Add assertion to help track down WebCore::DocumentLoader::stopLoadingForPolicyChange...
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2015-02-10  Chris Dumez  <cdumez@apple.com>
2
3         Add assertion to help track down WebCore::DocumentLoader::stopLoadingForPolicyChange() crash
4         https://bugs.webkit.org/show_bug.cgi?id=141441
5         <rdar://problem/13811738>
6
7         Reviewed by Alexey Proskuryakov.
8
9         Add assertion to help track down a crash in
10         WebCore::DocumentLoader::stopLoadingForPolicyChange().
11
12         * loader/DocumentLoader.cpp:
13         (WebCore::DocumentLoader::~DocumentLoader):
14         Make sure the DocumentLoader is not waiting for a content policy
15         response when it is destroyed. If this were to happen, then the
16         lambda function passed to PolicyChecker::checkContentPolicy()
17         would outlive the DocumentLoader. This is an issue because
18         that lambda function captures [this], which is the DocumentLoader.
19         This would cause DocumentLoader::continueAfterContentPolicy() to
20         be called after the DocumentLoader has been destroyed, which would
21         explain the crash.
22
23 2015-02-07  Zalan Bujtas  <zalan@apple.com>
24
25         REGRESSION (r168046): Crash in WebCore::InlineBox::renderer / WebCore::RenderFlowThread::checkLinesConsistency
26         https://bugs.webkit.org/show_bug.cgi?id=133462
27
28         Reviewed by David Hyatt.
29
30         RenderFlowThread::m_lineToRegionMap stores pointers to the root inlineboxes in the block flow.
31         Normally root inlineboxes remove themselves from this map in their dtors. However when collapsing an anonymous block,
32         we detach the inline tree first and destroy them after. The detached root boxes can't access
33         the flowthread containing block and we end up with dangling pointers in this map.
34         Call removeFlowChildInfo() before detaching the subtree to ensure proper pointer removal.
35
36         Test: fast/multicol/newmulticol/crash-when-switching-to-floating.html
37
38         * rendering/RenderBlock.cpp:
39         (WebCore::RenderBlock::collapseAnonymousBoxChild):
40
41 2015-02-10  Julien Isorce  <j.isorce@samsung.com>
42
43         Render: properly update body's background image
44         https://bugs.webkit.org/show_bug.cgi?id=140183
45
46         When HTML and BODY renderers are both composited the
47         skipBodyBackground condition should also take into account
48         if the HTML's layer can draw its contents.
49
50         Reviewed by Darin Adler.
51
52         Test: animations/animation-background-image.html
53
54         * rendering/RenderBox.cpp:
55         (WebCore::skipBodyBackground): Do not skip
56         if document's layer cannot draw its content.
57         Previously both body and html did not paint the background
58         when they are both composited.
59
60         * rendering/RenderLayerBacking.cpp:
61         (WebCore::RenderLayerBacking::contentChanged): Also redisplay
62         the content.
63
64 2015-02-10  Eric Carlson  <eric.carlson@apple.com>
65
66         [iOS] don't get out of sync when interrupt/resume calls are not balanced
67         https://bugs.webkit.org/show_bug.cgi?id=141310
68
69         Reviewed by Jer Noble.
70
71         No new tests, updated media/video-interruption-with-resume-allowing-play.html.
72
73         * platform/audio/MediaSession.cpp:
74         (WebCore::MediaSession::beginInterruption): Count interruptions.
75         (WebCore::MediaSession::endInterruption): Ignore calls when m_interruptionCount is already zero.
76         * platform/audio/MediaSession.h:
77
78 2015-02-10  Carlos Garcia Campos  <cgarcia@igalia.com>
79
80         [GTK] GMutexLocker build issue
81         https://bugs.webkit.org/show_bug.cgi?id=141381
82
83         Reviewed by Žan Doberšek.
84
85         Use always WTF::GMutexLocker because newer glib versions have a
86         GMutexLocker in the public API.
87
88         * platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
89         (WebCore::AudioSourceProviderGStreamer::provideInput):
90         (WebCore::AudioSourceProviderGStreamer::handleAudioBuffer):
91         (WebCore::AudioSourceProviderGStreamer::clearAdapters):
92         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
93         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
94         (WebCore::MediaPlayerPrivateGStreamerBase::updateTexture):
95         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
96         (WebCore::MediaPlayerPrivateGStreamerBase::paint):
97         * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
98         (webkitVideoSinkTimeoutCallback):
99         (webkitVideoSinkRender):
100         (unlockSampleMutex):
101         (webkitVideoSinkUnlockStop):
102         (webkitVideoSinkStart):
103         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
104         (webKitWebSrcGetProperty):
105         (webKitWebSrcStop):
106         (webKitWebSrcStart):
107         (webKitWebSrcChangeState):
108         (webKitWebSrcQueryWithParent):
109         (webKitWebSrcGetUri):
110         (webKitWebSrcSetUri):
111         (webKitWebSrcNeedDataMainCb):
112         (webKitWebSrcNeedDataCb):
113         (webKitWebSrcEnoughDataMainCb):
114         (webKitWebSrcEnoughDataCb):
115         (webKitWebSrcSeekDataCb):
116         (webKitWebSrcSetMediaPlayer):
117         (StreamingClient::createReadBuffer):
118         (StreamingClient::handleResponseReceived):
119         (StreamingClient::handleDataReceived):
120         (StreamingClient::handleNotifyFinished):
121         (ResourceHandleStreamingClient::wasBlocked):
122         (ResourceHandleStreamingClient::cannotShowURL):
123
124 2015-02-09  Alex Christensen  <achristensen@webkit.org>
125
126         Update WEBCORE_EXPORT to prepare to start using it.
127         https://bugs.webkit.org/show_bug.cgi?id=141409
128
129         Reviewed by Tim Horton.
130
131         * bindings/js/JSDOMGlobalObject.h:
132         * bindings/objc/DOMInternal.h:
133         * bindings/objc/ExceptionHandlers.mm:
134         * bindings/objc/WebScriptObjectPrivate.h:
135         * bindings/scripts/CodeGeneratorJS.pm:
136         (GenerateHeader):
137         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
138         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
139         * bindings/scripts/test/JS/JSTestEventConstructor.h:
140         * bindings/scripts/test/JS/JSTestEventTarget.h:
141         * bindings/scripts/test/JS/JSTestException.h:
142         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
143         * bindings/scripts/test/JS/JSTestInterface.h:
144         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
145         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
146         * bindings/scripts/test/JS/JSTestNondeterministic.h:
147         * bindings/scripts/test/JS/JSTestObj.h:
148         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
149         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
150         * bindings/scripts/test/JS/JSTestTypedefs.h:
151         * bindings/scripts/test/JS/JSattribute.h:
152         * bindings/scripts/test/JS/JSreadonly.h:
153         * css/StyleProperties.h:
154         * dom/DeviceMotionData.h:
155         * dom/Node.h:
156         * dom/Position.h:
157         * dom/ScriptExecutionContext.h:
158         * editing/Editor.h:
159         * editing/htmlediting.h:
160         * html/HTMLInputElement.h:
161         * html/TimeRanges.h:
162         * loader/FrameLoader.h:
163         * loader/cache/CacheValidation.h:
164         * loader/cache/MemoryCache.h:
165         * loader/icon/IconDatabase.h:
166         * page/DatabaseProvider.h:
167         * page/DiagnosticLoggingKeys.h:
168         * page/EventHandler.h:
169         * page/FrameSnapshotting.h:
170         * page/MainFrame.h:
171         * page/PageConsoleClient.h:
172         * page/PageOverlay.h:
173         * platform/CrossThreadCopier.h:
174         * platform/FileSystem.h:
175         * platform/PlatformSpeechSynthesizer.h:
176         * platform/RemoteCommandListener.h:
177         * platform/RuntimeApplicationChecks.h:
178         * platform/graphics/Font.h:
179         * platform/graphics/FontCache.h:
180         * platform/graphics/FontGlyphs.h:
181         * platform/graphics/FontRanges.h:
182         * platform/graphics/GeometryUtilities.h:
183         * platform/graphics/GlyphPage.h:
184         * platform/graphics/Region.h:
185         * platform/graphics/ca/PlatformCALayer.h:
186         * platform/graphics/ca/TileController.h:
187         * platform/graphics/transforms/TransformationMatrix.h:
188         * platform/mac/WebCoreFullScreenWarningView.h:
189         * platform/network/BlobDataFileReference.h:
190         * platform/network/ResourceRequestBase.h:
191         * platform/network/ResourceResponseBase.h:
192         * platform/network/create-http-header-name-table:
193         * platform/network/mac/WebCoreURLResponse.h:
194         * platform/sql/SQLiteDatabaseTracker.h:
195         * platform/sql/SQLiteStatement.h:
196         * rendering/HitTestLocation.h:
197         * rendering/HitTestResult.h:
198         * storage/StorageEventDispatcher.h:
199         Added WEBCORE_EXPORT macros.
200
201 2015-02-09  Chris Dumez  <cdumez@apple.com>
202
203         Check for self-assignment in Length::operator=(const Length&)
204         https://bugs.webkit.org/show_bug.cgi?id=141402
205
206         Reviewed by Andreas Kling.
207
208         Check for self-assignment in Length::operator=(const Length&) as
209         calling memcpy() with the same source and destination addresses has
210         undefined behavior.
211
212         * platform/Length.h:
213         (WebCore::Length::operator=):
214
215 2015-02-09  Roger Fong  <roger_fong@apple.com>
216
217         WebGL: Update 1.0.2 conformance layout tests and address new failure.
218         https://bugs.webkit.org/show_bug.cgi?id=141408.
219         <rdar://problem/19773236>
220
221         Reviewed by Dean Jackson.
222
223         Tests covered by updated 1.0.2 conformance tests.
224
225         * html/canvas/WebGLRenderingContextBase.cpp: 
226         Return null string instead of empty string if parameter validation fails.
227         (WebCore::WebGLRenderingContextBase::getProgramInfoLog):
228         (WebCore::WebGLRenderingContextBase::getShaderInfoLog):
229         (WebCore::WebGLRenderingContextBase::getShaderSource):
230
231 2015-02-09  Timothy Horton  <timothy_horton@apple.com>
232
233         Avoid using a HashMap for DisplayRefreshMonitorManager, which rarely has more than one item
234         https://bugs.webkit.org/show_bug.cgi?id=141353
235
236         Reviewed by Anders Carlsson.
237
238         No new tests, because there's no behavior change.
239
240         * platform/graphics/DisplayRefreshMonitorManager.cpp:
241         (WebCore::DisplayRefreshMonitorManager::ensureMonitorForClient):
242         (WebCore::DisplayRefreshMonitorManager::unregisterClient):
243         (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):
244         * platform/graphics/DisplayRefreshMonitorManager.h:
245         Use a Vector of RefPtr<DisplayRefreshMonitor> instead of a HashMap
246         from uint64_t to RefPtr<DisplayRefreshMonitor>. There's usually only one
247         display, so there's usually only one DisplayRefreshMonitor. Linear search
248         on the Vector will be faster than the hash lookup in all conceivable cases.
249         This also avoids the situation mentioned in the comments in DisplayRefreshMonitorManager.h
250         where we don't know enough about PlatformDisplayID to safely hash it.
251
252 2015-02-09  Jer Noble  <jer.noble@apple.com>
253
254         [Mac] Disable the currentTime estimation code in HTMLMediaElement for Yosemite+
255         https://bugs.webkit.org/show_bug.cgi?id=141399
256
257         Reviewed by Eric Carlson.
258
259         Apparenty -[AVPlayer rate] means different things for HLS and progressive content; for progressive,
260         the -rate is the actual rate of playback. For HLS, the -rate is the requested rate, and will return
261         the requested value even if time is not progressing.
262
263         We added the currentTime estimation engine because asking AVFoundation for its -currentTime used to
264         be expensive, but we've been assured that in recent iOS and OS X releases, -currentTime should be
265         very fast. That, in combination with the HLS behavior of -rate and how it breaks the currentTime
266         estimation, means we should probably turn it off for iOS and Yosemite.
267
268         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
269         (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Move implementation to .mm.
270         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
271         (WebCore::MediaPlayerPrivateAVFoundationObjC::maximumDurationToCacheMediaTime): Disable on iOS and >=10.10.
272
273 2015-02-07  Roger Fong  <roger_fong@apple.com>
274
275         WebGL 2: Texture call format, internal format, and type validation.
276         https://bugs.webkit.org/show_bug.cgi?id=141318.
277         <rdar://problem/19733828>
278
279         Reviewed by Brent Fulgham.
280
281         Tests will be covered by WebGL2 conformance tests.
282
283         * html/canvas/WebGL2RenderingContext.cpp:
284         (WebCore::WebGL2RenderingContext::getFramebufferAttachmentParameter): Add missing ExceptionCode argument.
285         (WebCore::WebGL2RenderingContext::copyTexImage2D): Validate texture formats based on GLES3 spec.
286         (WebCore::WebGL2RenderingContext::texSubImage2DBase): Validate using internal format from texture target.
287         (WebCore::WebGL2RenderingContext::texSubImage2DImpl): Validate using internal format from texture target.
288         (WebCore::WebGL2RenderingContext::texSubImage2D): Validate using internal format from texture target.
289         (WebCore::WebGL2RenderingContext::validateTexFuncParameters): Do extra validation for copyTexImage2D.
290         (WebCore::WebGL2RenderingContext::validateTexFuncFormatAndType): Validate internal format, format and type combination.
291         (WebCore::WebGL2RenderingContext::validateTexFuncData): Validate new data types.
292         This method now accepts an internal format argument.
293         (WebCore::WebGL2RenderingContext::baseInternalFormatFromInternalFormat):
294         Helper method to convert internal format to base internal format.
295         * html/canvas/WebGL2RenderingContext.h:
296
297         * html/canvas/WebGLRenderingContext.cpp:
298         (WebCore::WebGLRenderingContext::copyTexImage2D): Moved from WebGLRenderingContextBase.
299         (WebCore::WebGLRenderingContext::texSubImage2DBase): Ditto.
300         (WebCore::WebGLRenderingContext::texSubImage2DImpl): Ditto.
301         (WebCore::WebGLRenderingContext::texSubImage2D): Ditto.
302         (WebCore::WebGLRenderingContext::validateTexFuncParameters): Ditto.
303         (WebCore::WebGLRenderingContext::validateTexFuncFormatAndType): Ditto.
304         (WebCore::WebGLRenderingContext::validateTexFuncData): Ditto.
305         * html/canvas/WebGLRenderingContext.h:
306
307         * html/canvas/WebGLRenderingContextBase.cpp:
308         (WebCore::WebGLRenderingContextBase::texImage2DBase):
309         (WebCore::WebGLRenderingContextBase::validateTexFunc):
310         (WebCore::WebGLRenderingContextBase::texImage2D):
311         (WebCore::WebGLRenderingContextBase::copyTexImage2D): Deleted.
312         (WebCore::WebGLRenderingContextBase::texSubImage2DBase): Deleted.
313         (WebCore::WebGLRenderingContextBase::texSubImage2DImpl): Deleted.
314         (WebCore::WebGLRenderingContextBase::texSubImage2D): Deleted.
315         (WebCore::WebGLRenderingContextBase::validateTexFuncFormatAndType): Deleted.
316         (WebCore::WebGLRenderingContextBase::validateTexFuncParameters): Deleted.
317         (WebCore::WebGLRenderingContextBase::validateTexFuncData): Deleted.
318         * html/canvas/WebGLRenderingContextBase.h: Modify validation type enums to differentiate between CopyImage, TexImage and TexSubImage calls.
319         (WebCore::ScopedDrawingBufferBinder::ScopedDrawingBufferBinder):  Moved from WebGLRenderingContextBase.
320         (WebCore::ScopedDrawingBufferBinder::~ScopedDrawingBufferBinder): Ditto.
321         (WebCore::clip1D): Ditto.
322         (WebCore::clip2D): Ditto.
323         * platform/graphics/GraphicsContext3D.h: Rename a typo'ed enum.
324
325 2015-02-09  Commit Queue  <commit-queue@webkit.org>
326
327         Unreviewed, rolling out r179494.
328         https://bugs.webkit.org/show_bug.cgi?id=141395
329
330         Caused slowdown in a WebKit client test scenario (Requested by
331         kling on #webkit).
332
333         Reverted changeset:
334
335         "[Cocoa] Make decoded image data purgeable ASAP."
336         https://bugs.webkit.org/show_bug.cgi?id=140298
337         http://trac.webkit.org/changeset/179494
338
339 2015-02-09  Jer Noble  <jer.noble@apple.com>
340
341         [WebAudio] AudioBufferSourceNodes should accurately play backwards if given a negative playbackRate.
342         https://bugs.webkit.org/show_bug.cgi?id=140955
343
344         Reviewed by Eric Carlson.
345
346         Tests: webaudio/audiobuffersource-negative-playbackrate-interpolated.html
347                webaudio/audiobuffersource-negative-playbackrate.html
348
349         Add support for playing an AudioBufferSourceNode at a negative playbackRate. Change the meaning of
350         start() to set the initial playback position at the end of the play range if the rate of playback
351         is negtive.
352
353         * Modules/webaudio/AudioBufferSourceNode.cpp:
354         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode): Allow the playbackRate AudioParam to range from [-32, 32].
355         (WebCore::AudioBufferSourceNode::renderFromBuffer): Change variable names from "start" and "end" to "min" and "max"
356             for clarity. Add a non-interpolated and interpolated render step for negative playback.
357         (WebCore::AudioBufferSourceNode::start): Drive-by fix: default value of grainDuration is not 0.02.
358         (WebCore::AudioBufferSourceNode::startPlaying): Start playing at the end of the buffer for negative playback.
359         (WebCore::AudioBufferSourceNode::totalPitchRate): Allow the pitch to be negative.
360
361 2015-02-09  Darin Adler  <darin@apple.com>
362
363         Try to fix build on platforms that use SVG "all in one" file (Windows).
364
365         * svg/SVGAElement.cpp: Don't do "using namespace HTMLNames;" outside of
366         function boundaries, because that will be inherited by other files.
367         (WebCore::SVGAElement::isURLAttribute): Use XLinkNames directly here
368         instead of using HTMLNames implicitly.
369
370         * svg/SVGElement.cpp: Don't do "using namespace HTMLNames;" outside of
371         function boundaries, because that will be inherited by other files.
372         (WebCore::populateAttributeNameToCSSPropertyIDMap): Instead do it in here.
373         (WebCore::populateAttributeNameToAnimatedPropertyTypeMap): And here.
374         (WebCore::populateCSSPropertyWithSVGDOMNameToAnimatedPropertyTypeMap): And here.
375         (WebCore::SVGElement::parseAttribute): And use HTMLNames directly here
376         instead of implicitly.
377
378 2015-02-09  Eric Carlson  <eric.carlson@apple.com>
379
380         [iOS] exit from fullscreen when player view controller calls delegate
381         https://bugs.webkit.org/show_bug.cgi?id=141350
382
383         Reviewed by Jer Noble.
384
385         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
386         (-[WebAVPlayerController playerViewControllerWillCancelOptimizedFullscree:]): New, ask delegate
387             to exit from fullscreen.
388
389 2015-02-06  Sergio Villar Senin  <svillar@igalia.com>
390
391         ASSERTION FAILED: resolvedInitialPosition <= resolvedFinalPosition in WebCore::GridSpan::GridSpan
392         https://bugs.webkit.org/show_bug.cgi?id=141328
393
394         Reviewed by Darin Adler.
395
396         Whenever
397         GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition()
398         was trying to place an item with span, it was completely ignoring
399         the resolvedInitialPosition returned by
400         GridResolvedPosition::resolveGridPositionAgainstOppositePosition()
401         and only using the finalResolvedPosition. This works with an
402         unlimited grid which can indefinitely grow. But if the item spans
403         over the grid track limits, then it might happen that the final
404         resolved position is placed before the initial resolved position,
405         something that is forbidden.
406
407         The solution is to directly use the GridSpan returned by
408         GridResolvedPosition::resolveGridPositionAgainstOppositePosition(), if the item
409         does not surpass the track limits then the returned initialResolvedPosition
410         is identical to the provided one, otherwise it's properly corrected to respect
411         track boundaries.
412
413         * rendering/style/GridResolvedPosition.cpp:
414         (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
415
416 2015-01-22  Sergio Villar Senin  <svillar@igalia.com>
417
418         [CSS Grid Layout] Tracks' growth limits must be >= base sizes
419         https://bugs.webkit.org/show_bug.cgi?id=140540
420
421         Reviewed by Antti Koivisto.
422
423         The track sizing algorithm is supposed to avoid those situations
424         but they easily (specially when we mix absolute lengths and
425         intrinsic lengths in min and max track sizing functions) and
426         frequently appear. In those cases the outcome from the algorithm
427         is wrong, tracks are not correctly sized.
428
429         In order to fulfill the restriction, m_usedBreadth and
430         m_maxBreadth are now private members of GridTrack and the class
431         now provides a couple of methods to modify them respecting the
432         growthLimit >= baseSize precondition.
433
434         Apart from that, the members and methods of GridTrack were also
435         renamed to match the ones used in the recent algorithm rewrite:
436         usedBreadth became baseSize and maxBreadth is now growthLimit.
437
438         Although the algorithm was not modified at all, this change
439         detected and fixed several invalid results (tracks and/or grids
440         bigger than expected).
441
442         * rendering/RenderGrid.cpp:
443         (WebCore::GridTrack::GridTrack): Renamed fields and methods. Added
444         assertions.
445         (WebCore::GridTrack::baseSize): Renamed from usedBreadth.
