadataTable.h:

(JSC::UnlinkedMetadataTable::offsetInMetadataTable): Deleted.

1:34 PM Changeset in webkit [289075] by Ziran Sun

24 edits
2 copies in trunk

[Forms] Value doesn't change for stepUp()/stepDown() with out of range values
https://bugs.webkit.org/show_bug.cgi?id=235509

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/forms/the-input-element/input-stepdown-expected.txt:
web-platform-tests/html/semantics/forms/the-input-element/input-stepup-expected.txt:
web-platform-tests/html/semantics/forms/the-input-element/range-expected.txt:

Source/WebCore:

For input type number, WebKit throws "invalid state" Error when the value is greater than
max when calling stepUp() or less than min when calling stepDown(). According to section 10
in https://html.spec.whatwg.org/multipage/input.html#dom-input-stepup,
we should do "return", which indicates that value doesn't change.

html/InputType.cpp:

(WebCore::InputType::applyStep):

LayoutTests:

Update expectation files.

fast/forms/date/date-stepup-stepdown-expected.txt:
fast/forms/date/date-stepup-stepdown.html:
fast/forms/datetimelocal/datetimelocal-stepup-stepdown-expected.txt:
fast/forms/datetimelocal/datetimelocal-stepup-stepdown.html:
fast/forms/month/month-stepup-stepdown-expected.txt:
fast/forms/month/month-stepup-stepdown.html:
fast/forms/number/number-stepup-stepdown-expected.txt:
fast/forms/number/number-stepup-stepdown.html:
fast/forms/range/range-stepup-stepdown-expected.txt:
fast/forms/range/range-stepup-stepdown.html:
fast/forms/time/time-stepup-stepdown-expected.txt:
fast/forms/time/time-stepup-stepdown.html:
fast/forms/week/week-stepup-stepdown-expected.txt:
fast/forms/week/week-stepup-stepdown.html:
platform/gtk/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/time-expected.txt:
platform/ios-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/time-expected.txt:
platform/mac-wk1/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/input-stepdown-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/input-stepdown-expected.txt.
platform/mac-wk1/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/input-stepup-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/input-stepup-expected.txt.
platform/mac-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/time-expected.txt:

1:32 PM Changeset in webkit [289074] by Nikos Mouchtaris

15 edits
8 adds in trunk

Implement CSS overscroll-behavior for synchronous scroll
https://bugs.webkit.org/show_bug.cgi?id=222968

Reviewed by Simon Fraser.

Source/WebCore:

Tests: fast/scrolling/sync-scroll-overscroll-behavior-element.html

fast/scrolling/sync-scroll-overscroll-behavior-iframe.html
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-element.html
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-iframe.html

Split up patch by Cathie Chen and Frederic Wang. Add function for blocking scroll chaining
and filtering scroll delta depending on the values of overscroll behavior for a scrollable
area. This patch is for synchronous scrolling only.

page/EventHandler.cpp:

(WebCore::EventHandler::handleWheelEventInternal):
(WebCore::scrollViaNonPlatformEvent):
(WebCore::EventHandler::handleWheelEventInAppropriateEnclosingBox):
(WebCore::EventHandler::scrollableAreaCanHandleEvent):

page/EventHandler.h:
page/mac/EventHandlerMac.mm:

(WebCore::findEnclosingScrollableContainer):

page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::eventForPropagation const):

platform/ScrollableArea.cpp:

(WebCore::ScrollableArea::deltaForPropagation const):
(WebCore::ScrollableArea::shouldBlockScrollPropagation const):

platform/ScrollableArea.h:

(WebCore::ScrollableArea::horizontalOverscrollBehaviorPreventsPropagation const):
(WebCore::ScrollableArea::verticalOverscrollBehaviorPreventsPropagation const):

platform/ScrollingEffectsController.h:
platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::allowsVerticalStretching const):
(WebCore::ScrollAnimatorMac::allowsHorizontalStretching const):

platform/mac/ScrollingEffectsController.mm:

(WebCore::ScrollingEffectsController::wheelDeltaBiasingTowardsVertical):

LayoutTests:

fast/scrolling/sync-scroll-overscroll-behavior-element-expected.txt: Added.
fast/scrolling/sync-scroll-overscroll-behavior-element.html: Added.
fast/scrolling/sync-scroll-overscroll-behavior-iframe-expected.txt: Added.
fast/scrolling/sync-scroll-overscroll-behavior-iframe.html: Added.
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-element-expected.txt: Added.
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-element.html: Added.
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-iframe-expected.txt: Added.
fast/scrolling/sync-scroll-overscroll-behavior-unscrollable-iframe.html: Added.
platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:

1:30 PM Changeset in webkit [289073] by Robert Jenner

6 edits
8 deletes in trunk

Unreviewed, reverting r288902.

Broke compile-webkit for iOS-15-Simulator

Reverted changeset:

"Import APSConnection-related SPI"
https://bugs.webkit.org/show_bug.cgi?id=235856
https://commits.webkit.org/r288902

1:23 PM Changeset in webkit [289072] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Add access to required syscalls
https://bugs.webkit.org/show_bug.cgi?id=236087
<rdar://problem/88439656>

Reviewed by Brent Fulgham.

Add access to required syscalls which are rarely used. This is based on recent telemetry.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

1:06 PM Changeset in webkit [289071] by commit-queue@webkit.org

5 edits
5 adds in trunk

ANGLE Metal and ANGLE OpenGL cannot be initialised one after the other
https://bugs.webkit.org/show_bug.cgi?id=236030

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-02-03
Reviewed by Dean Jackson.

