requestFrameAnimation() callback timestamp should be very close to Performance.now()
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-23  Said Abou-Hallawa  <sabouhallawa@apple.com>
2
3         requestFrameAnimation() callback timestamp should be very close to Performance.now() 
4         https://bugs.webkit.org/show_bug.cgi?id=159038
5
6         Reviewed by Simon Fraser.
7
8         Pass the Performance.now() to requestFrameAnimation() callback. Do not add
9         the timeUntilOutput which is the difference between outputTime and now since
10         this addition makes us report a timestamp ahead in the future by almost 33ms.
11
12         A new function named "nowTimestamp()" is added to the DOMWindow class. It
13         calls Performance.now() if WEB_TIMING is enabled, otherwise it calls
14         monotonicallyIncreasingTime(). The returned timestamp is seconds and it is
15         relative to the document loading time.
16
17         The timestamp passing will be removed all the down till the callers of
18         ScriptedAnimationController::serviceScriptedAnimations(). The callers will
19         getting the now timestamp by calling DOMWindow::nowTimestamp().
20
21         Tests: animations/animation-callback-timestamp.html
22                animations/animation-multiple-callbacks-timestamp.html
23
24         * dom/Document.cpp:
25         (WebCore::Document::monotonicTimestamp):
26         (WebCore::Document::serviceScriptedAnimations):
27         * dom/Document.h:
28         * dom/ScriptedAnimationController.cpp:
29         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
30         (WebCore::ScriptedAnimationController::animationTimerFired):
31         (WebCore::ScriptedAnimationController::displayRefreshFired):
32         * dom/ScriptedAnimationController.h:
33         * html/HTMLMediaElement.cpp:
34         (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
35         * loader/DocumentLoadTiming.h:
36         (WebCore::DocumentLoadTiming::referenceWallTime):
37         * page/DOMWindow.cpp:
38         (WebCore::DOMWindow::nowTimestamp):
39         * page/DOMWindow.h:
40         * page/FrameView.cpp:
41         (WebCore::FrameView::serviceScriptedAnimations):
42         * page/FrameView.h:
43         * platform/graphics/DisplayRefreshMonitor.cpp:
44         (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
45         (WebCore::DisplayRefreshMonitor::displayDidRefresh):
46         * platform/graphics/DisplayRefreshMonitor.h:
47         (WebCore::DisplayRefreshMonitor::setMonotonicAnimationStartTime): Deleted.
48         * platform/graphics/DisplayRefreshMonitorClient.cpp:
49         (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
50         * platform/graphics/DisplayRefreshMonitorClient.h:
51         * platform/graphics/GraphicsLayerUpdater.cpp:
52         (WebCore::GraphicsLayerUpdater::displayRefreshFired):
53         * platform/graphics/GraphicsLayerUpdater.h:
54         * platform/graphics/ios/DisplayRefreshMonitorIOS.h:
55         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
56         (-[WebDisplayLinkHandler handleDisplayLink:]):
57         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
58         (WebCore::mediaTimeToCurrentTime): Deleted.
59         * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
60         (WebCore::displayLinkCallback):
61         (WebCore::DisplayRefreshMonitorMac::displayLinkFired):
62         * platform/graphics/mac/DisplayRefreshMonitorMac.h:
63         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
64         (WebCore::CompositingCoordinator::syncDisplayState):
65         (WebCore::CompositingCoordinator::nextAnimationServiceTime):
66
67 2016-06-23  David Kilzer  <ddkilzer@apple.com>
68
69         Remove unused HarfBuzzFaceCoreText.cpp
70         <https://webkit.org/b/159065>
71
72         Reviewed by Myles C. Maxfield.
73
74         * platform/graphics/harfbuzz/HarfBuzzFaceCoreText.cpp: Removed.
75
76 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
77
78         Web Inspector: Memory Timeline sometimes shows impossible value for bmalloc size (underflowed)
79         https://bugs.webkit.org/show_bug.cgi?id=158110
80         <rdar://problem/26498584>
81
82         Reviewed by Andreas Kling.
83
84         IOSurface memory backing Canvas element buffers should be classified as "GC Owned",
85         but should not be considered a part of bmalloc. In fact, the actual memory cost is
86         external to the Web Content Process. The majority of extra memory reporters tend
87         to report extra memory that is also allocated in bmalloc. However, some report
88         non-bmalloc memory, such as the IOSurfaces here.
89         
90         Continue to report the memory cost without changes to inform the Heap for garbage
91         collection. However, also keep better accounting of GCOwned memory that is external
92         to the process for better accounting for the Resource Usage overlay and Web Inspector
93         Memory timeline.
94         
95         This is a bit of a game where we want to display the best possible number for
96         "GCOwned memory" in the tools, but some of that memory shows up in the other
97         regions (bmalloc, system malloc, etc). Already many sizes are estimates
98         (ReportExtraMemory, reportExtraMemory ignores small allocations), so we just focus
99         on getting the largest sources of allocations, such as Canvas IOSurfaces here,
100         into the right bucket. ResourceUsageThreadCocoa continues to subtract the "extra"
101         memory from bmalloc. So, we should address other large sources of "extra memory"
102         not in bmalloc. A likely candidate is HTMLMediaElement which uses the deprecated
103         reporting right now.
104
105         * bindings/scripts/CodeGeneratorJS.pm:
106         (GenerateImplementation):
107         * bindings/scripts/IDLAttributes.txt:
108         Add a way to report External memory, dependent on reporting Extra memory.
109
110         * html/HTMLCanvasElement.cpp:
111         (WebCore::HTMLCanvasElement::externalMemoryCost):
112         * html/HTMLCanvasElement.h:
113         * html/HTMLCanvasElement.idl:
114         Report external memory cost just like extra memory.
115
116         * page/ResourceUsageData.cpp:
117         (WebCore::ResourceUsageData::ResourceUsageData):
118         * page/ResourceUsageData.h:
119         (WebCore::MemoryCategoryInfo::totalSize):
120         * page/cocoa/ResourceUsageOverlayCocoa.mm:
121         (WebCore::RingBuffer::at):
122         (WebCore::appendDataToHistory):
123         (WebCore::ResourceUsageOverlay::platformDraw):
124         * page/cocoa/ResourceUsageThreadCocoa.mm:
125         (WebCore::categoryForVMTag):
126         (WebCore::ResourceUsageThread::platformThreadBody):
127         Do not count the GCOwned External memory as dirty memory.
128         Include External memory output in the overlay.
129
130         * inspector/InspectorMemoryAgent.cpp:
131         (WebCore::InspectorMemoryAgent::collectSample):
132         When sizing the JavaScript portion, include both the GC Owned
133         category's dirty and external memory. Ultimately we will
134         want this everywhere in case things change.
135
136         * platform/graphics/ImageBuffer.cpp:
137         (WebCore::memoryCost):
138         (WebCore::externalMemoryCost):
139         * platform/graphics/ImageBuffer.h:
140         * platform/graphics/cg/ImageBufferCG.cpp:
141         (WebCore::ImageBuffer::memoryCost):
142         (WebCore::ImageBuffer::externalMemoryCost):
143         Report IOSurface total bytes as extra memory and external memory
144         so that it can be tracked as GC Owned memory that is separate from
145         regular (bmalloc/other) in process memory.
146
147 2016-06-23  Alexey Proskuryakov  <ap@apple.com>
148
149         Handle (0, 0) ranges from Lookup
150         https://bugs.webkit.org/show_bug.cgi?id=159062
151         rdar://problem/26960385
152
153         Reviewed by Tim Horton.
154
155         * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeAtHitTestResult):
156         Paper over <https://bugs.webkit.org/show_bug.cgi?id=159063>, which seems too involved
157         to fix now.
158
159 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
160
161         Web Inspector: first heap snapshot taken when a page is reloaded happens before the reload navigation
162         https://bugs.webkit.org/show_bug.cgi?id=158995
163         <rdar://problem/26923778>
164
165         Reviewed by Brian Burg.
166
167         When the "Heap" instrument is included in the Timeline list
168         of instruments, defer starting it in an auto-capture scenario
169         until after the page does its first navigation.
170
171         AutoCapture on the backend happens when it is enabled at
172         the main resource starts loading. In that case it proceeds
173         through the following phases:
174
175             No Auto Capture:
176                 None
177
178             Auto Capture:
179                 BeforeLoad -> FirstNavigation -> AfterFirstNavigation
180
181         When toggling instruments for backend initiated capture
182         most instruments do not care and will just start/stop.
183
184         * inspector/InspectorInstrumentation.cpp:
185         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
186         Inform the TimelineAgent that the main frame navigated.
187         Do this after informing the HeapAgent (so any potential
188         snapshot does not get cleared) and PageAgent (so the
189         frontend knows the page navigated before the agent starts).
190
191         * inspector/InspectorTimelineAgent.h:
192         * inspector/InspectorTimelineAgent.cpp:
193         (WebCore::InspectorTimelineAgent::internalStop):
194         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
195         (WebCore::InspectorTimelineAgent::mainFrameNavigated):
196         Update the auto capture phase transitions.
197
198         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
199         Only start the heap agent during the None phase (console.profile)
200         or with the first navigation (auto capture page navigation).
201
202 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
203
204         Web Inspector: Snapshots should be cleared at some point
205         https://bugs.webkit.org/show_bug.cgi?id=157907
206         <rdar://problem/26373610>
207
208         Reviewed by Timothy Hatcher.
209
210         * CMakeLists.txt:
211         * WebCore.xcodeproj/project.pbxproj:
212         * inspector/InspectorAllInOne.cpp:
213         New specialized agent.
214
215         * inspector/InspectorController.cpp:
216         (WebCore::InspectorController::InspectorController):
217         Construct a specialized HeapAgent.
218
219         * inspector/PageHeapAgent.h:
220         * inspector/PageHeapAgent.cpp:
221         (WebCore::PageHeapAgent::PageHeapAgent):
222         (WebCore::PageHeapAgent::enable):
223         (WebCore::PageHeapAgent::disable):
224         (WebCore::PageHeapAgent::mainFrameNavigated):
225         Clear backend snapshots on page navigations.
226         Set the PageHeapAgent instrumenting agent on enable/disable.
227
228         * inspector/InstrumentingAgents.cpp:
229         (WebCore::InstrumentingAgents::reset):
230         * inspector/InstrumentingAgents.h:
231         (WebCore::InstrumentingAgents::pageHeapAgent):
232         (WebCore::InstrumentingAgents::setPageHeapAgent):
233         Active PageHeapAgent.
234
235         * inspector/InspectorInstrumentation.cpp:
236         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
237         Inform the PageHeapAgent when the mainframe navigates.
238
239 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
240
241         CSSComputedStyleDeclaration::length should recalculate styles if needed to provide the correct value
242         https://bugs.webkit.org/show_bug.cgi?id=159053
243         <rdar://problem/26638119>
244
245         Reviewed by Simon Fraser.
246
247         Test: fast/css/variables/custom-property-computed-style-length-update.html
248
249         * css/CSSComputedStyleDeclaration.cpp:
250         (WebCore::CSSComputedStyleDeclaration::length):
251
252 2016-06-23  John Wilander  <wilander@apple.com>
253
254         Enable window.open() for existing versions of Secret Society
255         https://bugs.webkit.org/show_bug.cgi?id=159049
256         <rdar://problem/26528349>
257
258         Reviewed by Andy Estes.
259
260         The Secret Society Hidden Mystery app has a broken version check treating iOS 10
261         as iOS 1 on iPads. Therefore it believes it can use window.open() in a tap
262         handler. We should allow the existing versions of the app to do this to not break
263         them.
264
265         No new tests. Tested manually in the app.
266
267         * page/DOMWindow.cpp:
268         (WebCore::DOMWindow::allowPopUp):
269             Now checks with Settings whether it should allow a popup even though it is
270             not processing a user gesture.
271         * page/Settings.in:
272             Added setting allowWindowOpenWithoutUserGesture.
273         * platform/RuntimeApplicationChecks.h:
274         * platform/RuntimeApplicationChecks.mm:
275         (WebCore::IOSApplication::isTheSecretSocietyHiddenMystery):
276             Added.
277
278 2016-06-23  Chris Dumez  <cdumez@apple.com>
279
280         Only call sqlite3_initialize() when a SQLite database is actually being opened
281         https://bugs.webkit.org/show_bug.cgi?id=159033
282
283         Reviewed by Brady Eidson.
284
285         Only call sqlite3_initialize() when a SQLite database is actually being opened
286         instead of doing it unconditionally. sqlite3_initialize() was previously called
287         in the SQLiteDatabase constructor which gets called on WebContent process
288         initialization because a DatabaseTracker is constructed on initialization and
289         DatabaseTracker has a SQLiteDatabase data member.
290
291         * platform/sql/SQLiteDatabase.cpp:
292         (WebCore::initializeSQLiteIfNecessary):
293         (WebCore::SQLiteDatabase::open):
294         (WebCore::SQLiteDatabase::SQLiteDatabase): Deleted.
295         * platform/sql/SQLiteDatabase.h:
296
297 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
298
299         WebRTC: Align 'update ICE connection/gathering state' steps with the WebRTC 1.0 specification
300         https://bugs.webkit.org/show_bug.cgi?id=159054
301
302         Reviewed by Eric Carlson.
303
304         Add checks for same state and closed RTCPeerConnection in the 'update ICE connection state'
305         and 'update ICE gathering state' routines as described in [1].
306
307         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#update-ice-gathering-state
308
309         No change in current behavior.
310
311         * Modules/mediastream/RTCPeerConnection.cpp:
312         (WebCore::RTCPeerConnection::updateIceGatheringState):
313         (WebCore::RTCPeerConnection::updateIceConnectionState):
314
315 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
316
317         WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API
318         https://bugs.webkit.org/show_bug.cgi?id=158940
319
320         Reviewed by Eric Carlson.
321
322         Implement the legacy MediaStream-based RTCPeerConnection API as JS built-ins. The
323         getRemoteStreams() function and the 'addstream' event are partly implemented with native
324         code.
325
326         Test: fast/mediastream/RTCPeerConnection-legacy-stream-based-api.html
327
328         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
329         (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
330         (WebCore::MediaEndpointPeerConnection::getRemoteStreams):
331         The getRemoteStreams() function and the 'addstream' event is backed up by native code.
332         * Modules/mediastream/MediaEndpointPeerConnection.h:
333         * Modules/mediastream/MediaStream.idl:
334         * Modules/mediastream/PeerConnectionBackend.h:
335         * Modules/mediastream/RTCPeerConnection.h:
336         * Modules/mediastream/RTCPeerConnection.idl:
337         * Modules/mediastream/RTCPeerConnection.js:
338         (initializeRTCPeerConnection):
339         (getLocalStreams):
340         (getRemoteStreams):
341         (getStreamById):
342         (addStream):
343         (removeStream):
344         Legacy API implemented as JS built-ins.
345         * bindings/js/JSDOMGlobalObject.cpp:
346         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
347         * bindings/js/WebCoreBuiltinNames.h:
348
349 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
350
351         Unreviewed. Fix the build with CSS Shapes disabled.
352
353         * css/StyleBuilderConverter.h:
354
355 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
356
357         [Soup] Clean up SocketStreamHandle soup implementation
358         https://bugs.webkit.org/show_bug.cgi?id=159024
359
360         Reviewed by Žan Doberšek.
361
362         Stop using a global HashMap to "acivate"/"deactivate" handles, and just take a reference of the handle and
363         pass the ownership to the callbacks, using a GCancellable to cancel all async operations.
364
365         * platform/network/soup/SocketStreamHandle.h:
366         (WebCore::SocketStreamHandle::create):
367         (WebCore::SocketStreamHandle::id): Deleted.
368         * platform/network/soup/SocketStreamHandleSoup.cpp:
369         (WebCore::SocketStreamHandle::SocketStreamHandle):
370         (WebCore::SocketStreamHandle::connected):
371         (WebCore::SocketStreamHandle::connectedCallback):
372         (WebCore::SocketStreamHandle::readBytes):
373         (WebCore::SocketStreamHandle::readReadyCallback):
374         (WebCore::SocketStreamHandle::didFail):
375         (WebCore::SocketStreamHandle::platformSend):
376         (WebCore::SocketStreamHandle::platformClose):
377         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
378         (WebCore::SocketStreamHandle::writeReadyCallback):
379         (WebCore::getHandleFromId): Deleted.
380         (WebCore::deactivateHandle): Deleted.
381         (WebCore::activateHandle): Deleted.
382         (WebCore::SocketStreamHandle::~SocketStreamHandle): Deleted.
383         (WebCore::connectedCallback): Deleted.
384         (WebCore::readReadyCallback): Deleted.
385         (WebCore::writeReadyCallback): Deleted.
386
387 2016-06-22  Brady Eidson  <beidson@apple.com>
388
389         DatabaseProcess doesn't handle WebProcesses going away uncleanly.
390         https://bugs.webkit.org/show_bug.cgi?id=158894
391
392         Reviewed by Alex Christensen.
393
394         No new tests (Covered by additions to existing API test).
395
396         * Modules/indexeddb/server/IDBConnectionToClient.cpp:
397         (WebCore::IDBServer::IDBConnectionToClient::registerDatabaseConnection):
398         (WebCore::IDBServer::IDBConnectionToClient::unregisterDatabaseConnection):
399         (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed):
400         * Modules/indexeddb/server/IDBConnectionToClient.h:
401         
402         * Modules/indexeddb/server/IDBServer.cpp:
403         (WebCore::IDBServer::IDBServer::unregisterConnection): Call connectionToClientClosed() on
404           the connection, which cleans up after it in the server.