446         (WebCore::GridTrack::growthLimit): Renamed from maxBreadth.
447         (WebCore::GridTrack::setBaseSize):
448         (WebCore::GridTrack::setGrowthLimit):
449         (WebCore::GridTrack::growBaseSize): Renamed from growUsedBreadth.
450         (WebCore::GridTrack::growGrowthLimit): Renamed from growMaxBreadth.
451         (WebCore::GridTrack::growthLimitIsInfinite): New helper method.
452         (WebCore::GridTrack::growthLimitIfNotInfinite): Renamed from
453         maxBreadthIfNotInfinite.
454         (WebCore::GridTrack::isGrowthLimitBiggerThanBaseSize): New helper
455         method to verify ASSERTs are true.
456         (WebCore::GridTrack::ensureGrowthLimitIsBiggerThanBaseSize): Ditto.
457         (WebCore::GridTrackForNormalization::GridTrackForNormalization):
458         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
459         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
460         (WebCore::RenderGrid::computeNormalizedFractionBreadth):
461         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
462         (WebCore::sortByGridTrackGrowthPotential):
463         (WebCore::RenderGrid::distributeSpaceToTracks):
464         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
465         (WebCore::RenderGrid::layoutGridItems):
466         (WebCore::RenderGrid::gridAreaBreadthForChild):
467         (WebCore::RenderGrid::populateGridPositions):
468         (WebCore::GridTrack::growUsedBreadth): Renamed to growBaseSize.
469         (WebCore::GridTrack::usedBreadth): Renamed to baseSize.
470         (WebCore::GridTrack::growMaxBreadth): Renamed to growGrowthLimit.
471         (WebCore::GridTrack::maxBreadthIfNotInfinite): Renamed to
472         growthLimitIfNotInfinite.
473         * rendering/RenderGrid.h:
474
475 2015-02-08  Chris Fleizach  <cfleizach@apple.com>
476
477         AX: VoiceOver appears unresponsive when JavaScript alerts are triggered via focus or blur events
478         https://bugs.webkit.org/show_bug.cgi?id=140485
479
480         Reviewed by Anders Carlsson.
481
482         If setting an accessibility attribute results in a modal alert being displayed, it can cause VoiceOver
483         to hang. A simple solution is perform the actual work after a short delay, which will ensure the call
484         returns without hanging.
485
486         Test: platform/mac/accessibility/setting-attributes-is-asynchronous.html
487
488         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
489         (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]):
490         (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):
491
492 2015-02-08  Benjamin Poulain  <benjamin@webkit.org>
493
494         Add parsing support for CSS Selector L4's case-insensitive attribute
495         https://bugs.webkit.org/show_bug.cgi?id=141373
496
497         Reviewed by Darin Adler.
498
499         This patch adds parsing for the case-insensitive attribute value
500         matching of CSS Selectors Level 4: http://dev.w3.org/csswg/selectors-4/#attribute-case
501         Excuse of a grammar: http://dev.w3.org/csswg/selectors-4/#grammar
502
503         This patch also covers serialization for CSSOM. The serialization
504         is defined here: http://dev.w3.org/csswg/cssom/#serializing-selectors
505
506         Matching is completely ignored in this patch. All the simple selectors
507         are treated as regular attribute selectors.
508
509         Tests: fast/css/parsing-css-attribute-case-insensitive-value-1.html
510                fast/css/parsing-css-attribute-case-insensitive-value-2.html
511                fast/css/parsing-css-attribute-case-insensitive-value-3.html
512                fast/css/parsing-css-attribute-case-insensitive-value-4.html
513
514         * css/CSSGrammar.y.in:
515         * css/CSSParserValues.h:
516         (WebCore::CSSParserSelector::setAttributeValueMatchingIsCaseInsensitive):
517         * css/CSSSelector.cpp:
518         (WebCore::CSSSelector::CSSSelector):
519         (WebCore::CSSSelector::selectorText):
520         * css/CSSSelector.h:
521         (WebCore::CSSSelector::CSSSelector):
522         (WebCore::CSSSelector::setAttributeValueMatchingIsCaseInsensitive):
523         (WebCore::CSSSelector::attributeValueMatchingIsCaseInsensitive):
524
525 2015-02-08  Darin Adler  <darin@apple.com>
526
527         Fix CMake-based build.
528
529         * CMakeLists.txt: Added a dependency on the CMakeLists.txt itself, analogous
530         to the one I added in DerivedSources.make.
531
532 2015-02-08  Darin Adler  <darin@apple.com>
533
534         Fix debug build.
535
536         * bindings/js/JSEventListener.h: Removed a call to forwardEventListeners.
537
538 2015-02-08  Darin Adler  <darin@apple.com>
539
540         Remove the SVG instance tree
541         https://bugs.webkit.org/show_bug.cgi?id=140602
542
543         Reviewed by Dean Jackson.
544
545         * CMakeLists.txt: Removed SVGElementInstance source files.
546         * DerivedSources.cpp: Ditto.
547         * DerivedSources.make: Ditto.
548         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
549         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
550         * WebCore.xcodeproj/project.pbxproj: Ditto.
551         * bindings/js/JSBindingsAllInOne.cpp: Ditto.
552
553         * bindings/js/JSEventListener.cpp:
554         (WebCore::forwardsEventListeners): Deleted. Only returned true for JSSVGElementInstance.
555         (WebCore::correspondingElementWrapper): Deleted. Only used for JSSVGElementInstance.
556         (WebCore::createJSEventListenerForAttribute): Deleted. Argument type was JSSVGElementInstance.
557         (WebCore::createJSEventListenerForAdd): Removed most of the code; later we can delete this entirely.
558
559         * bindings/js/JSEventListener.h: Removed the overload of createJSEventListenerForAttribute
560         that takes a JSSVGElementInstance.
561
562         * bindings/js/JSSVGElementInstanceCustom.cpp: Removed.
563
564         * dom/ContainerNodeAlgorithms.h: Updated comment to reflect the fact that
565         this code is really now only used for ContainerNode and no longer needs to
566         exist in a generic form.
567
568         * dom/EventTarget.h: Removed forward declaration of SVGElementInstance.
569         * svg/SVGElement.h: Ditto.
570
571         * dom/EventTargetFactory.in: Removed SVGElementInstance.
572
573         * svg/SVGElementInstance.cpp: Removed.
574         * svg/SVGElementInstance.h: Removed.
575         * svg/SVGElementInstance.idl: Removed.
576
577         * svg/SVGUseElement.cpp:
578         (WebCore::SVGUseElement::insertedInto): Removed obsolete comment.
579         (WebCore::SVGUseElement::instanceTreeIsLoading): Deleted. Unused
580         function that I forgot to delete in my last patch. It also had a
581         glaring mistake, a missing "return" before the recursive call to
582         itself that would cause it to return false when it should return true.
583
584         * svg/SVGUseElement.h: Removed instanceTreeIsLoading.
585
586         * dom/EventDispatcher.cpp: Removed include of SVGElementInstance.h.
587         * page/EventHandler.cpp: Ditto.
588         * rendering/svg/RenderSVGViewportContainer.cpp: Ditto.
589         * svg/SVGAElement.cpp: Ditto.
590         * svg/SVGAllInOne.cpp: Ditto.
591         * svg/SVGAnimateMotionElement.cpp: Ditto.
592         * svg/SVGAnimatedTypeAnimator.h: Ditto.
593         * svg/SVGAnimationElement.cpp: Ditto.
594         * svg/SVGCircleElement.cpp: Ditto.
595         * svg/SVGClipPathElement.cpp: Ditto.
596         * svg/SVGComponentTransferFunctionElement.cpp: Ditto.
597         * svg/SVGCursorElement.cpp: Ditto.
598         * svg/SVGElement.cpp: Ditto.
599         * svg/SVGEllipseElement.cpp: Ditto.
600         * svg/SVGFEBlendElement.cpp: Ditto.
601         * svg/SVGFEColorMatrixElement.cpp: Ditto.
602         * svg/SVGFECompositeElement.cpp: Ditto.
603         * svg/SVGFEConvolveMatrixElement.cpp: Ditto.
604         * svg/SVGFEDiffuseLightingElement.cpp: Ditto.
605         * svg/SVGFEDisplacementMapElement.cpp: Ditto.
606         * svg/SVGFEDropShadowElement.cpp: Ditto.
607         * svg/SVGFEGaussianBlurElement.cpp: Ditto.
608         * svg/SVGFEImageElement.cpp: Ditto.
609         * svg/SVGFELightElement.cpp: Ditto.
610         * svg/SVGFEMergeNodeElement.cpp: Ditto.
611         * svg/SVGFEMorphologyElement.cpp: Ditto.
612         * svg/SVGFEOffsetElement.cpp: Ditto.
613         * svg/SVGFESpecularLightingElement.cpp: Ditto.
614         * svg/SVGFETileElement.cpp: Ditto.
615         * svg/SVGFETurbulenceElement.cpp: Ditto.
616         * svg/SVGFilterElement.cpp: Ditto.
617         * svg/SVGFilterPrimitiveStandardAttributes.cpp: Ditto.
618         * svg/SVGForeignObjectElement.cpp: Ditto.
619         * svg/SVGGElement.cpp: Ditto.
620         * svg/SVGGradientElement.cpp: Ditto.
621         * svg/SVGGraphicsElement.cpp: Ditto.
622         * svg/SVGImageElement.cpp: Ditto.
623         * svg/SVGLineElement.cpp: Ditto.
624         * svg/SVGLinearGradientElement.cpp: Ditto.
625         * svg/SVGMarkerElement.cpp: Ditto.
626         * svg/SVGMaskElement.cpp: Ditto.
627         * svg/SVGPathElement.cpp: Ditto.
628         * svg/SVGPatternElement.cpp: Ditto.
629         * svg/SVGPolyElement.cpp: Ditto.
630         * svg/SVGRadialGradientElement.cpp: Ditto.
631         * svg/SVGRectElement.cpp: Ditto.
632         * svg/SVGSVGElement.cpp: Ditto.
633         * svg/SVGScriptElement.cpp: Ditto.
634         * svg/SVGStopElement.cpp: Ditto.
635         * svg/SVGSymbolElement.cpp: Ditto.
636         * svg/SVGTRefElement.cpp: Ditto.
637         * svg/SVGTextContentElement.cpp: Ditto.
638         * svg/SVGTextElement.cpp: Ditto.
639         * svg/SVGTextPathElement.cpp: Ditto.
640         * svg/SVGTextPositioningElement.cpp: Ditto.
641
642 2015-02-07  Dean Jackson  <dino@apple.com>
643
644         Tweak inline playback controls to match system spec
645         https://bugs.webkit.org/show_bug.cgi?id=141375
646         <rdar://problem/19760754>
647
648         Reviewed by Sam Weinig.
649
650         Rework the UI of the inline media controls on iOS, to
651         better match the system specification. I've batched a
652         few changes into one patch because many of them are
653         inter-dependent, and not very aggressive. Changes are:
654
655         - updated artwork for the buttons.
656         - separate artwork for normal and active states.
657         - background images are now explicitly sized and positioned
658           in the middle of the element, allowing audio and video
659           to use the same glyphs even though the elements are
660           different sizes.
661         - use plus-darker blend mode on the button glyphs.
662         - rearranged some of the rules to group things in a
663           logical order.
664         - time should front-pad a "0" character, if less than 10.
665         - no need for an "active" class on the Airplay button (although
666           I won't be surprised if this changes back).
667
668         * Modules/mediacontrols/mediaControlsiOS.css:
669         (::-webkit-media-controls):
670         (video::-webkit-media-controls-wireless-playback-picker-button.active): Deleted.
671         (audio::-webkit-media-controls-wireless-playback-picker-button.active): Deleted.
672         (audio::-webkit-media-controls-play-button:active): Deleted.
673         (audio::-webkit-media-controls-play-button.paused): Deleted.
674         (video::-webkit-media-controls-timeline): Deleted.
675         * Modules/mediacontrols/mediaControlsiOS.js:
676         (ControllerIOS.prototype.updateWirelessPlaybackStatus): No need
677         for the "active" class.
678         (ControllerIOS.prototype.formatTime): Pad with a leading zero.
679
680 2015-02-08  Darin Adler  <darin@apple.com>
681
682         Make SVGUseElement work without creating any SVGElementInstance objects
683         https://bugs.webkit.org/show_bug.cgi?id=141374
684
685         Reviewed by Sam Weinig.
686
687         * dom/ElementIterator.h: Changed the * and -> operators to be const.
688         There is no need for the iterator itself to be modified just to dereference it.
689
690         * dom/TypedElementDescendantIterator.h: Added DoubleTypedElementDescendantIterator.
691         This allows callers to call descendantsOfType on two elements, as long as the caller
692         can guarantee that both have the same number of descendants of that type. It's handy
693         for walking a tree of cloned elements to set up something between each original and
694         its clone. In the future we might instead change the cloning machinery so it can do
695         this work as we clone, and if so, we could consider deleting this.
696
697         * svg/SVGElement.cpp:
698         (WebCore::SVGElement::correspondingElement): Made this const.
699         (WebCore::SVGElement::invalidateInstances): Got rid of the rule that said "this can
700         only be done for an element in a document", since it's useful to do this on an element
701         that has just been removed from a document. Removed the "updateStyleIfNeeded" call
702         here now that the other changes make it no longer needed. Removed an unimportant
703         assertion that we only invalidate use elements that are in a document; that's not
704         a necessary restriction. Streamlined the logic a bit.
705
706         * svg/SVGElement.h: Made correspondingElement const.
707
708         * svg/SVGUseElement.cpp:
709         (WebCore::SVGUseElement::insertedInto): Removed an assertion about
710         m_targetElementInstance since that's gone now.
711         (WebCore::SVGUseElement::svgAttributeChanged): Changed code that transfers
712         size attributes to the shadow tree to use shadowTreeTargetClone instead of
713         m_targetElementInstance.
714         (WebCore::SVGUseElement::clearResourceReferences): Removed code to detach
715         m_targetElementInstance, and also the call to removeAllTargetReferencesForElement,
716         because we no longer use those.
717         (WebCore::SVGUseElement::buildPendingResource): Moved the code to build the
718         shadow tree in here and deleted the buildShadowAndInstanceTree function.
719         Also changed logic so that we use a pending resource any time the target is not
720         a valid one. That helps us correctly handle cases where we initially have an
721         invalid target, but later get a value one
722         (WebCore::SVGUseElement::buildShadowAndInstanceTree): Deleted. The code here
723         was greatly simplified and moved into buildPendingResource.
724         (WebCore::SVGUseElement::buildInstanceTree): Deleted.
725         (WebCore::SVGUseElement::hasCycleUseReferencing): Deleted. Cycles are now
726         detected by the new isValidTarget function and so there's no need for a
727         separate explicit check for a cycle.
728         (WebCore::associateClonesWithOriginals): Added. Helper that makes
729         functions that build the shadow tree simpler and easier to read.
730         (WebCore::associateReplacementCloneWithOriginal): Added. Helper to
731         make associateReplacementClonesWithOriginals simple.
732         (WebCore::associateReplacementClonesWithOriginals): Added. Helper that
733         makes functions that build the shadow tree simpler and easier to read.
734         (WebCore::SVGUseElement::buildShadowTree): Call associateClonesWithOriginals
735         since associateInstancesWithShadowTreeElements no longer does this.
736         (WebCore::SVGUseElement::isValidTarget): Added. Covers all the different
737         reasons a target might not be valid: type of element, reference cycles, and
738         also "not in document" (refactored in here; not sure when that can happen
739         in practice, might be possible to remove it later).
740         (WebCore::SVGUseElement::expandUseElementsInShadowTree): Add checks for
741         documents that are still loading; this used to be checked when building the
742         instance tree. Added calls to associateReplacementClonesWithOriginals and
743         associateClonesWithOriginals; that used to be done by later in the
744         associateInstancesWithShadowTreeElements function. Use isValidTarget so
745         we handle cycles as well as invalid target types.
746         (WebCore::SVGUseElement::expandSymbolElementsInShadowTree): Added a call to
747         associateReplacementClonesWithOriginals, since we can no longer do that in
748         associateInstancesWithShadowTreeElements.
749         (WebCore::SVGUseElement::associateInstancesWithShadowTreeElements): Deleted.
750         (WebCore::SVGUseElement::instanceForShadowTreeElement): Deleted.
751         (WebCore::SVGUseElement::invalidateDependentShadowTrees): Removed a comment
752         that simply restated the name of the function.
753
754         * svg/SVGUseElement.h: Removed instanceForShadowTreeElement,
755         buildShadowAndInstanceTree, detachInstance, buildInstanceTree,
756         hasCycleUseReferencing, associateInstancesWithShadowTreeElements,
757         instanceForShadowTreeElement, and m_targetElementInstance. Added isValidTarget.
758
759 2015-02-08  Chris Dumez  <cdumez@apple.com>
760
761         [WK2] Add logging to validate the network cache efficacy (Part 1)
762         https://bugs.webkit.org/show_bug.cgi?id=141269
763         <rdar://problem/19632080>
764
765         Reviewed by Antti Koivisto.
766
767         Export an extra symbol.
768
769         * WebCore.exp.in:
770
771 2015-02-07  Chris Fleizach  <cfleizach@apple.com>
772
773         AX: The input element with type="search" has no default focus outline
774         https://bugs.webkit.org/show_bug.cgi?id=140326
775
776         Reviewed by Darin Adler.
777
778         The platform RenderTheme takes care of the search field, and that code
779         was missing a check for whether the element was focused.
780
781         Test: fast/css/focus-ring-exists-for-search-field.html
782
783         * rendering/RenderThemeMac.mm:
784         (WebCore::RenderThemeMac::paintSearchField):
785
786 2015-02-07  Tim Horton  <timothy_horton@apple.com>
787
788         Add some dictionary lookup tests
789         https://bugs.webkit.org/show_bug.cgi?id=141355
790
791         Reviewed by Darin Adler.
792
793         Tests: platform/mac/editing/dictionary-lookup/dictionary-lookup-input.html
794                platform/mac/editing/dictionary-lookup/dictionary-lookup-inside-selection.html
795                platform/mac/editing/dictionary-lookup/dictionary-lookup-outside-selection.html
796                platform/mac/editing/dictionary-lookup/dictionary-lookup-rtl.html
797                platform/mac/editing/dictionary-lookup/dictionary-lookup.html
798
799         * WebCore.exp.in:
800         Remove an unneeded export.
801
802         * editing/mac/DictionaryLookup.h:
803         Use OBJC_CLASS instead of @class so that this can be included in pure-C++ files.
804
805         * testing/Internals.cpp:
806         (WebCore::Internals::rangeForDictionaryLookupAtLocation):
807         * testing/Internals.h:
808         * testing/Internals.idl:
809         Expose rangeForDictionaryLookupAtHitTestResult fairly directly to JavaScript.
810
811 2015-02-07  Chris Dumez  <cdumez@apple.com>
812
813         Add Vector::removeFirstMatching() / removeAllMatching() methods taking lambda functions
814         https://bugs.webkit.org/show_bug.cgi?id=141321
815
816         Reviewed by Darin Adler.
817
818         Use new Vector::removeFirstMatching() / removeAllMatching() methods.
819
820 2015-02-07  Darin Adler  <darin@apple.com>
821
822         Stop dispatching events to with SVGElementInstance objects as their targets
823         https://bugs.webkit.org/show_bug.cgi?id=141108
824
825         Reviewed by Anders Carlsson.
826
827         Test: svg/custom/use-event-retargeting.html
828
829         * dom/EventDispatcher.cpp:
830         (WebCore::eventTargetRespectingTargetRules): Replaced the code that retargeted
831         events at SVGElementInstance objects with code that retargets them at the use
832         element instead. Also wrote the code in a simpler way.
833
834 2015-02-07  Jer Noble  <jer.noble@apple.com>
835
836         [Mac] Set -contentsScale on AVPlayerLayer to allow AVPlayer to select the appropriate HLS variant.
837         https://bugs.webkit.org/show_bug.cgi?id=141354
838         rdar://problem/19717591
839
840         Reviewed by Darin Adler.
841
842         AVPlayer will try to determine the correct HLS variant based on the bounds of an AVPlayerLayer.
843         When not in a layer tree, AVFoundation is not able to determine the correct mapping from logical
844         units to pixel values. To provide AVPlayer with that scaling value, set -contentsScale based on
845         both the current device scale and the current page scale.
846
847         Since this needs to be set at initialization time, before the AVPlayer is has any AVPlayerItems,
848         add some plumbing up from MediaPlayer to as the HTMLMediaElement for the appropriate contents
849         scale.
850
851         * html/HTMLMediaElement.cpp:
852         (WebCore::HTMLMediaElement::mediaPlayerContentsScale):
853         * html/HTMLMediaElement.h:
854         * platform/graphics/MediaPlayer.h:
855         (WebCore::MediaPlayerClient::mediaPlayerContentsScale):
856         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
857         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
858         * platform/graphics/ca/GraphicsLayerCA.cpp:
859         (WebCore::GraphicsLayerCA::updateContentsScale):
860
861 2015-02-07  Alexey Proskuryakov  <ap@apple.com>
862
863         ASan complains about plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html
864         https://bugs.webkit.org/show_bug.cgi?id=141352
865         rdar://problem/19717490
866
867         Reviewed by Anders Carlsson.
868
869         * dom/Document.cpp: (WebCore::Document::ensurePlugInsInjectedScript): This string
870         is not null terminated.