Source/WebCore:

Test: webgl/pending/conformance2/misc/webgl2-after-webgl1-bug.html

Remove the power-preference specific native displays.
Add a native display for opengl, and use the default
one for Metal.

After the recent ANGLE roll, ANGLE uses (native display, power preference)
as the key to look up EGLDisplays.

platform/graphics/angle/GraphicsContextGLANGLE.cpp:

(WebCore::GraphicsContextGLANGLE::releaseThreadResources):

platform/graphics/angle/GraphicsContextGLANGLE.h:
platform/graphics/cocoa/GraphicsContextGLCocoa.mm:

(WebCore::initializeEGLDisplay):

LayoutTests:

webgl/pending/conformance2/misc/webgl2-after-webgl1-bug-expected.txt: Added.
webgl/pending/conformance2/misc/webgl2-after-webgl1-bug.html: Added.
webgl/resources/pending_webgl_test_files/conformance2/misc/webgl2-after-webgl1-bug.html: Added.

1:05 PM Changeset in webkit [289070] by Adrian Perez de Castro

9 edits in releases/WebKitGTK/webkit-2.34/Source/JavaScriptCore

Merge r287421 - Make DeferredWorkTimer::addPendingWork() return a Ticket.
https://bugs.webkit.org/show_bug.cgi?id=234628
rdar://84260429

Reviewed by Yusuke Suzuki.

Make Ticket a unique token instead of the JSObject* target object. The Ticket is now a pointer to the TicketData in the pending work list.

Instead of taking a Ticket argument, DeferredWorkTimer::addPendingWork() now takes a JSObject* target argument explicitly, and returns the Ticket for the added TicketData instead.

All the relevant DeferredWorkTimer APIS already take a Ticket as an argument.
This ensures that addPendingWork() is called before we start doing work with
these APIs (especially scheduleWorkSoon()).

Previously, addPendingWork() will only save one instance of TicketData for a given JSObject* key. With this patch, we'll register a new TicketData instance for every call to addPendingWork(), and return a unique Ticket for it.

This is needed because it may be possible for 2 different clients to call
addPendingWork() and scheduleWorkSoon() with the same target JSObject* but with
different sets of dependencies.

Secondly, even is the both sets of dependencies are identical, a client may
call addPendingWork() and scheduleWorkSoon() with the same JSObject* target
more than once because it intended to schedule more than 1 task to run.

Note that DeferredWorkTimer::doWork() consumes the corresponding TicketData
(i.e. removes it from the m_pendingTickets list) for each task as it is run.
To ensure that the dependencies for each task is protected, we'll either need
to ref count the TicketData for the same target object (and hold off on removing
it from the list), or we'll need to register a different TicketData instance
for each task. Ref counting can solve the second issue above, but does not
solve the first. So, this patch goes with the more generic solution to allow
each task to have its own TicketData instance (and, its own unique Ticket).

Previously, if the client cancels pending work, we would remove the TicketData immediately from the m_pendingTickets list. This opens up an opportunity for the same TicketData memory to be re-allocated by another client. This, in turn, would make the Ticket token not unique and potentially allow a cancelled ticket to be reused before DeferredWorkTimer::doWork() is called.

This patch changes DeferredWorkTimer::cancelPendingWork() to only clear the
contents of the TicketData instead. TicketData::scriptExecutionOwner being
null is used as an indication that the ticket has been cancelled. Since the
TicketData itself is not "freed" yet, all TicketData will remain unique until
DeferredWorkTimer::doWork().

Consequently, DeferredWorkTimer::doWork() will now check for cancelled tickets
and remove them from the m_pendingTickets list.

JSFinalizationRegistry was previously calling DeferredWorkTimer::hasPendingWork() to check if it has already scheduled a task, so as not to reschedule again until after the previously scheduled task has been run. This does not play nice with the new Ticket API, because this hasPendingWork() check needs to be done before calling addPendingWork(), and hence, the Ticket is not available yet.

Fortunately, JSFinalizationRegistry should know if it has already scheduled
a task itself. This patch adds a m_hasAlreadyScheduledWork flag to
JSFinalizationRegistry that can be used for this check instead.

jsc.cpp:

(JSC_DEFINE_HOST_FUNCTION):

runtime/DeferredWorkTimer.cpp:

(JSC::DeferredWorkTimer::TicketData::TicketData):
(JSC::DeferredWorkTimer::TicketData::vm):
(JSC::DeferredWorkTimer::TicketData::cancel):
(JSC::DeferredWorkTimer::doWork):
(JSC::DeferredWorkTimer::addPendingWork):
(JSC::DeferredWorkTimer::hasPendingWork):
(JSC::DeferredWorkTimer::hasDependancyInPendingWork):
(JSC::DeferredWorkTimer::cancelPendingWork):

runtime/DeferredWorkTimer.h:

(JSC::DeferredWorkTimer::TicketData::target):

runtime/JSFinalizationRegistry.cpp:

(JSC::JSFinalizationRegistry::finalizeUnconditionally):

runtime/JSFinalizationRegistry.h:
wasm/WasmStreamingCompiler.cpp:

(JSC::Wasm::StreamingCompiler::StreamingCompiler):
(JSC::Wasm::StreamingCompiler::~StreamingCompiler):
(JSC::Wasm::StreamingCompiler::didComplete):
(JSC::Wasm::StreamingCompiler::fail):
(JSC::Wasm::StreamingCompiler::cancel):

wasm/WasmStreamingCompiler.h:
wasm/js/JSWebAssembly.cpp:

(JSC::JSWebAssembly::webAssemblyModuleValidateAsync):
(JSC::instantiate):
(JSC::compileAndInstantiate):
(JSC::JSWebAssembly::webAssemblyModuleInstantinateAsync):

12:50 PM Changeset in webkit [289069] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Enable sandbox state rules for Mach messages
https://bugs.webkit.org/show_bug.cgi?id=236027
<rdar://problem/88387937>

Reviewed by Brent Fulgham.

