[WebKit-https.git] / Source / WebCore / ChangeLog

2012-08-05  Kentaro Hara  <haraken@chromium.org>

        [V8] Move V8Proxy methods that set DOM attributes/callbacks to V8Binding
        https://bugs.webkit.org/show_bug.cgi?id=93103

        Reviewed by Adam Barth.

        To remove V8Proxy, we can move V8Proxy methods that set DOM
        attributes/callbacks to V8Binding.

        No tests. No change in behavior.

        * bindings/v8/V8Binding.cpp:
        (WebCore::batchConfigureAttributes):
        (WebCore):
        (WebCore::batchConfigureCallbacks):
        (WebCore::batchConfigureConstants):
        * bindings/v8/V8Binding.h:
        (BatchedAttribute):
        (WebCore):
        (WebCore::configureAttribute):
        (BatchedConstant):
        (BatchedCallback):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (WebCore):

2012-08-05  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove V8Proxy::registerExtensionWithV8()
        https://bugs.webkit.org/show_bug.cgi?id=93115

        Reviewed by Adam Barth.

        V8Proxy::registerExtensionWithV8() is used by V8Proxy::registerExtension()
        only. We can remove the redundant method.

        In a follow-up patch, I will implement V8Proxy::registerExtentionIfNeeded()
        and remove registerExtensionWithV8() and registerExtension().

        No tests. No change in behavior.

        * bindings/v8/V8Proxy.cpp:
        (WebCore::staticExtensionsList): Just moved to near related methods.
        (WebCore):
        (WebCore::V8Proxy::extensions):
        (WebCore::V8Proxy::registerExtension):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-05  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove unused enum and typedefs in V8Proxy
        https://bugs.webkit.org/show_bug.cgi?id=93105

        Reviewed by Adam Barth.

        In preparation for removing V8Proxy, we can remove unused enum
        and typedefs in V8Proxy.

        No tests. No change in behavior.

        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (WebCore::throwError):

2012-08-04  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/11875795> REGRESSION (tiled drawing): Page’s scroll bars flash with each character you type in a textarea (affects Wikipedia and YouTube)
        https://bugs.webkit.org/show_bug.cgi?id=91348

        Reviewed by Andy Estes.

        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollPositionChanged): Changed to call notifyContentAreaScrolled()
        only if the scroll position after the change differs from what it was before the change.
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::scrollPosition): Added an override of this ScrollableArea function.
        * rendering/RenderListBox.h:

2012-08-04  Ami Fischman  <fischman@chromium.org>

        HTMLMediaElement may fire the seeked event before currentTime reaches the seek time
        https://bugs.webkit.org/show_bug.cgi?id=92881

        Reviewed by Eric Carlson.

        Testing provided by media/video-seek-past-end-paused.html, hopefully demonstrating lack of redness on all ports/bots this time.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): don't finishSeek() until the media player is no longer seeking.

2012-08-04  Dan Bernstein  <mitz@apple.com>

        Tried to fix the Qt Windows build after r124654.

        * platform/graphics/SimpleFontData.cpp:
        (WebCore::SimpleFontData::glyphForCharacter): Enclosed this function in
        #if !(PLATFORM(QT) && !HAVE(QRAWFONT)).

2012-08-04  Mike West  <mkwst@chromium.org>

        Refactor SubframeLoader::requestPlugin/loadPlugin for clarity.
        https://bugs.webkit.org/show_bug.cgi?id=93138

        Reviewed by Adam Barth.

        SubframeLoader::requestPlugin and SubframeLoader::loadPlugin both do a
        variety of checks to determine whether or not a specific resource ought
        to instantiate a plugin in a specific context. r124636[1] moved one of
        those checks, but there doesn't seem to be a clear way to determine
        which checks should be performed where.

        This patch refactors the checks out of those two methods for clarity,
        moving them all into a new method: SubframeLoader::pluginIsLoadable.
        That method requires the resource URL and MIME type, as well as the
        `object` or `embed` element that owns this bit of rendering. The URL
        and type are used directly to determine availability, while the element
        is currently used only to create a renderer on which
        setPluginUnavailabilityReason can be called if the plugin is blocked by
        Content Security Policy.

        This patch introduces no new tests, as it shouldn't change the code's
        behavior: it should be a straightforward refactoring without web-visible
        side-effects.

        [1]: http://trac.webkit.org/changeset/124636

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::pluginIsLoadable):
            A new method that extracts the various 'Should we allow this plugin
            in this context?' checks from requestPlugin and loadPlugin into ine
            location, rather than spreading them across both.
        (WebCore):
        (WebCore::SubframeLoader::requestPlugin):
        (WebCore::SubframeLoader::loadPlugin):
        * loader/SubframeLoader.h:
        (SubframeLoader):

2012-08-04  John J. Barton  <johnjbarton@chromium.org>

        Web Inspector: filteredItemSelectionDialog.css has wrong selector for highlights
        https://bugs.webkit.org/show_bug.cgi?id=93168

        Reviewed by Pavel Feldman.

        Selector required span to be a child, but highlights are themselves span. Used descendent selector.
        No new tests: I'll make one next week, to go with bug 93166

        * inspector/front-end/filteredItemSelectionDialog.css:
        (.js-outline-dialog > .container > div.item span.highlight):

2012-08-03  Robert Hogan  <robert@webkit.org>

        CSS 2.1 failure: overflow-applies-to-001 fails
        https://bugs.webkit.org/show_bug.cgi?id=93148

        Reviewed by Eric Seidel.

        Overflow no longer applies to table-rows or table-row-groups, it only applies
        to block containers: http://www.w3.org/TR/CSS21/visufx.html#overflow

        Tests:  css2.1/20110323/overflow-applies-to-001.htm
                css2.1/20110323/overflow-applies-to-002.htm
                css2.1/20110323/overflow-applies-to-003.htm
                css2.1/20110323/overflow-applies-to-004.htm
                css2.1/20110323/overflow-applies-to-005.htm
                css2.1/20110323/overflow-applies-to-006.htm
                css2.1/20110323/overflow-applies-to-007.htm
                css2.1/20110323/overflow-applies-to-008.htm
                css2.1/20110323/overflow-applies-to-009.htm
                css2.1/20110323/overflow-applies-to-010.htm
                css2.1/20110323/overflow-applies-to-012.htm
                css2.1/20110323/overflow-applies-to-013.htm
                css2.1/20110323/overflow-applies-to-014.htm
                css2.1/20110323/overflow-applies-to-015.htm

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::updateBoxModelInfoFromStyle):

2012-08-04  Adam Barth  <abarth@webkit.org>

        BindingSecurity::shouldAllowAccessToNode shouldn't detour through Frame to find the node's document
        https://bugs.webkit.org/show_bug.cgi?id=93140

        Reviewed by Eric Seidel.

        Previously, shouldAllowAccessToNode took a detour through the Frame to
        find the Document associated with a given Node. That's crazy! Nodes
        already know their documents. This patch removes the detour.

        It's theoretically possible that this patch changes behavior in the
        case where the Frame is 0, but I couldn't find any situations in which
        we call this function on nodes in inactive documents because the
        typical way you find a node worth checking security on is via
        a JavaScript window object.

        * bindings/generic/BindingSecurity.cpp:
        (WebCore::canAccessDocument):
        (WebCore::BindingSecurity::shouldAllowAccessToNode):
        (WebCore::BindingSecurity::allowSettingFrameSrcToJavascriptUrl):

2012-08-04  Adam Barth  <abarth@webkit.org>

        [V8] Re-wire "target" half of the same-origin security check through Document rather than DOMWindow
        https://bugs.webkit.org/show_bug.cgi?id=93079

        Reviewed by Eric Seidel.

        Before this patch, we were traversing from Nodes to Frames to
        DOMWindows to SecurityOrigins when determing the "target" of an
        operation for the same-origin policy security check. Rather than
        detouring through DOMWindow, these security checks should operate in
        terms of ScriptExecutionContexts (aka Documents) because that's the
        canonical place we store SecurityOrigin objects.

        A future patch will re-wire the "active" part of the security check to
        use ScriptExecutionContexts as well and we'll be able to remove the
        extra copy of SecurityOrigin that we keep in DOMWindow.

        * bindings/generic/BindingSecurity.cpp:
        (WebCore::canAccessDocument):
        (WebCore::BindingSecurity::canAccessFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToNode):
        * bindings/v8/BindingState.cpp:
        (WebCore::immediatelyReportUnsafeAccessTo):
        * bindings/v8/BindingState.h:
        (WebCore):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::reportUnsafeJavaScriptAccess):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::reportUnsafeAccessTo):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-03  Adam Barth  <abarth@webkit.org>

        Disabling eval changes the timing of DidCreateScriptContext
        https://bugs.webkit.org/show_bug.cgi?id=92189

        Reviewed by Eric Seidel.

        When we implemented Content-Security-Policy, we added the ability to
        disable eval in the JavaScript engine. However, when we process the
        Content-Security-Policy header, we might not have initialized the
        script context for the given frame.

        Previously, we would initialize the context, but that generates a
        DidCreateScriptContext callback to the embedder earlier in the Document's
        lifetime that before. A natural thing to do in this callback is to run
        script to customize the script context, but Document isn't fully
        initialized yet, which leads to odd bugs and general confusion.

        In this patch, we delay actually disabling eval until we would have
        created the scripting context previously. From the perspective of the
        web platform, this has the same behavior. The only difference is that
        now the DidCreateScriptContext notification occurs at the same time
        regardless of whether Content-Security-Policy disables eval.

        I tried to write a test for this change, but it was unclear to me how
        to write a good test. I tried writing a Chromium WebKit unit test to no
        avail. The good news is that this patch will be covered by the
        PlatformAppBrowserTest.Iframes test in Chromium once
        https://bugs.webkit.org/show_bug.cgi?id=93079 lands. That's not the
        best way to test this change, but it might be sufficient.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::initScript):
        (WebCore::ScriptController::disableEval):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::enableEval):
        (WebCore::ScriptController::disableEval):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::initContextIfNeeded):

2012-08-03  James Robinson  <jamesr@chromium.org>

        [chromium] Stop relying on implicit WebFoo <-> WebCore conversion operators in compositor
        https://bugs.webkit.org/show_bug.cgi?id=93169

        Reviewed by Adrienne Walker.

        This removes the compositor's reliance on implicit conversion operators from Web* types to WebKit-internal
        types, specifically WebRect <-> WebCore::IntRect and WebString <-> WTF::String.

        * platform/graphics/chromium/CanvasLayerTextureUpdater.cpp:
        (WebCore::CanvasLayerTextureUpdater::paintContents):
        * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.cpp:
        (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::updateTextureRect):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::getFramebufferPixels):
        * platform/graphics/chromium/ScrollbarLayerChromium.cpp:
        (WebCore::ScrollbarLayerChromium::setTexturePriorities):
        (WebCore::ScrollbarLayerChromium::update):
        * platform/graphics/chromium/cc/CCFontAtlas.cpp:
        (WebCore::CCFontAtlas::drawOneLineOfTextInternal):
        * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.cpp:
        (WebCore::CCHeadsUpDisplayLayerImpl::drawFPSCounter):
        (WebCore::CCHeadsUpDisplayLayerImpl::drawDebugRects):
        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp:
        (WebCore::toUVRect):
        (WebCore::CCScrollbarLayerImpl::appendQuads):
        (WebCore::CCScrollbarLayerImpl::CCScrollbar::size):

2012-08-03  Michael Nordman  <michaeln@google.com>

        [Chromium] Cross-thread-copy a couple more recently added ResourceResponse data members, apparently
        these got missed when they were added. And fix a bug with how the m_remoteIPAddress
        data member is handled, an isolatedCopy() is needed for thread safety.
        https://bugs.webkit.org/show_bug.cgi?id=93158

        Reviewed by David Levin.

        No new tests, minor cleanup.

        * platform/network/chromium/ResourceResponse.cpp:
        (WebCore::ResourceResponse::doPlatformCopyData): make deep copies
        (WebCore::ResourceResponse::doPlatformAdopt): take ownership of them
        * platform/network/chromium/ResourceResponse.h:
        (ResourceResponse):
        (CrossThreadResourceResponseData):

2012-08-03  Florin Malita  <fmalita@chromium.org>

        [SVG] Tref target event listener cleanup
        https://bugs.webkit.org/show_bug.cgi?id=93004

        Reviewed by Abhishek Arya.

        Currently SVGTRefElement allocates event listeners dynamically as it attaches to its
        targets. Synchronizing the lifetime of the target listener vs. the tref element is
        error prone, as various events can stack and trigger nested handlers.

        In order to reduce complexity and address a couple of outstanding issues, this patch
        changes the way event listeners are allocated: only one target listener is created
        for the lifetime of the SVGTRefElement, and gets reused if the target element changes.

        Test: svg/custom/tref-nested-events-crash.svg

        * dom/EventListener.h:
        Added new <tref> target event listener type.
        * svg/SVGTRefElement.cpp:
        (WebCore):
        (WebCore::SVGTRefTargetEventListener::create):
        (WebCore::SVGTRefTargetEventListener::cast):
        (SVGTRefTargetEventListener):
        (WebCore::SVGTRefTargetEventListener::isAttached):
        (WebCore::SVGTRefTargetEventListener::SVGTRefTargetEventListener):
        (WebCore::SVGTRefTargetEventListener::attach):
        (WebCore::SVGTRefTargetEventListener::detach):
        (WebCore::SVGTRefTargetEventListener::operator==):
        (WebCore::SVGTRefTargetEventListener::handleEvent):
        No need to check m_trefElement anymore - the listener is allocated for the whole element
        lifetime, detached when the element is removed and deallocated when the element is
        destroyed.
        (WebCore::SVGTRefElement::SVGTRefElement):
        Allocate one target listener per element, at construction time.
        (WebCore::SVGTRefElement::~SVGTRefElement):
        Detach the listener if necessary.
        (WebCore::SVGTRefElement::detachTarget):
        Check whether the element is still in document after updating the text (may have been
        removed by event handlers).
        (WebCore::SVGTRefElement::buildPendingResource):
        Attach the event listener before updating the text content to avoid racing with event
        handlers (which can remove the element).
        (WebCore::SVGTRefElement::removedFrom):
        * svg/SVGTRefElement.h:
        (WebCore):
        (SVGTRefElement):

2012-08-03  Michael Saboff  <msaboff@apple.com>

        Convert HTML parser to handle 8-bit resources without converting to UChar*
        https://bugs.webkit.org/show_bug.cgi?id=90321

        Reviewed by Adam Barth.

        No new tests, no new functionality therefore covered by existing tests.

        Changed the parsing of HTML to handle 8-bit strings without converting the 
        whole string to 16-bits.  Primary change was to use the appropriate 
        character pointer type (LChar* or UChar*) depending on the source string.
        This access is abstracted in SegmentedSubstring by getCurrentChar{8,16} and
        incrementAndGetCurrentChar{8,16} methods.  In SegmentedString, the advance()
        and advanceAndUpdateLineNumber() methods have been refactored into a
        state machine managed pair of function pointers.  The possible functions
        have not only the 8 and 16 bitness factored out, they also have the 
        "exclude line numbers" logic factored out for advanceAndUpdateLineNumber().
        This change also has improvements over http://trac.webkit.org/changeset/123679.
        The most prominent change was to inline the 8 bit paths for both advance()
        and advanceAndUpdateLineNumber().
        This provides a net speed-up even with the 8/16 bit testing.
        Other changes involve using String methods to access and compare with the
        source data.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::append): Changed to use currentChar()
        instead of SegmentedString '*' operator.
        * html/parser/HTMLEntityParser.cpp: Changed to use currentChar() instead of
        SegmentedString '*' operator.
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces): Added 8-bit fast path.
        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::sourceForToken): Changed to use currentChar() instead of
        SegmentedString '*' operator.
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::script): Updated to use new String::dataSize() method.
        * platform/text/SegmentedString.cpp:
        (WebCore::SegmentedString::SegmentedString):
        (WebCore::SegmentedString::operator=):
        (WebCore::SegmentedString::clear):
        (WebCore::SegmentedString::append):
        (WebCore::SegmentedString::prepend):
        (WebCore::SegmentedString::advanceSubstring):
        (WebCore::SegmentedString::advance):
        (WebCore::SegmentedString::advance8): Fast path advance function for 8 bit data.
        (WebCore::SegmentedString::advance16): Fast path advance function for 16 bit data.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber8): Fast path
        advanceAndUpdateLineNumber for 8 bit data when we need to update the line number.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber16): Fast path
        advanceAndUpdateLineNumber for 16 bit data when we need to update the line number.
        (WebCore::SegmentedString::advanceSlowCase): Slow case advance function for both
        8 and 16 bit advance.
        (WebCore::SegmentedString::advanceAndUpdateLineNumberSlowCase): Slow case
        advanceAndUpdateLineNumber function for both 8 and 16 bit data.
        (WebCore::SegmentedString::advanceEmpty): Advance function when input has been exhausted.
        (WebCore::SegmentedString::updateSlowCaseFunctionPointers): Set advance function
        pointers to slow case functions.
        * platform/text/SegmentedString.h:
        (WebCore::SegmentedSubstring::SegmentedSubstring):
        (WebCore::SegmentedSubstring::clear):
        (SegmentedSubstring):
        (WebCore::SegmentedSubstring::is8Bit): New getter.
        (WebCore::SegmentedSubstring::appendTo):
        (WebCore::SegmentedSubstring::getCurrentChar8): New getter for the 8 bit case.
        (WebCore::SegmentedSubstring::getCurrentChar16): New getter for the 16 bit case.
        (WebCore::SegmentedSubstring::incrementAndGetCurrentChar8): New wrapper functions
        that pre-increments the 8 bit pointer and returns the next character.
        (WebCore::SegmentedSubstring::incrementAndGetCurrentChar16): New wrapper functions
        that pre-increments the 16 bit pointer and returns the next character.
        (WebCore::SegmentedSubstring::currentSubString):
        (WebCore::SegmentedSubstring::getCurrentChar):
        (WebCore::SegmentedSubstring::incrementAndGetCurrentChar):
        (WebCore::SegmentedString::SegmentedString):
        (WebCore::SegmentedString::push):
        (WebCore::SegmentedString::isEmpty):
        (WebCore::SegmentedString::lookAhead):
        (WebCore::SegmentedString::lookAheadIgnoringCase):
        (WebCore::SegmentedString::advance): Wrapper that contains 8 bit fast path
        or calls via member function point to approriate advance() flavor.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber): Wrapper that
        contains 8 bit fast path or calls via member function point to approriate
        advance() flavor.
        (WebCore::SegmentedString::advanceAndASSERT):
        (WebCore::SegmentedString::advanceAndASSERTIgnoringCase):
        (WebCore::SegmentedString::advancePastNonNewline):
        (WebCore::SegmentedString::advancePastNewlineAndUpdateLineNumber):
        (WebCore::SegmentedString::currentChar):
        (WebCore::SegmentedString::decrementAndCheckLength): Decrement substring length and
        change to slow case functions when only one character left.
        (WebCore::SegmentedString::updateAdvanceFunctionPointers): Select appropriate
        advance functions based on current substring.
        (WebCore::SegmentedString::lookAheadInline): Changed to use String::startsWith().
        (WebCore::SegmentedString::lookAheadSlowCase):
        * xml/parser/CharacterReferenceParserInlineMethods.h:
        (WebCore::consumeCharacterReference): Changed to use currentChar() instead of
        SegmentedString '*' operator.
        * xml/parser/MarkupTokenizerBase.h:
        (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::nextInputCharacter):
        (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::peek): Changed to use
        currentChar() instead of SegmentedString '*' operator.
        (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::advance):

2012-08-03  Arnaud Renevier  <a.renevier@sisa.samsung.com>

        Update TypedArrays to throw RangeError or similar instead of INDEX_SIZE_ERR
        https://bugs.webkit.org/show_bug.cgi?id=45118

        Reviewed by Kenneth Russell.

        Update TypedArrays to raise JavaScript RangeError instead of dom
        INDEX_SIZE_ERR exceptions. Also, update TypedArrays to raise TypeError
        instead of JavaScript SyntaxError or dom exceptions SYNTAX_ERR when
        calling set method with invalid arguments.

        Specification does not define the type of exceptions to raise, but
        other browsers raise JavaScript errors, so those changes will improve
        compatibility.

