[WebKit-https.git] / Source / WebCore / ChangeLog

2016-10-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        MemoryPressureHandler shouldn't know how to release WebCore memory
        https://bugs.webkit.org/show_bug.cgi?id=160497

        Reviewed by Michael Catanzaro.

        All processes should set their own low memory handler, instead of leaving the web process using the default one
        that needs to access APIs that are not in platform layer. This patch fixes all the layering violations in the
        MemoryPressureHandler. Since the default implementation, that releases the WebCore memory, is shared by the
        WebProcess in WebKit2 and WebKit1 ports, it has been moved to its own file to the WebCore layer.

        * CMakeLists.txt: Add new files to compilation.
        * PlatformMac.cmake: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad): Use WebCore::jettisonExpensiveObjectsOnTopLevelNavigation().
        * page/MemoryRelease.cpp: Added.
        (WebCore::releaseNoncriticalMemory):
        (WebCore::releaseCriticalMemory):
        (WebCore::releaseMemory):
        (WebCore::platformReleaseMemory):
        (WebCore::jettisonExpensiveObjectsOnTopLevelNavigation):
        (WebCore::registerMemoryReleaseNotifyCallbacks):
        * page/MemoryRelease.h: Added.
        * page/cocoa/MemoryReleaseCocoa.mm: Added.
        (WebCore::platformReleaseMemory):
        (WebCore::jettisonExpensiveObjectsOnTopLevelNavigation):
        (WebCore::registerMemoryReleaseNotifyCallbacks):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::MemoryPressureHandler):
        (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
        (WebCore::MemoryPressureHandler::releaseMemory): Use the current handler if it has been set.
        (WebCore::MemoryPressureHandler::platformReleaseMemory): Deleted.
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::setLowMemoryHandler):
        (WebCore::MemoryPressureHandler::m_releaseMemoryBlock):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure): Call releaseMemory() instead of using the handler directly.
        (WebCore::MemoryPressureHandler::platformReleaseMemory): Deleted.
        * platform/linux/MemoryPressureHandlerLinux.cpp:
        * platform/win/MemoryPressureHandlerWin.cpp:
        (WebCore::MemoryPressureHandler::respondToMemoryPressure): Call releaseMemory() instead of using the handler directly.

2016-11-08  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Fix fr tracks sizing under min|max-size constraints
        https://bugs.webkit.org/show_bug.cgi?id=150674

        Reviewed by Darin Adler.

        The min|max-sizes must be used to compute the flex fraction for indefinite free
        spaces. According to the spec "If using this flex fraction would cause the grid to be
        smaller than the grid container’s min-width/height (or larger than the grid container’s
        max-width/height), then redo this step, treating the free space as definite and the
        available grid space as equal to the grid container’s content box size when it’s sized to
        its min-width/height (max-width/height)."

        This only affects indefinite heights because during layout both definite sizes and any kind
        of widths are properly constrained by min|max-width restrictions.

        Tests: fast/css-grid-layout/flex-sizing-columns-min-max-width.html
               fast/css-grid-layout/flex-sizing-rows-min-max-height.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::computeFlexSizedTracksGrowth):
        * rendering/RenderGrid.h:

2016-11-10  Alejandro G. Castro  <alex@igalia.com>

        [WebRTC] [OpenWebRTC] RTX default parameters broken after r207952
        https://bugs.webkit.org/show_bug.cgi?id=164541

        Reviewed by Philippe Normand.

        Fixed typo in refactoring.

        * platform/mediastream/openwebrtc/MediaEndpointOwr.cpp:
        (WebCore::MediaEndpointOwr::getDefaultVideoPayloads):

2016-11-08  Philippe Normand  <pnormand@igalia.com>

        [WebRTC] white-list turns urls from the RTCConfiguration
        https://bugs.webkit.org/show_bug.cgi?id=164506

        Reviewed by Alejandro G. Castro.

        * Modules/mediastream/RTCConfiguration.cpp:
        (WebCore::validateIceServerURL): Add the turns URL scheme to the
        list of supported relay and signaling server protocols.

2016-11-09  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: DebuggerManager.Event.Resumed introduces test flakiness
        https://bugs.webkit.org/show_bug.cgi?id=161951
        <rdar://problem/28295767>

        Reviewed by Brian Burg.

        Covered by existing tests that would ASSERT otherwise.

        * inspector/InspectorClient.cpp:
        (WebCore::InspectorClient::doDispatchMessageOnFrontendPage):
        When paused on an exception in the inspected page and evaluating
        commands in the inspector frontend page (which evaluates JavaScript)
        we ASSERT when entering the Global DOM VM with an existing exception.
        This makes it so when we evaluate JavaScript in the frontend we
        suspend / ignore the state of the VM for the inspected page, and
        restore it when we return from the inspector.

2016-11-09  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Associate Worker Resources with the Worker and not the Page
        https://bugs.webkit.org/show_bug.cgi?id=164342
        <rdar://problem/29075775>

        Reviewed by Timothy Hatcher.

        Test: inspector/worker/resources-in-worker.html

        Provide a way to associate an initiator identifier with a ResourceRequest.
        This will allow Web Inspector to identify who started particular resource
        loads. This is important to associate Worker(...), importScript(...), and
        XMLHttpRequest / Fetch loads with that specific Worker.

        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::setAsIsolatedCopy):
        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::initiatorIdentifier):
        (WebCore::ResourceRequestBase::setInitiatorIdentifier):
        Optional initiator identifier. Currently used only be Web Inspector.

        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::resourceRequestIdentifier):
        Non-page execution contexts, like WorkerGlobalScope, should provide
        a unique identifier that may be used to distinguish loads initiated
        from within that context.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):
        * Modules/fetch/FetchLoader.cpp:
        (WebCore::FetchLoader::start):
        * Modules/fetch/FetchRequest.cpp:
        (WebCore::FetchRequest::initializeWith):
        XHR / Fetch loads should include the ScriptExecutionContext's
        initiator identifier.

        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::WorkerScriptLoader):
        (WebCore::WorkerScriptLoader::loadSynchronously):
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        (WebCore::WorkerScriptLoader::createResourceRequest):
        * workers/WorkerScriptLoader.h:
        Provide a way to provide initiator identifier information for
        Worker script loads. Currently this is `new Worker(...)` and
        `importScripts(...)` resource loads.

        * workers/Worker.cpp:
        (WebCore::Worker::Worker):
        (WebCore::Worker::create):
        * workers/Worker.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
        (WebCore::WorkerGlobalScope::importScripts):
        * workers/WorkerGlobalScope.h:
        Give Worker itself the unique identifier, because `new Worker(...)`
        loads happen before the WorkerGlobalScript (ScriptExecutionContext)
        is actually created, but we want to associate it with this Worker.

        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::create):
        (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope):
        * workers/DedicatedWorkerGlobalScope.h:
        * workers/DedicatedWorkerThread.cpp:
        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope):
        * workers/DedicatedWorkerThread.h:
        * workers/WorkerInspectorProxy.cpp:
        (WebCore::WorkerInspectorProxy::WorkerInspectorProxy):
        * workers/WorkerInspectorProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::WorkerMessagingProxy):
        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
        (WebCore::WorkerThread::WorkerThread):
        (WebCore::WorkerThread::workerThread):
        * workers/WorkerThread.h:
        Pass the MainThread's Worker identifier through to the WorkerGlobalScope
        created on the WorkerThread. They should be the same identifier.

        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::willSendRequest):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::buildObjectForFrameTree):
        Pass the initiator identifier data to the frontend. This identifier is
        equivalent to a "target identifier" in the frontend. Currently the only
        non-Page targets are Workers.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::shouldContinueAfterNotifyingLoadedFromMemoryCache):
        When using the memory cache we create a new resource request. Be sure
        to copy over useful inspector data, like the initiator identifier,
        from the original request.

        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties):
        When rebuilding a ResourceRequest from NSURLRequest, copy over the
        initiator identifier property that wouldn't otherwise have survived
        the transition.

2016-11-09  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Clean up some exception ordering.
        https://bugs.webkit.org/show_bug.cgi?id=164566

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::advance):
        (WebCore::IDBCursor::continueFunction):

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::createIndex):

2016-11-09  Alex Christensen  <achristensen@webkit.org>

        Unreviewed, rolling out r208438.

        crashes

        Reverted changeset:

        "[WK2][NETWORK_SESSION] Add support for downloading file
        backed blobs"
        https://bugs.webkit.org/show_bug.cgi?id=164458
        http://trac.webkit.org/changeset/208438

2016-11-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Change the decoding for some animated images to be asynchronous
        https://bugs.webkit.org/show_bug.cgi?id=161566

        Reviewed by Simon Fraser.

        Tests: fast/images/slower-animation-than-decoding-image.html
               fast/images/slower-decoding-than-animation-image.html
               fast/images/stopped-animation-deleted-image.html
               
        Request the next frame before firing the animation timer. The asynchronous
        image decoding work queue notifies the BitmapImage when the frame finishes
        decoding. If the timer fires before the frame is decoded, no repaint will
        be requested. Only when the image frame is ready, the animation will be
        advanced and the image will be repainted.

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::load): Cache the image settings in CachedImage.
        (WebCore::CachedImage::createImage): No need to pass allowSubsampling to BitmapImage. It can be retrieved through Image::imageObserver().
        (WebCore::CachedImage::changedInRect): Change the parameter to notifyObservers() to be a pointer.
        * loader/cache/CachedImage.h: Cache the settings: allowSubsampling, allowAsyncImageDecoding and showDebugBackground through m_loader.
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::dataChanged): Fix a logging message.
        (WebCore::BitmapImage::draw): Store the current SubsamplingLevel to be used when requesting decoding the image of the next frame.
        Draw a debug rectangle if the next frame is missed because it is being decoded and the setting showDebugBackground is on.
        (WebCore::BitmapImage::startAnimation): Deleted. Moved to the header file.
        (WebCore::BitmapImage::internalStartAnimation): Added. Request asynchronous image decoding for the next frame if required. Return the
        result of starting the animation.
        (WebCore::BitmapImage::advanceAnimation): Call internalAdvanceAnimation() if the frame image is not being decoded. If it is being decoded
        and the setting showDebugBackground is on, force repaint so the debug rectangle is drawn.
        (WebCore::BitmapImage::internalAdvanceAnimation): This is the old body of advanceAnimation().
        (WebCore::BitmapImage::stopAnimation): Stop the asynchronous image decoding if it is started.
        (WebCore::BitmapImage::newFrameNativeImageAvailableAtIndex): This function is called from the async image decoding work queue when finishing decoding a native image frame.
        * platform/graphics/BitmapImage.h:
        (WebCore::BitmapImage::startAnimation): Added. It is now calls internalStartAnimation().
        * platform/graphics/Color.h: Define a constant for the yellow color.
        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::clearMetadata): Delete unreferenced member.
        (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex): Return true if the frame is requested for async decoding.
        * platform/graphics/ImageFrameCache.h:
        * platform/graphics/ImageObserver.h:  Add virtual functions for allowSubsampling, allowAsyncImageDecoding and showDebugBackground.
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::maximumSubsamplingLevel): Move checking allowSubsampling() to the caller BitmapImage::draw().
        * platform/graphics/ImageSource.h: Remove the setting allowSubsampling(); it can be retrieved from imageObserver().
        (WebCore::ImageSource::setAllowSubsampling): Deleted.
        * rendering/RenderImageResource.cpp:
        (WebCore::RenderImageResource::shutdown): Stop the animation of an image when shutting down the resource.
        * rendering/RenderImageResourceStyleImage.cpp:
        (WebCore::RenderImageResourceStyleImage::shutdown): Ditto.
        svg/graphics/SVGImageClients.h: Change the parameter to ImageObserver::changedInRect() to be a pointer.
        (WebCore::SVGImageChromeClient::invalidateContentsAndRootView):
        * testing/Internals.cpp:
        (WebCore::Internals::setImageFrameDecodingDuration): Sets a fixed frame decoding duration for testing.
        * testing/Internals.h:
        * testing/Internals.idl: Adds an internal option for ImageFrameDecodingDuration.

2016-11-04  Brent Fulgham  <bfulgham@apple.com>

        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
        https://bugs.webkit.org/show_bug.cgi?id=155185
        <rdar://problem/11101440>

        Reviewed by Brady Eidson.

        Add a new quirk for localStorage that defaults to 'on'. When active, this quirk says that
        localStorage access should be granted, without needing to grant universal file access.

        If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
        grants universal file access.

        Tests: storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html
               storage/domstorage/localstorage/blocked-file-access.html

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext): Set localStorage quirk mode based on settings.
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::SecurityOrigin): Use more C++11 initializers.
        (WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we are NOT in
        localStorage quirks mode, and we have not been granted universal file access, prevent access
        to DOM localStorage.
        (WebCore::SecurityOrigin::setNeedsLocalStorageQuirk): Added.
        * page/SecurityOrigin.h:
        (WebCore::SecurityOrigin::needsLocalStorageQuirk): Added.
        * page/Settings.in:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Make sure Workers know what the
        localStorage quirks mode is set to.

2016-11-09  Alex Christensen  <achristensen@webkit.org>

        URLParser should not consider path of URLs with no host to start at the first slash after the colon
        https://bugs.webkit.org/show_bug.cgi?id=164555

        Reviewed by Tim Horton.

        When we see a url that is only scheme:// we treated the // as the path.  Firefox did this with unrecognized schemes,
        but based on https://github.com/whatwg/url/issues/148 they seem willing to change.  We had added similar behavior to
        URL::parse, and I added this to URLParser in r206783 which this effectively reverts.

        Covered by API and layout tests.

        * platform/URLParser.cpp:
        (WebCore::URLParser::parse):
        Don't move m_userStart to m_pathStart back by two when we see an empty host.

2016-11-09  Alex Christensen  <achristensen@webkit.org>

        Simplify logic of SecurityOrigin::databaseIdentifier
        https://bugs.webkit.org/show_bug.cgi?id=164565

        Reviewed by Brady Eidson.

        No change in behavior.

        SecurityOrigins with the file scheme need a special database identifier to be backwards-compatible with existing storage.
        Instead of determining whether this is a file SecurityOrigin at parsing time and only using that information when
        making the database identifier, just determine whether we need this quirk when making the database identifier.
        I'm planning to move this logic to SecurityOriginData in another patch.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::SecurityOrigin):
        (WebCore::SecurityOrigin::create):
        (WebCore::SecurityOrigin::databaseIdentifier):
        * page/SecurityOrigin.h:

2016-11-09  Jaehun Lim  <ljaehun.lim@samsung.com>

        Unreviewed, build fix after r208460

        isValidColorString() was renamed isValidSimpleColorString().

        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::suggestions):

2016-11-09  Anders Carlsson  <andersca@apple.com>

        Fix STP build.

        * WebCorePrefix.h:

2016-11-09  Simon Fraser  <simon.fraser@apple.com>

        Implement visual-viewport based position:fixed handling for Mac async scrolling
        https://bugs.webkit.org/show_bug.cgi?id=164495

        Reviewed by Tim Horton.

        Educate the scrolling tree about visual and layout viewports. This is runtime-switchable,
        so we push the enable flag to via the root state node, then push the layout viewport,
        and the min/max scroll position that contstrain it, through frame state nodes.

        When a scroll happens, we compute a new layout viewport when the visual viewport hits
        an edge, and push that down through setScrollLayerPosition() since it's used to position
        fixed and sticky layers.

        When the main thread gets notified about an async scroll, we set the new layout viewport
        on the FrameView, but do so in such a way that does not trigger layout. This is OK because
        we do a RenderLayer update which udpates all the layoutViewport-dependent state, and is
        necessary to avoid repaints every main thread update.

        The iOS code is made to compile, but not work yet.

        Tests: compositing/tiling/visiblerect-accumulated-offset.html
               fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolled-down-then-up.html
               fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolled-down.html
               fast/visual-viewport/tiled-drawing/zoomed-fixed-scrolling-layers-state.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setLayoutViewportOrigin):
        (WebCore::FrameView::updateLayoutViewport):
        (WebCore::FrameView::visualViewportRect):
        (WebCore::FrameView::unscaledMinimumScrollPosition):
        (WebCore::FrameView::scrollPositionChanged):
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
        (WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):
        (WebCore::AsyncScrollingCoordinator::scheduleUpdateScrollPositionAfterAsyncScroll):
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScrollTimerFired):
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        (WebCore::AsyncScrollingCoordinator::visualViewportEnabled):
        * page/scrolling/AsyncScrollingCoordinator.h:
        (WebCore::AsyncScrollingCoordinator::ScheduledScrollUpdate::ScheduledScrollUpdate):
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
        (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::setLayoutViewport):
        (WebCore::ScrollingStateFrameScrollingNode::setMinLayoutViewportOrigin):
        (WebCore::ScrollingStateFrameScrollingNode::setMaxLayoutViewportOrigin):
        (WebCore::ScrollingStateFrameScrollingNode::setVisualViewportEnabled):
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
        * page/scrolling/ScrollingStateFrameScrollingNode.h:
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
        (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
        (WebCore::ScrollingTree::commitTreeState):
        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::visualViewportEnabled):
        (WebCore::ScrollingTree::setVisualViewportEnabled):
        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition):
        * page/scrolling/ScrollingTreeFrameScrollingNode.h:
        (WebCore::ScrollingTreeFrameScrollingNode::layoutViewport):
        (WebCore::ScrollingTreeFrameScrollingNode::minLayoutViewportOrigin):
        (WebCore::ScrollingTreeFrameScrollingNode::maxLayoutViewportOrigin):
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::setScrollPositionWithoutContentEdgeConstraints):
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::scrollingTreeNodeDidScroll):
        * page/scrolling/ThreadedScrollingTree.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollPositionWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollLayerPosition):
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::scrollingTreeNodeDidScroll):
        * page/scrolling/ios/ScrollingTreeIOS.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):

2016-11-09  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: W3C test IndexedDB/idbtransaction_objectStoreNames.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=164528

        Reviewed by Alex Christensen.

        No new tests (Covered by existing test).

        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::transaction): De-dupe the input names.

2016-11-09  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Implement new IDBCursor.continuePrimaryKey function.
        https://bugs.webkit.org/show_bug.cgi?id=164404

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/idbcursor-continue-primary-key-1-private.html
               storage/indexeddb/modern/idbcursor-continue-primary-key-1.html
               Also covered by existing tests.

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::continuePrimaryKey):
        (WebCore::IDBCursor::uncheckedIterateCursor):
        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBCursor.idl:

        * Modules/indexeddb/IDBKeyData.h:
        (WebCore::IDBKeyData::operator>):
        (WebCore::IDBKeyData::operator<=):
        (WebCore::IDBKeyData::operator>=):

        * Modules/indexeddb/server/MemoryCursor.h:

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::iterateCursor):

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::iterate):
        * Modules/indexeddb/server/MemoryIndexCursor.h:

        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::iterate):
        * Modules/indexeddb/server/MemoryObjectStoreCursor.h:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::iterate):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:

        * Modules/indexeddb/shared/IDBIterateCursorData.cpp:
        (WebCore::IDBIterateCursorData::isolatedCopy):
        * Modules/indexeddb/shared/IDBIterateCursorData.h:
        (WebCore::IDBIterateCursorData::encode):
        (WebCore::IDBIterateCursorData::decode):

2016-11-09  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Media Controller: set status label according to media state
        https://bugs.webkit.org/show_bug.cgi?id=164557
        <rdar://problem/29184097>

        Reviewed by Dean Jackson.

        Correctly set the StatusLabel text based on the media loading and network state.