After <rdar://85931614> has been fixed, we can enable sandbox state rules for Mach messages.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

12:29 PM Changeset in webkit [289068] by Patrick Griffis

2 edits in trunk/LayoutTests

[Win] Update expectations for failing CSP test
https://bugs.webkit.org/show_bug.cgi?id=236093

Unreviewed expectations update.

platform/win/TestExpectations:

12:15 PM Changeset in webkit [289067] by Fujii Hironori

2 edits in trunk/Tools

REGRESSION(r288878) webkitpy.layout_tests.controllers.layout_test_finder_legacy_unittest.LayoutTestFinderTests tests are failing with Windows Python
https://bugs.webkit.org/show_bug.cgi?id=236043

Reviewed by Jonathan Bedard.

Scripts/webkitpy/port/base.py:

(Port.relative_test_filename): Normalize filename with
TEST_PATH_SEPARATOR before comparing with layout_tests_dir().

11:59 AM Changeset in webkit [289066] by Mikhail R. Gadelha

2 edits in trunk/Source/bmalloc

Fix BSD compilation after r289056
https://bugs.webkit.org/show_bug.cgi?id=236086

Unreviewed, fixes missing header in BSD systems.

The include is moved up so it is included in both UNIX and BSD systems,
as adding the include in both #if triggers a code style warning (header
included twice), even though the includes are guarded.

bmalloc/AvailableMemory.cpp:

11:50 AM Changeset in webkit [289065] by Chris Dumez

4 edits in trunk/Source/WebKit

Rename NetworkConnectionToWebProcess::serverToContextConnectionNoLongerNeeded()
https://bugs.webkit.org/show_bug.cgi?id=236088

Reviewed by Darin Adler.

Rename NetworkConnectionToWebProcess::serverToContextConnectionNoLongerNeeded() to make it clear it is for the
service worker connection, to avoid confusing with the shared workers.

NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::serviceWorkerServerToContextConnectionNoLongerNeeded):
(WebKit::NetworkConnectionToWebProcess::serverToContextConnectionNoLongerNeeded): Deleted.

NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:

(WebKit::WebSWServerToContextConnection::connectionIsNoLongerNeeded):

11:46 AM Changeset in webkit [289064] by Nikita Vasilyev

3 edits in trunk/Source/WebInspectorUI

Web Inspector: [Flexbox] Add setting to guard Flexbox Inspector feature
https://bugs.webkit.org/show_bug.cgi?id=236091
<rdar://problem/88443529>

Reviewed by Patrick Angle.

UserInterface/Base/Setting.js:
UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createEngineeringSettingsView):

11:44 AM Changeset in webkit [289063] by Chris Dumez

10 edits
2 moves in trunk/Source/WebKit

Rename ServiceWorkerInitializationData / ServiceWorkerInformation so they can be reused by shared workers
https://bugs.webkit.org/show_bug.cgi?id=236089

Reviewed by Alex Christensen.

Shared/RemoteWorkerInitializationData.cpp: Renamed from Source/WebKit/Shared/ServiceWorkerInitializationData.cpp.

(WebKit::RemoteWorkerInitializationData::encode const):
(WebKit::RemoteWorkerInitializationData::decode):

Shared/RemoteWorkerInitializationData.h: Renamed from Source/WebKit/Shared/ServiceWorkerInitializationData.h.
Sources.txt:
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::enableServiceWorkers):

UIProcess/WebProcessProxy.h:

(WebKit::WebProcessProxy::hasServiceWorkerPageProxy):

WebKit.xcodeproj/project.pbxproj:
WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::WebSWContextManagerConnection::WebSWContextManagerConnection):

WebProcess/Storage/WebSWContextManagerConnection.h:
WebProcess/WebProcess.cpp:

(WebKit::WebProcess::establishServiceWorkerContextConnectionToNetworkProcess):

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:

11:18 AM Changeset in webkit [289062] by commit-queue@webkit.org

7 edits in trunk/Source

Crash at com.apple.WebKit: WebKit::RemoteLayerBackingStore::display
https://bugs.webkit.org/show_bug.cgi?id=236003
Source/WebCore:

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-02-03
Reviewed by Simon Fraser.

platform/graphics/GraphicsLayerContentsDisplayDelegate.h:

Add a comment not to call PlatformCALayer::setBackingStoreAttached()

platform/graphics/cocoa/WebProcessGraphicsContextGLCocoa.mm:

Clear the PlatformCALayer contents in more explicit way.

Source/WebKit:

<rdar://87617695>

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2022-02-03
Reviewed by Simon Fraser.

Using UI-side compositing, following chain would be the cause a crash:
PlatformCALayerRemote::recursiveBuildTransaction
RemoteLayerBackingStore::display
PlatformCALayer::platformCALayerLayerDisplay
WebProcessGraphicsContextGLCocoa.mm DisplayBufferDisplayDelegate::display
PlatformCALayer::setContents(nullptr)

The nullptr contents happens when the WebGL context does not have
display buffer yet or when the display buffer creation would fail.

Setting empty layer contents would destroy the RemoteLayerBackingStore,
even though the callstack is in process of displaying the layer to the
backing store.

When setting PlatformCALayer contents "empty", clear the backing store instead
of removing the backing store.