405         
406         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
407         (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
408         (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):
409
410 2016-06-22  Benjamin Poulain  <bpoulain@apple.com>
411
412         AX: Add support for CSS4 :focus-within pseudo
413         https://bugs.webkit.org/show_bug.cgi?id=140144
414
415         Reviewed by Antti Koivisto.
416
417         Tests: fast/css/pseudo-focus-within-basics.html
418                fast/css/pseudo-focus-within-inside-shadow-dom.html
419                fast/css/pseudo-focus-within-style-sharing-1.html
420                fast/css/pseudo-focus-within-style-sharing-2.html
421                fast/selectors/focus-within-style-update.html
422
423         * css/CSSSelector.cpp:
424         (WebCore::CSSSelector::selectorText):
425         * css/CSSSelector.h:
426         * css/SelectorChecker.cpp:
427         (WebCore::SelectorChecker::checkOne):
428         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
429         * cssjit/SelectorCompiler.cpp:
430         (WebCore::SelectorCompiler::addPseudoClassType):
431         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
432         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasFocusWithin):
433         * dom/ContainerNode.cpp:
434         (WebCore::destroyRenderTreeIfNeeded):
435         * dom/Element.cpp:
436         (WebCore::Element::~Element):
437         (WebCore::Element::setFocus):
438         (WebCore::Element::unregisterNamedFlowContentElement):
439         (WebCore::Element::setIsNamedFlowContentElement):
440         (WebCore::Element::clearIsNamedFlowContentElement):
441         (WebCore::Element::setStyleAffectedByFocusWithin):
442         (WebCore::Element::rareDataStyleAffectedByFocusWithin):
443         (WebCore::Element::rareDataIsNamedFlowContentElement):
444         * dom/Element.h:
445         (WebCore::Element::hasFocusWithin):
446         (WebCore::Element::styleAffectedByFocusWithin):
447         (WebCore::Element::isNamedFlowContentElement):
448         (WebCore::Element::setHasFocusWithin):
449         * dom/ElementRareData.h:
450         (WebCore::ElementRareData::styleAffectedByFocusWithin):
451         (WebCore::ElementRareData::setStyleAffectedByFocusWithin):
452         (WebCore::ElementRareData::isNamedFlowContentElement):
453         (WebCore::ElementRareData::setIsNamedFlowContentElement):
454         (WebCore::ElementRareData::ElementRareData):
455         (WebCore::ElementRareData::resetComputedStyle):
456         * dom/Node.h:
457         (WebCore::Node::flagHasFocusWithin):
458         (WebCore::Node::isNamedFlowContentNode): Deleted.
459         (WebCore::Node::setIsNamedFlowContentNode): Deleted.
460         (WebCore::Node::clearIsNamedFlowContentNode): Deleted.
461         * rendering/RenderNamedFlowThread.cpp:
462         (WebCore::RenderNamedFlowThread::clearContentElements):
463         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
464         (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
465         (WebCore::nextNodeInsideContentElement):
466         * style/RenderTreeUpdater.cpp:
467         (WebCore::RenderTreeUpdater::updateElementRenderer):
468         * style/StyleRelations.cpp:
469         (WebCore::Style::commitRelationsToRenderStyle):
470         (WebCore::Style::commitRelations):
471         * style/StyleRelations.h:
472         * style/StyleSharingResolver.cpp:
473         (WebCore::Style::SharingResolver::canShareStyleWithElement):
474
475 2016-06-22  Oliver Hunt  <oliver@apple.com>
476
477         Integrate WebKit's CFURLConnection with App Transport Security
478         https://bugs.webkit.org/show_bug.cgi?id=159039
479         <rdar://problem/26953685>
480
481         Reviewed by Alex Christensen.
482
483         Pass additional options to NSURLConnect initialiser to identify that
484         this connection is for WebKit content loading.
485
486         * platform/network/mac/ResourceHandleMac.mm:
487         (WebCore::ResourceHandle::createNSURLConnection):
488
489 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
490
491         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
492         https://bugs.webkit.org/show_bug.cgi?id=158949
493         rdar://problem/26867866
494
495         Reviewed by Simon Fraser.
496
497         No new tests because there is no behavior change. This reverts changes from 
498         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
499         to prevent flicker when moving a layer between contexts. 
500         commitPriority allows the layer to be added to the destination context before it is 
501         removed from the source context.
502
503         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
504         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
505         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
506         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
507         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
508         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
509         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
510         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
511         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
512         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
513         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
514         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
515         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
516         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
517         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
518         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
519         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
520         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
521
522 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
523
524         REGRESSION (r201629): Weird button glitching on github.com
525         https://bugs.webkit.org/show_bug.cgi?id=159031
526         rdar://problem/26880332
527
528         Reviewed by Tim Horton.
529
530         r201629 changed the logic slightly when creating an image buffer for a scaled context;
531         it set the buffer context's scale to the scale in the source context, but this failed
532         to take into account the rounding up of the buffer size, which the old code did.
533
534         Fix by reverting to the old behavior.
535
536         Since buffer sizes can only be integral, changed compatibleBufferSize() to return
537         an IntSize.
538
539         Test: fast/backgrounds/scaled-gradient-background.html
540
541         * platform/graphics/ImageBuffer.cpp:
542         (WebCore::ImageBuffer::createCompatibleBuffer):
543         (WebCore::ImageBuffer::compatibleBufferSize):
544         * platform/graphics/ImageBuffer.h:
545         * platform/graphics/IntRect.h:
546         (WebCore::IntRect::area):
547         * platform/graphics/IntSize.h:
548         (WebCore::IntSize::area): Make this return an unsigned.
549
550 2016-06-22  Anders Carlsson  <andersca@apple.com>
551
552         Inline the last of the Apple Pay WebCore code
553         https://bugs.webkit.org/show_bug.cgi?id=159032
554
555         Reviewed by Tim Horton.
556
557         * loader/EmptyClients.cpp:
558         (WebCore::fillWithEmptyClients):
559         * page/MainFrame.cpp:
560         (WebCore::MainFrame::MainFrame):
561         * page/MainFrame.h:
562         * page/PageConfiguration.h:
563         * platform/cocoa/ThemeCocoa.mm:
564         (WebCore::passKitBundle):
565         (WebCore::loadPassKitPDFPage):
566         (WebCore::applePayButtonLogoBlack):
567         (WebCore::applePayButtonLogoWhite):
568         (WebCore::drawApplePayButton):
569         (WebCore::ThemeCocoa::drawNamedImage):
570
571 2016-06-22  Anders Carlsson  <andersca@apple.com>
572
573         Exception is not thrown when shipping method is an invalid amount
574         https://bugs.webkit.org/show_bug.cgi?id=159030
575         rdar://problem/26700413
576
577         Reviewed by Tim Horton.
578
579         * Modules/applepay/ApplePaySession.cpp:
580         (WebCore::createShippingMethods):
581         Bail if createShippingMethod returns Nullopt.
582
583         (WebCore::createPaymentRequest):
584         Bail if createShippingMethods returns Nullopt.
585
586 2016-06-22  Anders Carlsson  <andersca@apple.com>
587
588         Exception is not thrown when shipping method is an invalid amount
589         https://bugs.webkit.org/show_bug.cgi?id=159029
590         rdar://problem/26700413
591
592         Reviewed by Tim Horton.
593
594         * Modules/applepay/PaymentRequest.h:
595         Change ShippingMethod::amount to be a signed 64-bit integer.
596
597         * Modules/applepay/PaymentRequestValidator.cpp:
598         (WebCore::PaymentRequestValidator::validate):
599         Call validateShippingMethods.
600
601         (WebCore::PaymentRequestValidator::validateShippingMethods):
602         Validate all the shipping methods.
603
604         (WebCore::PaymentRequestValidator::validateShippingMethod):
605         Check that the amount is >= 0.
606
607         * Modules/applepay/PaymentRequestValidator.h:
608         Add new members.
609
610 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
611
612         WebRTC: Add support for the negotiationneeded event in MediaEndpointPeerConnection
613         https://bugs.webkit.org/show_bug.cgi?id=158985
614
615         Reviewed by Eric Carlson.
616
617         Implement MediaEndpointPeerConnection's isNegotiationNeeded, markAsNeedingNegotiation and
618         clearNegotiationNeededState functions. The calls to these functions are already up-to-date.
619
620         Test: fast/mediastream/RTCPeerConnection-more-media-to-negotiate.html
621
622         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
623         (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
624         * Modules/mediastream/MediaEndpointPeerConnection.h:
625         * Modules/mediastream/RTCPeerConnection.cpp:
626         (WebCore::RTCPeerConnection::scheduleNegotiationNeededEvent):
627
628 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
629
630         WebRTC: Replace RTCPeerConnection custom constructor with a JS built-in constructor
631         https://bugs.webkit.org/show_bug.cgi?id=158832
632
633         Reviewed by Eric Carlson and Youenn Fablet.
634
635         Use a JS built-in constructor instead of a custom constructor. This makes it easier to
636         initialize private fields for functions implemented as JS built-ins. The constructor
637         behavior is in need of updating, but that is left to a follow-up change [1].
638
639         [1] http://webkit.org/b/158936
640         No change in behavior.
641
642         * CMakeLists.txt:
643         * Modules/mediastream/RTCPeerConnection.cpp:
644         (WebCore::RTCPeerConnection::create):
645         (WebCore::RTCPeerConnection::RTCPeerConnection):
646         (WebCore::RTCPeerConnection::~RTCPeerConnection):
647         (WebCore::RTCPeerConnection::initializeWith):
648         * Modules/mediastream/RTCPeerConnection.h:
649         * Modules/mediastream/RTCPeerConnection.idl:
650         * Modules/mediastream/RTCPeerConnection.js:
651         (initializeRTCPeerConnection):
652         Add JS built-in constructor function.
653         * WebCore.xcodeproj/project.pbxproj:
654         * bindings/js/JSRTCPeerConnectionCustom.cpp: Removed.
655         (WebCore::constructJSRTCPeerConnection): Deleted.
656
657 2016-06-22  Youenn Fablet  <youenn@apple.com>
658
659         CrossOriginPreflightChecker should call DocumentThreadableLoader preflightFailure instead of didFailLoading
660         https://bugs.webkit.org/show_bug.cgi?id=158984
661
662         Reviewed by Darin Adler.
663
664         No change of behavior.
665
666         Calling DocumentThreadableLoader preflightFailure instead of didFailLoading for any preflight error case.
667
668         * loader/CrossOriginPreflightChecker.cpp:
669         (WebCore::CrossOriginPreflightChecker::notifyFinished): Directly calling preflightFailure callback.
670         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
671         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure): Deleted.
672         (WebCore::CrossOriginPreflightChecker::redirectReceived): Deleted (should have been removed as part of
673         https://bugs.webkit.org/show_bug.cgi?id=111008).
674         * loader/CrossOriginPreflightChecker.h:
675
676 2016-06-22  Youenn Fablet  <youennf@gmail.com>
677
678         JSDOMIterator forEach should support second optional parameter
679         https://bugs.webkit.org/show_bug.cgi?id=159020
680
681         Reviewed by Chris Dumez.
682
683         Covered by beefed up test.
684
685         * bindings/js/JSDOMIterator.h:
686         (WebCore::iteratorForEach): Setting callback thisValue to the second argument passed to forEach.
687
688 2016-06-22  Jer Noble  <jer.noble@apple.com>
689
690         Media controls stop working after exiting PiP
691         https://bugs.webkit.org/show_bug.cgi?id=159026
692         <rdar://problem/26753579>
693
694         Reviewed by Eric Carlson.
695
696         Do not slave setting WebVideoFullscreenModelVideoElement::setVideoElement() to
697         WebPlaybackSessionModelVideoElement::setMediaElement(). After all, someone else
698         (i.e., the media controls) may still be using it.
699
700         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
701         (WebVideoFullscreenModelVideoElement::setVideoElement): Deleted.
702         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
703         (WebVideoFullscreenControllerContext::didCleanupFullscreen):
704         (WebVideoFullscreenControllerContext::setUpFullscreen):
705
706 2016-06-22  Jer Noble  <jer.noble@apple.com>
707
708         Update document's isPlayingMedia() state whenever media element's media state changes
709         https://bugs.webkit.org/show_bug.cgi?id=159018
710         <rdar://problem/26586630>
711
712         Reviewed by Beth Dakin.
713
714         The Document can end up with a stale m_mediaState if its own value isn't updated when
715         its constituent HTMLMediaElement's m_mediaStates change.
716
717         * html/HTMLMediaElement.cpp:
718         (WebCore::HTMLMediaElement::updateMediaState):
719
720 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
721
722         Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees
723         https://bugs.webkit.org/show_bug.cgi?id=159023
724         rdar://problem/25377842
725
726         Reviewed by Tim Horton.
727
728         Having an on-stack DisplayList::Recorder increased the stack frame size significantly,
729         causing stack exhaustion with deep layer trees, despite the existing depth check.
730
731         Make the Recorder heap-allocated to fix this.
732
733         Tested by LayoutTests/compositing//layer-creation/deep-tree.html.
734
735         * platform/graphics/ca/GraphicsLayerCA.cpp:
736         (WebCore::GraphicsLayerCA::recursiveCommitChanges):
737
738 2016-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>
739
740         [GTK] Add support for variadic parameters to GObject DOM bindings
741         https://bugs.webkit.org/show_bug.cgi?id=158942
742
743         Reviewed by Michael Catanzaro.
744
745         Generate code for functions having variadic parameters.
746
747         * bindings/scripts/CodeGeneratorGObject.pm:
748         (GenerateFunction):
749         (SkipFunction):
750         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
751         (webkit_dom_test_obj_variadic_string_method):
752         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
753
754 2016-06-21  Benjamin Poulain  <bpoulain@apple.com>
755
756         :hover CSS pseudo-class sometimes keeps matching ever after mouse has left the element
757         https://bugs.webkit.org/show_bug.cgi?id=158340
758
759         Reviewed by Simon Fraser.
760
761         When removing a hovered subtree from the document, we were getting
762         into an inconsistent state where m_hoveredElement is in the detached
763         subtree and we have no way of clearing the existing IsHovered flags.
764
765         What happens is:
766         -The root "a" has an child "b" that is hovered.
767         -"a" starts being removed from the tree, its renderer is destroyed.
768         -RenderTreeUpdater::tearDownRenderers() pushes "a" on the teardownStack
769          and calls hoveredElementDidDetach().
770         -hoveredElementDidDetach() is called with "a". "a" is not the hovered
771          element, the function does nothing.
772         -RenderTreeUpdater::tearDownRenderers() pushes "b" on the teardownStack
773          and calls hoveredElementDidDetach().
774         -hoveredElementDidDetach() is called with "b". The next parent with a renderer
775          is "a", m_hoveredElement is set to "a".
776         -"a"'s parent is set to nullptr.
777
778         -> We have a m_hoveredElement on the root of a detached tree, making
779            it impossible to clear the real dirty tree.
780
781         This patch changes the order in which we clear the flags.
782         It is done in the order in which we clear the renderers to ensure
783         the last element with a dead renderer is the last to update m_hoveredElement.
784
785         Tests: fast/css/ancestor-of-hovered-element-detached.html
786                fast/css/ancestor-of-hovered-element-removed.html
787
788         * Source/WebCore/style/RenderTreeUpdater.cpp:
789
790 2016-06-21  Youenn Fablet  <youennf@gmail.com>
791
792         [Fetch API] Rename 'origin-only' referrer policy to 'origin'
793         https://bugs.webkit.org/show_bug.cgi?id=158982
794
795         Reviewed by Alex Christensen.
796
797         Covered by updated tests.
798
799         * Modules/fetch/FetchRequest.cpp:
800         (WebCore::setReferrerPolicy): Renaming origin-only to origin.
801         * Modules/fetch/FetchRequest.idl: Ditto.
802         * loader/FetchOptions.h: Ditto.
803
804 2016-06-21  Chris Dumez  <cdumez@apple.com>
805
806         Let the compiler generate the move constructor and assignment operator for ScriptExecutionContext::Task
807         https://bugs.webkit.org/show_bug.cgi?id=159013
808
809         Reviewed by Brady Eidson.
810
811         Let the compiler generate the move constructor and assignment operator for
812         ScriptExecutionContext::Task. We previously manually defined the move
813         constructor but there is no need as it doesn't do anything special.
814
815         * dom/ScriptExecutionContext.h:
816
817 2016-06-21  Dean Jackson  <dino@apple.com>
818
819         DumpRenderTree crashed in com.apple.WebCore: WebCore::HTMLSelectElement::updateSelectedState
820         https://bugs.webkit.org/show_bug.cgi?id=159009
821         <rdar://problem/23454623>
822
823         Reviewed by Jon Lee.
824
825         It seems we can get bogus indices from UIKit's implementation
826         of UIWebSelectMultiplePicker. Guard against this situation.
827
828         Covered by running the existing tests in WebKit1 with Guard Malloc,
829         such as fast/spatial-navigation/snav-multiple-select-optgroup.html
830
831         * html/HTMLSelectElement.cpp:
832         (WebCore::HTMLSelectElement::updateSelectedState): Early return
833         if we get an index out of range.
834
835 2016-06-21  Chris Dumez  <cdumez@apple.com>
836
837         Pass ScriptExecutionContext::Task as rvalue reference
838         https://bugs.webkit.org/show_bug.cgi?id=159007
839
840         Reviewed by Anders Carlsson.
841
842         Pass ScriptExecutionContext::Task as rvalue reference since its non-copyable
843         and has to be moved in.
844
845         * workers/WorkerLoaderProxy.h:
846         * workers/WorkerMessagingProxy.cpp:
847         (WebCore::WorkerMessagingProxy::postTaskToLoader):
848         (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
849         * workers/WorkerMessagingProxy.h:
850         * workers/WorkerRunLoop.cpp:
851         (WebCore::WorkerRunLoop::postTask):
852         (WebCore::WorkerRunLoop::postTaskAndTerminate):
853         (WebCore::WorkerRunLoop::postTaskForMode):
854         (WebCore::WorkerRunLoop::Task::Task):
855         * workers/WorkerRunLoop.h:
856
857 2016-06-21  Anders Carlsson  <andersca@apple.com>
858
859         Include IdentifierInlines.h.
860
861         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
862
863 2016-06-21  Anders Carlsson  <andersca@apple.com>
864
865         Add PaymentHeaders.h file.
866
867         * Modules/applepay/PaymentHeaders.h: Added.