        Tests: http/tests/media/modern-media-controls/status-support/status-support-live-broadcast.html
               http/tests/media/modern-media-controls/status-support/status-support-loading.html
               media/modern-media-controls/status-support/status-support-error.html

        * Modules/modern-media-controls/js-files:
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        * Modules/modern-media-controls/media/status-support.js: Added.
        (StatusSupport.prototype.get control):
        (StatusSupport.prototype.get mediaEvents):
        (StatusSupport.prototype.syncControl):
        (StatusSupport):
        * WebCore.xcodeproj/project.pbxproj:

2016-11-09  Zalan Bujtas  <zalan@apple.com>

        No need to set setFlowThreadState on RenderText in createTextRenderer.
        https://bugs.webkit.org/show_bug.cgi?id=164559

        Reviewed by Antti Koivisto.

       setFlowThreadState in create*Renderer ensures that by the time we issue the initial call to
       styleWillChange/styleDidChange through initializeStyle, the state is already set.
       However since RenderText does not have its own style, it's sufficient to have the flow state set
       through the normal RenderElement::insertChildInternal code path.

        No change in functionality.

        * style/RenderTreeUpdater.cpp:
        (WebCore::createTextRenderer):

2016-11-09  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Encapsulate cursor iteration parameters for easy future expansion.
        https://bugs.webkit.org/show_bug.cgi?id=164504

        Reviewed by Darin Adler.

        No new tests (Refactor, no behavior change).

        This patch literally just takes the "key" and "count" arguments and encapsulates them in a struct.
        That struct will then be easily expandable in the future (e.g. bug 164404).

        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::uncheckedIterateCursor):
        
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::iterateCursor):
        (WebCore::IDBTransaction::iterateCursorOnServer):
        * Modules/indexeddb/IDBTransaction.h:
        
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::iterateCursor):
        * Modules/indexeddb/client/IDBConnectionProxy.h:
        
        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::iterateCursor):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
        
        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::iterateCursor):
        * Modules/indexeddb/server/IDBServer.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::iterateCursor):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::iterateCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::iterateCursor):
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:
        
        * Modules/indexeddb/shared/IDBIterateCursorData.cpp: Added.
        (WebCore::IDBIterateCursorData::isolatedCopy):
        * Modules/indexeddb/shared/IDBIterateCursorData.h: Added.
        (WebCore::IDBIterateCursorData::encode):
        (WebCore::IDBIterateCursorData::decode):

        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::iterateCursor):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

2016-11-09  Ryosuke Niwa  <rniwa@webkit.org>

        StyledElement::attributeChanged shouldn't do any work when the attribute value didn't change
        https://bugs.webkit.org/show_bug.cgi?id=129476

        Reviewed by Andreas Kling.

        Avoid calling styleAttributeChanged and setPresentationAttributeStyleIsDirty
        when the attribute value didn't change as in r164856.

        * dom/StyledElement.cpp:
        (WebCore::StyledElement::attributeChanged):

2016-11-09  Yusuke Suzuki  <utatane.tea@gmail.com>

        [DOMJIT] Implement Node::ownerDocument
        https://bugs.webkit.org/show_bug.cgi?id=164004

        Reviewed by Darin Adler.

        Test: js/dom/domjit-accessor-owner-document.html

        Still I cannot reproduce this crash in x64 environment, according to the crash log, it accesses 0x8 address.
        This can happen if document() accidentally returns nullptr. In the C++ ownerDocument implementation,
        if document() returns nullptr, it just returns nullptr. But in the DOMJIT implementation, we assume that
        document() won't return nullptr and access the member of it.

        This patch aligns the DOMJIT implementation strictly to the C++ one.

        * dom/Node.idl:
        * domjit/JSNodeDOMJIT.cpp:
        (WebCore::NodeOwnerDocumentDOMJIT::checkDOM):
        (WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):

2016-11-09  Sam Weinig  <sam@webkit.org>

        [SVG] Start moving special casing of SVG out of the bindings - SVGAngle
        https://bugs.webkit.org/show_bug.cgi?id=164496

        Reviewed by Darin Adler.

        There is quite a bit of special casing of SVG types in the bindings that adds
        a lot of complexity and is relatively fragile, as it is based on type naming.

        Instead of keeping the complexity in the bindings, I am going to move it into
        the implementation, where it has also longed to be. 

        Starting small, with just SVGAngle. It has been split in two, with the existing
        SVGAngle being renamed SVGAngleValue, and the bound instance, which used to be name
        SVGPropertyTearOff<SVGAngle>, taking the name SVGAngle (and inheriting from 
        SVGPropertyTearOff<SVGAngleValue>).

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Add SVGAngleValue.cpp

        * bindings/scripts/CodeGenerator.pm:
        Remove SVGAngle as a special case.

        * svg/SVGAngle.cpp: Removed.
        * svg/SVGAngle.h:
        Added. Implements the SVGAngle interface explicitly, getting to
        the SVGAngleValue through propertyReference().

        * svg/SVGAngle.idl:
        * svg/SVGAngleValue.cpp: Copied from Source/WebCore/svg/SVGAngle.cpp.
        * svg/SVGAngleValue.h: Copied from Source/WebCore/svg/SVGAngle.h.
        Move old SVGAngle implementation to SVGAngleValue.

        * svg/SVGAnimatedAngle.cpp:
        Replace SVGAngle usage with SVGAngleValue.

        * svg/SVGAnimatedAngle.h:
        Switch SVGAnimatedAngle to be a type alias. This remains SVGAnimatedPropertyTearOff<SVGAngle>
        as SVGAnimatedPropertyTearOff has been changed to take the TearOff type as its parameter.

        * svg/SVGAnimatedLength.h:
        * svg/SVGAnimatedPreserveAspectRatio.h:
        * svg/SVGAnimatedRect.h:
        Switch to using type aliases and pass the TearOff to SVGAnimatedPropertyTearOff.

        * svg/SVGAnimatedType.cpp:
        (WebCore::SVGAnimatedType::createAngleAndEnumeration):
        * svg/SVGAnimatedType.h:
        (WebCore::SVGAnimatedType::angleAndEnumeration):
        Use SVGAngleValue.

        * svg/SVGComponentTransferFunctionElement.h:
        Add missing include of SVGElement.h (need because it removed from SVGPropertyTearOff).

        * svg/SVGMarkerElement.cpp:
        (WebCore::SVGMarkerElement::parseAttribute):
        (WebCore::SVGMarkerElement::setOrient):
        Switch to take an SVGAngleValue.

        (WebCore::SVGMarkerElement::setOrientToAngle):
        Update to pull the value out via propertyReference().

        * svg/SVGMarkerElement.h:
        Switch to take an SVGAngleValue.

        * svg/SVGLengthList.h:
        * svg/SVGNumberList.h:
        * svg/SVGPathSegList.h:
        * svg/SVGPointList.h:
        * svg/SVGStringList.h:
        * svg/SVGTransformList.h:
        Switch to using type aliases in SVGPropertyTraits and add an alias for
        ListItemTearOff.

        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::createSVGAngle):
        * svg/SVGSVGElement.h:
        Change createSVGAngle to return a Ref<SVGAngle> and create one.

        * svg/SVGSVGElement.idl:
        Annotate IDL to indicate that a new value is being returned.

        * svg/SVGTransform.cpp:
        Remove unnecessary include of SVGAngle.h.

        * svg/SVGViewSpec.cpp:
        Add missing include of SVGElement.h (need because it removed from SVGPropertyTearOff).

        * svg/properties/SVGAnimatedPropertyTearOff.h:
        Change to be parameterized on the TearOffType, rather than the PropertyType itself. Get the
        Property type from the TearOffType.

        * svg/properties/SVGListProperty.h:
        * svg/properties/SVGListPropertyTearOff.h:
        Fix assumption that all TearOffTypes are just a SVGPropertyTearOff templatized on a property
        type. This is no longer true for SVGAngle. Instead, get the TearOffType for lists via SVGPropertyTraits.

        * svg/properties/SVGPropertyTearOff.h:
        Make the PropertyType available by exposing it as a type alias.

2016-11-09  Darin Adler  <darin@apple.com>

        Move Range from ExceptionCode to ExceptionOr
        https://bugs.webkit.org/show_bug.cgi?id=164457

        Reviewed by Alex Christensen.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::rangeForNodeContents): Update to use ExceptionOr,
        keeping behavior the same.
        (WebCore::characterOffsetsInOrder): Ditto.
        (WebCore::setRangeStartOrEndWithCharacterOffset): Changed argument to a
        reference instead of a pointer. Use a boolean return value to indicate
        success rather than an exception, since the callers don't need to know
        which exception it is.
        (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets): Updated for
        the above.
        (WebCore::AXObjectCache::nextBoundary): Ditto.
        (WebCore::AXObjectCache::previousBoundary): Ditto.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::rangeOfStringClosestToRangeInDirection):
        Update to use ExceptionOr, keeping behavior the same.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::documentBasedSelectedTextRange): Ditto.
        * accessibility/atk/WebKitAccessibleUtil.cpp:
        (selectionBelongsToObject): Ditto.
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _convertToNSRange:]): Ditto.
        * dom/Node.cpp:
        (WebCore::Node::textRects): Ditto.

        * dom/Range.cpp:
        (WebCore::Range::~Range): Remove old comment that no longer makes sense now
        that the detach function no longer does anything.
        (WebCore::checkForDifferentRootContainer): Updated to use ExceptionOr,
        keeping behavior the same.
        (WebCore::Range::setStart): Ditto.
        (WebCore::Range::setEnd): Ditto.
        (WebCore::Range::isPointInRange): Ditto.
        (WebCore::Range::comparePoint): Ditto.
        (WebCore::Range::compareNode): Ditto.
        (WebCore::top): Added helper function so that compareBoundaryPoints doesn't
        need to have two identical loops in it.
        (WebCore::Range::compareBoundaryPoints): Updated to use ExceptionOr,
        keeping behavior the same.
        (WebCore::Range::compareBoundaryPointsForBindings): Ditto. Also use a switch
        instead of relying on the order of the values to check for unsupported values.
        (WebCore::Range::boundaryPointsValid): Ditto.
        (WebCore::Range::deleteContents): Ditto.
        (WebCore::Range::intersectsNode): Ditto.
        (WebCore::Range::processContents): Ditto.
        (WebCore::deleteCharacterData): Ditto.
        (WebCore::processContentsBetweenOffsets): Ditto. Also changed to be a
        non-member function and private to this file instead of in the class.
        (WebCore::processNodes): Ditto. Also changed one argument to be a RefPtr
        since the code relies on using it after mutating the DOM.
        (WebCore::processAncestorsAndTheirSiblings): Ditto. Changed one argument type
        to use ExceptionOr so the caller doesn't have to check the exception first.
        (WebCore::Range::extractContents): Ditto.
        (WebCore::Range::cloneContents): Ditto.
        (WebCore::Range::insertNode): Ditto. Also fixed to only call nodeType once
        instead of three times.
        (WebCore::Range::toString): Ditto. Also fixed to call nodeType only once
        per node instead of twice, to use downcast instead of static_cast, and to
        use the word "node" instead of "n" for the local variable name.
        (WebCore::Range::createContextualFragment): Ditto.
        (WebCore::Range::checkNodeWOffset): Ditto.
        (WebCore::Range::setStartAfter): Ditto.
        (WebCore::Range::setEndBefore): Ditto.
        (WebCore::Range::setEndAfter): Ditto.
        (WebCore::Range::selectNode): Ditto.
        (WebCore::Range::selectNodeContents): Ditto.
        (WebCore::Range::surroundContents): Ditto.
        (WebCore::Range::setStartBefore): Ditto.
        (WebCore::Range::contains): Ditto. Except added code to handle exception
        case to return false without asserting because I saw at least one crash
        that seemed to imply this behavior was needed.
        (WebCore::rangesOverlap): Ditto.
        (WebCore::rangeOfContents): Ditto.
        (WebCore::Range::expand): Ditto.
        (WebCore::Range::getClientRects): Ditto.
        (WebCore::Range::getBoundingClientRect): Ditto.
        (WebCore::Range::borderAndTextQuads): Changed to use return value
        instead of out argument, since it's a private function used only
        within this class so it was easy to update all call sites.
        (WebCore::Range::boundingRect): Updated for above. Also renamed since
        there was no need for the name "internal" in this.
        (WebCore::Range::absoluteBoundingRect): Ditto.
        * dom/Range.h: Updated for above.
        * dom/Range.idl: Use non-legacy exceptions. Also changed the default value
        of the string argument to the expand function to the empty string rather
        than "undefined", because the function silently does nothing when passed
        any unrecognized string, and so this leaves behavior unchanged. I removed
        the comment saying that the "undefined" default is wrong.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::applyAlternativeTextToRange): Updated
        to use ExceptionOr but behave the same.
        * editing/Editor.cpp:
        (WebCore::Editor::advanceToNextMisspelling): Ditto.
        (WebCore::Editor::markAndReplaceFor): Ditto.
        (WebCore::isFrameInRange): Ditto. Also made a few style tweaks.
        (WebCore::Editor::countMatchesForText): Ditto.
        * editing/EditorCommand.cpp:
        (WebCore::unionDOMRanges): Ditto.
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::respondToNodeModification): Ditto.
        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::doApplyForSingleParagraph): Ditto.
        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingParagraph::offsetTo): Ditto.
        * editing/TextCheckingHelper.h: Updated for above and also deleted
        unneeded private function checkingRange, which just churned the
        reference count unnecessarily; instead use m_checkingRange directly.
        * editing/TextIterator.cpp:
        (WebCore::TextIterator::getLocationAndLengthFromRange): Ditto.
        * editing/VisiblePosition.cpp:
        (WebCore::setStart): Ditto.
        (WebCore::setEnd): Ditto.
        * editing/VisibleSelection.cpp:
        (WebCore::makeSearchRange): Ditto.

        * editing/VisibleUnits.cpp:
        (WebCore::suffixLengthForRange): Changed argument from RefPtr to
        a reference.
        (WebCore::prefixLengthForRange): Ditto.
        (WebCore::previousBoundary): Updated for ExceptionOr and the change
        above.
        (WebCore::nextBoundary): Ditto.
        * editing/VisibleUnits.h: Updated for above.

        * editing/htmlediting.cpp:
        (WebCore::comparePositions): Updated to use ExceptionOr but behave
        the same.
        (WebCore::visiblePositionForIndexUsingCharacterIterator): Ditto.
        (WebCore::isNodeVisiblyContainedWithin): Ditto.
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::setDictationPhrasesAsChildOfElement): Ditto.
        (WebCore::Editor::setTextAsChildOfElement): Ditto.
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::adjustedSelectionRange): Ditto.
        * editing/markup.cpp:
        (WebCore::createMarkupInternal): Ditto.
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::addRange): Ditto.
        (WebCore::DOMSelection::deleteFromDocument): Ditto.
        (WebCore::DOMSelection::containsNode): Ditto.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchMouseEvent): Updated for change to
        use ExceptionOr in Ragne::compareNode. Also refactored the function
        to make the logic a little mroe straightforward and nest less of it
        inside a loop.

        * page/Page.cpp:
        (WebCore::Page::findStringMatchingRanges): Updated for ExceptionOr
        without changing behavior.
        * page/TextIndicator.cpp:
        (WebCore::hasNonInlineOrReplacedElements): Ditto.
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::getRanges): Ditto.

2016-11-09  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix grid layout parsing
        https://bugs.webkit.org/show_bug.cgi?id=164489

        Reviewed by Dean Jackson.

        * css/CSSValueKeywords.in:
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFitContent):
        (WebCore::isGridTrackFixedSized):
        (WebCore::consumeGridTrackSize):
        (WebCore::consumeGridTrackRepeatFunction):
        (WebCore::consumeGridTrackList):
        (WebCore::isCustomIdentValue):
        (WebCore::CSSPropertyParser::consumeGridItemPositionShorthand):
        (WebCore::CSSPropertyParser::consumeGridAreaShorthand):
        (WebCore::consumeImplicitGridAutoFlow):
        (WebCore::CSSPropertyParser::consumeGridShorthand):

2016-11-09  Darin Adler  <darin@apple.com>

        Move EventTarget from ExceptionCode to ExceptionOr
        https://bugs.webkit.org/show_bug.cgi?id=164465

        Reviewed by Youenn Fablet.

        * Modules/indexeddb/IDBRequest.h: Added now-needed forward
        class declarations.
        * Modules/webaudio/AudioContext.h: Ditto.

        * bindings/js/JSEventListener.cpp:
        (WebCore::eventHandlerAttribute): Updated for name change of the
        attributeEventListener function.
        (WebCore::documentEventHandlerAttribute): Ditto.
        * dom/Document.cpp:
        (WebCore::Document::getWindowAttributeEventListener): Ditto.

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::setAttributeEventListener): Updated for
        name change.
        (WebCore::EventTarget::attributeEventListener): Ditto.
        (WebCore::EventTarget::dispatchEventForBindings): Use ExceptionOr.
        (WebCore::legacyType): Use null instead of empty for no type, since
        it's more efficient to check for null.
        (WebCore::EventTarget::fireEventListeners): Check for null.
        Also streamlined logic a little bit and removed a very old comment.
        (WebCore::EventTarget::eventListeners): Renamed from getEventListeners.
        * dom/EventTarget.h: Removed lots of unneeded declarations. Renamed
        some functions to remove get prefix. Updated for above changes.
        Moved one inline function out of the class header. Made the destructor
        for EventTarget be inline to make the destructors for derived classes
        slightly more efficient.
        * dom/EventTarget.idl: Use non-legacy exception.

        * dom/Node.cpp:
        (WebCore::Node::didMoveToNewDocument): Updated for name change.
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplacementFragment::ReplacementFragment): Ditto.

        * inspector/InspectorCSSAgent.h: Added now-needed forward declaration.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::getEventListeners): Updated for name change.

        * inspector/InspectorInstrumentation.h: Added now-needed forward declaration.
        * page/DOMWindow.h: Ditto.
        * xml/XMLHttpRequest.h: Ditto.

2016-11-09  Daniel Bates  <dabates@apple.com>

        Add test infrastructure and tests for existing HTTP 0.9 sandbox machinery
        https://bugs.webkit.org/show_bug.cgi?id=164389
        <rdar://problem/29101072>

        Reviewed by Alex Christensen.

        Add test infrastructure to support registering an arbitrary port as the default port
        for a protocol. The behavior of various machinery, including the HTTP 0.9 machinery,
        can be effected by whether the resource request was made using the default port for
        the protocol. We expose window.internals.registerDefaultPortForProtocol() to allow
        a test to override the default port associated with a protocol so as to support
        testing these code paths using the existing port 8000 server started by run-webkit-httpd.
        Without window.internals.registerDefaultPortForProtocol() we would need to teach
        run-webkit-httpd to run a web server on port 80, which requires superuser privileges
        (since it is a privileged port number) and is more likely to interfere with an
        existing web server setup.

        Tests: http/tests/security/http-0.9/default-port-plugin-blocked.html
               http/tests/security/http-0.9/default-port-script-blocked.html
               http/tests/security/http-0.9/iframe-blocked.html
               http/tests/security/http-0.9/image-blocked.html
               http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html
               http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html
               http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html
               http/tests/security/http-0.9/worker-connect-src-blocked.html
               http/tests/security/http-0.9/worker-importScripts-blocked.html
               http/tests/security/http-0.9/xhr-asynchronous-blocked.html

        * platform/URL.cpp:
        (WebCore::defaultPortForProtocolMapForTesting): Added.
        (WebCore::registerDefaultPortForProtocolForTesting): Adds the specified (protocol, port) to the
        mapping used for testing.
        (WebCore::clearDefaultPortForProtocolMapForTesting): Clears the protocol to default port testing map.
        We call this function from Internals::resetToConsistentState() so that the mapping is cleared between
        test runs.
        (WebCore::defaultPortForProtocol): Modified to check the protocol to default port map for testing
        before consulting URLParser::defaultPortForProtocol().
        * platform/URL.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Clear the default port mapping used for testing.
        (WebCore::Internals::registerDefaultPortForProtocol): Added.
        * testing/Internals.h:
        * testing/Internals.idl: Added declaration for registerDefaultPortForProtocol().