        New Test: fast/canvas/webgl/array-set-invalid-arguments.html

        Updated Tests expectations:
            fast/canvas/webgl/array-set-out-of-bounds.html
            fast/canvas/webgl/data-view-crash.html
            fast/canvas/webgl/data-view-test.html

        * bindings/js/JSArrayBufferViewHelper.h:
        (WebCore):
        (WebCore::setWebGLArrayWithTypedArrayArgument):
        (WebCore::setWebGLArrayHelper):
        (WebCore::constructArrayBufferViewWithTypedArrayArgument):
        (WebCore::constructArrayBufferViewWithArrayBufferArgument):
        (WebCore::constructArrayBufferView):
        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
        (WebCore):
        (WebCore::constructWebGLArrayWithArrayBufferArgument):
        (WebCore::setWebGLArrayHelper):

2012-08-03  Dave Tu  <dtu@chromium.org>

        [chromium] Fix Renderer4.CompositorThreadImplDrawDelay histogram.
        https://bugs.webkit.org/show_bug.cgi?id=93159

        Reviewed by Adrienne Walker.

        The histogram is using the frame number instead of the frame time by mistake.

        * platform/graphics/chromium/cc/CCFrameRateCounter.cpp:
        (WebCore::CCFrameRateCounter::markBeginningOfFrame):

2012-08-03  David Grogan  <dgrogan@chromium.org>

        IndexedDB: Core upgradeneeded logic
        https://bugs.webkit.org/show_bug.cgi?id=92558

        Reviewed by Ojan Vafai.

        This is the backend webkit logic needed for integer versions. The rest
        is in https://bugs.webkit.org/show_bug.cgi?id=89505.

        I tried to make use of the existing processPendingCalls and added two
        more queues, pendingOpenWithVersionCalls and
        pendingSecondHalfOpenWithVersionCalls. The "second half" refers to
        how there are two events that need to be fired in response to an
        open-with-version call. The "second half" queue holds the open
        requests that should immediately follow the caller's upgradeneeded
        handler.

        No new tests, there are so many they are in their own patch:
        https://bugs.webkit.org/show_bug.cgi?id=92560

        Though this patch doesn't change any expected behavior anyway, lack of
        regressions is what we're hoping for here.

        * Modules/indexeddb/IDBBackingStore.h:
        (IDBBackingStore):
        * Modules/indexeddb/IDBCallbacks.h:
        (WebCore::IDBCallbacks::onBlocked):
        (WebCore::IDBCallbacks::onUpgradeNeeded):
        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
        (IDBDatabaseBackendImpl::PendingOpenCall):
        (IDBDatabaseBackendImpl::PendingOpenWithVersionCall):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::create):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::callbacks):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::version):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::PendingOpenWithVersionCall):
        (WebCore):
        (WebCore::IDBDatabaseBackendImpl::IDBDatabaseBackendImpl):
        (WebCore::IDBDatabaseBackendImpl::openInternal):
        (WebCore::IDBDatabaseBackendImpl::metadata):
        (WebCore::IDBDatabaseBackendImpl::setVersion):
        (WebCore::IDBDatabaseBackendImpl::setIntVersionInternal):
        (WebCore::IDBDatabaseBackendImpl::transactionFinished):
        (WebCore::IDBDatabaseBackendImpl::transactionFinishedAndEventsFired):
        When an upgradeneeded event is fired in response to an
        open-with-version call, the version change transaction must receive its
        complete event before processPendingCalls fires a success event at
        IDBOpenDBRequest. In the future this should probably be changed
        instead to transactionFinishedAndAbortFired and
        transactionFinishedAndCompleteFired so that we'll know to fire a
        success or error event at IDBOpenDBRequest. Currently, instead of
        firing error when there's an abort, we don't fire anything.

        (WebCore::IDBDatabaseBackendImpl::processPendingCalls):
        Now that this is called after a connection is opened, we unfortunately
        lose the invariant that there is only one existing connection when this
        is called, but nothing inside this function actually relied on that.
        Additionally, the secondHalfOpen calls only ever need to be serviced
        in one place: right after a version change transaction completes, so
        it could be moved out of here.

        (WebCore::IDBDatabaseBackendImpl::registerFrontendCallbacks):
        Now that setVersion and deleteDatabase calls are queued up behind
        secondHalfOpen calls, we have to service those queues when
        secondHalfOpen calls complete, which is here.  So call
        processPendingCalls().

        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
        (WebCore::IDBDatabaseBackendImpl::openConnectionWithVersion):
        (WebCore::IDBDatabaseBackendImpl::deleteDatabase):
        (WebCore::IDBDatabaseBackendImpl::close):
        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
        (IDBDatabaseBackendImpl):
        * Modules/indexeddb/IDBDatabaseCallbacks.h:
        (WebCore::IDBDatabaseCallbacks::onVersionChange):
        * Modules/indexeddb/IDBFactoryBackendImpl.cpp:
        (WebCore::IDBFactoryBackendImpl::open):
        This is refactored some so that the call to openConection{WithVersion}
        happens once, at the end.

        * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
        (WebCore::IDBLevelDBBackingStore::getIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::createIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::updateIDBDatabaseIntVersion):
        (WebCore):
        (WebCore::IDBLevelDBBackingStore::deleteDatabase):
        * Modules/indexeddb/IDBLevelDBBackingStore.h:
        (IDBLevelDBBackingStore):
        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
        (WebCore::IDBTransactionBackendImpl::commit):
        See above comments about transactionFinishedAndEventsFired. I tried
        moving the call to transactionFinished after the events were fired but
        that failed some asserts. But changing those asserts is still an
        alternative to splitting up transactionFinished as is done here.

2012-08-03  Rick Byers  <rbyers@chromium.org>

        Double tap gesture should send dblclick event
        https://bugs.webkit.org/show_bug.cgi?id=92412

        Reviewed by Adam Barth.

        Propagate the tap count from PlatformGestureEvent in the derived mouse
        events.

        Also fixes a crash with unexpected GestureDoubleTap events by just
        supressing them early.  They will probably be removed soon anyway.

        Test: fast/events/touch/gesture/gesture-dblclick.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleGestureEvent):
        (WebCore::EventHandler::handleGestureTap):

2012-08-03  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r124668.
        http://trac.webkit.org/changeset/124668
        https://bugs.webkit.org/show_bug.cgi?id=93167

        Broke Mac build (Requested by kbr_google on #webkit).

        * bindings/js/JSArrayBufferViewHelper.h:
        (WebCore::setWebGLArrayWithTypedArrayArgument):
        (WebCore::setWebGLArrayHelper):
        (WebCore::constructArrayBufferViewWithTypedArrayArgument):
        (WebCore::constructArrayBufferViewWithArrayBufferArgument):
        (WebCore::constructArrayBufferView):
        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
        (WebCore::constructWebGLArrayWithArrayBufferArgument):
        (WebCore):
        (WebCore::constructWebGLArray):
        (WebCore::setWebGLArrayHelper):

2012-08-03  Julien Chaffraix  <jchaffraix@webkit.org>

        Implement computePreferredLogicalWidths on RenderGrid
        https://bugs.webkit.org/show_bug.cgi?id=92908

        Reviewed by Ojan Vafai.

        This functions implements a primitive computePreferredLogicalWidths
        so that we properly handle vertical writing modes.

        Covered by fast/css-grid-layout/place-cell-by-index.html.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computePreferredLogicalWidths):
        * rendering/RenderGrid.h:
        Added computePreferredLogicalWidths.

2012-08-03  Arnaud Renevier  <a.renevier@sisa.samsung.com>

        Update TypedArrays to throw RangeError or similar instead of INDEX_SIZE_ERR
        https://bugs.webkit.org/show_bug.cgi?id=45118

        Reviewed by Kenneth Russell.

        Update TypedArrays to raise JavaScript RangeError instead of dom
        INDEX_SIZE_ERR exceptions. Also, update TypedArrays to raise TypeError
        instead of JavaScript SyntaxError or dom exceptions SYNTAX_ERR when
        calling set method with invalid arguments.

        Specification does not define the type of exceptions to raise, but
        other browsers raise JavaScript errors, so those changes will improve
        compatibility.

        New Test: fast/canvas/webgl/array-set-invalid-arguments.html

        Updated Tests expectations:
            fast/canvas/webgl/array-set-out-of-bounds.html
            fast/canvas/webgl/data-view-crash.html
            fast/canvas/webgl/data-view-test.html

        * bindings/js/JSArrayBufferViewHelper.h:
        (WebCore):
        (WebCore::setWebGLArrayWithTypedArrayArgument):
        (WebCore::setWebGLArrayHelper):
        (WebCore::constructArrayBufferViewWithTypedArrayArgument):
        (WebCore::constructArrayBufferViewWithArrayBufferArgument):
        (WebCore::constructArrayBufferView):
        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
        (WebCore):
        (WebCore::constructWebGLArrayWithArrayBufferArgument):
        (WebCore::setWebGLArrayHelper):

2012-08-03  Levi Weintraub  <leviw@chromium.org>

        Switch mapLocalToContainer to use a flag instead of boolean parameters
        https://bugs.webkit.org/show_bug.cgi?id=92927

        Reviewed by Dirk Schulze.

        Changing mapLocalToContainer to use a uint flag to set the mode of operation. This removes
        simplifies the contract, removes boolean arguments and paves the way for an additional mode
        for sub-pixel layout support. See https://bugs.webkit.org/show_bug.cgi?id=89238 for the
        sub-pixel use case. Other than the new MapLocalToContainerMode enum and MapLocalToContainerFlags
        typedef, this change is purely mechanical.

        No new tests as this doesn't change current behavior.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::selectionGapRectsForRepaint):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::mapLocalToContainer):
        * rendering/RenderBox.h:
        (RenderBox):
        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::mapToAbsolute):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::mapLocalToContainer):
        * rendering/RenderInline.h:
        (RenderInline):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::localToAbsolute):
        (WebCore::RenderObject::mapLocalToContainer):
        (WebCore::RenderObject::localToContainerQuad):
        (WebCore::RenderObject::localToContainerPoint):
        * rendering/RenderObject.h:
        (RenderObject): Adding the MapLocalToContainerMode enum and MapLocalToContainerFlags unsigned
        int, and removing the old ApplyContainerFlipOrNot enum.
        * rendering/RenderView.cpp:
        (WebCore::RenderView::mapLocalToContainer):
        * rendering/RenderView.h:
        (RenderView):
        * rendering/svg/RenderSVGForeignObject.cpp:
        (WebCore::RenderSVGForeignObject::mapLocalToContainer):
        * rendering/svg/RenderSVGForeignObject.h:
        (RenderSVGForeignObject):
        * rendering/svg/RenderSVGInline.cpp:
        (WebCore::RenderSVGInline::mapLocalToContainer):
        * rendering/svg/RenderSVGInline.h:
        (RenderSVGInline):
        * rendering/svg/RenderSVGModelObject.cpp:
        (WebCore::RenderSVGModelObject::mapLocalToContainer):
        * rendering/svg/RenderSVGModelObject.h:
        (RenderSVGModelObject):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::mapLocalToContainer):
        * rendering/svg/RenderSVGRoot.h:
        (RenderSVGRoot):
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::mapLocalToContainer):
        * rendering/svg/RenderSVGText.h:
        (RenderSVGText):
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::mapLocalToContainer):

2012-08-03  Emil A Eklund  <eae@chromium.org>

        Remove dependency on LayoutTypes.h from transformation code
        https://bugs.webkit.org/show_bug.cgi?id=93037

        Reviewed by Levi Weintraub.

        TransformationMatrix and HitTestingTransformState includes LayoutTypes.h
        which is in rendering. This is a layering violation.
        Remove this dependency as it is no longer needed.

        No new tests, no change in functionality.

        * rendering/LayoutTypes.h:
        Remove clampToLayoutUnit
        
        * platform/FractionalLayoutUnit.h:
        (WebCore::FractionalLayoutUnit::clamp):
        Add FractionalLayoutUnit::clamp method that clamps a double to a FractionalLayoutUnit.
        * platform/graphics/transforms/TransformationMatrix.cpp:
        (WebCore::clampEdgeValue):
        (WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad):
        Use clamp/max/min from FractionalLayoutUnit instead of going through LayoutUnit abstraction.
        * platform/graphics/transforms/TransformationMatrix.h:
        * rendering/HitTestingTransformState.cpp:
        * rendering/HitTestingTransformState.h:
        Replace use of LayoutRect with FractionalLayoutRect as LayoutRect maps to FractionalLayoutRect on all platforms.

2012-08-03  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/12005188> REGRESSION (Safari 5.1 - 6): Cannot correctly display Traditional Mongolian Script
        https://bugs.webkit.org/show_bug.cgi?id=92864

        Reviewed by Sam Weinig.

        Test: platform/mac/fast/text/combining-character-sequence-vertical.html

        * platform/graphics/SimpleFontData.cpp:
        (WebCore::SimpleFontData::glyphForCharacter): Added this helper function.
        * platform/graphics/SimpleFontData.h:
        (SimpleFontData): Declared glyphDataForCharacter.
        * platform/graphics/mac/FontComplexTextMac.cpp:
        (WebCore::Font::fontDataForCombiningCharacterSequence): Added logic to use the appropriate
        variant of each font in the fallback list, which mimcs the equivalent logic in
        glyphDataAndPageForCharacter().

2012-08-03  Kenneth Russell  <kbr@google.com>

        [Chromium] Web Inspector: Win Dbg tests timing out (r123556 or r123560?)
        https://bugs.webkit.org/show_bug.cgi?id=92570

        Reviewed by Pavel Feldman.

        Try restricting the use of the GC hint for canvas contexts to only
        WebGL contexts, where it is most needed, to see whether this
        clears up the timeouts.

        * bindings/v8/custom/V8HTMLCanvasElementCustom.cpp:
        (WebCore::V8HTMLCanvasElement::getContextCallback):

2012-08-02  Jeffrey Pfau  <jpfau@apple.com>

        Add API for enabling blanket third-party data blocking
        https://bugs.webkit.org/show_bug.cgi?id=93022

        Reviewed by Anders Carlsson.

        Added API for enabling third-party storage blocking.

        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:
        (WebCore::Settings::setThirdPartyStorageBlockingEnabled):
        (WebCore::Settings::thirdPartyStorageBlockingEnabled):
        (Settings):

2012-08-03  Anna Cavender  <annacc@chromium.org>

        Negative timestamps for TextTrackCues should not be allowed.
        https://bugs.webkit.org/show_bug.cgi?id=92939

        Reviewed by Eric Carlson.

        Make sure cues added in JavaScript are not allowed negative timestamps.
        Attempting to add a cue with a negative timestamp is not successful
        and setting a timestamp to a negative value has no effect.

        Test: media/track/track-cue-negative-timestamp.html

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::addCue): If the cue's startTime or endTime is 
            negative, do not add the cue.
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::setStartTime): Ignore negative values.
        (WebCore::TextTrackCue::setEndTime): Ignore negative values.
        * html/track/TextTrackCueList.cpp:
        (WebCore::TextTrackCueList::add): Add ASSERTs to check startTime and
            endTime are positive.

2012-08-03  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r124594.
        http://trac.webkit.org/changeset/124594
        https://bugs.webkit.org/show_bug.cgi?id=93152

        Broke PlatformAppBrowserTest.Iframes browser_test on Chromium
        bots (Requested by dimich on #webkit).

        * bindings/generic/BindingSecurity.cpp:
        (WebCore::canAccess):
        (WebCore::BindingSecurity::canAccessFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToNode):
        * bindings/v8/BindingState.cpp:
        (WebCore::immediatelyReportUnsafeAccessTo):
        * bindings/v8/BindingState.h:
        (WebCore):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::reportUnsafeJavaScriptAccess):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::reportUnsafeAccessTo):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-03  Terry Anderson  <tdanderson@chromium.org>

        Apply target fuzzing when sending a context menu event
        https://bugs.webkit.org/show_bug.cgi?id=92914

        Reviewed by Antonio Gomes.

        If TOUCH_ADJUSTMENT is enabled, use bestClickableNodeForTouchPoint to possibly
        adjust the location of a context menu event. This change uses the same set of
        candidates for touch adjustment as is used for a GestureTap event (which
        admittedly is a simplifying assumption).

        Test: touchadjustment/touch-links-longpress.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleGestureTap):
        Some code moved to the new function adjustGesturePosition.
        (WebCore):
        (WebCore::EventHandler::adjustGesturePosition):
        Added this function to avoid repeated code in handleGestureTap and
        sendContextMenuEventForGesture.
        (WebCore::EventHandler::sendContextMenuEventForGesture):
        Try to adjust the location of |mouseEvent| to correspond to the most
        probable gesture target. If no such target exists, the location of
        |mouseEvent| is unchanged.
        * page/EventHandler.h:
        (EventHandler):

2012-08-03  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r124475 and r124496.
        http://trac.webkit.org/changeset/124475
        http://trac.webkit.org/changeset/124496
        https://bugs.webkit.org/show_bug.cgi?id=93151

        Causing assertion failures in table-section-node-at-point-
        crash.html (Requested by inferno-sec on #webkit).

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paint):

2012-08-03  Jan Keromnes  <janx@linux.com>

        Web Inspector: Create and interface for TextEditor
        https://bugs.webkit.org/show_bug.cgi?id=93126

        Reviewed by Pavel Feldman.

        For more extensibility, TextEditor needs to be an interface that other
        classes can implement, e.g. the new class DefaultTextEditor.

        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * inspector/compile-front-end.py:
        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame):
        * inspector/front-end/TextEditor.js:
        (WebInspector.TextEditor):
        (WebInspector.TextEditor.prototype.set mimeType):
        (WebInspector.TextEditor.prototype.setReadOnly):
        (WebInspector.TextEditor.prototype.readOnly):
        (WebInspector.TextEditor.prototype.defaultFocusedElement):
        (WebInspector.TextEditor.prototype.revealLine):
        (WebInspector.TextEditor.prototype.addDecoration):
        (WebInspector.TextEditor.prototype.removeDecoration):
        (WebInspector.TextEditor.prototype.markAndRevealRange):
        (WebInspector.TextEditor.prototype.highlightLine):
        (WebInspector.TextEditor.prototype.clearLineHighlight):
        (WebInspector.TextEditor.prototype.freeCachedElements):
        (WebInspector.TextEditor.prototype.elementsToRestoreScrollPositionsFor):
        (WebInspector.TextEditor.prototype.inheritScrollPositions):
        (WebInspector.TextEditor.prototype.beginUpdates):
        (WebInspector.TextEditor.prototype.endUpdates):
        (WebInspector.TextEditor.prototype.onResize):
        (WebInspector.TextEditor.prototype._textChanged):
        (WebInspector.TextEditor.prototype.editRange):
        (WebInspector.TextEditor.prototype.scrollToLine):
        (WebInspector.TextEditor.prototype.selection):
        (WebInspector.TextEditor.prototype.lastSelection):
        (WebInspector.TextEditor.prototype.setSelection):
        (WebInspector.TextEditor.prototype.setText):
        (WebInspector.TextEditor.prototype.text):
        (WebInspector.TextEditor.prototype.range):
        (WebInspector.TextEditor.prototype.line):
        (WebInspector.TextEditor.prototype.get linesCount):
        (WebInspector.TextEditor.prototype.setAttribute):
        (WebInspector.TextEditor.prototype.getAttribute):
        (WebInspector.TextEditor.prototype.removeAttribute):
        (WebInspector.TextEditor.prototype.wasShown):
        (WebInspector.TextEditor.prototype._handleFocused):
        (WebInspector.TextEditor.prototype.willHide):
        * inspector/front-end/WebKit.qrc:
        * inspector/front-end/inspector.html:

2012-08-03  Mike West  <mkwst@chromium.org>

        Blocking a plugin via CSP should result in one (and only one) console message.
        https://bugs.webkit.org/show_bug.cgi?id=92649

        Reviewed by Adam Barth.

        Currently, blocking a plugin via Content Security Policy results in some
        leakage of console log messages between tests. I'm unclear as to the
        root cause, but the symptoms exhibited include
        `SubframeLoader::requestPlugin` being called multiple times for a single
        element, which in turn causes multiple console logs to be sent. These
        messages tend to appear in the subsequent test, making the
        `http/test/security/contentSecurityPolicy/object-src-*` set of tests
        flakey indeed.

        This patch addresses the issue by marking elements' plugins as
        unavailable when they're blocked by CSP. No new tests have been added:
        this patch should simply make the current tests actually pass.