868         * WebCore.xcodeproj/project.pbxproj:
869
870 2016-06-21  Anders Carlsson  <andersca@apple.com>
871
872         Make a bunch of Apple Pay headers private instead of project.
873
874         * WebCore.xcodeproj/project.pbxproj:
875
876 2016-06-21  Anders Carlsson  <andersca@apple.com>
877
878         Move the last Apple Pay WebCore files to the open source repository
879         https://bugs.webkit.org/show_bug.cgi?id=159005
880
881         Reviewed by Tim Horton.
882
883         * DerivedSources.make:
884         * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp: Added.
885         * Modules/applepay/ApplePayPaymentAuthorizedEvent.h: Added.
886         * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl: Added.
887         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp: Added.
888         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h: Added.
889         * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl: Added.
890         * Modules/applepay/ApplePaySession.cpp: Added.
891         * Modules/applepay/ApplePaySession.h: Added.
892         * Modules/applepay/ApplePaySession.idl: Added.
893         * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp: Added.
894         * Modules/applepay/ApplePayShippingContactSelectedEvent.h: Added.
895         * Modules/applepay/ApplePayShippingContactSelectedEvent.idl: Added.
896         * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp: Added.
897         * Modules/applepay/ApplePayShippingMethodSelectedEvent.h: Added.
898         * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl: Added.
899         * Modules/applepay/ApplePayValidateMerchantEvent.cpp: Added.
900         * Modules/applepay/ApplePayValidateMerchantEvent.h: Added.
901         * Modules/applepay/ApplePayValidateMerchantEvent.idl: Added.
902         * Modules/applepay/Payment.h: Added.
903         * Modules/applepay/PaymentAuthorizationStatus.h: Added.
904         * Modules/applepay/PaymentContact.h: Added.
905         * Modules/applepay/PaymentMerchantSession.h: Added.
906         * Modules/applepay/PaymentMethod.h: Added.
907         * Modules/applepay/PaymentRequestValidator.cpp: Added.
908         * Modules/applepay/PaymentRequestValidator.h: Added.
909         * Modules/applepay/cocoa/PaymentContactCocoa.mm: Added.
910         * Modules/applepay/cocoa/PaymentMethodCocoa.mm: Added.
911         * WebCore.xcodeproj/project.pbxproj:
912         * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Added.
913         * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Added.
914         * bindings/js/JSApplePaySessionCustom.cpp: Added.
915         * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Added.
916         * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Added.
917         * dom/EventNames.in:
918         * dom/EventTargetFactory.in:
919
920 2016-06-21  Anders Carlsson  <andersca@apple.com>
921
922         Fix build.
923
924         * Configurations/FeatureDefines.xcconfig:
925
926 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
927
928         Unreviewed, rolling out r202302, r202303, r202305, and
929         r202306.
930
931         Roll out the rollouts because of breaking the build.
932
933         Reverted changesets:
934
935         "Unreviewed, rolling out r200678."
936         https://bugs.webkit.org/show_bug.cgi?id=157453
937         http://trac.webkit.org/changeset/202302
938
939         "Unreviewed, rolling out r200619."
940         https://bugs.webkit.org/show_bug.cgi?id=131443
941         http://trac.webkit.org/changeset/202303
942
943         "Unreviewed, attempt to fix the build after r202303."
944         http://trac.webkit.org/changeset/202305
945
946         "Unreviewed, attempt to fix the build after r202303."
947         http://trac.webkit.org/changeset/202306
948
949 2016-06-21  Chris Dumez  <cdumez@apple.com>
950
951         Unreviewed, attempt to fix the build after r202303.
952
953         * bindings/js/JSDOMIterator.h:
954         (WebCore::IteratorInspector::decltype):
955         (WebCore::IteratorInspector::test):
956
957 2016-06-21  Chris Dumez  <cdumez@apple.com>
958
959         Unreviewed, attempt to fix the build after r202303.
960
961         * bindings/js/JSDOMIterator.h:
962         (WebCore::toJS):
963
964 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
965
966         Unreviewed, rolling out r200619.
967
968         This incompleted feature broke http://m.yahoo.co.jp. Roll it
969         out together with r200678.
970
971         Reverted changeset:
972
973         "NodeList should be iterable"
974         https://bugs.webkit.org/show_bug.cgi?id=131443
975         http://trac.webkit.org/changeset/200619
976
977 2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>
978
979         Unreviewed, rolling out r200678.
980
981         This incompleted feature broke http://m.yahoo.co.jp. Roll it
982         out together with r200619.
983
984         Reverted changeset:
985
986         "Ensure DOM iterators remain done"
987         https://bugs.webkit.org/show_bug.cgi?id=157453
988         http://trac.webkit.org/changeset/200678
989
990 2016-06-21  Anders Carlsson  <andersca@apple.com>
991
992         Begin moving the Apple Pay code to the open source repository
993         https://bugs.webkit.org/show_bug.cgi?id=158998
994
995         Reviewed by Tim Horton.
996
997         * Configurations/FeatureDefines.xcconfig:
998         Add ENABLE_APPLE_PAY.
999
1000         * Modules/applepay/PaymentCoordinator.cpp: Added.
1001         * Modules/applepay/PaymentCoordinator.h: Added.
1002         * Modules/applepay/PaymentCoordinatorClient.h: Added.
1003         * Modules/applepay/PaymentRequest.cpp: Added.
1004         * Modules/applepay/PaymentRequest.h: Added.
1005         * Modules/applepay/cocoa/PaymentCocoa.mm: Added.
1006         * WebCore.xcodeproj/project.pbxproj:
1007         Add new files.
1008
1009         * dom/EventNames.h:
1010         Add new event names.
1011
1012         * page/MainFrame.h:
1013         Use a forward declaration.
1014
1015 2016-06-21  Said Abou-Hallawa  <sabouhallawa@apple,com>
1016
1017         Add system tracing points for requestAnimationFrame() workflow
1018         https://bugs.webkit.org/show_bug.cgi?id=158723
1019
1020         Reviewed by Simon Fraser.
1021
1022         Add trace points for requestAnimationFrame().
1023
1024         * dom/ScriptedAnimationController.cpp:
1025         (WebCore::ScriptedAnimationController::requestAnimationFrameEnabled):
1026         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
1027         (WebCore::ScriptedAnimationController::windowScreenDidChange):
1028         (WebCore::ScriptedAnimationController::scheduleAnimation):
1029         * dom/ScriptedAnimationController.h:
1030         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
1031         (WebCore::DisplayRefreshMonitorIOS::requestRefreshCallback):
1032         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
1033
1034 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
1035
1036         [iOS] Typing text into a text field or text area causes screen to scroll down (hiding text entry)
1037         https://bugs.webkit.org/show_bug.cgi?id=158970
1038
1039         Reviewed by Ryosuke Niwa.
1040
1041         insertTextWithoutSendingTextEvent() should only reveal the selection up to the main frame on iOS,
1042         since the UI process can zoom and scroll the view to the text input.
1043
1044         Test: fast/forms/ios/typing-in-input-in-iframe.html
1045
1046         * editing/Editor.cpp:
1047         (WebCore::Editor::insertTextWithoutSendingTextEvent):
1048
1049 2016-06-21  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1050
1051         WebRTC: Remove unused MediaEndpointClient::gotRemoteSource function
1052         https://bugs.webkit.org/show_bug.cgi?id=158986
1053
1054         Reviewed by Eric Carlson.
1055
1056         Remote sources are explicitly created with MediaEndpoint::createMutedRemoteSource so the
1057         MediaEndpointClient::gotRemoteSource can be removed.
1058
1059         No change in behavior.
1060
1061         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1062         (WebCore::MediaEndpointPeerConnection::gotRemoteSource): Deleted.
1063         * Modules/mediastream/MediaEndpointPeerConnection.h:
1064         * platform/mediastream/MediaEndpoint.h:
1065
1066 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
1067
1068         Focus event dispatched in iframe causes parent document to scroll incorrectly
1069         https://bugs.webkit.org/show_bug.cgi?id=158629
1070         rdar://problem/26521616
1071
1072         Reviewed by Tim Horton.
1073
1074         When focussing elements in iframes, the page could scroll to an incorrect location.
1075         This happened because code in Element::focus() tried to disable scrolling on focus,
1076         but did so only for the current frame, so ancestor frames got programmatically scrolled.
1077         On iOS we handle the scrolling in the UI process, so never want the web process to
1078         do programmatic scrolling.
1079
1080         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
1081         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
1082         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
1083
1084         Tests: fast/forms/ios/focus-input-in-iframe.html
1085                fast/forms/ios/programmatic-focus-input-in-iframe.html
1086
1087         * dom/Document.h:
1088         * dom/Element.cpp:
1089         (WebCore::Element::scrollIntoView):
1090         (WebCore::Element::scrollIntoViewIfNeeded):
1091         (WebCore::Element::scrollIntoViewIfNotVisible):
1092         (WebCore::Element::focus):
1093         (WebCore::Element::updateFocusAppearance):
1094         * dom/Element.h:
1095         * editing/Editor.cpp:
1096         (WebCore::Editor::insertTextWithoutSendingTextEvent):
1097         (WebCore::Editor::revealSelectionAfterEditingOperation):
1098         (WebCore::Editor::findStringAndScrollToVisible):
1099         * editing/FrameSelection.cpp:
1100         (WebCore::FrameSelection::updateAndRevealSelection):
1101         (WebCore::FrameSelection::revealSelection):
1102         (WebCore::FrameSelection::FrameSelection): Deleted.
1103         * editing/FrameSelection.h:
1104         * html/HTMLInputElement.cpp:
1105         (WebCore::HTMLInputElement::updateFocusAppearance):
1106         * html/HTMLTextAreaElement.cpp:
1107         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
1108         * page/ContextMenuController.cpp:
1109         (WebCore::ContextMenuController::contextMenuItemSelected):
1110         * page/FrameView.cpp:
1111         (WebCore::FrameView::scrollToAnchor):
1112         * rendering/RenderLayer.cpp:
1113         (WebCore::RenderLayer::scrollRectToVisible):
1114         (WebCore::RenderLayer::autoscroll):
1115         * rendering/RenderLayer.h:
1116         * rendering/RenderObject.cpp:
1117         (WebCore::RenderObject::scrollRectToVisible):
1118         * rendering/RenderObject.h:
1119
1120 2016-06-21  Frederic Wang  <fwang@igalia.com>
1121
1122         Implement RenderMathMLOperator::layoutBlock
1123         https://bugs.webkit.org/show_bug.cgi?id=157521
1124
1125         Reviewed by Brent Fulgham.
1126
1127         No new tests, already covered by existing tests.
1128
1129         Add an initial implementation of RenderMathMLOperator::layoutBlock, which will perform
1130         special layout when the MathOperator is used. We also improved how the logical height is
1131         calculated and avoid updating the style when stretchTo is called.
1132
1133         * rendering/mathml/RenderMathMLOperator.cpp:
1134         (WebCore::RenderMathMLOperator::stretchTo):
1135         (WebCore::RenderMathMLOperator::layoutBlock):
1136         (WebCore::RenderMathMLOperator::computeLogicalHeight): Deleted.
1137         * rendering/mathml/RenderMathMLOperator.h:
1138
1139 2016-06-21  Chris Dumez  <cdumez@apple.com>
1140
1141         Unreviewed, roll out r202268 as it looks like it was a ~50% regression on Dromaeo DOM Core
1142
1143         * bindings/scripts/CodeGeneratorJS.pm:
1144         (GenerateImplementation):
1145         (GeneratePrototypeDeclaration):
1146         * bindings/scripts/test/JS/JSInterfaceName.cpp:
1147         (WebCore::JSInterfaceNamePrototype::finishCreation):
1148         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1149         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
1150         (WebCore::JSTestActiveDOMObject::createPrototype): Deleted.
1151         (WebCore::JSTestActiveDOMObject::prototype): Deleted.
1152         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1153         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
1154         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1155         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
1156         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1157         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
1158         (WebCore::JSTestCustomNamedGetter::JSTestCustomNamedGetter): Deleted.
1159         (WebCore::JSTestCustomNamedGetter::createPrototype): Deleted.
1160         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1161         (WebCore::JSTestEventConstructorPrototype::finishCreation):
1162         (WebCore::JSTestEventConstructor::createPrototype): Deleted.
1163         (WebCore::JSTestEventConstructor::prototype): Deleted.
1164         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1165         (WebCore::JSTestEventTargetPrototype::finishCreation):
1166         (WebCore::JSTestEventTarget::JSTestEventTarget): Deleted.
1167         (WebCore::JSTestEventTarget::createPrototype): Deleted.
1168         * bindings/scripts/test/JS/JSTestException.cpp:
1169         (WebCore::JSTestExceptionPrototype::finishCreation):
1170         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1171         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
1172         * bindings/scripts/test/JS/JSTestInterface.cpp:
1173         (WebCore::JSTestInterfacePrototype::finishCreation):
1174         (WebCore::jsTestInterfaceImplementsStr2): Deleted.
1175         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1176         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
1177         (WebCore::JSTestJSBuiltinConstructor::JSTestJSBuiltinConstructor): Deleted.
1178         (WebCore::JSTestJSBuiltinConstructor::createPrototype): Deleted.
1179         (WebCore::JSTestJSBuiltinConstructor::destroy): Deleted.
1180         (WebCore::jsTestJSBuiltinConstructorTestAttributeCustom): Deleted.
1181         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1182         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
1183         (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener): Deleted.
1184         (WebCore::JSTestMediaQueryListListener::createPrototype): Deleted.
1185         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1186         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
1187         * bindings/scripts/test/JS/JSTestNode.cpp:
1188         (WebCore::JSTestNodePrototype::finishCreation):
1189         (WebCore::JSTestNode::JSTestNode): Deleted.
1190         (WebCore::JSTestNode::prototype): Deleted.
1191         (WebCore::jsTestNodeName): Deleted.
1192         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1193         (WebCore::JSTestNondeterministicPrototype::finishCreation):
1194         (WebCore::JSTestNondeterministic::JSTestNondeterministic): Deleted.
1195         (WebCore::JSTestNondeterministic::prototype): Deleted.
1196         (WebCore::JSTestNondeterministic::destroy): Deleted.
1197         * bindings/scripts/test/JS/JSTestObj.cpp:
1198         (WebCore::JSTestObjPrototype::finishCreation):
1199         (WebCore::JSTestObj::JSTestObj): Deleted.
1200         (WebCore::JSTestObj::createPrototype): Deleted.
1201         (WebCore::JSTestObj::prototype): Deleted.
1202         (WebCore::JSTestObj::destroy): Deleted.
1203         (WebCore::JSTestObj::getOwnPropertySlot): Deleted.
1204         (WebCore::JSTestObj::getOwnPropertySlotByIndex): Deleted.
1205         (WebCore::jsTestObjReadOnlyLongAttr): Deleted.
1206         (WebCore::jsTestObjReadOnlyStringAttr): Deleted.
1207         (WebCore::jsTestObjReadOnlyTestObjAttr): Deleted.
1208         (WebCore::jsTestObjConstructorStaticReadOnlyLongAttr): Deleted.
1209         (WebCore::jsTestObjConstructorStaticStringAttr): Deleted.
1210         (WebCore::jsTestObjConstructorTestSubObj): Deleted.
1211         (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor): Deleted.
1212         (WebCore::jsTestObjEnumAttr): Deleted.
1213         (WebCore::jsTestObjByteAttr): Deleted.
1214         (WebCore::jsTestObjOctetAttr): Deleted.
1215         (WebCore::jsTestObjShortAttr): Deleted.
1216         (WebCore::jsTestObjClampedShortAttr): Deleted.
1217         (WebCore::jsTestObjEnforceRangeShortAttr): Deleted.
1218         (WebCore::jsTestObjUnsignedShortAttr): Deleted.
1219         (WebCore::jsTestObjLongAttr): Deleted.
1220         (WebCore::jsTestObjLongLongAttr): Deleted.
1221         (WebCore::jsTestObjReflectedCustomBooleanAttr): Deleted.
1222         (WebCore::jsTestObjReflectedCustomURLAttr): Deleted.
1223         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1224         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
1225         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1226         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
1227         (WebCore::JSTestOverrideBuiltins::JSTestOverrideBuiltins): Deleted.
1228         (WebCore::JSTestOverrideBuiltins::createPrototype): Deleted.
1229         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1230         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
1231         (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface): Deleted.
1232         (WebCore::JSTestSerializedScriptValueInterface::prototype): Deleted.
1233         (WebCore::JSTestSerializedScriptValueInterface::destroy): Deleted.
1234         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1235         (WebCore::JSTestTypedefsPrototype::finishCreation):
1236         (WebCore::JSTestTypedefs::JSTestTypedefs): Deleted.
1237         (WebCore::JSTestTypedefs::createPrototype): Deleted.
1238         (WebCore::JSTestTypedefs::prototype): Deleted.
1239         (WebCore::JSTestTypedefs::destroy): Deleted.
1240         (WebCore::jsTestTypedefsUnsignedLongLongAttr): Deleted.
1241         (WebCore::jsTestTypedefsImmutableSerializedScriptValue): Deleted.
1242         (WebCore::jsTestTypedefsAttrWithGetterException): Deleted.
1243         * bindings/scripts/test/JS/JSattribute.cpp:
1244         (WebCore::JSattributePrototype::finishCreation):
1245         * bindings/scripts/test/JS/JSreadonly.cpp:
1246         (WebCore::JSreadonlyPrototype::finishCreation):
1247
1248 2016-06-21  Keith Miller  <keith_miller@apple.com>
1249
1250         It should be easy to add a private global helper function for builtins
1251         https://bugs.webkit.org/show_bug.cgi?id=158893
1252
1253         Reviewed by Mark Lam.
1254
1255         Add JSCJSValueInlines.h to fix build issues.
1256
1257         * platform/mock/mediasource/MockBox.cpp:
1258
1259 2016-06-21  Amir Alavi  <aalavi@apple.com>
1260
1261         Upstream WKHTTPCookiesForURL from WebKitSystemInterface to OpenSource
1262         https://bugs.webkit.org/show_bug.cgi?id=158967
1263
1264         Reviewed by Brent Fulgham.
1265
1266         * platform/ios/WebCoreSystemInterfaceIOS.mm:
1267         * platform/mac/WebCoreSystemInterface.h:
1268         * platform/mac/WebCoreSystemInterface.mm:
1269         * platform/network/mac/CookieJarMac.mm:
1270         (WebCore::httpCookiesForURL): Upstreamed from WebKitSystemInterface.
1271         (WebCore::cookiesForURL): Changed to call httpCookiesForURL.
1272         (WebCore::deleteCookie): Ditto.
1273         * platform/spi/cf/CFNetworkSPI.h:
1274
1275 2016-06-21  Chris Dumez  <cdumez@apple.com>
1276
1277         Unreviewed, rolling out r202231.
1278
1279         Seems to have regressed PLT on both iOS and Mac (very obvious
1280         on iOS Warm PLT)
1281
1282         Reverted changeset:
1283
1284         "When navigating, discard decoded image data that is only live
1285         due to page cache."
1286         https://bugs.webkit.org/show_bug.cgi?id=158941
1287         http://trac.webkit.org/changeset/202231
1288
1289 2016-06-21  Youenn Fablet  <youennf@gmail.com>
1290
1291         Add bindings generator support to add a native JS function to both a 'name' and a private '@name' slot
1292         https://bugs.webkit.org/show_bug.cgi?id=158777
1293
1294         Reviewed by Eric Carlson.
1295
1296         Adding a new PublicIdentifier keyword to cover the case of the same function exposed publicly and privately.
1297         Renaming Private keyword to PrivateIdentifier.
1298         Functions exposed both publicly and privately should set both keywords.
1299         By default, functions are publically exposed.
1300
1301         Updated binding generator to generate public exposure except if PrivateIdentifer is set and PublicIdentifier is
1302         not set.
1303
1304         Keeping skipping of ObjC/GObject binding for PrivateIdentifier-only functions.
1305
1306         Covered by rebased binding tests.
1307
1308         * Modules/fetch/FetchHeaders.idl:
1309         * Modules/fetch/FetchResponse.idl:
1310         * Modules/mediastream/MediaDevices.idl:
1311         * Modules/mediastream/RTCPeerConnection.idl:
1312         * bindings/scripts/CodeGeneratorGObject.pm:
1313         (SkipFunction):
1314         * bindings/scripts/CodeGeneratorJS.pm:
1315         (GeneratePropertiesHashTable):
1316         (GenerateImplementation):
1317         * bindings/scripts/CodeGeneratorObjC.pm:
1318         (SkipFunction):
1319         * bindings/scripts/IDLAttributes.txt:
1320         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1321         (webkit_dom_test_obj_private_also_method):
1322         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
1323         * bindings/scripts/test/JS/JSTestObj.cpp:
1324         (WebCore::JSTestObjPrototype::finishCreation):
1325         (WebCore::jsTestObjPrototypeFunctionPrivateMethod):
1326         (WebCore::jsTestObjPrototypeFunctionPrivateAlsoMethod):
1327         * bindings/scripts/test/ObjC/DOMTestObj.h:
1328         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1329         (-[DOMTestObj privateAlsoMethod:]):
1330         * bindings/scripts/test/TestObj.idl:
1331
1332 2016-06-21  Dan Bernstein  <mitz@apple.com>
1333
1334         Inlined some picture-in-picture code.
1335         https://bugs.webkit.org/show_bug.cgi?id=158977
1336
1337         Reviewed by Eric Carlsson.
1338
1339         This code was written primarily by Ada Chan, and originally reviewed by Alex Christensen,
1340         Anders Carlsson, Conrad Shultz, Dan Bernstein, Eric Carlson, Jer Noble, Jeremy Jones,
1341         Jon Lee, Remy Demarest, and Zach Li.
1342
1343         * English.lproj/Localizable.strings:
1344           Updated using update-webkit-localizable-strings.
1345
1346         * Modules/mediacontrols/mediaControlsApple.css:
1347         (video:-webkit-full-screen::-webkit-media-controls-panel .picture-in-picture-button):
1348
1349         * Modules/mediacontrols/mediaControlsApple.js:
1350         (Controller.prototype.configureFullScreenControls):
1351
1352         * WebCore.xcodeproj/project.pbxproj: Added PIPSPI.h.
1353
1354         * html/HTMLMediaElement.cpp: Inlined code from HTMLMediaElementAdditions.cpp.
1355
1356         * html/HTMLVideoElement.cpp: Inlined code from HTMLVideoElementSupportsFullscreenAdditions.cpp.
1357
1358         * platform/LocalizedStrings.cpp:
1359         (WebCore::contextMenuItemTagEnterVideoEnhancedFullscreen): Brought in from ContextMenuLocalizedStringsAdditions.cpp.
1360         (WebCore::contextMenuItemTagExitVideoEnhancedFullscreen): Ditto.
1361         (WebCore::AXARIAContentGroupText): Made updates that should have been part of r198543.
1362
1363         * platform/mac/WebVideoFullscreenInterfaceMac.h: Removed USE(APPLE_INTERNAL_SDK) guards.
1364         * platform/mac/WebVideoFullscreenInterfaceMac.mm: Inlined WebVideoFullscreenInterfaceMacAdditions.mm.
1365
1366         * platform/spi/mac/PIPSPI.h: Added.
1367
1368         * rendering/HitTestResult.cpp: Inlined HitTestResultAdditions.cpp.
1369
1370         * rendering/RenderThemeMac.mm:
1371         (WebCore::RenderThemeMac::mediaControlsStyleSheet): Removed include of
1372           RenderThemeMacMediaControlsStyleSheetAdditions.mm now that the content is in
1373           mediaControlsApple.css.
1374         (WebCore::RenderThemeMac::mediaControlsScript): Removed include of
1375           RenderThemeMacMediaControlsScriptAdditions.mm now that the content is in mediaControlsApple.js.
1376
1377 2016-06-21  Miguel Gomez  <magomez@igalia.com>
1378
1379         [GStreamer] video orientation support
1380         https://bugs.webkit.org/show_bug.cgi?id=148524
1381
1382         Reviewed by Philippe Normand.
1383
1384         Rotate video frames to follow the orientation metadata in the video file.
1385         When accelerated compositing is disabled, the rotation is performed by a videoflip element added
1386         to the playbin.
1387         When accelerated compositing is enabled, the rotation is peformed by the TextureMapper in response
1388         to a rotation flag set on the frame buffers.
1389
1390         Test: media/video-orientation.html
1391
1392         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1393         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
1394         Handle the GST_MESSAGE_TAG message from the bin.
1395         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
1396         Add the videflip element to the bin when accelerated compositing is disabled.
1397         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1398         (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
1399         Receive and use extra flags for the TextureMapper.
1400         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1401         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
1402         When using accelerated compositing, transpose the video size if the rotation is 90 or 270 degrees.
1403         (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
1404         Add rotation flag to frame holder and layer buffer.
1405         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
1406         Use rotation flag when requesting the TextureMapper to draw.
1407         (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceRotation):
1408         Function to store the video rotation.
1409         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1410         Add bits to store the video rotation.
1411         * platform/graphics/texmap/TextureMapperGL.cpp:
1412         (WebCore::TextureMapperGL::drawTexturedQuadWithProgram):
1413         Modify the patternTransform according to the rotation flag passed.
1414         * platform/graphics/texmap/TextureMapperGL.h:
1415         Add new flags to handle the video souce rotation.
1416         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
1417         (WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):
1418         Change the drawTexture method used so custom flags can be passed.
1419         * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
1420         (WebCore::TextureMapperPlatformLayerBuffer::setExtraFlags):
1421         New method to set TextureMapper flags.
1422
1423 2016-06-20  Frederic Wang  <fwang@igalia.com>
1424
1425         Use the MathOperator to handle some non-stretchy operators
1426         https://bugs.webkit.org/show_bug.cgi?id=157519
1427
1428         Reviewed by Brent Fulgham.
1429
1430         To prepare for the removal of anonymous text node from the render classes of token elements
1431         we use MathOperator to handle two cases where the actual text to display may not be
1432         available in the DOM: mfenced and minus operators. This change removes support for the
1433         case of mfenced operators with multiple characters since that it is not supported by
1434         MathOperator. It is a edge case that is not used in practice since fences and separators are
1435         only made of a single character. However, it would still be possible to duplicate some
1436         code/logic to add it back if that turns out to be necessary.
1437
1438         No new tests, already covered by existing tests.
1439
1440         * rendering/mathml/MathOperator.cpp:
1441         (WebCore::MathOperator::MathOperator): Rename UndefinedOperator.
1442         (WebCore::RenderMathMLOperator::firstLineBaseline): Improve rounding of ascent so that mfenced operators are correctly aligned.
1443         * rendering/mathml/MathOperator.h: Rename UndefinedOperator, since it can now be used to draw non-stretchy operators.
1444         (WebCore::MathOperator::isStretched): Deleted. This function is no longer used by RenderMathMLOperator.
1445         (WebCore::MathOperator::unstretch): Deleted. This function is no longer used by RenderMathMLOperator.
1446         * rendering/mathml/RenderMathMLOperator.cpp:
1447         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Use useMathOperator.
1448         (WebCore::RenderMathMLOperator::rebuildTokenContent): Set the MathOperator when useMathOperator() is true.
1449         When the operator is not likely to stretch we just leave its type as NormalOperator.
1450         (WebCore::RenderMathMLOperator::useMathOperator): Helper function to determine when MathOperator should be used.
1451         (WebCore::RenderMathMLOperator::firstLineBaseline): Use useMathOperator.
1452         (WebCore::RenderMathMLOperator::computeLogicalHeight): Ditto.
1453         (WebCore::RenderMathMLOperator::paint): Ditto.
1454         (WebCore::RenderMathMLOperator::paintChildren): Ditto.
1455         * rendering/mathml/RenderMathMLOperator.h: Declare useMathOperator.
1456
1457 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
1458
1459         Don't eagerly reify DOM Prototype properties
1460         https://bugs.webkit.org/show_bug.cgi?id=158557
1461
1462         Reviewed by Andreas Kling.
1463
1464         We were eagerly reifying these properties to avoid virtualizing getOwnPropertySlot,
1465         but since bug #158059 this does not require a method table call in any case.
1466         Eagerly reifying these values likely has some CPU and memory cost on page load.
1467
1468         * bindings/scripts/CodeGeneratorJS.pm:
1469         (GenerateImplementation):
1470             - should generate compressed index for hashtable,
1471               prototype object ClassInfo should contain static table,
1472               don't reifyStaticProperties for prototype objects.
1473         (GeneratePrototypeDeclaration):
1474             - Set HasStaticPropertyTable for DOM prototype objects.
1475         * bindings/scripts/test/JS/JSInterfaceName.cpp:
1476         (WebCore::JSInterfaceNamePrototype::JSInterfaceNamePrototype):
1477         (WebCore::JSInterfaceNamePrototype::finishCreation):
1478         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
1479         (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
1480         (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
1481         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
1482         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::JSTestClassWithJSBuiltinConstructorPrototype):
1483         (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
1484         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
1485         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::JSTestCustomConstructorWithNoInterfaceObjectPrototype):
1486         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
1487         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
1488         (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
1489         (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
1490         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
1491         (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
1492         (WebCore::JSTestEventConstructorPrototype::finishCreation):
1493         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1494         (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
1495         (WebCore::JSTestEventTargetPrototype::finishCreation):
1496         * bindings/scripts/test/JS/JSTestException.cpp:
1497         (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
1498         (WebCore::JSTestExceptionPrototype::finishCreation):
1499         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
1500         (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype):
1501         (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
1502         * bindings/scripts/test/JS/JSTestInterface.cpp:
1503         (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
1504         (WebCore::JSTestInterfacePrototype::finishCreation):
1505         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
1506         (WebCore::JSTestJSBuiltinConstructorPrototype::JSTestJSBuiltinConstructorPrototype):
1507         (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
1508         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
1509         (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
1510         (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
1511         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
1512         (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
1513         (WebCore::JSTestNamedConstructorPrototype::finishCreation):
1514         * bindings/scripts/test/JS/JSTestNode.cpp:
1515         (WebCore::JSTestNodePrototype::JSTestNodePrototype):
1516         (WebCore::JSTestNodePrototype::finishCreation):
1517         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
1518         (WebCore::JSTestNondeterministicPrototype::JSTestNondeterministicPrototype):
1519         (WebCore::JSTestNondeterministicPrototype::finishCreation):
1520         * bindings/scripts/test/JS/JSTestObj.cpp:
1521         (WebCore::JSTestObjPrototype::JSTestObjPrototype):
1522         (WebCore::JSTestObjPrototype::finishCreation):
1523         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1524         (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
1525         (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
1526         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
1527         (WebCore::JSTestOverrideBuiltinsPrototype::JSTestOverrideBuiltinsPrototype):
1528         (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
1529         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
1530         (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
1531         (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
1532         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1533         (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
1534         (WebCore::JSTestTypedefsPrototype::finishCreation):
1535         * bindings/scripts/test/JS/JSattribute.cpp:
1536         (WebCore::JSattributePrototype::JSattributePrototype):
1537         (WebCore::JSattributePrototype::finishCreation):
1538         * bindings/scripts/test/JS/JSreadonly.cpp:
1539         (WebCore::JSreadonlyPrototype::JSreadonlyPrototype):
1540         (WebCore::JSreadonlyPrototype::finishCreation):
1541
1542 2016-06-20  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1543
1544         WebRTC: RTCIceCandidate init dictionary don't handle explicit null or undefined values correctly
1545         https://bugs.webkit.org/show_bug.cgi?id=158873
1546
1547         Reviewed by Alejandro G. Castro.
1548
1549         Prevent explicit null and undefined values from being converted to "null" and "undefined"
1550         strings.
1551
1552         Test: Extended fast/mediastream/RTCIceCandidate.html
1553
1554         * Modules/mediastream/RTCIceCandidate.cpp:
1555         (WebCore::RTCIceCandidate::create):
1556
1557 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1558
1559         Unreviewed, rolling out r202252.
1560         https://bugs.webkit.org/show_bug.cgi?id=158974
1561
1562         See rdar://problem/26867866 for details (Requested by ap on
1563         #webkit).
1564
1565         Reverted changeset:
1566
1567         "Adopt commitPriority to get rid of the 2 AVPL solution for
1568         PiP"
1569         https://bugs.webkit.org/show_bug.cgi?id=158949
1570         http://trac.webkit.org/changeset/202252
1571
1572 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1573
1574         Unreviewed, rolling out r202243.
1575         https://bugs.webkit.org/show_bug.cgi?id=158972
1576
1577         Broke Windows build and iOS tests (Requested by ap on
1578         #webkit).
1579
1580         Reverted changeset:
1581
1582         "Focus event dispatched in iframe causes parent document to
1583         scroll incorrectly"
1584         https://bugs.webkit.org/show_bug.cgi?id=158629
1585         http://trac.webkit.org/changeset/202243
1586
1587 2016-06-20  Chris Dumez  <cdumez@apple.com>
1588
1589         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks()
1590         https://bugs.webkit.org/show_bug.cgi?id=158968
1591
1592         Reviewed by Ryosuke Niwa.
1593
1594         Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks():
1595         - Use modern ancestorsOfType<HTMLAnchorElement>() to traverse anchor ancestors
1596           instead of traversing by hand.
1597         - Use NodeTraversal::next() to traverse the tree until we find endNode and
1598           use a for loop instead of a while loop. Previously, the logic the determine
1599           the next node was at the end of the loop and was identical behavior-wise
1600           to NodeTraversal::next(). However, the previous code for a lot less efficient
1601           because it was calling Node::childNodes() to get a NodeList of the children,
1602           then calling length() on it to check if we had children and finally use
1603           the first item in the list as next node. This was very inefficient because
1604           NodeList::length() would need to traverse all children to figure out the
1605           length and would cache all the children in a Vector in CollectionIndexCache.
1606
1607         * dom/ElementAncestorIterator.h:
1608         (WebCore::ancestorsOfType):
1609         * dom/ElementIterator.h:
1610         (WebCore::findElementAncestorOfType):
1611         (WebCore::findElementAncestorOfType<Element>):
1612         Update ancestorsOfType() to take a Node instead of an Element. There are no
1613         performance benefits to taking an Element here and it is a valid use case to
1614         want an Element ancestor of a non-Element node.
1615
1616         * editing/cocoa/DataDetection.mm:
1617         (WebCore::searchForLinkRemovingExistingDDLinks):
1618         (WebCore::dataDetectorTypeForCategory): Deleted.
1619
1620 2016-06-20  Commit Queue  <commit-queue@webkit.org>
1621
1622         Unreviewed, rolling out r202248.
1623         https://bugs.webkit.org/show_bug.cgi?id=158960
1624
1625         breaks builds on the simulator (Requested by keith_mi_ on
1626         #webkit).
1627
1628         Reverted changeset:
1629
1630         "It should be easy to add a private global helper function for
1631         builtins"
1632         https://bugs.webkit.org/show_bug.cgi?id=158893
1633         http://trac.webkit.org/changeset/202248
1634
1635 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
1636
1637         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
1638         https://bugs.webkit.org/show_bug.cgi?id=158949
1639         rdar://problem/26867866
1640
1641         Reviewed by Simon Fraser.
1642
1643         No new tests because there is no behavior change. This reverts changes from 
1644         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
1645         to prevent flicker when moving a layer between contexts. 
1646         commitPriority allows the layer to be added to the destination context before it is 
1647         removed from the source context.
1648
1649         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
1650         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
1651         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
1652         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
1653         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
1654         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
1655         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
1656         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
1657         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
1658         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
1659         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
1660         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
1661         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
1662         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
1663         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
1664         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
1665         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
1666         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
1667
1668 2016-06-20  Zalan Bujtas  <zalan@apple.com>
1669
1670         Set the end position on the placeholder BidiRun properly.
1671         https://bugs.webkit.org/show_bug.cgi?id=158958
1672
1673         Reviewed by Myles C. Maxfield.
1674         rdar://problem/26609266
1675
1676         The second paramenter for BidiRun indicates the end position and not the length of the run.
1677         This was regressed at r102875 where only the start position was changed from 0 to pos.
1678
1679         Test: fast/text/international/bidi-style-in-isolate-crash.html
1680
1681         * rendering/InlineIterator.h:
1682         (WebCore::addPlaceholderRunForIsolatedInline):
1683
1684 2016-06-20  Fujii Hironori  <Hironori.Fujii@sony.com>
1685
1686         A composition underline is placed to wrong position in RTL
1687         https://bugs.webkit.org/show_bug.cgi?id=158602
1688
1689         Reviewed by Myles C. Maxfield.
1690
1691         InlineTextBox::paintCompositionUnderline does not take RTL into
1692         account.  The position of composition underline should be
1693         mirrored in RTL.
1694
1695         Test: editing/input/composition-underline-rtl.html
1696
1697         * rendering/InlineTextBox.cpp:
1698         (WebCore::mirrorRTLSegment): New helper function to convert RTL start position to LTR.
1699         (WebCore::InlineTextBox::paintDecoration): Use mirrorRTLSegment.
1700         (WebCore::InlineTextBox::paintCompositionUnderline): Ditto.
1701
1702 2016-06-20  Keith Miller  <keith_miller@apple.com>
1703
1704         It should be easy to add a private global helper function for builtins
1705         https://bugs.webkit.org/show_bug.cgi?id=158893
1706
1707         Reviewed by Mark Lam.
1708
1709         Add JSCJSValueInlines.h to fix build issues.
1710
1711         * platform/mock/mediasource/MockBox.cpp:
1712
1713 2016-06-20  Benjamin Poulain  <benjamin@webkit.org>
1714
1715         :default CSS pseudo-class should match checkboxes+radios with a `checked` attribute
1716         https://bugs.webkit.org/show_bug.cgi?id=156230
1717
1718         Reviewed by Alex Christensen.
1719
1720         This patch update the :default pseudo class matching to be closer to the spec:
1721         https://html.spec.whatwg.org/multipage/scripting.html#selector-default
1722
1723         The main remaining difference with the spec is the definition of "default button".
1724         This is an unrelated problem that should be addressed separately.
1725
1726         The implementation was missing support for:
1727         -input elements of type "checkbox" or "radio" with the "checked" attribute defined.
1728         -option elements with the "selected" attribute defined.
1729
1730         The existing support for default button was pretty bad, I fixed that too.
1731         The owner form now has a resetDefaultButton() API. When a Form Associated Element
1732         becomes a submit button or loses that property, the element calls its form
1733         to update the style as needed.
1734
1735         Whenever the submit button changes, 2 elements needs to have their style invalidated:
1736         -The former default button.
1737         -The new default button.
1738         To invalidate the former button, FormElement now caches the computed
1739         default button. When the default button changes, the cached value is invalidated
1740         in addition to the new value.
1741
1742         Computing the new default button takes linear time in the number of form associated element.
1743         To mitigate that, resetDefaultButton() is only called when changes are related
1744         to submit buttons. Since those changes are rare, I don't expect the invalidation
1745         to be a problem.
1746
1747         Tests: fast/css/pseudo-default-basics.html
1748                fast/selectors/default-style-update.html
1749
1750         * css/SelectorChecker.cpp:
1751         (WebCore::SelectorChecker::checkOne):
1752         * css/SelectorCheckerTestFunctions.h:
1753         (WebCore::matchesDefaultPseudoClass):
1754         (WebCore::isDefaultButtonForForm): Deleted.
1755         * cssjit/SelectorCompiler.cpp:
1756         (WebCore::SelectorCompiler::addPseudoClassType):
1757         * dom/Element.cpp:
1758         (WebCore::Element::matchesValidPseudoClass):
1759         (WebCore::Element::matchesInvalidPseudoClass):
1760         (WebCore::Element::matchesDefaultPseudoClass):
1761         * dom/Element.h:
1762         (WebCore::Element::matchesValidPseudoClass): Deleted.
1763         (WebCore::Element::matchesInvalidPseudoClass): Deleted.
1764         (WebCore::Element::isDefaultButtonForForm): Deleted.
1765         * html/HTMLButtonElement.cpp:
1766         (WebCore::HTMLButtonElement::parseAttribute):
1767         (WebCore::HTMLButtonElement::matchesDefaultPseudoClass):
1768         * html/HTMLButtonElement.h:
1769         * html/HTMLFormControlElement.cpp:
1770         (WebCore::HTMLFormControlElement::isDefaultButtonForForm): Deleted.
1771         * html/HTMLFormControlElement.h:
1772         * html/HTMLFormElement.cpp:
1773         (WebCore::HTMLFormElement::~HTMLFormElement):
1774         (WebCore::HTMLFormElement::registerFormElement):
1775         (WebCore::HTMLFormElement::removeFormElement):
1776         (WebCore::HTMLFormElement::defaultButton):
1777         (WebCore::HTMLFormElement::resetDefaultButton):
1778         * html/HTMLFormElement.h:
1779         * html/HTMLInputElement.cpp:
1780         (WebCore::HTMLInputElement::updateType):
1781         (WebCore::HTMLInputElement::parseAttribute):
1782         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1783         * html/HTMLInputElement.h:
1784         * html/HTMLOptionElement.cpp:
1785         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1786         (WebCore::HTMLOptionElement::parseAttribute):
1787         * html/HTMLOptionElement.h:
1788         * style/StyleSharingResolver.cpp:
1789         (WebCore::Style::SharingResolver::canShareStyleWithElement):
1790         (WebCore::Style::canShareStyleWithControl): Deleted.
1791
1792 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
1793
1794         Focus event dispatched in iframe causes parent document to scroll incorrectly
1795         https://bugs.webkit.org/show_bug.cgi?id=158629
1796         rdar://problem/26521616
1797
1798         Reviewed by Tim Horton.
1799
1800         When focussing elements in iframes, the page could scroll to an incorrect location.
1801         This happened because code in Element::focus() tried to disable scrolling on focus,
1802         but did so only for the current frame, so ancestor frames got programmatically scrolled.
1803         On iOS we handle the scrolling in the UI process, so never want the web process to
1804         do programmatic scrolling.
1805
1806         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
1807         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
1808         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
1809
1810         Tests: fast/forms/ios/focus-input-in-iframe.html
1811                fast/forms/ios/programmatic-focus-input-in-iframe.html
1812
1813         * dom/Document.h:
1814         * dom/Element.cpp:
1815         (WebCore::Element::scrollIntoView):
1816         (WebCore::Element::scrollIntoViewIfNeeded):
1817         (WebCore::Element::scrollIntoViewIfNotVisible):
1818         (WebCore::Element::focus):
1819         (WebCore::Element::updateFocusAppearance):
1820         * dom/Element.h:
1821         * editing/Editor.cpp:
1822         (WebCore::Editor::insertTextWithoutSendingTextEvent):
1823         (WebCore::Editor::revealSelectionAfterEditingOperation):
1824         (WebCore::Editor::findStringAndScrollToVisible):
1825         * editing/FrameSelection.cpp:
1826         (WebCore::FrameSelection::updateAndRevealSelection):
1827         (WebCore::FrameSelection::revealSelection):
1828         (WebCore::FrameSelection::FrameSelection): Deleted.
1829         * editing/FrameSelection.h:
1830         * html/HTMLInputElement.cpp:
1831         (WebCore::HTMLInputElement::updateFocusAppearance):
1832         * html/HTMLTextAreaElement.cpp:
1833         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
1834         * page/ContextMenuController.cpp:
1835         (WebCore::ContextMenuController::contextMenuItemSelected):
1836         * page/FrameView.cpp:
1837         (WebCore::FrameView::scrollToAnchor):
1838         * rendering/RenderLayer.cpp:
1839         (WebCore::RenderLayer::scrollRectToVisible):
1840         (WebCore::RenderLayer::autoscroll):
1841         * rendering/RenderLayer.h:
1842         * rendering/RenderObject.cpp:
1843         (WebCore::RenderObject::scrollRectToVisible):
1844         * rendering/RenderObject.h:
1845
1846 2016-06-20  Keith Rollin  <krollin@apple.com>
1847
1848         Remove RefPtr::release() and change calls sites to use WTFMove()
1849         https://bugs.webkit.org/show_bug.cgi?id=158369
1850
1851         Reviewed by Chris Dumez.
1852
1853         RefPtr::release() releases its managed pointer awkwardly. It's more
1854         direct and clearer to use WTFMove to transfer ownership of the managed
1855         pointer.
1856
1857         As part of this cleanup, also change a lot of explicit data types to
1858         'auto'.
1859
1860         No new tests: there's no new functionality, just a refactoring of
1861         existing code.
1862
1863         * Modules/mediasource/SourceBuffer.cpp:
1864         (WebCore::removeSamplesFromTrackBuffer):
1865         (WebCore::SourceBuffer::provideMediaData):
1866         * Modules/mediastream/UserMediaRequest.cpp:
1867         (WebCore::UserMediaRequest::start):
1868         * Modules/webdatabase/SQLCallbackWrapper.h:
1869         (WebCore::SQLCallbackWrapper::clear):
1870         * bindings/js/JSDOMWindowCustom.cpp:
1871         (WebCore::handlePostMessage):
1872         * bindings/js/JSHistoryCustom.cpp:
1873         (WebCore::JSHistory::pushState):
1874         (WebCore::JSHistory::replaceState):
1875         * bindings/js/JSMessagePortCustom.h:
1876         (WebCore::handlePostMessage):
1877         * bindings/js/ScriptControllerMac.mm:
1878         (WebCore::ScriptController::createScriptInstanceForWidget):
1879         * bindings/js/SerializedScriptValue.cpp:
1880         (WebCore::CloneDeserializer::readTerminal):
1881         * css/CSSComputedStyleDeclaration.cpp:
1882         (WebCore::ComputedStyleExtractor::copyPropertiesInSet):
1883         * css/SVGCSSParser.cpp:
1884         (WebCore::CSSParser::parseSVGValue):
1885         * css/StyleBuilderConverter.h:
1886         (WebCore::StyleBuilderConverter::convertShapeValue):
1887         * css/StyleProperties.cpp:
1888         (WebCore::StyleProperties::copyPropertiesInSet):
1889         * css/StyleResolver.cpp:
1890         (WebCore::StyleResolver::loadPendingImages):
1891         * dom/InlineStyleSheetOwner.cpp:
1892         (WebCore::InlineStyleSheetOwner::clearSheet):
1893         * editing/ApplyStyleCommand.cpp:
1894         (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
1895         * editing/CompositeEditCommand.cpp:
1896         (WebCore::CompositeEditCommand::removeChildrenInRange):
1897         (WebCore::CompositeEditCommand::removeNodeAndPruneAncestors):
1898         (WebCore::CompositeEditCommand::prune):
1899         (WebCore::CompositeEditCommand::replaceSelectedTextInNode):
1900         (WebCore::CompositeEditCommand::rebalanceWhitespaceOnTextSubstring):
1901         * editing/CreateLinkCommand.cpp:
1902         (WebCore::CreateLinkCommand::doApply):
1903         * editing/EditingStyle.cpp:
1904         (WebCore::EditingStyle::mergeStyle):
1905         (WebCore::EditingStyle::mergeStyleFromRulesForSerialization):
1906         * editing/Editor.cpp:
1907         (WebCore::ClearTextCommand::CreateAndApply):
1908         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
1909         * editing/EditorCommand.cpp:
1910         (WebCore::executeInsertNode):
1911         * editing/InsertTextCommand.cpp:
1912         (WebCore::InsertTextCommand::performOverwrite):
1913         (WebCore::InsertTextCommand::insertTab):
1914         * editing/RemoveNodePreservingChildrenCommand.cpp:
1915         (WebCore::RemoveNodePreservingChildrenCommand::doApply):
1916         * editing/ReplaceSelectionCommand.cpp:
1917         (WebCore::ReplacementFragment::removeNodePreservingChildren):
1918         (WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):
1919         * html/FTPDirectoryDocument.cpp:
1920         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
1921         * html/HTMLFontElement.cpp:
1922         (WebCore::HTMLFontElement::collectStyleForPresentationAttribute):
1923         * html/HTMLFormElement.cpp:
1924         (WebCore::HTMLFormElement::prepareForSubmission):
1925         * html/HTMLTableElement.cpp:
1926         (WebCore::leakBorderStyle):
1927         (WebCore::leakGroupBorderStyle):
1928         * html/parser/HTMLDocumentParser.cpp:
1929         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
1930         * html/track/InbandDataTextTrack.cpp:
1931         (WebCore::InbandDataTextTrack::addDataCue):
1932         * html/track/InbandGenericTextTrack.cpp:
1933         (WebCore::InbandGenericTextTrack::newCuesParsed):
1934         * html/track/InbandWebVTTTextTrack.cpp:
1935         (WebCore::InbandWebVTTTextTrack::newCuesParsed):
1936         * html/track/TextTrackCueList.cpp:
1937         (WebCore::TextTrackCueList::add):
1938         * inspector/InspectorCSSAgent.cpp:
1939         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
1940         * inspector/InspectorDOMAgent.cpp:
1941         (WebCore::InspectorDOMAgent::pushChildNodesToFrontend):
1942         * inspector/InspectorIndexedDBAgent.cpp:
1943         * inspector/InspectorNetworkAgent.cpp:
1944         (WebCore::InspectorNetworkAgent::loadResource):
1945         * inspector/InspectorStyleSheet.cpp:
1946         (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
1947         * loader/FormSubmission.cpp:
1948         (WebCore::FormSubmission::create):
1949         * loader/FrameLoader.cpp:
1950         (WebCore::FrameLoader::loadURLIntoChildFrame):
1951         (WebCore::FrameLoader::loadURL):
1952         (WebCore::FrameLoader::loadPostRequest):
1953         * loader/ProgressTracker.cpp:
1954         (WebCore::ProgressTracker::finalProgressComplete):
1955         * loader/appcache/ApplicationCacheGroup.cpp:
1956         (WebCore::ApplicationCacheGroup::disassociateDocumentLoader):
1957         (WebCore::ApplicationCacheGroup::didFinishLoading):
1958         (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
1959         * loader/appcache/ApplicationCacheStorage.cpp:
1960         (WebCore::ApplicationCacheStorage::loadCacheGroup):
1961         (WebCore::ApplicationCacheStorage::cacheGroupForURL):
1962         (WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL):
1963         (WebCore::ApplicationCacheStorage::loadCache):
1964         * loader/archive/ArchiveResourceCollection.cpp:
1965         (WebCore::ArchiveResourceCollection::popSubframeArchive):
1966         * loader/archive/cf/LegacyWebArchive.cpp:
1967         (WebCore::LegacyWebArchive::extract):
1968         (WebCore::LegacyWebArchive::create):
1969         (WebCore::LegacyWebArchive::createFromSelection):
1970         * loader/cache/CachedImage.cpp:
1971         (WebCore::CachedImage::createImage):
1972         * loader/icon/IconDatabase.cpp:
1973         (WebCore::IconDatabase::setIconDataForIconURL):
1974         (WebCore::IconDatabase::getOrCreateIconRecord):
1975         (WebCore::IconDatabase::readFromDatabase):
1976         (WebCore::IconDatabase::getImageDataForIconURLFromSQLDatabase):
1977         * page/DOMWindow.cpp:
1978         (WebCore::DOMWindow::sessionStorage):
1979         (WebCore::DOMWindow::localStorage):
1980         * page/EventHandler.cpp:
1981         (WebCore::EventHandler::updateDragAndDrop):
1982         * page/animation/CompositeAnimation.cpp:
1983         (WebCore::CompositeAnimation::updateTransitions):
1984         * page/csp/ContentSecurityPolicy.cpp:
1985         (WebCore::ContentSecurityPolicy::reportViolation):
1986         * page/mac/ServicesOverlayController.mm:
1987         (WebCore::ServicesOverlayController::createOverlayIfNeeded):
1988         (WebCore::ServicesOverlayController::determineActiveHighlight):
1989         * page/scrolling/AsyncScrollingCoordinator.h:
1990         (WebCore::AsyncScrollingCoordinator::releaseScrollingTree):
1991         * page/scrolling/ScrollingStateNode.cpp:
1992         (WebCore::ScrollingStateNode::cloneAndReset):
1993         * page/scrolling/ScrollingStateTree.cpp:
1994         (WebCore::ScrollingStateTree::attachNode):
1995         * platform/audio/HRTFElevation.cpp:
1996         (WebCore::getConcatenatedImpulseResponsesForSubject):
1997         * platform/graphics/DisplayRefreshMonitorManager.cpp:
1998         (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
1999         * platform/graphics/FontCascadeFonts.cpp:
2000         (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
2001         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
2002         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings):
2003         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
2004         (WebCore::MediaSelectionGroupAVFObjC::updateOptions):
2005         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2006         (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
2007         * platform/graphics/ca/GraphicsLayerCA.cpp:
2008         * platform/graphics/ca/PlatformCALayer.cpp:
2009         (WebCore::PlatformCALayer::createCompatibleLayerOrTakeFromPool):
2010         * platform/graphics/cg/ImageBufferDataCG.cpp:
2011         (WebCore::ImageBufferData::getData):
2012         * platform/graphics/filters/FilterEffect.cpp:
2013         (WebCore::FilterEffect::asUnmultipliedImage):
2014         (WebCore::FilterEffect::asPremultipliedImage):
2015         * platform/graphics/mac/ImageMac.mm:
2016         (WebCore::Image::loadPlatformResource):
2017         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
2018         (WebCore::GraphicsContext3D::createForCurrentGLContext):
2019         (WebCore::GraphicsContext3D::paintRenderingResultsToImageData):
2020         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
2021         (WebCore::RealtimeMediaSourceCenterMac::createMediaStream):
2022         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
2023         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints):
2024         (WebCore::MockRealtimeMediaSourceCenter::createMediaStream):
2025         * platform/network/BlobRegistryImpl.cpp:
2026         (WebCore::BlobRegistryImpl::registerBlobURL):
2027         (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
2028         * platform/network/ResourceHandle.cpp:
2029         (WebCore::ResourceHandle::create):
2030         * platform/network/cf/FormDataStreamCFNet.cpp:
2031         (WebCore::formCreate):
2032         * platform/text/BidiContext.cpp:
2033         (WebCore::BidiContext::copyStackRemovingUnicodeEmbeddingContexts):
2034         * rendering/FilterEffectRenderer.cpp:
2035         (WebCore::FilterEffectRenderer::build):
2036         * rendering/RenderLayer.cpp:
2037         (WebCore::RenderLayer::createScrollbar):
2038         * rendering/RenderListBox.cpp:
2039         (WebCore::RenderListBox::createScrollbar):
2040         * rendering/RenderMenuList.cpp:
2041         (RenderMenuList::createScrollbar):
2042         * rendering/RenderSearchField.cpp:
2043         (WebCore::RenderSearchField::createScrollbar):
2044         * replay/ReplayController.cpp:
2045         (WebCore::ReplayController::unloadSegment):
2046         * svg/SVGFEDiffuseLightingElement.cpp:
2047         (WebCore::SVGFEDiffuseLightingElement::build):
2048         * svg/SVGFESpecularLightingElement.cpp:
2049         (WebCore::SVGFESpecularLightingElement::build):
2050         * svg/properties/SVGListProperty.h:
2051         (WebCore::SVGListProperty::getItemValuesAndWrappers):
2052         (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
2053         (WebCore::SVGListProperty::removeItemValuesAndWrappers):
2054         * workers/WorkerThread.cpp:
2055         (WebCore::WorkerThread::workerThread):
2056         * xml/XMLHttpRequest.cpp:
2057         (WebCore::XMLHttpRequest::internalAbort):
2058         * xml/XPathStep.cpp:
2059         (WebCore::XPath::Step::nodesInAxis):
2060
2061 2016-06-20  Eric Carlson  <eric.carlson@apple.com>
2062
2063         Crash in PlatformMediaSession::clientWillPausePlayback
2064         https://bugs.webkit.org/show_bug.cgi?id=158953
2065         <rdar://problem/26121125>
2066
2067         Reviewed by Jer Noble.
2068
2069         No new tests, I have not been able to reproduce this in a test.
2070
2071         * html/HTMLMediaElement.cpp:
2072         (WebCore::HTMLMediaElement::stop): Ref the element before calling stopWithoutDestroyingMediaPlayer
2073           because updatePlaybackControlsManager can release the last reference and cause the
2074           destructor to be called.
2075         (WebCore::HTMLMediaElement::suspend): Ditto.
2076
2077 2016-06-20  Alex Christensen  <achristensen@webkit.org>
2078
2079         Clean up ResourceResponseBase after r201943
2080         https://bugs.webkit.org/show_bug.cgi?id=158706
2081
2082         Reviewed by Michael Catanzaro.
2083
2084         * platform/network/ResourceResponseBase.cpp:
2085         (WebCore::ResourceResponseBase::ResourceResponseBase):
2086         (WebCore::ResourceResponseBase::asResourceResponse): Deleted.
2087         * platform/network/ResourceResponseBase.h:
2088         (WebCore::ResourceResponseBase::platformCompare):
2089
2090 2016-06-20  Joseph Pecoraro  <pecoraro@apple.com>
2091
2092         Web Inspector: console.profile should use the new Sampling Profiler
2093         https://bugs.webkit.org/show_bug.cgi?id=153499
2094         <rdar://problem/24352431>
2095
2096         Reviewed by Timothy Hatcher.
2097
2098         Test: inspector/timeline/setInstruments-programmatic-capture.html
2099
2100         * inspector/InspectorTimelineAgent.cpp:
2101         (WebCore::InspectorTimelineAgent::startFromConsole):
2102         (WebCore::InspectorTimelineAgent::stopFromConsole):
2103         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
2104         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
2105         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
2106         (WebCore::InspectorTimelineAgent::toggleInstruments):
2107         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
2108         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
2109         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
2110         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
2111         * inspector/InspectorTimelineAgent.h:
2112         Web implementation of console.profile/profileEnd.
2113         Make helpers for startings / stopping instruments.
2114
2115 2016-06-20  Andreas Kling  <akling@apple.com>
2116
2117         When navigating, discard decoded image data that is only live due to page cache.
2118         <https://webkit.org/b/158941>
2119
2120         Reviewed by Antti Koivisto.
2121
2122         A resource is "live" if it's currently in use by a web page, and "dead" if it's
2123         only kept alive by the memory cache.
2124
2125         This patch adds a mechanism that looks at CachedImage resources to see if all the
2126         clients that make them appear "live" are actually pages in the page cache.
2127
2128         If so, we let the "jettison expensive objects on top-level navigation" mechanism
2129         discard the decoded data for such half-live images. This can reduce the peak
2130         memory usage during navigations quite a bit.
2131
2132         * loader/FrameLoader.cpp:
2133         (WebCore::FrameLoader::commitProvisionalLoad): Move the call to MemoryPressureHandler
2134         before we add the outgoing page to the page cache. This allows the jettisoning code
2135         to make decisions based on which pages were cached *before* the navigation.
2136
2137         * loader/cache/CachedImageClient.h:
2138         (WebCore::CachedImageClient::inPageCache):
2139         * loader/ImageLoader.h:
2140         * loader/ImageLoader.cpp:
2141         (WebCore::ImageLoader::inPageCache):
2142         * rendering/RenderObject.h:
2143         (WebCore::RenderObject::inPageCache): Added a CachedImageClient::inPageCache() virtual
2144         to determine which clients are currently in page cache (answered by their Document.)
2145
2146         * loader/cache/CachedImage.h:
2147         * loader/cache/CachedImage.cpp:
2148         (WebCore::CachedImage::areAllClientsInPageCache): Walks all CachedImageClient clients
2149         and returns true if all of them are inPageCache().
2150
2151         * platform/MemoryPressureHandler.cpp:
2152         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
2153         Walk all the known CachedImages and nuke decoded data for those that have some but
2154         are only considered live due to clients in the page cache.
2155
2156 2016-06-20  Chris Dumez  <cdumez@apple.com>
2157
2158         Unreviewed, fix post-landing review comment from Darin on r202188.
2159
2160         * platform/network/CacheValidation.cpp:
2161         (WebCore::parseCacheHeader):
2162
2163 2016-06-19  Antti Koivisto  <antti@apple.com>
2164
2165         Updating class name of a shadow host does not update the style applied by :host()
2166         https://bugs.webkit.org/show_bug.cgi?id=158900
2167         <rdar://problem/26883707>
2168
2169         Reviewed by Simon Fraser.
2170
2171         Test: fast/shadow-dom/shadow-host-style-update.html
2172
2173         Teach style invalidation optimization code about :host.
2174
2175         * style/AttributeChangeInvalidation.cpp:
2176         (WebCore::Style::mayBeAffectedByHostStyle):
2177         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
2178         * style/ClassChangeInvalidation.cpp:
2179         (WebCore::Style::computeClassChange):
2180         (WebCore::Style::mayBeAffectedByHostStyle):
2181         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
2182         * style/IdChangeInvalidation.cpp:
2183         (WebCore::Style::mayBeAffectedByHostStyle):
2184         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
2185
2186 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
2187
2188         Remove hasStaticPropertyTable (part 5: done!)
2189         https://bugs.webkit.org/show_bug.cgi?id=158431
2190
2191         Reviewed by Chris Dumez.
2192
2193         * bindings/scripts/CodeGeneratorJS.pm:
2194         (GenerateHeader):
2195             - remove hasStaticPropertyTable.
2196         * bindings/scripts/test/JS/JSInterfaceName.h:
2197         (WebCore::JSInterfaceName::create):
2198         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
2199         (WebCore::JSTestActiveDOMObject::create):
2200         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
2201         (WebCore::JSTestClassWithJSBuiltinConstructor::create):
2202         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
2203         (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
2204         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
2205         (WebCore::JSTestCustomNamedGetter::create):
2206         * bindings/scripts/test/JS/JSTestEventConstructor.h:
2207         (WebCore::JSTestEventConstructor::create):
2208         * bindings/scripts/test/JS/JSTestEventTarget.h:
2209         (WebCore::JSTestEventTarget::create):
2210         * bindings/scripts/test/JS/JSTestException.h:
2211         (WebCore::JSTestException::create):
2212         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
2213         (WebCore::JSTestGenerateIsReachable::create):
2214         * bindings/scripts/test/JS/JSTestGlobalObject.h:
2215         * bindings/scripts/test/JS/JSTestInterface.h:
2216         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
2217         (WebCore::JSTestJSBuiltinConstructor::create):
2218         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
2219         (WebCore::JSTestMediaQueryListListener::create):
2220         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
2221         (WebCore::JSTestNamedConstructor::create):
2222         * bindings/scripts/test/JS/JSTestNode.h:
2223         * bindings/scripts/test/JS/JSTestNondeterministic.h:
2224         (WebCore::JSTestNondeterministic::create):
2225         * bindings/scripts/test/JS/JSTestObj.h:
2226         (WebCore::JSTestObj::create):
2227         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
2228         (WebCore::JSTestOverloadedConstructors::create):
2229         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
2230         (WebCore::JSTestOverrideBuiltins::create):
2231         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
2232         (WebCore::JSTestSerializedScriptValueInterface::create):
2233         * bindings/scripts/test/JS/JSTestTypedefs.h:
2234         (WebCore::JSTestTypedefs::create):
2235         * bindings/scripts/test/JS/JSattribute.h:
2236         (WebCore::JSattribute::create):
2237         * bindings/scripts/test/JS/JSreadonly.h:
2238         (WebCore::JSreadonly::create):
2239
2240 2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2241
2242         The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
2243         https://bugs.webkit.org/show_bug.cgi?id=158834
2244
2245         Reviewed by Eric Carlson.
2246
2247         No change of behavior.
2248
2249         * bindings/scripts/CodeGeneratorJS.pm:
2250         (GenerateHeader): Explicitly setting DOMWrapped type definition from
2251         JSXX class deriving from another JSYY class.
2252         * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
2253         * bindings/scripts/test/JS/JSTestNode.h: Ditto.
2254
2255 2016-06-18  Antti Koivisto  <antti@apple.com>
2256
2257         Use time literals in WebCore
2258         https://bugs.webkit.org/show_bug.cgi?id=158905
2259
2260         Reviewed by Andreas Kling.
2261
2262         std::chrono::milliseconds(1) -> 1ms etc.
2263
2264         * dom/Document.cpp:
2265         (WebCore::Document::minimumLayoutDelay):
2266         (WebCore::Document::elapsedTime):
2267         * fileapi/FileReader.cpp:
2268         (WebCore::FileReader::create):
2269         * inspector/InspectorOverlay.cpp:
2270         (WebCore::InspectorOverlay::showPaintRect):
2271         * loader/CrossOriginPreflightResultCache.cpp:
2272         (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
2273         * loader/ProgressTracker.cpp:
2274         (WebCore::ProgressTracker::progressStarted):
2275         * loader/cache/CachedResource.cpp:
2276         (WebCore::CachedResource::freshnessLifetime):
2277         * page/ChromeClient.h:
2278         * page/DOMTimer.cpp:
2279         (WebCore::DOMTimer::intervalClampedToMinimum):
2280         (WebCore::DOMTimer::alignedFireTime):
2281         * page/DOMTimer.h:
2282         * page/FrameView.cpp:
2283         (WebCore::FrameView::scrollPositionChanged):
2284         * page/ResourceUsageThread.cpp:
2285         (WebCore::ResourceUsageThread::threadBody):
2286         * page/Settings.cpp:
2287         (WebCore::Settings::Settings):
2288         * page/mac/ServicesOverlayController.mm:
2289         (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
2290         * platform/graphics/FontCache.cpp:
2291         (WebCore::FontCache::fontForFamily):
2292         * platform/network/CacheValidation.cpp:
2293         (WebCore::computeCurrentAge):
2294         (WebCore::computeFreshnessLifetimeForHTTPFamily):
2295
2296 2016-06-17  Benjamin Poulain  <benjamin@webkit.org>
2297
2298         :indeterminate pseudo-class should match radios whose group has no checked radio
2299         https://bugs.webkit.org/show_bug.cgi?id=156270
2300
2301         Reviewed by Simon Fraser.
2302
2303         The pseudo-class ":indeterminate" is supposed to match radio buttons
2304         for which the entire group has no checked button.
2305         Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate
2306
2307         The change is straightforward with one non-obvious choice:
2308         I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().
2309
2310         The reason is shouldAppearIndeterminate() is used for styling and AX of elements
2311         with an indeterminate states (check boxes and progress element). There is no such
2312         UI for radio boxes.
2313         I could have extended shouldAppearIndeterminate() to radio box
2314         then filter out this case in RenderTheme. The problem is doing that would also requires
2315         changes to the repaint logic to match :indeterminate. It seemed overkill to me to
2316         change repaint() for a case that is never used in practice.
2317
2318         Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
2319                fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
2320                fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
2321                fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html
2322
2323         * css/SelectorCheckerTestFunctions.h:
2324         (WebCore::shouldAppearIndeterminate):
2325         * dom/Element.cpp:
2326         (WebCore::Element::matchesIndeterminatePseudoClass):
2327         * dom/Element.h:
2328         * dom/RadioButtonGroups.cpp:
2329         (WebCore::RadioButtonGroup::setCheckedButton):
2330         (WebCore::RadioButtonGroup::updateCheckedState):
2331         (WebCore::RadioButtonGroup::remove):
2332         (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
2333         (WebCore::RadioButtonGroups::hasCheckedButton):
2334         * dom/RadioButtonGroups.h:
2335         * html/CheckboxInputType.cpp:
2336         (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
2337         (WebCore::CheckboxInputType::shouldAppearIndeterminate):
2338         (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
2339         * html/CheckboxInputType.h:
2340         * html/HTMLInputElement.cpp:
2341         (WebCore::HTMLInputElement::setChecked):
2342         (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
2343         (WebCore::HTMLInputElement::shouldAppearIndeterminate):
2344         (WebCore::HTMLInputElement::radioButtonGroups):
2345         * html/HTMLInputElement.h:
2346         * html/InputType.cpp:
2347         (WebCore::InputType::matchesIndeterminatePseudoClass):
2348         (WebCore::InputType::shouldAppearIndeterminate):
2349         (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
2350         * html/InputType.h:
2351         * html/RadioInputType.cpp:
2352         (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
2353         (WebCore::RadioInputType::willDispatchClick): Deleted.
2354         (WebCore::RadioInputType::didDispatchClick): Deleted.
2355         (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
2356         The iOS specific code is just plain wrong.
2357         It was changing the indeterminate state of the input element.
2358         The spec clearly says that state is only used by checkbox:
2359         https://html.spec.whatwg.org/#dom-input-indeterminate
2360
2361         Moreover, the style update would not change the indeterminate state
2362         of other buttons in the Button Group, which is just bizarre.
2363         RenderThemeIOS does not make use of any of this with the current style.
2364
2365         * html/RadioInputType.h:
2366         * style/StyleSharingResolver.cpp:
2367         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2368         (WebCore::Style::canShareStyleWithControl): Deleted.
2369         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
2370         Style sharing is unified behind the selector matching which is neat.
2371
2372 2016-06-17  Commit Queue  <commit-queue@webkit.org>
2373
2374         Unreviewed, rolling out r202152.
2375         https://bugs.webkit.org/show_bug.cgi?id=158897
2376
2377         The new test is very unstable, timing out frequently
2378         (Requested by ap on #webkit).
2379
2380         Reverted changeset:
2381
2382         "Web Inspector: console.profile should use the new Sampling
2383         Profiler"
2384         https://bugs.webkit.org/show_bug.cgi?id=153499
2385         http://trac.webkit.org/changeset/202152
2386
2387 2016-06-17  Commit Queue  <commit-queue@webkit.org>
2388
2389         Unreviewed, rolling out r202068, r202115, and r202128.
2390         https://bugs.webkit.org/show_bug.cgi?id=158896
2391
2392         The new test is very unstable, timing out frequently
2393         (Requested by ap on #webkit).
2394
2395         Reverted changesets:
2396
2397         "decompose4 return value is unchecked, leading to potentially
2398         uninitialized data."
2399         https://bugs.webkit.org/show_bug.cgi?id=158761
2400         http://trac.webkit.org/changeset/202068
2401
2402         "[mac] LayoutTest transforms/undecomposable.html is a flaky
2403         timeout"
2404         https://bugs.webkit.org/show_bug.cgi?id=158816
2405         http://trac.webkit.org/changeset/202115
2406
2407         "[mac] LayoutTest transforms/undecomposable.html is a flaky
2408         timeout"
2409         https://bugs.webkit.org/show_bug.cgi?id=158816
2410         http://trac.webkit.org/changeset/202128
2411
2412 2016-06-17  Chris Fleizach  <cfleizach@apple.com>
2413
2414         AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
2415         https://bugs.webkit.org/show_bug.cgi?id=158876
2416         <rdar://problem/26842619>
2417
2418         Reviewed by Joanmarie Diggs.
2419
2420         The indeterminate state was not being reported for native checkboxes. 
2421
2422         Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
2423         was not being reported correctly. Changed that to check the actual attribute.
2424
2425         Test: accessibility/checkbox-mixed-value.html
2426
2427         * accessibility/AccessibilityNodeObject.cpp:
2428         (WebCore::AccessibilityNodeObject::isIndeterminate):
2429         (WebCore::AccessibilityNodeObject::isPressed):
2430         (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
2431         * accessibility/AccessibilityObject.cpp:
2432         (WebCore::AccessibilityObject::checkboxOrRadioValue):
2433
2434 2016-06-17  Dean Jackson  <dino@apple.com>
2435
2436         REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
2437         https://bugs.webkit.org/show_bug.cgi?id=158895
2438         <rdar://problem/26423617>
2439
2440         Reviewed by Zalan Bujtas.
2441
2442         In r199819 we started resetting contexts if the page had too
2443         many. Unfortunately there were entry points in the WebGL context
2444         that didn't check for the validity of the object before trying
2445         to access the lower level objects.
2446
2447         Test: webgl/many-contexts-access-after-loss.html
2448
2449         * html/canvas/WebGLRenderingContextBase.cpp:
2450         (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
2451         (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.
2452
2453 2016-06-17  Daniel Bates  <dabates@apple.com>
2454
2455         Unreviewed, rolling out r202186.
2456
2457         Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
2458         builds.
2459
2460         Reverted changeset:
2461
2462         "File scheme should not allow access of a resource on a
2463         different volume."
2464         https://bugs.webkit.org/show_bug.cgi?id=158552
2465         http://trac.webkit.org/changeset/202186
2466
2467 2016-06-17  Daniel Bates  <dabates@apple.com>
2468
2469         Unreviewed, rolling out r202187.
2470
2471         202186
2472
2473         Reverted changeset:
2474
2475         "Unreviewed clean-up after r202186."
2476         http://trac.webkit.org/changeset/202187
2477
2478 2016-06-17  Chris Dumez  <cdumez@apple.com>
2479
2480         Optimize parseCacheHeader() by using StringView
2481         https://bugs.webkit.org/show_bug.cgi?id=158891
2482
2483         Reviewed by Darin Adler.
2484
2485         Optimize parseCacheHeader() and avoid some temporary String allocations
2486         by using StringView. We now strip the whitespaces in the input string
2487         at the beginning of the function, at the same as as we strip the
2488         control characters. We are then able to leverage StringView in the
2489         rest of the function to get substrings without the need for extra
2490         String allocations.
2491
2492         * platform/network/CacheValidation.cpp:
2493         (WebCore::isControlCharacterOrSpace):
2494         (WebCore::trimToNextSeparator):
2495         (WebCore::parseCacheHeader):
2496
2497 2016-06-17  Brent Fulgham  <bfulgham@apple.com>
2498
2499         Unreviewed clean-up after r202186.
2500
2501         * platform/FileSystem.cpp:
2502         (WebCore::filesHaveSameVolume): Don't use C-style formatting.
2503
2504 2016-06-17  Pranjal Jumde  <pjumde@apple.com>
2505
2506         File scheme should not allow access of a resource on a different volume.
2507         https://bugs.webkit.org/show_bug.cgi?id=158552
2508         <rdar://problem/15307582>
2509
2510         Reviewed by Brent Fulgham.
2511
2512         Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
2513
2514         * page/SecurityOrigin.cpp:
2515         (WebCore::SecurityOrigin::canDisplay):
2516         * platform/FileSystem.cpp:
2517         (WebCore::platformFileStat):
2518         (WebCore::filesHaveSameVolume):
2519         Returns true if the files are on the same volume
2520         * platform/FileSystem.h:
2521
2522 2016-06-17  Antoine Quint  <graouts@apple.com>
2523
2524         Web video playback controls should have RTL volume slider
2525         https://bugs.webkit.org/show_bug.cgi?id=158856
2526         <rdar://problem/25971769>
2527
2528         Reviewed by Tim Horton.
2529
2530         We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
2531         propagate the user interface layout direction.
2532
2533         The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
2534         then notifies the Document of a change, which propagates down to registered media elements, and finally sets
2535         the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
2536         Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
2537         .volume-box which applies a translate to the right and flips the volume controls on the x axis.
2538
2539         Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
2540         pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
2541         can easily set a named JS property with a given JSValue.
2542
2543         For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.
2544
2545         Test: fullscreen/video-controls-rtl.html
2546
2547         * Modules/mediacontrols/mediaControlsApple.css:
2548         (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
2549         * Modules/mediacontrols/mediaControlsApple.js:
2550         (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
2551         * WebCore.xcodeproj/project.pbxproj:
2552         * dom/Document.cpp:
2553         (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
2554         (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
2555         (WebCore::Document::userInterfaceLayoutDirectionChanged):
2556         * dom/Document.h:
2557         * html/HTMLMediaElement.cpp:
2558         (WebCore::HTMLMediaElement::registerWithDocument):
2559         (WebCore::HTMLMediaElement::unregisterWithDocument):
2560         (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
2561         (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
2562         (WebCore::HTMLMediaElement::setControllerJSProperty):
2563         (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
2564         (WebCore::HTMLMediaElement::pageScaleFactorChanged):
2565         (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
2566         (WebCore::setPageScaleFactorProperty): Deleted.
2567         * html/HTMLMediaElement.h:
2568         * page/Page.cpp:
2569         (WebCore::Page::setUserInterfaceLayoutDirection):
2570         * page/Page.h:
2571         (WebCore::Page::userInterfaceLayoutDirection):
2572         * platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
2573         * testing/Internals.cpp:
2574         (WebCore::Internals::setUserInterfaceLayoutDirection):
2575         * testing/Internals.h:
2576         * testing/Internals.idl:
2577
2578 2016-06-17  Chris Dumez  <cdumez@apple.com>
2579
2580         TouchEvent should have a constructor
2581         https://bugs.webkit.org/show_bug.cgi?id=158883
2582         <rdar://problem/26063585>
2583
2584         Reviewed by Benjamin Poulain.
2585
2586         TouchEvent should have a constructor:
2587         - https://w3c.github.io/touch-events/#touchevent-interface
2588
2589         Chrome already ships this:
2590         - https://bugs.chromium.org/p/chromium/issues/detail?id=508675
2591
2592         Test: fast/events/touch/touch-event-constructor.html
2593
2594         * bindings/js/JSDictionary.cpp:
2595         (WebCore::JSDictionary::convertValue):
2596         * bindings/js/JSDictionary.h:
2597         * dom/TouchEvent.cpp:
2598         (WebCore::TouchEvent::TouchEvent):
2599         * dom/TouchEvent.h:
2600         * dom/TouchEvent.idl:
2601
2602 2016-06-17  Zalan Bujtas  <zalan@apple.com>
2603
2604         Potential null dereferencing on a detached positioned renderer.
2605         https://bugs.webkit.org/show_bug.cgi?id=158879
2606
2607         Reviewed by Simon Fraser.
2608
2609         This patch fixes the case when the while loop to search for the absolute positioned ancestor
2610         returns null (it happens when positioned renderer has been detached from the render tree).
2611
2612         Speculative fix.
2613
2614         * rendering/RenderBlock.cpp:
2615         (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
2616         * rendering/RenderBlock.h:
2617
2618 2016-06-17  Chris Dumez  <cdumez@apple.com>
2619
2620         URL hash setter does not remove fragment identifier if argument is an empty string
2621         https://bugs.webkit.org/show_bug.cgi?id=158869
2622         <rdar://problem/26863430>
2623
2624         Reviewed by Darin Adler.
2625
2626         URL hash setter and URLUtils hash setter should remove the fragment identifier
2627         if set to "#" or "":
2628         - https://url.spec.whatwg.org/#dom-url-hash
2629         - https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash
2630
2631         This patch aligns our behavior with the specification and with other browsers
2632         (tested Firefox and Chrome).
2633
2634         This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
2635         duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
2636         the specification:
2637         - https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement
2638
2639         No new tests, rebaselined existing tests.
2640
2641         * html/HTMLAnchorElement.cpp:
2642         (WebCore::HTMLAnchorElement::origin): Deleted.
2643         (WebCore::HTMLAnchorElement::text): Deleted.
2644         (WebCore::HTMLAnchorElement::setText): Deleted.
2645         (WebCore::HTMLAnchorElement::toString): Deleted.
2646         (WebCore::HTMLAnchorElement::isLiveLink): Deleted.
2647         (WebCore::HTMLAnchorElement::sendPings): Deleted.
2648         (WebCore::HTMLAnchorElement::handleClick): Deleted.
2649         (WebCore::HTMLAnchorElement::eventType): Deleted.
2650         (WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
2651         (WebCore::isEnterKeyKeydownEvent): Deleted.
2652         (WebCore::shouldProhibitLinks): Deleted.
2653         (WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
2654         (WebCore::rootEditableElementMap): Deleted.
2655         (WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
2656         (WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
2657         (WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
2658         * html/HTMLAnchorElement.h:
2659         (WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
2660         * html/URLUtils.h:
2661         (WebCore::URLUtils<T>::setHash):
2662
2663 2016-06-17  John Wilander  <wilander@apple.com>
2664
2665         Ignore case in the check for security origin inheritance
2666         https://bugs.webkit.org/show_bug.cgi?id=158878
2667
2668         Reviewed by Alex Christensen.
2669
2670         Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
2671         "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
2672         case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
2673         those two lines instead of using ==. URL::parse normalizes letters in the scheme 
2674         and host by using toASCIILower, but does not normalize letters elsewhere in the 
2675         URL, such as in the "blank" or "srcdoc" in the above URLs."
2676
2677         Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
2678
2679         * platform/URL.cpp:
2680         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
2681
2682 2016-06-17  Hyungwook Lee  <hyungwook.lee@navercorp.com>
2683
2684         Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
2685         https://bugs.webkit.org/show_bug.cgi?id=158868
2686
2687         Reviewed by Alex Christensen.
2688
2689         Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS
2690
2691         * dom/Node.cpp:
2692         (WebCore::Node::dumpStatistics):
2693
2694 2016-06-17  Per Arne Vollan  <pvollan@apple.com>
2695
2696         [Win] Scrolling in popup menu scrolls past last entry.
2697         https://bugs.webkit.org/show_bug.cgi?id=158870
2698
2699         Reviewed by Brent Fulgham.
2700
2701         When the popup has a scrollbar, the content size is not equal to the popup window size.
2702   
2703         * platform/win/PopupMenuWin.cpp:
2704         (WebCore::PopupMenuWin::contentsSize):
2705
2706 2016-06-17  Frederic Wang  <fwang@igalia.com>
2707
2708         Refactor RenderMathMLRoot layout function to avoid using flexbox
2709         https://bugs.webkit.org/show_bug.cgi?id=153987
2710
2711         Reviewed by Brent Fulgham.
2712
2713         No new tests, already covered by existing tests.
2714         A case for RTL root has been added to roots.xhtml.
2715
2716         We reimplement RenderMathMLRoot without any flexbox or anonymous.
2717         The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
2718         the MathOperator class introduced in bug 152244.
2719         msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
2720         so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.
2721
2722         * CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
2723         * WebCore.xcodeproj/project.pbxproj: ditto.
2724         * accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
2725         radical wrappers.
2726         (WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
2727         RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
2728         roots as rows.
2729         (WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
2730         Root/SquareRoot or nullptr.
2731         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
2732         Root and nullptr for SquareRoot.
2733         * mathml/MathMLInlineContainerElement.cpp:
2734         (WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
2735         for msqrt, it is treated as a normal RenderMathMLRow.
2736         (WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
2737         RenderMathMLRoot object.
2738         * rendering/RenderObject.h:
2739         (WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
2740         * rendering/mathml/RenderMathMLBlock.cpp:
2741         (WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
2742         offset according to the parent width.
2743         (WebCore::RenderMathMLBlock::renderName):
2744         * rendering/mathml/RenderMathMLBlock.h:
2745         (WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
2746         call to the other mirrorIfNeeded function.
2747         * rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
2748         (WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
2749         * rendering/mathml/RenderMathMLOperator.h: ditto.
2750         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
2751         with a MathOperator.
2752         * rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
2753         * rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
2754         anonymous wrappers.
2755         (WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
2756         square root and general root and set the MathOperator member to draw the radical sign.
2757         (WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
2758         (WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
2759         (WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
2760         (WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
2761         MathOperator in sync with ours ; no need to skip empty roots.
2762         (WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
2763         no need to skip empty roots.
2764         (WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
2765         empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
2766         No need to set style for anonymous.
2767         (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
2768         (WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
2769         (WebCore::RenderMathMLRoot::paintChildren): Implement this function.
2770         (WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
2771         paint the radical sign via MathOperator::paint
2772         (WebCore::RenderMathMLRoot::baseWrapper): Deleted.
2773         (WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
2774         (WebCore::RenderMathMLRoot::indexWrapper): Deleted.
2775         (WebCore::RenderMathMLRoot::radicalOperator): Deleted.
2776         (WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
2777         (WebCore::RenderMathMLRoot::addChild): Deleted.
2778         (WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
2779         (WebCore::RenderMathMLRoot::layout): Deleted.
2780         (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
2781         (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
2782         (WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
2783         * rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
2784         Make RenderMathMLRoot support <msqrt>.
2785         Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
2786         Update function declaration to implement layout without flexbox and add some helper functions.
2787         * rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
2788         for use in RenderMathMLRoot.
2789         (WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
2790         (WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
2791         logical width of the chid row. Set the temporary logical width for RenderMathRoot before
2792         laying the children out.
2793         (WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
2794         parameter.
2795         * rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
2796         RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
2797         after the chid row is laid out.
2798         * rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
2799         (WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
2800         * rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
2801         * rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
2802         * rendering/mathml/RenderMathMLSquareRoot.h: Removed.
2803         * rendering/mathml/MathOperator.cpp:
2804         (WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
2805         in RTL direction.
2806
2807 2016-06-17  Chris Dumez  <cdumez@apple.com>
2808
2809         Drop some unnecessary header includes
2810         https://bugs.webkit.org/show_bug.cgi?id=158864
2811
2812         Reviewed by Alexey Proskuryakov.
2813
2814         Drop some unnecessary header includes to try and reduce build times.
2815
2816         * WebCore.xcodeproj/project.pbxproj:
2817         * accessibility/AccessibilityList.cpp:
2818         * css/CSSComputedStyleDeclaration.cpp:
2819         * css/MediaQueryMatcher.cpp:
2820         * css/StyleMedia.cpp:
2821         * css/TransformFunctions.cpp:
2822         * dom/NodeRenderStyle.h:
2823         * dom/PseudoElement.h:
2824         (isType): Deleted.
2825         * html/HTMLTitleElement.cpp:
2826         * html/shadow/MediaControlElementTypes.h:
2827         * html/shadow/MediaControls.cpp:
2828         * inspector/InspectorDOMAgent.h:
2829         * inspector/InspectorLayerTreeAgent.h:
2830         * inspector/InspectorPageAgent.cpp:
2831         * page/scrolling/AsyncScrollingCoordinator.cpp:
2832         * page/scrolling/ScrollingCoordinator.h:
2833         * rendering/BidiRun.h:
2834         * rendering/BorderEdge.h:
2835         * rendering/RenderElement.h:
2836         * rendering/RenderObject.h:
2837         (WebCore::AnnotatedRegionValue::operator==): Deleted.
2838         (WebCore::AnnotatedRegionValue::operator!=): Deleted.
2839         * rendering/RenderObjectEnums.h: Added.
2840         * rendering/RenderTheme.h:
2841         * rendering/SimpleLineLayoutFlowContents.h:
2842         * rendering/SimpleLineLayoutTextFragmentIterator.h:
2843         * rendering/TextPainter.h:
2844         * rendering/style/RenderStyle.h:
2845         (WebCore::pseudoElementRendererIsNeeded):
2846         * rendering/style/ShapeValue.cpp:
2847         * rendering/style/ShapeValue.h:
2848         * style/ClassChangeInvalidation.cpp:
2849         * style/ClassChangeInvalidation.h:
2850         * style/InlineTextBoxStyle.h:
2851         * style/StyleUpdate.cpp:
2852
2853 2016-06-17  Andreas Kling  <akling@apple.com>
2854
2855         [iOS] Throw away linked code when navigating to a new page.
2856         <https://webkit.org/b/153851>
2857
2858         Reviewed by Antti Koivisto.
2859
2860         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
2861         Linked code is tied to a specific global object, and as we're creating a new one for the
2862         new page, none of it is useful to us here.
2863
2864         In the event that the user navigates back, the cost of relinking some code will be far
2865         lower than the memory cost of keeping all of it around.
2866
2867         This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
2868         due to the benchmark harness using top-level navigations to drive the tests.
2869         This new version avoids that problem by only throwing out code if we haven't navigated
2870         in the last 2 seconds. This also prevents excessive work in response to redirects.
2871
2872         I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.
2873
2874         * loader/FrameLoader.cpp:
2875         (WebCore::FrameLoader::commitProvisionalLoad):
2876         * platform/MemoryPressureHandler.cpp:
2877         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
2878         * platform/MemoryPressureHandler.h:
2879
2880 2016-06-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2881
2882         CORS preflight with a non-200 response should be a preflight failure
2883         https://bugs.webkit.org/show_bug.cgi?id=111008
2884
2885         Reviewed by Darin Adler.
2886
2887         Covered by rebased tests.
2888
2889         * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
2890         * loader/CrossOriginPreflightChecker.cpp:
2891         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
2892         successful. If not, calling preflight failure callback.
2893         (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
2894         responses are processed as other responses.
2895         * loader/ResourceLoaderOptions.h:
2896         (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
2897         const reference.
2898         (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
2899         * platform/network/ResourceResponseBase.cpp:
2900         (WebCore::ResourceResponseBase::isSuccessful): Utility function.
2901         * platform/network/ResourceResponseBase.h:
2902
2903 2016-06-17  Frederic Wang  <fwang@igalia.com>
2904
2905         MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
2906         https://bugs.webkit.org/show_bug.cgi?id=156836
2907
2908         Reviewed by Sergio Villar Senin.
2909
2910         Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
2911         operators using size variants or glyph assembly. This is especially problematic for the
2912         radical symbol which is used to write roots. Currently, we have some fallback code to draw
2913         that symbol using graphical primitives but it is a bit complex and makes the style of radical
2914         inconsistent with the font used. We solve these issues by just scaling the base glyph via a
2915         scale transform. Such scale transform is also used to mirror the radical symbol so that we
2916         have some support for right-to-left roots until we can do glyph-level mirroring
2917         via the OpenType rtlm feature.
2918
2919         Test: mathml/radical-fallback.html
2920
2921         * rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
2922         (WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
2923         symbols so m_radicalVerticalScale is initialized to 1.
2924         (WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
2925         try streching a radical, then we update the vertical metrics to match the target size and
2926         set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
2927         (WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
2928         parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
2929         mirroring or vertical stretching.
2930         * rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
2931         scaling to apply to the base radical glyph when the stretchy fallback is necessary.
2932         (WebCore::MathOperator::isStretched): The operator is also considered stretched when the
2933         m_radicalVerticalScale is applied to the base size.
2934         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
2935         * rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.
2936
2937 2016-06-16  Commit Queue  <commit-queue@webkit.org>
2938
2939         Unreviewed, rolling out r202147.
2940         https://bugs.webkit.org/show_bug.cgi?id=158867
2941
2942         Broke scrolling tests on iOS Simulator (Requested by ap on
2943         #webkit).
2944
2945         Reverted changeset:
2946
2947         "Focus event dispatched in iframe causes parent document to
2948         scroll incorrectly"
2949         https://bugs.webkit.org/show_bug.cgi?id=158629
2950         http://trac.webkit.org/changeset/202147
2951
2952 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
2953
2954         :in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
2955         https://bugs.webkit.org/show_bug.cgi?id=156530
2956
2957         Reviewed by Simon Fraser.
2958
2959         Elements should only match :in-range and :out-of-range
2960         when they are candidate for constraint validation.
2961
2962         Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
2963                fast/css/pseudo-in-range-on-readonly-input-basics.html
2964                fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
2965                fast/css/pseudo-out-of-range-on-disabled-input-basics.html
2966                fast/css/pseudo-out-of-range-on-readonly-input-basics.html
2967                fast/selectors/in-range-out-of-range-style-update.html
2968
2969         * html/BaseDateAndTimeInputType.cpp:
2970         (WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
2971         * html/NumberInputType.cpp:
2972         (WebCore::NumberInputType::minOrMaxAttributeChanged):
2973         I forgot to handle style update in r202143.
2974         This is covered by the new style invalidation test.
2975
2976         * html/BaseDateAndTimeInputType.h:
2977         * html/HTMLInputElement.cpp:
2978         (WebCore::HTMLInputElement::isInRange):
2979         (WebCore::HTMLInputElement::isOutOfRange):
2980
2981 2016-06-16  Frederic Wang  <fwang@igalia.com>
2982
2983         Add separate MathOperator for selection/measuring/drawing of stretchy operators
2984         https://bugs.webkit.org/show_bug.cgi?id=152244
2985
2986         Reviewed by Brent Fulgham.
2987
2988         We complete the class to select, measure and draw stretchy operators that is independent
2989         from RenderMathMLOperator. That way, we will be able use stretchy operator without having
2990         to introduce & manage anonymous RenderMathMLOperator's
2991         (e.g for <mroot>, <msqrt> and <mfenced>).
2992
2993         No new tests, already covered by existing tests.
2994
2995         * rendering/mathml/MathOperator.cpp:
2996         (WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
2997         (WebCore::descentForGlyph): Add this helper function to get glyph descent.
2998         (WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
2999         base glyph.
3000         (WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
3001         (WebCore::MathOperator::setGlyphAssembly): Ditto.
3002         (WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
3003         change m_maxPreferredWidth to use the actual width instead.
3004         (WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
3005         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
3006         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
3007         the same axis, given by m_ascent.
3008         Add a FIXME for bug 155434.
3009         (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
3010         (WebCore::MathOperator::paint): Public function to do the painting.
3011         (WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
3012         * rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
3013         (WebCore::MathOperator::ascent): Function to expose m_ascent.
3014         (WebCore::MathOperator::descent): Function to expose m_descent.
3015         * rendering/mathml/RenderMathMLOperator.cpp:
3016         (WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
3017         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
3018         since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
3019         MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
3020         For horizontal operators, we just use the width of the base glyph.
3021         Finally, we remove the dirty flag on preferred logical width.
3022         (WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
3023         (WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
3024         RenderMathMLOperator to avoid test breakage.
3025         (WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
3026         account style change.
3027         (WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
3028         (WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
3029         (WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
3030         MathOperator::descent() functions to calculate the height.
3031         (WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
3032         We center horizontal operator and forward the paint() call to MathOperator.
3033         (WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
3034         between the values returned by MathOperator::maxPreferredWidth() and
3035         MathOperator::width().
3036         (WebCore::boundsForGlyph): Deleted.
3037         (WebCore::heightForGlyph): Deleted.
3038         (WebCore::advanceWidthForGlyph): Deleted.
3039         (WebCore::RenderMathMLOperator::updateStyle): Deleted.
3040
3041 2016-06-16  Jiewen Tan  <jiewen_tan@apple.com>
3042
3043         CSP: Content Security Policy should allow '*' to match the originating page's scheme
3044         https://bugs.webkit.org/show_bug.cgi?id=158811
3045         <rdar://problem/26819568>
3046
3047         Reviewed by Daniel Bates.
3048
3049         Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
3050                security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
3051                security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
3052                security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html
3053
3054         * page/csp/ContentSecurityPolicySourceList.cpp:
3055         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
3056
3057 2016-06-16  Chris Dumez  <cdumez@apple.com>
3058
3059         Add HTTPHeaderMap::set() overload taking a NSString*
3060         https://bugs.webkit.org/show_bug.cgi?id=158857
3061
3062         Reviewed by Darin Adler.
3063
3064         Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
3065         the one taking a CFStringRef. It is useful for the Cocoa implementation
3066         of ResourceRequest::doUpdateResourceRequest().
3067
3068         * platform/network/HTTPHeaderMap.h:
3069         (WebCore::HTTPHeaderMap::set):
3070
3071 2016-06-16  Joseph Pecoraro  <pecoraro@apple.com>
3072
3073         Web Inspector: console.profile should use the new Sampling Profiler
3074         https://bugs.webkit.org/show_bug.cgi?id=153499
3075         <rdar://problem/24352431>
3076
3077         Reviewed by Timothy Hatcher.
3078
3079         Test: inspector/timeline/setInstruments-programmatic-capture.html
3080
3081         * inspector/InspectorTimelineAgent.cpp:
3082         (WebCore::InspectorTimelineAgent::startFromConsole):
3083         (WebCore::InspectorTimelineAgent::stopFromConsole):
3084         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
3085         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
3086         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
3087         (WebCore::InspectorTimelineAgent::toggleInstruments):
3088         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
3089         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
3090         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
3091         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
3092         * inspector/InspectorTimelineAgent.h:
3093         Web implementation of console.profile/profileEnd.
3094         Make helpers for startings / stopping instruments.
3095
3096 2016-06-16  John Wilander  <wilander@apple.com>
3097
3098         Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
3099         https://bugs.webkit.org/show_bug.cgi?id=158855
3100         <rdar://problem/26142632>
3101
3102         Reviewed by Alex Christensen.
3103
3104         Tests: http/tests/dom/window-open-about-blank-and-access-document.html
3105                http/tests/dom/window-open-about-webkit-org-and-access-document.html
3106
3107         Document.cpp previously checked whether a document should inherit its owner's 
3108         security origin by checking if the URL is either empty or blank. URL.cpp in 
3109         turn only checks if the protocol is "about:" in the isBlankURL() function. 
3110         Thus all about:* URLs inherited security origin. This patch restricts 
3111         security origin inheritance to empty, about:blank, and about:srcdoc URLs.
3112
3113         Quotes and links from the WHATWG spec regarding about:srcdoc:
3114
3115         7.1 Browsing contexts
3116         A browsing context can have a creator browsing context, the browsing context 
3117         that was responsible for its creation. If a browsing context has a parent 
3118         browsing context, then that is its creator browsing context. Otherwise, if the 
3119         browsing context has an opener browsing context, then that is its creator 
3120         browsing context. Otherwise, the browsing context has no creator browsing 
3121         context.
3122         https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
3123
3124         7.1.1 Nested browsing contexts
3125         Certain elements (for example, iframe elements) can instantiate further 
3126         browsing contexts. These are called nested browsing contexts. If a browsing 
3127         context P has a Document D with an element E that nests another browsing 
3128         context C inside it, then C is said to be nested through D, and E is said to 
3129         be the browsing context container of C. If the browsing context container 
3130         element E is in the Document D, then P is said to be the parent browsing 
3131         context of C and C is said to be a child browsing context of P. Otherwise, 
3132         the nested browsing context C has no parent browsing context.
3133         https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
3134
3135         4.8.5 The iframe element
3136         The iframe element represents a nested browsing context.
3137         ...
3138         If the srcdoc attribute is specified
3139             Navigate the element's child browsing context to a new response whose 
3140             url list consists of about:srcdoc ...
3141         https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
3142
3143         * dom/Document.cpp:
3144         (WebCore::Document::initSecurityContext):
3145             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
3146         (WebCore::Document::initContentSecurityPolicy):
3147             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
3148         (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
3149             Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
3150         * platform/URL.cpp:
3151         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
3152         * platform/URL.h:
3153             Moved the function from Document and restricted the check to only allow
3154             security origin inheritance for empty, about:blank, and about:srcdoc URLs.
3155
3156 2016-06-16  Simon Fraser  <simon.fraser@apple.com>
3157
3158         [iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
3159         https://bugs.webkit.org/show_bug.cgi?id=158629
3160         rdar://problem/26521616
3161
3162         Reviewed by Enrica Casucci.
3163
3164         When focussing elements in iframes, the page could scroll to an incorrect location.
3165         This happened because code in Element::focus() tried to disable scrolling on focus,
3166         but did so only for the current frame, so ancestor frames got programmatically scrolled.
3167         On iOS we handle the scrolling in the UI process, so never want the web process to
3168         do programmatic scrolling.
3169
3170         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
3171         rather than manually prohibiting frame scrolling.
3172
3173         Tests: fast/forms/ios/focus-input-in-iframe.html
3174                fast/forms/ios/programmatic-focus-input-in-iframe.html
3175
3176         * dom/Element.cpp:
3177         (WebCore::Element::focus):
3178         * history/CachedPage.cpp:
3179         (WebCore::CachedPage::restore):
3180
3181 2016-06-16  Zalan Bujtas  <zalan@apple.com>
3182
3183         [New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
3184         https://bugs.webkit.org/show_bug.cgi?id=158854
3185
3186         Reviewed by David Hyatt.
3187
3188         Test: fast/block/inside-inlines/crash-on-first-line-change.html
3189
3190         * rendering/RenderBlockLineLayout.cpp:
3191         (WebCore::RenderBlockFlow::marginCollapseLinesFromStart):
3192
3193 2016-06-16  Ting-Wei Lan  <lantw44@gmail.com>
3194
3195         Include cstdlib before using std::atexit
3196         https://bugs.webkit.org/show_bug.cgi?id=158681
3197
3198         Reviewed by Brent Fulgham.
3199
3200         * platform/graphics/PlatformDisplay.cpp:
3201
3202 2016-06-16  Chris Dumez  <cdumez@apple.com>
3203
3204         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
3205         https://bugs.webkit.org/show_bug.cgi?id=158853
3206
3207         Reviewed by Brent Fulgham.
3208
3209         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
3210         as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
3211         then atomizing it.
3212
3213         * html/HTMLImageElement.cpp:
3214         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
3215
3216 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
3217
3218         :in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
3219         https://bugs.webkit.org/show_bug.cgi?id=156558
3220
3221         Reviewed by Simon Fraser.
3222
3223         The pseudo selectors :in-range and :out-of-range should only
3224         apply if:
3225         -minimum/maximum are defined for the input type
3226         -the input value is/is-not suffering from underflow/overflow.
3227
3228         Only certain types have a valid minimum and maximum:
3229         -number
3230         -range
3231         -date
3232         -month
3233         -week
3234         -time
3235         -datetime-local
3236
3237         Of those, only one has a default minimum and maximum: range.
3238         For all the others, the minimum or maximum is only defined
3239         if the min/max attribute is defined and valid.
3240
3241         This patch addresses these constraints for number and range.
3242         The date types range validation is severely broken and is
3243         left untouched. It really needs a clean rewrite.
3244
3245         Tests: fast/css/pseudo-in-range-basics.html
3246                fast/css/pseudo-in-range-out-of-range-trivial.html
3247                fast/css/pseudo-out-of-range-basics.html
3248
3249         * html/DateInputType.cpp:
3250         (WebCore::DateInputType::createStepRange):
3251         * html/DateTimeInputType.cpp:
3252         (WebCore::DateTimeInputType::createStepRange):
3253         * html/DateTimeLocalInputType.cpp:
3254         (WebCore::DateTimeLocalInputType::createStepRange):
3255         * html/InputType.cpp:
3256         (WebCore::InputType::isInRange):
3257         (WebCore::InputType::isOutOfRange):
3258         Notice the isEmpty() shortcut.
3259         A value can only overflow/underflow if it is not empty.
3260
3261         * html/MonthInputType.cpp:
3262         (WebCore::MonthInputType::createStepRange):
3263         * html/NumberInputType.cpp:
3264         (WebCore::NumberInputType::createStepRange):
3265         * html/RangeInputType.cpp:
3266         (WebCore::RangeInputType::createStepRange):
3267         * html/StepRange.cpp:
3268         (WebCore::StepRange::StepRange):
3269         * html/StepRange.h:
3270         (WebCore::StepRange::hasRangeLimitations):
3271         * html/WeekInputType.cpp:
3272         (WebCore::WeekInputType::createStepRange):
3273
3274 2016-06-16  Anders Carlsson  <andersca@apple.com>
3275
3276         Fix macOS Sierra build
3277         https://bugs.webkit.org/show_bug.cgi?id=158849
3278
3279         Reviewed by Tim Horton.
3280
3281         Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.
3282         
3283         Also, add an asLayerContents() getter that will return an id that's suitable for setting 
3284         as the contents of a CALayer.
3285
3286         * platform/graphics/cocoa/IOSurface.h:
3287         * platform/graphics/cocoa/IOSurface.mm:
3288
3289 2016-06-16  Andreas Kling  <akling@apple.com>
3290
3291         REGRESSION(r196217): 3% JSBench regression on iPhone 5.
3292         <https://webkit.org/b/158848>
3293         <rdar://problem/26609622>
3294
3295         Unreviewed rollout.
3296
3297         Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.
3298
3299         * loader/FrameLoader.cpp:
3300         (WebCore::FrameLoader::commitProvisionalLoad):
3301
3302 2016-06-16  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3303
3304         WebRTC: Check type of this in RTCPeerConnection JS built-in functions
3305         https://bugs.webkit.org/show_bug.cgi?id=151303
3306
3307         Reviewed by Youenn Fablet.
3308
3309         Check type of 'this' in RTCPeerConnection JS built-in functions.
3310
3311         Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html
3312
3313         * Modules/mediastream/RTCPeerConnection.js:
3314         (createOffer):
3315         (createAnswer):
3316         (setLocalDescription):
3317         (setRemoteDescription):
3318         (addIceCandidate):
3319         (getStats):
3320         Reject if 'this' isn't of type RTCPeerConnection.
3321         * Modules/mediastream/RTCPeerConnectionInternals.js:
3322         (isRTCPeerConnection):
3323         Add helper function to perform type check. Needs further robustifying.
3324
3325 2016-06-16  Myles C. Maxfield  <mmaxfield@apple.com>
3326
3327         Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
3328         https://bugs.webkit.org/show_bug.cgi?id=158297
3329
3330         Reviewed by Darin Adler.
3331
3332         In an effort to reduce the flash of unstyled content, we force all elements
3333         to have display: none during an external stylesheet load. We do this by
3334         ignoring the CSS cascade and forcing all elements to have a placeholder style
3335         which hardcodes display: none. (This is necessary to make elements created by
3336         script during the stylesheet load not flash.)
3337
3338         This style is exposed to web content via getComputedStyle(), which means it
3339         needs to maintain the invariant that font-families can never be null strings.
3340         We enforce this by forcing the font-family to be the standard font name.
3341
3342         Test: fast/text/placeholder-renderstyle-null-font.html
3343
3344         * style/StyleTreeResolver.cpp:
3345         (WebCore::Style::ensurePlaceholderStyle):
3346
3347 2016-06-16  Chris Dumez  <cdumez@apple.com>
3348
3349         Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
3350         https://bugs.webkit.org/show_bug.cgi?id=158827
3351
3352         Reviewed by Darin Adler.
3353
3354         Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
3355         implementation has a fast path which gets the internal characters
3356         of the CFStringRef when possible and constructs a StringView for
3357         it in order to call findHTTPHeaderName(). As a result, we avoid
3358         allocating a temporary String when findHTTPHeaderName() succeeds.
3359
3360         This new HTTPHeaderMap::set() overload is called from both the
3361         CF and Cocoa implementations of ResourceResponse::platformLazyInit().
3362
3363         I have confirmed locally on both Mac and iOS that the fast path
3364         is used ~93% of the time. CFStringGetCStringPtr() returns null in
3365         rare cases, causing the regular code path to be used.
3366
3367         * platform/network/HTTPHeaderMap.cpp:
3368         (WebCore::HTTPHeaderMap::set):
3369         * platform/network/HTTPHeaderMap.h:
3370
3371 2016-06-15  Zalan Bujtas  <zalan@apple.com>
3372
3373         Decouple the percent height and positioned descendants maps.
3374         https://bugs.webkit.org/show_bug.cgi?id=158773
3375
3376         Reviewed by David Hyatt and Chris Dumez.
3377
3378         We track renderers with percent height across multiple containers using
3379         HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
3380         We also use the same data structure to track positioned descendants.
3381         However a positioned renderer can have only one containing block so tracking it
3382         with a 1:many type is defective.
3383         It allows multiple inserts for positioned descendants, which could lead to
3384         inconsistent layout state as the rendering logic expects these type of renderers
3385         with only one containing block.
3386         This patch decouples percent height and positioned tracking by introducing
3387         the PositionedDescendantsMap class. This class is responsible for tracking
3388         the positioned descendants inbetween layouts.
3389
3390         No change in functionality.
3391
3392         Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
3393                fast/block/positioning/change-containing-block-for-fixed-positioned.html
3394
3395         * rendering/RenderBlock.cpp:
3396         (WebCore::insertIntoTrackedRendererMaps):
3397         (WebCore::removeFromTrackedRendererMaps):
3398         (WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
3399         to the double insert branch when webkit.org/b/158772 gets fixed.
3400         (WebCore::PositionedDescendantsMap::removeDescendant):
3401         (WebCore::PositionedDescendantsMap::removeContainingBlock):
3402         (WebCore::PositionedDescendantsMap::positionedRenderers):
3403         (WebCore::positionedDescendantsMap):
3404         (WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
3405         (WebCore::RenderBlock::~RenderBlock):
3406         (WebCore::RenderBlock::positionedObjects):
3407         (WebCore::RenderBlock::insertPositionedObject):
3408         (WebCore::RenderBlock::removePositionedObject):
3409         (WebCore::RenderBlock::addPercentHeightDescendant):
3410         (WebCore::RenderBlock::removePercentHeightDescendant):
3411         (WebCore::RenderBlock::percentHeightDescendants):
3412         (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
3413         (WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.