Tested by LayoutTests/webgl (under ASAN, ios simulator)

Shared/RemoteLayerTree/RemoteLayerBackingStore.h:
WebProcess/GPU/graphics/cocoa/RemoteGraphicsContextGLProxyCocoa.mm:
WebProcess/WebPage/RemoteLayerTree/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::setContents):

11:01 AM Changeset in webkit [289061] by Chris Dumez

7 edits in trunk/Source

Move and rename ServiceWorkerThreadProxy::setupPageForServiceWorker()
https://bugs.webkit.org/show_bug.cgi?id=236085

Reviewed by Darin Adler.

Move and rename ServiceWorkerThreadProxy::setupPageForServiceWorker() so that it can be reused for shared workers.

Source/WebCore:

page/Page.cpp:

(WebCore::Page::setupForRemoteWorker):

page/Page.h:
workers/service/context/ServiceWorkerThreadProxy.cpp:

(WebCore::ServiceWorkerThreadProxy::setupPageForServiceWorker): Deleted.

workers/service/context/ServiceWorkerThreadProxy.h:

Source/WebKit:

WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::WebSWContextManagerConnection::installServiceWorker):

10:46 AM Changeset in webkit [289060] by ntim@apple.com

3 edits
2 adds in trunk

null ptr deref in RenderTreeBuilder::Block::attachIgnoringContinuation
https://bugs.webkit.org/show_bug.cgi?id=234170

Patch by Frédéric Wang <fwang@igalia.com> on 2022-02-03
Reviewed by Antti Koivisto.

Source/WebCore:

[1] https://fullscreen.spec.whatwg.org/#new-stacking-layer

Test: fast/layers/top-layer-display-contents-crash.html

rendering/updating/RenderTreeUpdater.cpp:

(WebCore::RenderTreeUpdater::updateElementRenderer): Always force tearing down renderers
for top layer element.

LayoutTests:

Add regression test.

fast/css/top-layer-display-contents-crash-expected.txt: Added.
fast/css/top-layer-display-contents-crash.html: Added.

10:01 AM Changeset in webkit [289059] by J Pascoe

4 edits in trunk

[WebAuthn] Allow use of hardware-fixed credentials while using alternate store
https://bugs.webkit.org/show_bug.cgi?id=235923
rdar://88102108

Reviewed by Brent Fulgham.

Source/WebKit:

This patch allows use of credentials created before a user started using
the alternate credential store by searching regardless of status when
querying credentials.

Added API test + tested manually.

UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticatorInternal::getExistingCredentials):
(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):

Tools:

Add new test for querying credentials created both before and after enabling
alternative credential store.

TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:

(TestWebKitAPI::WebCore::addKeyToKeychain):
(TestWebKitAPI::WebCore::cleanUpKeychain):
(TestWebKitAPI::TEST):

9:58 AM Changeset in webkit [289058] by Chris Dumez

12 edits
2 adds in trunk

Implement AbortSignal.timeout()
https://bugs.webkit.org/show_bug.cgi?id=236039

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Import AbortSignal.timeout() tests from upstream WPT.

web-platform-tests/dom/abort/AbortSignal.any-expected.txt:
web-platform-tests/dom/abort/AbortSignal.any.js:

(async_test.t.signal.onabort.t.step_func_done):
(async_test.t.string_appeared_here.signal.onabort.t.step_func):

web-platform-tests/dom/abort/AbortSignal.any.worker-expected.txt:
web-platform-tests/dom/abort/abort-signal-timeout-expected.txt: Added.
web-platform-tests/dom/abort/abort-signal-timeout.html: Added.
web-platform-tests/dom/abort/w3c-import.log:

Source/WebCore:

Implement the new AbortSignal.timeout() as per:

https://dom.spec.whatwg.org/#dom-abortsignal-timeout

Test: imported/w3c/web-platform-tests/dom/abort/abort-signal-timeout.html

bindings/js/JSAbortSignalCustom.cpp:

(WebCore::JSAbortSignalOwner::isReachableFromOpaqueRoots):

dom/AbortSignal.cpp:

(WebCore::AbortSignal::timeout):
(WebCore::AbortSignal::eventListenersDidChange):

dom/AbortSignal.h:
dom/AbortSignal.idl:
page/DOMTimer.cpp:

(WebCore::DOMTimer::DOMTimer):
(WebCore::DOMTimer::install):
(WebCore::DOMTimer::fired):

page/DOMTimer.h:

8:38 AM Changeset in webkit [289057] by mark.lam@apple.com

5 edits in trunk/Source/WebCore

Flaky scope.assertNoException() assertion in ~JSExecState when running workers WPT tests
https://bugs.webkit.org/show_bug.cgi?id=235978

Reviewed by Yusuke Suzuki.

Because Web workers can be terminated at any point, it is possible for JSExecState::loadModule()
to get a termination exception, which would incorrectly cause it to assert and crash in debug.
This patch updates the code so that termination exceptions are properly dealt with instead of
crashing.

No new tests, covered by imported/w3c/web-platform-tests/workers that flakily crash in
debug.

bindings/js/JSDOMExceptionHandling.cpp:

(WebCore::reportException):

bindings/js/JSExecState.h:

(WebCore::JSExecState::call):
(WebCore::JSExecState::evaluate):
(WebCore::JSExecState::profiledCall):
(WebCore::JSExecState::profiledEvaluate):
(WebCore::JSExecState::linkAndEvaluateModule):
(WebCore::JSExecState::~JSExecState):

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::evaluateInWorld):

workers/WorkerOrWorkletScriptController.cpp:

(WebCore::WorkerOrWorkletScriptController::loadModuleSynchronously):

7:29 AM Changeset in webkit [289056] by Mikhail R. Gadelha

2 edits in trunk/Source/bmalloc

Fix undefined behavior when querying linux memory size
https://bugs.webkit.org/show_bug.cgi?id=228280

Reviewed by Mark Lam.