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestPlugin):
            We check the CSP status in `SubframeLoader::loadPlugin`, which is
            called at the end of this function. Checking CSP status in both
            locations is redundant.
        (WebCore::SubframeLoader::loadPlugin):
            If the plugin is blocked by CSP, tell the element's embedded object
            renderer that the plugin is unavailable.
        * platform/LocalizedStrings.cpp:
        (WebCore::blockedPluginByContentSecurityPolicyText):
        (WebCore):
        * platform/LocalizedStrings.h:
        (WebCore):
        * platform/blackberry/LocalizedStringsBlackBerry.cpp:
        (WebCore::blockedPluginByContentSecurityPolicyText):
        (WebCore):
        * platform/efl/LocalizedStringsEfl.cpp:
        (WebCore::blockedPluginByContentSecurityPolicyText):
        (WebCore):
        * platform/gtk/LocalizedStringsGtk.cpp:
        (WebCore::blockedPluginByContentSecurityPolicyText):
        (WebCore):
        * platform/qt/LocalizedStringsQt.cpp:
        (WebCore::blockedPluginByContentSecurityPolicyText):
        (WebCore):
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::unavailablePluginReplacementText):
        * rendering/RenderEmbeddedObject.h:
            Return appropriate text when the plugin is blocked by CSP.

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Add an IsExecutionTerminating() check to setDOMException()
        https://bugs.webkit.org/show_bug.cgi?id=93101

        Reviewed by Adam Barth.

        In preparation for moving exception related code from V8Proxy to V8Binding,
        I am going to remove throwError(ExceptionCode, v8::Isolate*) from V8Proxy.
        throwError(ExceptionCode, v8::Isolate*) will be replaced with
        setDOMException(ExceptionCode, v8::Isolate*). By this refactoring,
        the way to throw JavaScript errors and DOM exceptions becomes simple:
        "Throw JavaScript errors by throwError(). Throw DOM exceptions by setDOMException()".
        (Currently some DOM exceptions are being thrown by throwError().)

        To keep the current behavior of throwError(ExceptionCode, v8::Isolate*),
        before the replacement, we need to insert the IsExecutionTerminating()
        check to setDOMException(). This will add an extra check to the current
        setDOMException(), but I don't think it's a problem.

        No tests. No change in behavior.

        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::setDOMException):

2012-08-03  Sadrul Habib Chowdhury  <sadrul@chromium.org>

        Avoid dispatching gesture events of unknown types
        https://bugs.webkit.org/show_bug.cgi?id=93060

        Reviewed by Adam Barth.

        WebCore gesture events do not always correspond 1-to-1 to the Platform gesture events. So
        avoid dispatching the unknown gesture events to nodes.

        * dom/GestureEvent.cpp:
        (WebCore::GestureEvent::create):
        * dom/Node.cpp:
        (WebCore::Node::dispatchGestureEvent):

2012-08-03  Stephen Chenney  <schenney@chromium.org>

        Crash when a clip path referencing a clip path changes documents
        https://bugs.webkit.org/show_bug.cgi?id=93023

        Reviewed by Dirk Schulze.

        The SVGClipPathElement is set to not need pending resource handling,
        when in fact it can have pending resources. The result is a crash when
        the element is moved to a new document (which deletes all resources
        and leaves them pending) and then immediately deleted (which asserts
        that there are no pending resources). There is code to remove pending
        resources upon deletion and removal from the DOM, but it was not
        executing for clips because of the aforementioned code claiming that
        clips don't require such handling.

        The assertion that there be no pending resources is necessary to
        prevent caches of pending resources from trying to access the deleted
        element.

        This change removes the check for needsPendingResourceHandling in
        SVGStyledElement upon deletion and removal from the DOM. Pending resources
        will always be checked in such cases to ensure we do not introduce
        security issues.

        Test: svg/custom/clip-path-document-change-assert.html

        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::~SVGStyledElement): Removed needsPendingResourceHandling in the conditional to clean up resources.
        (WebCore::SVGStyledElement::removedFrom): Removed needsPendingResourceHandling in the conditional to clean up resources.

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove unused methods in V8Proxy
        https://bugs.webkit.org/show_bug.cgi?id=93106

        Reviewed by Adam Barth.

        In preparation for removing V8Proxy, we can remove unused methods in V8Proxy.

        No tests. No change in behavior.

        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Implement v8Undefined()
        https://bugs.webkit.org/show_bug.cgi?id=93093

        Reviewed by Adam Barth.

        There are a couple of equivalent ways to create an undefined value,
        e.g. v8::Undefined(), v8::Undefined(isolate), v8::Handle<v8::Value>(), etc.
        We should implement v8Undefined() and use it everywhere.

        In this bug, we implement v8Undefined() and use it in CodeGeneratorV8.pm.
        We can implement v8Undefined() like this:

            v8::Handle<v8::Value> v8Undefined() { v8::Handle<v8::Value>(); }

        This is based on the following performance results:

        // 14.5 ns
        v8::Handle<v8::Value> xxxAttrGetter(..., info) {
            return v8::Undefined();
        }

        // 8.24 ns (This cannot be used where isolate can be 0.)
        v8::Handle<v8::Value> xxxAttrGetter(..., info) {
            return v8::Undefined(info.GetIsolate());
        }

        // 8.54 ns
        v8::Handle<v8::Value> xxxAttrGetter(..., info) {
            v8::Isolate* isolate = info.GetIsolate();
            return isolate ? v8::Handle<v8::Value>(v8::Undefined(isolate)) : v8::Handle<v8::Value>();
        }

        // 8.52 ns
        v8::Handle<v8::Value> xxxAttrGetter(..., info) {
            return v8::Handle<v8::Value>();
        }

        No tests. No change in behavior.

        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateConstructorGetter):
        (GenerateNormalAttrGetter):
        (GenerateNewFunctionTemplate):
        (GenerateEventListenerCallback):
        (GenerateFunctionCallback):
        (GenerateCallWith):
        (GenerateParametersCheck):
        (GenerateEventConstructorCallback):
        (GenerateNonStandardFunction):
        (GenerateImplementation):
        (NativeToJSValue):
        * bindings/scripts/test/V8/V8Float64Array.cpp:
        (WebCore::ConfigureV8Float64ArrayTemplate):
        * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
        (WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback):
        (WebCore::TestActiveDOMObjectV8Internal::postMessageCallback):
        (WebCore::TestActiveDOMObjectV8Internal::postMessageAttrGetter):
        (WebCore::ConfigureV8TestActiveDOMObjectTemplate):
        (WebCore::V8TestActiveDOMObject::wrapSlow):
        * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
        (WebCore::TestCustomNamedGetterV8Internal::anotherFunctionCallback):
        * bindings/scripts/test/V8/V8TestEventConstructor.cpp:
        (WebCore::V8TestEventConstructor::constructorCallback):
        * bindings/scripts/test/V8/V8TestEventTarget.cpp:
        (WebCore::TestEventTargetV8Internal::addEventListenerCallback):
        (WebCore::TestEventTargetV8Internal::removeEventListenerCallback):
        (WebCore::ConfigureV8TestEventTargetTemplate):
        * bindings/scripts/test/V8/V8TestInterface.cpp:
        (WebCore::TestInterfaceV8Internal::supplementalMethod1Callback):
        (WebCore::TestInterfaceV8Internal::supplementalMethod2Callback):
        (WebCore::TestInterfaceV8Internal::supplementalMethod4Callback):
        (WebCore::ConfigureV8TestInterfaceTemplate):
        * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
        (WebCore::TestMediaQueryListListenerV8Internal::methodCallback):
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjV8Internal::readOnlyTestObjAttrAttrGetter):
        (WebCore::TestObjV8Internal::withScriptStateAttributeAttrGetter):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeAttrGetter):
        (WebCore::TestObjV8Internal::withScriptStateAttributeRaisesAttrGetter):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeRaisesAttrGetter):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeAttrGetter):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeRaisesAttrGetter):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateWithSpacesAttributeAttrGetter):
        (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackAttributeAttrGetter):
        (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackAttributeAttrSetter):
        (WebCore::TestObjV8Internal::cachedAttribute1AttrGetter):
        (WebCore::TestObjV8Internal::cachedAttribute2AttrGetter):
        (WebCore::TestObjV8Internal::TestObjConstructorGetter):
        (WebCore::TestObjV8Internal::voidMethodCallback):
        (WebCore::TestObjV8Internal::voidMethodWithArgsCallback):
        (WebCore::TestObjV8Internal::methodWithSequenceArgCallback):
        (WebCore::TestObjV8Internal::serializedValueCallback):
        (WebCore::TestObjV8Internal::idbKeyCallback):
        (WebCore::TestObjV8Internal::optionsObjectCallback):
        (WebCore::TestObjV8Internal::methodWithExceptionCallback):
        (WebCore::TestObjV8Internal::addEventListenerCallback):
        (WebCore::TestObjV8Internal::removeEventListenerCallback):
        (WebCore::TestObjV8Internal::withScriptStateVoidCallback):
        (WebCore::TestObjV8Internal::withScriptStateVoidExceptionCallback):
        (WebCore::TestObjV8Internal::withScriptExecutionContextCallback):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateCallback):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateObjExceptionCallback):
        (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateWithSpacesCallback):
        (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackCallback):
        (WebCore::TestObjV8Internal::methodWithOptionalArgCallback):
        (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndOptionalArgCallback):
        (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndTwoOptionalArgsCallback):
        (WebCore::TestObjV8Internal::methodWithOptionalStringCallback):
        (WebCore::TestObjV8Internal::methodWithOptionalStringIsUndefinedCallback):
        (WebCore::TestObjV8Internal::methodWithOptionalStringIsNullStringCallback):
        (WebCore::TestObjV8Internal::methodWithCallbackArgCallback):
        (WebCore::TestObjV8Internal::methodWithNonCallbackArgAndCallbackArgCallback):
        (WebCore::TestObjV8Internal::methodWithCallbackAndOptionalArgCallback):
        (WebCore::TestObjV8Internal::conditionalMethod2Callback):
        (WebCore::TestObjV8Internal::conditionalMethod3Callback):
        (WebCore::TestObjV8Internal::overloadedMethod1Callback):
        (WebCore::TestObjV8Internal::overloadedMethod2Callback):
        (WebCore::TestObjV8Internal::overloadedMethod3Callback):
        (WebCore::TestObjV8Internal::overloadedMethod4Callback):
        (WebCore::TestObjV8Internal::overloadedMethod5Callback):
        (WebCore::TestObjV8Internal::overloadedMethod6Callback):
        (WebCore::TestObjV8Internal::overloadedMethod7Callback):
        (WebCore::TestObjV8Internal::overloadedMethod8Callback):
        (WebCore::TestObjV8Internal::overloadedMethod9Callback):
        (WebCore::TestObjV8Internal::overloadedMethod10Callback):
        (WebCore::TestObjV8Internal::classMethodCallback):
        (WebCore::TestObjV8Internal::overloadedMethod11Callback):
        (WebCore::TestObjV8Internal::overloadedMethod12Callback):
        (WebCore::TestObjV8Internal::classMethodWithClampCallback):
        (WebCore::TestObjV8Internal::enabledAtRuntimeMethod1Callback):
        (WebCore::TestObjV8Internal::enabledAtRuntimeMethod2Callback):
        (WebCore::TestObjV8Internal::enabledPerContextMethod1Callback):
        (WebCore::TestObjV8Internal::enabledPerContextMethod2Callback):
        (WebCore::TestObjV8Internal::convert1Callback):
        (WebCore::TestObjV8Internal::convert2Callback):
        (WebCore::TestObjV8Internal::convert3Callback):
        (WebCore::TestObjV8Internal::convert4Callback):
        (WebCore::TestObjV8Internal::convert5Callback):
        (WebCore::TestObjV8Internal::orangeCallback):
        (WebCore::ConfigureV8TestObjTemplate):
        (WebCore::V8TestObj::installPerContextProperties):
        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
        (WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback):
        (WebCore::TestSerializedScriptValueInterfaceV8Internal::multiTransferListCallback):
        (WebCore::V8TestSerializedScriptValueInterface::constructorCallback):
        * bindings/v8/V8Binding.h:
        (WebCore::v8Undefined):
        (WebCore):

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove v8StringToWebCoreString()
        https://bugs.webkit.org/show_bug.cgi?id=93087

        Reviewed by Adam Barth.

        There should be only one API that converts V8 String
        to WebCore String. v8ValueToWebCoreString() does it.
        We can remove v8StringToWebCoreString().

        No tests. No change in behavior.

        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::setBreakpoint):
        * bindings/v8/V8Binding.cpp:
        (WebCore::v8ValueToWebCoreString):
        * bindings/v8/V8Binding.h:
        (WebCore):

2012-07-20  Jon Lee  <jonlee@apple.com>

        Crash in Notification when setting a non-object as an event listener (91881)
        https://bugs.webkit.org/show_bug.cgi?id=91881
        <rdar://problem/11923341>

        Reviewed by Oliver Hunt.

        Check to make sure that the value being retrieved is an object. This is similar
        to the isObject() check done in the bindings code.

        Test: fast/notifications/notifications-event-listener-crash.html

        * bindings/js/Dictionary.h:
        (WebCore::Dictionary::getEventListener):

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove v8StringToAtomicWebCoreString()
        https://bugs.webkit.org/show_bug.cgi?id=93086

        Reviewed by Dimitri Glazkov.

        There should be only one API that converts V8 String to
        AtomicString. v8ValueToAtomicWebCoreString() does it.
        We can remove v8StringToAtomicWebCoreString().

        No tests. No change in behavior.

        * bindings/v8/V8Binding.cpp:
        (WebCore::v8ValueToAtomicWebCoreString):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::getter):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::V8DOMWindow::namedPropertyGetter):
        * bindings/v8/custom/V8HTMLAllCollectionCustom.cpp:
        (WebCore::V8HTMLAllCollection::namedPropertyGetter):
        * bindings/v8/custom/V8HTMLCollectionCustom.cpp:
        (WebCore::V8HTMLCollection::namedPropertyGetter):
        * bindings/v8/custom/V8HTMLFormElementCustom.cpp:
        (WebCore::V8HTMLFormElement::namedPropertyGetter):
        * bindings/v8/custom/V8HTMLFrameSetElementCustom.cpp:
        (WebCore::V8HTMLFrameSetElement::namedPropertyGetter):

2012-08-03  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: eliminate visitBaseClass method from NMI. It introduces unnecessary complexity.
        https://bugs.webkit.org/show_bug.cgi?id=93129

        Reviewed by Yury Semikhatsky.

        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage):
        (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage):
        * dom/CharacterData.cpp:
        (WebCore::CharacterData::reportMemoryUsage):
        * dom/ContainerNode.h:
        (WebCore::ContainerNode::reportMemoryUsage):
        * dom/Document.cpp:
        (WebCore::Document::reportMemoryUsage):
        * dom/Element.h:
        (WebCore::Element::reportMemoryUsage):
        * dom/MemoryInstrumentation.h:
        * dom/Node.cpp:
        (WebCore::Node::reportMemoryUsage):

2012-08-03  Alexandre Elias  <aelias@google.com>

        [chromium] Move ubercomp quads back into CC
        https://bugs.webkit.org/show_bug.cgi?id=93062

        Reviewed by James Robinson.

        Because GTFO is almost done, we can move back the quad types
        to CC and pickle them there.  This patch moves everything back
        to where it was before and changes types like WebRect to IntRect.

        As a bonus, I also added CCRenderPassDrawQuad and CCYUVVideoDrawQuad
        (which had been left in the CC files) to CCDrawQuad::size(), so now
        every quad type is ready for serialization.

        No new tests (no-op refactoring).

        * WebCore.gypi:
        * platform/chromium/support/WebCompositorStreamVideoQuad.cpp: Removed.
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::drawQuad):
        * platform/graphics/chromium/cc/CCCheckerboardDrawQuad.cpp: Copied from Source/WebCore/platform/graphics/chromium/cc/CCQuadSink.h.
        (WebCore):
        (WebCore::CCCheckerboardDrawQuad::create):
        (WebCore::CCCheckerboardDrawQuad::CCCheckerboardDrawQuad):
        (WebCore::CCCheckerboardDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCCheckerboardDrawQuad.h:
        (WebCore):
        (CCCheckerboardDrawQuad):
        * platform/graphics/chromium/cc/CCDebugBorderDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorDebugBorderQuad.cpp.
        (WebCore):
        (WebCore::CCDebugBorderDrawQuad::create):
        (WebCore::CCDebugBorderDrawQuad::CCDebugBorderDrawQuad):
        (WebCore::CCDebugBorderDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCDebugBorderDrawQuad.h:
        (WebCore):
        (CCDebugBorderDrawQuad):
        (WebCore::CCDebugBorderDrawQuad::color):
        (WebCore::CCDebugBorderDrawQuad::width):
        * platform/graphics/chromium/cc/CCDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorQuad.cpp.
        (WebCore):
        (WebCore::CCDrawQuad::CCDrawQuad):
        (WebCore::CCDrawQuad::opaqueRect):
        (WebCore::CCDrawQuad::setQuadVisibleRect):
        (WebCore::CCDrawQuad::size):
        (WebCore::CCDrawQuad::setSharedQuadState):
        * platform/graphics/chromium/cc/CCDrawQuad.h:
        (WebCore):
        (CCDrawQuad):
        (WebCore::CCDrawQuad::quadRect):
        (WebCore::CCDrawQuad::quadTransform):
        (WebCore::CCDrawQuad::visibleContentRect):
        (WebCore::CCDrawQuad::scissorRect):
        (WebCore::CCDrawQuad::opacity):
        (WebCore::CCDrawQuad::needsBlending):
        (WebCore::CCDrawQuad::isLayerAxisAlignedIntRect):
        (WebCore::CCDrawQuad::quadVisibleRect):
        (WebCore::CCDrawQuad::isDebugQuad):
        (WebCore::CCDrawQuad::material):
        (WebCore::CCDrawQuad::sharedQuadState):
        (WebCore::CCDrawQuad::sharedQuadStateId):
        * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.cpp:
        (WebCore::CCHeadsUpDisplayLayerImpl::appendQuads):
        * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorIOSurfaceQuad.cpp.
        (WebCore):
        (WebCore::CCIOSurfaceDrawQuad::create):
        (WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad):
        (WebCore::CCIOSurfaceDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h:
        (WebCore):
        (CCIOSurfaceDrawQuad):
        (WebCore::CCIOSurfaceDrawQuad::ioSurfaceSize):
        (WebCore::CCIOSurfaceDrawQuad::ioSurfaceTextureId):
        (WebCore::CCIOSurfaceDrawQuad::orientation):
        * platform/graphics/chromium/cc/CCQuadCuller.h:
        (CCQuadCuller):
        * platform/graphics/chromium/cc/CCQuadSink.h:
        (WebCore):
        (CCQuadSink):
        * platform/graphics/chromium/cc/CCRenderPassDrawQuad.cpp:
        (WebCore::CCRenderPassDrawQuad::create):
        (WebCore::CCRenderPassDrawQuad::CCRenderPassDrawQuad):
        (WebCore::CCRenderPassDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCRenderPassDrawQuad.h:
        (CCRenderPassDrawQuad):
        * platform/graphics/chromium/cc/CCSharedQuadState.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorSharedQuadState.cpp.
        (WebCore):
        (WebCore::CCSharedQuadState::CCSharedQuadState):
        (WebCore::CCSharedQuadState::create):
        (WebCore::CCSharedQuadState::isLayerAxisAlignedIntRect):
        * platform/graphics/chromium/cc/CCSharedQuadState.h:
        (WebCore):
        (CCSharedQuadState):
        * platform/graphics/chromium/cc/CCSolidColorDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorSolidColorQuad.cpp.
        (WebCore):
        (WebCore::CCSolidColorDrawQuad::create):
        (WebCore::CCSolidColorDrawQuad::CCSolidColorDrawQuad):
        (WebCore::CCSolidColorDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCSolidColorDrawQuad.h:
        (WebCore):
        (CCSolidColorDrawQuad):
        (WebCore::CCSolidColorDrawQuad::color):
        * platform/graphics/chromium/cc/CCStreamVideoDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorCheckerboardQuad.cpp.
        (WebCore):
        (WebCore::CCStreamVideoDrawQuad::create):
        (WebCore::CCStreamVideoDrawQuad::CCStreamVideoDrawQuad):
        (WebCore::CCStreamVideoDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCStreamVideoDrawQuad.h:
        (WebCore):
        (CCStreamVideoDrawQuad):
        (WebCore::CCStreamVideoDrawQuad::textureId):
        (WebCore::CCStreamVideoDrawQuad::matrix):
        * platform/graphics/chromium/cc/CCTextureDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorTextureQuad.cpp.
        (WebCore):
        (WebCore::CCTextureDrawQuad::create):
        (WebCore::CCTextureDrawQuad::CCTextureDrawQuad):
        (WebCore::CCTextureDrawQuad::setNeedsBlending):
        (WebCore::CCTextureDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCTextureDrawQuad.h:
        (WebCore):
        (CCTextureDrawQuad):
        (WebCore::CCTextureDrawQuad::uvRect):
        (WebCore::CCTextureDrawQuad::resourceId):
        (WebCore::CCTextureDrawQuad::premultipliedAlpha):
        (WebCore::CCTextureDrawQuad::flipped):
        * platform/graphics/chromium/cc/CCTileDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorTileQuad.cpp.
        (WebCore):
        (WebCore::CCTileDrawQuad::create):
        (WebCore::CCTileDrawQuad::CCTileDrawQuad):
        (WebCore::CCTileDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCTileDrawQuad.h:
        (WebCore):
        (CCTileDrawQuad):
        (WebCore::CCTileDrawQuad::resourceId):
        (WebCore::CCTileDrawQuad::textureOffset):
        (WebCore::CCTileDrawQuad::textureSize):
        (WebCore::CCTileDrawQuad::textureFilter):
        (WebCore::CCTileDrawQuad::swizzleContents):
        (WebCore::CCTileDrawQuad::leftEdgeAA):
        (WebCore::CCTileDrawQuad::topEdgeAA):
        (WebCore::CCTileDrawQuad::rightEdgeAA):
        (WebCore::CCTileDrawQuad::bottomEdgeAA):
        (WebCore::CCTileDrawQuad::isAntialiased):
        * platform/graphics/chromium/cc/CCYUVVideoDrawQuad.cpp:
        (WebCore::CCYUVVideoDrawQuad::create):
        (WebCore::CCYUVVideoDrawQuad::CCYUVVideoDrawQuad):
        (WebCore::CCYUVVideoDrawQuad::materialCast):
        * platform/graphics/chromium/cc/CCYUVVideoDrawQuad.h:
        (CCYUVVideoDrawQuad):

2012-08-03  Alexander Pavlov  <apavlov@chromium.org>

        Unreviewed, restore Web Inspector JS frontend compilability after r124484 (fix JSDoc annotations).