2016-11-09  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add proper parsing for Promises
        https://bugs.webkit.org/show_bug.cgi?id=164497

        Reviewed by Tim Horton.

        * bindings/scripts/IDLParser.pm:
        (parseNonAnyType):
        (parseStringType):
        Require Promise types to declare the type they resolve to.
        
        * bindings/js/JSDOMPromise.h:
        Allow DOMPromise to be be parameterized on void. Add an SFINAE guarded
        overload of resolve that takes no arguments when in a DOMPromise<void>.

        * Modules/applepay/ApplePaySession.idl:
        * Modules/fetch/DOMWindowFetch.idl:
        * Modules/fetch/FetchBody.idl:
        * Modules/fetch/FetchResponse.idl:
        * Modules/fetch/WorkerGlobalScopeFetch.idl:
        * Modules/mediastream/MediaDevices.idl:
        * Modules/mediastream/MediaStreamTrack.idl:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/mediastream/RTCRtpSender.idl:
        * Modules/mediastream/RTCStatsReport.idl:
        * Modules/streams/ReadableStream.idl:
        * Modules/streams/ReadableStreamDefaultReader.idl:
        * Modules/streams/ReadableStreamSource.idl:
        * Modules/streams/WritableStream.idl:
        * Modules/webaudio/AudioContext.idl:
        * bindings/scripts/test/TestNode.idl:
        * bindings/scripts/test/TestObj.idl:
        * crypto/SubtleCrypto.idl:
        * crypto/WebKitSubtleCrypto.idl:
        * css/FontFace.idl:
        * css/FontFaceSet.idl:
        * dom/CustomElementRegistry.idl:
        * html/HTMLMediaElement.idl:
        Update IDLs to specify the resolve type of promise types.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::replaceTrack):
        (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::applyConstraints):
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::setLocalDescriptionSucceeded):
        (WebCore::PeerConnectionBackend::setRemoteDescriptionSucceeded):
        (WebCore::PeerConnectionBackend::addIceCandidateSucceeded):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/streams/ReadableStreamSource.h:
        (WebCore::ReadableStreamSource::start):
        (WebCore::ReadableStreamSource::pull):
        (WebCore::ReadableStreamSource::startFinished):
        (WebCore::ReadableStreamSource::pullFinished):
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::addReaction):
        (WebCore::AudioContext::setState):
        (WebCore::AudioContext::suspend):
        (WebCore::AudioContext::resume):
        (WebCore::AudioContext::close):
        * Modules/webaudio/AudioContext.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::rejectPendingPlayPromises):
        (WebCore::HTMLMediaElement::resolvePendingPlayPromises):
        (WebCore::HTMLMediaElement::play):
        * html/HTMLMediaElement.h:
        Update implementations to use DOMPromise<void> rather than DOMPromise<nullptr_t>
        and use the new resolve() overload.

2016-11-07  Brady Eidson  <beidson@apple.com>

        Followup to https://bugs.webkit.org/show_bug.cgi?id=164466 - Make an IDBTransaction* be an IDBTransaction&

        Rubberstamped by Alex Christensen.

        No new tests (No behavior change).

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::IDBObjectStore):
        (WebCore::IDBObjectStore::~IDBObjectStore):
        (WebCore::IDBObjectStore::hasPendingActivity):
        (WebCore::IDBObjectStore::name):
        (WebCore::IDBObjectStore::setName):
        (WebCore::IDBObjectStore::keyPath):
        (WebCore::IDBObjectStore::indexNames):
        (WebCore::IDBObjectStore::transaction):
        (WebCore::IDBObjectStore::autoIncrement):
        (WebCore::IDBObjectStore::openCursor):
        (WebCore::IDBObjectStore::openKeyCursor):
        (WebCore::IDBObjectStore::get):
        (WebCore::IDBObjectStore::putOrAdd):
        (WebCore::IDBObjectStore::doDelete):
        (WebCore::IDBObjectStore::clear):
        (WebCore::IDBObjectStore::createIndex):
        (WebCore::IDBObjectStore::index):
        (WebCore::IDBObjectStore::deleteIndex):
        (WebCore::IDBObjectStore::doCount):
        (WebCore::IDBObjectStore::getAll):
        (WebCore::IDBObjectStore::getAllKeys):
        (WebCore::IDBObjectStore::markAsDeleted):
        (WebCore::IDBObjectStore::rollbackForVersionChangeAbort):
        (WebCore::IDBObjectStore::ref):
        (WebCore::IDBObjectStore::deref):
        * Modules/indexeddb/IDBObjectStore.h:

2016-11-09  Zalan Bujtas  <zalan@apple.com>

        Move RenderNamedFlowThread nextRendererForElement logic to RenderTreeUpdater.
        https://bugs.webkit.org/show_bug.cgi?id=164503

        Reviewed by Antti Koivisto.

        When we insert a renderer into the render tree, we need to know both its parent
        and its next sibling. Normally the parent and the sibling are based on the DOM, but
        when this renderer is part of a flow thread, its insertion sibling is not necessarily the DOM sibling.
        To find the correct sibling, we call RenderNamedFlowThread's nextRendererForElement().
        RenderNamedFlowThread keeps track of its children so that it can compute the next sibling
        for the insertion point.

        This patch eliminates the need for keeping track of the child renderers of each
        flow by moving the 'next sibling' logic to RenderTreePosition.

        No change in functionality.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::insertedIntoTree):
        (WebCore::RenderElement::willBeDestroyed):
        (WebCore::RenderElement::removeFromRenderFlowThread):
        (WebCore::RenderElement::renderNamedFlowThreadWrapper): Deleted.
        * rendering/RenderElement.h:
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::nextRendererForElement): Deleted.
        (WebCore::RenderNamedFlowThread::addFlowChild): Deleted.
        (WebCore::RenderNamedFlowThread::removeFlowChild): Deleted.
        * rendering/RenderNamedFlowThread.h:
        * style/RenderTreePosition.cpp:
        (WebCore::RenderTreePosition::previousSiblingRenderer):
        (WebCore::RenderTreePosition::flowThreadInsertionContext):
        * style/RenderTreePosition.h:
        (WebCore::RenderTreePosition::RenderTreePosition):
        (WebCore::RenderTreePosition::parent):
        * style/RenderTreeUpdater.cpp:
        (WebCore::registerElementForFlowThreadIfNeeded): We need to registed the element even when it does not create renderer (display: none).
        (WebCore::RenderTreeUpdater::createRenderer):
        (WebCore::moveToFlowThreadIfNeeded): Deleted.

2016-11-09  Per Arne Vollan  <pvollan@apple.com>

        [Win][Direct2D] Incomplete image decoding.
        https://bugs.webkit.org/show_bug.cgi?id=164511

        Reviewed by Darin Adler.

        Create native decoder when all image data has been received.

        * platform/graphics/win/ImageDecoderDirect2D.cpp:
        (WebCore::ImageDecoder::setData):

2016-11-09  Beth Dakin  <bdakin@apple.com>

        Attempted build fix.

        * platform/spi/cocoa/AVKitSPI.h:

2016-11-09  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Clean up more transaction abort behavior, including tweaks to Index/ObjectStore lifetime.
        https://bugs.webkit.org/show_bug.cgi?id=164466

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests that now pass).
        
        Previously, IDBIndex ref/deref didn't track a traditional ref count but instead kept the owning object store alive.
        Now, IDBObjectStore ref/deref do the same thing for the owning transaction.
        
        Now when a version change transaction is rolled back, some object stores and indexes get pulled out of the "deleted"
        set and get promoted back up into the "referenced" set.
        
        Now deleted object stores/indexes are considered opaque roots, as live objects in the deleted state *can* get back
        to the owning objects.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::rollbackInfoForVersionChangeAbort):

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::IDBObjectStore):
        (WebCore::IDBObjectStore::indexNames):
        (WebCore::IDBObjectStore::transaction):
        (WebCore::IDBObjectStore::openCursor):
        (WebCore::IDBObjectStore::openKeyCursor):
        (WebCore::IDBObjectStore::deleteIndex):
        (WebCore::IDBObjectStore::rollbackForVersionChangeAbort):
        (WebCore::IDBObjectStore::visitReferencedIndexes):
        (WebCore::IDBObjectStore::ref):
        (WebCore::IDBObjectStore::deref):
        (WebCore::IDBObjectStore::create): Deleted.
        * Modules/indexeddb/IDBObjectStore.h:

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::objectStore):
        (WebCore::IDBTransaction::transitionedToFinishing):
        (WebCore::IDBTransaction::internalAbort):
        (WebCore::IDBTransaction::createObjectStore):
        (WebCore::IDBTransaction::deleteObjectStore):
        (WebCore::IDBTransaction::visitReferencedObjectStores):
        * Modules/indexeddb/IDBTransaction.h:
        * Modules/indexeddb/IDBTransaction.idl:

        * bindings/js/JSIDBTransactionCustom.cpp: Added.
        (WebCore::JSIDBTransaction::visitAdditionalChildren):

2016-11-09  Simon Fraser  <simon.fraser@apple.com>

        Allow customization of TextStream-based logging for geometry types
        https://bugs.webkit.org/show_bug.cgi?id=164460

        Reviewed by Zalan Bujtas.

        TextStream-based logging was constrained by the requirement to maintain compatibility
        with DRT-style output, which includes cumbersome rect logging ("at (5,0) size 40x40")
        and dumping LayoutRects as IntRects.
        
        Add some formatting flags so that other TextStream clients (e.g. logging) can have
        more readable output, and opt into automatic FormatNumberRespectingIntegers behavior.
        
        TextStreams whose output appears in test results are given flags to avoid behavior
        changes, but in the longer term test results should be updated.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::replayDisplayListAsText):
        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::scrollingStateTreeAsText):
        * platform/graphics/FloatPoint.cpp:
        (WebCore::operator<<):
        * platform/graphics/FloatRect.cpp:
        (WebCore::operator<<):
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::layerTreeAsText):
        * platform/graphics/IntRect.cpp:
        (WebCore::operator<<):
        * platform/graphics/LayoutPoint.cpp:
        (WebCore::operator<<):
        * platform/graphics/LayoutRect.cpp:
        (WebCore::operator<<):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::replayDisplayListAsText):
        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::asText):
        * platform/text/TextStream.cpp:
        (WebCore::TextStream::operator<<):
        * platform/text/TextStream.h:
        (WebCore::TextStream::TextStream):
        (WebCore::TextStream::formattingFlags):
        (WebCore::TextStream::setFormattingFlags):
        (WebCore::TextStream::hasFormattingFlag):
        (WebCore::TextStream::increaseIndent):
        (WebCore::TextStream::decreaseIndent):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::externalRepresentation):
        (WebCore::counterValueForElement):

2016-11-09  Zalan Bujtas  <zalan@apple.com>

        RenderFlowThread::flowThreadRelativeWillBeRemoved should take RenderObject& instead of RenderObject*
        https://bugs.webkit.org/show_bug.cgi?id=164543

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::removeChild):
        * rendering/RenderFlowThread.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::handleSpannerRemoval):
        (WebCore::RenderMultiColumnFlowThread::flowThreadRelativeWillBeRemoved):
        * rendering/RenderMultiColumnFlowThread.h:

2016-11-09  Jer Noble  <jer.noble@apple.com>

        REGRESSION (r208149): Media scrubber is not displayed in media controls
        https://bugs.webkit.org/show_bug.cgi?id=164514

        Reviewed by Darin Adler.

        Fixes broken Media Controls API tests.

        Added a new PlatformMediaSessionType; need to add that same type to the TYPE_TRAITS section of 
        MediaElementSession.h so that is<> and downcast<> work correctly.

        * html/MediaElementSession.h:
        (isType):

2016-11-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        When editing IME, `compositionend` events should fire after input events
        https://bugs.webkit.org/show_bug.cgi?id=164324
        <rdar://problem/29050438>

        Reviewed by Darin Adler.

        Moves where we dispatch `compositionend` events to after applying editing commands that fire `beforeinput` or
        `input` events. Also augments existing layout tests to verify the change.

        * editing/Editor.cpp:
        (WebCore::Editor::setComposition):

2016-11-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        Setting foreground color when text is selected should fire an input event with color data
        https://bugs.webkit.org/show_bug.cgi?id=164241
        <rdar://problem/29032759>

        Reviewed by Darin Adler.

        Refactors Editor::applyStyle and Editor::applyParagraphStyle to handle beforeinput and input event dispatch.
        Instead of going through the ApplyStyleCommand to dispatch input events, override shouldDispatchInputEvents to
        return false. This strategy also has the effect of unifying the way input events are dispatched in applyStyle,
        in both codepaths where we computeAndSetTypingStyle and where we create and then apply a style command.

        Test: fast/events/input-events-selection-forecolor-data.html

        * editing/ApplyStyleCommand.h:
        * editing/Editor.cpp:
        (WebCore::inputEventDataForEditingStyleAndAction):
        (WebCore::Editor::applyStyle):
        (WebCore::Editor::applyParagraphStyle):
        (WebCore::Editor::computeAndSetTypingStyle):

2016-11-08  Dean Jackson  <dino@apple.com>

        Rendering support for ExtendedColors
        https://bugs.webkit.org/show_bug.cgi?id=164443
        <rdar://problems/29123243>

        Reviewed by Simon Fraser and Darin Adler.

        Add support for rendering the new color() syntax, which
        ends up as an ExtendedColor.

        In order to make rendering code a little more readable, I
        changed Color::hasAlpha to Color::isOpaque (since an alpha
        of 100% is still an alpha), and added a Color::isVisible
        helper (the color isn't completely transparent). These new
        helpers support ExtendedColor forms.

        Support for painting gradients and blending between colors
        is still to come. I also added some FIXME comments
        to show other places that don't handle ExtendedColors yet.

        Tests: css3/color/backgrounds-and-borders.html
               css3/color/box-shadows.html
               css3/color/canvas.html
               css3/color/composited-solid-backgrounds.html
               css3/color/text.html

        * css/CSSGradientValue.cpp: Add some notes that this is broken.
        (WebCore::interpolate):
        (WebCore::CSSGradientValue::knownToBeOpaque):

        * editing/EditingStyle.cpp: Use new Color helpers.
        (WebCore::isTransparentColorValue):

        * editing/mac/EditorMac.mm: Use new Color helpers.
        (WebCore::Editor::fontAttributesForSelectionStart):

        * html/ColorInputType.cpp: No need to use the Color class at all here.
        (WebCore::isValidSimpleColorString): Renamed from isValidColorString.
        (WebCore::ColorInputType::sanitizeValue):
        (WebCore::ColorInputType::typeMismatchFor):
        (WebCore::isValidColorString): Deleted.

        * html/canvas/CanvasRenderingContext2D.cpp: New helpers.
        (WebCore::CanvasRenderingContext2D::shouldDrawShadows):
        (WebCore::CanvasRenderingContext2D::didDraw):

        * page/FrameView.cpp: Ditto.
        (WebCore::FrameView::recalculateScrollbarOverlayStyle):
        (WebCore::FrameView::hasOpaqueBackground):
        (WebCore::FrameView::setBaseBackgroundColor):

        * platform/graphics/Color.cpp:
        (WebCore::differenceSquared): Support ExtendedColor, but also
        add a note to indicate that this method and its call sites
        should use floats.
        (WebCore::Color::serialized): New helper.
        (WebCore::Color::cssText): Ditto.
        (WebCore::Color::blend): Ditto.
        (WebCore::Color::blendWithWhite):
        (WebCore::Color::colorWithAlphaMultipliedBy): Implementation of new function.
        (WebCore::Color::colorWithAlpha): Ditto.
        (WebCore::Color::opaqueColor): New method to return an opaque version of the given color.
        (WebCore::blend):
        * platform/graphics/Color.h:
        (WebCore::Color::isOpaque): New helper that is !hasAlpha().
        (WebCore::Color::isVisible): New helper.
        (WebCore::Color::alphaAsFloat): Gets the alpha value as a float. This replaces
        a bunch of places that were calculating it manually each time. Meanwhile, we
        might consider always exposing the primaries as floats... or at least
        have that option.
        (WebCore::isBlackColor): New helper - it was used in a couple of places.
        (WebCore::isWhiteColor): Ditto.
        (WebCore::Color::hasAlpha): Deleted.

        * platform/graphics/Gradient.cpp: Add FIXME.
        (WebCore::Gradient::addColorStop):
        * platform/graphics/Gradient.h:

        * platform/graphics/GraphicsContext.cpp: Use new helpers.
        (WebCore::GraphicsContext::computeLineBoundsAndAntialiasingModeForText):
        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContext::hasVisibleShadow):

        * platform/graphics/Image.cpp: Ditto.
        (WebCore::Image::fillWithSolidColor):

        * platform/graphics/ShadowBlur.cpp: Ditto.
        (WebCore::ShadowBlur::updateShadowBlurValues):

        * platform/graphics/ca/GraphicsLayerCA.cpp: Ditto.
        (WebCore::GraphicsLayerCA::setContentsToSolidColor):

        * platform/graphics/cg/GradientCG.cpp:
        (WebCore::Gradient::platformGradient): Add a FIXME to note that we can
        add ExtendedColor support simply by using CGColors, rather than fetching
        the components ourselves.

        * platform/graphics/cg/GraphicsContextCG.cpp: New helpers.
        (WebCore::calculateDrawingMode):

        * platform/graphics/cocoa/FontCascadeCocoa.mm: New helpers.
        (WebCore::FontCascade::drawGlyphs):

        * platform/graphics/mac/ColorMac.mm: Use the new helpers and Color::hash().
        (WebCore::nsColor):

        * platform/graphics/texmap/TextureMapperGL.cpp: New helpers.
        (WebCore::TextureMapperGL::drawBorder):

        * rendering/BorderEdge.cpp: Ditto.
        (WebCore::BorderEdge::obscuresBackgroundEdge):
        (WebCore::BorderEdge::obscuresBackground):

        * rendering/RenderBox.cpp: Ditto.
        (WebCore::RenderBox::getBackgroundPaintedExtent):
        (WebCore::RenderBox::backgroundIsKnownToBeOpaqueInRect):
        (WebCore::RenderBox::backgroundHasOpaqueTopLayer):

        * rendering/RenderBoxModelObject.cpp: Ditto.
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::colorNeedsAntiAliasAtCorner):
        (WebCore::willBeOverdrawn):
        (WebCore::RenderBoxModelObject::paintTranslucentBorderSides):
        (WebCore::RenderBoxModelObject::paintBorder):
        (WebCore::RenderBoxModelObject::boxShadowShouldBeAppliedToBackground):
        (WebCore::RenderBoxModelObject::paintBoxShadow):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::paintOutline):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::canCreateTiledImage):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::viewHasTransparentBackground):
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::getItemBackgroundColor):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::disabledTextColor):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::paintBoxDecorations):
        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::paintTextDecoration):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextWithShadows):
        * rendering/style/BorderValue.h:
        (WebCore::BorderValue::isTransparent):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::visitedDependentColor):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::hasBackground):
        * rendering/svg/RenderSVGResource.cpp:
        (WebCore::requestPaintingResource):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paintSelectionBackground):

        * svg/SVGAnimatedColor.cpp: Add a FIXME to note this is broken.
        (WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue):

2016-11-09  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] UI Library: StatusLabel
        https://bugs.webkit.org/show_bug.cgi?id=164544
        <rdar://problem/29179541>

        Reviewed by Dean Jackson.

        We add a new StatusLabel class to display a string of text in place of the TimeControl.
        A followup patch will add the logic to display "Error", "Loading" and "Live Broadcast"
        test under the right media state.

        Tests: media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-status-label.html
               media/modern-media-controls/status-label/status-label.html

        * Modules/modern-media-controls/controls/macos-inline-media-controls.css:
        (.media-controls.mac.inline .time-label,):
        (.media-controls.mac.inline .time-label): Deleted.
        * Modules/modern-media-controls/controls/macos-inline-media-controls.js:
        (MacOSInlineMediaControls.prototype.layout):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.):
        * Modules/modern-media-controls/controls/status-label.css: Added.
        (.status-label):
        * Modules/modern-media-controls/controls/status-label.js: Added.
        (StatusLabel.prototype.get text):
        (StatusLabel.prototype.set text):
        (StatusLabel.prototype.commitProperty):
        * Modules/modern-media-controls/js-files:
        * WebCore.xcodeproj/project.pbxproj:

2016-11-09  Chris Dumez  <cdumez@apple.com>

        [Mac] Stop using deprecated AppKit enumeration values
        https://bugs.webkit.org/show_bug.cgi?id=164494

        Reviewed by Darin Adler.

        Stop using deprecated AppKit enumeration values.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::computedAttributesForElement):
        (HTMLConverter::_processElement):
        (HTMLConverter::_addMarkersToList):
        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::keyEvent):
        (WebCore::lastEventIsMouseUp):
        (WebCore::EventHandler::passSubframeEventToSubframe):
        (WebCore::EventHandler::widgetDidHandleWheelEvent):
        (WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):
        * page/mac/TextIndicatorWindow.mm:
        (WebCore::TextIndicatorWindow::setTextIndicator):
        * platform/graphics/mac/IconMac.mm:
        (WebCore::Icon::paint):
        * platform/mac/CursorMac.mm:
        (WebCore::createCustomCursor):
        * platform/mac/DragImageMac.mm:
        (WebCore::dissolveDragImageToFraction):
        (WebCore::createDragImageFromImage):
        * platform/mac/EventLoopMac.mm:
        (WebCore::EventLoop::cycle):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::setDragImage):
        * platform/mac/PlatformEventFactoryMac.mm:
        (WebCore::globalPointForEvent):
        (WebCore::pointForEvent):
        (WebCore::mouseButtonForEvent):
        (WebCore::mouseEventTypeForEvent):
        (WebCore::clickCountForEvent):
        (WebCore::isKeypadEvent):
        (WebCore::windowsKeyCodeForKeyEvent):
        (WebCore::isKeyUpEvent):
        (WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder):
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::scrollbarControlSizeToNSControlSize):
        * platform/mac/ThemeMac.mm:
        (-[WebCoreThemeView window]):
        (WebCore::controlSizeForFont):
        (WebCore::controlSizeFromPixelSize):
        (WebCore::setUpButtonCell):
        (WebCore::stepperControlSizeForFont):
        (WebCore::paintStepper):
        (WebCore::ThemeMac::minimumControlSize):
        * platform/mac/WebVideoFullscreenHUDWindowController.mm:
        (-[WebVideoFullscreenHUDWindow initWithContentRect:styleMask:backing:defer:]):
        (-[WebVideoFullscreenHUDWindow performKeyEquivalent:]):
        (-[WebVideoFullscreenHUDWindowController init]):
        (-[WebVideoFullscreenHUDWindowController keyDown:]):
        (-[WebVideoFullscreenHUDWindowController windowDidLoad]):
        * platform/mac/WebWindowAnimation.mm:
        (WebWindowAnimationDurationFromDuration):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::updateCachedSystemFontDescription):
        (WebCore::RenderThemeMac::controlSizeForFont):
        (WebCore::RenderThemeMac::controlSizeForCell):
        (WebCore::RenderThemeMac::controlSizeForSystemFont):
        (WebCore::RenderThemeMac::paintProgressBar):
        (WebCore::RenderThemeMac::popupMenuSize):
        (WebCore::RenderThemeMac::sliderThumbHorizontal):
        (WebCore::RenderThemeMac::sliderThumbVertical):

2016-11-08  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] UI Library: iOS inline controls
        https://bugs.webkit.org/show_bug.cgi?id=164513
        <rdar://problem/27989475>

        Reviewed by Dean Jackson.

        We introduce a new IOSInlineMediaControls class which can be used to instantiate media controls
        for inline playback on iOS.

        Tests: media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-buttons-styles.html
               media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-constructor.html
               media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-controls-bar-styles.html
               media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-layout.html
               media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-time-control-styles.html
               media/modern-media-controls/ios-inline-media-controls/ios-inline-media-dropping-controls.html

        * Modules/modern-media-controls/controls/ios-inline-media-controls.css: Added.
        (.media-controls.ios.inline > .controls-bar):
        (.media-controls.ios.inline .time-control):
        (.media-controls.ios.inline button):
        (.media-controls.ios.inline button:active):
        (.media-controls.ios.inline > .controls-bar button):
        (.media-controls.ios.inline .buttons-container.right):
        (.media-controls.ios.inline button.play-pause):
        (.media-controls.ios.inline button.skip-back):
        (.media-controls.ios.inline .scrubber.slider):
        (.media-controls.ios.inline button.airplay):
        (.media-controls.ios.inline button.pip):
        (.media-controls.ios.inline button.fullscreen):
        (.media-controls.ios.inline .time-label):
        (.media-controls.ios.inline .scrubber.slider > .fill):
        (.media-controls.ios.inline .scrubber.slider > input::-webkit-slider-thumb):
        * Modules/modern-media-controls/controls/ios-inline-media-controls.js: Added.
        (IOSInlineMediaControls.prototype.layout):
        (IOSInlineMediaControls):
        * Modules/modern-media-controls/images/iOS/slider-thumb@2x.png: Added.
        * Modules/modern-media-controls/js-files:
        * WebCore.xcodeproj/project.pbxproj:

2016-11-09  Beth Dakin  <bdakin@apple.com>

        Support TouchBar in WebKit
        https://bugs.webkit.org/show_bug.cgi?id=164437
        -and corresponding-
        rdar://problem/28876524

        Reviewed by Darin Adler.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/spi/cocoa/AVKitSPI.h:
        * platform/spi/cocoa/NSTouchBarSPI.h: Added.
        * platform/spi/mac/NSSpellCheckerSPI.h:

2016-11-09  Chris Dumez  <cdumez@apple.com>

        Use Blob URL instead of webkit-fake-url when pasting an image
        https://bugs.webkit.org/show_bug.cgi?id=49141

        Reviewed by Darin Adler.

        Use Blob URL instead of webkit-fake-url when pasting an image.

        Tests: editing/pasteboard/paste-image-as-blob-url.html
               editing/pasteboard/paste-image-using-image-data.html

        * editing/Editor.h:
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readImage):
        (WebCore::Editor::createFragmentForImageAndURL):

2016-11-09  Michael Catanzaro  <mcatanzaro@igalia.com>

        Fix error message when SQLite initialization fails
        https://bugs.webkit.org/show_bug.cgi?id=164462

        Reviewed by Darin Adler.

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::initializeSQLiteIfNecessary):

2016-11-08  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] UI Library: macOS fullscreen controls
        https://bugs.webkit.org/show_bug.cgi?id=164414
        <rdar://problem/27989474>

        Reviewed by Dean Jackson.

        We introduce a new MacOSFullscreenMediaControls class which can be used to instantiate media controls
        for fullscreen playback on macOS. These controls can be dragged by the user.

        Tests: media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-buttons-containers-styles.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-buttons-styles.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-constructor.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-controls-bar-styles.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-right-container-margin.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-time-control-styles.html
               media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-volume-styles.html

        * Modules/modern-media-controls/controls/button.js:
        (Button.prototype.set enabled):

            Correctly notify the layoutDelegate when the enabled property changes, regardless of whether
            the flag is on.

        * Modules/modern-media-controls/controls/icon-button.js:
        (IconButton.prototype._updateImage):
        (IconButton):

            Correctly notify the layout delegate when the image metrics have changed so that it may perform
            a layout. This issues became apparent with the new tests on Yosemite and caused some flakyness.

        * Modules/modern-media-controls/controls/icon-service.js:
        (const.iconService.new.IconService.prototype._fileNameAndPlatformForIconNameAndLayoutTraits):
        (const.iconService.new.IconService):

            Fix a typo.

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css: Added.
        (.media-controls.mac.fullscreen > .controls-bar):
        (.media-controls.mac.fullscreen .volume.slider):
        (.media-controls.mac.fullscreen .buttons-container):
        (.media-controls.mac.fullscreen .buttons-container.center):
        (.media-controls.mac.fullscreen > .controls-bar button):
        (.media-controls.mac.fullscreen button.rewind):
        (.media-controls.mac.fullscreen button.play-pause):
        (.media-controls.mac.fullscreen button.forward):
        (.media-controls.mac.fullscreen .buttons-container.right):
        (.media-controls.mac.fullscreen button.airplay):
        (.media-controls.mac.fullscreen button.aspect-ratio):
        (.media-controls.mac.fullscreen button.pip):
        (.media-controls.mac.fullscreen button.tracks):
        (.media-controls.mac.fullscreen button.fullscreen):
        (.media-controls.mac.fullscreen .time-control):
        (.media-controls.mac.fullscreen .time-label):
        (.media-controls.mac.fullscreen .scrubber):
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js: Added.
        (MacOSFullscreenMediaControls.prototype.layout):
        (MacOSFullscreenMediaControls):
        * Modules/modern-media-controls/controls/macos-media-controls.js:
        (MacOSMediaControls):
        
            Allow the layoutTraits property to be set to something other than just LayoutTraits.macOS
            so that MacOSFullscreenMediaControls may set the LayoutTraits.Fullscreen bit.
        
        * Modules/modern-media-controls/js-files:
        
            Add a reference to the new macos-fullscreen-media-controls.js file.
        
        * WebCore.xcodeproj/project.pbxproj:

            Add references to the new macos-fullscreen-media-controls.js and
            macos-fullscreen-media-controls.css files.

2016-11-09  Chris Dumez  <cdumez@apple.com>

        Shave 16 bytes off HTMLInputElement
        https://bugs.webkit.org/show_bug.cgi?id=164488

        Reviewed by Sam Weinig.

        Shave 16 bytes off HTMLInputElement (232 -> 216) by packing data members
        better.

        * html/HTMLFormControlElement.h:
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::HTMLTextFormControlElement):
        * html/HTMLTextFormControlElement.h:

2016-11-09  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Introduce asynchronous backend for other RTCPeerConnection API
        https://bugs.webkit.org/show_bug.cgi?id=164409

        Reviewed by Eric Carlson.

        Covered by existing tests.

        Following on createOffer changes, applying the same changes to createAnswer, setLocalDescription, setRemoteDescription and addIceCandidate.
        Also refactored ICE candidate event generation (done at PeerConnectionBackend).
        Updated stop implementation to clean any promise that may be stored in PeerConnectionBackend.

        The goal of this is to be more aligned with https://www.w3.org/TR/webrtc/.
        Implementation of the various functions such as //www.w3.org/TR/webrtc/#set-description would be done in PeerConnectionBackend.
        This will require additional code moved from MediaEndpointPeerConnection up to PeerConnectionBackend.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::createOfferTask):
        (WebCore::MediaEndpointPeerConnection::doCreateAnswer):
        (WebCore::MediaEndpointPeerConnection::createAnswerTask):
        (WebCore::MediaEndpointPeerConnection::doSetLocalDescription):
        (WebCore::MediaEndpointPeerConnection::setLocalDescriptionTask):
        (WebCore::MediaEndpointPeerConnection::doSetRemoteDescription):
        (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
        (WebCore::MediaEndpointPeerConnection::doAddIceCandidate):
        (WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
        (WebCore::MediaEndpointPeerConnection::doStop):
        (WebCore::MediaEndpointPeerConnection::gotIceCandidate):
        (WebCore::MediaEndpointPeerConnection::doneGatheringCandidates):
        (WebCore::MediaEndpointPeerConnection::createAnswer): Deleted.
        (WebCore::MediaEndpointPeerConnection::setLocalDescription): Deleted.
        (WebCore::MediaEndpointPeerConnection::setRemoteDescription): Deleted.
        (WebCore::MediaEndpointPeerConnection::addIceCandidate): Deleted.
        (WebCore::MediaEndpointPeerConnection::stop): Deleted.
        (WebCore::MediaEndpointPeerConnection::localDescriptionTypeValidForState): Deleted.
        (WebCore::MediaEndpointPeerConnection::remoteDescriptionTypeValidForState): Deleted.
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOffer):
        (WebCore::PeerConnectionBackend::createOfferFailed):
        (WebCore::PeerConnectionBackend::createAnswer):
        (WebCore::PeerConnectionBackend::createAnswerSucceeded):
        (WebCore::PeerConnectionBackend::createAnswerFailed):
        (WebCore::isLocalDescriptionTypeValidForState):
        (WebCore::PeerConnectionBackend::setLocalDescription):
        (WebCore::PeerConnectionBackend::setLocalDescriptionSucceeded):
        (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
        (WebCore::isRemoteDescriptionTypeValidForState):
        (WebCore::PeerConnectionBackend::setRemoteDescription):
        (WebCore::PeerConnectionBackend::setRemoteDescriptionSucceeded):
        (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
        (WebCore::PeerConnectionBackend::addIceCandidate):
        (WebCore::PeerConnectionBackend::addIceCandidateSucceeded):
        (WebCore::PeerConnectionBackend::addIceCandidateFailed):
        (WebCore::PeerConnectionBackend::fireICECandidateEvent):
        (WebCore::PeerConnectionBackend::doneGatheringCandidates):
        (WebCore::PeerConnectionBackend::stop):
        * Modules/mediastream/PeerConnectionBackend.h:

2016-11-09  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream][Mac] Mark captured video frames as ready for display immediately
        https://bugs.webkit.org/show_bug.cgi?id=164482
        <rdar://problem/29139073>

        Reviewed by Jer Noble.

        * platform/cf/CoreMediaSoftLink.cpp: Add new constant.
        * platform/cf/CoreMediaSoftLink.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::requestNotificationWhenReadyForMediaData):
          New, ask register for a callback when the sample buffer display layer is ready
          for more media data.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBuffer): Don't change
          the sample timestamps, assume the caller has configured the sample correctly.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::prepareVideoSampleBufferFromTrack): Don't
          drop frames when the display layer isn't ready.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Call stopRequestingMediaData.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated):
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Deleted.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::setupCaptureSession): Tell the video output to always discard
          late video frames, we don't need them.
        (WebCore::AVVideoCaptureSource::processNewFrame): Add a kCMSampleAttachmentKey_DisplayImmediately
          attachment.

2016-11-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Wrong selected element at a given index in a list box (redux)
        https://bugs.webkit.org/show_bug.cgi?id=164430

        Reviewed by Darin Adler.

        This essentially undoes the implementation change resulting from r164577.
        As stated in the ATK documentation, atk_selection_ref_selection() takes
        "a gint specifying the index in the selection set. (e.g. the ith selection
        as opposed to the ith child)." r164577 deliberately modified that, causing
        atk_selection_ref_selection() to treat the index as if it were the position
        with respect to all of the children. There is different API in ATK, namely
        atk_object_ref_accessible_child(), when the ith child from the set of all
        children is sought.

        Tests: accessibility/aria-listbox-no-selection.html
               accessibility/native-listbox-no-selection.html

        * accessibility/atk/WebKitAccessibleInterfaceSelection.cpp:
        (optionFromSelection):

2016-11-09  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [EFL] Use libgcrypt instead of GnuTLS for CryptoDigest
        https://bugs.webkit.org/show_bug.cgi?id=164461

        Reviewed by Michael Catanzaro.

        As GTK port in r208297, EFL port starts to use libgcrypt instead of GnuTLS as well.

        No new tests, no behavior change.

        * PlatformEfl.cmake:

2016-11-09  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r208422.

        Roll r208382 back in since it was not responsible for the API
        test failures seen on macOS.

        Reverted changeset:

        "Unreviewed, rolling out r208382."
        https://bugs.webkit.org/show_bug.cgi?id=164319
        http://trac.webkit.org/changeset/208422

2016-11-09  Csaba Osztrogonác  <ossy@webkit.org>

        One more URTBF after r208361.

        * PlatformMac.cmake:

2016-11-09  Csaba Osztrogonác  <ossy@webkit.org>

        Typo fix after r162782
        https://bugs.webkit.org/show_bug.cgi?id=164473

        Unreviewed trivial fix.

        * platform/ThreadGlobalData.cpp:

2016-11-07  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r208382.

        This change appears to have caused 3
        SerializedCryptoKeyWrapTest API tests to fail on macOS.

        Reverted changeset:

        "[Readable Streams API] Implement ByteStreamController
        error()"
        https://bugs.webkit.org/show_bug.cgi?id=164319
        http://trac.webkit.org/changeset/208382

2016-11-04  Filip Pizlo  <fpizlo@apple.com>

        WTF::ParkingLot should stop using std::chrono because std::chrono::duration casts are prone to overflows
        https://bugs.webkit.org/show_bug.cgi?id=152045

        Reviewed by Andy Estes.

        No new layout tests because no new behavior. The new WTF time classes have some unit tests
        in TestWebKitAPI.

        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::blobSize):
        * platform/MainThreadSharedTimer.h:
        * platform/SharedTimer.h:
        * platform/ThreadTimers.cpp:
        (WebCore::ThreadTimers::updateSharedTimer):
        * platform/cf/MainThreadSharedTimerCF.cpp:
        (WebCore::MainThreadSharedTimer::setFireInterval):
        * platform/efl/MainThreadSharedTimerEfl.cpp:
        (WebCore::MainThreadSharedTimer::setFireInterval):
        * platform/glib/MainThreadSharedTimerGLib.cpp:
        (WebCore::MainThreadSharedTimer::setFireInterval):
        * platform/win/MainThreadSharedTimerWin.cpp:
        (WebCore::MainThreadSharedTimer::setFireInterval):
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::runInMode):

2016-11-04  Zalan Bujtas  <zalan@apple.com>

        RenderFlowThread state reset cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=164426

        Reviewed by Simon Fraser.

        RenderFlowThread state reset is spread across several functions. This patch groups them
        together in RenderObject::resetFlowThreadState().

        No change in functionality.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeLeftoverAnonymousBlock):
        (WebCore::RenderBlock::dropAnonymousBoxChild): This is now part of resetFlowThreadState() since resetFlowThreadState
        gets called even when NotifyChildren is false.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::insertChildInternal): Initialize the thread state before we notify the child.
        (WebCore::RenderElement::removeChildInternal): Reset the state even when NotifyChildren is false.
        (WebCore::RenderElement::willBeRemovedFromTree): This code is moved to removeFromRenderFlowThread().
        (WebCore::RenderElement::removeFromRenderFlowThread):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::initializeFlowThreadState): This is in transition for webkit.org/b/164428 (RenderFlowThread state initialization cleanup.)
        (WebCore::RenderObject::resetFlowThreadState):
        (WebCore::RenderObject::setParent): This was seemingly a random place to put flow state initialization. 
        (WebCore::RenderObject::willBeRemovedFromTree): resetFlowThreadState() takes care of it now.
        * rendering/RenderObject.h:

2016-11-04  Yusuke Suzuki  <utatane.tea@gmail.com>

        [DOMJIT] Add DOMJIT::Signature annotation to Document::getElementById
        https://bugs.webkit.org/show_bug.cgi?id=164356

        Reviewed by Filip Pizlo.

        This patch implements DOMJIT::Signature annotation for getElementById.
        Since getElementById is also implemented in DocumentFragment, we implement
        the branchIfDocumentFragment/branchIfNotDocumentFragment for that.

        In dromaeo, we have a test like this.

        test( "getElementById", function(){
            for ( var i = 0; i < num * 30; i++ ) {
                ret = document.getElementById("testA" + num).nodeType;
                ret = document.getElementById("testB" + num).nodeType;
                ret = document.getElementById("testC" + num).nodeType;
                ret = document.getElementById("testD" + num).nodeType;
                ret = document.getElementById("testE" + num).nodeType;
                ret = document.getElementById("testF" + num).nodeType;
            }
        });

        In the above test, JSC already knows the following things.

        1. Since nodeType is now handled as CallDOMGetter, we know that it is pure.
        2. getElementById look up becomes PureGetById since document is impure object. But it is kept as PureGetById. So it does not write DOMState.
        3. `"testA" + num` will be converted to constant string.
        4. CallDOM for getElementById said it just reads(DOMState:DOM). And it saids that it returns the same value as long as DOMState is not clobbered.
        5. CheckCell leading CallDOM ensures the inlined getElementById node. (CallDOM node).

        The key thing is that no node clobbers DOMState during the loop. So CallDOM & CallDOMGetter can be hoisted.
        This improves dom-query significantly. Dromaeo dom-query getElementById becomes 40x faster (247796 v.s. 6197).
        Dromaeo dom-query getElementById (not in document) becomes 89x faster (630317.8 v.s. 7066.).

        Tests: js/dom/domjit-function-get-element-by-id-changed.html
               js/dom/domjit-function-get-element-by-id-licm.html
               js/dom/domjit-function-get-element-by-id.html

        * dom/NonElementParentNode.idl:
        * domjit/DOMJITCheckDOM.h:
        (WebCore::DOMJIT::TypeChecker<DocumentFragment>::branchIfFail):
        * domjit/DOMJITHelpers.h:
        (WebCore::DOMJIT::branchIfDocumentFragment):
        (WebCore::DOMJIT::branchIfNotDocumentFragment):

2016-11-04  Simon Fraser  <simon.fraser@apple.com>

        Rename unscaledUnobscuredVisibleContentSize and unscaledVisibleContentSizeIncludingObscuredArea for attempted clarity
        https://bugs.webkit.org/show_bug.cgi?id=164438

        Reviewed by Tim Horton.

        unscaledUnobscuredVisibleContentSize() and unscaledVisibleContentSizeIncludingObscuredArea() were an endless source
        of confusion.
        
        Functions with "VisibleContent" in the name are usually expected to return document coordinates (affected by zooming),
        so unscaledUnobscuredVisibleContentSize caused cognitive dissonance because of "unscaled" vs "visibleContent", and
        "unobscured" vs "visible".
        
        So rename:
            unscaledUnobscuredVisibleContentSize -> sizeForUnobscuredContent
            unscaledVisibleContentSizeIncludingObscuredArea -> sizeForVisibleContent
        
        sizeForUnobscuredContent() can also be private to ScrollView.

        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::update):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unobscuredContentRectInternal):
        (WebCore::ScrollView::sizeForVisibleContent):
        (WebCore::ScrollView::sizeForUnobscuredContent): Don't compute unscaledVisibleContentSizeIncludingObscuredArea
        before testing whether we have a platform widget.
        (WebCore::ScrollView::layoutSize):
        (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Deleted.
        (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Deleted.
        * platform/ScrollView.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
        (WebCore::RenderLayerCompositor::frameViewDidChangeSize):
        (WebCore::RenderLayerCompositor::updateRootLayerPosition):
        (WebCore::RenderLayerCompositor::ensureRootLayer):

2016-11-04  Simon Fraser  <simon.fraser@apple.com>

        Layout viewport wrong with RTL documents
        https://bugs.webkit.org/show_bug.cgi?id=164434

        Reviewed by Tim Horton.

        The layoutViewportRect was computed incorrectly in RTL documents, because 
        FrameView::unscaledMaximumScrollPosition() was wrong; it erroneously mapped
        what it thought was a scrollOffset to a scrollPosition.

        Unscaled scroll positions are in the same coordinate space as unscaledDocumentRect,
        so we should not call scrollPositionFromOffset() in FrameView::unscaledMaximumScrollPosition().

        Changed FrameView::unscaledMinimumScrollPosition() to also just grab the location of
        unscaledDocumentRect, for symmetry.

        Finally fixed the tiled scrolling indicator's viewport rect for zoomed RTL documents
        by using the unscaled scroll origin.

        Tests: fast/visual-viewport/rtl-nonzoomed-rects.html
               fast/visual-viewport/rtl-zoomed-rects.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setLayoutViewportOrigin):
        (WebCore::FrameView::unscaledScrollOrigin):
        (WebCore::FrameView::unscaledMinimumScrollPosition):
        (WebCore::FrameView::unscaledMaximumScrollPosition):
        * page/FrameView.h:

2016-11-04  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for modern callback syntax
        https://bugs.webkit.org/show_bug.cgi?id=164435

        Reviewed by Chris Dumez.

        Support new callback syntax:
            callback Function = void (DOMString arg1, long arg2);

        This replaces "callback interface" types with a Callback=FunctionOnly
        extended attribute.

        * Modules/geolocation/PositionCallback.idl:
        * Modules/geolocation/PositionErrorCallback.idl:
        * Modules/notifications/NotificationPermissionCallback.idl:
        * Modules/quota/StorageErrorCallback.idl:
        * Modules/quota/StorageQuotaCallback.idl:
        * Modules/quota/StorageUsageCallback.idl:
        * Modules/webaudio/AudioBufferCallback.idl:
        * Modules/webdatabase/DatabaseCallback.idl:
        * Modules/webdatabase/SQLStatementCallback.idl:
        * Modules/webdatabase/SQLStatementErrorCallback.idl:
        * Modules/webdatabase/SQLTransactionCallback.idl:
        * Modules/webdatabase/SQLTransactionErrorCallback.idl:
        * dom/RequestAnimationFrameCallback.idl:
        * dom/StringCallback.idl:
        * html/VoidCallback.idl:
        * page/IntersectionObserverCallback.idl:
        * css/MediaQueryListListener.idl:
        Update to new syntax.

        * css/MediaQueryListListener.h:
        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::styleResolverChanged):
        Switch to using the now required 'handleEvent' name. This is an implementation detail
        that we should change.

        * bindings/scripts/CodeGenerator.pm:
        Update document processing to allow a callback only file. Update callback
        type checks to look for a regex that matches in the new format.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToImplIncludesForIDLType):
        (AddToIncludesForIDLType):
        (AddToImplIncludes):
        (AddToIncludes):
        Abstract includes functions to allow passing in an include hash.

        (GenerateCallbackFunctionHeader):
        (GenerateCallbackFunctionImplementation):
        (GenerateCallbackInterfaceHeader):
        (GenerateCallbackInterfaceImplementation):
        (GenerateCallbackHeaderContent):
        (GenerateCallbackImplementationContent):
        Refactor callback generation code into GenerateCallbackHeaderContent and GenerateCallbackImplementationContent
        to allow using it for both the new callbacks as well as the old callback interfaces.

        * bindings/scripts/IDLParser.pm:
        (Parse):
        (applyTypedefs):
        (applyTypedefsToOperation):
        (parseCallbackRest):
        Parse callbacks into the new IDLCallbackFunction type. Ensure that typedefs are applied as well.

        * bindings/scripts/IDLAttributes.txt:
        Remove support for Callback=FunctionOnly.

        * bindings/scripts/test/JS/JSTestCallback.cpp: Removed.
        * bindings/scripts/test/JS/JSTestCallback.h: Removed.
        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunction.h:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp: Added.
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.h: Added.
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp: Copied from Source/WebCore/bindings/scripts/test/JS/JSTestCallback.cpp.
        * bindings/scripts/test/JS/JSTestCallbackInterface.h: Copied from Source/WebCore/bindings/scripts/test/JS/JSTestCallback.h.
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/TestCallback.idl: Removed.
        * bindings/scripts/test/TestCallbackFunction.idl:
        * bindings/scripts/test/TestCallbackFunctionWithTypedefs.idl: Added.
        * bindings/scripts/test/TestCallbackInterface.idl: Copied from Source/WebCore/bindings/scripts/test/TestCallback.idl.
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/TestTypedefs.idl:
        Update existing tests and add new ones to test callback functions specifically.

2016-11-04  Alex Christensen  <achristensen@webkit.org>

        Move isDefaultPortForProtocol from URLParser.cpp back to URL.cpp
        https://bugs.webkit.org/show_bug.cgi?id=164439

        Reviewed by Daniel Bates.

        No change in behaviour.

        * platform/URL.cpp:
        (WebCore::defaultPortForProtocol):
        (WebCore::isDefaultPortForProtocol):
        * platform/URLParser.cpp:
        (WebCore::URLParser::defaultPortForProtocol):
        (WebCore::URLParser::parsePort):
        (WebCore::defaultPortForProtocol): Deleted.
        (WebCore::isDefaultPortForProtocol): Deleted.
        * platform/URLParser.h:

2016-11-04  Wenson Hsieh  <wenson_hsieh@apple.com>

        Safari does not emit composition end if blurred for dead key / Japanese IME
        https://bugs.webkit.org/show_bug.cgi?id=164369
        <rdar://problem/29050439>

        Reviewed by Ryosuke Niwa.

        On Mac, _before_ changing selection, try to finalize the composition by calling Editor::cancelComposition early.
        This is because the focused element may have changed after performing the selection change, so we would
        otherwise be dispatching the `compositionend` to the new focused element (or no compositionend at all) instead
        of the element with the composition.

        Doing this allows us to match Chrome and Firefox behavior. After canceling the composition, we then need to also
        clear the system IME state. We do this on Mac WK1/WK2 through the cancelComposition() codepath, which ends up
        calling into -discardMarkedText, which resets the marked text state. Some minor refactoring was performed to
        accomplish this -- currently, discardedComposition sends a CompositionWasCanceled message over to the UI process
        that discards the marked text, and then updates the editor state. This patch splits this into two separate
        steps -- see the WebKit2 ChangeLog for more details.

        Test: fast/events/ime-compositionend-on-selection-change.html

        * editing/Editor.cpp:
        (WebCore::Editor::selectionWillChange):
        * editing/Editor.h:
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::selectionWillChange):
        * loader/EmptyClients.h:
        * page/EditorClient.h:

2016-11-04  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Clean up more transaction abort and exception throwing behavior from IDBObjectStore.
        https://bugs.webkit.org/show_bug.cgi?id=164424

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        This patch actually turns a handful of PASS to FAIL in the imported tests, but those are parts of the
        spec in flux/under discussion.

        We'll update either source or the tests as things are resolved.

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::rollbackInfoForVersionChangeAbort):

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::get):
        (WebCore::IDBObjectStore::putOrAdd):
        (WebCore::IDBObjectStore::rollbackForVersionChangeAbort):

2016-11-04  Ryosuke Niwa  <rniwa@webkit.org>

        Load stylesheets in link elements inside a connected shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=160683
        <rdar://problem/29040652>

        Reviewed by Antti Koivisto.

        Allow external stylesheets within a shadow tree by storing the appropriate style scope in HTMLLinkElement
        when it's connected to a document instead of always talking to document's style scope.

        Tests: fast/shadow-dom/link-element-in-shadow-tree.html
               fast/shadow-dom/selected-stylesheet-in-shadow-tree.html

       * html/HTMLLinkElement.cpp:
       (WebCore::HTMLLinkElement::HTMLLinkElement):
       (WebCore::HTMLLinkElement::~HTMLLinkElement):
       (WebCore::HTMLLinkElement::setDisabledState): Exit early when the element is not in a document as invoking
       didChangeActiveStyleSheetCandidates would require having a valid m_styleScope and process() already exits
       early when inDocument() is false.
       (WebCore::HTMLLinkElement::parseAttribute):
       (WebCore::HTMLLinkElement::process): Removed the early exit for when the element is in a shadow tree.
       (WebCore::HTMLLinkElement::insertedInto): Exit early unless this element has just become connected to
       a document instead of whenever its self-inclusive ancestor is inserted into a container.
       (WebCore::HTMLLinkElement::removedFrom): Ditto for removal. Also call removeStyleSheetCandidateNode after
       calling removePendingSheet since the latter depends on m_styleScope being not null.
       (WebCore::HTMLLinkElement::addPendingSheet):
       (WebCore::HTMLLinkElement::removePendingSheet):
       * html/HTMLLinkElement.h:
       * html/HTMLStyleElement.cpp:
       (WebCore::HTMLStyleElement::insertedInto): Only call inline style owner's insertedIntoDocument if this
       element has just become connected to a document.
       (WebCore::HTMLStyleElement::removedFrom): Ditto for the removal.
       * style/StyleScope.h:
       * svg/SVGStyleElement.cpp:
       (WebCore::SVGStyleElement::insertedInto): Ditto.
       (WebCore::SVGStyleElement::removedFrom): Ditto for the removal.

2016-11-04  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Add a setting and preferences to enable/disable async image decoding
        https://bugs.webkit.org/show_bug.cgi?id=164417

        Reviewed by Simon Fraser.

        Add an asyncImageDecodingEnabled setting. This setting controls whether an
        image "can" be asynchronously decoded on a separate thread or not. The
        function ImageSource::isAsyncDecodingRequired() will be used in conjunction
        with this setting to decide whether an image "should" be asynchronously
        decoded or not.

        * page/Settings.in:

2016-11-04  Tim Horton  <timothy_horton@apple.com>

        Apply post-landing review comments for r208347

        * dom/Element.cpp:
        (WebCore::Element::findAnchorElementForLink):
        Use attributeWithoutSynchronization.

        * page/PrintContext.cpp:
        (WebCore::PrintContext::spoolPage):
        (WebCore::PrintContext::spoolRect):
        (WebCore::PrintContext::collectLinkedDestinations):
        (WebCore::PrintContext::outputLinkedDestinations):
        * page/PrintContext.h:
        Pass Document by reference instead of Node by pointer,
        use ElementTraversal instead of NodeTraversal to avoid
        having to locally check the type, and null-check renderers.

2016-11-04  Myles C. Maxfield  <mmaxfield@apple.com>

        Implement WebGL2RenderingContext::copyBufferSubData()
        https://bugs.webkit.org/show_bug.cgi?id=164008

        Reviewed by Dean Jackson.

        Similar to previous work regarding WebGL 2 buffers, this method implements
        the ability to copy from one buffer to another without the data leaving
        the GPU.

        Test: fast/canvas/webgl/copyBufferSubData.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::copyBufferSubData):
        * html/canvas/WebGLBuffer.cpp:
        (WebCore::WebGLBuffer::associateCopyBufferSubData):
        * html/canvas/WebGLBuffer.h:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::copyBufferSubData):

2016-11-04  Simon Fraser  <simon.fraser@apple.com>

        Rename some ScrollingTree/Node-related functions to reduce the number of uses of "update"
        https://bugs.webkit.org/show_bug.cgi?id=164420

        Reviewed by Tim Horton.

        Rename:
            commitNewTreeState -> commitTreeState ("new" was redundant)
            updateBeforeChildren -> commitStateBeforeChildren
            updateAfterChildren -> commitStateAfterChildren

        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::commitTreeState):
        (WebCore::ScrollingTree::updateTreeFromStateNode):
        (WebCore::ScrollingTree::commitNewTreeState): Deleted.
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::commitStateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNode::updateBeforeChildren): Deleted.
        * page/scrolling/ScrollingTreeFrameScrollingNode.h:
        * page/scrolling/ScrollingTreeNode.h:
        (WebCore::ScrollingTreeNode::commitStateAfterChildren):
        (WebCore::ScrollingTreeNode::updateAfterChildren): Deleted.
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::commitStateBeforeChildren):
        (WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren):
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren): Deleted.
        (WebCore::ScrollingTreeScrollingNode::updateAfterChildren): Deleted.
        * page/scrolling/ScrollingTreeScrollingNode.h:
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::commitTreeState):
        (WebCore::ThreadedScrollingTree::commitNewTreeState): Deleted.
        * page/scrolling/ThreadedScrollingTree.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::commitStateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::commitStateAfterChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateBeforeChildren): Deleted.
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateAfterChildren): Deleted.
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::commitNewTreeState): Deleted.
        * page/scrolling/ios/ScrollingTreeIOS.h:
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::commitTreeState):
        * page/scrolling/mac/ScrollingTreeFixedNode.h:
        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::commitStateBeforeChildren):
        (WebCore::ScrollingTreeFixedNode::updateBeforeChildren): Deleted.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateBeforeChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateAfterChildren):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): Deleted.
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateAfterChildren): Deleted.
        * page/scrolling/mac/ScrollingTreeStickyNode.h:
        * page/scrolling/mac/ScrollingTreeStickyNode.mm:
        (WebCore::ScrollingTreeStickyNode::commitStateBeforeChildren):
        (WebCore::ScrollingTreeStickyNode::updateBeforeChildren): Deleted.

2016-11-03  Anders Carlsson  <andersca@apple.com>

        Add new 'other' Apple Pay button style
        https://bugs.webkit.org/show_bug.cgi?id=164384
        rdar://problem/28302528

        Reviewed by Dean Jackson.

        * DerivedSources.make:
        * WebCorePrefix.h:
        Add extension points.

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        Add ApplePayButtonType::Other.

        (WebCore::CSSPrimitiveValue::operator ApplePayButtonType):
        Add CSSValueOther.

        * css/CSSValueKeywords.in:
        Add other.

        * css/parser/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        Add CSSValueOther.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        Add CSSValueOther.

        * rendering/RenderThemeCocoa.mm:
        (WebCore::toPKPaymentButtonType):
        Handle ApplePayButtonType::Other.

        * rendering/style/RenderStyleConstants.h:
        Add ApplePayButtonType::Other.

2016-11-04  Antti Koivisto  <antti@apple.com>

        slotted() pseudo does not work with ID selector
        https://bugs.webkit.org/show_bug.cgi?id=160538
        <rdar://problem/28534529>

        Reviewed by Andreas Kling.

        When we saw an id selector while addin rules we immediately threw it into the m_idRules
        optimization bucket and bailed out. However selectors containing ::slotted must always end
        up in m_slottedPseudoElementRules list no matter what else is there.

        Fix by treating id like other selectors and only choosing the bucket after analysing all
        the selector components.

        Test: fast/shadow-dom/css-scoping-slot-with-id.html

        * css/RuleSet.cpp:
        (WebCore::RuleSet::addRule): Also made this use switch instead of a series of ifs.

2016-11-04  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Handle IDBObjectStore rename behavior properly when version change transaction aborts.
        https://bugs.webkit.org/show_bug.cgi?id=164416

        Reviewed by Beth Dakin.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::rollbackForVersionChangeAbort):

2016-11-04  Keith Rollin  <krollin@apple.com>

        NetworkSession: Add NetworkDataTask implementation for blobs
        https://bugs.webkit.org/show_bug.cgi?id=163939

        Reviewed by Alex Christensen.

        * WebCore.xcodeproj/project.pbxproj: Mark HTTPParsers.h and AsyncFileStream.h as private.
        * fileapi/AsyncFileStream.h: Add WEBCORE_EXPORT to AsyncFileStream class.
        * platform/network/BlobData.h: Add WEBCORE_EXPORT to length().
        * platform/network/HTTPParsers.h: Add WEBCORE_EXPORT to parseRange().
        * platform/network/ResourceResponseBase.h: Add WEBCORE_EXPORT to setHTTPHeaderField().

2016-11-04  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Use IDB-specific exceptions in places where the generic exceptions are currently used.
        https://bugs.webkit.org/show_bug.cgi?id=164406

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::setName):

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::setName):

2016-11-04  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Attempting to clear selection on ARIA listboxes results in crash
        https://bugs.webkit.org/show_bug.cgi?id=164331

        Reviewed by Chris Fleizach.

        The ATK code is using is<AccessibilityListBox>() to identify native listboxes.
        But is<AccessibilityListBox>() returns the value of isListBox() which returns
        true both for AccessibilityListBox instances as well as for AccessibilityObject
        instances which have an AccessibilityRole value of ListBoxRole. Because only
        native listboxes should be AccessibilityListBoxes, add isNativeListBox() so
        that we can distinguish native and ARIA listboxes.

        Tests: accessibility/aria-listbox-clear-selection-crash.html
               accessibility/listbox-clear-selection.html

        * accessibility/AccessibilityListBox.h:
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::isNativeListBox):
        (WebCore::AccessibilityObject::isListBox):

2016-11-04  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Throw the correct exceptions during IDBObjectStore/IDBIndex renaming.
        https://bugs.webkit.org/show_bug.cgi?id=164405

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::setName):

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::setName):

2016-11-04  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement ByteStreamController error()
        https://bugs.webkit.org/show_bug.cgi?id=164319

        Reviewed by Youenn Fablet.

        Implemented error() method of ReadableByteStreamController.

        Updated test expectations for error() and added IDL-related tests.

        * Modules/streams/ReadableByteStreamController.js:
        (error): Implemented.
        * Modules/streams/ReadableByteStreamInternals.js:
        (privateInitializeReadableByteStreamController):
        (isReadableByteStreamController): Added.
        (readableByteStreamControllerError): Added.
        (readableByteStreamControllerClearPendingPullIntos): Added.
        * Modules/streams/ReadableStream.js:
        (initializeReadableStream): More detailed error message.
        * Modules/streams/ReadableStreamDefaultController.js:
        (error): Removed unnecessary variable declaration.
        * bindings/js/WebCoreBuiltinNames.h: Added totalQueuedBytes.

2016-11-03  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Handle IDBIndex rename behavior properly when version change transaction aborts.
        https://bugs.webkit.org/show_bug.cgi?id=164403

        Reviewed by Alex Christensen.

        No new tests (Covered by existing test).

        * Modules/indexeddb/IDBIndex.cpp:
        (WebCore::IDBIndex::rollbackInfoForVersionChangeAbort): Only rollback the info if this index
          already existed before this version change transaction.

2016-11-03  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Introduce asynchronous backend createOffer API
        https://bugs.webkit.org/show_bug.cgi?id=164365

        Reviewed by Sam Weinig.

        Covered by existing tests.

        Removing PeerEndpointBackendClient as it is only RTCPeerConnection.
        This allows removing virtual for some functions.

        Moving MediaEndpointPeerClient::m_client to PeerEndpointBackendClient::m_peerConnection and making it a reference.

        Implementing createOffer at PeerConnectionBackend by splitting it in four sub-functions:
        - main createOffer, implemented at PeerConnectionBackend.
        - doCreateOffer implemented by subclasses (MediaEndpointPeerConnection).
        - createOfferSucceeded/createOfferFailed implemented by PeerConnectionBackend.

        * CMakeLists.txt:
        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::createMediaEndpointPeerConnection):
        (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
        (WebCore::MediaEndpointPeerConnection::doCreateOffer):
        (WebCore::MediaEndpointPeerConnection::createOfferTask):
        (WebCore::MediaEndpointPeerConnection::createAnswerTask):
        (WebCore::MediaEndpointPeerConnection::setLocalDescriptionTask):
        (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
        (WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
        (WebCore::MediaEndpointPeerConnection::createReceiver):
        (WebCore::MediaEndpointPeerConnection::replaceTrack):
        (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
        (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
        (WebCore::MediaEndpointPeerConnection::localDescriptionTypeValidForState):
        (WebCore::MediaEndpointPeerConnection::remoteDescriptionTypeValidForState):
        (WebCore::MediaEndpointPeerConnection::gotIceCandidate):
        (WebCore::MediaEndpointPeerConnection::doneGatheringCandidates):
        (WebCore::MediaEndpointPeerConnection::iceTransportStateChanged):
        (WebCore::MediaEndpointPeerConnection::createOffer): Deleted.
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOffer):
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::PeerConnectionBackend::createOfferFailed):
        (WebCore::createPeerConnectionBackend): Deleted.
        * Modules/mediastream/PeerConnectionBackend.h:
        (WebCore::PeerConnectionBackend::PeerConnectionBackend):
        (WebCore::PeerConnectionBackendClient::~PeerConnectionBackendClient): Deleted.
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        * Modules/mediastream/RTCPeerConnection.h:
        * WebCore.xcodeproj/project.pbxproj:

2016-11-03  Antti Koivisto  <antti@apple.com>

        REGRESSION (r207717): DumpRenderTree crashed in com.apple.WebCore: WebCore::Style::Scope::flushPendingUpdate + 16
        https://bugs.webkit.org/show_bug.cgi?id=164397
        <rdar://problem/29100135>

        Reviewed by Ryosuke Niwa.

        The problem here was that we were leaving stale pointers to Document::m_inDocumentShadowRoots set when
        using fast-path document teardown.

        (Patch and stories mostly by rniwa).

        * dom/Document.cpp:
        (WebCore::Document::~Document):
        (WebCore::Document::didInsertInDocumentShadowRoot):
        (WebCore::Document::didRemoveInDocumentShadowRoot):

            Improve asserts.

        * dom/Element.cpp:
        (WebCore::Element::removeShadowRoot):

            Remove the superfluous call to notifyChildNodeRemoved in Element::removeShadowRoot to
            avoid invoking notifyChildNodeRemoved during a document teardown, which is incorrect. It's sufficient that
            ~ShadowRoot calls ContainerNode::removeDetachedChildren(), and in turn removeDetachedChildrenInContainer()
            since the latter function tears down nodes via the deletion queue during a document destruction and use
            notifyChildNodeRemoved() on nodes that outlive the shadow root.

        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::~ShadowRoot):

            Take care to clean up inDocumentShadowRoots for fast-pathed destruction too.

        (WebCore::ShadowRoot::insertedInto):
        (WebCore::ShadowRoot::removedFrom):

            Improve ShadowRoot's insertedInto and removedFrom so that they only try to add and remove itself from
            m_inDocumentShadowRoots when the connected-ness changes.

2016-11-03  Simon Fraser  <simon.fraser@apple.com>

        Give all the geometry classes a single-argument scale() function for consistency
        https://bugs.webkit.org/show_bug.cgi?id=164400

        Reviewed by Zalan Bujtas.

        Add single-argument scale() to FloatPoint, FloatQuad, FloatSize and LayoutPoint, as well
        as adding one to GraphicsContext. Switch callers who passed the same value for sx and sy
        to the new functions.

        * dom/Document.cpp:
        (WebCore::Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale):
        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::init):
        (WebCore::MouseRelatedEvent::computeRelativePosition):
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::nodeFromPoint):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::spoolPage):
        * platform/cocoa/ThemeCocoa.mm:
        (WebCore::fitContextToBox):
        * platform/graphics/FloatPoint.h:
        (WebCore::FloatPoint::scale):
        * platform/graphics/FloatQuad.h:
        (WebCore::FloatQuad::scale):
        * platform/graphics/FloatSize.h:
        (WebCore::FloatSize::scale):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::applyDeviceScaleFactor):
        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContext::scale):
        * platform/graphics/LayoutPoint.h:
        (WebCore::LayoutPoint::scale):
        * platform/graphics/ca/TileCoverageMap.cpp:
        (WebCore::TileCoverageMap::update):
        * platform/graphics/ca/TileGrid.cpp:
        (WebCore::TileGrid::platformCALayerPaintContents):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::drawConsuming):
        (WebCore::ImageBuffer::draw):
        (WebCore::ImageBuffer::drawPattern):
        * platform/mac/ThemeMac.mm:
        (WebCore::paintToggleButton):
        (WebCore::paintButton):
        (WebCore::paintStepper):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::nodeAtPoint):
        * rendering/RenderMediaControls.cpp:
        (WebCore::getUnzoomedRectAndAdjustCurrentContext):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuList):
        (WebCore::RenderThemeMac::paintSliderThumb):
        (WebCore::RenderThemeMac::paintSearchField):
        (WebCore::RenderThemeMac::paintSearchFieldCancelButton):
        (WebCore::RenderThemeMac::paintSearchFieldResultsButton):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::selectionRectForTextFragment):
        (WebCore::SVGInlineTextBox::paintDecorationWithStyle):
        (WebCore::SVGInlineTextBox::paintTextWithShadows):
        * svg/SVGPathBlender.cpp:
        (WebCore::SVGPathBlender::blendAnimatedFloatPoint):
        (WebCore::SVGPathBlender::blendArcToSegment):
        * svg/SVGPathParser.cpp:
        (WebCore::SVGPathParser::parseCurveToCubicSmoothSegment):
        (WebCore::SVGPathParser::parseCurveToQuadraticSegment):
        (WebCore::SVGPathParser::parseCurveToQuadraticSmoothSegment):
        (WebCore::SVGPathParser::decomposeArcToCubic):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::localCoordinateSpaceTransform):

2016-11-03  Antti Koivisto  <antti@apple.com>

        REGRESSION (r207669): Crash under media controls shadow root construction
        https://bugs.webkit.org/show_bug.cgi?id=164381
        <rdar://problem/28935401>

        Reviewed by Simon Fraser.

        The problem is that we are running a script for media control UA shadow tree in HTMLMediaElement::insertedInto.
        It is not safe to run scripts in insertedInto as the tree is in inconsistent state. Instead finishedInsertingSubtree
        callback should be used.

        Test: media/media-controls-shadow-construction-crash.html

        Seen on https://www.theguardian.com/artanddesign/video/2013/oct/14/banksy-central-park-new-york-video

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::insertedInto):
        (WebCore::HTMLMediaElement::finishedInsertingSubtree):

            Move configureMediaControls() to finishedInsertingSubtree().

        * html/HTMLMediaElement.h:
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveComposedTree):

            Add an assert to make the bad state easier to hit in tests.

2016-11-03  Ryosuke Niwa  <rniwa@webkit.org>

        Add an assertion to diagnose stress GC bots test failures
        https://bugs.webkit.org/show_bug.cgi?id=164396

        Reviewed by Antti Koivisto.

        Added an assertion for calling ElementQueue::add while ElementQueue::invokeAll is in progress.
        This should never happen as long as all DOM API has an appropriate CEReactions IDL attribute.

        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionStack::ElementQueue::add):
        (WebCore::CustomElementReactionStack::ElementQueue::invokeAll):
        * dom/CustomElementReactionQueue.h:

2016-11-03  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Add the asynchronous image decoding mode
        https://bugs.webkit.org/show_bug.cgi?id=155546

        Reviewed by Simon Fraser.

        The asynchronous image decoding feature targets enhancing the rendering
        in two scenarios: the animated images and scrolling a page which large
        images. Enabling this feature for these two scenarios will be landed
        separately. 

        The goal of the asynchronous image decoding is to have the decoded image
        frame ready before it has to be drawn. Drawing an image does not have to
        wait the image frame to be decoded.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::frameImageAtIndex): Use the negation of frameHasValidNativeImageAtIndex().
        * platform/graphics/BitmapImage.h:
        (WebCore::BitmapImage::frameIsBeingDecodedAtIndex): Answers whether a frame is being decoded.
        (WebCore::BitmapImage::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
        (WebCore::BitmapImage::frameHasInvalidNativeImageAtIndex): Deleted.
        * platform/graphics/Image.h:
        (WebCore::Image::newFrameNativeImageAvailableAtIndex): Notifies the image with the availability of a frame NativeImage.
        * platform/graphics/ImageFrame.h:
        (WebCore::ImageFrame::isBeingDecoded): Answers whether the frame is being decoded.
        (WebCore::ImageFrame::hasValidNativeImage): Checks the validity of the frame.
        (WebCore::ImageFrame::hasInvalidNativeImage): Deleted.
        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::~ImageFrameCache): Asserts the decoding loop was ended before deleting the ImageFrameCache.
        (WebCore::ImageFrameCache::setFrameNativeImageAtIndex): Rename this function to matches the other which take the frame index.
        (WebCore::ImageFrameCache::setFrameMetadataAtIndex): Ditto.
        (WebCore::ImageFrameCache::replaceFrameNativeImageAtIndex): It setts the ImageFrame's members and updates the decoded size.
        (WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Replaces the frame NativeImage and notifies the Image with the new frame.
        (WebCore::ImageFrameCache::decodingQueue): Ensures the decoding WorkQueue is created and returns it.
        (WebCore::ImageFrameCache::startAsyncDecodingQueue): Starts a decoding WorkQueue which loops until m_frameRequestQueue is closed.
        (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex): Allows ImageSource to send a request to start asynchronous frame image decoding.
        (WebCore::ImageFrameCache::stopAsyncDecodingQueue): Stops the decoding WorkQueue by closing m_frameRequestQueue.
        (WebCore::ImageFrameCache::frameAtIndex): Call replaceFrameNativeImageAtIndex().
        (WebCore::ImageFrameCache::frameIsBeingDecodedAtIndex): Returns true if a request for the image frame is issued but not finished yet.
        (WebCore::ImageFrameCache::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
        (WebCore::ImageFrameCache::setFrameNativeImage): Deleted. Was renamed to be setFrameNativeImageAtIndex.
        (WebCore::ImageFrameCache::setFrameMetadata): Deleted. Was renamed to be setFrameMetadataAtIndex
        (WebCore::ImageFrameCache::frameHasInvalidNativeImageAtIndex): Deleted. Was renamed to be frameHasValidNativeImageAtIndex.
        * platform/graphics/ImageFrameCache.h:
        (WebCore::ImageFrameCache::create): The decoding queue needs to hold a reference to this class so it can stop decoding safely without blocking.
        (WebCore::ImageFrameCache::hasDecodingQueue): Returns true if a decoding queue has started.
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::ImageSource): Call ImageFrameCache::create().
        (WebCore::ImageSource::clear): Deleting the decoder is unnecessary for asynchronous decoding because ImageFrameCache manages all the memory.
        
        (WebCore::ImageSource::destroyDecodedData):
        (WebCore::ImageSource::destroyDecodedDataIfNecessary):
        (WebCore::ImageSource::ensureDecoderAvailable):
        (WebCore::ImageSource::dataChanged):
        (WebCore::ImageSource::isAllDataReceived):
        (WebCore::ImageSource::isAsyncDecodingRequired): Answers the question whether the async image decoding is required for this ImageSource.
        (WebCore::ImageSource::frameImageAtIndex):
        * platform/graphics/ImageSource.h:
        (WebCore::ImageSource::decodedSize):
        (WebCore::ImageSource::requestFrameAsyncDecodingAtIndex):
        (WebCore::ImageSource::stopAsyncDecodingQueue):
        (WebCore::ImageSource::isSizeAvailable):
        (WebCore::ImageSource::frameCount):
        (WebCore::ImageSource::repetitionCount):
        (WebCore::ImageSource::filenameExtension):
        (WebCore::ImageSource::hotSpot):
        (WebCore::ImageSource::size):
        (WebCore::ImageSource::sizeRespectingOrientation):
        (WebCore::ImageSource::singlePixelSolidColor):
        (WebCore::ImageSource::frameIsBeingDecodedAtIndex):
        (WebCore::ImageSource::frameIsCompleteAtIndex):
        (WebCore::ImageSource::frameHasAlphaAtIndex):
        (WebCore::ImageSource::frameHasImageAtIndex):
        (WebCore::ImageSource::frameSubsamplingLevelAtIndex):
        (WebCore::ImageSource::frameSizeAtIndex):
        (WebCore::ImageSource::frameBytesAtIndex):
        (WebCore::ImageSource::frameDurationAtIndex):
        (WebCore::ImageSource::frameOrientationAtIndex):
         Make m_frameCache a type Ref<ImageFrameCache>. Use '->' instead of '.' when accessing its members.

        (WebCore::ImageSource::frameHasValidNativeImageAtIndex): Checks the validity of a frame.
        (WebCore::ImageSource::frameHasInvalidNativeImageAtIndex): Deleted. Was renamed to be frameHasValidNativeImageAtIndex.

2016-11-03  Myles C. Maxfield  <mmaxfield@apple.com>

        [WebGL2] Implement getBufferSubData()
        https://bugs.webkit.org/show_bug.cgi?id=164111

        Reviewed by Dean Jackson.

        The call exists in OpenGL 3.2 but in order to have parity with
        OpenGL ES 3 we back it with glMapBufferRange() instead.

        This patch simply adds surface area to GraphicsContext3D
        until we can get an ANGLE implementation of it.

        When testing this patch I discovered that r207649 incorrectly
        interpreted arguments to bufferData() and bufferSubData() as
        byte offsets. Instead, they should be element indices. This
        patch fixes those functions to work correctly so that
        getBufferSubData() can be tested correctly.

        Tests: fast/canvas/webgl/webgl2-buffers.html
               fast/canvas/webgl/getBufferSubData-webgl1.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::arrayBufferViewElementSize):
        (WebCore::WebGL2RenderingContext::bufferData):
        (WebCore::WebGL2RenderingContext::bufferSubData):
        (WebCore::WebGL2RenderingContext::getBufferSubData):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.idl:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::getBufferSubData):
        (WebCore::GraphicsContext3D::mapBufferRange):
        (WebCore::GraphicsContext3D::unmapBuffer):

2016-11-03  Chris Dumez  <cdumez@apple.com>

        Unreviewed, mark support for the 'download' attribute as 'Done'.

        * features.json:

2016-11-03  Chris Dumez  <cdumez@apple.com>

        [WK2][Cocoa] Implement user interface for HTML form validation
        https://bugs.webkit.org/show_bug.cgi?id=164143
        <rdar://problem/28944652>

        Reviewed by Simon Fraser.

        Add ValidationBubble class to show HTML form validation messages
        using native dialogs. It currently has an implementation for both
        Mac and iOS. It is in WebCore under platform/ so that it can be
        used by both WebKit1 and WebKit2.

        Update ownership of ValidationMessageClient so that is is owned
        by the Page using a unique_ptr<>, which seems to be the modern
        way of handling lifetime for page clients.

        Test: fast/forms/validation-messages.html

        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::focusAndShowValidationMessage):
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::updateValidationMessage):
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::~Page):
        * page/Page.h:
        (WebCore::Page::validationMessageClient):
        * page/PageConfiguration.cpp:
        * page/PageConfiguration.h:
        * platform/ValidationBubble.h: Copied from Tools/DumpRenderTree/mac/UIScriptControllerMac.mm.
        (WebCore::ValidationBubble::message):
        * platform/ios/ValidationBubbleIOS.mm: Added.
        (-[WebValidationBubbleDelegate adaptivePresentationStyleForPresentationController:traitCollection:]):
        (WebCore::ValidationBubble::ValidationBubble):
        (WebCore::ValidationBubble::~ValidationBubble):
        (WebCore::ValidationBubble::show):
        (WebCore::ValidationBubble::setAnchorRect):
        * platform/mac/ValidationBubbleMac.mm: Added.
        (WebCore::ValidationBubble::ValidationBubble):
        (WebCore::ValidationBubble::~ValidationBubble):
        (WebCore::ValidationBubble::showRelativeTo):

2016-11-03  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Rename IDBKeyRange.contains to IDBKeyRange.includes.
        https://bugs.webkit.org/show_bug.cgi?id=164383

        Reviewed by Beth Dakin.

        No new tests (Updated existing tests).

        * Modules/indexeddb/IDBKeyRange.cpp:
        (WebCore::IDBKeyRange::includes):
        (WebCore::IDBKeyRange::contains): Deleted.
        * Modules/indexeddb/IDBKeyRange.h:
        * Modules/indexeddb/IDBKeyRange.idl:

2016-11-03  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r208302.

        This change causes LayoutTest crashes under GuardMalloc.

        Reverted changeset:

        "Load stylesheets in link elements inside a connected shadow
        tree"
        https://bugs.webkit.org/show_bug.cgi?id=160683
        http://trac.webkit.org/changeset/208302

2016-11-03  Chris Dumez  <cdumez@apple.com>

        Unreviewed, add HTML5 specification for HTML Interactive Form Validation feature.

        * features.json:

2016-11-03  Chris Dumez  <cdumez@apple.com>

        Unreviewed, add HTML Interactive Form Validation to features.json

        * features.json:

2016-11-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        Unreviewed, rolling out due to crash in Amazon web site
        https://bugs.webkit.org/show_bug.cgi?id=164380
        <rdar://problem/29094221>

        * dom/Node.idl:
        * domjit/JSNodeDOMJIT.cpp:
        (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
        (WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter): Deleted.

2016-11-03  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Support binary keys.
        <rdar://problem/28806927> and https://bugs.webkit.org/show_bug.cgi?id=164359

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/binary-keys-1-private.html
               storage/indexeddb/modern/binary-keys-1.html
               Changes to other existing tests.

        * Modules/indexeddb/IDBKey.cpp:
        (WebCore::IDBKey::createBinary):
        (WebCore::IDBKey::IDBKey):
        (WebCore::IDBKey::compare):
        * Modules/indexeddb/IDBKey.h:
        (WebCore::IDBKey::binary):
        (WebCore::compareBinaryKeyData):

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::IDBKeyData):
        (WebCore::IDBKeyData::maybeCreateIDBKey):
        (WebCore::IDBKeyData::isolatedCopy):
        (WebCore::IDBKeyData::encode):
        (WebCore::IDBKeyData::decode):
        (WebCore::IDBKeyData::compare):
        (WebCore::IDBKeyData::loggingString):
        (WebCore::IDBKeyData::operator==):
        * Modules/indexeddb/IDBKeyData.h:
        (WebCore::IDBKeyData::hash):
        (WebCore::IDBKeyData::encode):
        (WebCore::IDBKeyData::decode):

        * Modules/indexeddb/IndexedDB.h: Add new enum for the new key type.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::toJS):
        (WebCore::createIDBKeyFromValue):

        * platform/ThreadSafeDataBuffer.h:
        (WebCore::ThreadSafeDataBufferImpl::ThreadSafeDataBufferImpl):
        (WebCore::ThreadSafeDataBuffer::copyData):
        (WebCore::ThreadSafeDataBuffer::size):
        (WebCore::ThreadSafeDataBuffer::operator==):
        (WebCore::ThreadSafeDataBuffer::ThreadSafeDataBuffer):

2016-11-03  Tim Horton  <timothy_horton@apple.com>

        Printing to PDF should produce internal links when HTML has internal links
        https://bugs.webkit.org/show_bug.cgi?id=112081
        <rdar://problem/5955705>

        Reviewed by Simon Fraser.
        Patch originally by David Lattimore.

        No new tests, as it's unclear how to test PDF output.

        * dom/Element.cpp:
        (WebCore::Element::findAnchorElementForLink):
        * dom/Element.h:
        Add findAnchorElementForLink, which looks up the anchor element corresponding
        to the current element's href, and also returns the fragment name as an out parameter.

        * page/PrintContext.cpp:
        (WebCore::PrintContext::PrintContext):
        (WebCore::PrintContext::spoolPage):
        (WebCore::PrintContext::spoolRect):
        (WebCore::PrintContext::end):
        (WebCore::PrintContext::collectLinkedDestinations):
        (WebCore::PrintContext::outputLinkedDestinations):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::addPDFURLRect):
        Plumb internal links (fragment links) through to GraphicsContext, using
        the fragment name from the page.

        * page/PrintContext.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::supportsInternalLinks):
        (WebCore::GraphicsContext::setDestinationForRect):
        (WebCore::GraphicsContext::addDestinationAtPoint):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::supportsInternalLinks):
        (WebCore::GraphicsContext::setDestinationForRect):
        (WebCore::GraphicsContext::addDestinationAtPoint):
        Plumb internal links through to the CGContext. Apply the CTM, because
        these functions expect positions in global coordinates.

        * platform/graphics/win/GraphicsContextDirect2D.cpp:
        (WebCore::GraphicsContext::setURLForRect):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::setURLForRect):
        Adjust setURLForRect to take a FloatRect, like everything else, and
        stop rounding.

2016-11-03  Alex Christensen  <achristensen@webkit.org>

        Unreviewed, rolling out r208298.
        https://bugs.webkit.org/show_bug.cgi?id=163939

        caused asan crashes

        Reverted changeset:

        "NetworkSession: Add NetworkDataTask implementation for blobs"
        https://bugs.webkit.org/show_bug.cgi?id=163939
        http://trac.webkit.org/changeset/208298

2016-11-03  Brent Fulgham  <bfulgham@apple.com>

        [Win][Direct2D] Native Windows widgets are drawn upside-down
        https://bugs.webkit.org/show_bug.cgi?id=164370

        Reviewed by Alex Christensen.

        When we return from drawing in GDI code, we need to flip the resulting
        bitmap so that it draws in the proper orientation in Direct2D.

        Tested by existing widget tests.

        * platform/graphics/win/GraphicsContextDirect2D.cpp:
        (WebCore::GraphicsContext::releaseWindowsContext): Flip before drawing
        to our Direct2D context.

2016-11-01  Gavin Barraclough  <barraclough@apple.com>

        Remove PageThrottler & all related code
        https://bugs.webkit.org/show_bug.cgi?id=164302

        Reviewed by Ryosuke Niwa.

        All relevant information now available from the ActivityState.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setMuted):
        (WebCore::HTMLMediaElement::updateVolume):
        (WebCore::HTMLMediaElement::updatePlayState):
        (WebCore::HTMLMediaElement::updateAudioAssertionState): Deleted.
        * html/HTMLMediaElement.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::completed):
        (WebCore::FrameLoader::started):
        * loader/FrameLoader.h:
        * page/ChromeClient.h:
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::pageActivityStateChanged): Deleted.
        (WebCore::Page::pageThrottler): Deleted.
        * page/PageThrottler.cpp: Removed.
        * page/PageThrottler.h: Removed.

2016-11-03  Dan Bernstein  <mitz@apple.com>

        REGRESSION (r206247): Painting milestones can be delayed until the next layer flush
        https://bugs.webkit.org/show_bug.cgi?id=164340
        <rdar://problem/29074344>

        Reviewed by Tim Horton.

        To give WebKit a chance to deliver the painting milestones to its client after the commit,
        we must tell it about them before or during the commit. To that end, we should not defer
        the call to firePaintRelatedMilestonesIfNeeded until after the commit.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor): Removed
          m_paintRelatedMilestonesTimer initializer.
        (WebCore::RenderLayerCompositor::didPaintBacking): Call
          FrameView::firePaintRelatedMilestonesIfNeeded directly from here.
        (WebCore::RenderLayerCompositor::paintRelatedMilestonesTimerFired): Deleted.
        * rendering/RenderLayerCompositor.h:

2016-11-03  Antti Koivisto  <antti@apple.com>

        imported/mozilla/svg/paint-order-01.svg and imported/mozilla/svg/paint-order-02.svg are flaky failures
        https://bugs.webkit.org/show_bug.cgi?id=164355

        Reviewed by Ryosuke Niwa.

        Revert one change from https://trac.webkit.org/changeset/207669 to see if it is causing flakiness in
        some XML based tests.

        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::end):

2016-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>

        Unreviewed, fix CLoop build after r208320.
        https://bugs.webkit.org/show_bug.cgi?id=162980

        Guard with ENABLE(JIT).

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:

2016-11-02  Brady Eidson  <beidson@apple.com>

        Expand upon IndexedDB status in features.json.
        
        * features.json:

2016-11-02  Myles C. Maxfield  <mmaxfield@apple.com>

        CSS.supports("font-variation-settings", "'wght' 500") erroneously returns false
        https://bugs.webkit.org/show_bug.cgi?id=164244

        Reviewed by Michael Catanzaro.

        Because we weren't passing a Document into CSSParserContext's constructor,
        there was no way for our parser to know whether the runtime switch was on
        or not. Instead, we can use the CallWith attribute in the IDL file to pass
        in a Document.

        Test: fast/text/variations/css-supports-runtime-switch.html

        * css/DOMCSSNamespace.cpp:
        (WebCore::DOMCSSNamespace::supports):
        * css/DOMCSSNamespace.h:
        * css/DOMCSSNamespace.idl:

2016-11-02  Yusuke Suzuki  <utatane.tea@gmail.com>

        [DOMJIT] Add DOMJIT::Signature
        https://bugs.webkit.org/show_bug.cgi?id=162980

        Reviewed by Saam Barati and Sam Weinig.

        We introduce DOMJIT::Signature. This signature object is automatically generated by IDL code generator.
        It holds (1) types, (2) pointer to the unsafe function (the function without checks), and (3) the effect
        of the function. We use constexpr to initialize DOMJIT::Signature without invoking global constructors.
        Thus the content is embedded into the binary as the constant values.

        We also clean up the IDL code generator related to DOMJIT part. Instead of switching things inside IDL
        code generator, we use C++ template to dispatch things at compile time. This template meta programming
        is highly utilized in IDL these days.

        To make DOMJIT::Signature constexpr, we also need to define DOMJIT abstract heap things in the build time.
        To do so, we introduce a tiny Ruby script to calculate the range of abstract heaps. We can offer the abstract
        heap tree as YAML format and the script will produce a C++ header holding the calculated abstract heap ranges

        * CMakeLists.txt:
        * DerivedSources.make:
        * ForwardingHeaders/bytecode/SpeculatedType.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.h.
        * ForwardingHeaders/domjit/DOMJITSignature.h: Renamed from Source/WebCore/domjit/DOMJITAbstractHeapRepository.cpp.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GeneratePropertiesHashTable):
        (GetUnsafeArgumentType):
        (GetArgumentTypeFilter):
        (GetResultTypeFilter):
        (GenerateImplementation):
        (UnsafeToNative):
        (GenerateHashTableValueArray):
        (ComputeFunctionSpecial):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
        (WebCore::BindingCaller<JSTestDOMJIT>::castForOperation):
        (WebCore::TestDOMJITAnyAttrDOMJIT::TestDOMJITAnyAttrDOMJIT):
        (WebCore::TestDOMJITBooleanAttrDOMJIT::TestDOMJITBooleanAttrDOMJIT):
        (WebCore::TestDOMJITByteAttrDOMJIT::TestDOMJITByteAttrDOMJIT):
        (WebCore::TestDOMJITOctetAttrDOMJIT::TestDOMJITOctetAttrDOMJIT):
        (WebCore::TestDOMJITShortAttrDOMJIT::TestDOMJITShortAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedShortAttrDOMJIT::TestDOMJITUnsignedShortAttrDOMJIT):
        (WebCore::TestDOMJITLongAttrDOMJIT::TestDOMJITLongAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedLongAttrDOMJIT::TestDOMJITUnsignedLongAttrDOMJIT):
        (WebCore::TestDOMJITLongLongAttrDOMJIT::TestDOMJITLongLongAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedLongLongAttrDOMJIT::TestDOMJITUnsignedLongLongAttrDOMJIT):
        (WebCore::TestDOMJITFloatAttrDOMJIT::TestDOMJITFloatAttrDOMJIT):
        (WebCore::TestDOMJITUnrestrictedFloatAttrDOMJIT::TestDOMJITUnrestrictedFloatAttrDOMJIT):
        (WebCore::TestDOMJITDoubleAttrDOMJIT::TestDOMJITDoubleAttrDOMJIT):
        (WebCore::TestDOMJITUnrestrictedDoubleAttrDOMJIT::TestDOMJITUnrestrictedDoubleAttrDOMJIT):
        (WebCore::TestDOMJITDomStringAttrDOMJIT::TestDOMJITDomStringAttrDOMJIT):
        (WebCore::TestDOMJITByteStringAttrDOMJIT::TestDOMJITByteStringAttrDOMJIT):
        (WebCore::TestDOMJITUsvStringAttrDOMJIT::TestDOMJITUsvStringAttrDOMJIT):
        (WebCore::TestDOMJITNodeAttrDOMJIT::TestDOMJITNodeAttrDOMJIT):
        (WebCore::TestDOMJITBooleanNullableAttrDOMJIT::TestDOMJITBooleanNullableAttrDOMJIT):
        (WebCore::TestDOMJITByteNullableAttrDOMJIT::TestDOMJITByteNullableAttrDOMJIT):
        (WebCore::TestDOMJITOctetNullableAttrDOMJIT::TestDOMJITOctetNullableAttrDOMJIT):
        (WebCore::TestDOMJITShortNullableAttrDOMJIT::TestDOMJITShortNullableAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedShortNullableAttrDOMJIT::TestDOMJITUnsignedShortNullableAttrDOMJIT):
        (WebCore::TestDOMJITLongNullableAttrDOMJIT::TestDOMJITLongNullableAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedLongNullableAttrDOMJIT::TestDOMJITUnsignedLongNullableAttrDOMJIT):
        (WebCore::TestDOMJITLongLongNullableAttrDOMJIT::TestDOMJITLongLongNullableAttrDOMJIT):
        (WebCore::TestDOMJITUnsignedLongLongNullableAttrDOMJIT::TestDOMJITUnsignedLongLongNullableAttrDOMJIT):
        (WebCore::TestDOMJITFloatNullableAttrDOMJIT::TestDOMJITFloatNullableAttrDOMJIT):
        (WebCore::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT::TestDOMJITUnrestrictedFloatNullableAttrDOMJIT):
        (WebCore::TestDOMJITDoubleNullableAttrDOMJIT::TestDOMJITDoubleNullableAttrDOMJIT):
        (WebCore::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT::TestDOMJITUnrestrictedDoubleNullableAttrDOMJIT):
        (WebCore::TestDOMJITDomStringNullableAttrDOMJIT::TestDOMJITDomStringNullableAttrDOMJIT):
        (WebCore::TestDOMJITByteStringNullableAttrDOMJIT::TestDOMJITByteStringNullableAttrDOMJIT):
        (WebCore::TestDOMJITUsvStringNullableAttrDOMJIT::TestDOMJITUsvStringNullableAttrDOMJIT):
        (WebCore::TestDOMJITNodeNullableAttrDOMJIT::TestDOMJITNodeNullableAttrDOMJIT):
        (WebCore::jsTestDOMJITPrototypeFunctionGetAttribute):
        (WebCore::jsTestDOMJITPrototypeFunctionGetAttributeCaller):
        (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetAttribute):
        (WebCore::jsTestDOMJITPrototypeFunctionItem):
        (WebCore::jsTestDOMJITPrototypeFunctionItemCaller):
        (WebCore::unsafeJsTestDOMJITPrototypeFunctionItem):
        (WebCore::jsTestDOMJITPrototypeFunctionHasAttribute):
        (WebCore::jsTestDOMJITPrototypeFunctionHasAttributeCaller):
        (WebCore::unsafeJsTestDOMJITPrototypeFunctionHasAttribute):
        (WebCore::jsTestDOMJITPrototypeFunctionGetElementById):
        (WebCore::jsTestDOMJITPrototypeFunctionGetElementByIdCaller):
        (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementById):
        (WebCore::jsTestDOMJITPrototypeFunctionGetElementsByName):
        (WebCore::jsTestDOMJITPrototypeFunctionGetElementsByNameCaller):
        (WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementsByName):
        * bindings/scripts/test/TestDOMJIT.idl:
        * dom/Element.idl:
        * domjit/DOMJITAbstractHeapRepository.yaml: Added.
        * domjit/DOMJITIDLConvert.h: Added.
        (WebCore::DOMJIT::DirectConverter<IDLDOMString>::directConvert<StringConversionConfiguration::Normal>):
        * domjit/DOMJITIDLType.h: Added.
        * domjit/DOMJITIDLTypeFilter.h: Added.
        * domjit/JSDocumentDOMJIT.cpp:
        (WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
        * domjit/JSNodeDOMJIT.cpp:
        (WebCore::NodeFirstChildDOMJIT::callDOMGetter):
        (WebCore::NodeLastChildDOMJIT::callDOMGetter):
        (WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
        (WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
        (WebCore::NodeParentNodeDOMJIT::callDOMGetter):
        (WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
        * domjit/generate-abstract-heap.rb: Added.

2016-11-02  Simon Fraser  <simon.fraser@apple.com>

        Followup after r208314.

        The style created for reflections contains transforms and a mask, so needs to get explicit
        z-index on it. This doesn't change rendering, since this layer has no children.

        Fixes assertions in various reflection tests.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):

2016-11-02  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r208025) GraphicsContext state stack assertions loading webkit.org
        https://bugs.webkit.org/show_bug.cgi?id=164350
        rdar://problem/29053414

        Reviewed by Dean Jackson.

        After r208025 it as possible for KeyframeAnimation::animate() to produce a RenderStyle
        with a non-1 opacity, but without the explicit z-index that triggers stacking context.
        This confused the RenderLayer paintWithTransparency code, triggering mismsatched GraphicsContext
        save/restores.

        This occurred when the runningOrFillingForwards state was mis-computed. keyframeAnim->animate()
        can spit out a new style when in the StartWaitTimer sometimes, so "!keyframeAnim->waitingToStart() && !keyframeAnim->postActive()"
        gave the wrong answser.

        Rather than depend on the super-confusing animation state, use a bool out param from animate() to say
        when it actually produced a new style, and when true, do the setZIndex(0).

        Test: animations/stacking-during-opacity-animation.html

        * page/animation/AnimationBase.h:
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::CSSPropertyAnimation::blendProperties): Log after blending so the log shows the blended style.
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::animate):
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::animate):
        * page/animation/ImplicitAnimation.h:
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::animate):
        * page/animation/KeyframeAnimation.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::restore):
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (PlatformCALayer::drawLayerContents): No functional change, but created scope for the
        GraphicsContext so that it didn't outlive the CGContextRestoreGState(context).
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers): New assertion that catches the problem earlier.

2016-11-02  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] [WebGL] Multisample resolve step may operate on stale data
        https://bugs.webkit.org/show_bug.cgi?id=164347

        Reviewed by Dean Jackson.

        When antialiasing is enabled, WebKit internally creates a multisampled FBO
        and uses that as the target of all the drawing commands. Then, just before
        we actually put the image on the glass, we perform a “resolve” step which
        averages all the samples to create the final image. However, it appears
        that this resolve step only waits for commands to complete which were
        already submitted to the hardware. OpenGL is allowed (indeed, expected) to
        batch up drawing commands in main memory so it can submit them to the
        hardware in fewer batches, but this means that the hardware may not know
        about all the commands that the application submitted. Because of this,
        the data the resolve step saw is the result of only some of the previous
        draw calls - not all of them.

        This doesn’t occur on macOS because we have a different code path there
        for performing the resolve step. On iOS 9 and below, WebKit didn’t
        implement multisampling in WebGL at all, which explains why this only
        occurs on iOS 10. 

        Luckily, the OpenGL command glFlush() is exactly designed to submit any
        pending commands to the hardware.

        Test: fast/canvas/webgl/multisample-resolve-consistency.html

        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::resolveMultisamplingIfNecessary):

2016-11-02  Brady Eidson  <beidson@apple.com>

        Give IDBKey(Data) a WTF::Variant overhaul.
        https://bugs.webkit.org/show_bug.cgi?id=164332

        Reviewed by Alex Christensen and Andy Estes.