When running JSC compiled with the undefined behavior sanitizer enabled in a 32 bits machine:

../../Source/bmalloc/bmalloc/AvailableMemory.cpp:115:60: runtime error:
signed integer overflow: 32839056 * 4096 cannot be represented in type 'long int'

This patch slighly rewrites how the available memory is calculated to
use sysinfo (like it's done for FREEBSD).

bmalloc/AvailableMemory.cpp:

(bmalloc::LinuxMemory::singleton):
(bmalloc::computeAvailableMemory):
(bmalloc::memoryStatus):

7:23 AM Changeset in webkit [289055] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][WP] Add file-ioctl telemetry
https://bugs.webkit.org/show_bug.cgi?id=236031
<rdar://88334007>

Reviewed by Darin Adler.

Add file-ioctl telemetry in the WebContent process on iOS.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

7:21 AM Changeset in webkit [289054] by Chris Dumez

16 edits
8 copies
21 adds in trunk

Start connecting SharedWorker to the WebKit2 layer
https://bugs.webkit.org/show_bug.cgi?id=236052

Reviewed by Darin Adler.

Source/WebCore:

Start connecting SharedWorker to the WebKit2 layer with a provider / connection, similarly to what is done
for service workers.

Headers.cmake:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
workers/shared/SharedWorker.cpp:

(WebCore::mainThreadConnection):
(WebCore::SharedWorker::create):

workers/shared/SharedWorkerManager.h:
workers/shared/SharedWorkerObjectConnection.cpp: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.
workers/shared/SharedWorkerObjectConnection.h: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.
workers/shared/SharedWorkerProvider.cpp: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.

(WebCore::SharedWorkerProvider::singleton):
(WebCore::SharedWorkerProvider::setSharedProvider):

workers/shared/SharedWorkerProvider.h: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.

(WebCore::SharedWorkerProvider::~SharedWorkerProvider):

workers/shared/SharedWorkerScriptLoader.h:

Source/WebKit:

Start connecting SharedWorker to the WebKit2 layer with a provider / connection, similarly to what is done
for service workers.

Sources.txt:
WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::sharedWorkerConnection):

WebProcess/Network/NetworkProcessConnection.h:
WebProcess/Storage/WebSharedWorkerObjectConnection.cpp: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.

(WebKit::WebSharedWorkerObjectConnection::messageSenderConnection const):
(WebKit::WebSharedWorkerObjectConnection::requestSharedWorker):

WebProcess/Storage/WebSharedWorkerObjectConnection.h: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.
WebProcess/Storage/WebSharedWorkerProvider.cpp: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.

(WebKit::WebSharedWorkerProvider::singleton):
(WebKit::WebSharedWorkerProvider::sharedWorkerConnection):

WebProcess/Storage/WebSharedWorkerProvider.h: Copied from Source/WebCore/workers/shared/SharedWorkerManager.h.
WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):

LayoutTests:

Skip pure SharedWorkers tests on WK1 since we will only implement this for WebKit2 in the short term.
Land WK1-specific baselines for tests that use SharedWorkers but also cover other things.

platform/mac-wk1/TestExpectations:
platform/mac-wk1/imported/w3c/web-platform-tests/content-security-policy/script-src/worker-importscripts.sub-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/content-security-policy/script-src/worker-set-timeout.sub-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.https-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/import-meta/import-meta-url-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/html/webappapis/the-windoworworkerglobalscope-mixin/Worker_Self_Origin-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/webmessaging/broadcastchannel/workers-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/workers/abrupt-completion-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/workers/semantics/multiple-workers/001-expected.txt: Added.
platform/mac-wk1/imported/w3c/web-platform-tests/workers/semantics/run-a-worker/003-expected.txt: Added.
platform/win/TestExpectations:

7:19 AM Changeset in webkit [289053] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[iOS][GPUP] Add access to sysctl property
https://bugs.webkit.org/show_bug.cgi?id=235973
<rdar://problem/88345212>

Reviewed by Darin Adler.

Add access to required sysctl property "hw.ncpu" in the GPU process on iOS.

Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

7:14 AM Changeset in webkit [289052] by pvollan@apple.com

3 edits in trunk/Source/WebKit

[GPUP] Add read access to sysctl properties
https://bugs.webkit.org/show_bug.cgi?id=236018
<rdar://problem/88382949>

Reviewed by Darin Adler.

Add read access to sysctl properties based on telemetry.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

6:51 AM Changeset in webkit [289051] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][IFC] imported/w3c/web-platform-tests/css/css-writing-modes/text-align-vlr* tests are failing
https://bugs.webkit.org/show_bug.cgi?id=236059

Reviewed by Antti Koivisto.

Content (alignment) offset should be flipped for vertical writing mode.

layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:

(WebCore::Layout::InlineDisplayContentBuilder::processNonBidiContent):
(WebCore::Layout::InlineDisplayContentBuilder::flipLogicalRectToVisualForWritingMode):
(WebCore::Layout::InlineDisplayContentBuilder::movePointHorizontallyForWritingMode const):

layout/formattingContexts/inline/display/InlineDisplayContentBuilder.h:

6:31 AM Changeset in webkit [289050] by youenn@apple.com

7 edits
1 delete in trunk/Source/WebKit

MediaRecorderPrivate should not need to create IOSurfaces
https://bugs.webkit.org/show_bug.cgi?id=235953

Reviewed by Eric Carlson.