        * inspector/front-end/Settings.js:
        * inspector/front-end/SettingsScreen.js:
        * inspector/front-end/UserAgentSupport.js:
        (WebInspector.UserAgentSupport.DeviceOrientation):

2012-08-03  Philippe Normand  <pnormand@igalia.com>

        Unreviewed, rolling out r124614.
        http://trac.webkit.org/changeset/124614
        https://bugs.webkit.org/show_bug.cgi?id=91727

        gstreamer core .po files mess up the build again

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::adoptGRef):
        * platform/graphics/gstreamer/GStreamerVersioning.cpp:
        (setGstElementClassMetadata):
        * platform/graphics/gstreamer/GStreamerVersioning.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (StreamingClient::didReceiveResponse):

2012-08-03  Benjamin Poulain  <bpoulain@apple.com>

        Initialize the Event Names' string from read only memory
        https://bugs.webkit.org/show_bug.cgi?id=92435

        Reviewed by Anders Carlsson.

        Similarily to r123689, we can initialize the event names' string from memory without copying the data.
        This saves us memory and initialization time.

        * dom/EventNames.cpp:
        (WebCore):

2012-08-03  Philippe Normand  <pnormand@igalia.com>

        [GTK][jhbuild] Switch to GStreamer 0.11 build
        https://bugs.webkit.org/show_bug.cgi?id=91727

        Reviewed by Gustavo Noronha Silva.

        Add a new function to encapsulate the GStreamer API removal of
        GST_OBJECT_IS_FLOATING in the upcoming 1.0 release. Use of this
        macro can now be replaced by calling the g_object_is_floating
        function.

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::adoptGRef):
        * platform/graphics/gstreamer/GStreamerVersioning.cpp:
        (gstObjectIsFloating):
        * platform/graphics/gstreamer/GStreamerVersioning.h:

2012-08-03  George Staikos  <staikos@webkit.org>

        [BlackBerry] Add a null check for media implementation to fix a crash.
        https://bugs.webkit.org/show_bug.cgi?id=93107

        Reviewed by Rob Buis.

        Fixes media/video-size.html.

        * platform/blackberry/RenderThemeBlackBerry.cpp:
        (WebCore::RenderThemeBlackBerry::paintMediaSliderTrack): Add null check.

2012-08-03  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Fixed WinCE compilation after r124589.

        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage):
        (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage):

2012-08-03  Keishi Hattori  <keishi@webkit.org>

        Add keyboard support for color suggestion popup
        https://bugs.webkit.org/show_bug.cgi?id=93069

        Reviewed by Kent Tamura.

        This adds support for keyboard inside the color suggestion popup.
        Tab or arrow keys to move around. Return or space to select the color.
        Escape closes the popup.

        No new tests. Covered in platform/chromium/fast/forms/color/color-suggestion-picker-appearance.html.

        * Resources/colorSuggestionPicker.css:
        (.color-swatch):
        (.color-swatch:focus):
        * Resources/colorSuggestionPicker.js:
        (ColorPicker):
        (ColorPicker.prototype._layout):
        (ColorPicker.prototype.selectColorAtIndex): Selects color at index.
        (ColorPicker.prototype._handleMouseMove): Set focus to the swatch under the mouse cursor.
        (ColorPicker.prototype._handleKeyDown): Move focused element on arrow keys.
        (ColorPicker.prototype._handleMouseDown): Prevents blur on click.

2012-08-03  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        Add missing include to build on Mac OS 10.8

        Reviewed by Ossy.

        * platform/graphics/surfaces/mac/GraphicsSurfaceMac.cpp:

2012-08-03  Adam Barth  <abarth@webkit.org>

        [V8] Re-wire "target" half of the same-origin security check through Document rather than DOMWindow
        https://bugs.webkit.org/show_bug.cgi?id=93079

        Reviewed by Eric Seidel.

        Before this patch, we were traversing from Nodes to Frames to
        DOMWindows to SecurityOrigins when determing the "target" of an
        operation for the same-origin policy security check. Rather than
        detouring through DOMWindow, these security checks should operate in
        terms of ScriptExecutionContexts (aka Documents) because that's the
        canonical place we store SecurityOrigin objects.

        A future patch will re-wire the "active" part of the security check to
        use ScriptExecutionContexts as well and we'll be able to remove the
        extra copy of SecurityOrigin that we keep in DOMWindow.

        * bindings/generic/BindingSecurity.cpp:
        (WebCore::canAccessDocument):
        (WebCore::BindingSecurity::canAccessFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToNode):
        * bindings/v8/BindingState.cpp:
        (WebCore::immediatelyReportUnsafeAccessTo):
        * bindings/v8/BindingState.h:
        (WebCore):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::reportUnsafeJavaScriptAccess):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::reportUnsafeAccessTo):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-03  Keishi Hattori  <keishi@webkit.org>

        ColorSuggestionPicker popup's height doesn't get smaller than 100 px
        https://bugs.webkit.org/show_bug.cgi?id=92945

        Reviewed by Kent Tamura.

        A window cannot be resized to be smaller than 100x100 pixels so this
        adjust the color suggestion popup UI to look better when there are only
        a few suggestions.

        Tests: platform/chromium/fast/forms/color/color-suggestion-picker-one-row-appearance.html
               platform/chromium/fast/forms/color/color-suggestion-picker-two-row-appearance.html

        * Resources/colorSuggestionPicker.css:
        (.color-swatch-container): Vertically center the swatches.

2012-08-03  Alexander Pavlov  <apavlov@chromium.org>

        Web Inspector: Remove InspectorCSSAgent from InstrumentingAgents on clearFrontend()
        https://bugs.webkit.org/show_bug.cgi?id=93082

        Reviewed by Yury Semikhatsky.

        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::InspectorCSSAgent):
        (WebCore::InspectorCSSAgent::~InspectorCSSAgent):
        (WebCore::InspectorCSSAgent::setFrontend):
        (WebCore::InspectorCSSAgent::clearFrontend):

2012-08-03  Eugene Klyuchnikov  <eustas.big@gmail.com>

        Web Inspector: Profiles: extract save to file / load from code
        https://bugs.webkit.org/show_bug.cgi?id=92348

        Reviewed by Yury Semikhatsky.

        Motivation: extract reusable code for timeline load/save.
        FileUtils.js will contain common code. Not all code moved to FileUtils
        to make review easier. This code will be moved in next patch.

        Core abstractions: OutputStream and OutputStreamDelegate.

        OutputStream is interface that is used to transfer entity divded
        to chunks. Transfer process is explicitly initialized (startTransfer)
        and finalized (finishTrnsfer).

        OutputStreamDelegate is interface to receive notifications about
        transfer process: onTransferStarted, onChunkTransferred, onTransferFinished.

        ChunkedFileReader: utility class that loads file by chunks of specified
        size and notifies given delegate. OutputStream is supplied as a
        parameter of method "start".

        ChunkedFileWriter: implementation of OutputStream that saves data
        to file specified by file name and notifies given delegate.

        * WebCore.gypi: Added 'FileUtils.js'.
        * WebCore.vcproj/WebCore.vcproj: Added 'FileUtils.js'.
        * inspector/compile-front-end.py: Added 'FileUtils.js'.
        * inspector/front-end/FileUtils.js: Added.
        (WebInspector.OutputStreamDelegate): Added.
        (WebInspector.ChunkedFileReader): Added.
        (WebInspector.createFileSelectorElement): Added utility method to construct
        hidden input element to select file.
        * inspector/front-end/HeapSnapshotLoader.js: Adopted new API.
        * inspector/front-end/HeapSnapshotProxy.js: Adopted new API.
        * inspector/front-end/HeapSnapshotView.js: Adopted new API.
        (WebInspector.HeapSnapshotLoadFromFileDelegate):
        Extracted from existing code.
        (WebInspector.ChunkedFileWriter): Renamed and refactored.
        (WebInspector.HeapSnapshotSaveToFileDelegate):
        Extracted from existing code.
        * inspector/front-end/ProfilesPanel.js: Adopted new API.

2012-08-03  Alexander Pavlov  <apavlov@chromium.org>

        Web Inspector: Incorrect blob url href when inspecting
        https://bugs.webkit.org/show_bug.cgi?id=93076

        Reviewed by Vsevolod Vlasov.

        Special-cased the "blob" scheme to return the original URL intact on completion.

        * inspector/front-end/ResourceUtils.js:
        (WebInspector.completeURL):

2012-08-03  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: add CSSRule memory instrumentation
        https://bugs.webkit.org/show_bug.cgi?id=92962

        Reviewed by Pavel Feldman.

        Added memory footprint reporting method to CSSRule and its descendants.

        * css/CSSCharsetRule.cpp:
        (WebCore::CSSCharsetRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSCharsetRule.h:
        (CSSCharsetRule):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::reportMemoryUsage):
        (WebCore):
        * css/CSSComputedStyleDeclaration.h:
        (CSSComputedStyleDeclaration):
        * css/CSSFontFaceRule.cpp:
        (WebCore::CSSFontFaceRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSFontFaceRule.h:
        (CSSFontFaceRule):
        * css/CSSImportRule.cpp:
        (WebCore::CSSImportRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSImportRule.h:
        (CSSImportRule):
        * css/CSSMediaRule.cpp:
        (WebCore::CSSMediaRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSMediaRule.h:
        (CSSMediaRule):
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSPageRule.h:
        (CSSPageRule):
        * css/CSSRule.cpp:
        (WebCore::CSSRule::reportMemoryUsage): we manually implement polymorphic
        call here to avoid adding vtable pointer to all CSSRule objects. Descendants
        are expected to report their memory via reportDescendantMemoryUsage. The name
        is intentionally different from reportMemoryUsage to avoid accidential infitite
        recursion: if the descendants overrode non-virtual CSSRule::reportMemoryUsage,
        it would be easy to add a new descendant type to the switch in
        CSSRule::reportMemoryUsage without providing proper override for reportMemoryUsage
        and CSSRule::reportMemoryUsage would end up calling itself.
        (WebCore):
        (WebCore::CSSRule::reportBaseClassMemoryUsage): again we cannot use
        MemoryClassInfo::visitBaseClass like we do for virtual methods because it would
        lead to a recursive call of CSSRule::reportMemoryUsage. This is why we use
        reportBaseClassMemoryUsage to allow descendants to report objects referenced
        from their base class.
        * css/CSSRule.h:
        (WebCore):
        (CSSRule):
        * css/CSSRuleList.cpp:
        (WebCore::StaticCSSRuleList::reportMemoryUsage):
        (WebCore):
        * css/CSSRuleList.h:
        (WebCore):
        (CSSRuleList):
        (StaticCSSRuleList):
        (LiveCSSRuleList):
        * css/CSSStyleDeclaration.h:
        (WebCore):
        (CSSStyleDeclaration):
        * css/CSSStyleRule.cpp:
        (WebCore::CSSStyleRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/CSSStyleRule.h:
        (CSSStyleRule):
        * css/CSSStyleSheet.cpp:
        (StyleSheetCSSRuleList):
        (WebCore::CSSStyleSheet::reportMemoryUsage):
        * css/CSSUnknownRule.h:
        (CSSUnknownRule):
        (WebCore::CSSUnknownRule::reportDescendantMemoryUsage):
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::reportMemoryUsage):
        (WebCore):
        (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage):
        (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage):
        * css/PropertySetCSSStyleDeclaration.h:
        (PropertySetCSSStyleDeclaration):
        (StyleRuleCSSStyleDeclaration):
        (InlineCSSStyleDeclaration):
        * css/WebKitCSSKeyframeRule.cpp:
        (WebCore::WebKitCSSKeyframeRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/WebKitCSSKeyframeRule.h:
        (WebKitCSSKeyframeRule):
        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::WebKitCSSKeyframesRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/WebKitCSSKeyframesRule.h:
        (WebKitCSSKeyframesRule):
        * css/WebKitCSSRegionRule.cpp:
        (WebCore::WebKitCSSRegionRule::reportDescendantMemoryUsage):
        (WebCore):
        * css/WebKitCSSRegionRule.h:
        (WebKitCSSRegionRule):

2012-08-03  Adam Barth  <abarth@webkit.org>

        WebCore::DragController::cleanupAfterSystemDrag should null-check page
        https://bugs.webkit.org/show_bug.cgi?id=61815

        Reviewed by Eric Seidel.

        * page/DragController.cpp:
        (WebCore::DragController::dragEnteredOrUpdated):
        (WebCore::DragController::doSystemDrag):

2012-08-03  Sergio Carlos Morales Angeles  <carloschilazo@gmail.com>

        Delete text from password does nothing.
        https://bugs.webkit.org/show_bug.cgi?id=92040

        Reviewed by Ryosuke Niwa.

        Use Editor::canDelete() to determine if field is editable or not.
        Added password-delete-contents test.

        Test: editing/deleting/password-delete-contents.html

        * editing/EditorCommand.cpp:
        (WebCore::enabledDelete):

2012-08-03  Jan Keromnes  <janx@linux.com>

        Web Inspector: Make textModel private to textEditor
        https://bugs.webkit.org/show_bug.cgi?id=92999

        Reviewed by Pavel Feldman.

        Making textModel private to the textEditor ensures that it is accessed
        only through the textEditor, making the latter more modular.

        Tests were changed accordingly.

        * inspector/front-end/JavaScriptSourceFrame.js:
        (WebInspector.JavaScriptSourceFrame.prototype.afterTextChanged):
        (WebInspector.JavaScriptSourceFrame.prototype._restoreBreakpointsAfterEditing):
        (WebInspector.JavaScriptSourceFrame.prototype._addBreakpointDecoration):
        (WebInspector.JavaScriptSourceFrame.prototype._removeBreakpointDecoration):
        (WebInspector.JavaScriptSourceFrame.prototype._lineNumberAfterEditing):
        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame):
        (WebInspector.SourceFrame.prototype.setContent):
        (WebInspector.SourceFrame.prototype.replaceAllWith):
        (WebInspector.SourceFrame.prototype._collectRegexMatches):
        (WebInspector.SourceFrame.prototype.addMessageToSource):
        (WebInspector.SourceFrame.prototype.removeMessageFromSource):
        (WebInspector.TextEditorDelegateForSourceFrame.prototype.commitEditing):
        * inspector/front-end/TextEditor.js:
        (WebInspector.TextEditor.prototype.setText):
        (WebInspector.TextEditor.prototype.text):
        (WebInspector.TextEditor.prototype.range):
        (WebInspector.TextEditor.prototype.line):
        (WebInspector.TextEditor.prototype.get linesCount):
        (WebInspector.TextEditor.prototype.setAttribute):
        (WebInspector.TextEditor.prototype.getAttribute):
        (WebInspector.TextEditor.prototype.removeAttribute):
        * inspector/front-end/UISourceCodeFrame.js:
        (WebInspector.UISourceCodeFrame.prototype.afterTextChanged):

2012-08-03  Adam Barth  <abarth@webkit.org>

        V8Proxy::retrieve(*) leads to really obfuscated code and should be removed
        https://bugs.webkit.org/show_bug.cgi?id=93072

        Reviewed by Eric Seidel.

        Once upon a time, V8Proxy::retrieve did a bunch of checks before
        returning the V8Proxy object (such as checking whether script was
        enabled). Over time, we've removed all of these checks in order to fix
        various bugs. Now all it does is check whether the Frame is 0. However,
        because the function ends up returning 0 when its argument is 0, the
        caller sill needs to have a null check.

        This patch deletes all the variations of V8Proxy::retrieve(*) and
        inlines them into their callers. In several cases, inlining the
        function call showed that we were testing the Frame for 0 twice, and
        I've removed the redundant null checks. In other cases, I've
        uncontorted the callers to make the code more readable.

        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateToV8Converters):
        * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
        (WebCore::V8TestActiveDOMObject::wrapSlow):
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        (WebCore::V8TestNamedConstructorConstructorCallback):
        * bindings/scripts/test/V8/V8TestNode.cpp:
        (WebCore::V8TestNode::wrapSlow):
        * bindings/v8/PageScriptDebugServer.cpp:
        (WebCore::PageScriptDebugServer::addListener):
        * bindings/v8/ScheduledAction.cpp:
        (WebCore::ScheduledAction::execute):
        * bindings/v8/ScriptController.h:
        (WebCore::ScriptController::windowShell):
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::instantiateV8Object):
        * bindings/v8/V8EventListener.cpp:
        (WebCore::V8EventListener::callListenerFunction):
        * bindings/v8/V8Helpers.cpp:
        (WebCore::toV8Proxy):
        * bindings/v8/V8LazyEventListener.cpp:
        (WebCore::V8LazyEventListener::callListenerFunction):
        (WebCore::V8LazyEventListener::prepareListenerObject):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::handleOutOfMemory):
        (WebCore::V8Proxy::retrievePerContextData):
        (WebCore::V8Proxy::mainWorldContext):
        (WebCore::toV8Context):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::V8DOMWindow::addEventListenerCallback):
        (WebCore::V8DOMWindow::removeEventListenerCallback):
        * bindings/v8/custom/V8DocumentCustom.cpp:
        (WebCore::toV8):
        * bindings/v8/custom/V8HTMLDocumentCustom.cpp:
        (WebCore::V8HTMLDocument::openCallback):
        (WebCore::toV8):
        * bindings/v8/custom/V8SVGDocumentCustom.cpp:
        (WebCore::toV8):

2012-08-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Add *explicit* keyword to constructors in WebCore/accessibility
        https://bugs.webkit.org/show_bug.cgi?id=93067

        Reviewed by Kentaro Hara.

        As a step to add *explicit* keyword to constructors which have a parameter,
        *explicit* keyword is added to Source/WebCore/accessibility in order to avoid
        implicit type conversion.

        No new tests. Covered by existing tests.

        * accessibility/AXObjectCache.h:
        (AXObjectCache):
        * accessibility/AccessibilityARIAGrid.h:
        (AccessibilityARIAGrid):
        * accessibility/AccessibilityARIAGridCell.h:
        (AccessibilityARIAGridCell):
        * accessibility/AccessibilityARIAGridRow.h:
        (AccessibilityARIAGridRow):
        * accessibility/AccessibilityList.h:
        (AccessibilityList):
        * accessibility/AccessibilityListBox.h:
        (AccessibilityListBox):
        * accessibility/AccessibilityMediaControls.h:
        (AccessibilityMediaControl):
        (AccessibilityMediaTimeline):
        (AccessibilityMediaControlsContainer):
        (AccessibilityMediaTimeDisplay):
        * accessibility/AccessibilityMenuList.h:
        (AccessibilityMenuList):
        * accessibility/AccessibilityNodeObject.h:
        (AccessibilityNodeObject):
        * accessibility/AccessibilityProgressIndicator.h:
        (AccessibilityProgressIndicator):
        * accessibility/AccessibilityRenderObject.h:
        (AccessibilityRenderObject):
        * accessibility/AccessibilityScrollView.h:
        (AccessibilityScrollView):
        * accessibility/AccessibilityScrollbar.h:
        (AccessibilityScrollbar):
        * accessibility/AccessibilitySlider.h:
        (AccessibilitySlider):
        * accessibility/AccessibilityTable.h:
        (AccessibilityTable):
        * accessibility/AccessibilityTableCell.h:
        (AccessibilityTableCell):
        * accessibility/AccessibilityTableRow.h:
        (AccessibilityTableRow):

2012-08-03  Abhishek Arya  <inferno@chromium.org>

        Regression(r124564): Wrong inlineChildrenBlock->hasLayer() computed in RenderBlock::removeChild.
        https://bugs.webkit.org/show_bug.cgi?id=90800

        Reviewed by Eric Seidel.

        r124564 reversed the sequence of setStyle and removeChildNode calls, but failed to cache the value
        of inlineChildrenBlock->hasLayer(). So, it will be null when the layer is removed from parent in setStyle.
        Fixed by the caching the bool value. 

        Covered by existing test fast/block/layer-not-removed-from-parent-crash.html.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeChild):

2012-08-03  Mario Sanchez Prada  <msanchez@igalia.com>

        [GTK] Add a new and reusable enchant-based spellchecker in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=90269

        Reviewed by Martin Robinson.

        Move enchant specific code down to WebCore, into a new class
        TextCheckerEnchant, that we can use from WK1 and WK2.

        * GNUmakefile.am: Add flags to handle the SPELLCHECK feature.
        * GNUmakefile.list.am: Added new files.
        * platform/text/gtk/TextCheckerEnchant.cpp: Added.
        (getAvailableDictionariesCallback):
        (TextCheckerEnchant::TextCheckerEnchant):
        (TextCheckerEnchant::~TextCheckerEnchant):
        (TextCheckerEnchant::ignoreWord):
        (TextCheckerEnchant::learnWord):
        (TextCheckerEnchant::checkSpellingOfString):
        (TextCheckerEnchant::getGuessesForWord):
        (TextCheckerEnchant::updateSpellCheckingLanguages):
        (TextCheckerEnchant::freeEnchantBrokerDictionaries):
        * platform/text/gtk/TextCheckerEnchant.h: Added.
        (WebCore):
        (TextCheckerEnchant):
        (WebCore::TextCheckerEnchant::create):

2012-08-03  Kwang Yul Seo  <skyul@company100.net>

        Unreviewed r124536 followup, fix the assertion error on Chromium.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

2012-08-03  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: simple replace objectType with ownerObjectType in NMI code.
        https://bugs.webkit.org/show_bug.cgi?id=93001

        Reviewed by Yury Semikhatsky.

        In all the cases when we are visiting members, objectType field is actually the object type of the member's owner object.

        * dom/MemoryInstrumentation.h:
        (WebCore::MemoryInstrumentation::InstrumentedPointer::InstrumentedPointer):
        (InstrumentedPointer):
        (WebCore::MemoryInstrumentation::addObject):
        (WebCore::MemoryInstrumentation::addInstrumentedObject):
        (WebCore::MemoryInstrumentation::addRawBuffer):
        (WebCore::MemoryInstrumentation::OwningTraits::addInstrumentedObject):
        (WebCore::MemoryInstrumentation::OwningTraits::addObject):
        (WebCore::MemoryObjectInfo::MemoryObjectInfo):
        (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
        (WebCore::MemoryInstrumentation::addObjectImpl):
        (WebCore::MemoryInstrumentation::addHashMap):
        (WebCore::MemoryInstrumentation::addHashSet):
        (WebCore::MemoryInstrumentation::addInstrumentedCollection):
        (WebCore::MemoryInstrumentation::addListHashSet):
        (WebCore::MemoryInstrumentation::addVector):
        (WebCore::::process):

2012-08-02  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: extend test coverage for nmi code and fix 2 bugs.
        https://bugs.webkit.org/show_bug.cgi?id=92994

        Reviewed by Yury Semikhatsky.

        1) owner object type propagation.
        If a class with object-type DOM has an instrumented member with object-type Other then it has to be recorded as DOM.
        Sample: We have SharedBuffer class and we don't know the object-type for it but we know that it is owned by an object with object-type CachedResourceImage.

        2) the first member of an instrumented non virtual class was skipped even if it was reported properly.
        it happened because the first member has the same address as it's owner

        * dom/MemoryInstrumentation.h:
        (WebCore::MemoryInstrumentation::addRootObject):
        (WebCore::MemoryInstrumentation::InstrumentedPointer::InstrumentedPointer):
        (InstrumentedPointer):
        (WebCore::MemoryInstrumentation::addInstrumentedObject):
        (MemoryInstrumentation):
        (WebCore::MemoryInstrumentation::OwningTraits::addInstrumentedObject):
        (WebCore::MemoryObjectInfo::MemoryObjectInfo):
        (WebCore::MemoryObjectInfo::reportObjectInfo):
        (WebCore::MemoryClassInfo::addInstrumentedMember):
        (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
        (WebCore::MemoryInstrumentation::addObjectImpl):
        (WebCore::MemoryInstrumentation::addInstrumentedCollection):
        (WebCore::::process):

2012-08-03  Kentaro Hara  <haraken@chromium.org>

        [V8] Make v8NonStringValueToWebCoreString a static method
        https://bugs.webkit.org/show_bug.cgi?id=93066

        Reviewed by Adam Barth.

        v8NonStringValueToWebCoreString() and v8NonStringValueToAtomicWebCoreString()
        are not intended to be used from outside V8Binding.cpp.
        They should be static methods.

        No tests. No change in behavior.

        * bindings/v8/V8Binding.cpp:
        (WebCore::v8NonStringValueToWebCoreString):
        (WebCore):
        (WebCore::v8NonStringValueToAtomicWebCoreString):
        * bindings/v8/V8Binding.h:
        (WebCore::v8StringToWebCoreString):
        (WebCore::v8StringToAtomicWebCoreString):

2012-08-02  Abhishek Arya  <inferno@chromium.org>

        Crash due to layer not removed from parent for anonymous block.
        https://bugs.webkit.org/show_bug.cgi?id=90800

        Reviewed by Kent Tamura.

        Reverse the order of setStyle and removeChildNode calls. This ensures that setting the style
        properly removes its layer from the parent in RenderBoxModelObject::styleDidChange. Calling
        removeChildNode before calling setStyle is problematic since the parent layer never gets
        notified.

        Test: fast/block/layer-not-removed-from-parent-crash.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeChild):

2012-08-02  Adam Barth  <abarth@webkit.org>

        V8Proxy::retrieveFrameFor*Context are used only by BindingState and should be removed as separate functions
        https://bugs.webkit.org/show_bug.cgi?id=93049

        Reviewed by Eric Seidel.

        No one calls these functions directly anymore. This patch removes them
        from V8Proxy and inlines their logic into BindingState.cpp.

        * bindings/v8/BindingState.cpp:
        (WebCore::activeContext):
        (WebCore):
        (WebCore::activeWindow):
        (WebCore::activeFrame):
        (WebCore::firstFrame):
        (WebCore::currentFrame):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-02  Yoshifumi Inoue  <yosin@chromium.org>

        Make order of attribute/method in HTMLTrackElement.idl as same as specification
        https://bugs.webkit.org/show_bug.cgi?id=80102

        Reviewed by Kentaro Hara.

        No new tests. This patch doesn't change behavior.

        * html/HTMLTrackElement.idl: Reorder attribute/method position.

2012-08-02  Kent Tamura  <tkent@chromium.org>

        Fix crashes for <input> and <textarea> with display:run-in.
        https://bugs.webkit.org/show_bug.cgi?id=87300

        Reviewed by Abhishek Arya.

        Introduce RenderObject::canBeReplacedWithInlineRunIn, and renderers which
        should not be run-in override it so that it returns false.

        Test: fast/runin/input-text-runin.html
              fast/runin/textarea-runin.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded):
        Checks canBeReplacedWithInlineRunIn instead of checking tag names.
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in.
        * rendering/RenderFileUploadControl.h:
        (RenderFileUploadControl): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in. This is not a behavior change.
        * rendering/RenderListBox.h:
        (RenderListBox): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in. This is not a behavior change.
        * rendering/RenderMenuList.h:
        (RenderMenuList): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::canBeReplacedWithInlineRunIn):
        Added. Allow run-in by default.
        * rendering/RenderObject.h:
        (RenderObject): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in. This is not a behavior change.
        * rendering/RenderProgress.h:
        (RenderProgress): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in.
        * rendering/RenderSlider.h:
        (RenderSlider): Declare canBeReplacedWithInlineRunIn.
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::canBeReplacedWithInlineRunIn):
        Added. Disallow run-in.
        * rendering/RenderTextControl.h:
        (RenderTextControl): Declare canBeReplacedWithInlineRunIn.

2012-08-02  Kihong Kwon  <kihong.kwon@samsung.com>

        [EFL] Fix wrong assigned value of BatteryStatus
        https://bugs.webkit.org/show_bug.cgi?id=93058

        Reviewed by Kentaro Hara.

        There is a wrong change in the bug 92964.
        property variable have to be used after assigned value in the setBatteryClient.

        * platform/efl/BatteryProviderEfl.cpp:
        (WebCore::BatteryProviderEfl::setBatteryClient):

2012-08-02  Arvid Nilsson  <anilsson@rim.com>

        [BlackBerry] Add default implementation of GraphicsLayerClient::contentsVisible()
        https://bugs.webkit.org/show_bug.cgi?id=93036

        Reviewed by George Staikos.

        Returning true by default would cause memory usage to balloon, because
        the LayerTiler would believe every tile is visible and always needs to
        be rendered. Instead, we choose to return false by default, relying
        entirely on reactive rendering through render jobs.

        However this revealed a subtle bug. If the entire layer was invalidated
        every frame, checkerboard would never resolve with this default
        implementation.

        Fixed by not clearing render jobs when the entire layer is invalidated,
        thus making us robust against an incomplete contentsVisible
        implementation.

        Also removed dead code related to the deprecated
        LayerTiler::m_tilesWebKitThread mechanism, which has been replaced by
        the implicit visibility management resulting from render jobs.

        With m_tilesWebKitThread out of the way, rename m_tilesCompositingThread
        to be simply m_tiles.

        PR 187458

        This is not currently testable using BlackBerry testing infrastructure.

        * platform/graphics/GraphicsLayerClient.h:
        (WebCore::GraphicsLayerClient::contentsVisible): Gets a default implementation instead of being pure virtual.
        * platform/graphics/blackberry/LayerTile.cpp:
        (WebCore::LayerTile::LayerTile): Merged LayerTileData into LayerTile now that m_tilesWebKitThread is gone.
        * platform/graphics/blackberry/LayerTile.h:
        (LayerTile):
        * platform/graphics/blackberry/LayerTiler.cpp:
        (WebCore::LayerTiler::~LayerTiler):
        (WebCore::LayerTiler::updateTextureContentsIfNeeded): Bug fix to make us robust against the new default implementation of GraphicsLayerClient::contentsVisible()
        (WebCore::LayerTiler::shouldPerformRenderJob):
        (WebCore::LayerTiler::layerVisibilityChanged):
        (WebCore::LayerTiler::uploadTexturesIfNeeded):
        (WebCore::LayerTiler::drawTexturesInternal):
        (WebCore::LayerTiler::deleteTextures):
        (WebCore::LayerTiler::pruneTextures):
        (WebCore::LayerTiler::bindContentsTexture):
        * platform/graphics/blackberry/LayerTiler.h:
        (LayerTiler):

2012-08-02  Keishi Hattori  <keishi@webkit.org>

        Slider should snap to datalist tick marks
        https://bugs.webkit.org/show_bug.cgi?id=92640

        Reviewed by Kent Tamura.

        Input type=range slider snaps to datalist tick marks.

        Test: fast/forms/datalist/range-snap-to-datalist.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::findClosestTickMarkValue): Just calls InputType::findClosestTickMarkValue.
        (WebCore):
        * html/HTMLInputElement.h:
        (HTMLInputElement):
        * html/InputType.cpp:
        (WebCore):
        (WebCore::InputType::findClosestTickMarkValue): Overridden by RangeInputType.
        * html/InputType.h:
        (InputType):
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::RangeInputType):
        (WebCore):
        (WebCore::RangeInputType::listAttributeTargetChanged): Mark m_tickMarkValues as dirty.
        (WebCore::decimalCompare):
        (WebCore::RangeInputType::updateTickMarkValues): Sets m_tickMarkValues to a list of sorted valid datalist values.
        (WebCore::RangeInputType::findClosestTickMarkValue): Finds closest tick mark value to a given value.
        * html/RangeInputType.h:
        (RangeInputType):
        * html/shadow/SliderThumbElement.cpp:
        (WebCore):
        (WebCore::SliderThumbElement::setPositionFromPoint): Snaps to the closest tick mark value if it is within a certain distance.

2012-08-02  Ryuan Choi  <ryuan.choi@samsung.com>

        [EFL] Crash while loading plugin after r121467
        https://bugs.webkit.org/show_bug.cgi?id=92943

        Reviewed by Laszlo Gombos.

        r121467 replaced POSIX dlopen to helpers in eina_module, but some codes
        are not changed.

        No new tests, behavior has not changed.

        * plugins/efl/PluginPackageEfl.cpp:
        (WebCore::PluginPackage::fetchInfo):
        Changes dlsym to eina_module_symbol_get to follow changes of r121467.

2012-08-02  Adam Barth  <abarth@webkit.org>

        V8 bindings code that tries to find its context should use BindingState functions rather than V8Proxy
        https://bugs.webkit.org/show_bug.cgi?id=93038

        Reviewed by Eric Seidel.

        After this patch, most code in the V8 bindings that tries to determine
        it's "context" goes through BindingState.h rather than V8Proxy. This
        patch is a step towards unifying all these code paths.

        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateNamedConstructorCallback):
        * bindings/v8/BindingState.cpp:
        (WebCore::currentFrame):
        (WebCore):
        * bindings/v8/BindingState.h:
        (WebCore):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::retrieveFrameForEnteredContext):
        (WebCore::ScriptController::retrieveFrameForCurrentContext):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::v8UncaughtExceptionHandler):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::reportUnsafeAccessTo):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/V8Utilities.cpp:
        (WebCore::getScriptExecutionContext):
        * bindings/v8/custom/V8AudioContextCustom.cpp:
        (WebCore::V8AudioContext::constructorCallback):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::handlePostMessageCallback):
        * bindings/v8/custom/V8HTMLDocumentCustom.cpp:
        (WebCore::V8HTMLDocument::writeCallback):
        (WebCore::V8HTMLDocument::writelnCallback):
        (WebCore::V8HTMLDocument::openCallback):
        * bindings/v8/custom/V8HTMLImageElementConstructor.cpp:
        (WebCore::v8HTMLImageElementConstructorCallback):

2012-08-02  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r124540.
        http://trac.webkit.org/changeset/124540
        https://bugs.webkit.org/show_bug.cgi?id=93055

        Broke compile on Chromium Win bot (Requested by dimich on
        #webkit).

        * Modules/indexeddb/IDBBackingStore.h:
        (IDBBackingStore):
        * Modules/indexeddb/IDBCallbacks.h:
        (IDBCallbacks):
        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
        (WebCore::IDBDatabaseBackendImpl::PendingOpenCall::PendingOpenCall):
        (WebCore::IDBDatabaseBackendImpl::IDBDatabaseBackendImpl):
        (WebCore::IDBDatabaseBackendImpl::openInternal):
        (WebCore::IDBDatabaseBackendImpl::metadata):
        (WebCore::IDBDatabaseBackendImpl::setVersion):
        (WebCore::IDBDatabaseBackendImpl::transactionFinished):
        (WebCore::IDBDatabaseBackendImpl::processPendingCalls):
        (WebCore::IDBDatabaseBackendImpl::registerFrontendCallbacks):
        (WebCore::IDBDatabaseBackendImpl::deleteDatabase):
        (WebCore::IDBDatabaseBackendImpl::close):
        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
        (IDBDatabaseBackendImpl):
        * Modules/indexeddb/IDBDatabaseCallbacks.h:
        (IDBDatabaseCallbacks):
        * Modules/indexeddb/IDBFactoryBackendImpl.cpp:
        (WebCore::IDBFactoryBackendImpl::open):
        * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
        (WebCore::IDBLevelDBBackingStore::getIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::createIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::deleteDatabase):
        * Modules/indexeddb/IDBLevelDBBackingStore.h:
        (IDBLevelDBBackingStore):
        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
        (WebCore::IDBTransactionBackendImpl::commit):

2012-08-02  Arvid Nilsson  <anilsson@rim.com>

        [BlackBerry] Upstream GraphicsLayerClient::contentsVisible()
        https://bugs.webkit.org/show_bug.cgi?id=93040

        Reviewed by George Staikos.

        Our LayerTiler uses both proactive and reactive rendering to populate
        tiles. If contentsVisible() is accurate, it will cause the right tiles
        to be rendered. Failing that, when a dirty tile is found to be visible
        on the compositing thread, a render job is scheduled.

        This is not currently testable using BlackBerry testing infrastructure.

        * platform/graphics/GraphicsLayerClient.h:
        (GraphicsLayerClient): New BlackBerry-specific method "contentsVisible" added.
        * rendering/RenderLayerBacking.cpp:
        (WebCore):
        (WebCore::RenderLayerBacking::contentsVisible): BlackBerry-specific implementation.

2012-08-02  Alexandre Elias  <aelias@google.com>

        [chromium] deviceViewportSize cleanup
        https://bugs.webkit.org/show_bug.cgi?id=92794

        Reviewed by Adrienne Walker.

        In the future, CSS layout size will become increasingly disassociated
        from physical device size, and it will become impossible to infer one
        from the other inside the compositor.  Therefore, this patch allows
        deviceViewportSize to be explicitly passed in by the outside client.

        I also renamed the existing viewportSize field to "layoutViewportSize"
        for clarity, and converted its uses to deviceViewportSize since
        that is more appropriate.

        I had to add some default-value scaffolding to WebLayerTreeView in
        order to avoid breaking ui/compositor.  We can delete it once that's
        updated.

        No new tests (covered by existing tests).

        * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
        (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
        (WebCore::CCLayerTreeHost::setViewportSize):
        (WebCore::CCLayerTreeHost::updateLayers):
        (WebCore::CCLayerTreeHost::setDeviceScaleFactor):
        * platform/graphics/chromium/cc/CCLayerTreeHost.h:
        (CCLayerTreeHost):
        (WebCore::CCLayerTreeHost::layoutViewportSize):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::canDraw):
        (WebCore::CCLayerTreeHostImpl::startPageScaleAnimation):
        (WebCore::CCLayerTreeHostImpl::setViewportSize):
        (WebCore::CCLayerTreeHostImpl::setDeviceScaleFactor):
        (WebCore::CCLayerTreeHostImpl::updateMaxScrollPosition):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (CCLayerTreeHostImpl):
        (WebCore::CCLayerTreeHostImpl::layoutViewportSize):

2012-08-02  Adam Barth  <abarth@webkit.org>

        V8Proxy::currentContext() doesn't do anything and should be removed
        https://bugs.webkit.org/show_bug.cgi?id=93041

        Reviewed by Eric Seidel.

        It's just a wrapper for GetCurrent().

        * bindings/v8/DateExtension.cpp:
        (WebCore::DateExtension::setAllowSleep):
        * bindings/v8/V8NPUtils.cpp:
        (WebCore::convertV8ObjectToNPVariant):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::retrieve):
        (WebCore::V8Proxy::mainWorldContext):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::getJSListenerFunctions):

2012-08-02  David Grogan  <dgrogan@chromium.org>

        IndexedDB: Core upgradeneeded logic
        https://bugs.webkit.org/show_bug.cgi?id=92558

        Reviewed by Ojan Vafai.

        This is the backend webkit logic needed for integer versions. The rest
        is in https://bugs.webkit.org/show_bug.cgi?id=89505.

        I tried to make use of the existing processPendingCalls and added two
        more queues, pendingOpenWithVersionCalls and
        pendingSecondHalfOpenWithVersionCalls. The "second half" refers to
        how there are two events that need to be fired in response to an
        open-with-version call. The "second half" queue holds the open
        requests that should immediately follow the caller's upgradeneeded
        handler.

        No new tests, there are so many they are in their own patch:
        https://bugs.webkit.org/show_bug.cgi?id=92560

        Though this patch doesn't change any expected behavior anyway, lack of
        regressions is what we're hoping for here.

        * Modules/indexeddb/IDBBackingStore.h:
        (IDBBackingStore):
        * Modules/indexeddb/IDBCallbacks.h:
        (WebCore::IDBCallbacks::onBlocked):
        (WebCore::IDBCallbacks::onUpgradeNeeded):
        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
        (IDBDatabaseBackendImpl::PendingOpenCall):
        (IDBDatabaseBackendImpl::PendingOpenWithVersionCall):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::create):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::callbacks):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::version):
        (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::PendingOpenWithVersionCall):
        (WebCore):
        (WebCore::IDBDatabaseBackendImpl::IDBDatabaseBackendImpl):
        (WebCore::IDBDatabaseBackendImpl::openInternal):
        (WebCore::IDBDatabaseBackendImpl::metadata):
        (WebCore::IDBDatabaseBackendImpl::setVersion):
        (WebCore::IDBDatabaseBackendImpl::setIntVersionInternal):
        (WebCore::IDBDatabaseBackendImpl::transactionFinished):
        (WebCore::IDBDatabaseBackendImpl::transactionFinishedAndEventsFired):
        When an upgradeneeded event is fired in response to an
        open-with-version call, the version change transaction must receive its
        complete event before processPendingCalls fires a success event at
        IDBOpenDBRequest. In the future this should probably be changed
        instead to transactionFinishedAndAbortFired and
        transactionFinishedAndCompleteFired so that we'll know to fire a
        success or error event at IDBOpenDBRequest. Currently, instead of
        firing error when there's an abort, we don't fire anything.

        (WebCore::IDBDatabaseBackendImpl::processPendingCalls):
        Now that this is called after a connection is opened, we unfortunately
        lose the invariant that there is only one existing connection when this
        is called, but nothing inside this function actually relied on that.
        Additionally, the secondHalfOpen calls only ever need to be serviced
        in one place: right after a version change transaction completes, so
        it could be moved out of here.

        (WebCore::IDBDatabaseBackendImpl::registerFrontendCallbacks):
        Now that setVersion and deleteDatabase calls are queued up behind
        secondHalfOpen calls, we have to service those queues when
        secondHalfOpen calls complete, which is here.  So call
        processPendingCalls().

        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
        (WebCore::IDBDatabaseBackendImpl::openConnectionWithVersion):
        (WebCore::IDBDatabaseBackendImpl::deleteDatabase):
        (WebCore::IDBDatabaseBackendImpl::close):
        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
        (IDBDatabaseBackendImpl):
        * Modules/indexeddb/IDBDatabaseCallbacks.h:
        (WebCore::IDBDatabaseCallbacks::onVersionChange):
        * Modules/indexeddb/IDBFactoryBackendImpl.cpp:
        (WebCore::IDBFactoryBackendImpl::open):
        This is refactored some so that the call to openConection{WithVersion}
        happens once, at the end.

        * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
        (WebCore::IDBLevelDBBackingStore::getIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::createIDBDatabaseMetaData):
        (WebCore::IDBLevelDBBackingStore::updateIDBDatabaseIntVersion):
        (WebCore):
        (WebCore::IDBLevelDBBackingStore::deleteDatabase):
        * Modules/indexeddb/IDBLevelDBBackingStore.h:
        (IDBLevelDBBackingStore):
        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
        (WebCore::IDBTransactionBackendImpl::commit):
        See above comments about transactionFinishedAndEventsFired. I tried
        moving the call to transactionFinished after the events were fired but
        that failed some asserts. But changing those asserts is still an
        alternative to splitting up transactionFinished as is done here.

2012-08-02  Rob Buis  <rwlbuis@webkit.org>

        SVG text selection doesn't work with hyperlinked text
        https://bugs.webkit.org/show_bug.cgi?id=29166

        Reviewed by Eric Seidel.

        Cleanup SVGAElement. There is no need to test for middle mouse button here, this
        is handled elsewhere, so remove isMiddleMouseButtonEvent. Similarly handleLinkClick
        is not used anymore by HTMLAnchorElement, remove it. Finally, _self indeed is not needed.

        No new tests, since no change in behaviour.

        * WebCore.order:
        * html/HTMLAnchorElement.cpp:
        * html/HTMLAnchorElement.h:
        (WebCore):
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::defaultEventHandler):

2012-08-02  Kwang Yul Seo  <skyul@company100.net>

        Move causesFosterParenting() to HTMLStackItem
        https://bugs.webkit.org/show_bug.cgi?id=93048

        Reviewed by Adam Barth.

        Changed to share causesFosterParenting() between HTMLTreeBuilder and HTMLConstructionSite
        by moving this function to HTMLStackItem.

        No functional change, so no new tests.

        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::shouldFosterParent):
        * html/parser/HTMLStackItem.h:
        (WebCore::HTMLStackItem::causesFosterParenting):
        (HTMLStackItem):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

2012-08-02  Kwang Yul Seo  <skyul@company100.net>

        Read tag names and attributes from the saved tokens in HTMLTreeBuilder::callTheAdoptionAgency(AtomicHTMLToken*)
        https://bugs.webkit.org/show_bug.cgi?id=93047

        Reviewed by Adam Barth.

        This is a follow-up patch for r123577.
        Changed to retrieve the stack item of commonAncestor and read the local name from the saved token.

        No new tests, covered by existing tests.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

2012-08-02  Vincent Scheib  <scheib@chromium.org>

        Remove old Pointer Lock API.
        https://bugs.webkit.org/show_bug.cgi?id=88892

        Reviewed by Adam Barth.

        Removing the old Pointer Lock API as one of the final cleanup
        changes for the Update to Fullscreen style locking Spec meta
        bug https://bugs.webkit.org/show_bug.cgi?id=84402.

        This change primarily removes idl, access in navigator,
        one event, and supporting infrastructure in page/PointerLock.

        In PointerLockController changes were already noted clearly with
        TODOs differentiating old and new api sections.

        Test: pointer-lock/pointerlockchange-event-on-lock-lost.html

        * WebCore.gypi:
        * dom/Element.cpp:
        (WebCore::Element::webkitRequestPointerLock):
        * dom/EventNames.h:
        (WebCore):
        * page/Navigator.cpp:
        * page/Navigator.h:
        (WebCore):
        (Navigator):
        * page/Navigator.idl:
        * page/PointerLock.cpp: Removed.
        * page/PointerLock.h: Removed.
        * page/PointerLock.idl: Removed.
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::requestPointerLock):
        (WebCore::PointerLockController::didAcquirePointerLock):
        (WebCore::PointerLockController::didNotAcquirePointerLock):
        (WebCore::PointerLockController::didLosePointerLock):
        * page/PointerLockController.h:
        (PointerLockController):

2012-08-02  Ryosuke Niwa  <rniwa@webkit.org>

        scripts in formaction should be stripped upon paste
        https://bugs.webkit.org/show_bug.cgi?id=92298

        Reviewed by Eric Seidel.

        Strip formaction attribute values when the URL is of javascript protocol.

        Test: editing/pasteboard/paste-noscript-xhtml.html
              editing/pasteboard/paste-noscript.html

        * dom/Element.cpp:
        (WebCore::isAttributeToRemove): Explicitly compare with href and nohref instead of comparing
        the ends of strings since comparing two AtomicString is much faster.

2012-08-02  Elliott Sprehn  <esprehn@gmail.com>

        Built in quotes don't use lang attribute
        https://bugs.webkit.org/show_bug.cgi?id=92918

        Reviewed by Alexey Proskuryakov.

        Previously even though there was a table in RenderQuote of languages mapped
        to quotes we always used basic quotes. This patch removes the broken tree
        walking and uses Element::computeInheritedLanguage fixing this.

        Tests: fast/css-generated-content/quotes-lang-expected.html
               fast/css-generated-content/quotes-lang.html
               fast/css-generated-content/quotes-xml-lang-expected.html
               fast/css-generated-content/quotes-xml-lang.html

        * rendering/RenderQuote.cpp:
        (WebCore::RenderQuote::originalText):
        (WebCore::RenderQuote::quotesData): New method that determines the right QuotesData to use.
        (WebCore):
        * rendering/RenderQuote.h:
        (RenderQuote):

2012-08-02  Adam Barth  <abarth@webkit.org>

        Add back a header I mistakenly removed in my previous commit.

        * WebCore.xcodeproj/project.pbxproj:

2012-08-02  Adrienne Walker  <enne@google.com>

        [chromium] Remove dependency on Scrollbar.h from ScrollbarLayerChromium
        https://bugs.webkit.org/show_bug.cgi?id=93024

        Reviewed by James Robinson.

        Change part enum from the Scrollbar version to WebScrollbar's.

        Tested by composited layout tests.

        * platform/graphics/chromium/ScrollbarLayerChromium.cpp:
        (WebCore::ScrollbarBackgroundPainter::create):
        (WebCore::ScrollbarBackgroundPainter::ScrollbarBackgroundPainter):
        (ScrollbarBackgroundPainter):
        (WebCore::ScrollbarLayerChromium::createTextureUpdaterIfNeeded):

2012-08-02  Adam Barth  <abarth@webkit.org>

        BindingSecurityBase serves no purpose and should be removed
        https://bugs.webkit.org/show_bug.cgi?id=93025

        Reviewed by Eric Seidel.

        Now that we don't use templates in the generic bindings, we can merge
        BindingSecurity and BindingSecurityBase. This patch also removes some
        functions that are no longer used (and reduces the number of
        #includes).

        No behavior change.

        * GNUmakefile.list.am:
        * WebCore.gypi:
        * bindings/generic/BindingSecurity.h:
        (WebCore):
        (BindingSecurity):
        * bindings/generic/BindingSecurityBase.cpp: Removed.
        * bindings/generic/BindingSecurityBase.h: Removed.
        * bindings/v8/V8Binding.h:
        * bindings/v8/V8Utilities.cpp:
        * bindings/v8/custom/V8MutationObserverCustom.cpp:

2012-08-02  Ryosuke Niwa  <rniwa@webkit.org>

        Let XCode have its own away and also sort the files.

        * WebCore.xcodeproj/project.pbxproj:

2012-08-02  Tien-Ren Chen  <trchen@chromium.org>

        [chromium] Add CCScrollbarAnimationController class for compositor scrollbar animation
        https://bugs.webkit.org/show_bug.cgi?id=91688

        Reviewed by Adrienne Walker.

        Add CCScrollbarAnimationController that serves as the middle man
        between the scrolling layer and scrollbar layer. Now all scroll offset
        information are pushed through the controller, and individual platform
        can provide specialized controller for extra processing.

        A basic fadeout controller for Android scrollbar is included.

        New test: ScrollbarLayerChromiumTest.scrollOffsetSynchronization
                  CCScrollbarAnimationControllerLinearFade.*

        * WebCore.gypi:
        * page/FrameView.cpp:
        (WebCore::FrameView::calculateScrollbarModesForLayout):
        * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
        (WebCore::createScrollbarLayer):
        * platform/graphics/chromium/TreeSynchronizer.cpp:
        (WebCore::TreeSynchronizer::synchronizeTreeRecursive):
        (WebCore::TreeSynchronizer::updateScrollbarLayerPointersRecursive):
        * platform/graphics/chromium/cc/CCLayerImpl.cpp:
        (WebCore::CCLayerImpl::scrollBy):
        (WebCore::CCLayerImpl::setMaxScrollPosition):
        (WebCore):
        (WebCore::CCLayerImpl::horizontalScrollbarLayer):
        (WebCore::CCLayerImpl::setHorizontalScrollbarLayer):
        (WebCore::CCLayerImpl::verticalScrollbarLayer):
        (WebCore::CCLayerImpl::setVerticalScrollbarLayer):
        * platform/graphics/chromium/cc/CCLayerImpl.h:
        (WebCore):
        (CCLayerImpl):
        (WebCore::CCLayerImpl::scrollbarAnimationController):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::animate):
        (WebCore::CCLayerTreeHostImpl::pinchGestureBegin):
        (WebCore::CCLayerTreeHostImpl::pinchGestureUpdate):
        (WebCore::CCLayerTreeHostImpl::pinchGestureEnd):
        (WebCore::CCLayerTreeHostImpl::animateScrollbars):
        (WebCore):
        (WebCore::CCLayerTreeHostImpl::animateScrollbarsRecursive):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (CCLayerTreeHostImpl):
        * platform/graphics/chromium/cc/CCScrollbarAnimationController.cpp: Added.
        (WebCore):
        (WebCore::CCScrollbarAnimationController::create):
        (WebCore::CCScrollbarAnimationController::CCScrollbarAnimationController):
        (WebCore::CCScrollbarAnimationController::~CCScrollbarAnimationController):
        (WebCore::CCScrollbarAnimationController::getScrollLayerBounds):
        (WebCore::CCScrollbarAnimationController::updateScrollOffset):
        * platform/graphics/chromium/cc/CCScrollbarAnimationController.h: Added.
        (WebCore):
        (CCScrollbarAnimationController):
        (WebCore::CCScrollbarAnimationController::animate):
        (WebCore::CCScrollbarAnimationController::didPinchGestureBegin):
        (WebCore::CCScrollbarAnimationController::didPinchGestureUpdate):
        (WebCore::CCScrollbarAnimationController::didPinchGestureEnd):
        (WebCore::CCScrollbarAnimationController::setHorizontalScrollbarLayer):
        (WebCore::CCScrollbarAnimationController::horizontalScrollbarLayer):
        (WebCore::CCScrollbarAnimationController::setVerticalScrollbarLayer):
        (WebCore::CCScrollbarAnimationController::verticalScrollbarLayer):
        * platform/graphics/chromium/cc/CCScrollbarAnimationControllerAndroid.cpp: Added.
        (WebCore):
        (WebCore::CCScrollbarAnimationController::create):
        (WebCore::CCScrollbarAnimationControllerAndroid::CCScrollbarAnimationControllerAndroid):
        (WebCore::CCScrollbarAnimationControllerAndroid::~CCScrollbarAnimationControllerAndroid):
        (WebCore::CCScrollbarAnimationControllerAndroid::animate):
        (WebCore::CCScrollbarAnimationControllerAndroid::didPinchGestureUpdate):
        (WebCore::CCScrollbarAnimationControllerAndroid::didPinchGestureEnd):
        (WebCore::CCScrollbarAnimationControllerAndroid::updateScrollOffset):
        (WebCore::CCScrollbarAnimationControllerAndroid::opacityAtTime):
        * platform/graphics/chromium/cc/CCScrollbarAnimationControllerAndroid.h: Added.
        (WebCore):
        (CCScrollbarAnimationControllerAndroid):
        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp:
        (WebCore::CCScrollbarLayerImpl::CCScrollbarLayerImpl):
        (WebCore):
        (WebCore::CCScrollbarLayerImpl::CCScrollbar::value):
        (WebCore::CCScrollbarLayerImpl::CCScrollbar::currentPos):
        (WebCore::CCScrollbarLayerImpl::CCScrollbar::totalSize):
        (WebCore::CCScrollbarLayerImpl::CCScrollbar::maximum):
        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.h:
        (WebCore::CCScrollbarLayerImpl::orientation):
        (WebCore::CCScrollbarLayerImpl::setCurrentPos):
        (WebCore::CCScrollbarLayerImpl::setTotalSize):
        (WebCore::CCScrollbarLayerImpl::setMaximum):
        (CCScrollbarLayerImpl):

2012-06-15  David Barton  <dbarton@mathscribe.com>

        MathML: nested square root symbols have varying descenders
        https://bugs.webkit.org/show_bug.cgi?id=43819

        Reviewed by Eric Seidel.

        This bug stems from the use of offsetHeight() on a renderer that's possibly a
        RenderInline, in getBoxModelObjectHeight() in RenderMathMLBlock.h.
        RenderInline::offsetHeight() actually returns linesBoundingBox().height(), which can be
        overly large, especially for the big STIX fonts that include a few mathematical symbols
        with unusually tall ascenders or descenders. A better solution for MathML in general is
        the CSS properties { -webkit-line-box-contain: glyphs replaced; line-height: 0; }. This
        gives tight glyph-based formatting in radical expressions, subscripts, superscripts,
        underscripts, overscripts, numerators, denominators, etc. To make this work, inline
        elements such as <mn> and <mi> must be wrapped inside implicit <mrow>s or just
        RenderMathMLBlocks, when a tight height is desired. We also replace
        getBoxModelObjectWidth(), which uses offsetWidth(), with contentLogicalWidth(). Finally,
        we enable the STIXGeneral font for use inside layout tests.

        Tested by existing LayoutTests/mathml/presentation/ files including roots.xhtml.

        * css/mathml.css:
        (math):
        (mtext):
        (mroot > * + *):
        (mtd):
        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::RenderMathMLBlock::preferredLogicalHeightAfterSizing):
        (WebCore::RenderMathMLBlock::baselinePosition):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::baselinePosition):
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::createStackableStyle):
        (WebCore::RenderMathMLOperator::baselinePosition):
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::addChild):
        (WebCore::RenderMathMLRoot::computePreferredLogicalWidths):
        (WebCore::RenderMathMLRoot::paint):
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/mathml/RenderMathMLSquareRoot.cpp:
        * rendering/mathml/RenderMathMLSquareRoot.h:
        * rendering/mathml/RenderMathMLSubSup.cpp:
        (WebCore::RenderMathMLSubSup::layout):
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::baselinePosition):
        * rendering/mathml/RenderMathMLUnderOver.h:

2012-08-02  Adrienne Walker  <enne@google.com>

        [chromium] Make CCScrollbarLayerImpl handle lost contexts properly
        https://bugs.webkit.org/show_bug.cgi?id=93021

        Reviewed by James Robinson.

        The resource ids that CCScrollbarLayerImpl holds onto need to be
        discarded during a lost context as the resource provider they came
        from is also destroyed.

        Make a scrollbarGeometry function that wraps all uses of the
        m_geometry member to make it possible to test CCScrollbarLayerImpl
        without depending on WebCore.

        Test: CCLayerTreeHostImplTest.dontUseOldResourcesAfterLostContext

        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp:
        (WebCore::CCScrollbarLayerImpl::scrollbarGeometry):
        (WebCore):
        (WebCore::CCScrollbarLayerImpl::appendQuads):
        (WebCore::CCScrollbarLayerImpl::didLoseContext):
        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.h:
        (CCScrollbarLayerImpl):

2012-08-02  Oliver Hunt  <oliver@apple.com>

        A few objects aren't being safely protected from GC in all cases
        https://bugs.webkit.org/show_bug.cgi?id=93031

        Reviewed by Filip Pizlo.

        I haven't seen evidence that anyone is hitting bugs due to this, but any
        GC error can lead to later -- hard to diagnose -- bugs if they result in
        resurrecting dead objects.

        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::create):
        (WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSCustomXPathNSResolver.h:
        (JSCustomXPathNSResolver):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::tryGetProperty):
        * bindings/js/JSDictionary.h:
        (WebCore::JSDictionary::JSDictionary):
        (WebCore::JSDictionary::initializerObject):

2012-08-02  Emil A Eklund  <eae@chromium.org>

        Range::isPointInRange incorrectly throws WRONG_DOCUMENT_ERR
        https://bugs.webkit.org/show_bug.cgi?id=93009

        Reviewed by Ojan Vafai.

        The latest working draft of the DOM4 spec has all but killed the
        WRONG_DOCUMENT_ERR exception. Update isPointInRange to return false
        instead of throwing an exception when the range and point are in
        different documents. This matches the Mozilla behavior.

        Test: fast/html/range-point-in-range-for-different-documents.html

        * dom/Range.cpp:
        (WebCore::Range::isPointInRange):
        Return false instead of throwing WRONG_DOCUMENT_ERR when the point is in
        a different document.

2012-08-02  Erik Arvidsson  <arv@chromium.org>

        DOM4: className should be defined on Element and not on HTMLElement
        https://bugs.webkit.org/show_bug.cgi?id=93014

        Reviewed by Adam Barth.

        DOM4 specs that Element should have the className WebIDL attribute. This moves the
        attribute to the correct IDL file.

        Test: fast/dom/Element/class-name.html

        * dom/Element.idl:
        * html/HTMLElement.idl:

2012-08-02  Erik Arvidsson  <arv@chromium.org>

        [V8] Handle case where Error.prototype returns an empty object
        https://bugs.webkit.org/show_bug.cgi?id=91792

        Reviewed by Kentaro Hara.

        In some edge cases we get an empty object back from Error.prototype.

        No new tests. I cannot reproduce this.

        * bindings/v8/V8BindingPerContextData.cpp:
        (WebCore::V8BindingPerContextData::constructorForTypeSlowCase):

2012-08-02  Eric Seidel  <eric@webkit.org>

        Add back ASSERT(!needsLayout) to RenderTableSection which is now valid
        https://bugs.webkit.org/show_bug.cgi?id=92954

        Unreviewed, follow-up per Mitz's request.