        No new tests (Refactor, no behavior change).

        * Modules/indexeddb/IDBKey.cpp:
        (WebCore::IDBKey::IDBKey):
        (WebCore::IDBKey::isValid):
        (WebCore::IDBKey::compare):
        * Modules/indexeddb/IDBKey.h:
        (WebCore::IDBKey::array):
        (WebCore::IDBKey::string):
        (WebCore::IDBKey::date):
        (WebCore::IDBKey::number):
        (WebCore::IDBKey::IDBKey): Deleted.

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::IDBKeyData):
        (WebCore::IDBKeyData::maybeCreateIDBKey):
        (WebCore::IDBKeyData::isolatedCopy):
        (WebCore::IDBKeyData::encode):
        (WebCore::IDBKeyData::decode):
        (WebCore::IDBKeyData::compare):
        (WebCore::IDBKeyData::loggingString):
        (WebCore::IDBKeyData::setArrayValue):
        (WebCore::IDBKeyData::setStringValue):
        (WebCore::IDBKeyData::setDateValue):
        (WebCore::IDBKeyData::setNumberValue):
        (WebCore::IDBKeyData::operator==):
        * Modules/indexeddb/IDBKeyData.h:
        (WebCore::IDBKeyData::hash):
        (WebCore::IDBKeyData::string):
        (WebCore::IDBKeyData::date):
        (WebCore::IDBKeyData::number):
        (WebCore::IDBKeyData::array):
        (WebCore::IDBKeyData::encode):
        (WebCore::IDBKeyData::decode):

2016-11-01  Sam Weinig  <sam@webkit.org>

        [WebIDL] Move interfaces and typed arrays over to JSDOMConvert
        https://bugs.webkit.org/show_bug.cgi?id=164256

        Reviewed by Alex Christensen.

        - Add the ability to pass an "exception thrower" functor to the convert functions.
          This is only implemented for convert<IDLInterface<T>> and convert<IDLNullable<IDLInterface<T>>>
          for now, but can be extended for more types as necessary to improve exception messages.
        - Add support for using toJSNewlyCreated in JSDOMConvert.

        * bindings/generic/IDLTypes.h:
        (WebCore::IDLString::extractValueFromNullable):
        Use forwarding to simplify extraction function.

        (WebCore::IDLInterface::nullValue):
        Update nullValue to work for both RefPtr<T> and T*.

        (WebCore::IDLInterface::extractValueFromNullable):
        Use forwarding to simplify extraction function.

        * bindings/js/JSDOMConvert.h:
        (WebCore::DefaultExceptionThrower::operator()):
        Add a default "exception thrower" which throws a normal type error.

        (WebCore::convert):
        Add an overload of convert which takes an "exception thrower".

        (WebCore::toJSNewlyCreated):
        Add new overloaded function toJSNewlyCreated, matching the toJS overload set,
        which will return "newly created" values. This only works for types that implement
        a toJSNewlyCreated function for themselves.

        (WebCore::Converter<IDLNullable<T>>::convert):
        Fix the return type of Converter<IDLNullable<T>> to be specialized when
        T is an IDLInterface. In that case, we want to match the return type of
        inner converter.
        
        Also add implementation of convert overload that takes an "exception thrower".

        (WebCore::JSConverter<IDLNullable<T>>::convert):
        (WebCore::JSConverter<IDLNullable<T>>::convertNewlyCreated):
        Reimplement conversion to use forwarding of the value.

        (WebCore::Converter<IDLInterface<T>>::convert):
        Add support for an "exception thrower".

        (WebCore::Detail::getPtrOrRef):
        Add helper functions that extract either a pointer or reference, depending on the type,
        and const_casts it allowing the value to be used with toJS functions.

        (WebCore::JSConverter<IDLInterface<T>>::convert):
        Re-implement to support more varied input values.

        (WebCore::JSConverter<IDLInterface<T>>::convertNewlyCreated):
        Added. Forwards to overloaded toJSNewlyCreated functions.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToImplIncludesForIDLType):
        Add support for adding the right includes for SerializedScriptValue and Dictionary.

        (GetArgumentExceptionThrower):
        (GetAttributeExceptionThrower):
        Add helpers to generate "exception thrower" lambdas for wrappers and typed arrays
        being passed to setters and functions.

        (GenerateParametersCheck):
        Move around special cases so it is clear that it's not wrappers and typed arrays that
        need specialization here, it is now just EventListener and XPathNSResolver.

        (GetIDLInterfaceName):
        Add helper to get the InterfaceName for use in IDLInterface template.

        (GetBaseIDLType):
        Use new GetIDLInterfaceName helper.

        (IsValidContextForJSValueToNative):
        Remove IDLOperation as a valid context. It is not.

        (JSValueToNative):
        Move JSDOMConvert based conversion to the bottom, to show that everything above it
        is a special case that should be fixed. I have used explicit c-style if-statements
        to make it clear what the types of the exceptional cases are.

        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Add wrapper types and typed arrays to the list needing state and globalObject.

        (NativeToJSValue):
        Move JSDOMConvert based conversion to the bottom, to show that everything above it
        is a special case that should be fixed. I have used explicit c-style if-statements
        to make it clear what the types of the exceptional cases are.

        (JSValueToNativeIsHandledByDOMConvert): Deleted.
        (NativeToJSValueIsHandledByDOMConvert): Deleted.
        Remove predicates protecting use of JSDOMConvert now that it is the default.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        * bindings/scripts/test/JS/JSTestCallback.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        Update test results.

2016-11-02  David Kilzer  <ddkilzer@apple.com>

        Bug 164333: Add logging for "WebKit encountered an internal error" messages due to Network process crashes
        <https://webkit.org/b/164333>
        <rdar://problem/29072727>

        Reviewed by Alex Christensen.

        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::networkProcessCrashedKey):
        - Add implementation for new key method.
        * page/DiagnosticLoggingKeys.h:
        (WebCore::DiagnosticLoggingKeys::networkProcessCrashedKey):
        - Add declaration for new key method.

2016-11-02  Filip Pizlo  <fpizlo@apple.com>

        The GC should be in a thread
        https://bugs.webkit.org/show_bug.cgi?id=163562

        Reviewed by Geoffrey Garen and Andreas Kling.

        No new tests because existing tests cover this.
        
        We now need to be more careful about using JSLock. This fixes some places that were not
        holding it. New assertions in the GC are more likely to catch this than before.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::WorkerScriptController):

2016-11-02  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Include DebuggerAgent in Workers - see, pause, and step through scripts
        https://bugs.webkit.org/show_bug.cgi?id=164136
        <rdar://problem/29028462>

        Reviewed by Brian Burg.

        Tests: inspector/worker/debugger-pause.html
               inspector/worker/debugger-scripts.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorAllInOne.cpp:
        New file.

        * inspector/PageDebuggerAgent.h:
        * inspector/WorkerDebuggerAgent.cpp: Added.
        (WebCore::WorkerDebuggerAgent::WorkerDebuggerAgent):
        (WebCore::WorkerDebuggerAgent::~WorkerDebuggerAgent):
        (WebCore::WorkerDebuggerAgent::breakpointActionLog):
        (WebCore::WorkerDebuggerAgent::injectedScriptForEval):
        * inspector/WorkerDebuggerAgent.h: Added.
        DebuggerAgent customizations for Workers.

        * inspector/WorkerInspectorController.cpp:
        (WebCore::WorkerInspectorController::WorkerInspectorController):
        Add the new agent.

        * inspector/WorkerScriptDebugServer.cpp:
        (WebCore::WorkerScriptDebugServer::runEventLoopWhilePaused):
        Implement the nested run loop for Workers.

2016-11-02  Simon Fraser  <simon.fraser@apple.com>

        Add Battery Status to features.json, marked as "Removed".

        * features.json:

2016-11-02  Ryosuke Niwa  <rniwa@webkit.org>

        Load stylesheets in link elements inside a connected shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=160683
        <rdar://problem/29040652>

        Reviewed by Antti Koivisto.

        Allow external stylesheets within a shadow tree by storing the appropriate style scope in HTMLLinkElement
        when it's connected to a document instead of always talking to document's style scope.

        Also improve ShadowRoot's insertedInto and removedFrom so that they only try to add and remove itself from
        m_inDocumentShadowRoots when the connected-ness changes.

        This patch also removes the superfluous call to notifyChildNodeRemoved in Element::removeShadowRoot to
        avoid invoking notifyChildNodeRemoved during a document teardown, which is incorrect. It's sufficient that
        ~ShadowRoot calls ContainerNode::removeDetachedChildren(), and in turn removeDetachedChildrenInContainer()
        since the latter function tears down nodes via the deletion queue during a document destruction and use
        notifyChildNodeRemoved() on nodes that outlive the shadow root.

        Tests: fast/shadow-dom/link-element-in-shadow-tree.html
               fast/shadow-dom/selected-stylesheet-in-shadow-tree.html

       * dom/Document.cpp:
       (WebCore::Document::didInsertInDocumentShadowRoot): Assert that the shadow root is not in the set.
       (WebCore::Document::didRemoveInDocumentShadowRoot): Assert that the shadow root is not in the document as
       this function is now called after Node::removedFrom in ShadowRoot::removedFrom.
       * dom/Element.cpp:
       (WebCore::Element::removeShadowRoot): See the description above.
       * dom/ShadowRoot.cpp:
       (WebCore::ShadowRoot::insertedInto): Only call didInsertInDocumentShadowRoot when the this shadow root is
       newly connected to a document so we can add assertions in didInsertInDocumentShadowRoot.
       (WebCore::ShadowRoot::removedFrom): Ditto for the removal.
       * html/HTMLLinkElement.cpp:
       (WebCore::HTMLLinkElement::HTMLLinkElement):
       (WebCore::HTMLLinkElement::~HTMLLinkElement):
       (WebCore::HTMLLinkElement::setDisabledState): Exit early when the element is not in a document as invoking
       didChangeActiveStyleSheetCandidates would require having a valid m_styleScope and process() already exits
       early when inDocument() is false.
       (WebCore::HTMLLinkElement::parseAttribute):
       (WebCore::HTMLLinkElement::process): Removed the early exit for when the element is in a shadow tree.
       (WebCore::HTMLLinkElement::insertedInto): Exit early unless this element has just become connected to
       a document instead of whenever its self-inclusive ancestor is inserted into a container.
       (WebCore::HTMLLinkElement::removedFrom): Ditto for removal. Also call removeStyleSheetCandidateNode after
       calling removePendingSheet since the latter depends on m_styleScope being not null.
       (WebCore::HTMLLinkElement::addPendingSheet):
       (WebCore::HTMLLinkElement::removePendingSheet):
       * html/HTMLLinkElement.h:
       * html/HTMLStyleElement.cpp:
       (WebCore::HTMLStyleElement::insertedInto): Only call inline style owner's insertedIntoDocument if this
       element has just become connected to a document.
       (WebCore::HTMLStyleElement::removedFrom): Ditto for the removal.
       * style/StyleScope.h:
       * svg/SVGStyleElement.cpp:
       (WebCore::SVGStyleElement::insertedInto): Ditto.
       (WebCore::SVGStyleElement::removedFrom): Ditto for the removal.

2016-11-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Clean up new parser's grid layout ifdefs/runtime checking
        https://bugs.webkit.org/show_bug.cgi?id=164341

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeGridTrackRepeatFunction):
        (WebCore::consumeGridTrackList):
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-11-02  Alex Christensen  <achristensen@webkit.org>

        Remove Battery Status API from the tree
        https://bugs.webkit.org/show_bug.cgi?id=164213

        Reviewed by Sam Weinig.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * Modules/battery: Removed.
        * Modules/battery/BatteryClient.h: Removed.
        * Modules/battery/BatteryController.cpp: Removed.
        * Modules/battery/BatteryController.h: Removed.
        * Modules/battery/BatteryManager.cpp: Removed.
        * Modules/battery/BatteryManager.h: Removed.
        * Modules/battery/BatteryManager.idl: Removed.
        * Modules/battery/BatteryStatus.cpp: Removed.
        * Modules/battery/BatteryStatus.h: Removed.
        * Modules/battery/NavigatorBattery.cpp: Removed.
        * Modules/battery/NavigatorBattery.h: Removed.
        * Modules/battery/NavigatorBattery.idl: Removed.
        * PlatformEfl.cmake:
        * dom/EventTargetFactory.in:
        * platform/efl/BatteryProviderEfl.cpp: Removed.
        * platform/efl/BatteryProviderEfl.h: Removed.
        * platform/efl/BatteryProviderEflClient.h: Removed.
        * platform/glib/BatteryProviderUPower.cpp: Removed.
        * platform/glib/BatteryProviderUPower.h: Removed.
        * platform/glib/BatteryProviderUPowerClient.h: Removed.
        * testing/Internals.cpp:
        (WebCore::Internals::setBatteryStatus): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2016-11-02  Keith Rollin  <krollin@apple.com>

        NetworkSession: Add NetworkDataTask implementation for blobs
        https://bugs.webkit.org/show_bug.cgi?id=163939

        Reviewed by Alex Christensen.

        * WebCore.xcodeproj/project.pbxproj: Mark HTTPParsers.h and AsyncFileStream.h as private.
        * fileapi/AsyncFileStream.h: Add WEBCORE_EXPORT to AsyncFileStream class.
        * platform/network/BlobData.h: Add WEBCORE_EXPORT to length().
        * platform/network/HTTPParsers.h: Add WEBCORE_EXPORT to parseRange().
        * platform/network/ResourceResponseBase.h: Add WEBCORE_EXPORT to setHTTPHeaderField().

2016-11-02  Olivier Blin  <olivier.blin@softathome.com>

        [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation
        https://bugs.webkit.org/show_bug.cgi?id=163125

        Reviewed by Michael Catanzaro.

        No new tests, already covered by existing SubtleCrypto tests.

        * PlatformGTK.cmake: Use libgcrypt instead of gnutls.
        * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp: Added. Adapted from the GnuTLS backend.
        (WebCore::getGCryptDigestAlgorithm):
        (WebCore::calculateSignature):
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * platform/crypto/gcrypt/CryptoDigestGCrypt.cpp: Added. Adapted from the GnuTLS backend.
        (WebCore::CryptoDigest::CryptoDigest):
        (WebCore::CryptoDigest::~CryptoDigest):
        (WebCore::CryptoDigest::create):
        (WebCore::CryptoDigest::addBytes):
        (WebCore::CryptoDigest::computeHash):

2016-11-02  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION(r203289):Assertion in MathOperator::stretchTo() on Wikipedia Page
        https://bugs.webkit.org/show_bug.cgi?id=162933
        <rdar://problem/28570590>

        Reviewed by Dean Jackson.

        A debug assertion is triggered when an empty <mo> tag is used with a "stretchy" flag.

        We shouldn't be trying to apply stretch operations on an empty MathML element. Create a
        helper function (isStretchy) to encapsulate the fact that only non-empty elements with
        the 'MathMLOperatorDictionary::Stretchy' operator flag should have stretching applied.

        Test: mathml/empty-mo.html

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::stretchTo): Revise assertion to use new 'isStretchy' predicate.
        * rendering/mathml/RenderMathMLOperator.h:
        (WebCore::RenderMathMLOperator::isStretchy): Added.
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::computeLineVerticalStretch): Use new 'isStretchy' predicate.
        (WebCore::RenderMathMLRow::layoutRowItems): Ditto.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Ditto.
        (WebCore::RenderMathMLUnderOver::verticalParameters): Ditto.

2016-11-01  Dean Jackson  <dino@apple.com>

        Filter functions grayscale/invert/opacity/sepia should clamp values over 100%, not fail
        https://bugs.webkit.org/show_bug.cgi?id=164310

        Reviewed by Sam Weinig.

        When bringing up the new CSS parser, I discovered that our old parser was
        not conforming to the specification.

        Covered by existing tests.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseBuiltinFilterArguments): For these functions, clamp to
        100% rather than fail.

2016-11-02  Brent Fulgham  <bfulgham@apple.com>

        WebKit nullptr dereference Archive Subframe
        https://bugs.webkit.org/show_bug.cgi?id=164281
        <rdar://problem/28943006>

        Reviewed by Andy Estes.

        If the page is torn down during a load, we can attempt to use a deallocated
        (and nulled) document loader. Most places that use the "active document loader"
        null-check it before using, but there was one place that did not. This patch
        fixes that oversight.

        Test: fast/dom/crash-with-bad-url.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURLIntoChildFrame): Check that the active document
        loader is non-null before using.

2016-11-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support scroll-snap-* properties
        https://bugs.webkit.org/show_bug.cgi?id=164321

        Reviewed by Simon Fraser.

        * css/CSSPrimitiveValue.h:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertScrollSnapPoints):
        (WebCore::StyleBuilderConverter::convertSnapCoordinatePair):
        (WebCore::StyleBuilderConverter::convertScrollSnapCoordinates):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumePositionLonghand):
        (WebCore::consumePositionX):
        (WebCore::consumePositionY):
        (WebCore::consumePositionList):
        (WebCore::consumeScrollSnapDestination):
        (WebCore::consumeScrollSnapPoints):
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-11-02  David Kilzer  <ddkilzer@apple.com>

        Add logging for "WebKit encountered an internal error" messages
        <https://webkit.org/b/164272>
        <rdar://problem/28546064>

        Reviewed by Alex Christensen.

        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::internalErrorKey):
        (WebCore::DiagnosticLoggingKeys::invalidSessionIDKey):
        (WebCore::DiagnosticLoggingKeys::createSharedBufferFailedKey):
        (WebCore::DiagnosticLoggingKeys::synchronousMessageFailedKey):
        - Add implementations for new key methods.

        * page/DiagnosticLoggingKeys.h:
        (WebCore::DiagnosticLoggingKeys::internalErrorKey):
        (WebCore::DiagnosticLoggingKeys::invalidSessionIDKey):
        (WebCore::DiagnosticLoggingKeys::createSharedBufferFailedKey):
        (WebCore::DiagnosticLoggingKeys::synchronousMessageFailedKey):
        - Add declarations for new key methods.

2016-11-02  Zalan Bujtas  <zalan@apple.com>

        [Tables] Simplified layout skips captions.
        https://bugs.webkit.org/show_bug.cgi?id=164284

        Reviewed by David Hyatt.

        This patch ensures that we take care of simplified normalflow captions during layout.    

        Covered by fast/regions/table-caption-as-region.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layoutCaption):
        (WebCore::RenderTable::layoutCaptions): _caption_side is 2bits, can't use bitmask. 
        (WebCore::RenderTable::simplifiedNormalFlowLayout):
        (WebCore::RenderTable::layout):
        * rendering/RenderTable.h:

2016-11-02  Youenn Fablet  <youenn@apple.com>

        REGRESSION(r207753-207755): ASSERTION FAILED: m_parsedStyleSheetCache->isInMemoryCache()
        https://bugs.webkit.org/show_bug.cgi?id=163905

        Reviewed by Antti Koivisto.

        Covered by existing tests and http/tests/security/cached-cross-origin-shared-css-stylesheet.html

        Small refactoring to do more member fields initialization in StyleSheetContents header.
        Refactored StyleSheetContents::m_isInMemoryCache to be a counter instead of a boolean.
        This allows StyleSheetContents to be linked to several CachedCSSStyleSheets.

        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::addedToMemoryCache):
        (WebCore::StyleSheetContents::removedFromMemoryCache):
        * css/StyleSheetContents.h:
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::setBodyDataFrom): Making reuse of saveParsedStyleSheet to handle update of StyleSheetContents cache count.

2016-11-02  Carlos Garcia Campos  <cgarcia@igalia.com>