Make use of SharedVideoFrameReader and SharedVideoFrameWriter between SampleBufferDisplayLayer and RemoteSampleBufferDisplayLayer.
Covered by existing MediaRecorder tests.

GPUProcess/webrtc/RemoteMediaRecorder.cpp:

(WebKit::RemoteMediaRecorder::videoSampleAvailable):
(WebKit::RemoteMediaRecorder::setSharedVideoFrameSemaphore):
(WebKit::RemoteMediaRecorder::setSharedVideoFrameMemory):

GPUProcess/webrtc/RemoteMediaRecorder.h:
GPUProcess/webrtc/RemoteMediaRecorder.messages.in:
SourcesCocoa.txt:
WebKit.xcodeproj/project.pbxproj:
WebProcess/GPU/webrtc/MediaRecorderPrivate.cpp:

(WebKit::MediaRecorderPrivate::videoSampleAvailable):
(WebKit::MediaRecorderPrivate::copySharedVideoFrame):

WebProcess/GPU/webrtc/MediaRecorderPrivate.h:
WebProcess/GPU/webrtc/MediaRecorderPrivate.mm: Removed.

6:07 AM Changeset in webkit [289049] by youenn@apple.com

3 edits
2 adds in trunk

RealtimeIncomingVideoSourceCocoa should not need to create IOSurfaces
https://bugs.webkit.org/show_bug.cgi?id=235952

Reviewed by Eric Carlson.

Source/WebCore:

Test: webrtc/vp8-then-h264.html

platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

Instead of using an IOSurface-based buffer pool, we use a regular memory buffer pool.
A follow-up should probably remove the need to convert YUV420 webrtc video frames to NV12 CVPixelBuffers in RealtimeIncomingVideoSourceCocoa,
so as to leave that to when copying the webrtc video frames into shared memory buffers used for IPC.

LayoutTests:

webrtc/vp8-then-h264-expected.txt: Added.
webrtc/vp8-then-h264.html: Added.

6:02 AM Changeset in webkit [289048] by graouts@webkit.org

6 edits in trunk

Incorrect KeyframesEffect generated for background
https://bugs.webkit.org/show_bug.cgi?id=229398
<rdar://problem/82516118>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Mark WPT progressions.

web-platform-tests/web-animations/interfaces/Animatable/animate-expected.txt:
web-platform-tests/web-animations/interfaces/KeyframeEffect/constructor-expected.txt:
web-platform-tests/web-animations/interfaces/KeyframeEffect/setKeyframes-expected.txt:

Source/WebCore:

Our keyframe merging code when dealing with input from the Web Animations JS API was incorrect.

First, we would iterate over proprties on a keyframe based on the MutableStyleProperties object we
use instead of the HashMap<CSSPropertyID, String> map we use to keep track of the properties set
on the keyframe and its original string value (which we use to return the exact same string when
getKeyframes() is called).

This was incorrect because calling MutableStyleProperties::setProperty() expands shorthands into
longhands, so our property count wouldn't accurate.

Second, honestly I have no idea what I was thinking when I wrote this code as it only ever worked
with a single property on the kefyrame to merge. We now correctly merge all properties from the
keyframe-to-merge into the previous keyframe by using MutableStyleProperties::mergeAndOverrideOnConflict()
and then iterate over all known properties in the HashMap<CSSPropertyID, String> to merge the
properties and strings input.

animation/KeyframeEffect.cpp:

(WebCore::processPropertyIndexedKeyframes):

5:45 AM Changeset in webkit [289047] by Carlos Garcia Campos

1 edit
1 add in trunk/WebDriverTests

Unreviewed. Add another missing file after r288871.

imported/w3c/tools/webdriver/webdriver/bidi/error.py: Added.

5:43 AM Changeset in webkit [289046] by Carlos Garcia Campos

2 edits in trunk/Source/WebCore

[GTK][a11y] Test /webkit/WebKitAccessibility/accessible/children-changed times out
https://bugs.webkit.org/show_bug.cgi?id=236070

Reviewed by Adrian Perez de Castro.

This happens because when the new node is added the a11y object children are not updated and the wrapper for the
new child is not created.

accessibility/atspi/AXObjectCacheAtspi.cpp:

(WebCore::AXObjectCache::postPlatformNotification): Call updateChildrenIfNecessary on AXChildrenChanged.

5:42 AM Changeset in webkit [289045] by Carlos Garcia Campos

2 edits in trunk/Source/WebCore

[GTK][WPE][a11y] Handle parameter of org.a11y.atspi.Text.RemoveSelection
https://bugs.webkit.org/show_bug.cgi?id=236079

Reviewed by Adrian Perez de Castro.

accessibility/atspi/AccessibilityObjectTextAtspi.cpp:

5:23 AM Changeset in webkit [289044] by Andres Gonzalez

2 edits in trunk/Source/WebCore

Crash in AXIsolatedObject::associatedAXObject.
https://bugs.webkit.org/show_bug.cgi?id=236053
<rdar://problem/88413232>

Reviewed by Darin Adler.

The crash occurs because we are using an axObject pointer after we call
updateBackingStore() which may destroy the object pointed to by axObject.
This was added as a fix for
https://bugs.webkit.org/show_bug.cgi?id=220446
So I will submit a follow up patch with the correct fix for that bug as well.

accessibility/isolatedtree/AXIsolatedObject.cpp:

(WebCore::AXIsolatedObject::associatedAXObject const):

5:21 AM Changeset in webkit [289043] by Chris Lord

3 edits in trunk/Source/WebCore

Add specialize type traits to GLContext
https://bugs.webkit.org/show_bug.cgi?id=236076

Reviewed by Alejandro G. Castro.