871
872 2015-02-06  Zalan Bujtas  <zalan@apple.com>
873
874         ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
875         https://bugs.webkit.org/show_bug.cgi?id=140750
876
877         Reviewed by Simon Fraser.
878
879         There's a short period of time when RenderObject::layer() still returns a valid pointer
880         even though we already cleared the hasLayer() flag.
881         Do not use the layer as repaint container in such cases.
882
883         Test: compositing/repaint-container-assertion-when-toggling-compositing.html
884
885         * rendering/RenderObject.cpp:
886         (WebCore::RenderObject::enclosingLayer):
887
888 2015-02-06  Chris Dumez  <cdumez@apple.com>
889
890         Have SQLiteStatement::database() return a reference
891         https://bugs.webkit.org/show_bug.cgi?id=141348
892
893         Reviewed by Andreas Kling.
894
895         Have SQLiteStatement::database() return a reference as it can never
896         return null.
897
898         * loader/icon/IconDatabase.cpp:
899         (WebCore::readySQLiteStatement):
900         * platform/sql/SQLiteStatement.h:
901         (WebCore::SQLiteStatement::database):
902
903 2015-02-06  Brent Fulgham  <bfulgham@apple.com>
904
905         Add youtube-nocookie URL to isYouTubeURL predicate 
906         https://bugs.webkit.org/show_bug.cgi?id=141347
907         <rdar://problem/19430657>
908
909         Reviewed by Eric Carlson.
910
911         * Modules/plugins/YouTubePluginReplacement.cpp:
912         (WebCore::isYouTubeURL): Update for additional youtube-nocookie site.
913
914 2015-02-06  Said Abou-Hallawa  <sabouhallawa@apple.com>
915
916         Invalid cast in WebCore::SVGAnimateElement::calculateAnimatedValue.
917         https://bugs.webkit.org/show_bug.cgi?id=135171.
918
919         Reviewed by Dean Jackson.
920
921         The bug happens when an SVG element is animated by <animateMotion> followed by an
922         <animateColor> or an <animate> and the values of the "attributeName" in both elements
923         are the same. The problem is <animateMotion> should not have an attribute to animate.
924         If it does by fuzz or by mistake, then we assume the <animateMotion> and the <animate>
925         animate the same attribute for the same element target. Therefore we schedule them in
926         the same AnimationVector in SMILTimeContainer::schedule(). When we call
927         SVGAnimateElementBase::calculateAnimatedValue() for an SVGAnimateColorElement and the
928         resultElement is SVGAnimateMotionElement, we fail to cast it to SVGAnimateElementBase
929         because SVGAnimateMotionElement is derived from SVGAnimationElement which is the base
930         class of all animate elements including SVGAnimateElementBase.
931
932         The fix is to nullify setting "attributeName" of an SVGAnimationElement. By doing so,
933         "attributeName" and its value will be ignored from the <animateMotion> which is correct.
934         
935         Tests: svg/animations/animate-montion-invalid-attribute.svg.
936
937         * svg/SVGAnimateElementBase.cpp:
938         (WebCore::SVGAnimateElementBase::setAttributeName):
939         Do not call SVGAnimationElement::setAttributeName() since SVGAnimationElement should
940         not have an attribute to animate. We prevent this by bypassing the parent in the class 
941         hierarchy: SVGAnimationElement and calling SVGSMILElement::setAttributeName() directly.
942         
943         * svg/SVGAnimationElement.cpp:
944         (WebCore::SVGAnimationElement::setAttributeName): Deleted.
945         * svg/SVGAnimationElement.h:
946         SVGAnimationElement should not have an attribute to animate. So implement its
947         setAttributeName() as a null function.
948
949 2015-02-06  Simon Fraser  <simon.fraser@apple.com>
950
951         Convert the compositing overlap map to use LayoutRects
952         https://bugs.webkit.org/show_bug.cgi?id=141346
953         rdar://problem/18206365
954
955         Reviewed by Zalan Bujtas.
956         
957         If two compositing layers were adjoining but not overlapping, but happened to
958         have non-integral offsets, then using enclosing IntRects in the overlap map
959         would cause us to think they are overlapping, and create unnecessary backing store.
960         
961         Fix by converting the overlap map to use LayoutRects.
962
963         Test: compositing/layer-creation/subpixel-adjacent-layers-overlap.html
964
965         * rendering/RenderLayerCompositor.cpp:
966         (WebCore::OverlapMapContainer::add):
967         (WebCore::OverlapMapContainer::overlapsLayers):
968         (WebCore::RenderLayerCompositor::OverlapMap::add):
969         (WebCore::RenderLayerCompositor::OverlapMap::overlapsLayers):
970         (WebCore::RenderLayerCompositor::OverlapMap::RectList::append):
971         (WebCore::RenderLayerCompositor::OverlapMap::RectList::intersects):
972         (WebCore::RenderLayerCompositor::logLayerInfo):
973         (WebCore::RenderLayerCompositor::addToOverlapMap):
974         (WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
975         (WebCore::RenderLayerCompositor::computeCompositingRequirements):
976         * rendering/RenderLayerCompositor.h:
977
978 2015-02-06  Andreas Kling  <akling@apple.com>
979
980         Ref-ify various getters that return HTMLCollection.
981         <https://webkit.org/b/141336>
982
983         Reviewed by Anders Carlsson.
984
985         Make all the getters that return HTMLCollection objects (and never return nullptr)
986         return Ref instead of RefPtr.
987
988         Removed a couple of useless null checks that were exposed by this change.
989
990         * accessibility/AccessibilityRenderObject.cpp:
991         (WebCore::AccessibilityRenderObject::getDocumentLinks):
992         * bindings/js/JSDOMWindowCustom.cpp:
993         (WebCore::namedItemGetter):
994         * bindings/js/JSHTMLDocumentCustom.cpp:
995         (WebCore::JSHTMLDocument::nameGetter):
996         * dom/Document.cpp:
997         (WebCore::Document::ensureCachedCollection):
998         (WebCore::Document::images):
999         (WebCore::Document::applets):
1000         (WebCore::Document::embeds):
1001         (WebCore::Document::plugins):
1002         (WebCore::Document::scripts):
1003         (WebCore::Document::links):
1004         (WebCore::Document::forms):
1005         (WebCore::Document::anchors):
1006         (WebCore::Document::all):
1007         (WebCore::Document::windowNamedItems):
1008         (WebCore::Document::documentNamedItems):
1009         (WebCore::Document::iconURLs):
1010         * dom/Document.h:
1011         * dom/Element.cpp:
1012         (WebCore::Element::ensureCachedHTMLCollection):
1013         * dom/Element.h:
1014         * html/ColorInputType.cpp:
1015         (WebCore::ColorInputType::suggestions):
1016         * html/HTMLDataListElement.cpp:
1017         (WebCore::HTMLDataListElement::options):
1018         * html/HTMLDataListElement.h:
1019         * html/HTMLElement.cpp:
1020         (WebCore::HTMLElement::children):
1021         * html/HTMLElement.h:
1022         * html/HTMLFieldSetElement.cpp:
1023         (WebCore::HTMLFieldSetElement::elements):
1024         * html/HTMLFieldSetElement.h:
1025         * html/HTMLFormElement.cpp:
1026         (WebCore::HTMLFormElement::elements):
1027         * html/HTMLFormElement.h:
1028         * html/HTMLInputElement.cpp:
1029         (WebCore::HTMLInputElement::setupDateTimeChooserParameters):
1030         * html/HTMLMapElement.cpp:
1031         (WebCore::HTMLMapElement::areas):
1032         * html/HTMLMapElement.h:
1033         * html/HTMLSelectElement.cpp:
1034         (WebCore::HTMLSelectElement::selectedOptions):
1035         (WebCore::HTMLSelectElement::options):
1036         * html/HTMLSelectElement.h:
1037         * html/HTMLTableElement.cpp:
1038         (WebCore::HTMLTableElement::rows):
1039         (WebCore::HTMLTableElement::tBodies):
1040         * html/HTMLTableElement.h:
1041         * html/HTMLTableRowElement.cpp:
1042         (WebCore::HTMLTableRowElement::insertCell):
1043         (WebCore::HTMLTableRowElement::deleteCell):
1044         (WebCore::HTMLTableRowElement::cells):
1045         * html/HTMLTableRowElement.h:
1046         * html/HTMLTableSectionElement.cpp:
1047         (WebCore::HTMLTableSectionElement::insertRow):
1048         (WebCore::HTMLTableSectionElement::deleteRow):
1049         (WebCore::HTMLTableSectionElement::rows):
1050         * html/HTMLTableSectionElement.h:
1051         * html/RangeInputType.cpp:
1052         (WebCore::RangeInputType::updateTickMarkValues):
1053         * rendering/RenderTheme.cpp:
1054         (WebCore::RenderTheme::paintSliderTicks):
1055
1056 2015-02-06  Brent Fulgham  <bfulgham@apple.com>
1057
1058         [iOS] Implement audio track selection in fullscreen.
1059         https://bugs.webkit.org/show_bug.cgi?id=131236
1060         <rdar://problem/16552632>
1061
1062         Reviewed by Eric Carlson.
1063
1064         * platform/ios/WebVideoFullscreenModelVideoElement.h:
1065         * platform/ios/WebVideoFullscreenModelVideoElement.mm:
1066         (WebVideoFullscreenModelVideoElement::selectAudioMediaOption): Provide implementation.
1067         (WebVideoFullscreenModelVideoElement::updateLegibleOptions): Add audio track information
1068         to menu displayed to user.
1069
1070 2015-02-06  Bartlomiej Gajda  <b.gajda@samsung.com>
1071
1072         [MSE] Implement Append Error algorithm.
1073         https://bugs.webkit.org/show_bug.cgi?id=139439
1074
1075         Reviewed by Jer Noble.
1076
1077         If Source Buffer has not received first init segment, then it shall call endOfStream after receiving
1078         Media Segment, as per Media Source spec. (from 17 July 2014) in paragraph 3.5.1 point 6.1.
1079
1080         Based this change on Editor's Draft 12 December 2014, as it clarifies order of events.
1081
1082         Test: media/media-source/media-source-append-media-segment-without-init.html
1083
1084         * Modules/mediasource/MediaSource.cpp:
1085         (WebCore::MediaSource::streamEndedWithError):
1086         * Modules/mediasource/MediaSource.h:
1087         * Modules/mediasource/SourceBuffer.cpp:
1088         (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete):
1089         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
1090         (WebCore::SourceBuffer::validateInitializationSegment):
1091         (WebCore::SourceBuffer::appendError):
1092         * Modules/mediasource/SourceBuffer.h:
1093
1094 2015-02-06  Timothy Horton  <timothy_horton@apple.com>
1095
1096         REGRESSION: Lookup doesn't work in RTL
1097         https://bugs.webkit.org/show_bug.cgi?id=141338
1098         <rdar://problem/19738407>
1099
1100         Reviewed by Dan Bernstein.
1101
1102         * editing/Editor.cpp:
1103         (WebCore::Editor::scanSelectionForTelephoneNumbers):
1104         * editing/mac/DictionaryLookup.mm:
1105         (WebCore::rangeExpandedAroundPositionByCharacters):
1106         Positions are independent of writing direction, so we don't
1107         need to (and shouldn't) do anything special for RTL here.
1108
1109 2015-02-06  Maciej Stachowiak  <mjs@apple.com>
1110
1111         REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit).
1112         https://bugs.webkit.org/show_bug.cgi?id=141324
1113
1114         Reviewed by Alexey Proskuryakov.
1115
1116         No new tests. This is caught by existing tests under ASAN, and I don't know how to reproduce
1117         it without ASAN.
1118
1119         * rendering/RenderLineBoxList.cpp:
1120         (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Give up
1121         and just always invalidate the next line. It's too hard to come up
1122         with the condition that catches all needed cases, doesn't itself
1123         cause a crash, and isn't overzealous. And we do this for the
1124         previous line anyway.  Also clean up the code a bit since it
1125         confusingly reuses a variable, and declares it uninitialized, for
1126         no good reason.
1127
1128 2015-02-05  Dhi Aurrahman  <diorahman@rockybars.com>
1129
1130         Remove duplicate loop after r179532
1131         https://bugs.webkit.org/show_bug.cgi?id=141300
1132
1133         Reviewed by Benjamin Poulain.
1134
1135         No new tests, no behavior changed.
1136
1137         * css/SelectorCheckerTestFunctions.h:
1138         (WebCore::matchesLangPseudoClass):
1139
1140 2015-02-05  Commit Queue  <commit-queue@webkit.org>
1141
1142         Unreviewed, rolling out r179725.
1143         https://bugs.webkit.org/show_bug.cgi?id=141320
1144
1145         caused 2 layout tests to fail (Requested by zalan on #webkit).
1146
1147         Reverted changeset:
1148
1149         "[MSE] Implement Append Error algorithm."
1150         https://bugs.webkit.org/show_bug.cgi?id=139439
1151         http://trac.webkit.org/changeset/179725
1152
1153 2015-02-05  Andreas Kling  <akling@apple.com>
1154
1155         [iOS] Run a full garbage collection on memory warning.
1156         <https://webkit.org/b/141313>
1157         <rdar://problem/19738024>
1158
1159         Reviewed by Chris Dumez.
1160
1161         Make sure that we run a full GC when trying to free up memory, as this might
1162         be our last chance to execute before the kernel suspends this process.
1163
1164         This aligns WebKit2 with the old WebKit1 behavior.
1165
1166         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1167         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1168
1169
1170 2015-02-05  Hyungwook Lee  <hyungwook.lee@navercorp.com>
1171
1172         Fix ASSERTION FAILED: !root->needsLayout() in FrameView::layout()
1173         https://bugs.webkit.org/show_bug.cgi?id=141032
1174
1175         Reviewed by Darin Adler.
1176
1177         This patch moves the !root->needsLayout() assert statement above
1178         updateLayerPositionsAfterLayout() that can modify dirty bit system
1179         when we have RenderMarquee.
1180
1181         * page/FrameView.cpp:
1182         (WebCore::FrameView::layout):
1183
1184 2015-02-05  Bartlomiej Gajda  <b.gajda@samsung.com>
1185
1186         [MSE] Implement Append Error algorithm.
1187         https://bugs.webkit.org/show_bug.cgi?id=139439
1188
1189         Reviewed by Jer Noble.
1190
1191         If Source Buffer has not received first init segment, then it shall call endOfStream after receiving
1192         Media Segment, as per Media Source spec. (from 17 July 2014) in paragraph 3.5.1 point 6.1.
1193
1194         Based this change on Editor's Draft 12 December 2014, as it clarifies order of events.
1195
1196         Test: media/media-source/media-source-append-media-segment-without-init.html
1197
1198         * Modules/mediasource/MediaSource.cpp:
1199         (WebCore::MediaSource::streamEndedWithError):
1200         * Modules/mediasource/MediaSource.h:
1201         * Modules/mediasource/SourceBuffer.cpp:
1202         (WebCore::SourceBuffer::sourceBufferPrivateAppendComplete):
1203         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveInitializationSegment):
1204         (WebCore::SourceBuffer::validateInitializationSegment):
1205         (WebCore::SourceBuffer::appendError):
1206         * Modules/mediasource/SourceBuffer.h:
1207
1208 2015-02-05  Maciej Stachowiak  <mjs@apple.com>
1209
1210         Crash due to failing to dirty a removed text node's line box
1211         https://bugs.webkit.org/show_bug.cgi?id=136544
1212
1213         Reviewed by David Hyatt.
1214         
1215         Test: fast/text/remove-text-node-linebox-not-dirty-crash.html
1216
1217         * rendering/RenderLineBoxList.cpp:
1218         (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Make the check for dirtying the next
1219         line box a bit more inclusive to avoid a case of a line box for a destroyed render object not
1220         being dirtied. In particular, when the text node's parent has no line boxes but contains BRs.
1221
1222 2015-02-05  Chris Dumez  <cdumez@apple.com>
1223
1224         Free memory read under MemoryCache::pruneLiveResourcesToSize()
1225         https://bugs.webkit.org/show_bug.cgi?id=141292
1226         <rdar://problem/19725522>
1227
1228         Reviewed by Antti Koivisto.
1229
1230         In MemoryCache::pruneLiveResourcesToSize(), we were iterating over the
1231         m_liveDecodedResources ListHashSet and possibly calling
1232         CachedResource::destroyDecodedData() on the current value. Doing so
1233         would cause a call to ListHashSet::remove() to remove the value pointed
1234         by the current iterator, thus invalidating our iterator.
1235
1236         In this patch, we increment the ListHashSet iterator *before* calling
1237         CachedResource::destroyDecodedData(), while the current iterator is
1238         still valid. Note that this is safe because unlike iteration of most
1239         WTF Hash data structures, iteration is guaranteed safe against mutation
1240         of the ListHashSet, except for removal of the item currently pointed to
1241         by a given iterator.
1242
1243         Test: http/tests/cache/memory-cache-pruning.html
1244
1245         * loader/cache/MemoryCache.cpp:
1246         (WebCore::MemoryCache::pruneLiveResourcesToSize):
1247
1248 2015-02-05  Jer Noble  <jer.noble@apple.com>
1249
1250         [Mac] HLS <video> will not fire 'progress' events, only 'stalled'.
1251         https://bugs.webkit.org/show_bug.cgi?id=141284
1252
1253         Reviewed by Brent Fulgham.
1254
1255         Test: http/tests/media/hls/hls-progress.html
1256
1257         totalBytes() will always return 0 for HLS streams, which will cause didLoadingProgress() to always
1258         return false. Skip this optimization. 
1259
1260         Drive-by fix: duration() will always return 0 for this class as well. Use durationMediaTime() instead.
1261
1262         * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
1263         (WebCore::MediaPlayerPrivateAVFoundation::didLoadingProgress):
1264
1265 2015-02-05  Darin Adler  <darin@apple.com>
1266
1267         Move InstanceInvalidationGuard/UpdateBlocker to SVGElement from SVGElementInstance
1268         https://bugs.webkit.org/show_bug.cgi?id=141148
1269
1270         Reviewed by Brent Fulgham and Anders Carlsson.
1271
1272         Inspired by this change Rob Buis made in Blink:
1273
1274             http://src.chromium.org/viewvc/blink?view=revision&revision=173343
1275
1276         I actually wrote the whole thing and then discovered we did it almost identically.
1277
1278         * svg/SVGAnimatedTypeAnimator.cpp:
1279         (WebCore::SVGElementAnimatedPropertyList::setInstanceUpdatesBlocked): Added this
1280         helper function to get around a circular header dependency.
1281         * svg/SVGAnimatedTypeAnimator.h:
1282         (WebCore::SVGAnimatedTypeAnimator::executeAction): Use setInstanceUpdatesBlocked.
1283
1284         * svg/SVGElement.cpp:
1285         (WebCore::SVGElement::removedFrom): Use invalidateInstances.
1286         (WebCore::SVGElement::finishParsingChildren): Ditto.
1287         (WebCore::SVGElement::svgAttributeChanged): Ditto.
1288         (WebCore::SVGElement::childrenChanged): Ditto.
1289         (WebCore::SVGElement::setInstanceUpdatesBlocked): Added an assertion that will
1290         catch anyone who nests InstanceUpdateBlocker by accident.
1291         (WebCore::SVGElement::invalidateInstances): Moved this here from
1292         SVGElementInstance::invalidateAllInstancesOfElement. I had already modified this
1293         so it had nothing to do with SVGElementInstance, so it was a simple matter of
1294         converting this into a member function. Added a FIXME about the mysterious
1295         updateStyleIfNeeded that makes multiple tests fail if it's removed.
1296
1297         * svg/SVGElement.h: Added public InstanceUpdateBlocker class, protected
1298         InstanceInvalidationGuard class, and private invalidateInstances function.
1299         Unlike the ones in SVGElementInstance these use references so they are then
1300         not copyable without using the WTF_MAKE_NONCOPYABLE macro.
1301
1302         * svg/SVGElementInstance.cpp:
1303         (WebCore::SVGElementInstance::invalidateAllInstancesOfElement): Deleted.
1304         (WebCore::SVGElementInstance::InstanceUpdateBlocker::InstanceUpdateBlocker): Deleted.
1305         (WebCore::SVGElementInstance::InstanceUpdateBlocker::~InstanceUpdateBlocker): Deleted.
1306         * svg/SVGElementInstance.h: Removed InvalidationGuard, InstanceUpdateBlocker, and
1307         invalidateAllInstancesOfElement. Didn't do any further cleanup since we soon will
1308         delete this entire file.
1309
1310         * svg/SVGAElement.cpp:
1311         (WebCore::SVGAElement::svgAttributeChanged): Updated to use new name and reference
1312         instead of pointer.
1313         * svg/SVGAnimateElementBase.cpp:
1314         (WebCore::applyCSSPropertyToTargetAndInstances): Ditto.
1315         (WebCore::removeCSSPropertyFromTargetAndInstances): Ditto.
1316         (WebCore::notifyTargetAndInstancesAboutAnimValChange): Ditto.
1317         * svg/SVGAnimatedPath.cpp:
1318         (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation): Ditto.
1319         * svg/SVGCircleElement.cpp:
1320         (WebCore::SVGCircleElement::svgAttributeChanged): Ditto.
1321         * svg/SVGClipPathElement.cpp:
1322         (WebCore::SVGClipPathElement::svgAttributeChanged): Ditto.
1323         * svg/SVGComponentTransferFunctionElement.cpp:
1324         (WebCore::SVGComponentTransferFunctionElement::svgAttributeChanged): Ditto.
1325         * svg/SVGCursorElement.cpp:
1326         (WebCore::SVGCursorElement::svgAttributeChanged): Ditto.