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paint):

2012-08-02  James Robinson  <jamesr@chromium.org>

        [chromium] Remove unused includes from compositor code
        https://bugs.webkit.org/show_bug.cgi?id=92930

        Reviewed by Adrienne Walker.

        * platform/graphics/chromium/BitmapCanvasLayerTextureUpdater.cpp:
        * platform/graphics/chromium/ScrollbarLayerChromium.cpp:
        * platform/graphics/chromium/cc/CCScrollbarLayerImpl.h:

2012-08-02  Adam Barth  <abarth@webkit.org>

        The generic bindings shouldn't use templates
        https://bugs.webkit.org/show_bug.cgi?id=93016

        Reviewed by Eric Seidel.

        We originally created the generic bindings to share code between the
        JavaScriptCore and V8 bindings. However, the code came out sort of ugly
        because we used templates (with the idea that templates would let us
        use more than one scripting engine).

        This patch rips out the templates in an attempt to make the code
        prettier and therefore easier to use in both V8 and JSC. I've tried to
        keep this patch small by remaning things mostly in place. In the next
        patch, I'll move a bunch of code out of headers and into cpp files.

        No behavior change.

        * GNUmakefile.am:
        * UseV8.cmake:
        * WebCore.gyp/WebCore.gyp:
        * WebCore.gypi:
        * WebCore.pri:
        * bindings/generic/BindingSecurity.h:
        (WebCore):
        (BindingSecurity):
        (WebCore::BindingSecurity::canAccessWindow):
        (WebCore::BindingSecurity::canAccessFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToNode):
        (WebCore::BindingSecurity::allowPopUp):
        (WebCore::BindingSecurity::allowSettingFrameSrcToJavascriptUrl):
        (WebCore::BindingSecurity::allowSettingSrcToJavascriptURL):
        * bindings/generic/GenericBinding.h:
        (WebCore::completeURL):
        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateDomainSafeFunctionGetter):
        (GenerateNormalAttrGetter):
        (GenerateReplaceableAttrSetter):
        (GenerateFunctionCallback):
        (GenerateImplementation):
        * bindings/scripts/test/V8/V8Float64Array.cpp:
        * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
        (WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback):
        (WebCore::TestActiveDOMObjectV8Internal::postMessageAttrGetter):
        * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
        * bindings/scripts/test/V8/V8TestEventConstructor.cpp:
        * bindings/scripts/test/V8/V8TestEventTarget.cpp:
        * bindings/scripts/test/V8/V8TestException.cpp:
        * bindings/scripts/test/V8/V8TestInterface.cpp:
        * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        * bindings/scripts/test/V8/V8TestNode.cpp:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjV8Internal::contentDocumentAttrGetter):
        (WebCore::TestObjV8Internal::getSVGDocumentCallback):
        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
        * bindings/v8/BindingState.cpp: Renamed from Source/WebCore/bindings/v8/specialization/V8BindingState.cpp.
        (WebCore):
        (WebCore::BindingState::instance):
        (WebCore::activeWindow):
        (WebCore::firstWindow):
        (WebCore::activeFrame):
        (WebCore::firstFrame):
        (WebCore::immediatelyReportUnsafeAccessTo):
        * bindings/v8/BindingState.h: Renamed from Source/WebCore/bindings/v8/specialization/V8BindingState.h.
        (WebCore):
        (BindingState):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::canAccessFromCurrentOrigin):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8DOMWindowShell.cpp:
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Utilities.cpp:
        (WebCore::callingOrEnteredFrame):
        (WebCore::completeURL):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::WindowSetTimeoutImpl):
        (WebCore::V8DOMWindow::eventAccessorGetter):
        (WebCore::V8DOMWindow::eventAccessorSetter):
        (WebCore::V8DOMWindow::locationAccessorSetter):
        (WebCore::V8DOMWindow::openerAccessorSetter):
        (WebCore::V8DOMWindow::addEventListenerCallback):
        (WebCore::V8DOMWindow::removeEventListenerCallback):
        (WebCore::V8DOMWindow::showModalDialogCallback):
        (WebCore::V8DOMWindow::openCallback):
        (WebCore::V8DOMWindow::namedSecurityCheck):
        (WebCore::V8DOMWindow::indexedSecurityCheck):
        * bindings/v8/custom/V8DocumentLocationCustom.cpp:
        (WebCore::V8Document::locationAccessorSetter):
        * bindings/v8/custom/V8EntryCustom.cpp:
        * bindings/v8/custom/V8EntrySyncCustom.cpp:
        * bindings/v8/custom/V8HTMLFrameElementCustom.cpp:
        (WebCore::V8HTMLFrameElement::locationAccessorSetter):
        * bindings/v8/custom/V8HistoryCustom.cpp:
        (WebCore::V8History::indexedSecurityCheck):
        (WebCore::V8History::namedSecurityCheck):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        * bindings/v8/custom/V8InjectedScriptManager.cpp:
        (WebCore::InjectedScriptManager::canAccessInspectedWindow):
        * bindings/v8/custom/V8LocationCustom.cpp:
        (WebCore::V8Location::hashAccessorSetter):
        (WebCore::V8Location::hostAccessorSetter):
        (WebCore::V8Location::hostnameAccessorSetter):
        (WebCore::V8Location::hrefAccessorSetter):
        (WebCore::V8Location::pathnameAccessorSetter):
        (WebCore::V8Location::portAccessorSetter):
        (WebCore::V8Location::protocolAccessorSetter):
        (WebCore::V8Location::searchAccessorSetter):
        (WebCore::V8Location::reloadAccessorGetter):
        (WebCore::V8Location::replaceAccessorGetter):
        (WebCore::V8Location::assignAccessorGetter):
        (WebCore::V8Location::reloadCallback):
        (WebCore::V8Location::replaceCallback):
        (WebCore::V8Location::assignCallback):
        (WebCore::V8Location::toStringCallback):
        (WebCore::V8Location::indexedSecurityCheck):
        (WebCore::V8Location::namedSecurityCheck):
        * bindings/v8/custom/V8NamedNodeMapCustom.cpp:
        * bindings/v8/custom/V8NodeCustom.cpp:

2012-08-02  Abhishek Arya  <inferno@chromium.org>

        No isChildAllowed checked when adding RenderFullScreen as the child..
        https://bugs.webkit.org/show_bug.cgi?id=92995

        Reviewed by Eric Seidel.

        Test: fullscreen/fullscreen-child-not-allowed-crash.html

        * dom/Document.cpp:
        (WebCore::Document::webkitWillEnterFullScreenForElement): pass the object's parent
        pointer as an additional argument.
        * dom/NodeRenderingContext.cpp:
        (WebCore::NodeRendererFactory::createRendererIfNeeded): pass the to be parent |parentRenderer|
        as the argument. 
        * rendering/RenderFullScreen.cpp:
        (RenderFullScreen::wrapRenderer): make sure that parent allows RenderFullScreen as the child.
        * rendering/RenderFullScreen.h: 
        (RenderFullScreen): support the object's parent
        pointer as an additional argument.

2012-08-01  James Robinson  <jamesr@chromium.org>

        [chromium] Wrap shared context getters in WebKit API and avoid WebCore::GraphicsContext3D use in compositor internals
        https://bugs.webkit.org/show_bug.cgi?id=92917

        Reviewed by Adrienne Walker.

        This uses Platform API wrappers to access the shared WebGraphicsContext3D / Ganesh contexts from the compositor
        to evaluate accelerated filters or do accelerated painting.

        Filters changes covered by css3/filters/*-hw.html layout tests.

        * WebCore.gypi:
        * platform/chromium/support/WebSharedGraphicsContext3D.cpp:
        (WebKit):
        (WebKit::WebSharedGraphicsContext3D::mainThreadContext):
        (WebKit::WebSharedGraphicsContext3D::mainThreadGrContext):
        (WebKit::WebSharedGraphicsContext3D::compositorThreadContext):
        (WebKit::WebSharedGraphicsContext3D::compositorThreadGrContext):
        (WebKit::WebSharedGraphicsContext3D::haveCompositorThreadContext):
        (WebKit::WebSharedGraphicsContext3D::createCompositorThreadContext):
        * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.cpp:
        (WebCore::createAcceleratedCanvas):
        (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::Texture::updateRect):
        (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::updateTextureRect):
        * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.h:
        (WebKit):
        (FrameBufferSkPictureCanvasLayerTextureUpdater):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::applyFilters):
        * platform/graphics/chromium/cc/CCRenderSurfaceFilters.cpp:
        (WebCore::CCRenderSurfaceFilters::apply):
        * platform/graphics/chromium/cc/CCRenderSurfaceFilters.h:
        (WebKit):
        (CCRenderSurfaceFilters):

2012-08-02  Beth Dakin  <bdakin@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=93020
        REGRESSION (tiled scrolling): Full-screen video is broken if page is 
        scrolled
        -and corresponding-
        <rdar://problem/11629778>

        Reviewed by Anders Carlsson.

        The bug here is that ScrollingTreeNodeMac::setScrollLayerPosition() 
        uses the CALayer (PlatformLayer) directly to set the position. That 
        means that the GraphicsLayer that owns that PlatformLayer does not 
        have updated position information. That results in this bug when we 
        switch from fast scrolling to main thread scrolling, because at that 
        point, the GraphicsLayer needs to have the correct information. So 
        make sure to update the main thread scroll position and layer 
        position before transitioning to main thread scrolling.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):

2012-08-02  Addy Osmani  <addyo@chromium.org>

        Web Inspector: Rename 'User agent' to 'Overrides' in settings screen
        https://bugs.webkit.org/show_bug.cgi?id=92990

        Reviewed by Pavel Feldman.

        Simple setting rename of User agent -> Overrides

        * English.lproj/localizedStrings.js:
        * inspector/front-end/SettingsScreen.js:

2012-08-02  Philip Rogers  <pdr@google.com>

        Do not dispatch modification events in SVG attribute synchronization
        https://bugs.webkit.org/show_bug.cgi?id=92604

        Reviewed by Ryosuke Niwa.

        Previously, calling hasAttribute() during layout could hit a
        layout-during-layout bug because calling hasAttribute() could dispatch a 
        subtree modification event which could synchronously force a layout. hasAttribute()
        exhibits this behavior because property synchronization is done lazily.

        This patch skips dispatching subtree modification events during attribute
        synchronization.

        Additionally, this patch contains a refactoring of lazy attribute setting. We
        now have a single place where lazy attributes are set (setSynchronizedLazyAttribute)
        and lazy attribute flags have been moved to just Element and ElementAttributeData.

        Test: svg/custom/path-domsubtreemodified-crash.html

        * dom/Element.cpp:
        (WebCore::Element::setAttribute):
        (WebCore::Element::setSynchronizedLazyAttribute):
        (WebCore):
        (WebCore::Element::setAttributeInternal):
        * dom/Element.h:
        (Element):
        * dom/ElementAttributeData.cpp:
        (WebCore::ElementAttributeData::addAttribute):
        (WebCore::ElementAttributeData::removeAttribute):
        * dom/ElementAttributeData.h:
        (ElementAttributeData):
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::updateStyleAttribute):
        * svg/properties/SVGAnimatedPropertyMacros.h:
        (WebCore::SVGSynchronizableAnimatedProperty::synchronize):

2012-08-02  Konrad Piascik  <kpiascik@rim.com>

        Web Inspector: Override the DeviceOrientation
        https://bugs.webkit.org/show_bug.cgi?id=91008

        Reviewed by Pavel Feldman.

        Re-added the m_page member variable to DeviceOrientationController and
        added InspectorInstrumentation to see if the DeviceOrientationData
        should be overridden or not.

        Added UI to the web inspector front-end to allow users to override the
        device orientation.  This is currently hidden behind an experiment.

        Test: inspector/device-orientation-success.html

        * English.lproj/localizedStrings.js:
        * dom/DeviceOrientationController.cpp:
        (WebCore::DeviceOrientationController::DeviceOrientationController):
        (WebCore::DeviceOrientationController::create):
        (WebCore::DeviceOrientationController::didChangeDeviceOrientation):
        (WebCore::provideDeviceOrientationTo):
        * dom/DeviceOrientationController.h:
        (DeviceOrientationController):
        * inspector/Inspector.json:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore):
        (WebCore::InspectorInstrumentation::overrideDeviceOrientationImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore):
        (InspectorInstrumentation):
        (WebCore::InspectorInstrumentation::overrideDeviceOrientation):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::setDeviceOrientationOverride):
        (WebCore):
        (WebCore::InspectorPageAgent::clearDeviceOrientationOverride):
        (WebCore::InspectorPageAgent::canOverrideDeviceOrientation):
        (WebCore::InspectorPageAgent::overrideDeviceOrientation):
        * inspector/InspectorPageAgent.h:
        * inspector/front-end/Settings.js:
        (WebInspector.ExperimentsSettings):
        * inspector/front-end/SettingsScreen.js:
        (WebInspector.UserAgentSettingsTab):
        (WebInspector.UserAgentSettingsTab.prototype._createInput):
        (WebInspector.UserAgentSettingsTab.prototype._createDeviceMetricsElement):
        (WebInspector.UserAgentSettingsTab.prototype._createGeolocationOverrideElement):
        (WebInspector.UserAgentSettingsTab.prototype._onDeviceOrientationOverrideCheckboxClicked):
        (WebInspector.UserAgentSettingsTab.prototype._applyDeviceOrientationUserInput):
        (WebInspector.UserAgentSettingsTab.prototype._setDeviceOrientation.set if):
        (WebInspector.UserAgentSettingsTab.prototype._setDeviceOrientation):
        (WebInspector.UserAgentSettingsTab.prototype._createDeviceOrientationOverrideElement):
        * inspector/front-end/UserAgentSupport.js:
        (WebInspector.UserAgentSupport.DeviceOrientation):
        (WebInspector.UserAgentSupport.DeviceOrientation.prototype.toSetting):
        (WebInspector.UserAgentSupport.DeviceOrientation.parseSetting):
        (WebInspector.UserAgentSupport.DeviceOrientation.parseUserInput):
        (WebInspector.UserAgentSupport.DeviceOrientation.clearDeviceOrientationOverride):
        * inspector/front-end/inspector.js:
        (WebInspector.doLoadedDone):

2012-08-02  Arnaud Renevier  <a.renevier@sisa.samsung.com>

        TypedArray set method is slow when called with another typed array
        https://bugs.webkit.org/show_bug.cgi?id=92556

        Reviewed by Kenneth Russell.

        When setting multiples values to a typed array from an array like
        element, try to determine if the argument is a typed array. If so,
        cast the argument to a typed array, and read each element with .item()
        method. That avoid reading the value as a JSValue, and speedups set
        method by approximatively 10x.

        Introduce setWebGLArrayWithTypedArrayArgument template function which
        checks if argument is a typed array. If so, it copies the data to
        target typed array and returns true. Otherwise, it returns false.

        Introduce copyTypedArrayBuffer template function which copies data
        from a typed array to another one. This function is also used from
        constructArrayBufferViewWithTypedArrayArgument.

        * bindings/js/JSArrayBufferViewHelper.h:
        (WebCore):
        (WebCore::copyTypedArrayBuffer):
        (WebCore::setWebGLArrayWithTypedArrayArgument):
        (WebCore::setWebGLArrayHelper):
        (WebCore::constructArrayBufferViewWithTypedArrayArgument):
        * bindings/js/JSFloat32ArrayCustom.cpp:
        (WebCore::JSFloat32Array::set):
        * bindings/js/JSFloat64ArrayCustom.cpp:
        (WebCore::JSFloat64Array::set):
        * bindings/js/JSInt16ArrayCustom.cpp:
        (WebCore::JSInt16Array::set):
        * bindings/js/JSInt32ArrayCustom.cpp:
        (WebCore::JSInt32Array::set):
        * bindings/js/JSInt8ArrayCustom.cpp:
        (WebCore::JSInt8Array::set):
        * bindings/js/JSUint16ArrayCustom.cpp:
        (WebCore::JSUint16Array::set):
        * bindings/js/JSUint32ArrayCustom.cpp:
        (WebCore::JSUint32Array::set):
        * bindings/js/JSUint8ArrayCustom.cpp:
        (WebCore::JSUint8Array::set):
        * bindings/js/JSUint8ClampedArrayCustom.cpp:
        (WebCore::JSUint8ClampedArray::set):

2012-08-02  Chris Fleizach  <cfleizach@apple.com>

        AXEnabled = false for AXIncrementors inside text fields
        https://bugs.webkit.org/show_bug.cgi?id=93008

        Reviewed by Anders Carlsson.

        Mock objects should return "enabled" by default, since they are valid objects.

        * accessibility/AccessibilityMockObject.h:
        (WebCore::AccessibilityMockObject::isEnabled):
        (AccessibilityMockObject):

2012-08-02  Eric Seidel  <eric@webkit.org>

        Add back ASSERT(!needsLayout) to RenderTableSection which is now valid
        https://bugs.webkit.org/show_bug.cgi?id=92954

        Reviewed by Julien Chaffraix.

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::paint):

2012-08-02  Kevin Ellis  <kevers@chromium.org>

        Month-year selector on calendar picker should be touch friendly.
        https://bugs.webkit.org/show_bug.cgi?id=92678

        Reviewed by Kent Tamura.

        Previously the month-year popup menu was implemented using a listbox,
        which does not support CSS customization.  Entries in the listbox
        were too shallow to reliably target with touch gestures.  The
        replacement popup is CSS configurable with larger entries on devices
        that support touch input.

        Manually tested with and without touch support in English, Japanese
        and Arabic.

        * Resources/calendarPicker.css:
        (.month-selector-popup): Update to use scrollable div instead of listbox.
        (.month-selector-popup-contents): Render popup as a table within a scrollable div.
        (.month-selector-popup-entry): Formatting entries in the month-year popup.
        (.selected-month-year): Highlight the selected month-year.
        (@media (pointer:coarse)): Enlarge entries in the popup meu on devices that support touch.
        * Resources/calendarPicker.js:
        (YearMonthController.prototype.attachTo): Change selector popup from a list-box to a div.
        (YearMonthController.prototype._redraw): Populate table based popup rather than listbox.
        (YearMonthController.prototype._showPopup): Set scroll position and resize for scrollbar.
        (YearMonthController.prototype._closePopup): Restore focus to the calendar.
        (YearMonthController.prototype._getSelection): Added to retrieve the selected month-year.
        (YearMonthController.prototype._handleMouseMove): Added to update selected month-year on hover.
        (YearMonthController.prototype._handleMonthPopupKey): Add keyboard navigation.
        (YearMonthController.prototype._handleYearMonthChange): Retrieve value from selected month-year.

2012-08-02  Vsevolod Vlasov  <vsevik@chromium.org>

        Web Inspector: [Regression] context menu does not open on Sources panel tabs on mac
        https://bugs.webkit.org/show_bug.cgi?id=93000

        Reviewed by Pavel Feldman.

        * inspector/front-end/UIUtils.js:
        (WebInspector._elementDragStart):

2012-08-02  Kwang Yul Seo  <skyul@company100.net>

        Check if the last table element's parent node is an element when determining the foster parent element.
        https://bugs.webkit.org/show_bug.cgi?id=92977

        Reviewed by Adam Barth.

        According to the HTML5 spec, if the last table element in the stack of open elements has no parent,
        or ITS PARENT NODE IS NOT AN ELEMENT, then the foster parent element is the element
        before the last table element in the stack of open elements.

        Changed to check if the table element's parent node is an element.

        Test: fast/parser/foster-parent.html

        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::findFosterSite):

2012-08-02  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] Use GST_DEBUG instead of LOG_VERBOSE
        https://bugs.webkit.org/show_bug.cgi?id=89350

        Reviewed by Martin Robinson.

        Wrap the media player's logging calls to a new macro that also
        hooks into GStreamer's logging facilities. This way the developer
        gets the best of both worlds, leaving the choice between GST_DEBUG
        and WEBKIT_DEBUG environment variables.

        * platform/graphics/gstreamer/GStreamerUtilities.h:
        (WebCore):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::initializeGStreamerAndRegisterWebKitElements):
        (WebCore::MediaPlayerPrivateGStreamer::load):
        (WebCore::MediaPlayerPrivateGStreamer::commitLoad):
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
        (WebCore::MediaPlayerPrivateGStreamer::play):
        (WebCore::MediaPlayerPrivateGStreamer::pause):
        (WebCore::MediaPlayerPrivateGStreamer::duration):
        (WebCore::MediaPlayerPrivateGStreamer::seek):
        (WebCore::MediaPlayerPrivateGStreamer::naturalSize):
        (WebCore::MediaPlayerPrivateGStreamer::setRate):
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
        (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable):
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded):
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress):

2012-08-02  Antti Koivisto  <antti@apple.com>

        Inline stylesheets can confuse style sharing
        https://bugs.webkit.org/show_bug.cgi?id=92970

        Reviewed by Dan Bernstein.

        Consider document 
        
        <div class="i30"></div>
        <style>.i30 { background-color:green; }</style>
        <div class="i30"></div>
        
        When processing the <style> element the scope optimization marks the first div as needing style recalc. 
        Next the parser adds the second div to the tree and immediately calculates its style. Since it looks exactly 
        like the first div the style sharing optimization copies the style from there. The pending recalc of the
        first div is resolved by a timer but the second div is left with the old style.
        
        Fix by disallowing style sharing from elements with pending style recalc.

        Test: fast/css/style-sharing-inline-stylesheet.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::canShareStyleWithElement):

2012-08-02  Tommy Widenflycht  <tommyw@google.com>

        MediaStream API: Add RTCPeerConnectionHandler infrastructure
        https://bugs.webkit.org/show_bug.cgi?id=92866

        Reviewed by Adam Barth.

        Introducing RTCPeerConnectionHandler & RTCPeerConnectionHandlerClient,
        together with the Chromium WebKit interface, following the pattern of
        the previous PeerConnection00Handler but with the optimizations from MediaStreamCenter.

        Not yet testable due to not enough code landed.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        * Modules/mediastream/RTCPeerConnection.h:
        (RTCPeerConnection):
        * WebCore.gypi:
        * platform/mediastream/RTCPeerConnectionHandler.cpp: Added.
        (WebCore):
        (RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandler::create):
        (WebCore::RTCPeerConnectionHandlerDummy::RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandlerDummy::~RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandlerDummy::initialize):
        * platform/mediastream/RTCPeerConnectionHandler.h: Copied from Source/WebCore/Modules/mediastream/RTCPeerConnection.h.
        (WebCore):
        (RTCPeerConnectionHandler):
        (WebCore::RTCPeerConnectionHandler::~RTCPeerConnectionHandler):
        (WebCore::RTCPeerConnectionHandler::RTCPeerConnectionHandler):
        * platform/mediastream/RTCPeerConnectionHandlerClient.h: Copied from Source/WebCore/Modules/mediastream/RTCPeerConnection.h.
        (WebCore):
        (RTCPeerConnectionHandlerClient):
        (WebCore::RTCPeerConnectionHandlerClient::~RTCPeerConnectionHandlerClient):
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.cpp: Added.
        (WebCore):
        (WebCore::RTCPeerConnectionHandler::create):
        (WebCore::RTCPeerConnectionHandlerChromium::RTCPeerConnectionHandlerChromium):
        (WebCore::RTCPeerConnectionHandlerChromium::~RTCPeerConnectionHandlerChromium):
        (WebCore::RTCPeerConnectionHandlerChromium::initialize):
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.h: Added.
        (WebCore):
        (RTCPeerConnectionHandlerChromium):

2012-08-02  Kent Tamura  <tkent@chromium.org>

        Move number localization code in LocaleICU.cpp to new class
        https://bugs.webkit.org/show_bug.cgi?id=92976

        Reviewed by Kentaro Hara.

        The number localization code by character mapping is usefull for non-ICU
        platforms.

        No new tests. This is just a refactoring, and is covered by
        Source/WebKit/chromium/tests/LocalizedNumberICUTest.cpp.

        * WebCore.gypi: Add NumberLocalizer.{cpp,h}.
        * platform/text/LocaleICU.cpp:
        (WebCore::LocaleICU::decimalSymbol):
        Renamed from setDecimalSymbol. This function returns the resultant
        string instead of setting it to a data member.
        (WebCore::LocaleICU::decimalTextAttribute):
        Renamed from setDecimalTextAttributel. This function returns the
        resultant string instead of setting it to the specified string.
        (WebCore::LocaleICU::initializeNumberLocalizerData):
        Renamed from initializeDecimalFormat.
        Calls NumberLocaizer::setNumberLocalizerData.
        (WebCore::LocaleICU::localizedDecimalSeparator):
        Rename initializeDecimalFormat to initializeNumberLocalizerData.
        * platform/text/LocaleICU.h:
        (LocaleICU): Remove some members, and inherit NumberLocalizer.
        * platform/text/NumberLocalizer.cpp: Added. Move the code from LocaleICU.cpp
        (WebCore):
        (WebCore::NumberLocalizer::~NumberLocalizer):
        (WebCore::NumberLocalizer::setNumberLocalizerData): Added.
        (WebCore::NumberLocalizer::convertToLocalizedNumber):
        (WebCore::matches):
        (WebCore::NumberLocalizer::detectSignAndGetDigitRange):
        (WebCore::NumberLocalizer::matchedDecimalSymbolIndex):
        (WebCore::NumberLocalizer::convertFromLocalizedNumber):
        (WebCore::NumberLocalizer::localizedDecimalSeparator):
        * platform/text/NumberLocalizer.h: Added.
        (NumberLocalizer):
        (WebCore::NumberLocalizer::NumberLocalizer):

2012-08-02  Alexander Pavlov  <apavlov@chromium.org>

        Web Inspector: Move DOM breakpoints-related context menu items into a submenu
        https://bugs.webkit.org/show_bug.cgi?id=92989

        Reviewed by Vsevolod Vlasov.

        A "Break on..." submenu is added to the element context menu, to host all DOM breakpoint items.

        * English.lproj/localizedStrings.js:
        * inspector/front-end/DOMBreakpointsSidebarPane.js:
        (WebInspector.DOMBreakpointsSidebarPane):
        (WebInspector.DOMBreakpointsSidebarPane.prototype.populateNodeContextMenu):

2012-08-02  Dominik Röttsches  <dominik.rottsches@intel.com>

        [Cairo] Add complex font drawing using HarfbuzzNG
        https://bugs.webkit.org/show_bug.cgi?id=91864

        Reviewed by Martin Robinson.

        Unfortunately the Freetype based approach that avoids allocations and UTF8 conversion
        fails to produce correct results for some tests.

        No new tests, at least
          fast/dom/52776.html
          fast/text/atsui-negative-spacing-features.html
          fast/text/atsui-spacing-features.html
        expose this problem.

        * platform/graphics/harfbuzz/ng/HarfBuzzNGFaceCairo.cpp:
        (WebCore::harfbuzzGetGlyph): Revert to initial cairo_scaled_font based approach.

2012-08-02  Eugene Klyuchnikov  <eustas.big@gmail.com>

        Web Inspector: Fix protocol version check.
        https://bugs.webkit.org/show_bug.cgi?id=91497

        Reviewed by Pavel Feldman.

        Generated method 'supportsInspectorProtocolVersion' should return
        false when requested  minor version is *greater* than actual
        minor version.

        * inspector/generate-inspector-protocol-version: Fixed stub text

2012-08-02  Alexei Filippov  <alexeif@chromium.org>

        Web Inspector: count RenderStyle objects in the native memory profiler
        https://bugs.webkit.org/show_bug.cgi?id=91759

        Reviewed by Yury Semikhatsky.

        The patch adds instrumentation to the following classes:
          - RenderStyle
          - StyleRareInheritedData
          - StyleRareNonInheritedData

        * bindings/js/ScriptWrappable.h:
        * bindings/v8/ScriptWrappable.h:
        * dom/MemoryInstrumentation.h:
        (WebCore):
        (WebCore::MemoryInstrumentation::OwningTraits::addObject):
        (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
        (WebCore::MemoryInstrumentation::addObjectImpl):
        * dom/Node.cpp:
        (WebCore::Node::reportMemoryUsage):
        * dom/Node.h:
        (WebCore):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::reportMemoryUsage):
        (WebCore):
        * rendering/style/RenderStyle.h:
        (WebCore):
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::reportMemoryUsage):
        (WebCore):
        * rendering/style/StyleRareInheritedData.h:
        (WebCore):
        (StyleRareInheritedData):
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::reportMemoryUsage):
        (WebCore):
        * rendering/style/StyleRareNonInheritedData.h:
        (WebCore):
        (StyleRareNonInheritedData):

2012-08-02  Alexei Filippov  <alexeif@chromium.org>

        Web Inspector: rename host->origin in the inspector protocol DOMStorage entry
        https://bugs.webkit.org/show_bug.cgi?id=92979

        Reviewed by Yury Semikhatsky.

        * inspector/Inspector.json:
        * inspector/InspectorDOMStorageResource.cpp:
        (WebCore::InspectorDOMStorageResource::bind):
        * inspector/front-end/DOMStorage.js:
        (WebInspector.DOMStorageDispatcher.prototype.addDOMStorage):

2012-08-02  Kihong Kwon  <kihong.kwon@samsung.com>

        [EFL] Change return value of battey level
        https://bugs.webkit.org/show_bug.cgi?id=92964

        Reviewed by Simon Hausmann.

        Change return value of navigator.webkitBattery.level from 0~100 to 0~1.0.
        Battery level have to returns 0~1.0 by Battery Status API spec.

        * platform/efl/BatteryProviderEfl.cpp:
        (WebCore::BatteryProviderEfl::setBatteryClient):

2012-08-02  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: remove extraObjectSize parameter from MemoryClassInfo constructor
        https://bugs.webkit.org/show_bug.cgi?id=92981

        Reviewed by Alexander Pavlov.

        Refactored MemoryInstrumentation to get rid of extraSize parameter from
        MemoryObjectInfo constructor and MemoryObjectInfo::reportObjectInfo. The
        extra size should always be reported as an object that occupies these extra
        bytes.

        * dom/ElementAttributeData.cpp:
        (WebCore::ElementAttributeData::reportMemoryUsage):
        (WebCore):
        * dom/ElementAttributeData.h:
        (WebCore):
        (ElementAttributeData):
        * dom/MemoryInstrumentation.h:
        (WebCore::MemoryObjectInfo::reportObjectInfo):
        (WebCore::MemoryClassInfo::MemoryClassInfo):

2012-08-02  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r124439.
        http://trac.webkit.org/changeset/124439
        https://bugs.webkit.org/show_bug.cgi?id=92980

        Broke Chromium Mac Release compile (Requested by apavlov on
        #webkit).

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        * Modules/mediastream/RTCPeerConnection.h:
        * WebCore.gypi:
        * platform/mediastream/RTCPeerConnectionHandler.cpp: Removed.
        * platform/mediastream/RTCPeerConnectionHandler.h: Removed.
        * platform/mediastream/RTCPeerConnectionHandlerClient.h: Removed.
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.cpp: Removed.
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.h: Removed.

2012-08-02  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] Uninitialized memory read in QObject runtime bridge
        https://bugs.webkit.org/show_bug.cgi?id=92972

        Reviewed by Kenneth Rohde Christiansen.

        The vargs array has an initial size of 0 and when calling a method with no return value
        and no arguments, vargs remains empty. Therefore unconditional access to vargs[0] results
        in access to uninitialized memory.

        No new tests, covered by valgrind in existing qobjectbridge tests.

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::call):
        * bridge/qt/qt_runtime_qt4.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::call):

2012-08-02  Zoltan Herczeg  <zherczeg@webkit.org>

        Alignment issue for readTime in PluginDatabase.cpp
        https://bugs.webkit.org/show_bug.cgi?id=92746

        Reviewed by Simon Hausmann.

        When the byte stream is written, nothing guarantees that
        the time_t data is aligned. This issue caused alignment
        traps on ARM CPUs.

        No new tests. Covered by existing tests.

        * plugins/PluginDatabase.cpp:
        (WebCore::readTime):

2012-08-02  Tommy Widenflycht  <tommyw@google.com>

        MediaStream API: Add RTCPeerConnectionHandler infrastructure
        https://bugs.webkit.org/show_bug.cgi?id=92866

        Reviewed by Kentaro Hara.

        Introducing RTCPeerConnectionHandler & RTCPeerConnectionHandlerClient,
        together with the Chromium WebKit interface, following the pattern of
        the previous PeerConnection00Handler but with the optimizations from MediaStreamCenter.

        Not yet testable due to not enough code landed.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        * Modules/mediastream/RTCPeerConnection.h:
        (RTCPeerConnection):
        * WebCore.gypi:
        * platform/mediastream/RTCPeerConnectionHandler.cpp: Added.
        (WebCore):
        (RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandler::create):
        (WebCore::RTCPeerConnectionHandlerDummy::RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandlerDummy::~RTCPeerConnectionHandlerDummy):
        (WebCore::RTCPeerConnectionHandlerDummy::initialize):
        * platform/mediastream/RTCPeerConnectionHandler.h: Copied from Source/WebCore/Modules/mediastream/RTCPeerConnection.h.
        (WebCore):
        (RTCPeerConnectionHandler):
        (WebCore::RTCPeerConnectionHandler::~RTCPeerConnectionHandler):
        (WebCore::RTCPeerConnectionHandler::RTCPeerConnectionHandler):
        * platform/mediastream/RTCPeerConnectionHandlerClient.h: Copied from Source/WebCore/Modules/mediastream/RTCPeerConnection.h.
        (WebCore):
        (RTCPeerConnectionHandlerClient):
        (WebCore::RTCPeerConnectionHandlerClient::~RTCPeerConnectionHandlerClient):
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.cpp: Added.
        (WebCore):
        (WebCore::RTCPeerConnectionHandler::create):
        (WebCore::RTCPeerConnectionHandlerChromium::RTCPeerConnectionHandlerChromium):
        (WebCore::RTCPeerConnectionHandlerChromium::~RTCPeerConnectionHandlerChromium):
        (WebCore::RTCPeerConnectionHandlerChromium::initialize):
        * platform/mediastream/chromium/RTCPeerConnectionHandlerChromium.h: Added.
        (WebCore):
        (RTCPeerConnectionHandlerChromium):

2012-08-02  Yury Semikhatsky  <yurys@chromium.org>

        Web Inspector: rename reportMemoryUsage to reportDescendantMemoryUsage in StyleRuleBase descendants
        https://bugs.webkit.org/show_bug.cgi?id=92966

        Reviewed by Alexander Pavlov.

        Renamed reportMemoryUsage to reportDescendantMemoryUsage in all descendants of
        StyleRuleBase to avoid accidental recursive calls to StyleRuleBase::reportMemoryUsage
        when a new type of rule is added.

        * css/StyleRule.cpp:
        (WebCore::StyleRuleBase::reportMemoryUsage):
        (WebCore::StyleRule::reportDescendantMemoryUsage):
        (WebCore::StyleRulePage::reportDescendantMemoryUsage):
        (WebCore::StyleRuleFontFace::reportDescendantMemoryUsage):
        (WebCore::StyleRuleBlock::reportDescendantMemoryUsage):
        (WebCore::StyleRuleMedia::reportDescendantMemoryUsage):
        (WebCore::StyleRuleRegion::reportDescendantMemoryUsage):
        * css/StyleRule.h:
        (StyleRule):
        (StyleRuleFontFace):
        (StyleRulePage):
        (StyleRuleBlock):
        (StyleRuleMedia):
        (StyleRuleRegion):
        * css/StyleRuleImport.cpp:
        (WebCore::StyleRuleImport::reportDescendantMemoryUsage):
        * css/StyleRuleImport.h:
        (StyleRuleImport):
        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::StyleRuleKeyframes::reportDescendantMemoryUsage):
        * css/WebKitCSSKeyframesRule.h:
        (StyleRuleKeyframes):

2012-08-02  Hironori Bono  <hbono@chromium.org>

        [Chromium] Implement hyphenation for Chromium
        https://bugs.webkit.org/show_bug.cgi?id=48610

        Reviewed by Eric Seidel.

        This change adds a couple of methods canHyphenate and computeLastHyphenLocation
        to Platform so Chromium can implement them. Also, this change uses these methods
        to implement the hyphenation methods of WebCore. (This change does not change
        any behaviors until Chromium implements these methods.)

        No new tests because this change is for fixing a couple of existing layout tests
        'fast/text/hyphenate-character.html' and 'fast/text/hyphens.html'.

        * WebCore.gypi:
        * platform/text/chromium/Hyphenation.cpp: Added.
        (WebCore):
        (WebCore::canHyphenate): Called Platform::canHyphenation().
        (WebCore::lastHyphenLocation): Called Platform::computeLastHyphenLocation().

2012-08-02  ulan@chromium.org  <ulan@chromium.org>

        [chromium] Improve garbage collector hint if page uses Canvas contexts
        https://bugs.webkit.org/show_bug.cgi?id=92856

        Reviewed by Kentaro Hara.

        Request GC by sending context disposed and idle notification to V8 instead
        of sending low memory notification. It is faster as it causes one GC
        instead of seven GCs caused by low memory notification.

        * bindings/v8/V8Binding.cpp:
        (WebCore::V8BindingPerIsolateData::V8BindingPerIsolateData):
        * bindings/v8/V8Binding.h:
        (V8BindingPerIsolateData):
        (WebCore::V8BindingPerIsolateData::setShouldCollectGarbageSoon):
        (WebCore::V8BindingPerIsolateData::clearShouldCollectGarbageSoon):
        (WebCore::V8BindingPerIsolateData::shouldCollectGarbageSoon):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::hintForGCIfNecessary):
        * bindings/v8/custom/V8HTMLCanvasElementCustom.cpp:
        (WebCore::V8HTMLCanvasElement::getContextCallback):

2012-08-02  Mihnea Ovidenie  <mihnea@adobe.com>

        CSSRegions: Crash when reattaching a region to a named flow.
        https://bugs.webkit.org/show_bug.cgi?id=91307

        Reviewed by Abhishek Arya.

        The lifetime of a flow thread  has changed from not being destroyed (until the RenderView is destroyed) to being destroyed,
        under certain conditions, no attached regions and no content, before RenderView is destroyed.
        When the flow thread does not have any content and the region to be detached is the last region for the flow thread,
        the flow thread is destroyed.
        In this case, if the same region has to be attached again to the flow thread, the flow thread needs to be
        recreated, otherwise the crash will result.

        Test: fast/regions/region-flow-reattach-crash.html

        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::attachRegion):
        We skip the attach if we are in the middle of document destruction.
        We recreate the flow thread to which the region is intended to be attached only if the region was
        not previously marked as invalid in relation to the flow thread (because the region was part of a
        circular dependency).
        (WebCore::RenderRegion::detachRegion): After the region is detached from flow thread,
        null the region internal pointer to the flow thread to mark that the region is not
        attached.

2012-08-02  Tommy Widenflycht  <tommyw@google.com>

        MediaStream API: Move RTCConfiguration to its proper place
        https://bugs.webkit.org/show_bug.cgi?id=92867

        Reviewed by Adam Barth.

        This patch moves RTCConfiguration to Source/WebCore/platform/mediastream,
        and adds its WebKit interface for chromium.

        No functional code changes.

        * GNUmakefile.list.am:
        * Modules/mediastream/RTCPeerConnection.cpp:
        * WebCore.gypi:
        * platform/chromium/support/WebRTCConfiguration.cpp: Added.
        (WebKit):
        (WebKit::WebRTCICEServer::WebRTCICEServer):
        (WebKit::WebRTCICEServer::assign):
        (WebKit::WebRTCICEServer::reset):
        (WebKit::WebRTCICEServer::uri):
        (WebKit::WebRTCICEServer::credential):
        (WebKit::WebRTCConfiguration::WebRTCConfiguration):
        (WebKit::WebRTCConfiguration::assign):
        (WebKit::WebRTCConfiguration::reset):
        (WebKit::WebRTCConfiguration::numberOfServers):
        (WebKit::WebRTCConfiguration::server):
        * platform/mediastream/RTCConfiguration.h: Added.
        (WebCore):
        (RTCIceServer):
        (WebCore::RTCIceServer::create):
        (WebCore::RTCIceServer::~RTCIceServer):
        (WebCore::RTCIceServer::uri):
        (WebCore::RTCIceServer::credential):
        (WebCore::RTCIceServer::RTCIceServer):
        (RTCConfiguration):
        (WebCore::RTCConfiguration::create):
        (WebCore::RTCConfiguration::~RTCConfiguration):
        (WebCore::RTCConfiguration::appendServer):
        (WebCore::RTCConfiguration::numberOfServers):
        (WebCore::RTCConfiguration::server):
        (WebCore::RTCConfiguration::RTCConfiguration):

2012-08-02  Alexander Shalamov  <alexander.shalamov@intel.com>

        [EFL] Browser crashes when non-progress element with -webkit-appearance:progress-bar is rendered