Make GLContext downcastable.

No new tests, no change in behaviour.

platform/graphics/GLContext.h:
platform/graphics/egl/GLContextEGL.h:

5:11 AM Changeset in webkit [289042] by Carlos Garcia Campos

2 edits in trunk/Tools

WebDriver: selenium tests are executed more than once
https://bugs.webkit.org/show_bug.cgi?id=236075

Reviewed by Darin Adler.

I think this happens since we updated the pytest version. Pytest is now collecting test files that don't
contain any test like init.py files. When that's given to the runner all the tests under the directory are
executed.

Scripts/webkitpy/webdriver_tests/pytest_runner.py:

(CollectRecorder.pytest_collectreport): Do not include files with no tests.

5:06 AM Changeset in webkit [289041] by commit-queue@webkit.org

15 edits in trunk/Source/WebCore

[atspi] missing-braces clang warnings
https://bugs.webkit.org/show_bug.cgi?id=236074

Patch by Philippe Normand <pnormand@igalia.com> on 2022-02-03
Reviewed by Darin Adler.

Wrap structure padding in braces.

accessibility/atspi/AccessibilityAtspi.cpp:
accessibility/atspi/AccessibilityObjectActionAtspi.cpp:
accessibility/atspi/AccessibilityObjectAtspi.cpp:
accessibility/atspi/AccessibilityObjectComponentAtspi.cpp:
accessibility/atspi/AccessibilityObjectDocumentAtspi.cpp:
accessibility/atspi/AccessibilityObjectHyperlinkAtspi.cpp:
accessibility/atspi/AccessibilityObjectHypertextAtspi.cpp:
accessibility/atspi/AccessibilityObjectImageAtspi.cpp:
accessibility/atspi/AccessibilityObjectSelectionAtspi.cpp:
accessibility/atspi/AccessibilityObjectTableAtspi.cpp:
accessibility/atspi/AccessibilityObjectTableCellAtspi.cpp:
accessibility/atspi/AccessibilityObjectTextAtspi.cpp:
accessibility/atspi/AccessibilityObjectValueAtspi.cpp:
accessibility/atspi/AccessibilityRootAtspi.cpp:

3:39 AM Changeset in webkit [289040] by Carlos Garcia Campos

1 edit
4 adds in trunk/WebDriverTests

Unreviewed. Add missing files after r283798.

imported/selenium/py/selenium/webdriver/common/bidi/init.py: Added.
imported/selenium/py/selenium/webdriver/common/bidi/cdp.py: Added.
imported/selenium/py/selenium/webdriver/remote/script_key.py: Added.

3:30 AM Changeset in webkit [289039] by Carlos Garcia Campos

1 edit
2 adds in trunk/WebDriverTests

Unreviewed. Add missing file after r288871.

imported/w3c/webdriver/tests/bidi/session_subscribe/subscribe.py: Added.

2:13 AM Changeset in webkit [289038] by youenn@apple.com

6 edits in trunk/Source/WebKit

SampleBufferDiplayLayer should not need to create IOSurfaces
https://bugs.webkit.org/show_bug.cgi?id=235954

Reviewed by Eric Carlson.

Make use of SharedVideoFrameReader and SharedVideoFrameWriter between SampleBufferDisplayLayer and RemoteSampleBufferDisplayLayer.
Manually tested.

GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.cpp:
GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.h:
GPUProcess/webrtc/RemoteSampleBufferDisplayLayer.messages.in:
WebProcess/GPU/webrtc/SampleBufferDisplayLayer.cpp:
WebProcess/GPU/webrtc/SampleBufferDisplayLayer.h:

2:07 AM Changeset in webkit [289037] by ysuzuki@apple.com

5 edits in trunk/Source/JavaScriptCore

[JSC] Use MetadataTable instead of UnlinkedMetadataTable
https://bugs.webkit.org/show_bug.cgi?id=236063
rdar://88269480

Reviewed by Robin Morisset.

Use MetadataTable from profiled CodeBlock instead of UnlinkedMetadataTable in concurrent JIT compiler.

bytecode/MetadataTable.h:

(JSC::MetadataTable::offsetInMetadataTable):

bytecode/UnlinkedMetadataTable.h:

(JSC::UnlinkedMetadataTable::offsetInMetadataTable):

jit/JITInlines.h:

(JSC::JIT::emitValueProfilingSite):
(JSC::JIT::loadPtrFromMetadata):
(JSC::JIT::load32FromMetadata):
(JSC::JIT::load8FromMetadata):
(JSC::JIT::store8ToMetadata):
(JSC::JIT::store32ToMetadata):
(JSC::JIT::materializePointerIntoMetadata):

jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emit_op_get_from_scope):

1:18 AM Changeset in webkit [289036] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.35.2

WebKitGTK 2.35.2

1:16 AM Changeset in webkit [289035] by Carlos Garcia Campos

4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.35.2 release

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

gtk/NEWS: Add release notes for 2.35.2.

12:52 AM Changeset in webkit [289034] by mmaxfield@apple.com

3 edits in trunk/Tools

Allow using STIX Two in layout tests
https://bugs.webkit.org/show_bug.cgi?id=236048

Reviewed by Darin Adler.

Add the fonts to the allow-list.