1327         * svg/SVGEllipseElement.cpp:
1328         (WebCore::SVGEllipseElement::svgAttributeChanged): Ditto.
1329         * svg/SVGFEBlendElement.cpp:
1330         (WebCore::SVGFEBlendElement::svgAttributeChanged): Ditto.
1331         * svg/SVGFEColorMatrixElement.cpp:
1332         (WebCore::SVGFEColorMatrixElement::svgAttributeChanged): Ditto.
1333         * svg/SVGFECompositeElement.cpp:
1334         (WebCore::SVGFECompositeElement::svgAttributeChanged): Ditto.
1335         * svg/SVGFEConvolveMatrixElement.cpp:
1336         (WebCore::SVGFEConvolveMatrixElement::svgAttributeChanged): Ditto.
1337         * svg/SVGFEDiffuseLightingElement.cpp:
1338         (WebCore::SVGFEDiffuseLightingElement::svgAttributeChanged): Ditto.
1339         * svg/SVGFEDisplacementMapElement.cpp:
1340         (WebCore::SVGFEDisplacementMapElement::svgAttributeChanged): Ditto.
1341         * svg/SVGFEDropShadowElement.cpp:
1342         (WebCore::SVGFEDropShadowElement::svgAttributeChanged): Ditto.
1343         * svg/SVGFEGaussianBlurElement.cpp:
1344         (WebCore::SVGFEGaussianBlurElement::svgAttributeChanged): Ditto.
1345         * svg/SVGFEImageElement.cpp:
1346         (WebCore::SVGFEImageElement::svgAttributeChanged): Ditto.
1347         * svg/SVGFELightElement.cpp:
1348         (WebCore::SVGFELightElement::svgAttributeChanged): Ditto.
1349         * svg/SVGFEMergeNodeElement.cpp:
1350         (WebCore::SVGFEMergeNodeElement::svgAttributeChanged): Ditto.
1351         * svg/SVGFEMorphologyElement.cpp:
1352         (WebCore::SVGFEMorphologyElement::svgAttributeChanged): Ditto.
1353         * svg/SVGFEOffsetElement.cpp:
1354         (WebCore::SVGFEOffsetElement::svgAttributeChanged): Ditto.
1355         * svg/SVGFESpecularLightingElement.cpp:
1356         (WebCore::SVGFESpecularLightingElement::svgAttributeChanged): Ditto.
1357         * svg/SVGFETileElement.cpp:
1358         (WebCore::SVGFETileElement::svgAttributeChanged): Ditto.
1359         * svg/SVGFETurbulenceElement.cpp:
1360         (WebCore::SVGFETurbulenceElement::svgAttributeChanged): Ditto.
1361         * svg/SVGFilterElement.cpp:
1362         (WebCore::SVGFilterElement::svgAttributeChanged): Ditto.
1363         * svg/SVGFilterPrimitiveStandardAttributes.cpp:
1364         (WebCore::SVGFilterPrimitiveStandardAttributes::svgAttributeChanged): Ditto.
1365         * svg/SVGForeignObjectElement.cpp:
1366         (WebCore::SVGForeignObjectElement::svgAttributeChanged): Ditto.
1367         * svg/SVGGElement.cpp:
1368         (WebCore::SVGGElement::svgAttributeChanged): Ditto.
1369         * svg/SVGGradientElement.cpp:
1370         (WebCore::SVGGradientElement::svgAttributeChanged): Ditto.
1371         * svg/SVGGraphicsElement.cpp:
1372         (WebCore::SVGGraphicsElement::svgAttributeChanged): Ditto.
1373         * svg/SVGImageElement.cpp:
1374         (WebCore::SVGImageElement::svgAttributeChanged): Ditto.
1375         * svg/SVGLineElement.cpp:
1376         (WebCore::SVGLineElement::svgAttributeChanged): Ditto.
1377         * svg/SVGLinearGradientElement.cpp:
1378         (WebCore::SVGLinearGradientElement::svgAttributeChanged): Ditto.
1379         * svg/SVGMPathElement.cpp:
1380         (WebCore::SVGMPathElement::svgAttributeChanged): Ditto.
1381         * svg/SVGMarkerElement.cpp:
1382         (WebCore::SVGMarkerElement::svgAttributeChanged): Ditto.
1383         * svg/SVGMaskElement.cpp:
1384         (WebCore::SVGMaskElement::svgAttributeChanged): Ditto.
1385         * svg/SVGPathElement.cpp:
1386         (WebCore::SVGPathElement::svgAttributeChanged): Ditto.
1387         * svg/SVGPatternElement.cpp:
1388         (WebCore::SVGPatternElement::svgAttributeChanged): Ditto.
1389         * svg/SVGPolyElement.cpp:
1390         (WebCore::SVGPolyElement::svgAttributeChanged): Ditto.
1391         * svg/SVGRadialGradientElement.cpp:
1392         (WebCore::SVGRadialGradientElement::svgAttributeChanged): Ditto.
1393         * svg/SVGRectElement.cpp:
1394         (WebCore::SVGRectElement::svgAttributeChanged): Ditto.
1395         * svg/SVGSVGElement.cpp:
1396         (WebCore::SVGSVGElement::svgAttributeChanged): Ditto.
1397         * svg/SVGScriptElement.cpp:
1398         (WebCore::SVGScriptElement::svgAttributeChanged): Ditto.
1399         * svg/SVGStopElement.cpp:
1400         (WebCore::SVGStopElement::svgAttributeChanged): Ditto.
1401         * svg/SVGSymbolElement.cpp:
1402         (WebCore::SVGSymbolElement::svgAttributeChanged): Ditto.
1403         * svg/SVGTRefElement.cpp:
1404         (WebCore::SVGTRefElement::svgAttributeChanged): Ditto.
1405         * svg/SVGTextContentElement.cpp:
1406         (WebCore::SVGTextContentElement::svgAttributeChanged): Ditto.
1407         * svg/SVGTextPathElement.cpp:
1408         (WebCore::SVGTextPathElement::svgAttributeChanged): Ditto.
1409         * svg/SVGTextPositioningElement.cpp:
1410         (WebCore::SVGTextPositioningElement::svgAttributeChanged): Ditto.
1411         * svg/SVGUseElement.cpp:
1412         (WebCore::SVGUseElement::svgAttributeChanged): Ditto.
1413         * svg/animation/SVGSMILElement.cpp:
1414         (WebCore::SVGSMILElement::svgAttributeChanged): Ditto.
1415
1416 2015-02-05  Brent Fulgham  <bfulgham@apple.com>
1417
1418         Remind ourselves to remove work-around code
1419         https://bugs.webkit.org/show_bug.cgi?id=141289
1420
1421         Unreviewed gardening: Add a reminder FIXME to CSSParser
1422         so we can remove the MSVC-specific hack in the future.
1423
1424         * css/CSSParser.cpp:
1425
1426 2015-02-05  Zalan Bujtas  <zalan@apple.com>
1427
1428         Do not destroy RenderQuote's text fragment child when quotation mark string is changing.
1429         https://bugs.webkit.org/show_bug.cgi?id=141271
1430         rdar://problem/18169375
1431
1432         Reviewed by Antti Koivisto.
1433
1434         Similar approach as https://codereview.chromium.org/679593004/
1435
1436         This patch ensures that laying out a RenderQuote does not force a sibling RenderQuote's
1437         child renderer(RenderText) to be destroyed.
1438         BreakingContext holds a pointer to the next renderer on the line (BreakingContext::m_nextObject).
1439         While laying out the line, initiated by BreakingContext, placing the current renderer could end up destroying the "next" renderer.
1440         This happens when the pseudo after quotation mark(RenderQuote) becomes floated, the sibling <q>'s pseudo
1441         before text needs to be changed (from " to ') so that we don't end up with 2 sets of the same opening
1442         strings.
1443         The fix is to reuse the RenderTextFragment object instead of destroy/recreate it.
1444
1445         Test: fast/css/content/quote-crash-when-floating.html
1446
1447         * rendering/RenderQuote.cpp:
1448         (WebCore::RenderQuote::RenderQuote):
1449         (WebCore::fragmentChild):
1450         (WebCore::RenderQuote::updateText):
1451         * rendering/RenderQuote.h:
1452         * rendering/RenderTextFragment.cpp:
1453         (WebCore::RenderTextFragment::setText):
1454         (WebCore::RenderTextFragment::setContentString):
1455         * rendering/RenderTextFragment.h:
1456
1457 2015-02-04  Dean Jackson  <dino@apple.com>
1458
1459         [Media iOS] Add a debug setting to always show the optimized fullscreen button
1460         https://bugs.webkit.org/show_bug.cgi?id=141277
1461         <rdar://problem/19724471>
1462
1463         Reviewed by Eric Carlson.
1464
1465         Add a debug option so that we can test the optimized fullscreen
1466         control on media that doesn't support it.
1467
1468         * Modules/mediacontrols/mediaControlsiOS.js: Add gSimulateOptimizedFullscreenAvailable.
1469         (ControllerIOS.prototype.createControls): Check the setting.
1470         (ControllerIOS.prototype.configureInlineControls): Ditto.
1471         (ControllerIOS.prototype.formatTime): Drive-by whitespace cleanup.
1472         (ControllerIOS.prototype.handleBaseGestureChange):
1473         (ControllerIOS.prototype.handleWrapperTouchStart):
1474         (ControllerIOS.prototype.handleOptimizedFullscreenTouchEnd):
1475         (ControllerIOS.prototype.handlePresentationModeChange): Drive-by variable renaming.
1476
1477 2015-02-05  Youenn Fablet  <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar <calvaris@igalia.com>
1478
1479         [Streams API] Implement a barebone ReadableStream interface
1480         https://bugs.webkit.org/show_bug.cgi?id=141045
1481
1482         Reviewed by Benjamin Poulain.
1483
1484         This patch implements the ReadableStream IDL (https://streams.spec.whatwg.org/#rs-model).
1485         No functionality is yet added.
1486         ReadableStreamSource is expected to be implemented for native sources (such as HTTP sources)
1487         as well as JavaScript source through ReadableStreamJSSource.
1488
1489         Test: streams/readablestream-constructor.html
1490
1491         * CMakeLists.txt:
1492         * Configurations/FeatureDefines.xcconfig:
1493         * DerivedSources.cpp:
1494         * DerivedSources.make:
1495         * Modules/streams/ReadableStream.cpp: Added.
1496         (WebCore::ReadableStream::create):
1497         (WebCore::ReadableStream::ReadableStream):
1498         (WebCore::ReadableStream::~ReadableStream):
1499         (WebCore::ReadableStream::state):
1500         (WebCore::ReadableStream::closed):
1501         (WebCore::ReadableStream::ready):
1502         * Modules/streams/ReadableStream.h: Added.
1503         * Modules/streams/ReadableStream.idl: Added.
1504         * Modules/streams/ReadableStreamSource.h: Added.
1505         * WebCore.vcxproj/WebCore.vcxproj:
1506         * WebCore.vcxproj/WebCore.vcxproj.filters:
1507         * WebCore.vcxproj/WebCoreCommon.props:
1508         * WebCore.xcodeproj/project.pbxproj:
1509         * bindings/js/JSBindingsAllInOne.cpp:
1510         * bindings/js/JSReadableStreamCustom.cpp: Added.
1511         (WebCore::JSReadableStream::read):
1512         (WebCore::JSReadableStream::ready):
1513         (WebCore::JSReadableStream::closed):
1514         (WebCore::JSReadableStream::cancel):
1515         (WebCore::JSReadableStream::pipeTo):
1516         (WebCore::JSReadableStream::pipeThrough):
1517         (WebCore::constructJSReadableStream):
1518         * bindings/js/ReadableStreamJSSource.cpp: Added.
1519         (WebCore::ReadableStreamJSSource::create):
1520         (WebCore::ReadableStreamJSSource::ReadableStreamJSSource):
1521         (WebCore::ReadableStreamJSSource::setInternalError):
1522         * bindings/JSReadableStreamJSSource.h: Added.
1523
1524 2015-02-04  Brent Fulgham  <bfulgham@apple.com>
1525
1526         [Win] Unreviewed project file corrections.
1527
1528         Correct some parsing errors caused by recent manual editing of
1529         the project files.
1530
1531         * WebCore.vcxproj/WebCore.vcxproj:
1532         * WebCore.vcxproj/WebCore.vcxproj.filters:
1533
1534 2015-02-04  Eric Carlson  <eric.carlson@apple.com>
1535
1536         [iOS] add method to toggle playback when in the background
1537         https://bugs.webkit.org/show_bug.cgi?id=141270
1538
1539         Reviewed by Dean Jackson.
1540
1541         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
1542         (-[WebAVPlayerController togglePlaybackEvenWhenInBackground:]): Added.
1543
1544 2015-02-04  Jer Noble  <jer.noble@apple.com>
1545
1546         [Mac][EME] Support ClearKey encryption with AES128-encrypted HLS
1547         https://bugs.webkit.org/show_bug.cgi?id=140825
1548
1549         Reviewed by Eric Carlson.
1550
1551         Test: http/tests/media/clearkey/clear-key-hls-aes128.html
1552
1553         Add support for ClearKey encryption when used with an AES-128 encrypted HLS stream.
1554
1555         * Modules/encryptedmedia/CDM.cpp:
1556         (WebCore::installedCDMFactories): Add the CDMPrivateClearKey factory.
1557         * Modules/encryptedmedia/CDMPrivateClearKey.cpp:
1558         (WebCore::CDMPrivateClearKey::supportsKeySystem): Support the "org.w3c.clearkey" key system.
1559         (WebCore::CDMPrivateClearKey::supportsKeySystemAndMimeType): Ditto.
1560         (WebCore::CDMPrivateClearKey::supportsMIMEType): Ditto.
1561         (WebCore::CDMPrivateClearKey::createSession): Create a CDMSessionClearKey.
1562         * Modules/encryptedmedia/CDMPrivateClearKey.h:
1563         (WebCore::CDMPrivateClearKey::create): Simple factory.
1564         (WebCore::CDMPrivateClearKey::~CDMPrivateClearKey): Virtual destructor.
1565         (WebCore::CDMPrivateClearKey::CDMPrivateClearKey): Simple destructor.
1566         * Modules/encryptedmedia/CDMSessionClearKey.cpp: Added.
1567         (WebCore::clearKeyVM): Static method returning the VM to be used by JSON parsing.
1568         (WebCore::CDMSessionClearKey::CDMSessionClearKey): Simple constructor.
1569         (WebCore::CDMSessionClearKey::~CDMSessionClearKey): Simple destructor.
1570         (WebCore::CDMSessionClearKey::generateKeyRequest): Store the initData, ensure that it consists of a UTF8-encoded key
1571             URI, and return same.
1572         (WebCore::CDMSessionClearKey::releaseKeys): Purged all cached keys.
1573         (WebCore::CDMSessionClearKey::update): Parse raw JSON-encoded JWK keys, rejecting non-AES, non-oct keys.
1574         (WebCore::CDMSessionClearKey::cachedKeyForKeyID): Return cached keys.
1575         * Modules/encryptedmedia/CDMSessionClearKey.h:
1576
1577         Add support for the "org.w3c.clearkey" CDM to MediaPlayerPrivateAVFoundationObjC, and do so in a platform-agnostic
1578         way by simply asking for raw key data from MediaPlayerClient when notified that a key has been added.
1579
1580         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
1581         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1582         (WebCore::keySystemIsSupported):
1583         (WebCore::MediaPlayerPrivateAVFoundationObjC::supportsType):
1584         (WebCore::MediaPlayerPrivateAVFoundationObjC::supportsKeySystem):
1585         (WebCore::fulfillRequestWithKeyData): Added utility method.
1586         (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
1587         (WebCore::MediaPlayerPrivateAVFoundationObjC::keyAdded):
1588
1589         Pipe a keyAdded() notification down to MediaPlayer and a cachedKeyForKeyId() request up to CDMSessionClearKey:
1590
1591         * Modules/encryptedmedia/MediaKeySession.cpp:
1592         (WebCore::MediaKeySession::cachedKeyForKeyId):
1593         (WebCore::MediaKeySession::addKeyTimerFired):
1594         * Modules/encryptedmedia/MediaKeySession.h:
1595         * Modules/encryptedmedia/MediaKeys.cpp:
1596         (WebCore::MediaKeys::keyAdded):
1597         (WebCore::MediaKeys::cachedKeyForKeyId):
1598         * Modules/encryptedmedia/MediaKeys.h:
1599         * html/HTMLMediaElement.cpp:
1600         (WebCore::HTMLMediaElement::keyAdded):
1601         * html/HTMLMediaElement.h:
1602         * platform/graphics/CDMSession.h:
1603         (WebCore::CDMSession::cachedKeyForKeyID):
1604         * platform/graphics/MediaPlayer.cpp:
1605         (WebCore::MediaPlayer::keyAdded):
1606         (WebCore::MediaPlayer::cachedKeyForKeyId):
1607         * platform/graphics/MediaPlayer.h:
1608         (WebCore::MediaPlayerClient::mediaPlayerCachedKeyForKeyId):
1609         * platform/graphics/MediaPlayerPrivate.h:
1610         (WebCore::MediaPlayerPrivateInterface::keyAdded):
1611
1612         Add new files to project:
1613
1614         * WebCore.xcodeproj/project.pbxproj:
1615         * CMakeLists.txt:
1616         * WebCore.vcxproj/WebCore.vcxproj:
1617         * WebCore.vcxproj/WebCore.vcxproj.filters:
1618
1619 2015-02-04  Commit Queue  <commit-queue@webkit.org>
1620
1621         Unreviewed, rolling out r179618.
1622         https://bugs.webkit.org/show_bug.cgi?id=141263
1623
1624         Off-by-one error causing flaky behavior in webaudio
1625         /audiobuffersource-negative-playbackrate.html (Requested by
1626         jernoble_ on #webkit).
1627
1628         Reverted changeset:
1629
1630         "[WebAudio] AudioBufferSourceNodes should accurately play
1631         backwards if given a negative playbackRate."
1632         https://bugs.webkit.org/show_bug.cgi?id=140955
1633         http://trac.webkit.org/changeset/179618
1634
1635 2015-02-03  David Hyatt  <hyatt@apple.com>
1636
1637         Tables don't repaginate properly when the pagination height changes or the pagination offset changes.
1638         https://bugs.webkit.org/show_bug.cgi?id=141207
1639         <rdar://problem/18387659>
1640
1641         Reviewed by Dean Jackson.
1642
1643         Added fast/multicol/table-dynamic-movement.html
1644
1645         Change markForPaginationRelayoutIfNeeded to be called always and to check needsLayout inside it.
1646
1647         Make RenderTable override markForPaginationRelayoutIfNeeded and also dirty the sections if the table
1648         ended up getting marked for relayout.
1649
1650         Make sure rows do the right thing as well.
1651
1652         * rendering/RenderBlock.cpp:
1653         (WebCore::RenderBlock::layoutPositionedObjects):
1654         (WebCore::RenderBlock::markForPaginationRelayoutIfNeeded):
1655         * rendering/RenderBlock.h:
1656         * rendering/RenderBlockFlow.cpp:
1657         (WebCore::RenderBlockFlow::layoutBlockChild):
1658         (WebCore::RenderBlockFlow::adjustBlockChildForPagination):
1659         (WebCore::RenderBlockFlow::positionNewFloats):
1660         * rendering/RenderDeprecatedFlexibleBox.cpp:
1661         (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
1662         (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
1663         * rendering/RenderTable.cpp:
1664         (WebCore::RenderTable::markForPaginationRelayoutIfNeeded):
1665         * rendering/RenderTable.h:
1666         * rendering/RenderTableRow.cpp:
1667         (WebCore::RenderTableRow::layout):
1668         * rendering/RenderTableSection.cpp:
1669         (WebCore::RenderTableSection::layout):
1670
1671 2015-02-04  Said Abou-Hallawa  <sabouhallawa@apple.com>
1672
1673         When using SVG as an image, we should load datauri images when these images are not in the image cache.
1674         https://bugs.webkit.org/show_bug.cgi?id=99677.
1675
1676         Reviewed by Darin Adler.
1677         
1678         Data URI sub-resources are not loaded because the networking context of FrameLoader
1679         attached to the SubResourceLoader is set to null. This is done intentionally to
1680         disallow any resource from loading external sub-resources. For example if an <img>
1681         tag has its 'src' attribute points to an svg file, this svg is not allowed to load
1682         an external image through the 'xlink' attribute of an <image> element. This restriction
1683         is not valid if the value of the 'xlink' attribute is a data URI. In this case the image 
1684         should be loaded into memory since there is no network traffic involved. All we need
1685         to do is to decode the data part of the URI.
1686         
1687         The fix is to pass the root FrameLoader, which has a valid NetworkingContext, through
1688         the FrameLoaderClient, to the ResourceHandle::create() which uses the NetworkingContext
1689         to decode the data and fire the load events of the data URI resources.
1690
1691         Tests:  svg/as-image/svg-image-with-data-uri-background.html
1692                 svg/as-image/svg-image-with-data-uri-from-canvas.html
1693                 svg/as-image/svg-image-with-data-uri-images-disabled.html
1694                 svg/as-image/svg-image-with-data-uri-reloading.html
1695                 svg/as-image/svg-image-with-data-uri-use-data-uri.svg
1696                 svg/as-image/svg-image-with-svg-data-uri.html
1697
1698         * accessibility/AccessibilityRenderObject.cpp:
1699         Remove unreferenced header file.
1700
1701         * loader/FrameLoaderClient.h:
1702         Define the null virtual function dataProtocolLoader() which should return the FrameLoader
1703         for loading data URI resources.
1704
1705         * loader/ResourceLoader.cpp:
1706         (WebCore::ResourceLoader::start):
1707         (WebCore::ResourceLoader::dataProtocolFrameLoader):
1708         * loader/ResourceLoader.h:
1709         Add ResourceLoader::dataProtocolFrameLoader() which returns the root FrameLoader. The
1710         root FrameLoader is used to get a valid NetworkingContext which can be passed to
1711         ResourceHandle::create() when url().protocolIsData().
1712
1713         * loader/cache/CachedImage.cpp:
1714         (WebCore::CachedImage::load):
1715         (WebCore::CachedImage::finishLoading):
1716         * loader/cache/CachedResourceLoader.cpp:
1717         (WebCore::CachedResourceLoader::shouldPerformImageLoad):
1718         (WebCore::CachedResourceLoader::shouldDeferImageLoad):
1719         * loader/cache/CachedResourceLoader.h:
1720         Allow loading data URI sub-resources as long as loading images is not disabled. Also we
1721         need to call setDataProtocolLoader() before calling setData() for the isSVGImage case, 
1722         setData() will create a page by calling Page::createPageFromBuffer() via SVGImage::dataChanged(),
1723         and we need to pass the correct FrameLoaderClient to the created FrameLoader of the main
1724          frame of this page.
1725
1726         * svg/graphics/SVGImage.cpp:
1727         (WebCore::SVGImage::SVGImage):
1728         (WebCore::SVGImage::dataChanged):
1729         * svg/graphics/SVGImage.h:
1730         Create a new FrameLoaderClient of type SVGFrameLoaderClient and set it in pageConfiguration
1731         which is used when creating the page from the SVG data URI.
1732
1733         * WebCore.xcodeproj/project.pbxproj:
1734         * svg/graphics/SVGImageChromeClient.h: Removed.
1735         * svg/graphics/SVGImageClients.h: Added.
1736         Add a new class SVGImageChromeClient which overrides the function dataProtocolLoader().
1737         Rename the header file SVGImageChromeClient.h to be SVGImageClients.h since it now 
1738         includes the classes SVGImageChromeClient and SVGFrameLoaderClient.
1739
1740 2015-02-04  Timothy Horton  <timothy_horton@apple.com>
1741
1742         Fix a misplaced include in CaptionUserPreferencesMediaAF
1743         https://bugs.webkit.org/show_bug.cgi?id=141239
1744
1745         Reviewed by Jer Noble.
1746
1747         * page/CaptionUserPreferencesMediaAF.cpp:
1748         CoreText is a system header, and there's already a good spot for it!
1749
1750 2015-02-04  Jer Noble  <jer.noble@apple.com>
1751
1752         [WebAudio] AudioBufferSourceNodes should accurately play backwards if given a negative playbackRate.
1753         https://bugs.webkit.org/show_bug.cgi?id=140955
1754
1755         Reviewed by Eric Carlson.
1756
1757         Tests: webaudio/audiobuffersource-negative-playbackrate-interpolated.html
1758                webaudio/audiobuffersource-negative-playbackrate.html
1759
1760         Add support for playing an AudioBufferSourceNode at a negative playbackRate. Change the meaning of
1761         start() to set the initial playback position at the end of the play range if the rate of playback
1762         is negtive.
1763
1764         * Modules/webaudio/AudioBufferSourceNode.cpp:
1765         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode): Allow the playbackRate AudioParam to range from [-32, 32].
1766         (WebCore::AudioBufferSourceNode::renderFromBuffer): Change variable names from "start" and "end" to "min" and "max"
1767             for clarity. Add a non-interpolated and interpolated render step for negative playback.
1768         (WebCore::AudioBufferSourceNode::start): Drive-by fix: default value of grainDuration is not 0.02.
1769         (WebCore::AudioBufferSourceNode::startPlaying): Start playing at the end of the buffer for negative playback.
1770         (WebCore::AudioBufferSourceNode::totalPitchRate): Allow the pitch to be negative.
1771
1772 2015-02-04  Eric Carlson  <eric.carlson@apple.com>
1773
1774         video.attribute should not return true just because of fullscreen
1775         https://bugs.webkit.org/show_bug.cgi?id=141219
1776
1777         Reviewed by Dean Jackson.
1778
1779         No new tests, updated media/video-fullscreeen-only-controls.html
1780
1781         * Modules/mediacontrols/mediaControlsApple.js:
1782         (Controller.prototype.shouldHaveControls):
1783         * Modules/mediacontrols/mediaControlsiOS.js:
1784         (ControllerIOS.prototype.isFullScreen):
1785
1786         * html/HTMLMediaElement.cpp:
1787         (WebCore::HTMLMediaElement::controls): Don't consider fullscreen status.
1788         (WebCore::HTMLMediaElement::configureMediaControls): Create controls if a video element
1789             isn't allowed to play inline, or if it is in fullscreen.
1790
1791 2015-02-04  Mark Lam  <mark.lam@apple.com>
1792
1793         Remove concept of makeUsableFromMultipleThreads().
1794         <https://webkit.org/b/141221>
1795
1796         Reviewed by Mark Hahnenberg.
1797
1798         No new tests.
1799
1800         * bindings/js/JSDOMWindowBase.cpp:
1801         (WebCore::JSDOMWindowBase::commonVM):
1802
1803 2015-02-04  Simon Fraser  <simon.fraser@apple.com>
1804
1805         [iOS WK2] Assert in ScrollingTreeOverflowScrollingNodeIOS::updateAfterChildren() on tab switching
1806         https://bugs.webkit.org/show_bug.cgi?id=141223
1807         rdar://problem/18458993
1808
1809         Reviewed by Tim Horton.
1810         
1811         It's possible to submit a RemoteLayerTree transaction that contains data
1812         about a created layer, but doesn't have any properties for that layer. This
1813         happens when the newly created layer isn't reached during the traversal that
1814         gathers layer properties (i.e. it's not rooted). However, whether we create
1815         a scrolling layer or not requires having properties; they are missing, so we
1816         create a normal layer, but then the scrolling tree commit asserts that we
1817         should have a scrolling layer.
1818         
1819         Fix by making scrolling layers have a corresponding layer type, which is
1820         stored in layer creation properties. This required exposing layer types
1821         up through GraphicsLayer, but that allows for some nice cleanup:
1822         
1823         1. No need to have the hokey shouldUseTiledBacking() GraphicsLayerClient hack
1824            for creating the page tiled layer.
1825         2. The notion of "custom behaviors" can be removed from GraphicsLayer entirely.
1826
1827         Not testable because it requires tab switching.
1828
1829         * WebCore.exp.in:
1830         * platform/graphics/GraphicsLayer.cpp:
1831         (WebCore::GraphicsLayer::GraphicsLayer):
1832         * platform/graphics/GraphicsLayer.h:
1833         (WebCore::GraphicsLayer::initialize):
1834         (WebCore::GraphicsLayer::setCustomBehavior): Deleted.
1835         (WebCore::GraphicsLayer::customBehavior): Deleted.
1836         * platform/graphics/GraphicsLayerClient.h:
1837         (WebCore::GraphicsLayerClient::shouldUseTiledBacking): Deleted.
1838         * platform/graphics/GraphicsLayerFactory.h:
1839         * platform/graphics/ca/GraphicsLayerCA.cpp:
1840         (WebCore::GraphicsLayer::create):
1841         (WebCore::GraphicsLayerCA::GraphicsLayerCA):
1842         (WebCore::GraphicsLayerCA::initialize):
1843         (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
1844         (WebCore::GraphicsLayerCA::ensureStructuralLayer):
1845         (WebCore::GraphicsLayerCA::swapFromOrToTiledLayer):
1846         (WebCore::GraphicsLayerCA::updateCustomBehavior): Deleted.
1847         (WebCore::GraphicsLayerCA::setCustomBehavior): Deleted.
1848         * platform/graphics/ca/GraphicsLayerCA.h:
1849         (WebCore::GraphicsLayerCA::moveAnimations):
1850         (WebCore::GraphicsLayerCA::copyAnimations):
1851         * platform/graphics/ca/PlatformCALayer.h:
1852         * platform/graphics/ca/mac/PlatformCALayerMac.h:
1853         * platform/graphics/ca/mac/PlatformCALayerMac.mm:
1854         (PlatformCALayerMac::PlatformCALayerMac):
1855         (PlatformCALayerMac::commonInit):
1856         (PlatformCALayerMac::updateCustomBehavior): Deleted.
1857         * rendering/RenderLayerBacking.cpp:
1858         (WebCore::RenderLayerBacking::createGraphicsLayer):
1859         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
1860         (WebCore::RenderLayerBacking::updateScrollingLayers):
1861         (WebCore::RenderLayerBacking::shouldUseTiledBacking): Deleted.
1862         * rendering/RenderLayerBacking.h:
1863
1864 2015-02-04  Dean Jackson  <dino@apple.com>
1865
1866         [Media] Fullscreen button should always come last in inline controls (141245)
1867         https://bugs.webkit.org/show_bug.cgi?id=141245
1868         <rdar://problem/19714622>
1869
1870         Reviewed by Eric Carlson.
1871
1872         Make sure the optimizedFullscreen button is inserted before the
1873         normal fullscreen button.
1874
1875         * Modules/mediacontrols/mediaControlsiOS.js:
1876         (ControllerIOS.prototype.configureInlineControls):
1877
1878 2015-02-04  Dean Jackson  <dino@apple.com>
1879
1880         REGRESSION: AirPlay button not visible but present in inline toolbar
1881         https://bugs.webkit.org/show_bug.cgi?id=141244
1882         <rdar://problem/19328322>
1883
1884         Reviewed by Eric Carlson.
1885
1886         Replace the use of mask-image with a background-image (which matches
1887         what the other buttons are doing).
1888
1889         * Modules/mediacontrols/mediaControlsiOS.css:
1890         (::-webkit-media-controls):
1891         (video::-webkit-media-controls-wireless-playback-picker-button):
1892         (audio::-webkit-media-controls-wireless-playback-picker-button):
1893         (video::-webkit-media-controls-wireless-playback-picker-button.active):
1894         (audio::-webkit-media-controls-wireless-playback-picker-button.active):
1895
1896 2015-02-04  Chris Dumez  <cdumez@apple.com>
1897
1898         Add removeFirst(value) / removeAll(value) methods to WTF::Vector
1899         https://bugs.webkit.org/show_bug.cgi?id=141192
1900
1901         Reviewed by Benjamin Poulain.
1902
1903         Use new Vector::removeFirst(value) / removeAll(value) API to simplify the
1904         code a bit.
1905
1906         * css/StyleSheetContents.cpp:
1907         (WebCore::StyleSheetContents::unregisterClient):
1908         * html/HTMLFormElement.cpp:
1909         (WebCore::HTMLFormElement::removeFormElement):
1910         (WebCore::HTMLFormElement::removeImgElement):
1911         (WebCore::removeFromVector): Deleted.
1912         * page/Chrome.cpp:
1913         (WebCore::Chrome::unregisterPopupOpeningObserver):
1914         * page/PageOverlayController.cpp:
1915         (WebCore::PageOverlayController::uninstallPageOverlay):
1916         * page/SecurityPolicy.cpp:
1917         (WebCore::SecurityPolicy::removeOriginAccessWhitelistEntry):
1918         * platform/graphics/GraphicsLayer.cpp:
1919         (WebCore::GraphicsLayer::removeFromParent):
1920         * platform/graphics/texmap/TextureMapperAnimation.cpp:
1921         (WebCore::TextureMapperAnimations::remove):
1922         * rendering/RenderSearchField.cpp:
1923         (WebCore::RenderSearchField::addSearchResult):
1924         * rendering/RenderTable.cpp:
1925         (WebCore::RenderTable::removeCaption):
1926         * rendering/svg/RenderSVGText.cpp:
1927         (WebCore::RenderSVGText::subtreeChildWillBeRemoved):
1928         * svg/SVGDocumentExtensions.cpp:
1929         (WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget):
1930         * svg/animation/SMILTimeContainer.cpp:
1931         (WebCore::SMILTimeContainer::unschedule):
1932
1933 2015-02-03  Maciej Stachowiak  <mjs@apple.com>
1934
1935         Crash when printing snapshotted plugins
1936         https://bugs.webkit.org/show_bug.cgi?id=141212
1937
1938         Reviewed by Simon Fraser.
1939
1940         Test: plugins/snapshotting/print-snapshotted-plugin.html
1941
1942         * html/HTMLPlugInImageElement.cpp:
1943         (WebCore::HTMLPlugInImageElement::childShouldCreateRenderer): New
1944         method. If the current renderer is a snapshotted plugin, only
1945         allow children to create renderers if they are part of the
1946         snapshot shadow dom. Otherwise RenderEmbeddedObject invariants
1947         will be violated. This DOM class can have many other renderers, but they
1948         can just follow their own rules.
1949         (WebCore::HTMLPlugInImageElement::partOfSnapshotOverlay): Make this
1950         const-correct, and don't create UA shadow DOM as a side effect if it doesn't
1951         already exist.
1952         * html/HTMLPlugInImageElement.h:
1953
1954 2015-02-03  Chris Dumez  <cdumez@apple.com>
1955
1956         Regression(r179584): Assertion hit in toResourceLoadPriority() on Yosemite
1957         https://bugs.webkit.org/show_bug.cgi?id=141230
1958
1959         Reviewed by Alexey Proskuryakov.
1960
1961         Handle -1 priority value again in toResourceLoadPriority() as it seems to
1962         be returned by CFNetwork on some configurations.
1963
1964         No new tests, already covered by existing tests.
1965
1966         * platform/network/cf/ResourceRequestCFNet.h:
1967         (WebCore::toResourceLoadPriority):
1968
1969 2015-02-03  Chris Dumez  <cdumez@apple.com>
1970
1971         Drop ResourceLoadPriorityUnresolved resource load priority and use Optional<> instead
1972         https://bugs.webkit.org/show_bug.cgi?id=141186
1973
1974         Reviewed by Antti Koivisto.
1975
1976         Drop ResourceLoadPriorityUnresolved resource load priority value and use
1977         Optional<ResourceLoadPriority> when needed instead. If the Optional
1978         doesn't have a value, then it means it is unresolved. Having
1979         ResourceLoadPriorityUnresolved in ResourceLoadPriority was confusing
1980         because this value is only valid in CachedResourceRequest, it is not
1981         a valid value in CachedResource or in ResourceRequest. After this
1982         refactoring, it now becomes more obvious.
1983
1984 2015-02-03  Chris Dumez  <cdumez@apple.com>
1985
1986         REGRESSION(176609): Very high memory usage in Canvas/reuse.html performance test
1987         https://bugs.webkit.org/show_bug.cgi?id=139812
1988
1989         Reviewed by Geoffrey Garen.
1990
1991         Update DOMTimerFireState.elementsChangedOutsideViewport to keep only
1992         weak pointers to the Elements, instead of ref'ing them, so as to not
1993         extend their life unnecessarily (by preventing garbage-collection).
1994         The same approach was already adopted in r176496 for
1995         DOMTimer.m_elementsCausingThrottling to address the same issue.
1996
1997         No new tests, already covered by Canvas/reuse.html performance test.
1998
1999         * page/DOMTimer.cpp:
2000         (WebCore::DOMTimerFireState::setScriptMadeNonUserObservableChangesToElement):
2001         (WebCore::DOMTimerFireState::elementsChangedOutsideViewport):
2002
2003 2015-02-03  Jer Noble  <jer.noble@apple.com>
2004
2005         [MSE] Setting timestampOffset does not change the timestamps in the actual sample, leading to visual and audible errors.
2006         https://bugs.webkit.org/show_bug.cgi?id=140929
2007
2008         Reviewed by Alexey Proskuryakov.
2009
2010         Fixes http/tests/media/media-source/mediasource-config-change-mp4-v-framerate.html.
2011
2012         Only apply the timestamp offset to the actual sample after step 1.6, where we may loop back to
2013         the top, to avoid double-offsetting the same sample.
2014
2015         * Modules/mediasource/SourceBuffer.cpp:
2016         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
2017
2018 2015-02-03  Jeremy Jones  <jeremyj@apple.com>
2019
2020         Restore interface before exiting optimized fullscreen mode.
2021         https://bugs.webkit.org/show_bug.cgi?id=141167
2022
2023         Reviewed by Simon Fraser.
2024
2025         This change allows the user interface to be restored before exiting optimized fullscreen mode.
2026
2027         * platform/ios/WebVideoFullscreenInterfaceAVKit.h: Add declaration.
2028         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: 
2029         (-[WebAVPlayerController playerViewController:restoreUserInterfaceForOptimizedFullscreenStopWithCompletionHandler:]): Added.
2030         (WebVideoFullscreenInterfaceAVKit::fullscreenMayReturnToInline): Added.
2031         * platform/spi/ios/AVKitSPI.h: Add new SPI.
2032
2033 2015-02-03  Jeremy Jones  <jeremyj@apple.com>
2034
2035         Prevent flicker when exiting fullscreen by synchronizing transactions.
2036         https://bugs.webkit.org/show_bug.cgi?id=140897
2037
2038         Reviewed by Tim Horton.
2039
2040         Synchronize across CAContexts when moving the video layer between layer hierarchies.
2041         Normally transactions involving multiple CAContexts are not synchronized.
2042
2043         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2044         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
2045         * platform/spi/cocoa/QuartzCoreSPI.h: add additional CAContext SPI declarations.
2046
2047 2015-02-03  Ryosuke Niwa  <rniwa@webkit.org>
2048
2049         Smart quoting could move the caret backwards in some configurations
2050         https://bugs.webkit.org/show_bug.cgi?id=141203
2051         <rdar://problem/17452543>
2052
2053         Reviewed by Enrica Casucci.
2054
2055         The bug was caused by markAndReplaceFor not running the code to preserve the selection after
2056         text replacement only when smart quote is enabled. Furthermore, when smart link was disabled,
2057         we never applied smart quote due to the following condition at line 2502:
2058
2059         if (!(shouldPerformReplacement || shouldCheckForCorrection || shouldMarkLink) || !doReplacement)
2060             continue;
2061
2062         This condition prevented the code to apply smart quote from running when both continuous
2063         spellchecking, smart link, and text replacement are disabled.
2064
2065         Fixed the bug by treating smart quotes and smart dashes like any other text replacement and set
2066         shouldPerformReplacement to true whenever either one of those text checking options are present.
2067
2068         Smart link didn't have this issue due to the explicit check for shouldMarkLink.
2069
2070         Smart dashes didn't suffer this problem either because dashes replacement happens only once
2071         the caret has moved past the dashes but his patch makes go through the same code path to preserve
2072         the selection as well for consistency.
2073
2074         Test: editing/inserting/smart-quote-with-all-configurations.html
2075
2076         * editing/Editor.cpp:
2077         (WebCore::Editor::markAndReplaceFor):
2078
2079 2015-02-02  Enrica Casucci  <enrica@apple.com>
2080
2081         Additional emoji support.
2082         https://bugs.webkit.org/show_bug.cgi?id=141047
2083         rdar://problem/19045135
2084
2085         Reviewed by Darin Adler.
2086
2087         Adds support for emoji modifiers and group emoji.
2088
2089         Test: editing/deleting/delete-emoji.html
2090
2091         * platform/graphics/FontCascade.cpp:
2092         (WebCore::FontCascade::characterRangeCodePath):
2093         * platform/text/TextBreakIterator.cpp:
2094         (WebCore::cursorMovementIterator):
2095         * rendering/RenderText.cpp:
2096         (WebCore::isEmojiGroupCandidate):
2097         (WebCore::isEmojiModifier):
2098         (WebCore::RenderText::previousOffsetForBackwardDeletion):
2099
2100 2015-02-03  Jer Noble  <jer.noble@apple.com>
2101
2102         Passing invalid values to OfflineAudioContext's constructor should not crash.
2103         https://bugs.webkit.org/show_bug.cgi?id=141197
2104
2105         Reviewed by Darin Adler.
2106
2107         Test: webaudio/offlineaudiocontext-constructor.html
2108
2109         Throw a SYNTAX_ERR exception if passed in a zero for channelCount or numberOfSamples. This avoids
2110         a crash where OfflineAudioDestinationNode is passed a null renderTarget.
2111
2112         * Modules/webaudio/OfflineAudioContext.cpp:
2113         (WebCore::OfflineAudioContext::create):
2114
2115 2015-02-03  Jer Noble  <jer.noble@apple.com>
2116
2117         [MSE] Setting timestampOffset does not change the timestamps in the actual sample, leading to visual and audible errors.
2118         https://bugs.webkit.org/show_bug.cgi?id=140929
2119
2120         Reviewed by Darin Adler.
2121
2122         Test: media/media-source/media-source-timeoffset.html
2123
2124         Changing timestampOffset will correctly offset the presentation and decode times within SourceBuffer and
2125         will correctly modify things like buffered ranges. But those changes need to be reflected in the underlying
2126         MediaSample for decoders to decode and display the samples at the correct times.
2127
2128         Add a method to MediaSample which allows the caller to offset timestamps of the underlying PlatformMediaSample.
2129
2130         * Modules/mediasource/SourceBuffer.cpp:
2131         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): Call offsetTimestampsBy() on the sample.
2132         * platform/MediaSample.h:
2133         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2134         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Create a new sample with the same underlying data
2135             but with a new timing info array, each timing info offset by the requested amount.
2136         * platform/mock/mediasource/MockBox.h:
2137         (WebCore::MockBox::offsetTimestampsBy): Offset m_presentationTimestamp and m_decodeTimestamp;
2138         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
2139         (WebCore::MockMediaSample::offsetTimestampsBy): Pass to MockBox.
2140
2141 2015-02-03  Jer Noble  <jer.noble@apple.com>
2142
2143         [Mac][EME] Crash in CDMSessionMediaSourceAVFObjC::layerDidReceiveError() - NSError not KVO compliant for key NSUnderlyingError.
2144         https://bugs.webkit.org/show_bug.cgi?id=140529
2145
2146         Reviewed by Darin Adler.
2147
2148         The underlying error should be fetched from the userInfo dictionary, not the error itself.
2149
2150         * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
2151         (WebCore::systemCodeForError):
2152
2153 2015-02-03  Commit Queue  <commit-queue@webkit.org>
2154
2155         Unreviewed, rolling out r179548.
2156         https://bugs.webkit.org/show_bug.cgi?id=141201
2157
2158         Hits debug assertions in 50+ SVG tests (Requested by brrian on
2159         #webkit).
2160
2161         Reverted changeset:
2162
2163         "Move InstanceInvalidationGuard/UpdateBlocker to SVGElement
2164         from SVGElementInstance"
2165         https://bugs.webkit.org/show_bug.cgi?id=141148
2166         http://trac.webkit.org/changeset/179548
2167
2168 2015-02-03  Jer Noble  <jer.noble@apple.com>
2169
2170         [Mac] HLS audio is not correctly selected according to system language
2171         https://bugs.webkit.org/show_bug.cgi?id=140398
2172         rdar://problem/19218487
2173
2174         Reviewed by Darin Adler.
2175
2176         Test: http/tests/media/hls/hls-audio-tracks-locale-selection.html
2177
2178         When AVMediaSelectionOptions come and go and no explicit track selection choice has
2179         been made, automatically pick the most appropriate track according to the user's
2180         current preferred locale settings.
2181
2182         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h:
2183         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
2184         (WebCore::MediaSelectionGroupAVFObjC::MediaSelectionGroupAVFObjC): Set m_shouldSelectOptionAutomatically
2185             to true by default.
2186         (WebCore::MediaSelectionGroupAVFObjC::updateOptions): If m_shouldSelectOptionAutomatically is set
2187             pick the most appropriate media selection option.
2188         (WebCore::MediaSelectionGroupAVFObjC::setSelectedOption): Set m_shouldSelectOptionAutomatically to false.
2189         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2190         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem): Remove these automatic selection
2191             requests as they are ineffective when -appliesMediaSelectionCriteriaAutomatically is NO.
2192
2193 2015-02-03  Darin Adler  <darin@apple.com>
2194
2195         Move InstanceInvalidationGuard/UpdateBlocker to SVGElement from SVGElementInstance
2196         https://bugs.webkit.org/show_bug.cgi?id=141148
2197
2198         Reviewed by Brent Fulgham.
2199
2200         Inspired by this change Rob Buis made in Blink:
2201
2202             http://src.chromium.org/viewvc/blink?view=revision&revision=173343
2203
2204         I actually wrote the whole thing and then discovered we did it almost identically.
2205
2206         * svg/SVGAnimatedTypeAnimator.cpp:
2207         (WebCore::SVGElementAnimatedPropertyList::setInstanceUpdatesBlocked): Added this
2208         helper function to get around a circular header dependency.
2209         * svg/SVGAnimatedTypeAnimator.h:
2210         (WebCore::SVGAnimatedTypeAnimator::executeAction): Use setInstanceUpdatesBlocked.
2211
2212         * svg/SVGElement.cpp:
2213         (WebCore::SVGElement::removedFrom): Use invalidateInstances.
2214         (WebCore::SVGElement::finishParsingChildren): Ditto.
2215         (WebCore::SVGElement::svgAttributeChanged): Ditto.
2216         (WebCore::SVGElement::childrenChanged): Ditto.
2217         (WebCore::SVGElement::setInstanceUpdatesBlocked): Added an assertion that will
2218         catch anyone who nests InstanceUpdateBlocker by accident.
2219         (WebCore::SVGElement::invalidateInstances): Moved this here from
2220         SVGElementInstance::invalidateAllInstancesOfElement. I had already modified this
2221         so it had nothing to do with SVGElementInstance, so it was a simple matter of
2222         converting this into a member function. Added a FIXME about the mysterious
2223         updateStyleIfNeeded that makes multiple tests fail if it's removed.
2224
2225         * svg/SVGElement.h: Added public InstanceUpdateBlocker class, protected
2226         InstanceInvalidationGuard class, and private invalidateInstances function.
2227         Unlike the ones in SVGElementInstance these use references so they are then
2228         not copyable without using the WTF_MAKE_NONCOPYABLE macro.
2229
2230         * svg/SVGElementInstance.cpp:
2231         (WebCore::SVGElementInstance::invalidateAllInstancesOfElement): Deleted.
2232         (WebCore::SVGElementInstance::InstanceUpdateBlocker::InstanceUpdateBlocker): Deleted.
2233         (WebCore::SVGElementInstance::InstanceUpdateBlocker::~InstanceUpdateBlocker): Deleted.
2234         * svg/SVGElementInstance.h: Removed InvalidationGuard, InstanceUpdateBlocker, and
2235         invalidateAllInstancesOfElement. Didn't do any further cleanup since we soon will
2236         delete this entire file.
2237
2238         * svg/SVGAElement.cpp:
2239         (WebCore::SVGAElement::svgAttributeChanged): Updated to use new name and reference
2240         instead of pointer.
2241         * svg/SVGAnimateElementBase.cpp:
2242         (WebCore::applyCSSPropertyToTargetAndInstances): Ditto.
2243         (WebCore::removeCSSPropertyFromTargetAndInstances): Ditto.
2244         (WebCore::notifyTargetAndInstancesAboutAnimValChange): Ditto.
2245         * svg/SVGAnimatedPath.cpp:
2246         (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation): Ditto.
2247         * svg/SVGCircleElement.cpp:
2248         (WebCore::SVGCircleElement::svgAttributeChanged): Ditto.
2249         * svg/SVGClipPathElement.cpp:
2250         (WebCore::SVGClipPathElement::svgAttributeChanged): Ditto.
2251         * svg/SVGComponentTransferFunctionElement.cpp:
2252         (WebCore::SVGComponentTransferFunctionElement::svgAttributeChanged): Ditto.
2253         * svg/SVGCursorElement.cpp:
2254         (WebCore::SVGCursorElement::svgAttributeChanged): Ditto.
2255         * svg/SVGEllipseElement.cpp:
2256         (WebCore::SVGEllipseElement::svgAttributeChanged): Ditto.
2257         * svg/SVGFEBlendElement.cpp:
2258         (WebCore::SVGFEBlendElement::svgAttributeChanged): Ditto.
2259         * svg/SVGFEColorMatrixElement.cpp:
2260         (WebCore::SVGFEColorMatrixElement::svgAttributeChanged): Ditto.
2261         * svg/SVGFECompositeElement.cpp:
2262         (WebCore::SVGFECompositeElement::svgAttributeChanged): Ditto.
2263         * svg/SVGFEConvolveMatrixElement.cpp:
2264         (WebCore::SVGFEConvolveMatrixElement::svgAttributeChanged): Ditto.
2265         * svg/SVGFEDiffuseLightingElement.cpp:
2266         (WebCore::SVGFEDiffuseLightingElement::svgAttributeChanged): Ditto.
2267         * svg/SVGFEDisplacementMapElement.cpp:
2268         (WebCore::SVGFEDisplacementMapElement::svgAttributeChanged): Ditto.
2269         * svg/SVGFEDropShadowElement.cpp:
2270         (WebCore::SVGFEDropShadowElement::svgAttributeChanged): Ditto.
2271         * svg/SVGFEGaussianBlurElement.cpp:
2272         (WebCore::SVGFEGaussianBlurElement::svgAttributeChanged): Ditto.
2273         * svg/SVGFEImageElement.cpp:
2274         (WebCore::SVGFEImageElement::svgAttributeChanged): Ditto.
2275         * svg/SVGFELightElement.cpp:
2276         (WebCore::SVGFELightElement::svgAttributeChanged): Ditto.
2277         * svg/SVGFEMergeNodeElement.cpp:
2278         (WebCore::SVGFEMergeNodeElement::svgAttributeChanged): Ditto.
2279         * svg/SVGFEMorphologyElement.cpp:
2280         (WebCore::SVGFEMorphologyElement::svgAttributeChanged): Ditto.
2281         * svg/SVGFEOffsetElement.cpp:
2282         (WebCore::SVGFEOffsetElement::svgAttributeChanged): Ditto.
2283         * svg/SVGFESpecularLightingElement.cpp:
2284         (WebCore::SVGFESpecularLightingElement::svgAttributeChanged): Ditto.
2285         * svg/SVGFETileElement.cpp:
2286         (WebCore::SVGFETileElement::svgAttributeChanged): Ditto.
2287         * svg/SVGFETurbulenceElement.cpp:
2288         (WebCore::SVGFETurbulenceElement::svgAttributeChanged): Ditto.
2289         * svg/SVGFilterElement.cpp:
2290         (WebCore::SVGFilterElement::svgAttributeChanged): Ditto.
2291         * svg/SVGFilterPrimitiveStandardAttributes.cpp:
2292         (WebCore::SVGFilterPrimitiveStandardAttributes::svgAttributeChanged): Ditto.
2293         * svg/SVGForeignObjectElement.cpp:
2294         (WebCore::SVGForeignObjectElement::svgAttributeChanged): Ditto.
2295         * svg/SVGGElement.cpp:
2296         (WebCore::SVGGElement::svgAttributeChanged): Ditto.
2297         * svg/SVGGradientElement.cpp:
2298         (WebCore::SVGGradientElement::svgAttributeChanged): Ditto.
2299         * svg/SVGGraphicsElement.cpp:
2300         (WebCore::SVGGraphicsElement::svgAttributeChanged): Ditto.
2301         * svg/SVGImageElement.cpp:
2302         (WebCore::SVGImageElement::svgAttributeChanged): Ditto.
2303         * svg/SVGLineElement.cpp:
2304         (WebCore::SVGLineElement::svgAttributeChanged): Ditto.
2305         * svg/SVGLinearGradientElement.cpp:
2306         (WebCore::SVGLinearGradientElement::svgAttributeChanged): Ditto.
2307         * svg/SVGMPathElement.cpp:
2308         (WebCore::SVGMPathElement::svgAttributeChanged): Ditto.
2309         * svg/SVGMarkerElement.cpp:
2310         (WebCore::SVGMarkerElement::svgAttributeChanged): Ditto.
2311         * svg/SVGMaskElement.cpp:
2312         (WebCore::SVGMaskElement::svgAttributeChanged): Ditto.
2313         * svg/SVGPathElement.cpp:
2314         (WebCore::SVGPathElement::svgAttributeChanged): Ditto.
2315         * svg/SVGPatternElement.cpp:
2316         (WebCore::SVGPatternElement::svgAttributeChanged): Ditto.
2317         * svg/SVGPolyElement.cpp:
2318         (WebCore::SVGPolyElement::svgAttributeChanged): Ditto.
2319         * svg/SVGRadialGradientElement.cpp:
2320         (WebCore::SVGRadialGradientElement::svgAttributeChanged): Ditto.
2321         * svg/SVGRectElement.cpp:
2322         (WebCore::SVGRectElement::svgAttributeChanged): Ditto.
2323         * svg/SVGSVGElement.cpp:
2324         (WebCore::SVGSVGElement::svgAttributeChanged): Ditto.
2325         * svg/SVGScriptElement.cpp:
2326         (WebCore::SVGScriptElement::svgAttributeChanged): Ditto.
2327         * svg/SVGStopElement.cpp:
2328         (WebCore::SVGStopElement::svgAttributeChanged): Ditto.
2329         * svg/SVGSymbolElement.cpp:
2330         (WebCore::SVGSymbolElement::svgAttributeChanged): Ditto.
2331         * svg/SVGTRefElement.cpp:
2332         (WebCore::SVGTRefElement::svgAttributeChanged): Ditto.
2333         * svg/SVGTextContentElement.cpp:
2334         (WebCore::SVGTextContentElement::svgAttributeChanged): Ditto.
2335         * svg/SVGTextPathElement.cpp:
2336         (WebCore::SVGTextPathElement::svgAttributeChanged): Ditto.
2337         * svg/SVGTextPositioningElement.cpp:
2338         (WebCore::SVGTextPositioningElement::svgAttributeChanged): Ditto.
2339         * svg/SVGUseElement.cpp:
2340         (WebCore::SVGUseElement::svgAttributeChanged): Ditto.
2341         * svg/animation/SVGSMILElement.cpp:
2342         (WebCore::SVGSMILElement::svgAttributeChanged): Ditto.
2343
2344 2015-02-02  Darin Adler  <darin@apple.com>
2345
2346         REGRESSION (r170576): Storage leaks in parsing of CSS image sizes
2347         https://bugs.webkit.org/show_bug.cgi?id=141026
2348
2349         Reviewed by Brent Fulgham.
2350
2351         Forgot to actually fix the leak in the successful parse case!
2352
2353         * css/CSSParser.cpp:
2354         (WebCore::CSSParser::sourceSize): Added a call to destroy.
2355
2356 2015-02-02  Benjamin Poulain  <benjamin@webkit.org>
2357
2358         JIT Compile simple cases of :nth-last-child()
2359         https://bugs.webkit.org/show_bug.cgi?id=141053
2360
2361         Reviewed by Andreas Kling.
2362
2363         This patch adds the code generator for :nth-last-child(), skipping
2364         any :nth-last-child(An+B of selector list).
2365
2366         The code generator is boring here, nothing fancy.
2367         There is no optimization opportunity here so it is basically the same
2368         speed as the code generated by Clang when the simple selector is alone.
2369
2370         The only reason to JIT compile this is to avoid going to slow-path
2371         for every selector that contain :nth-last-child().
2372
2373         * cssjit/SelectorCompiler.cpp:
2374         (WebCore::SelectorCompiler::addNthChildType):
2375         The code creating the intermediate representation of :nth-child() is exactly
2376         the same as what we need for :nth-last-child(). I extracted the code from addPseudoClassType()
2377         and share it for both simple selectors.
2378
2379         (WebCore::SelectorCompiler::addPseudoClassType):
2380         I fail :nth-last-child(An+B of selector list). Let's add it later.
2381
2382         (WebCore::SelectorCompiler::minimumRegisterRequirements):
2383         Oops, there was a bug with nthChildOfFilters.
2384
2385         (WebCore::SelectorCompiler::hasAnyCombinators):
2386         (WebCore::SelectorCompiler::computeBacktrackingMemoryRequirements):
2387         (WebCore::SelectorCompiler::computeBacktrackingInformation):
2388         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
2389         (WebCore::SelectorCompiler::setChildrenAffectedByBackwardPositionalRules):
2390         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
2391
2392 2015-02-02  Zalan Bujtas  <zalan@apple.com>
2393
2394         Simple line layout: Rename FlowContentsIterator to TextFragmentIterator.
2395         https://bugs.webkit.org/show_bug.cgi?id=141177
2396
2397         Rubber-stamped by Antti Koivisto
2398
2399         FlowContentsIterator is easy to confuse with FlowContents::Iterator.
2400         TextFragmentIterator reflects the functionality better.
2401
2402         No change in functionality.
2403
2404         * CMakeLists.txt:
2405         * WebCore.vcxproj/WebCore.vcxproj:
2406         * WebCore.vcxproj/WebCore.vcxproj.filters:
2407         * WebCore.xcodeproj/project.pbxproj:
2408         * rendering/SimpleLineLayout.cpp:
2409         (WebCore::SimpleLineLayout::LineState::setOverflowedFragment):
2410         (WebCore::SimpleLineLayout::LineState::overflowedFragment):
2411         (WebCore::SimpleLineLayout::LineState::appendFragment):
2412         (WebCore::SimpleLineLayout::begin):
2413         (WebCore::SimpleLineLayout::end):
2414         (WebCore::SimpleLineLayout::preWrap):
2415         (WebCore::SimpleLineLayout::removeTrailingWhitespace):
2416         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
2417         (WebCore::SimpleLineLayout::firstFragment):
2418         (WebCore::SimpleLineLayout::createLineRuns):
2419         (WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):
2420         (WebCore::SimpleLineLayout::splitRunsAtRendererBoundary):
2421         (WebCore::SimpleLineLayout::createTextRuns):
2422         * rendering/SimpleLineLayoutTextFragmentIterator.cpp: Renamed from Source/WebCore/rendering/SimpleLineLayoutFlowContentsIterator.cpp.
2423         (WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style):
2424         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragmentIterator):
2425         (WebCore::SimpleLineLayout::TextFragmentIterator::nextTextFragment):
2426         (WebCore::SimpleLineLayout::TextFragmentIterator::textWidth):
2427         (WebCore::SimpleLineLayout::nextBreakablePosition):
2428         (WebCore::SimpleLineLayout::TextFragmentIterator::findNextBreakablePosition):
2429         (WebCore::SimpleLineLayout::findNextNonWhitespace):
2430         (WebCore::SimpleLineLayout::TextFragmentIterator::findNextNonWhitespacePosition):
2431         (WebCore::SimpleLineLayout::TextFragmentIterator::runWidth):
2432         * rendering/SimpleLineLayoutTextFragmentIterator.h: Renamed from Source/WebCore/rendering/SimpleLineLayoutFlowContentsIterator.h.
2433         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::TextFragment):
2434         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::start):
2435         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::end):
2436         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::width):
2437         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::type):
2438         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::isCollapsed):
2439         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::isBreakable):
2440         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::isEmpty):
2441         (WebCore::SimpleLineLayout::TextFragmentIterator::style):
2442         (WebCore::SimpleLineLayout::TextFragmentIterator::segmentForPosition):
2443         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::split):
2444         (WebCore::SimpleLineLayout::TextFragmentIterator::characterAt):
2445         (WebCore::SimpleLineLayout::TextFragmentIterator::isLineBreak):
2446         (WebCore::SimpleLineLayout::TextFragmentIterator::isEnd):
2447
2448 2015-02-02  Chris Dumez  <cdumez@apple.com>
2449
2450         Add diagnostic logging for ResourceResponse's source
2451         https://bugs.webkit.org/show_bug.cgi?id=141170
2452         <rdar://problem/19632080>
2453
2454         Reviewed by Antti Koivisto.
2455
2456         Add diagnostic logging for ResourceResponse's source (network, disk
2457         cache, disk cache after validation) to give us an idea of our network
2458         cache efficacy.
2459
2460         * loader/ResourceLoader.cpp:
2461         (WebCore::logResourceResponseSource):
2462         (WebCore::ResourceLoader::didReceiveResponse):
2463         * page/DiagnosticLoggingKeys.cpp:
2464         (WebCore::DiagnosticLoggingKeys::networkKey):
2465         (WebCore::DiagnosticLoggingKeys::diskCacheKey):
2466         (WebCore::DiagnosticLoggingKeys::diskCacheAfterValidationKey):
2467         (WebCore::DiagnosticLoggingKeys::resourceResponseKey):
2468         (WebCore::DiagnosticLoggingKeys::scriptKey):
2469         (WebCore::DiagnosticLoggingKeys::sourceKey):
2470         * page/DiagnosticLoggingKeys.h:
2471
2472 2015-02-02  Dhi Aurrahman  <diorahman@rockybars.com>
2473
2474         Optimize matchesLangPseudoClass() of :lang()
2475         https://bugs.webkit.org/show_bug.cgi?id=140873
2476
2477         Reviewed by Darin Adler.
2478
2479         Avoid unnecessary memory allocation.
2480
2481         No new tests, no behavior changed.
2482
2483         * css/SelectorCheckerTestFunctions.h:
2484         (WebCore::equalIgnoringASCIICase):
2485         (WebCore::containslanguageSubtagMatchingRange):
2486         (WebCore::matchesLangPseudoClass):
2487
2488 2015-02-02  Roger Fong  <roger_fong@apple.com>
2489
2490         WebGL2: Implement spec section 3.7.1 Setting and getting state (Part 2).
2491         https://bugs.webkit.org/show_bug.cgi?id=141096
2492         <rdar://problem/15002469>
2493
2494         Reviewed by Brent Fulgham.
2495
2496         This patch handles some of the valid arguments that could be passed into getParameter.
2497         The unhandled cases will be implemented as the associated WebGL2 features are implemented.
2498         In addition, getParameter queries that return 64 bit integer currently just return 0 as 
2499         we need to use ::glGetInteger64v which is only available in GLES 3.0 headers.
2500         I will be adding these headers in a future patch.
2501
2502         * bindings/js/JSWebGL2RenderingContextCustom.cpp:
2503         (WebCore::toJS): Accept a 64 bit integer type.
2504         * html/canvas/WebGL2RenderingContext.cpp: Handle various parameter inputs.
2505         (WebCore::WebGL2RenderingContext::getParameter):
2506         * html/canvas/WebGLGetInfo.cpp: Add a 64 bit integer type.
2507         (WebCore::WebGLGetInfo::WebGLGetInfo):
2508         (WebCore::WebGLGetInfo::getInt64):
2509         * html/canvas/WebGLGetInfo.h:
2510         * html/canvas/WebGLRenderingContextBase.cpp:
2511         (WebCore::WebGLRenderingContextBase::getInt64Parameter):
2512         * html/canvas/WebGLRenderingContextBase.h:
2513         * platform/graphics/GraphicsContext3D.h:
2514         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
2515         (WebCore::GraphicsContext3D::getInteger64v):
2516
2517 2015-02-02  Zalan Bujtas  <zalan@apple.com>
2518
2519         Simple line layout: use std::upper_bound in splitFragmentToFitLine()
2520         https://bugs.webkit.org/show_bug.cgi?id=141146
2521
2522         Reviewed by Antti Koivisto.
2523
2524         Replace the custom binary search implementation with std::upper_bound and
2525         move splitting functionality to TextFragment.
2526
2527         No change in functionality.
2528
2529         * rendering/SimpleLineLayout.cpp:
2530         (WebCore::SimpleLineLayout::FragmentForwardIterator::FragmentForwardIterator):
2531         (WebCore::SimpleLineLayout::FragmentForwardIterator::operator++):
2532         (WebCore::SimpleLineLayout::FragmentForwardIterator::operator!=):
2533         (WebCore::SimpleLineLayout::FragmentForwardIterator::operator*):
2534         (WebCore::SimpleLineLayout::begin):
2535         (WebCore::SimpleLineLayout::end):
2536         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
2537         * rendering/SimpleLineLayoutFlowContentsIterator.cpp:
2538         (WebCore::SimpleLineLayout::FlowContentsIterator::runWidth):
2539         * rendering/SimpleLineLayoutFlowContentsIterator.h:
2540         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::split):
2541
2542 2015-02-02  Geoffrey Garen  <ggaren@apple.com>
2543
2544         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
2545         https://bugs.webkit.org/show_bug.cgi?id=140900
2546
2547         Reviewed by Mark Hahnenberg.
2548
2549         Re-landing just the HandleBlock piece of this patch.
2550
2551         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
2552         (WebCore::MemoryPressureHandler::install):
2553
2554 2015-02-02  Brent Fulgham  <bfulgham@apple.com>
2555
2556         [Win] 64-bit build fix after r179492.
2557
2558         * WebCore.vcxproj/WebCore.vcxproj: Forgot to build these files
2559         as standalone under 64-bit target.
2560
2561 2015-02-02  Benjamin Poulain  <bpoulain@apple.com>
2562
2563         Clean up attribute handling: part 2 - attributeNode
2564         https://bugs.webkit.org/show_bug.cgi?id=141109
2565
2566         Reviewed by Andreas Kling.
2567
2568         Our implementation was covering some old legacy behaviors of Firefox,
2569         even copying bugs in some cases.
2570
2571         The spec (https://dom.spec.whatwg.org) now defines the behavior precisely,
2572         let's move a bit closer to that.
2573
2574         Tests: fast/dom/Element/attribute-ascii-case-insensitive-3.html
2575                fast/dom/Element/attribute-setAttributeNode-multiple-times.html
2576                fast/dom/Element/attribute-setAttributeNodeNS-multiple-times.html
2577                fast/dom/Element/mozilla-dom-base-tests/test_bug1075702.html
2578                fast/dom/Element/mozilla-dom-base-tests/test_bug339494.html
2579                fast/dom/Element/mozilla-dom-base-tests/test_bug364092.xhtml
2580                fast/dom/Element/setAttributeNode-overriding-lowercase-values.html
2581
2582         * dom/Element.cpp:
2583         (WebCore::findAttrNodeInList):
2584         New getter for the name-without-namespace case.
2585
2586         (WebCore::Element::setAttributeNode):
2587         This one is the tricky one: https://dom.spec.whatwg.org/#dom-element-setattributenode
2588
2589         When setAttributeNode() is used with an AttributeNode without namespace,
2590         getting the old value behaves like getAttribute(), with ASCII lowercase name matching.
2591         When used with a namespace, getting the old value behaves like getAttributeNS().
2592
2593         Setting the value is a whole different story, the name used always keeps
2594         the original case.
2595
2596         Now that's a bit tricky for us because AttributeNodes are just legacy stuff we don't
2597         used internally.
2598
2599         We have 4 cases to handle:
2600         1) The name being set is lowercase, there was no conflicting name on the element.
2601            That's easy, we just override any node that would exist, set the name otherwise.
2602         2) The name is lowercase but there was an existing attribute for it.
2603            -We create a new AttributeNode for the name to represent the old name.
2604            -We check the names are the same with attribute.name().matches(attrNode->qualifiedName())
2605             and override the value.
2606         3) The name has uppercase characters, there is no conflicting name.
2607            We would not find an element to remove, we just use setAttributeInternal() as usual
2608            to add the attribute;
2609         4) The name has uppercase characters, there is a lowercase conflicing name.
2610            This is the weird behavior: we need to nuke the old attribute, then add the new attribute
2611            with a different case.
2612
2613            First we remove the attribute with a lowercase name with removeAttributeInternal().
2614            That becomes the old node.
2615
2616            There might still be an element of the same name as what we are trying to add. We don't want
2617            to add another version of the same attribute. We need to use findAttributeIndexByName() again
2618            to find if there is a conflicting attribute. Then we call setAttributeInternal() which handle
2619            the both the cases where there was an element or not.
2620
2621         (WebCore::Element::setAttributeNodeNS):
2622         This should work like any "NS" method.
2623
2624         (WebCore::Element::removeAttributeNode):
2625         The method removeAttributeNode() is supposed to be exact.
2626
2627         (WebCore::Element::getAttributeNode):
2628         (WebCore::Element::hasAttribute):
2629         (WebCore::Element::attrIfExists):
2630         * dom/Element.h:
2631         * dom/ElementData.cpp:
2632         (WebCore::ElementData::findAttributeIndexByNameSlowCase): Deleted.
2633         (WebCore::ElementData::findAttributeIndexByNameForAttributeNode): Deleted.
2634         Kill the slow case, every caller has been updated now.
2635         * dom/ElementData.h:
2636         (WebCore::ElementData::findAttributeIndexByName):
2637         * dom/QualifiedName.h:
2638         (WebCore::QualifiedName::matchesIgnoringCaseForLocalName): Deleted.
2639
2640 2015-02-02  peavo@outlook.com  <peavo@outlook.com>
2641
2642         Memory is written to after deallocated, in GraphicsLayer::setMaskLayer.
2643         https://bugs.webkit.org/show_bug.cgi?id=141168
2644
2645         Reviewed by Brent Fulgham.
2646
2647         Visual Studio detected that a deallocated heap block had been modified in GraphicsLayer::setMaskLayer,
2648         when called from RenderLayerBacking::updateChildClippingStrategy.
2649
2650         * rendering/RenderLayerBacking.cpp:
2651         (WebCore::RenderLayerBacking::updateChildClippingStrategy):
2652
2653 2015-02-02  Andreas Kling  <akling@apple.com>
2654
2655         [Cocoa] Make decoded image data purgeable ASAP.
2656         <https://webkit.org/b/140298>
2657         <rdar://problem/19623377>
2658
2659         Reviewed by Antti Koivisto.
2660
2661         Re-landing this patch since it turned out to not be the cause of
2662         the memory regression we saw around that revision.
2663
2664         Mark decoded images as "transient" which makes CoreGraphics mark
2665         the backing stores as purgeable shortly after they're used.
2666
2667         The decoded representation will remain in CoreGraphics's caches
2668         indefinitely unless the kernel gets starved and needs the pages.
2669
2670         Most resources will now reach a state where the encoded data is
2671         mmap'ed from disk cache (once the entire resource is downloaded)
2672         and the decoded data is purgeable.
2673
2674         This also has the side effect of making the MemoryCache more
2675         palatial since the decoded data cost can be deducted for images,
2676         allowing us to cache more resources.
2677
2678         Note that the worst case for this new behavior would be something
2679         like hovering below 100% memory utilization and constantly having
2680         to drop and re-decode images. While churny, it still beats
2681         crashing the process, plus there's tiling to remove many of the
2682         reasons we'd need the decoded data.
2683
2684         * platform/graphics/cg/ImageSourceCG.cpp:
2685         (WebCore::ImageSource::createFrameAtIndex):
2686
2687 2015-02-02  Joseph Pecoraro  <pecoraro@apple.com>
2688
2689         Web Inspector: Support console.table
2690         https://bugs.webkit.org/show_bug.cgi?id=141058
2691
2692         Reviewed by Timothy Hatcher.
2693
2694         * inspector/CommandLineAPIModuleSource.js:
2695         Include "table(foo)" as an alias of "console.table(foo)" on
2696         the command line.
2697
2698 2015-02-02  Roger Fong  <roger_fong@apple.com>
2699
2700         [Win] Build fix following r179482.
2701
2702         * WebCore.vcxproj/WebCore.vcxproj:
2703         * WebCore.vcxproj/WebCore.vcxproj.filters:
2704         * bindings/js/JSBindingsAllInOne.cpp:
2705         * platform/graphics/GraphicsContext3D.h:
2706
2707 2015-02-02  Chris Dumez  <cdumez@apple.com>
2708
2709         Access MemoryCache singleton using MemoryCache::singleton()
2710         https://bugs.webkit.org/show_bug.cgi?id=141104
2711
2712         Reviewed by Andreas Kling.
2713
2714         Access MemoryCache singleton using MemoryCache::singleton() static
2715         member function, instead of a free function, as per the recent
2716         coding style discussion on WebKit-dev.
2717
2718 2015-02-02  Zalan Bujtas  <zalan@apple.com>
2719
2720         Ambiguous naming: Do not call replacedContentRect()'s return value paint rect.
2721         https://bugs.webkit.org/show_bug.cgi?id=141125
2722
2723         Reviewed by Simon Fraser.
2724
2725         It's the content box rect with the object-fit adjustment.
2726
2727         No change in functionality.
2728
2729         * rendering/RenderHTMLCanvas.cpp:
2730         (WebCore::RenderHTMLCanvas::paintReplaced):
2731         * rendering/RenderImage.cpp:
2732         (WebCore::RenderImage::updateInnerContentRect):
2733         (WebCore::RenderImage::paintReplaced):
2734         * rendering/RenderReplaced.cpp:
2735         (WebCore::RenderReplaced::replacedContentRect):
2736         * rendering/SimpleLineLayout.cpp:
2737         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
2738
2739 2015-02-02  Brent Fulgham  <bfulgham@apple.com>
2740
2741         [Win] Build fix after r179476.
2742         https://bugs.webkit.org/show_bug.cgi?id=141026
2743
2744         Reviewed by Anders Carlsson.
2745
2746         MSVC has a compiler bug that forces us to make some explicit statements about how
2747         the passed pointer values are handled.
2748
2749         * css/CSSParser.cpp:
2750         (WebCore::CSSParser::SourceSize::SourceSize):
2751         (WebCore::CSSParser::sourceSize):
2752         * css/CSSParser.h:
2753
2754 2015-02-02  Benjamin Poulain  <benjamin@webkit.org>
2755
2756         Get rid of invalidSelectorVector, use Bison's error recovery instead
2757         https://bugs.webkit.org/show_bug.cgi?id=141147
2758
2759         Reviewed by Darin Adler.
2760
2761         * css/CSSGrammar.y.in:
2762         Instead of reducing a null selector, we can use a real parsing error
2763         to get out of invalid selector endings.
2764
2765         When that happens, Bison will pop the stack until it can reduce any
2766         valid error recovery rules.
2767
2768         The problem is to make sure there is no floating values because
2769         none of the reduce block between the error and the recovery would
2770         be executed.
2771
2772         In this case, "nth_selector_ending" is a non-recursive production of
2773         the NTHCHILDFUNCTIONS. In turn, NTHCHILDFUNCTIONS are productions
2774         of the non-recursive "pseudo". "pseudo" is only used as a trivial
2775         production of "specifier". "specifier" is only used by "specifier_list".
2776
2777         "specifier_list" has error recovery code -> no production could have
2778         generated a floating values between "specifier_list" and "nth_selector_ending".
2779
2780 2015-01-30  Roger Fong  <roger_fong@apple.com>
2781
2782         WebGL2: Implement spec section 3.7.1 Setting and getting state (Part 1).
2783         https://bugs.webkit.org/show_bug.cgi?id=141096
2784         <rdar://problem/15002469>
2785
2786         Reviewed by Brent Fulgham.
2787
2788         This patch implements the WebGL2 versions of getParameter, getIndexedParameter and isEnabled.
2789         It also removes the WebGL1 implementations from WebGLRenderingContextBase and moves it to WebGLRenderingContext.
2790         I’ve stubbed out most of the parameters for now, some of which will be implemented in Part 2, 
2791         and the rest as the our WebGL2 implementation progresses.        
2792
2793         * bindings/js/JSWebGL2RenderingContextCustom.cpp:
2794         (WebCore::toJS):
2795         (WebCore::JSWebGL2RenderingContext::getIndexedParameter):
2796         * html/canvas/WebGL2RenderingContext.cpp:
2797         (WebCore::WebGL2RenderingContext::getIndexedParameter):
2798         (WebCore::WebGL2RenderingContext::getParameter):
2799         (WebCore::WebGL2RenderingContext::validateCapability):
2800         * html/canvas/WebGL2RenderingContext.h:
2801         * html/canvas/WebGL2RenderingContext.idl:
2802         * html/canvas/WebGLRenderingContext.cpp:
2803         (WebCore::WebGLRenderingContext::getParameter):
2804         (WebCore::WebGLRenderingContext::validateCapability):
2805         * html/canvas/WebGLRenderingContext.h:
2806         * html/canvas/WebGLRenderingContextBase.cpp:
2807         (WebCore::WebGLRenderingContextBase::getParameter): Deleted.
2808         (WebCore::WebGLRenderingContextBase::validateCapability): Deleted.
2809         * html/canvas/WebGLRenderingContextBase.h:
2810         * html/canvas/WebGLRenderingContextBase.idl:
2811         * platform/graphics/GraphicsContext3D.h:
2812
2813 2015-02-02  Daniel Bates  <dabates@apple.com>
2814
2815         [iOS] ASSERTION FAILED: m_scriptExecutionContext->isContextThread() in ContextDestructionObserver::observeContext
2816         https://bugs.webkit.org/show_bug.cgi?id=141057
2817         <rdar://problem/19068790>
2818
2819         Reviewed by Alexey Proskuryakov.
2820
2821         Fixes an issue where we would create-/delete- the RSA crypto keys and dispatch callbacks on the wrong
2822         thread in WebKit1 for iOS. In iOS WebKit1 we should perform such operations on thread WebThread.
2823
2824         This change is covered by existing layout tests.
2825
2826         * crypto/mac/CryptoKeyRSAMac.cpp:
2827         (WebCore::CryptoKeyRSA::generatePair):
2828
2829 2015-02-02  Jeremy Jones  <jeremyj@apple.com>
2830
2831         Prevent crash when accessing WebAVPlayerController.delegate.
2832         https://bugs.webkit.org/show_bug.cgi?id=140893
2833
2834         Reviewed by Darin Adler.
2835
2836         This patch aims to prevent a null delegate access during invalidation by adding null checks before accessing the delegate, by making explicit the recreation of m_playerController, and by consolidating and correcting the teardown sequence.
2837
2838         * WebCore.exp.in:
2839         * platform/ios/WebVideoFullscreenInterface.h: add resetMediaState()
2840         * platform/ios/WebVideoFullscreenInterfaceAVKit.h: ditto.
2841         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2842         (-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Check for null before accessing delegate.
2843         (-[WebAVPlayerController play:]): ditto.
2844         (-[WebAVPlayerController pause:]): ditto.
2845         (-[WebAVPlayerController togglePlayback:]): ditto.
2846         (-[WebAVPlayerController setPlaying:]): ditto.
2847         (-[WebAVPlayerController beginScrubbing:]): ditto.
2848         (-[WebAVPlayerController endScrubbing:]): ditto.
2849         (-[WebAVPlayerController seekToTime:]): ditto.
2850         (-[WebAVPlayerController beginScanningForward:]): ditto.
2851         (-[WebAVPlayerController endScanningForward:]): ditto.
2852         (-[WebAVPlayerController beginScanningBackward:]): ditto.
2853         (-[WebAVPlayerController endScanningBackward:]): ditto.
2854         (-[WebAVPlayerController seekToBeginning:]): ditto.
2855         (-[WebAVPlayerController seekToEnd:]): ditto.
2856         (-[WebAVPlayerController setCurrentAudioMediaSelectionOption:]): ditto.
2857         (-[WebAVPlayerController setCurrentLegibleMediaSelectionOption:]): ditto.
2858         (-[WebAVPlayerController layoutSublayersOfLayer:]): ditto.
2859         (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit): initialize m_playerController
2860         (WebVideoFullscreenInterfaceAVKit::resetMediaState): Added.
2861         (WebVideoFullscreenInterfaceAVKit::setDuration): remove playerController()
2862         (WebVideoFullscreenInterfaceAVKit::setCurrentTime): ditto.
2863         (WebVideoFullscreenInterfaceAVKit::setRate): ditto.
2864         (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): ditto.
2865         (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): ditto.
2866         (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse): ditto.
2867         (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): ditto.
2868         (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): ditto.
2869         (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): ditto.
2870         (WebVideoFullscreenInterfaceAVKit::setupFullscreenInternal): ditto.
2871         (WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): ditto.
2872         (WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal): consolidated cleanup code from invalidate()
2873         (WebVideoFullscreenInterfaceAVKit::invalidate): consolidate cleanup code.
2874         (WebVideoFullscreenInterfaceAVKit::playerController): Deleted.
2875         * platform/ios/WebVideoFullscreenModelVideoElement.mm:
2876         (WebVideoFullscreenModelVideoElement::setVideoElement): call resetMediaState()
2877
2878 2015-02-02  Darin Adler  <darin@apple.com>
2879
2880         REGRESSION (r170576): Storage leaks in parsing of CSS image sizes
2881         https://bugs.webkit.org/show_bug.cgi?id=141026
2882
2883         Reviewed by Anders Carlsson.
2884
2885         * css/CSSGrammar.y.in: Fixed all the shift/reduce conflicts caused
2886         by the ENABLE_PICTURE_SIZES code by removing all the redundant
2887         maybe_space which caused them. Rearranged the productions for
2888         ENABLE_PICTURE_SIZES to tighten up the code quite a bit. Changed
2889         the code to build up the source size vector as a Vector instead of
2890         a special class, and use the SourceSize struct from inside the
2891         CSSParser class.'
2892
2893         * css/CSSParser.cpp:
2894         (WebCore::CSSParser::setupParser): Changed this to take a StringView.
2895         In the future we can change all the parsing functions to take StringView,
2896         since they don't work with the String in place.
2897         (WebCore::CSSParser::parseSizesAttribute): Changed to return a vector
2898         of SourceSize instead of a SourceSizeList. This is better because it's
2899         a real CSS data structure that does not contain a CSSParserValue.
2900         (WebCore::CSSParser::sourceSize): Added. Helper that creates a
2901         SourceSize, mapping parser data structures into real CSS ones.
2902
2903         * css/CSSParser.h: Updated for changes above.
2904
2905         * css/MediaQuery.cpp:
2906         (WebCore::MediaQuery::MediaQuery): Use std::make_unique and the copy
2907         constructor directly instead of using a MediaQuery::copy function.
2908
2909         * css/MediaQueryExp.cpp: Streamlined the class a little bit.
2910         * css/MediaQueryExp.h: Removed unneeded includes. Moved functions out
2911         of the class body so the class is easier to read. Removed the unneeded
2912         copy function.
2913
2914         * css/SourceSizeList.cpp:
2915         (WebCore::SourceSize::match): Changed to use WTF::move instead
2916         of releasing and then re-creating the unique_ptr.
2917         (WebCore::computeLength): Added a comment to explain this function
2918         is using an incorrect strategy. Also added some type checking code
2919         to handle cases where a null or non-primitive CSS value might be
2920         returned. Probably dead code, but we don't want to risk a bad cast.
2921         Worthe cleaning up when we fix the strategy.
2922         (WebCore::SourceSizeList::getEffectiveSize): Updated since the
2923         vector now contains actual SourceSize objects rather than pointers
2924         to SourceSize objects on the heap.
2925
2926         * css/SourceSizeList.h: Changed the CSSParserValue argument to be
2927         an rvalue reference to make it clearer that we take ownership of it
2928         when it's moved in. Added a move constructor and a destructor. Added
2929         comments explaining that it's not correct design to use a
2930         CSSParserValue here, outside the parser. Changed SourceSizeList's
2931         append function to move a SourceSize in rather than a unique_ptr.
2932         Made getEffectiveSize private. Moved the various inline functions to
2933         the bottom of the file to make the class definitions easier to read.
2934
2935
2936         * css/SourceSizeList.cpp: Made almost everything about this private
2937         to this source file instead of public in the header.
2938         (WebCore::match): Made this a free function instead of a member function
2939         and made it take the media query expression as an argument.
2940         (WebCore::computeLength): Changed the argument type to CSSValue*,
2941         rather than using CSSParserValue here outside the parser.
2942         (WebCore::parseSizesAttribute): Streamlined and simplified this.
2943         Now that the parser builds the list in the correct order, there was
2944         no need to iterate backwards any more so we could use a modern for
2945         loop.
2946
2947         * css/SourceSizeList.h: Removed almost everything in this header.
2948
2949         * html/HTMLImageElement.cpp:
2950         (WebCore::HTMLImageElement::parseAttribute): Call the
2951         parseSizesAttribute function as free function since it's no longer
2952         a member of a SourceSizeList class.
2953
2954         * html/parser/HTMLPreloadScanner.cpp:
2955         (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
2956         Ditto.
2957
2958 2015-02-02  Darin Adler  <darin@apple.com>
2959
2960         Fix some leaks found by the leak bot
2961         https://bugs.webkit.org/show_bug.cgi?id=141149
2962
2963         Reviewed by Alexey Proskuryakov.
2964
2965         * bindings/js/JSSubtleCryptoCustom.cpp:
2966         (WebCore::importKey): Changed argument types to std::unique_ptr for better code clarity.
2967         (WebCore::JSSubtleCrypto::importKey): Use WTF::move instead of release.
2968         (WebCore::JSSubtleCrypto::wrapKey): Fixed leaks by adding missing delete calls to the
2969         case where we get a DOM exception.
2970         (WebCore::JSSubtleCrypto::unwrapKey): Ditto.
2971
2972         * dom/SelectorQuery.cpp:
2973         (WebCore::SelectorQuery::SelectorQuery): Use WTF::move here. Not clear how this could
2974         have caused the storage leak, but it does seem obviously missing. The leak is pretty big,
2975         implying that we leak almost all CSSSelectorList objects we parse; not sure this fixes it.
2976
2977         * loader/WorkerThreadableLoader.cpp:
2978         (WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveResponse): Added code to
2979         deleted the unguarded pointer if postTaskForModeToWorkerGlobalScope fails.
2980         (WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveData): Ditto.
2981         (WebCore::WorkerThreadableLoader::MainThreadBridge::didFail): Ditto.
2982         (WebCore::WorkerThreadableLoader::MainThreadBridge::didFailAccessControlCheck): Ditto.
2983
2984         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
2985         (WebCore::MediaSelectionGroupAVFObjC::updateOptions): Added missing adoptNS.
2986
2987         * platform/graphics/mac/GraphicsContextMac.mm:
2988         (WebCore::GraphicsContext::updateDocumentMarkerResources): Added missing release.
2989
2990 2015-02-01  Chris Dumez  <cdumez@apple.com>
2991
2992         Use more references in HistoryItem
2993         https://bugs.webkit.org/show_bug.cgi?id=141133
2994
2995         Reviewed by Andreas Kling.
2996
2997         Use more references in HistoryItem instead of pointers.
2998
2999 2015-02-01  Commit Queue  <commit-queue@webkit.org>
3000
3001         Unreviewed, rolling out r179467 and r179470.
3002         https://bugs.webkit.org/show_bug.cgi?id=141144
3003
3004         Broke svg/custom/use-events-crash.svg (Requested by ap on
3005         #webkit).
3006
3007         Reverted changesets:
3008
3009         "Stop dispatching events with SVGElementInstance objects as
3010         their targets"
3011         https://bugs.webkit.org/show_bug.cgi?id=141108
3012         http://trac.webkit.org/changeset/179467
3013
3014         "REGRESSION(r179467): svg/custom/use-events-crash.svg times
3015         out"
3016         http://trac.webkit.org/changeset/179470
3017
3018 2015-01-31  Darin Adler  <darin@apple.com>
3019
3020         Stop dispatching events to with SVGElementInstance objects as their targets
3021         https://bugs.webkit.org/show_bug.cgi?id=141108
3022
3023         Reviewed by Anders Carlsson.
3024
3025         Test: svg/custom/use-event-retargeting.html
3026
3027         * dom/EventDispatcher.cpp:
3028         (WebCore::eventTargetRespectingTargetRules): Replaced the code that retargeted
3029         events at SVGElementInstance objects with code that retargets them at the use
3030         element instead. Also wrote the code in a simpler way.
3031
3032 2015-02-01  Zan Dobersek  <zdobersek@igalia.com>
3033
3034         [TexMap] Optimize TextureMapperLayer::removeAllChildren()
3035         https://bugs.webkit.org/show_bug.cgi?id=140734
3036
3037         Reviewed by Chris Dumez.
3038
3039         Instead of removing the children from the Vector member one by one,
3040         move the Vector out and iterate through the ex-children, clearing
3041         out the pointer to the parent.
3042
3043         * platform/graphics/texmap/TextureMapperLayer.cpp:
3044         (WebCore::TextureMapperLayer::removeAllChildren):
3045
3046 2015-02-01  Zan Dobersek  <zdobersek@igalia.com>
3047
3048         [TexMap] Avoid unnecessary TransformationMatrix copies in GraphicsLayerTransform
3049         https://bugs.webkit.org/show_bug.cgi?id=140735
3050
3051         Reviewed by Chris Dumez.
3052
3053         * platform/graphics/GraphicsLayerTransform.cpp:
3054         (WebCore::GraphicsLayerTransform::combined): Return a const reference to the matrix.
3055         (WebCore::GraphicsLayerTransform::combinedForChildren): Ditto.
3056         (WebCore::GraphicsLayerTransform::combineTransforms): First copy the parent transform,
3057         then apply the translation and multiplication. Previously this copied the parent
3058         transform into a temporary object, performed the translation and multiplication, and
3059         copied that temporary object again when assigning to the member variable.
3060         (WebCore::GraphicsLayerTransform::combineTransformsForChildren): Mark const. m_childrenDirty
3061         and m_combinedForChildren members are marked mutable.
3062         * platform/graphics/GraphicsLayerTransform.h:
3063
3064 2015-01-31  Myles C. Maxfield  <litherum@gmail.com>
3065
3066         REGRESSION (r177689): Emoji variation sequences rendered incorrectly (as characters from other non-emoji font)
3067         https://bugs.webkit.org/show_bug.cgi?id=141112
3068
3069         Reviewed by Sam Weinig.
3070
3071         Typo in r177689.
3072
3073         Test: platform/mac/fast/text/combining-mark-paint.html
3074
3075         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3076         (WebCore::ComplexTextController::collectComplexTextRunsForCharacters):
3077
3078 2015-01-31  Commit Queue  <commit-queue@webkit.org>
3079
3080         Unreviewed, rolling out r178183.
3081         https://bugs.webkit.org/show_bug.cgi?id=141132
3082
3083         Caused more mallocing than the volatility saved. (Requested by
3084         kling on #webkit).
3085
3086         Reverted changeset:
3087
3088         "[Cocoa] Make decoded image data purgeable ASAP."
3089         https://bugs.webkit.org/show_bug.cgi?id=140298
3090         http://trac.webkit.org/changeset/178183
3091
3092 2015-01-31  Chris Dumez  <cdumez@apple.com>
3093
3094         Use simpler CachedResourceMap structure in MemoryCache with CACHE_PARTITIONING enabled
3095         https://bugs.webkit.org/show_bug.cgi?id=141110
3096
3097         Reviewed by Antti Koivisto.
3098
3099         Use simpler CachedResourceMap structure in MemoryCache with CACHE_PARTITIONING
3100         enabled. Previously, we would be using a HashMap of HashMap to store
3101         CachedResources. The outer HashMap would use the URL as key and the inner
3102         HashMap would use the partition name as key. This would make traversing the
3103         structure overly complicated, especially considering that the code needs to
3104         traverse a simple HashMap if CACHE_PARTITIONING is disabled.
3105
3106         This patch updates the CachedResourceMap structure to be a simple HashMap,
3107         whose key is an std::pair<URL, String /* partitionName */>. Having a flat
3108         structure simplifies the traversal code a lot and enables more code sharing
3109         between CACHE_PARTITIONING and !CACHE_PARTITIONING. This shouldn't regress
3110         performance because we always have both a URL and a partition name when we
3111         need to look up a resource. We never need to retrieve all resources with
3112         a particular URL.
3113
3114         This patch also switches to using a URL as key instead of a String as we
3115         always have a URL has input.
3116
3117         * loader/cache/MemoryCache.cpp:
3118         (WebCore::MemoryCache::add):
3119         (WebCore::MemoryCache::revalidationSucceeded):
3120         (WebCore::MemoryCache::resourceForRequestImpl):
3121         (WebCore::MemoryCache::removeImageFromCache):
3122         (WebCore::MemoryCache::remove):
3123         After removing the resource from the CachedResourceMap, remove the
3124         sessionID from m_sessionResources if the CachedResourceMap is now
3125         empty. Previously, no code was removing sessionIDs from
3126         m_sessionResources.
3127
3128         (WebCore::MemoryCache::removeResourcesWithOrigin):
3129         (WebCore::MemoryCache::getOriginsWithCache):
3130         (WebCore::MemoryCache::getStatistics):
3131         (WebCore::MemoryCache::setDisabled):
3132         * loader/cache/MemoryCache.h:
3133
3134 2015-01-31  Sam Weinig  <sam@webkit.org>
3135
3136         Merge the iOS implementations of GraphicsContext::drawText and GraphicsContext::drawBidiText with the platform independent ones
3137         https://bugs.webkit.org/show_bug.cgi?id=141131
3138
3139         Reviewed by Antti Koivisto.
3140
3141         * platform/graphics/GraphicsContext.cpp:
3142         (WebCore::GraphicsContext::drawText):
3143         The only difference between the two implementation here was the iOS one returns the length of
3144         the text that was drawn. As all platforms now support that, we can merge by keeping the iOS one.
3145
3146         (WebCore::GraphicsContext::drawBidiText):
3147         This function had a few differences:
3148             - iOS returns the length of the text that was drawn.
3149                 Since this is not used anywhere, I dropped this ability.
3150             - iOS took additional inputs of initial bidi status and run length (and returned the
3151               the final bidi status as an out parameter)
3152                 Since this was also unused, I dropped it.
3153             - iOS used the fact that font.drawText() returns the length that was drawn, to avoid
3154               measuring the text twice.
3155                 I kept this, since all platforms now support this.
3156
3157         * platform/graphics/GraphicsContext.h:
3158         Update signatures. Remove WEBCORE_EXPORT for function that is not used outside of WebCore.
3159
3160 2015-01-31  Andreas Kling  <akling@apple.com>
3161
3162         Shrink RenderBlock.
3163         <https://webkit.org/b/141129>
3164
3165         Reviewed by Antti Koivisto.
3166
3167         Get rid of the bitfield in RenderBlock by moving the essential bits to
3168         RenderElement (plenty of space in the bitfield there.)
3169
3170         RenderBlock also had a cache of its line-height, but it doesn't appear
3171         to help any of the benchmarks that we're tracking so I'd say it's okay
3172         to lose this optimization.
3173
3174         This knocks 8 bytes off of RenderBlock (and all of its subclasses.)
3175
3176         * rendering/RenderBlock.cpp:
3177         (WebCore::RenderBlock::RenderBlock):
3178         (WebCore::RenderBlock::styleDidChange):
3179         (WebCore::RenderBlock::recomputeLogicalWidth):
3180         (WebCore::RenderBlock::lineHeight):
3181         * rendering/RenderBlock.h:
3182         (WebCore::RenderBlock::setHasMarginBeforeQuirk):
3183         (WebCore::RenderBlock::setHasMarginAfterQuirk):
3184         (WebCore::RenderBlock::setHasBorderOrPaddingLogicalWidthChanged):
3185         (WebCore::RenderBlock::hasMarginBeforeQuirk):
3186         (WebCore::RenderBlock::hasMarginAfterQuirk):
3187         (WebCore::RenderBlock::hasBorderOrPaddingLogicalWidthChanged):
3188         * rendering/RenderBlockFlow.cpp:
3189         (WebCore::RenderBlockFlow::layoutInlineChildren):
3190         (WebCore::RenderBlockFlow::invalidateLineLayoutPath):
3191         (WebCore::RenderBlockFlow::deleteLineBoxesBeforeSimpleLineLayout):
3192         (WebCore::RenderBlockFlow::ensureLineBoxes):
3193         * rendering/RenderBlockFlow.h:
3194         (WebCore::RenderBlockFlow::lineLayoutPath):
3195         (WebCore::RenderBlockFlow::setLineLayoutPath):
3196         (WebCore::RenderBlockFlow::setHasMarkupTruncation):
3197         (WebCore::RenderBlockFlow::hasMarkupTruncation):
3198         (WebCore::RenderBlockFlow::simpleLineLayout):
3199         * rendering/RenderElement.cpp:
3200         (WebCore::RenderElement::RenderElement):
3201         * rendering/RenderElement.h:
3202         (WebCore::RenderElement::setRenderBlockHasMarginBeforeQuirk):
3203         (WebCore::RenderElement::setRenderBlockHasMarginAfterQuirk):
3204         (WebCore::RenderElement::setRenderBlockHasBorderOrPaddingLogicalWidthChanged):
3205         (WebCore::RenderElement::renderBlockHasMarginBeforeQuirk):
3206         (WebCore::RenderElement::renderBlockHasMarginAfterQuirk):
3207         (WebCore::RenderElement::renderBlockHasBorderOrPaddingLogicalWidthChanged):
3208         (WebCore::RenderElement::setRenderBlockFlowLineLayoutPath):
3209         (WebCore::RenderElement::setRenderBlockFlowHasMarkupTruncation):
3210         (WebCore::RenderElement::renderBlockFlowLineLayoutPath):
3211         (WebCore::RenderElement::renderBlockFlowHasMarkupTruncation):
3212         * rendering/RenderFlowThread.cpp:
3213         (WebCore::RenderFlowThread::removeLineRegionInfo):
3214
3215 2015-01-31  Chris Dumez  <cdumez@apple.com>
3216
3217         Remove useless PageCache::singleton() call from PageCache member function
3218         https://bugs.webkit.org/show_bug.cgi?id=141127
3219
3220         Reviewed by Andreas Kling.
3221
3222         * history/PageCache.cpp:
3223         (WebCore::PageCache::get):
3224
3225 2015-01-31  Sam Weinig  <sam@webkit.org>
3226
3227         Remove empty #if/#endif
3228
3229         Rubber-stamped by Antti Koivisto.
3230
3231         * platform/graphics/FontPlatformData.h:
3232
3233 2015-01-31  Sam Weinig  <sam@webkit.org>
3234
3235         Remove support for disabling drawing of emoji
3236         https://bugs.webkit.org/show_bug.cgi?id=141126
3237
3238         Reviewed by Antti Koivisto.
3239
3240         Remove unused support for disabling the drawing of emoji.
3241
3242         * WebCore.exp.in:
3243         * platform/graphics/GraphicsContext.cpp:
3244         (WebCore::GraphicsContext::emojiDrawingEnabled): Deleted.
3245         (WebCore::GraphicsContext::setEmojiDrawingEnabled): Deleted.
3246         * platform/graphics/GraphicsContext.h:
3247         (WebCore::GraphicsContextState::GraphicsContextState):
3248         * platform/graphics/cocoa/FontCascadeCocoa.mm:
3249         (WebCore::FontCascade::drawGlyphs):
3250
3251 2015-01-31  Sam Weinig  <sam@webkit.org>
3252
3253         Remove even more Mountain Lion support
3254         https://bugs.webkit.org/show_bug.cgi?id=141124
3255
3256         Reviewed by Alexey Proskuryakov.
3257
3258         * Configurations/Base.xcconfig:
3259         * Configurations/DebugRelease.xcconfig:
3260         * Configurations/FeatureDefines.xcconfig:
3261         * Configurations/Version.xcconfig:
3262         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3263         (-[WebAccessibilityObjectWrapper accessibilityActionNames]):
3264         (-[WebAccessibilityObjectWrapper subrole]):
3265         * platform/graphics/ca/mac/PlatformCALayerMac.mm:
3266         (PlatformCALayer::drawLayerContents):
3267         * platform/mac/ThemeMac.mm:
3268         (-[WebCoreThemeView _focusRingVisibleRect]):
3269
3270 2015-01-30  Sam Weinig  <sam@webkit.org>
3271
3272         Merge SimpleFontDataIOS.mm and SimpleFontDataMac.mm into FontCocoa.mm
3273         https://bugs.webkit.org/show_bug.cgi?id=141101
3274
3275         Rubber-stamped by Dan Bernstein.
3276
3277         * WebCore.xcodeproj/project.pbxproj:
3278         Remove SimpleFontDataIOS.mm and SimpleFontDataMac.mm. Add FontCocoa.mm.
3279
3280         * platform/graphics/Font.h:
3281         Remove a few CG only functions from the header that can be implemented as static functions
3282         in the implementation file.
3283
3284         * platform/graphics/cocoa/FontCocoa.mm: Copied from Source/WebCore/platform/graphics/mac/SimpleFontDataMac.mm.
3285         (WebCore::fontFamilyShouldNotBeUsedForArabic):
3286         (WebCore::Font::platformInit):
3287         (WebCore::Font::platformCharWidthInit):
3288         (WebCore::Font::platformCreateScaledFont):
3289         (WebCore::Font::determinePitch):
3290         (WebCore::renderingStyle):
3291         (WebCore::advanceForColorBitmapFont):
3292         (WebCore::hasCustomTracking):
3293         (WebCore::canUseFastGlyphAdvanceGetter):
3294         (WebCore::Font::platformWidthForGlyph):
3295         (WebCore::Font::compositeFontReferenceFont):
3296         (WebCore::copyFontTableForTag): Deleted.
3297         (WebCore::Font::renderingStyle): Deleted.
3298         Merge in the iOS specific parts.
3299
3300         * platform/graphics/ios/SimpleFontDataIOS.mm: Removed.
3301         * platform/graphics/mac/SimpleFontDataMac.mm: Removed.
3302
3303 2015-01-31  Zalan Bujtas  <zalan@apple.com>
3304
3305         Regression(r179438) Simple line layout: ASSERTION at SimpleLineLayout::FlowContentsIterator::runWidth().
3306         https://bugs.webkit.org/show_bug.cgi?id=141121
3307
3308         Reviewed by Antti Koivisto.
3309
3310         When a breakable text fragment does not fit the current line, we split it.
3311         The first part stays on the current line, while the second part gets pushed to the next line.
3312         In certain cases, the first part could end up being empty.
3313         This patch ensures that we don't measure empty fragments.
3314
3315         Covered by existing tests.
3316
3317         * rendering/SimpleLineLayout.cpp:
3318         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
3319
3320 2015-01-31  Commit Queue  <commit-queue@webkit.org>
3321
3322         Unreviewed, rolling out r179426.
3323         https://bugs.webkit.org/show_bug.cgi?id=141119
3324
3325         "caused a memory use regression" (Requested by Guest45 on
3326         #webkit).
3327
3328         Reverted changeset:
3329
3330         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
3331         pages"
3332         https://bugs.webkit.org/show_bug.cgi?id=140900
3333         http://trac.webkit.org/changeset/179426
3334
3335 2015-01-30  Zalan Bujtas  <zalan@apple.com>
3336
3337         Simple line layout: Improve FlowContentsIterator::TextFragment's encapsulation.
3338         https://bugs.webkit.org/show_bug.cgi?id=141090
3339
3340         Reviewed by Andreas Kling.
3341
3342         Make members private to avoid accidental change in TextFragment.
3343
3344         No change in functionality.
3345
3346         * rendering/SimpleLineLayout.cpp:
3347         (WebCore::SimpleLineLayout::LineState::addFragment):
3348         (WebCore::SimpleLineLayout::LineState::addWhitespace):
3349         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
3350         (WebCore::SimpleLineLayout::firstFragment):
3351         (WebCore::SimpleLineLayout::createLineRuns):
3352         * rendering/SimpleLineLayoutFlowContentsIterator.cpp:
3353         (WebCore::SimpleLineLayout::FlowContentsIterator::nextTextFragment):
3354         * rendering/SimpleLineLayoutFlowContentsIterator.h:
3355         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::TextFragment):
3356         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::start):
3357         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::end):
3358         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::width):
3359         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::type):
3360         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::isCollapsed):
3361         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::isBreakable):
3362         (WebCore::SimpleLineLayout::FlowContentsIterator::TextFragment::isEmpty):
3363
3364 2015-01-30  Zalan Bujtas  <zalan@apple.com>
3365
3366         Simple line layout: Make LineState fragment handling simpler.
3367         https://bugs.webkit.org/show_bug.cgi?id=141100
3368
3369         Reviewed by Andreas Kling.
3370
3371         New fragments are appeneded to the Run's last entry
3372         instead of accumulating them until after a new run is required. 
3373         (whitespace collapse or line end)
3374         LineState::appendFragment manages whitespace collapsing now.
3375         This makes createLineRuns() logic lighter and no need to "flush"
3376         the LineState when the line ends.
3377
3378         No change in functionality.
3379
3380         * rendering/SimpleLineLayout.cpp: Make LineState members private and introduce getters.
3381         (WebCore::SimpleLineLayout::LineState::setAvailableWidth):
3382         (WebCore::SimpleLineLayout::LineState::setLogicalLeftOffset):
3383         (WebCore::SimpleLineLayout::LineState::setOverflowedFragment):
3384         (WebCore::SimpleLineLayout::LineState::availableWidth):
3385         (WebCore::SimpleLineLayout::LineState::logicalLeftOffset):
3386         (WebCore::SimpleLineLayout::LineState::overflowedFragment):
3387         (WebCore::SimpleLineLayout::LineState::hasTrailingWhitespace):
3388         (WebCore::SimpleLineLayout::LineState::isWhitespaceOnly):
3389         (WebCore::SimpleLineLayout::LineState::fits):
3390         (WebCore::SimpleLineLayout::LineState::firstCharacterFits):
3391         (WebCore::SimpleLineLayout::LineState::width):
3392         (WebCore::SimpleLineLayout::LineState::appendFragment): Append each fragment to the Run 
3393         by either creating a new run or expanding the last one.
3394         (WebCore::SimpleLineLayout::LineState::removeTrailingWhitespace): Remove trailing whitespace from
3395         the Run's and reset the trailing whitespace variables.
3396         (WebCore::SimpleLineLayout::removeTrailingWhitespace):
3397         (WebCore::SimpleLineLayout::updateLineConstrains):
3398         (WebCore::SimpleLineLayout::firstFragment):
3399         (WebCore::SimpleLineLayout::createLineRuns):
3400         (WebCore::SimpleLineLayout::closeLineEndingAndAdjustRuns):
3401         (WebCore::SimpleLineLayout::createTextRuns):
3402         (WebCore::SimpleLineLayout::LineState::createRun): Deleted.