DumpRenderTree/mac/DumpRenderTree.mm:

(allowedFontFamilySet):

WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::allowedFontFamilySet):

12:41 AM Changeset in webkit [289033] by Carlos Garcia Campos

3 edits in trunk/Source/WebCore

Unreviewed. Fix GTK make distcheck

Move mac specific file from Sources.txt to SourcesCocoa.txt

Sources.txt:
SourcesCocoa.txt:

12:35 AM Changeset in webkit [289032] by Martin Robinson

29 edits
1 delete in trunk

Transform interpolation should blend between shared transform function primitives
https://bugs.webkit.org/show_bug.cgi?id=235311
<rdar://problem/88012700>

Reviewed by Simon Fraser.

LayoutTests/imported/w3c:

Mark some tests as newly passing.

web-platform-tests/css/css-transforms/animation/list-interpolation-expected.txt:
web-platform-tests/css/css-transforms/animation/matrix-interpolation-expected.txt:
web-platform-tests/css/css-transforms/animation/transform-interpolation-001-expected.txt:
web-platform-tests/css/css-transforms/animation/transform-interpolation-002-expected.txt:
web-platform-tests/css/css-transforms/animation/transform-interpolation-inline-value-expected.txt:
web-platform-tests/css/css-transforms/animation/transform-interpolation-verify-reftests-expected.txt:
web-platform-tests/css/css-transforms/animation/transform-translate-composition-expected.txt:

Source/WebCore:

No new tests. This is covered by existing WPT tests.

Allow direct interpolation between mismatching transform functions that share a primitive.
This fixes many tests expecting a certain computed transformation matrix in WPT, but also
allows using hardware animations more often for the CoreAnimation backend.

Rotation, scale, and translate are the only functions that have shared primitives, so they
are the only ones in this change to allow for this new behavior.

When determining if a list of keyframes has shared compatible lists of transforms, return
the vector of primitives that can represent them. In addition code for calculating big
rotations has been removed, because it was unused.

platform/graphics/GraphicsLayer.cpp:

(WebCore::gSharedPrimitivesForTransformKeyframe): Added.
(WebCore::GraphicsLayer::getSharedPrimitivesForTransformKeyframes): Added.

platform/graphics/GraphicsLayer.h:
platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::appendToUncommittedAnimations): Modified to take a vector of shared
primitive types instead of a pointer to an array of operations.
(WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):

platform/graphics/ca/GraphicsLayerCA.h:
platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:

(WebCore::GraphicsLayerTextureMapper::addAnimation): Use new method.

platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::addAnimation): Ditto.

platform/graphics/transforms/Matrix3DTransformOperation.cpp:

(WebCore::Matrix3DTransformOperation::blend): Use the new sharedPrimitiveType method
to determine if the two operations can blend.

platform/graphics/transforms/MatrixTransformOperation.cpp:

(WebCore::MatrixTransformOperation::blend): Ditto.

platform/graphics/transforms/PerspectiveTransformOperation.cpp:

(WebCore::PerspectiveTransformOperation::blend): Ditto.

platform/graphics/transforms/RotateTransformOperation.cpp:

(WebCore::RotateTransformOperation::blend): Ditto.

platform/graphics/transforms/RotateTransformOperation.h:
platform/graphics/transforms/ScaleTransformOperation.cpp:

(WebCore::ScaleTransformOperation::blend): Ditto.

platform/graphics/transforms/ScaleTransformOperation.h:
platform/graphics/transforms/SkewTransformOperation.cpp:

(WebCore::SkewTransformOperation::blend): Ditto.

platform/graphics/transforms/TransformOperation.cpp:

(WebCore::TransformOperation::sharedPrimitiveType const):

platform/graphics/transforms/TransformOperation.h:

(WebCore::TransformOperation::primitiveType const): Added this virtual function which
return the type for the base class. Rotation, scale, and translate specialize this to
return a compatible primitive type.

platform/graphics/transforms/TransformOperations.cpp:

(WebCore::TransformOperations::operationsMatch const): Modified to check whether operations
share primitives.

platform/graphics/transforms/TranslateTransformOperation.cpp:

(WebCore::TranslateTransformOperation::blend): Use the new sharedPrimitiveType method.

platform/graphics/transforms/TranslateTransformOperation.h:

LayoutTests:

Remove a duplicated baseline.

platform/glib/imported/w3c/web-platform-tests/css/css-transforms/animation/transform-interpolation-inline-value-expected.txt: Removed.

12:15 AM Changeset in webkit [289031] by ntim@apple.com

6 edits
2 adds in trunk/Source/WebCore

Create PDFDocument stub
https://bugs.webkit.org/show_bug.cgi?id=235970

Reviewed by Brent Fulgham.

Create an empty stub with an iframe where the viewer will be loaded.

Changing about:blank?file= to https://mozilla.github.io/pdf.js/web/viewer.html?file= is one way
to test the stub.

That stub is guarded behind the PDF.js viewer internal setting which is only enabled in captive portal mode.

Headers.cmake:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
dom/DOMImplementation.cpp:

(WebCore::DOMImplementation::createDocument):

dom/Document.h:

(WebCore::Document::isPDFDocument const):

html/PDFDocument.cpp: Added.

(WebCore::PDFDocument::PDFDocument):
(WebCore::m_viewerRendered):
(WebCore::PDFDocumentParser::document const):
(WebCore::PDFDocumentParser::appendBytes):
(WebCore::PDFDocumentParser::finish):
(WebCore::PDFDocument::createParser):
(WebCore::PDFDocument::createDocumentStructure):
(WebCore::PDFDocument::updateDuringParsing):
(WebCore::PDFDocument::finishedParsing):

Context Navigation

Timeline

Feb 7, 2022:

Feb 6, 2022:

Feb 5, 2022:

Feb 4, 2022:

Feb 3, 2022:

Download in other formats: