Unreviewed, rolling out r185906.

[WebKit-https.git] / Source / WebCore / ChangeLog

2015-06-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r185906.
        https://bugs.webkit.org/show_bug.cgi?id=146276

        MSVC doesn't yet provide a const-qualified std::array<T,
        N>::size(), failing to compile the static_assert (Requested by
        zdobersek on #webkit).

        Reverted changeset:

        "Improve the source code generated by make_names.pl"
        https://bugs.webkit.org/show_bug.cgi?id=146208
        http://trac.webkit.org/changeset/185906

2015-06-24  Zan Dobersek  <zdobersek@igalia.com>

        Improve the source code generated by make_names.pl
        https://bugs.webkit.org/show_bug.cgi?id=146208

        Reviewed by Darin Adler.

        Clean up and optimize the output that's generated by the make_names.pl script
        when generating large sets of DOM names for attributes and tags.

        The GenerateStrings() function in the StaticString.pm module is split into
        GenerateStringData() and GenerateASCIILiteral() so that the two new functions
        can be used independently, with the original function still being called when
        generating font names.

        Tags and attributes have the corresponding static QualifiedName globals defined
        as before. After that, two static const std::array<> objects are defined for
        both types -- the first is an ordered array of addresses of the QualifiedName
        objects (corresponding to the C array that was defined in getHTMLTags(),
        getSVGAttrs() etc.), and the second is an ordered array of StringImpl::StaticASCIILiteral
        objects that replaces separately defined StringImpl::StaticASCIILiteral objects
        and the additional tables that contained pairs of QualifiedName object addresses
        and the corresponding StaticASCIILiteral object references in the init() function.
        This is all generated by the printStaticData() function in make_names.pl.

        The printQualifiedNameCreation() function generates a static_assert() that ensures
        that the corresponding std::array<QualifiedName*> and std::array<StaticASCIILiteral>
        objects have the same amount of items, and then sets up a loop that walks through
        the two arrays and properly constructs the QualifiedName objects from the static
        literal data.

        On the GTK port, this shaves off ~54kB from the final stripped shared library
        on a 64-bit build, and ~21kB on a 32-bit build.

        * bindings/scripts/StaticString.pm:
        (GenerateStringData):
        (GenerateASCIILiteral):
        (GenerateStrings):
        * dom/make_names.pl:
        (printCppHead):
        (printNamesCppFile):
        (printStaticData):
        (printQualifiedNameCreation):
        (printInit): Deleted.
        (printDefinitions): Deleted.

2015-06-24  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Refactor UserMediaRequest to share more codes between MediaDevices.getUserMedia and legacy webkitGetUserMedia
        https://bugs.webkit.org/show_bug.cgi?id=146237

        Reviewed by Darin Adler.

        Covered by existing tests, no change in behavior.

        * Modules/mediastream/MediaConstraintsImpl.cpp:
        (WebCore::MediaConstraintsImpl::create): Simplified error handling by removing exception code parameter.
        * Modules/mediastream/MediaConstraintsImpl.h: Ditto.
        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::getUserMedia): Removed code now in UserMediaRequest::start.
        * Modules/mediastream/NavigatorUserMedia.cpp:
        (WebCore::NavigatorUserMedia::webkitGetUserMedia): Ditto.
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::parseOptions): Simplified error handling by removing exception code parameter.
        (WebCore::UserMediaRequest::start): Renamed create in start and added common code.
        * Modules/mediastream/UserMediaRequest.h:

2015-06-23  Andreas Kling  <akling@apple.com>

        Should reduce tile coverage for the first paint after a tab switch.
        <https://webkit.org/b/146252>
        <rdar://problem/19821583>

        Reviewed by Darin Adler.

        Reduce the number of tiles we need to paint after switching tabs,
        to shorten the time it takes before we can flush pixels to screen.

        We accomplish this by piggybacking on the "speculative tiling enabled"
        mode of FrameView, which was previously only used to throttle painting
        and layer flushes during page load.

        When a FrameView becomes visible, which is what happens when you
        switch to its tab, we revert the speculative tiling optimization to
        its initial state, and reset the "scrolled by user" flag.

        In practice this means that after switching tabs, we only generate
        enough tiles to fill the viewport. Then, after 500ms has passed
        or the user scrolls the page, we go back to the usual speculative
        tiling mode.

        * page/FrameView.cpp:
        (WebCore::FrameView::show):

2015-06-23  Anders Carlsson  <andersca@apple.com>

        Remove windowResizerRect code, nobody is using it anymore
        https://bugs.webkit.org/show_bug.cgi?id=146265

        Reviewed by Beth Dakin.

        * loader/EmptyClients.h:
        * page/Chrome.cpp:
        (WebCore::Chrome::windowResizerRect): Deleted.
        * page/Chrome.h:
        * page/ChromeClient.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::windowResizerRect): Deleted.
        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::ScrollView): Deleted.
        (WebCore::ScrollView::windowResizerRectChanged): Deleted.
        (WebCore::ScrollView::containsScrollbarsAvoidingResizer): Deleted.
        (WebCore::ScrollView::adjustScrollbarsAvoidingResizerCount): Deleted.
        (WebCore::ScrollView::setParent): Deleted.
        * platform/ScrollView.h:
        (WebCore::ScrollView::windowResizerRect): Deleted.
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::Scrollbar): Deleted.
        (WebCore::Scrollbar::setFrameRect): Deleted.
        (WebCore::Scrollbar::setParent): Deleted.
        * platform/Scrollbar.h:

2015-06-23  Dean Jackson  <dino@apple.com>

        Media controls are missing the white backdrop in UIWebViews
        https://bugs.webkit.org/show_bug.cgi?id=146251
        <rdar://problem/20181345>

        Reviewed by Simon Fraser.

        Implement two new CALayer subclasses that explicitly set
        something that resembles the system appearance for
        media-controls-dark-bar-background and media-controls-light-bar-background.
        This way, WebKit1 clients get a visible result.

        Creating the actual system recipes is tracked by:
        https://bugs.webkit.org/show_bug.cgi?id=146250

        * WebCore.xcodeproj/project.pbxproj: Add new files.
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (PlatformCALayerCocoa::PlatformCALayerCocoa): Use the new CALayer subclasses for
        the appropriate layer types.
        * platform/graphics/ca/cocoa/WebSystemBackdropLayer.h: Added.
        * platform/graphics/ca/cocoa/WebSystemBackdropLayer.mm: Added.
        (-[WebLightSystemBackdropLayer init]):
        (-[WebLightSystemBackdropLayer setBackgroundColor:]): Only set to a light grey.
        (-[WebDarkSystemBackdropLayer init]):
        (-[WebDarkSystemBackdropLayer setBackgroundColor:]): Only set to a dark grey.

2015-06-18  Matt Rajca  <mrajca@apple.com>

        Support releasing media sessions
        https://bugs.webkit.org/show_bug.cgi?id=146132

        Reviewed by Darin Adler.

        * Modules/mediasession/MediaSession.cpp: Implemented as described in the Media Session spec.
        (WebCore::MediaSession::releaseSession):
        (WebCore::MediaSession::releaseInternal):
        * Modules/mediasession/MediaSession.h:

2015-06-23  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: VoiceOver and ARIA: has popup property not announced
        https://bugs.webkit.org/show_bug.cgi?id=146188

        Reviewed by Darin Adler.

        Expose the existing "has popup" property to the iOS Accessibility API.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityHasPopup]):

2015-06-23  Javier Fernandez  <jfernandez@igalia.com>

        [CSS Grid Layout] Performance optimization: avoid computing overflow alignment if not needed
        https://bugs.webkit.org/show_bug.cgi?id=146231

        Reviewed by Sergio Villar Senin.

        We don't need to apply any overflow handling if alignment value don't have a potential
        risk of data loss, as it's the case of 'start' value.

        This patch avoid computing the overflow in all the cases, since it adds an unneeded
        overhead which affects performance.

        New code improves performance around 3%-8%, depending on the grid tests.

        No new tests, no new funcitonality.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::rowPositionForChild):
        (WebCore::RenderGrid::columnPositionForChild):

2015-06-23  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        MediaDevices.getUserMedia should migrate from callbacks to DOMPromise
        https://bugs.webkit.org/show_bug.cgi?id=146200

        Reviewed by Darin Adler.

        Introduced DOMPromiseWithCallback to resolve/reject promises while allowing promise clients to use a typed callback approach.
        Migrated MediaDevices.getUserMedia from callbacks to DOMPromiseWithCallback.
        Removed MediaDevices.getUserMedia custom binding.

        Covered by existing tests.

        * CMakeLists.txt: Removing custom binding.
        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::getUserMedia): Moving from callback to promise.
        * Modules/mediastream/MediaDevices.h: Ditto.
        * Modules/mediastream/MediaDevices.idl: Removing custom binding.
        * Modules/mediastream/NavigatorUserMedia.cpp:
        (WebCore::NavigatorUserMedia::webkitGetUserMedia): Converting from promise callback to API callbacks.
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::create): Moving from callback to promise.
        (WebCore::UserMediaRequest::UserMediaRequest): Ditto.
        (WebCore::UserMediaRequest::didCreateStream): Ditto.
        (WebCore::UserMediaRequest::failedToCreateStreamWithConstraintsError): Ditto.
        (WebCore::UserMediaRequest::failedToCreateStreamWithPermissionError): Ditto.
        * Modules/mediastream/UserMediaRequest.h: Ditto.
        * bindings/js/JSDOMPromise.h: Introducing DOMPromiseWithCallback and removing crypto specific header.
        (WebCore::DOMPromiseWithCallback::DOMPromiseWithCallback):
        (WebCore::Error>::resolve):
        (WebCore::Error>::reject):
        * bindings/js/JSMediaDevicesCustom.cpp: Removed.
        * bindings/js/JSSubtleCryptoCustom.cpp: Updating headers.

2015-06-23  Xabier Rodriguez Calvar  <calvaris@igalia.com> and Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Implement ReadableStream js source "'cancel" callback
        https://bugs.webkit.org/show_bug.cgi?id=146204

        Reviewed by Darin Adler.

        Calling "cancel" JS function when web app is cancelling a JS readable stream.
        Handling of promise returned value in case of async cancel.

        Covered by rebased tests.

        * bindings/js/ReadableJSStream.cpp:
        (WebCore::ReadableJSStream::invoke): Refactoring to pass cancel reason or controller to the JS function.
        (WebCore::ReadableJSStream::doStart): Ditto.
        (WebCore::startReadableStreamAsync): Renaming readableStream as protectedStream.
        (WebCore::createPullResultFulfilledFunction): Ditto.
        (WebCore::ReadableJSStream::doPull): Refactoring to pass cancel reason or controller to the JS function.
        (WebCore::createCancelResultFulfilledFunction): Cancel promise fullfil callback.
        (WebCore::createCancelResultRejectedFunction): Cancel promise reject callback.
        (WebCore::ReadableJSStream::doCancel): Calling cancel JS callback and handling promise returned value.
        * bindings/js/ReadableJSStream.h: Refactoring to pass cancel reason or controller to the JS function.

2015-06-22  Ryuan Choi  <ryuan.choi@navercorp.com>

        [EFL] Hyphenation is not supported
        https://bugs.webkit.org/show_bug.cgi?id=89830

        Reviewed by Gyuyoung Kim.

        Share libHyphen backend of GTK port.

        Rebased fast/text/hyphenate-*.html

        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * platform/efl/FileSystemEfl.cpp:
        (WebCore::listDirectory): Deleted because of lack of functionality.
        eina_file_ls returns full directory path so fnmatch fails to check dict file.
        This patch reuse Posix implementation instead of EFL port specific function.
        * platform/posix/FileSystemPOSIX.cpp: Ditto.
        * platform/text/gtk/HyphenationLibHyphen.cpp: Moved to platform/text/hyphen
        * platform/text/hyphen/HyphenationLibHyphen.cpp:
        Renamed from Source/WebCore/platform/text/gtk/HyphenationLibHyphen.cpp.
        (WebCore::scanTestDictionariesDirectoryIfNecessary):
        Added PLATFORM guard and EFL implementation for the test directory

2015-06-22  Chris Dumez  <cdumez@apple.com>

        [WK1] WebAllowDenyPolicyListener.denyOnlyThisRequest() should not start a new permission request
        https://bugs.webkit.org/show_bug.cgi?id=146228
        <rdar://problem/15179262>

        Reviewed by Daniel Bates.

        Add Geolocation::resetIsAllowed() API that merely resets
        m_allowGeolocation to Unknown, so that we will request the permission
        again the next time a position is requested.

        * Modules/geolocation/Geolocation.h:
        (WebCore::Geolocation::resetIsAllowed):

2015-06-22  Simon Fraser  <simon.fraser@apple.com>

        ASSERT(!m_zOrderListsDirty) when mousing over web view with incremental rendering suppressed
        https://bugs.webkit.org/show_bug.cgi?id=146225

        Reviewed by Zalan Bujtas.

        Update RenderLayer's z-order lists when hit testing. There's no guarantee that they've
        been updated; this happens to work most of the time because painting updates them,
        but if incremental rendering is suppressed, we may not have painted yet.
        
        Easy to hit on webkit.org in MiniBrowser, but I wasn't able to make a reduced testcase.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTest):
        (WebCore::RenderLayer::updateLayerListsIfNeeded): Flip the order of the tests, since checking
        dirty bits is cheaper than calling isStackingContext().

2015-06-22  Dean Jackson  <dino@apple.com>

        Rename PlatformCA*Mac to PlatformCA*Cocoa
        https://bugs.webkit.org/show_bug.cgi?id=146224
        <rdar://problem/21497182>

        Reviewed by Simon Fraser.

        Rename PlatformCALayerMac and related files in platform/graphics/ca/mac
        to the more accurate Cocoa suffix.

        * WebCore.xcodeproj/project.pbxproj:
        * page/mac/ServicesOverlayController.mm:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        * platform/graphics/ca/PlatformCAAnimation.h:
        * platform/graphics/ca/PlatformCALayer.h:
        * platform/graphics/ca/cocoa/LayerFlushSchedulerMac.cpp: Renamed from Source/WebCore/platform/graphics/ca/mac/LayerFlushSchedulerMac.cpp.
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.h: Renamed from Source/WebCore/platform/graphics/ca/mac/PlatformCAAnimationMac.h.
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm: Renamed from Source/WebCore/platform/graphics/ca/mac/PlatformCAAnimationMac.mm.
        * platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm: Renamed from Source/WebCore/platform/graphics/ca/mac/PlatformCAFiltersMac.mm.
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.h: Renamed from Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.h.
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm: Renamed from Source/WebCore/platform/graphics/ca/mac/PlatformCALayerMac.mm.
        * platform/graphics/ca/cocoa/WebTiledBackingLayer.h: Renamed from Source/WebCore/platform/graphics/ca/mac/WebTiledBackingLayer.h.
        * platform/graphics/ca/cocoa/WebTiledBackingLayer.mm: Renamed from Source/WebCore/platform/graphics/ca/mac/WebTiledBackingLayer.mm.
        * platform/graphics/ca/mac/LayerFlushSchedulerMac.cpp:
        * platform/graphics/ca/mac/PlatformCAAnimationMac.mm:
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm:
        * platform/graphics/ca/mac/PlatformCALayerMac.mm:
        * platform/graphics/ca/mac/WebTiledBackingLayer.mm:

2015-06-22  Alex Christensen  <achristensen@webkit.org>

        [cssjit] Disable compiling scrollbar pseudoclass selectors
        https://bugs.webkit.org/show_bug.cgi?id=146220

        Reviewed by Benjamin Poulain.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addScrollbarPseudoClassType):
        Don't compile selectors with scrollbar pseudoclasses.

2015-06-22  Simon Fraser  <simon.fraser@apple.com>

        -webkit-clip-path clips incorrectly if the element bounds go beyond the top edge of the page
        https://bugs.webkit.org/show_bug.cgi?id=146218
        rdar://problem/21127840

        Reviewed by Zalan Bujtas.

        The clip path is computed using the RenderLayer's bounding box, so needs to be offset
        by the offsetFromRenderer when set on the mask layer.

        Test: compositing/masks/compositing-clip-path-origin.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateMaskingLayerGeometry):

2015-06-22  Michael Catanzaro  <mcatanzaro@igalia.com>

        Web sockets should be treated as active mixed content
        https://bugs.webkit.org/show_bug.cgi?id=140624

        Reviewed by Sam Weinig.

        Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html
               http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect): Block ws:// WebSocket connections from https:// pages, and
        emit the onerror event after doing so.
        * platform/SchemeRegistry.cpp:
        (WebCore::secureSchemes): Add wss:// to the list of secure schemes.

2015-06-22  Dean Jackson  <dino@apple.com>

        Element with blur backdrop-filter shows edge duplication and dark edges
        https://bugs.webkit.org/show_bug.cgi?id=146215
        <rdar://problem/20367695>

        Reviewed by Tim Horton.

        The input images to backdrop filters should duplicate their edge pixels
        outwards, rather than using transparent pixels. This is a flag we
        set on the Gaussian blur, but means we have to remember if the
        FilterOperations list came from a regular filter or a backdrop filter.

        Test: css3/filters/backdrop/blur-input-bounds.html

        * css/CSSPropertyNames.in: New custom convertor for backdrop-filter.
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertBackdropFilterOperations): New convertor
        that sets the backdrop flag, but is otherwise the same as a normal filter
        convertor.
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFilterOperations): Inherit the backdrop flag if either of our
        inputs has it.
        * platform/graphics/ca/mac/PlatformCAFiltersMac.mm: Set the inputNormalizeEdges
        key on the CAFilter if necessary.
        * platform/graphics/filters/FilterOperations.cpp: Add a new flag indicating if
        these operations are intended for backdrops.
        (WebCore::FilterOperations::operator=):
        (WebCore::FilterOperations::operator==):
        * platform/graphics/filters/FilterOperations.h:
        (WebCore::FilterOperations::isUsedForBackdropFilters):
        (WebCore::FilterOperations::setUsedForBackdropFilters):

2015-06-22  Tim Horton  <timothy_horton@apple.com>

        [TextIndicator] Text shifts one pixel to the left when I force click to bring up Lookup in Mail messages
        https://bugs.webkit.org/show_bug.cgi?id=146214
        <rdar://problem/20782970>

        Reviewed by Dean Jackson.

        * page/mac/TextIndicatorWindow.mm:
        (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]):
        (WebCore::TextIndicatorWindow::setTextIndicator):
        (-[WebTextIndicatorView initWithFrame:textIndicator:margin:]): Deleted.
        When the WebView is at a nonintegral position, we can end up needing a TextIndicator
        with a nonintegral position. We need to round the window position, so we need to apply
        the fractional part to the indicator layers inside, not to the window.

2015-06-22  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Arabic text styled with Georgia is rendered as boxes
        https://bugs.webkit.org/show_bug.cgi?id=145681
        <rdar://problem/21169844>

        Reviewed by Darin Adler.

        Georgia doesn't support Arabic, so we ask CoreText what font does support Arabic. It returns
        TimesNewRomanPSMT. However, WebKit explicitly disallows this font on iOS. Therefore, instead
        of using TimesNewRomanPSMT, we will simply just use GeezaPro.

        Test: fast/text/arabic-times-new-roman.html

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::FontCache::systemFallbackForCharacters):
        * platform/graphics/Font.h: Let FontCacheIOS call fontFamilyShouldNotBeUsedForArabic()
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::fontFamilyShouldNotBeUsedForArabic):

2015-06-22  Alex Christensen  <achristensen@webkit.org>

        Unreviewed non-mac debug build fix after r185840.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequest):
        Added enable flag around assertion.

2015-06-20  Alex Christensen  <achristensen@webkit.org>

        [Content Extensions] Add SPI to reload without content blocking.
        https://bugs.webkit.org/show_bug.cgi?id=146128
        rdar://problem/20351903

        Reviewed by Sam Weinig.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::loadResource):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequest):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::open):
        * page/Page.h:
        (WebCore::Page::userContentController):
        (WebCore::Page::userContentExtensionsEnabled):
        (WebCore::Page::setUserContentExtensionsEnabled):
        (WebCore::Page::group):
        * page/UserContentController.cpp:
        (WebCore::UserContentController::removeAllUserContentExtensions):
        (WebCore::UserContentController::processContentExtensionRulesForLoad):
        (WebCore::UserContentController::actionsForResourceLoad):
        * page/UserContentController.h:

2015-06-22  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r169105) Dangling renderer pointer in SelectionSubtreeRoot::SelectionSubtreeData.
        https://bugs.webkit.org/show_bug.cgi?id=146116
        rdar://problem/20959369

        Reviewed by Brent Fulgham.

        This patch ensures that we don't adjust the selection unless the visual selection still matches this subtree root.

        When multiple selection roots are present we need to ensure that a RenderObject
        only shows up in one of them.
        RenderView::splitSelectionBetweenSubtrees(), as the name implies, splits the
        selection and sets the selection range (start/end) on each selection root.
        However, SelectionSubtreeRoot::adjustForVisibleSelection() later recomputes the range
        based on visible selection and that could end up collecting renderers as selection start/end
        from another selection subtree.
        RenderObject's holds the last selection state (RenderObject::setSelectionState).
        If we set a renderer first as "on selection border" and later "inside" using multiple selection roots,
        we can't clean up selections properly when this object gets destroyed.
        One of the roots ends up with a dangling RenderObject pointer.

        Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees.html

        * rendering/SelectionSubtreeRoot.cpp:
        (WebCore::SelectionSubtreeRoot::adjustForVisibleSelection):

2015-06-22  Jeremy Jones  <jeremyj@apple.com>

        Do not exit fullscreen when starting PiP since this is done automatically.
        https://bugs.webkit.org/show_bug.cgi?id=144871

        Reviewed by Darin Adler.

        Since we don't explicitly exit fullscreen, update state in shouldExitFullscreenWithReason()

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h: Declare shouldExitFullscreenWithReason().
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController playerViewController:shouldExitFullScreenWithReason:]): Forward to WebVideoFullscreenInterfaceAVKit.
        (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason): Added.
        (WebVideoFullscreenInterfaceAVKit::willStartPictureInPicture): Remove enter fullscreen code.
        * platform/spi/cocoa/AVKitSPI.h: Add missing enums.

2015-06-22  Daniel Bates  <dabates@apple.com>

        AX: UI Automation cannot find AutoFill or search cancel buttons
        https://bugs.webkit.org/show_bug.cgi?id=145241
        <rdar://problem/21051411>

        Reviewed by Chris Fleizach.

        Add support for hit testing the search cancel button and AutoFill button so that
        they can be accessed by UI Automation.

        Currently the accessibility hit test machinery ignores nodes in a shadow tree.
        So, it neither finds the <input type="search"> cancel button nor the AutoFill button
        when it performs a hit test. Therefore these buttons cannot be accessed using
        UI Automation.

        Tests: accessibility/hit-test-input-auto-fill-button.html
               accessibility/hit-test-input-search-cancel-button.html
               accessibility/input-search-cancel-button.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::accessibilityTextFieldDecorationHitTest): Added; returns
        the AccessibilityObject for the search cancel button or AutoFill text field decoration as applicable.
        (WebCore::AccessibilityRenderObject::accessibilityHitTest): Check whether the hit node
        is a text field decoration.

2015-06-22  Xabier Rodriguez Calvar  <calvaris@igalia.com> and Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Implement ReadableStream cancel (abstract part)
        https://bugs.webkit.org/show_bug.cgi?id=146111

        Reviewed by Darin Adler.

        This patch implements ReadableStream and ReadableStreamReader cancel.
        The reader delegates cancellation to its stream.

        This patch also ensures that controller.close() will not throw in case cancellation is on-going.

        A follow-up patch will implement the calling of 'cancel' JS callback for JS sources.

        Covered by rebased tests.

        * Modules/streams/ReadableStream.cpp:
        (WebCore::ReadableStream::cancel): Checks whether locked or not before cancelling.
        (WebCore::ReadableStream::cancelNoCheck): Cancel without lock check.
        (WebCore::ReadableStream::notifyCancelSucceeded): Async cancel callback.
        (WebCore::ReadableStream::notifyCancelFailed): Ditto.
        * Modules/streams/ReadableStream.h:
        * Modules/streams/ReadableStream.idl: Cleaned up IDL.
        * Modules/streams/ReadableStreamReader.cpp:
        (WebCore::ReadableStreamReader::cancel):
        * Modules/streams/ReadableStreamReader.h:
        * Modules/streams/ReadableStreamReader.idl: Cleaned up IDL
        * bindings/js/JSReadableStreamControllerCustom.cpp:
        (WebCore::JSReadableStreamController::close):
        * bindings/js/JSReadableStreamCustom.cpp:
        (WebCore::JSReadableStream::cancel):
        * bindings/js/JSReadableStreamReaderCustom.cpp:
        (WebCore::JSReadableStreamReader::cancel):
        * bindings/js/ReadableJSStream.cpp:
        (WebCore::ReadableJSStream::doCancel):
        * bindings/js/ReadableJSStream.h:

2015-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Navigator.webkitGetUserMedia() requires three arguments
        https://bugs.webkit.org/show_bug.cgi?id=146022

        Reviewed by Eric Carlson.

        Updated custom binding to make the third error callback argument
        mandatory. Updated and unskipped three tests (for the GTK+ port).

        * bindings/js/JSNavigatorCustom.cpp:
        (WebCore::JSNavigator::webkitGetUserMedia):

2015-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ build after r185818.

        Actually rollout r185320.

        * platform/network/soup/DNSSoup.cpp:
        (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences):
        (WebCore::DNSResolveQueue::platformResolve):
        (WebCore::gotProxySettingsCallback): Deleted.
        (WebCore::DNSResolveQueue::platformMaybeResolveHost): Deleted.

2015-06-16  Gavin Barraclough  <barraclough@apple.com>

        Page load performance regression due to bugs.webkit.org/show_bug.cgi?id=145542
        https://bugs.webkit.org/show_bug.cgi?id=146198

        Unreviewed rollout.

        * platform/network/DNSResolveQueue.cpp:
        (WebCore::DNSResolveQueue::DNSResolveQueue):
        (WebCore::DNSResolveQueue::isUsingProxy):
        (WebCore::DNSResolveQueue::add):
        (WebCore::DNSResolveQueue::timerFired):
        * platform/network/DNSResolveQueue.h:
        * platform/network/cf/DNSCFNet.cpp:
        (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences):
        (WebCore::clientCallback):
        (WebCore::DNSResolveQueue::platformResolve):
        (WebCore::proxyIsEnabledInSystemPreferences): Deleted.
        (WebCore::isUsingProxy): Deleted.
        (WebCore::DNSResolveQueue::platformMaybeResolveHost): Deleted.
        * platform/network/soup/DNSSoup.cpp:

2015-06-21  Alexey Proskuryakov  <ap@apple.com>

        REGRESSION (r172975): navigator.language unable to tell region for Traditional Chinese users
        https://bugs.webkit.org/show_bug.cgi?id=146121
        rdar://problem/21395180

        Reviewed by Darin Adler.

        Revert to previous behavior, which is wrong in many ways, but not as wrong as the new one.

        * platform/mac/Language.mm:
        (WebCore::httpStyleLanguageCode):
        (WebCore::platformUserPreferredLanguages):
        * platform/spi/cf/CFBundleSPI.h:

2015-06-19  Andy Estes  <aestes@apple.com>

        Give Node::didNotifySubtreeInsertions() a better name
        https://bugs.webkit.org/show_bug.cgi?id=146170

        Reviewed by Darin Adler.

        didNotifySubtreeInsertions() is not a good name. It sounds like we are notifying the subtree insertions, which doesn't make sense.

        This function is really about notifying the Node that the subtree it's a part of has finished being inserted into the DOM
        (i.e. all nodes have received their call to insertedInto()). Change the name to finishedInsertingSubtree() to better reflect this.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::notifyChildInserted):
        * dom/ContainerNodeAlgorithms.h:
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument):
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoTree):
        * dom/Element.cpp:
        (WebCore::Element::addShadowRoot):
        * dom/Node.h:
        (WebCore::Node::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::Node::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::ScriptElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * dom/ScriptElement.h:
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::insertedInto):
        (WebCore::HTMLFrameElementBase::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * html/HTMLFrameElementBase.h:
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::insertedInto):
        (WebCore::HTMLScriptElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::HTMLScriptElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * html/HTMLScriptElement.h:
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::insertedInto):
        (WebCore::SVGFEImageElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGFEImageElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/SVGFEImageElement.h:
        * svg/SVGMPathElement.cpp:
        (WebCore::SVGMPathElement::insertedInto):
        (WebCore::SVGMPathElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGMPathElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/SVGMPathElement.h:
        * svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::insertedInto):
        (WebCore::SVGScriptElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGScriptElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/SVGScriptElement.h:
        * svg/SVGTRefElement.cpp:
        (WebCore::SVGTRefElement::insertedInto):
        (WebCore::SVGTRefElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGTRefElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/SVGTRefElement.h:
        * svg/SVGTextPathElement.cpp:
        (WebCore::SVGTextPathElement::insertedInto):
        (WebCore::SVGTextPathElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGTextPathElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/SVGTextPathElement.h:
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::insertedInto):
        (WebCore::SVGSMILElement::finishedInsertingSubtree): Renamed from didNotifySubtreeInsertions.
        (WebCore::SVGSMILElement::didNotifySubtreeInsertions): Renamed to finishedInsertingSubtree.
        * svg/animation/SVGSMILElement.h:

2015-06-21  Philip Chimento  <philip.chimento@gmail.com>

        libwebkit2gtk fails to link without opengl
        https://bugs.webkit.org/show_bug.cgi?id=138332

        Reviewed by Carlos Garcia Campos.

        * CMakeLists.txt: The third-party ANGLE directories need to be
        included even if ENABLE(GRAPHICS_CONTEXT_3D) is false. They must
        be included after the OpenGL headers as the comment says.
        * platform/graphics/texmap/BitmapTexturePool.cpp: Remove
        reference to no longer existent header file.

2015-06-20  Tim Horton  <timothy_horton@apple.com>

        Deselection of text causes a noticeable jump on force touch machines
        https://bugs.webkit.org/show_bug.cgi?id=146173
        <rdar://problem/20992842>

        Reviewed by Sam Weinig.

        When we have a TextIndicator of type Crossfade, we end up putting
        a layer with the blue highlight + text painted into it on top of the
        content, and cross-fading that layer to the yellow-highlighted text.

        This is necessary for BounceAndCrossfade TextIndicators, because the
        blue highlight has to bounce, but is not necessary for Crossfade-only
        ones; we can just fade in the yellow highlight on top of the
        existing blue page highlight, and all is well.

        So, get rid of the Crossfade TextIndicator type and use FadeIn, separately
        keeping track of whether or not we can add a margin (we still can't
        add a margin to TextIndicators that indicate the page's current selection,
        because the blue highlight cannot have the margin applied to it, and we
        want the bounds to match exactly).

        * page/TextIndicator.cpp:
        (WebCore::TextIndicator::createWithRange):
        If the range is the same as the selection, turn off the margin.
        We were previously doing this based on the presentation transition, but now
        there's no difference in presentation transition in this case.

        (WebCore::TextIndicator::createWithSelectionInFrame):
        (WebCore::TextIndicator::wantsBounce):
        (WebCore::TextIndicator::wantsContentCrossfade):
        (WebCore::TextIndicator::wantsFadeIn):
        (WebCore::TextIndicator::wantsManualAnimation):
        * page/TextIndicator.h:
        Get rid of TextIndicatorPresentationTransition::Crossfade.

        (WebCore::TextIndicator::setWantsMargin):
        (WebCore::TextIndicator::wantsMargin):
        Keep track of whether we want a margin.

        * page/mac/TextIndicatorWindow.mm:
        (-[WebTextIndicatorView initWithFrame:textIndicator:margin:]):
        Determine if we should use a margin based on wantsMargin instead of the
        presentation transition.

2015-06-20  Ryuan Choi  <ryuan.choi@navercorp.com>

        [EFL] Do not consider test directories when DEVELOPER_MODE is OFF
        https://bugs.webkit.org/show_bug.cgi?id=146171

        Reviewed by Gyuyoung Kim.

        * platform/efl/EflInspectorUtilities.cpp:
        (WebCore::inspectorResourcePath): Only used WEB_INSPECTOR_DIR which CMake decides properly.

2015-06-19  Michael Catanzaro  <mcatanzaro@igalia.com>

        Fix absolute value warning in LocalizedStringsGtk.cpp
        https://bugs.webkit.org/show_bug.cgi?id=145919

        Reviewed by Martin Robinson.

        Use abs(static_cast<int>(time)) rather than static_cast<int>(abs(time)) to avoid clang's
        warnings about passing a float to abs() instead of std::abs(). Also, because casting an int
        to an int is silly.

        * platform/gtk/LocalizedStringsGtk.cpp:
        (WebCore::localizedMediaTimeDescription):

2015-06-19  Devin Rousso  <drousso@apple.com>

        Web Inspector: Highlight currently edited CSS selector
        https://bugs.webkit.org/show_bug.cgi?id=145658

        Reviewed by Joseph Pecoraro.

        Test: inspector/dom/highlight-multiple-shapes.html

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::buildObjectForHighlightedNode):
        * inspector/InspectorController.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::highlightSelector): Gets a list of all nodes matching a given selector string and highlights each of them.
        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::hideHighlight):
        (WebCore::InspectorOverlay::highlightNodeList): Loops through a given NodeList to create highlightObjects for each of them.
        (WebCore::InspectorOverlay::shouldShowOverlay):
        (WebCore::buildObjectForElementData): Don't show flow fragments when highlighting multiple nodes.
        (WebCore::InspectorOverlay::buildHighlightObjectForNode):
        (WebCore::InspectorOverlay::buildObjectForHighlightedNode): Now returns an array containing the highlightObject for each highligthed node.
        (WebCore::InspectorOverlay::drawNodeHighlight): Now sends an array to the InspectorOverlayPage.js to provide support for highlighting multiple nodes.
        * inspector/InspectorOverlay.h:
        * inspector/InspectorOverlayPage.js: Now expects an array as its parameter and loops through it to highlight each node given.
        If the parameter array contains more than one element, do not draw the textbox containing info on that node.
        (drawNodeHighlight):

2015-06-19  Joseph Pecoraro  <pecoraro@apple.com>

        Crash under WebCore::PageConsoleClient::addMessage attempting to log insecure content message in ImageDocument
        https://bugs.webkit.org/show_bug.cgi?id=146096

        Reviewed by Timothy Hatcher.

        Was able to reproduce this using a user stylesheet with an http css font
        on a pdf (ImageDocument) main document loaded over https. Was unable to
        create a reliable test for this scenario.

        * page/PageConsoleClient.cpp:
        (WebCore::getParserLocationForConsoleMessage):
        The scriptableDocumentParser could be null, such as in an ImageDocument.

2015-06-19  Dean Jackson  <dino@apple.com>

        Extremely large canvas crashes on pre-El Capitan machines
        https://bugs.webkit.org/show_bug.cgi?id=146169
        <rdar://problem/21410046>

        Reviewed by Tim Horton.

        On machines before El Capitan, make the maximum canvas size
        8k by 8k.

        Covered by existing tests.

        * html/HTMLCanvasElement.cpp:

2015-06-19  Tim Horton  <timothy_horton@apple.com>

        Selection services cannot be invoked when force click is enabled
        https://bugs.webkit.org/show_bug.cgi?id=146166
        <rdar://problem/21468362>

        Reviewed by Darin Adler.

        * page/mac/ServicesOverlayController.h:
        Turn Highlight::Type into something we can use for dirty flags.

        * page/mac/ServicesOverlayController.mm:
        (WebCore::ServicesOverlayController::Highlight::createForSelection):
        (WebCore::ServicesOverlayController::Highlight::createForTelephoneNumber):
        (WebCore::ServicesOverlayController::ServicesOverlayController):
        (WebCore::ServicesOverlayController::selectionRectsDidChange):
        (WebCore::ServicesOverlayController::selectedTelephoneNumberRangesChanged):
        (WebCore::ServicesOverlayController::invalidateHighlightsOfType):
        (WebCore::ServicesOverlayController::buildPotentialHighlightsIfNeeded):
        (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
        (WebCore::ServicesOverlayController::buildPhoneNumberHighlights):
        (WebCore::ServicesOverlayController::buildSelectionHighlight):
        (WebCore::ServicesOverlayController::findTelephoneNumberHighlightContainingSelectionHighlight):
        (WebCore::ServicesOverlayController::determineActiveHighlight):
        (WebCore::ServicesOverlayController::didScrollFrame):
        (WebCore::ServicesOverlayController::handleClick):
        Coalesce highlight rebuilding so that things (like TextIndicator creation)
        that change the selection and then reset it immediately don't cause us
        to lose the active highlight.

        This also means that if the selection changes multiple times in a runloop
        (easily possible from script), we won't waste a lot of time rebuilding highlights.

        (WebCore::ServicesOverlayController::didRebuildPotentialHighlights):
        Merged into buildPotentialHighlightsIfNeeded.

2015-06-19  Matt Baker  <mattbaker@apple.com>

        Web Inspector: TimelineAgent needs to handle nested runloops
        https://bugs.webkit.org/show_bug.cgi?id=145090

        Reviewed by Joseph Pecoraro.

        Previously nested run loops caused InspectorTimelineAgent to prematurely pop the current run loop record. This
        patch adds a counter to track the run loop nesting level, and rendering frame records are only pushed/popped
        when the nesting level is zero. Run loop entry/exit notifications received while the debugger is paused do not
        affect the nesting level.

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::internalStart):
        (WebCore::InspectorTimelineAgent::internalStop):
        (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
        * inspector/InspectorTimelineAgent.h:

2015-06-19  Brent Fulgham  <bfulgham@apple.com>

        Follow-up fix to r185766.
        https://bugs.webkit.org/show_bug.cgi?id=22132

        Reviewed by Zalan Bujtas.

        Suggested by Darin Adler in the bug.

        * platform/graphics/filters/FETile.cpp:
        (WebCore::FETile::platformApplySoftware): Use WTF::move when passing
        the new tileImageCopy RefPtr.

2015-06-19  Michael Catanzaro  <mcatanzaro@igalia.com>

        [SOUP] Fix return-type-c-linkage warning after r185553
        https://bugs.webkit.org/show_bug.cgi?id=146014

        Reviewed by Martin Robinson.

        * platform/network/soup/WebKitSoupRequestGeneric.cpp:
        (webkitSoupRequestGenericGetRequest): Return a pointer rather than a reference.
        * platform/network/soup/WebKitSoupRequestGeneric.h: webkitSoupRequestGenericGetRequest now
        returns a pointer rather than a reference.

2015-06-19  Dean Jackson  <dino@apple.com>

        Played <audio> looks invisible against the gray background
        https://bugs.webkit.org/show_bug.cgi?id=146164
        <rdar://problem/21014284>

        Reviewed by Brent Fulgham.

        The plus-darker blend mode was not allowing any white to
        show through in the rendering. We don't need this for
        audio controls, where we draw on an opaque grey background.

        * Modules/mediacontrols/mediaControlsiOS.css:
        (audio::-webkit-media-controls-panel): Darken the color of the controls a
        little to make white stand out more.
        (audio::-webkit-media-controls-timeline): Remove the plus-darker blending.
        (video::-webkit-media-controls-timeline): Apply blending only to video.

2015-06-19  Andy Estes  <aestes@apple.com>

        Various assertion failures occur when executing script in the midst of DOM insertion
        https://bugs.webkit.org/show_bug.cgi?id=132482

        Reviewed by Darin Adler.

        Prior to this change, when an element containing a <script> child was inserted into a document, the script was
        executed in ScriptElement::insertedInto(). That script can access nodes that follow it in the newly-inserted
        hierarchy but are not yet fully inserted, leading to at least the following problems:

            - The script could remove a node that is not yet marked as in the document.
            - The script could remove a named <map> that has yet to be added to TreeScope::m_imageMapsByName.
            - The script could remove a form control that has yet to be added to FormController::m_formElementsWithState.

        These scenarios all result in assertion failures. This change ensures that each node in the newly-inserted
        hierarchy is fully inserted before executing any scripts.

        Tests: fast/dom/element-removed-while-inserting-parent-crash.html
               fast/dom/named-map-removed-while-inserting-parent-crash.html
               fast/forms/form-control-removed-while-inserting-parent-crash.html
               svg/dom/element-removed-while-inserting-parent-crash.html

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::shouldNotifySubtreeInsertions): Renamed from insertedInto().
        Returned true in the case where insertedInto() would've called prepareScript().
        (WebCore::ScriptElement::didNotifySubtreeInsertions): Called prepareScript().
        (WebCore::ScriptElement::insertedInto): Renamed to shouldNotifySubtreeInsertions().
        * dom/ScriptElement.h:
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::insertedInto): If shouldNotifySubtreeInsertions() is true, returned InsertionShouldCallDidNotifySubtreeInsertions.
        Otherwise, returned InsertionDone.
        (WebCore::HTMLScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().
        * html/HTMLScriptElement.h:
        * svg/SVGScriptElement.cpp:
        (WebCore::SVGScriptElement::insertedInto): Did the same as HTMLScriptElement::insertedInto().
        (WebCore::SVGScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().
        * svg/SVGScriptElement.h:

2015-06-19  Brent Fulgham  <bfulgham@apple.com>

        All calls of ImageBuffer::create should null check the return value
        https://bugs.webkit.org/show_bug.cgi?id=22132

        Reviewed by Zalan Bujtas.

        ImageBuffer::create returns nullptr for a number of reasons, and should be
        expected to do so. We missed this check in a few places, resulting in
        crashes on some systems. Likewise, ImageBuffer::copyImage may return nullptr
        in normal use and should be checked.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::drawPattern): Add nullptr check for create and copyImage. Remove
        extra call to 'setImageObserver'.
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::drawPattern): Add nullptr check for copyImage.
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::drawPattern): Add nullptr checks for copyImage.
        * platform/graphics/filters/FETile.cpp:
        (WebCore::FETile::platformApplySoftware): Add nullptr check for copyImage.
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::asImageBuffer): Add nullptr check for create.
        (WebCore::FilterEffect::openCLImageToImageBuffer): Ditto.
        * platform/graphics/texmap/BitmapTexture.cpp:
        (WebCore::BitmapTexture::updateContents): Add nullptr checks for create and copyImage.
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer): Add nullptr check for copyImage.

2015-06-19  Jeremy Jones  <jeremyj@apple.com>

        Get CAContext directly for CALayer instead of walking the layer tree.
        https://bugs.webkit.org/show_bug.cgi?id=146138
        <rdar://problem/21455974>

        Reviewed by Darin Adler.

        This will get the context directly from the CALayer instead of getting all CAContexts, walking the layer tree 
        to the root and comparing that against each CAContext's root layer.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):

2015-06-18  Brent Fulgham  <bfulgham@apple.com>

        [iOS] scrollIntoViewIfNeeded is not working with scroll-snap points
        https://bugs.webkit.org/show_bug.cgi?id=145318
        <rdar://problem/21081501>

        Reviewed by Simon Fraser.

        Use the ScrollController in iOS to track the scroll snap point state.
        We do not need the animation implementation or timers since the actual
        animation is handled by UIKit.

        This change lets us communicate the current offset into the scroll snap
        offset vector between the WebProcess and RemoteScrollingTree so that
        both sides stay in sync regardless of whether user gestures or style
        updates have caused us to shift to a different snap point.

        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated): Set the
        current horizontal and vertical scroll snap offset indices.
        (WebCore::AsyncScrollingCoordinator::updateOverflowScrollingNode): Ditto.
        * page/scrolling/AsyncScrollingCoordinator.h: Mark the setActiveScrollSnapIndices
        for export so that it can be reached by the UIProcess.
        * page/scrolling/ScrollingCoordinator.h: Keep track of horizontal and
        vertical scroll snap offset indices.
        * page/scrolling/ScrollingStateScrollingNode.cpp:
        (WebCore::ScrollingStateScrollingNode::setCurrentHorizontalSnapPointIndex): Added.
        (WebCore::ScrollingStateScrollingNode::setCurrentVerticalSnapPointIndex): Added.
        * page/scrolling/ScrollingStateScrollingNode.h:
        (WebCore::ScrollingStateScrollingNode::currentHorizontalSnapPointIndex): Added.
        (WebCore::ScrollingStateScrollingNode::currentVerticalSnapPointIndex): Added.
        * page/scrolling/ScrollingTree.h:
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::updateBeforeChildren): Update the scroll snap
        point offset indices if either has changed.
        * page/scrolling/ScrollingTreeScrollingNode.h:
        (WebCore::ScrollingTreeScrollingNode::currentHorizontalSnapPointIndex): Added.
        (WebCore::ScrollingTreeScrollingNode::currentVerticalSnapPointIndex): Added.
        (WebCore::ScrollingTreeScrollingNode::setCurrentHorizontalSnapPointIndex): Added.
        (WebCore::ScrollingTreeScrollingNode::setCurrentVerticalSnapPointIndex): Added.
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::currentSnapPointIndicesDidChange): New method
        to handle notifications about scroll snap index changes from the UIProcess.
        * page/scrolling/ThreadedScrollingTree.h:
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::currentSnapPointIndicesDidChange): New method
        to handle notifications about scroll snap index changes from the UIProcess.
        * page/scrolling/ios/ScrollingTreeIOS.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): Update scroll
        snap point current offset indices if they have changed.
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffsetOnAxis): Remove unneeded
        PLATFORM(MAC) macro.
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::ScrollAnimator): We have a ScrollController if we are
        supporting scroll snap points or rubber banding.
        (WebCore::ScrollAnimator::processWheelEventForScrollSnap): This method is not needed
        for iOS builds.
        (WebCore::ScrollAnimator::updateActiveScrollSnapIndexForOffset): Enable this on iOS.
        (WebCore::ScrollAnimator::updateScrollSnapState): Renamed from 'updateScrollAnimatorsAndTimers'
        and enabled on iOS.
        (WebCore::ScrollAnimator::updateScrollAnimatorsAndTimers): Deleted.
        * platform/ScrollAnimator.h: Enable some scroll snap methods on iOS.
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::handleWheelEvent): Enable scroll snap index bookkeeping on iOS, too.
        (WebCore::ScrollableArea::updateScrollSnapState): Revise to call 'updateScrollSnapState' instead
        of 'updateScrollAnimatorsAndTimers'.
        * platform/cocoa/ScrollController.h: Enable some methods on iOS. Reorder methods to
        reduce the number of macros needed to do so.
        * platform/cocoa/ScrollController.mm:
        (systemUptime): Only build for Mac.
        (WebCore::ScrollController::ScrollController): Disable rubber band-specific members on iOS.
        (WebCore::ScrollController::handleWheelEvent): Only build this on Mac.
        (WebCore::ScrollController::isRubberBandInProgress): Always return 'false' on iOS.
        (WebCore::ScrollController::startSnapRubberbandTimer): Only build this on Mac.
        (WebCore::ScrollController::shouldRubberBandInHorizontalDirection): Ditto.
        (WebCore::ScrollController::scrollSnapPointState): Enable on iOS.
        (WebCore::ScrollController::hasActiveScrollSnapTimerForAxis): Only build on Mac.
        (WebCore::ScrollController::updateScrollSnapState): renamed from 'updateScrollAnimatorsAndTimers'
        (WebCore::ScrollController::startScrollSnapTimer): Only build on Mac.
        (WebCore::ScrollController::initializeGlideParameters): Ditto.
        (WebCore::ScrollController::activeScrollSnapIndexForAxis): Enable on iOS.
        (WebCore::ScrollController::setActiveScrollSnapIndicesForOffset): Ditto.
        (WebCore::ScrollController::beginScrollSnapAnimation): Only build on Mac.
        (WebCore::ScrollController::computeGlideDelta): Ditto.
        (WebCore::ScrollController::updateScrollAnimatorsAndTimers): Deleted.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer): Capture any changes in scroll
        snap offset indices.

2015-06-19  Jeremy Jones  <jeremyj@apple.com>

        Fullscreen view should not update bounds of video when in PiP.
        https://bugs.webkit.org/show_bug.cgi?id=146134

        Reviewed by Darin Adler.

        Don't update bounds on video layer when it is not a child.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVVideoLayer setBounds:]):

2015-06-19  Zalan Bujtas  <zalan@apple.com>

        RenderRubyText requires RenderRubyRun parent.
        https://bugs.webkit.org/show_bug.cgi?id=146148
        rdar://problem/21423319

        Reviewed by Simon Fraser.

        RenderRubyText expects its parent to be RenderRubyRun and since a
        a non-block <rt> requires anonymous wrapper, we should check whether
        the display type is actually block.

        Test: fast/ruby/crash-when-ruby-rt-is-non-block.html

        * html/RubyTextElement.cpp:
        (WebCore::RubyTextElement::createElementRenderer):

2015-06-19  Jeremy Jones  <jeremyj@apple.com>

        cancelPreviousPerformRequestsWithTarget for -resolveBounds in wrong class.
        https://bugs.webkit.org/show_bug.cgi?id=146140

        Reviewed by Eric Carlson.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebCALayerHostWrapper dealloc]): Added.
        (-[WebAVVideoLayer dealloc]): Deleted.

2015-06-19  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Null pointer crash in BitmapTexture::updateContents.
        https://bugs.webkit.org/show_bug.cgi?id=146147

        Reviewed by Brent Fulgham.

        Added null pointer check.

        * platform/graphics/texmap/BitmapTexture.cpp:
        (WebCore::BitmapTexture::updateContents):

2015-06-19  Anders Carlsson  <andersca@apple.com>

        Spintracer treats the web process as hung when it's showing JavaScript dialogs in the UI process
        https://bugs.webkit.org/show_bug.cgi?id=146124
        rdar://problem/21449395

        Reviewed by Geoffrey Garen.

        * platform/spi/cg/CoreGraphicsSPI.h:

2015-06-19  Csaba Osztrogonác  <ossy@webkit.org>

        Remove unnecessary svn:executable flags
        https://bugs.webkit.org/show_bug.cgi?id=146107

        Reviewed by Alexey Proskuryakov.

        * html/canvas/CanvasRenderingContext2D.cpp: Removed property svn:executable.
        * mathml/MathMLMencloseElement.cpp: Removed property svn:executable.
        * mathml/MathMLMencloseElement.h: Removed property svn:executable.
        * platform/efl/RenderThemeEfl.cpp: Removed property svn:executable.
        * rendering/mathml/RenderMathMLMenclose.cpp: Removed property svn:executable.
        * rendering/mathml/RenderMathMLMenclose.h: Removed property svn:executable.

2015-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Bindings generator should generate code to catch exception and reject promises for Promise-based APIs
        https://bugs.webkit.org/show_bug.cgi?id=146060

        Reviewed by Darin Adler.

        The binding generator splits the function that binds JS to the DOM class implementation in two for functions returning promise.
        The first function, called from JS, is responsible of casting this to the expected JSXXX class.
        If casting fails, an exception is raised. Otherwise, it calls the second function.
        After calling the second function, it checks whether an exception is raised, in which case it returns a rejected promise.
        The second function is responsible of argument conversion and calling the DOM class function.

        Covered by expectations and AudioContext promise still working.
        A test case is added for a promise returning function taking a typed argument as input (if argument value cannot be typed, the promise is rejected).
        A second test case is a promise-returning function that can raise an exception. In that case the DOMException is used as rejection value.

        As can be seen from generated code, this generalized code adds a mandatory check (is there an exception?) at the end of the function.
        This check is done even in cases we know there will be no exception.
        This may be covered by another patch if this optimization is thought useful enough.

        * bindings/js/JSDOMPromise.cpp:
        (WebCore::rejectPromiseWithExceptionIfAny): Utility method for the binding code.
        (WebCore::callPromiseFunction): Ditto.
        * bindings/js/JSDOMPromise.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateFunctionCastedThis): Extracted from GenerateImplementationFunctionCall to reuse it in case of promise-returning functions.
        (GenerateImplementationFunctionCall):
        (GenerateCallbackImplementation): Deleted.
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunction):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgument):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithException):
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise):
        * bindings/scripts/test/TestObj.idl:

2015-06-18  Jeremy Jones  <jeremyj@apple.com>

        Disable UIWindow for fullscreen video for selected clients.
        https://bugs.webkit.org/show_bug.cgi?id=145852

        Reviewed by Simon Fraser.

        Disable UIWindow for fullscreen video doesn't work everywhere (rdar://problem/21315993), so just disable it when creating a UIWindow won't work.
        Fix some interface hiding and layout problems that showed up in the non UIWindow code path.

        * platform/RuntimeApplicationChecksIOS.h:
        * platform/RuntimeApplicationChecksIOS.mm: Remove iAD bundle identifier.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Opt out of UIWindow when hosted in another process. And fix view parenting for non-window case.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Fix for AVKit exit fullscreen complaining about -needsLayout.

        (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen):
        (WebVideoFullscreenInterfaceAVKit::preparedToReturnToInline):
        (WebVideoFullscreenInterfaceAVKit::willStartOptimizedFullscreen):
        (WebVideoFullscreenInterfaceAVKit::didStartOptimizedFullscreen):
        (WebVideoFullscreenInterfaceAVKit::willStopOptimizedFullscreen):
        (WebVideoFullscreenInterfaceAVKit::didStopOptimizedFullscreen):
        These hide and show the view controller where we hide and show the window.

2015-06-18  Dean Jackson  <dino@apple.com>

        Provide a way for web developers to draw a Theme-specific Wireless Playback icon
        https://bugs.webkit.org/show_bug.cgi?id=146123
        <rdar://problem/21119287>

        Reviewed by Simon Fraser.

        Implement a -webkit-named-image() CSS <image> generator that allows a site to
        request artwork by name and get the platform variant. At the moment
        we only support "wireless-playback" which returns a generic image everywhere
        but Cocoa platforms, where we render the AirPlay icon.

        In order to do this I added a ThemeCocoa to share any Theme code between
        Mac and iOS.

        Test: fast/css/named-icons.html

        * WebCore.xcodeproj/project.pbxproj: Add new files CSSNamedImageValue, NamedImageGeneratedImage and ThemeCocoa.

        * css/CSSImageGeneratorValue.cpp: Handle the new NamedImageClass in the switch statements for downcasting.
        (WebCore::CSSImageGeneratorValue::image):
        (WebCore::CSSImageGeneratorValue::isFixedSize):
        (WebCore::CSSImageGeneratorValue::isPending):
        (WebCore::CSSImageGeneratorValue::knownToBeOpaque):

        * css/CSSNamedImageValue.cpp: New class. Just holds a name String.
        (WebCore::CSSNamedImageValue::customCSSText):
        (WebCore::CSSNamedImageValue::image):
        (WebCore::CSSNamedImageValue::equals):
        * css/CSSNamedImageValue.h:
        (WebCore::CSSNamedImageValue::create):
        (WebCore::CSSNamedImageValue::isFixedSize):
        (WebCore::CSSNamedImageValue::isPending):
        (WebCore::CSSNamedImageValue::CSSNamedImageValue):

        * css/CSSParser.cpp:
        (WebCore::CSSParser::isGeneratedImageValue): Allow "-webkit-named-image(".
        (WebCore::CSSParser::parseGeneratedImage): Call parseNamedImage if we hit named-icon.
        (WebCore::CSSParser::parseNamedImage): Parse the function looking for a CSS ident.
        * css/CSSParser.h:

        * css/CSSValue.cpp: Handle NamedImageClass in the various switch statements.
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        * css/CSSValue.h:
        (WebCore::CSSValue::isNamedImageValue): Helper to detect the correct CSSValue subclass.

        * platform/Theme.cpp:
        (WebCore::Theme::drawNamedImage): Draw a generic wireless playback icon.
        * platform/Theme.h: Add drawNamedImage.

        * platform/cocoa/ThemeCocoa.cpp: New shared base class for ThemeMac and ThemeIOS.
        (WebCore::fitContextToBox):
        (WebCore::ThemeCocoa::drawNamedImage): Draw an AirPlay icon for wireless playback.
        * platform/cocoa/ThemeCocoa.h:

        * platform/graphics/CrossfadeGeneratedImage.h: Drive-by removal of unnecessary forward class definition.

        * platform/graphics/ImageBuffer.h: Add NamedImageGeneratedImage as a friend class.

        * platform/graphics/NamedImageGeneratedImage.cpp: New class. Calls into the Theme to render the artwork.
        (WebCore::NamedImageGeneratedImage::NamedImageGeneratedImage):
        (WebCore::NamedImageGeneratedImage::draw):
        (WebCore::NamedImageGeneratedImage::drawPattern):
        * platform/graphics/NamedImageGeneratedImage.h:

        * platform/ios/ThemeIOS.h: Inherit from ThemeCocoa.
        * platform/mac/ThemeMac.h: Ditto.

2015-06-18  KyungTae Kim  <ktf.kim@samsung.com> and Myles C. Maxfield  <mmaxfield@apple.com>

        [CSS3] Add support for the word-break:keep-all CSS property
        https://bugs.webkit.org/show_bug.cgi?id=123782

        Reviewed by Darin Adler.

        Add support for word-break:keep-all CSS property by CSS3 spec:
        http://www.w3.org/TR/2013/WD-css-text-3-20131010/#word-break-property

        Test: fast/text/word-break-keep-all.html

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator EWordBreak):
        * css/CSSValueKeywords.in:
        * rendering/RenderText.cpp:
        (WebCore::RenderText::computePreferredLogicalWidths):
        * rendering/break_lines.h:
        (WebCore::nextBreakablePositionKeepingAllWords):
        (WebCore::nextBreakablePositionKeepingAllWordsIgnoringNBSP):
        (WebCore::isBreakable):
        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::handleText):
        (WebCore::BreakingContext::optimalLineBreakLocationForTrailingWord):
        * rendering/style/RenderStyleConstants.h:

2015-06-18  Jon Lee  <jonlee@apple.com>

        Update AVKit usage of pip
        https://bugs.webkit.org/show_bug.cgi?id=146095
        <rdar://problem/21386853>

        Reviewed by Eric Carlson.

        - Rename enum VideoFullscreenModeOptimized to VideoFullscreenModePictureInPicture
        - Rename MediaElementSession::allowsAlternateFullscreen to allowsPictureInPicture
        - Rename Settings::allowsAlternateFullscreen to allowsPictureInPictureMediaPlayback
        - Update AVKit calls and AVKitSPI.h
        - Rename WebVideoFullscreenInterfaceAVKit delegate functions and member variables

        * html/HTMLMediaElement.cpp:
        * html/HTMLVideoElement.cpp:
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::allowsPictureInPicture): Renamed.
        (WebCore::MediaElementSession::allowsAlternateFullscreen): Deleted.
        * html/MediaElementSession.h:
        * page/Settings.cpp:
        * page/Settings.in:
        * platform/graphics/MediaPlayerEnums.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h: Remove unused setIsOptimized.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        * platform/spi/cocoa/AVKitSPI.h: Remove unused typedef.
        * platform/spi/mac/AVFoundationSPI.h:

2015-06-18  Jeremy Jones  <jeremyj@apple.com>

        Fix crash when entering fullscreen during exit fullscreen animation.
        https://bugs.webkit.org/show_bug.cgi?id=146117

        Reviewed by Simon Fraser.

        Because enterFullscreen can be called during exitFullscreen animation, the exit fullscreen teardown
        should not imply a fullscreen state change on video element.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::exitFullscreen): May be called from mainThread
        (-[WebVideoFullscreenController exitFullscreen]): May be called from mainThread
        * platform/ios/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::setVideoElement): 
        Changing associated video element does not imply fullscreen mode change.

2015-06-18  Brian J. Burg  <burg@cs.washington.edu>

        Web Inspector: improve generated types for objects passed to backend commands
        https://bugs.webkit.org/show_bug.cgi?id=146091

        Reviewed by Joseph Pecoraro.

        Update type signatures for backend command implementations. In a few cases, clean
        up relevant helper function signatures and copy data out of parameter objects where
        the code previously held onto a reference.

        No new tests, no behavior changed.

        * inspector/InspectorCSSAgent.cpp:
        (WebCore::computePseudoClassMask):
        (WebCore::InspectorCSSAgent::setStyleText):
        (WebCore::InspectorCSSAgent::setRuleSelector):
        (WebCore::InspectorCSSAgent::forcePseudoState):
        * inspector/InspectorCSSAgent.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::parseColor):
        (WebCore::parseConfigColor):
        (WebCore::parseQuad):
        (WebCore::InspectorDOMAgent::performSearch):
        (WebCore::InspectorDOMAgent::setSearchingForNode):
        (WebCore::InspectorDOMAgent::highlightConfigFromInspectorObject):
        (WebCore::InspectorDOMAgent::setInspectModeEnabled):
        (WebCore::InspectorDOMAgent::highlightRect):
        (WebCore::InspectorDOMAgent::highlightQuad):
        (WebCore::InspectorDOMAgent::innerHighlightQuad):
        (WebCore::InspectorDOMAgent::highlightNode):
        (WebCore::InspectorDOMAgent::highlightFrame):
        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMStorageAgent.cpp:
        (WebCore::InspectorDOMStorageAgent::getDOMStorageItems):
        (WebCore::InspectorDOMStorageAgent::setDOMStorageItem):
        (WebCore::InspectorDOMStorageAgent::removeDOMStorageItem):
        (WebCore::InspectorDOMStorageAgent::findStorageArea):
        * inspector/InspectorDOMStorageAgent.h:
        * inspector/InspectorIndexedDBAgent.cpp:
        (WebCore::InspectorIndexedDBAgent::requestData):
        * inspector/InspectorIndexedDBAgent.h:
        * inspector/InspectorReplayAgent.cpp:
        (WebCore::InspectorReplayAgent::replayToPosition):
        * inspector/InspectorReplayAgent.h:
        * inspector/InspectorResourceAgent.cpp:
        (WebCore::InspectorResourceAgent::willSendRequest):
        (WebCore::InspectorResourceAgent::setExtraHTTPHeaders):
        Clean up extraHTTPHeaders to copy header key/values out of the InspectorObject, rather
        than retaining the protocol object indefinitely. This matches the ownership scheme used
        everywhere else.

        * inspector/InspectorResourceAgent.h:
        * inspector/InspectorStyleSheet.h:
        (WebCore::InspectorCSSId::InspectorCSSId):
        * inspector/InspectorWorkerAgent.cpp:
        (WebCore::InspectorWorkerAgent::sendMessageToWorker):
        * inspector/InspectorWorkerAgent.h:

2015-06-18  Anders Carlsson  <andersca@apple.com>

        Remove shouldInterruptJavaScript
        https://bugs.webkit.org/show_bug.cgi?id=146118

        Reviewed by Antti Koivisto.

        The WebKit SPI methods for deciding whether JavaScript execution should be interrupted hasn't been used
        for many releases. Furthermore, they don't make sense in the multi-process architecture since it's still possible
        to interrupt execution (by closing the browser tab or window) from the UI process.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::shouldInterruptScript):
        * loader/EmptyClients.h:
        * page/Chrome.cpp:
        (WebCore::Chrome::shouldInterruptJavaScript): Deleted.
        * page/Chrome.h:
        * page/ChromeClient.h:

2015-06-18  Benjamin Poulain  <bpoulain@apple.com>

        [CSS JIT][ARMv7] The pseudo element early exit trashes r6
        https://bugs.webkit.org/show_bug.cgi?id=146078

        Reviewed by Alex Christensen.

        The pseudo element early failure runs before we generate the prologue.
        The reason is that we can often exit immediately on function entry, before
        we even touch any memory.

        On ARMv7, we don't have many spare registers so the MacroAssembler
        uses r6 as a scratch register and the client code is expected to save
        it.

        In the early failure case, we were not pushing r6 before using the MacroAssembler
        and its value could be trashed.

        This patch push the macro assembler registers separately from the prologue.

        For restoring the registers, a new function generateFunctionEnding() encapsulate
        the pop() and ret().

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::pushMacroAssemblerRegisters):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::popMacroAssemblerRegisters):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generatePrologue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateEpilogue):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):

        * cssjit/StackAllocator.h:
        (WebCore::StackAllocator::operator=):
        We have a new case for the stack allocator: some stack changes are conditional
        at compile time instead of runtime. This is easy to deal with by overriding
        the stack if a path is not taken at compile time.

2015-06-17  Conrad Shultz  <conrad_shultz@apple.com>

        REGRESSION: js/dom/navigator-plugins-crash.html asserts a lot
        https://bugs.webkit.org/show_bug.cgi?id=144399

        Reviewed by Darin Adler.

        Earlier work made the array of web-visible plug-ins dynamic, but allowed DOMPlugin (and, indirectly by extension,
        DOMMimeType) to continue keeping a reference to a plug-in in terms of an index into that array. This superficially
        appeared correct since DOMPlugin immutably holds onto a PluginData instance, which in turn immutably holds onto a
        Page instance. PluginStrategy::getWebVisiblePluginInfo() is passed this Page, which is used to determine the contents
        of the plugin array. The expectation was that keeping an index would still be safe since the Page is not changing,
        but this is not strictly correct since relevant attributes of the Page and/or the available plugins may still change.

        It's not entirely clear why the test failures are intermittent and occur only on certain configurations, but address
        them by eliminating the incorrect storage of indexes in favor of keeping copies of the relevant plugin info itself.

        * plugins/DOMMimeType.cpp:
        (WebCore::DOMMimeType::DOMMimeType):
        Instead of storing the MIME type index, retrieve and store the MIME class info and plugin info.
        (WebCore::DOMMimeType::type):
        Directly access the m_mimeClassInfo member.
        (WebCore::DOMMimeType::suffixes):
        Ditto.
        (WebCore::DOMMimeType::description):
        Ditto.
        (WebCore::DOMMimeType::enabledPlugin):
        Directly access the m_pluginInfo member.
        (WebCore::DOMMimeType::mimeClassInfo): Deleted.

        * plugins/DOMMimeType.h:
        Update member variables.

        * plugins/DOMPlugin.cpp:
        (WebCore::DOMPlugin::DOMPlugin):
        Instead of storing the plugin index, store the plugin info directly.
        (WebCore::DOMPlugin::name):
        Directly access m_pluginInfo.
        (WebCore::DOMPlugin::filename):
        Ditto.
        (WebCore::DOMPlugin::description):
        Ditto.
        (WebCore::DOMPlugin::length):
        Ditto.
        (WebCore::DOMPlugin::item):
        Access m_pluginInfo directly; find the matching plug-in based on matching PluginInfo (for which an overloaded
        comparator is supplied below).
        (WebCore::DOMPlugin::pluginInfo): Deleted.

        * plugins/DOMPlugin.h:
        Update member variables.
        (WebCore::DOMPlugin::create):
        Accept a PluginInfo instead of a plugin index.

        * plugins/DOMPluginArray.cpp:
        (WebCore::DOMPluginArray::item):
        (WebCore::DOMPluginArray::namedItem):

        * plugins/PluginData.h:
        (WebCore::operator==):
        Added; compare PluginInfo structs on the basis of member equality.

2015-06-17  Alex Christensen  <achristensen@webkit.org>

        [Content Extensions] Log blocked loads to the WebInspector console
        https://bugs.webkit.org/show_bug.cgi?id=146089

        Reviewed by Joseph Pecoraro.

        * contentextensions/ContentExtensionsBackend.cpp:
        (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
        (WebCore::ContentExtensions::ContentExtensionsBackend::displayNoneCSSRule):
        Log which URLs are blocked and the URL of the page they are blocked from.

2015-06-18  Joseph Pecoraro  <pecoraro@apple.com>

        Crash under WebCore::DOMWindow::dispatchMessageEventWithOriginCheck attempting to log console message
        https://bugs.webkit.org/show_bug.cgi?id=146093

        Reviewed by Timothy Hatcher.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::dispatchMessageEventWithOriginCheck):
        The console could be null so null check its use.

2015-06-18  Csaba Osztrogonác  <ossy@webkit.org>

        Suppress null-conversion warnings in ANGLE
        https://bugs.webkit.org/show_bug.cgi?id=145125

        Reviewed by Alex Christensen.

        * CMakeLists.txt:

2015-06-18  Youenn Fablet <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] Implement ReadableStreamReader.releaseLock
        https://bugs.webkit.org/show_bug.cgi?id=145299

        Reviewed by Darin Adler.

        Covered by rebased tests.

        * Modules/streams/ReadableStream.cpp:
        (WebCore::ReadableStream::close): Moving some close code to newly added releaseReader.
        (WebCore::ReadableStream::releaseReader): Implements reader release and callbacks finalization.
        (WebCore::ReadableStream::changeStateToErrored): Calls releaseReader.
        * Modules/streams/ReadableStream.h:
        (WebCore::ReadableStream::hasReadPendingRequests): Added to enable reader.releaseLock throwing if read requests are pending.
        * Modules/streams/ReadableStreamReader.cpp:
        (WebCore::ReadableStreamReader::releaseLock): Implementation of releaseLock
        * Modules/streams/ReadableStreamReader.h:
        * Modules/streams/ReadableStreamReader.idl:
        (WebCore::releaseLock): Deleted.

2015-06-18  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        GObject and ObjC bindings generator should not generate code for promise-based APIs
        https://bugs.webkit.org/show_bug.cgi?id=146059

        Reviewed by Darin Adler.

        Covered by rebased expectations.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction): Disabling GObject DOM binding for functions returning promises.
        * bindings/scripts/CodeGeneratorObjC.pm:
        (SkipFunction): Disabling ObjC DOM binding for functions returning promises.
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp: Rebasing expectation.
        (webkit_dom_test_obj_get_read_only_long_attr): Deleted.
        (webkit_dom_test_obj_get_read_only_string_attr): Deleted.
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h: Rebasing expectation.
        * bindings/scripts/test/ObjC/DOMTestObj.h: Ditto.
        * bindings/scripts/test/ObjC/DOMTestObj.mm: Ditto.
        (core): Deleted.

2015-06-17  Ryuan Choi  <ryuan.choi@navercorp.com>

        [EFL] test_ewk2_context_url_scheme_register has been crashed since r185553
        https://bugs.webkit.org/show_bug.cgi?id=146075

        Reviewed by Carlos Garcia Campos.

        Since r185553, CustomProtocolManager sends StartLoading message to UIProcess
        with request of SoupGenericRequest instead of request itself.
        But, request of SoupGenericRequest is nullptr in EFL port because EFL port
        does not use m_initiatingPageID.

        This patch updates request of SoupGenericRequest although m_initiatingPageID is null.

        * platform/network/soup/ResourceRequestSoup.cpp: 
        (WebCore::ResourceRequest::updateSoupRequest):

2015-06-17  Daniel Bates  <dabates@apple.com>

        Client may receive began editing callback for already focused text field
        https://bugs.webkit.org/show_bug.cgi?id=146074
        <rdar://problem/21293562>

        Reviewed by Darin Adler.

        Fixes an issue where the client would be notified that began editing in a text field
        for each programmatic DOM focus event dispatched at the text field regardless of
        whether the field was focused. The client should only be notified that began editing
        exactly once when a text field becomes focused (either programmatically or by user interaction).

        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::forwardEvent): Move logic to dispatch editing began callback from here...
        (WebCore::TextFieldInputType::handleFocusEvent): to here. This function is called when the
        text field becomes newly focused.
        * html/TextFieldInputType.h:

2015-06-17  Alex Christensen  <achristensen@webkit.org>

        [Content Extensions] Fail to parse invalid arrays
        https://bugs.webkit.org/show_bug.cgi?id=146079
        rdar://problem/21422649

        Reviewed by Benjamin Poulain.

        Covered by new and corrected API tests.

        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::loadTrigger):
        Fail to parse invalid arrays for if-domain, unless-domain, resource-type, and load-type arrays.

2015-06-16  Jon Honeycutt  <jhoneycutt@apple.com>

        Position::findParent() should take a reference
        https://bugs.webkit.org/show_bug.cgi?id=146038

        Reviewed by Darin Adler.

        * dom/Position.cpp:
        (WebCore::Position::containerNode):
        (WebCore::Position::parentAnchoredEquivalent):
        Pass a reference; there is already a null check.
        (WebCore::Position::previous):
        Add a missing null check. Code below this expects that node is non-null.
        (WebCore::Position::next):
        Ditto.
        (WebCore::Position::atStartOfTree):
        (WebCore::Position::atEndOfTree):
        Pass a reference.
        (WebCore::Position::findParent):
        Changed to take a reference.

        * dom/Position.h:
        Ditto.

2015-06-17  Brent Fulgham  <bfulgham@apple.com>

        Overflow regions with scroll snap points are not reliably rubber banding
        https://bugs.webkit.org/show_bug.cgi?id=142522
        <rdar://problem/20100726>

        Reviewed by Darin Adler.

        When computing the target scroll destination, update the nearest snap point index
        and other bookkeeping, but keep the original gesture target if it would have taken
        us beyond either limit of the scroll container.

        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollExtents): Add new method
        to support client API.
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::scrollExtents): Add new method to support client API.
        * platform/ScrollAnimator.h:
        * platform/cocoa/ScrollController.h:
        (WebCore::ScrollControllerClient::scrollExtents): Added new pure virtual method to API.
        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::beginScrollSnapAnimation): Hold onto original user gesture
        target, and use that instead of our nearest snap point if the gesture takes us past
        either extreme of the scroll container.

2015-06-17  Tim Horton  <timothy_horton@apple.com>

        Swipe gesture can get stuck, preventing scrolling and other gestures
        https://bugs.webkit.org/show_bug.cgi?id=146088
        <rdar://problem/16056087>

        Reviewed by Darin Adler.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/spi/mac/NSEventSPI.h: Added.
        Add an SPI header.

2015-06-16  Matt Rajca  <mrajca@apple.com>

        MediaSession: handle MediaEventTrackNext and MediaEventTrackPrevious events
        https://bugs.webkit.org/show_bug.cgi?id=146028

        Reviewed by Darin Adler.

        * Modules/mediasession/MediaRemoteControls.idl: Added nexttrack/previoustrack event handlers.
        * Modules/mediasession/MediaSession.cpp: Dispatch the nexttrack/previoustrack events.
        (WebCore::MediaSession::skipToNextTrack):
        (WebCore::MediaSession::skipToPreviousTrack):
        * Modules/mediasession/MediaSession.h:
        * Modules/mediasession/MediaSessionManager.cpp: Skip to the next/previous track as described in the media session spec.
        (WebCore::MediaSessionManager::skipToNextTrack):
        (WebCore::MediaSessionManager::skipToPreviousTrack):
        * Modules/mediasession/MediaSessionManager.h:
        * dom/EventNames.h: Added the nexttrack/previoustrack event names.
        * page/Page.cpp: Tell MediaSessionManager to handle the new track-skipping events.
        (WebCore::Page::handleMediaEvent):

2015-06-17  Chris Fleizach  <cfleizach@apple.com>

        AX: VoiceOver in iOS not announcing generic WAI-ARIA region, even if labelled properly
        https://bugs.webkit.org/show_bug.cgi?id=146066

        Reviewed by Darin Adler.

        Allow the region role to identify as a landmark type.

        Updated test: platform/ios-simulator/accessibility/landmark-types.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):

2015-06-17  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r173283-r173296): Amazon.com front page has no caret in the search field
        https://bugs.webkit.org/show_bug.cgi?id=146073
        rdar://problem/21022203

        Reviewed by Tim Horton.

        Text controls (text inputs and textareas) need backing store even when empty, because
        they need to be able to paint a caret.

        Test: compositing/backing/form-controls-backing.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isSimpleContainerCompositingLayer):

2015-06-17  Zalan Bujtas  <zalan@apple.com>

        Selection cache produces invalid result when ancestor has float element.
        https://bugs.webkit.org/show_bug.cgi?id=146042
        rdar://problem/20604592

        Reviewed by Ryosuke Niwa.

        Selection cache already takes floats into account, however it's not enough to check current
        block against floats. Any of the ancestor's float starting from the selection root block
        can impact the selection offsets.

        Test: fast/block/selection-cache-is-incorrect-when-non-direct-parent-has-float.html

        * rendering/LogicalSelectionOffsetCaches.h:
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::ContainingBlockInfo):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::block):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::cache):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::hasFloatsOrFlowThreads):
        (WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):

2015-06-17  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Expose element tag name as an object attribute
        https://bugs.webkit.org/show_bug.cgi?id=146062

        Reviewed by Mario Sanchez Prada.

        Expose the element tag name as an object attribute with name "tag" and
        value being the lowercase tag name, both being what Gecko does for ATK.

        No new tests. We already have sufficient coverage for AtkObject attributes.
        These tests have been updated to reflect the addition of the new attribute.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):

2015-06-17  Antti Koivisto  <antti@apple.com>

        iOS WebKit1: [LegacyTileLayer drawInContext:] should ensure it has web lock
        https://bugs.webkit.org/show_bug.cgi?id=146072
        rdar://problem/21149759

        Reviewed by Simon Fraser

        There are some scenarios where we end up drawing without web lock due to client or system issues.
        This can cause crashes.

        * platform/ios/LegacyTileLayer.mm:
        (-[LegacyTileLayer setNeedsDisplayInRect:]):
        (-[LegacyTileLayer drawInContext:]):

            Ensure we have the web lock when called in main thread (even though we should have it already).

2015-06-17  Brent Fulgham  <bfulgham@apple.com>

        CSS scroll snap: defining snap points on axis that does not scroll does not work properly
        https://bugs.webkit.org/show_bug.cgi?id=146043
        <rdar://problem/20125511>

        Reviewed by Simon Fraser.

        Tested by css3/scroll-snap/scroll-snap-mismatch.html

        We always seed the set of scroll snap points with the start and end of the scroll container. This is not
        the right behavior if there are no scroll points defined, because we end up creating a snap for the start
        and end of the container, and any scroll gesture just takes us across the entire element.
        
        Instead, when we do not find any scroll snap points, we should clear the snap point state for the container.

        * page/scrolling/AxisScrollSnapOffsets.cpp:
        (WebCore::updateFromStyle): If we did not find any snap points (i.e., the snapOffsets container
        only holds '0', return an empty Vector. 
        (WebCore::updateSnapOffsetsForScrollableArea): If the set of snap points produced by 'updateFromStyle' is empty,
        clear the horizontal (or vertical) snap offsets for the scroll area.
        

2015-06-17  Chris Fleizach  <cfleizach@apple.com>

        AX: input role="spinbutton" gets skipped in voiceover
        https://bugs.webkit.org/show_bug.cgi?id=145514

        Reviewed by Mario Sanchez Prada.

        SpinButton role was added, but left out of iOS.
        To prevent this from happening again, explicitly list every role in the switch statement that
        determines accessible visibility.

        Test: platform/ios-simulator/accessibility/spinbutton.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
        (-[WebAccessibilityObjectWrapper isAccessibilityElement]):

2015-06-17  Xabier Rodriguez Calvar  <calvaris@igalia.com> and Youenn Fablet <youenn.fablet@crf.canon.fr>

        [Streams API] ReadableJSStream should handle promises returned by JS source pull callback
        https://bugs.webkit.org/show_bug.cgi?id=145965

        Reviewed by Darin Adler.

        Implemented asynchronous pulling.
        In particular, ensuring that doPull is not called as long as previous call to doPull is finished.
        Storing whether to pull automatically when the current pull is finished. 

        Covered by rebased tests.

        * Modules/streams/ReadableStream.cpp:
        (WebCore::ReadableStream::pull): stores whether to pull again.
        (WebCore::ReadableStream::finishPulling): called when pulling finishes.
        * Modules/streams/ReadableStream.h:
        * bindings/js/ReadableJSStream.cpp:
        (WebCore::createPullResultFulfilledFunction): The promise resolve callback.
        (WebCore::ReadableJSStream::doPull): Handling of promise.
        * bindings/js/ReadableJSStream.h:

2015-06-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        WebProcess crashes after too many redirect error when there's an active NPAPI plugin
        https://bugs.webkit.org/show_bug.cgi?id=146019

        Reviewed by Darin Adler.

        This happens with the GTK+ port after a navigation action ends up
        in an infinite redirection and the ResourceHandle fails with too
        many redirections error. I should actually happen after any error
        is reported by the ResourceHnalder before the load is
        committed. But tt only happens if there's an active NPAPI
        plugin. The problem is that FrameLoader::receivedMainResourceError()
        is called recursively because DocumentLoader::stopLoading() ends up
        calling mainReceivedError() that calls FrameLoader::receivedMainResourceError()
        again. DocumentLoader::stopLoading() checks if the document is
        still loading, which can happen if the main resource is loading,
        if there's any subresource loading or if there's a plugin
        loading. So, in case of being loading, those cases are handled
        individually to cancel the main resource, or set an error in the
        document loader and cancel subresources and plugins, except for
        this case of plugins, that mainReceivedError is called instead of
        setting cancelled error on the document loader.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading): If the document is still
        loading because there are active plugins, set the cancelled error
        on the document instead of calling mainReceivedError again.

2015-06-16  Youenn Fablet <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] Implement ReadableStream locked property
        https://bugs.webkit.org/show_bug.cgi?id=146023

        Reviewed by Darin Adler.

        Covered by rebased tests.

        * Modules/streams/ReadableStream.h:
        (WebCore::ReadableStream::locked): Renamed isLocked by locked.
        * Modules/streams/ReadableStream.idl: Adding locked.
        * bindings/js/JSReadableStreamCustom.cpp:
        (WebCore::JSReadableStream::getReader): Using isLocked.
        * bindings/js/JSReadableStreamReaderCustom.cpp:
        (WebCore::constructJSReadableStreamReader): Using isLocked.

2015-06-16  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(r184899): [Cocoa] font-variant: small-caps is not honored with web fonts
        https://bugs.webkit.org/show_bug.cgi?id=145873
        <rdar://problem/21314282>

        Reviewed by Dean Jackson.

        When font-variant: small-caps is applied, we create a smaller version of the original font
        and draw capital characters in that smaller font. CGFontRefs do not have an intrinsic size,
        and web fonts historically only had a CGFontRef, which means that there was no need to
        convert the CGFontRef to be smaller (as opposed to regular fonts, which had a CTFontRef and
        therefore needed the conversion). Instead, we just changed m_size, which represents
        the size that the text should be drawn in.

        However, r184899 gave CTFontRefs to web fonts. This means that now the FontPlatformData's
        m_size variable disagreed with the CTFontRef member. The solution here is to unify the web
        font and regular font codepaths, and treat them the same throughout.

        Note that this patch removes the last use of the m_isCustomFont variable. As soon as we
        entirely migrate to CORETEXT_WEB_FONTS, we should delete this variable.

        Test: fast/text/small-caps-web-font.html

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::platformCreateScaledFont): Treat web fonts the same as regular fonts.
        * platform/text/TextFlags.h: Add a comment regarding teh deletion of m_isCustomFont.

2015-06-16  Alex Christensen  <achristensen@webkit.org>

        [Content Extensions] Implement branch compaction for DFA bytecode.
        https://bugs.webkit.org/show_bug.cgi?id=145619

        Reviewed by Benjamin Poulain.

        This patch adds another pass to the DFABytecodeCompiler which finds where the bytecode from each node
        would be if it were compiled with no branch compaction, then uses that as a worst-case value to determine
        how many bytes are needed to store the relative jump distance.  Then when linking, it will fill in the 
        value as it already did, but with a variable size jump.  The jumps are also now signed distances relative to
        where the jump is stored.

        This patch is covered by existing tests, which have many jumps that are near the -128/127 byte boundary,
        and the switch from 16-bit jumps to 32-bit jumps near the -65536/65535 byte boundary is analogous.

        * contentextensions/ContentExtensionCompiler.cpp:
        (WebCore::ContentExtensions::compileRuleList):
        * contentextensions/DFABytecode.h:
        (WebCore::ContentExtensions::smallestPossibleJumpSize):
        (WebCore::ContentExtensions::instructionSizeWithArguments):
        * contentextensions/DFABytecodeCompiler.cpp:
        (WebCore::ContentExtensions::append):
        (WebCore::ContentExtensions::appendZeroes):
        (WebCore::ContentExtensions::setBits):
        (WebCore::ContentExtensions::appendActionBytecodeSize):
        (WebCore::ContentExtensions::DFABytecodeCompiler::emitAppendAction):
        (WebCore::ContentExtensions::DFABytecodeCompiler::longestPossibleJump):
        (WebCore::ContentExtensions::DFABytecodeCompiler::emitJump):
        (WebCore::ContentExtensions::DFABytecodeCompiler::emitCheckValue):
        (WebCore::ContentExtensions::DFABytecodeCompiler::emitCheckValueRange):
        (WebCore::ContentExtensions::DFABytecodeCompiler::emitTerminate):
        (WebCore::ContentExtensions::DFABytecodeCompiler::compileNode):
        (WebCore::ContentExtensions::DFABytecodeCompiler::compiledNodeMaxBytecodeSize):
        (WebCore::ContentExtensions::DFABytecodeCompiler::ranges):
        (WebCore::ContentExtensions::DFABytecodeCompiler::checkForRangeMaxBytecodeSize):
        (WebCore::ContentExtensions::DFABytecodeCompiler::compileCheckForRange):
        (WebCore::ContentExtensions::DFABytecodeCompiler::nodeTransitionsMaxBytecodeSize):
        (WebCore::ContentExtensions::DFABytecodeCompiler::compileNodeTransitions):
        (WebCore::ContentExtensions::DFABytecodeCompiler::compile):
        (WebCore::ContentExtensions::set32Bits): Deleted.
        * contentextensions/DFABytecodeCompiler.h:
        * contentextensions/DFABytecodeInterpreter.cpp:
        (WebCore::ContentExtensions::getBits):
        (WebCore::ContentExtensions::getInstruction):
        (WebCore::ContentExtensions::jumpSizeInBytes):
        (WebCore::ContentExtensions::getJumpSize):
        (WebCore::ContentExtensions::getJumpDistance):
        (WebCore::ContentExtensions::DFABytecodeInterpreter::interpretAppendAction):
        (WebCore::ContentExtensions::DFABytecodeInterpreter::interpretTestFlagsAndAppendAction):
        (WebCore::ContentExtensions::DFABytecodeInterpreter::actionsForDefaultStylesheetFromDFARoot):
        (WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):
        * loader/ResourceLoadInfo.h:

2015-06-16  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [GTK] [Wayland] Should be possible to build with support for both X11 and Wayland.
        https://bugs.webkit.org/show_bug.cgi?id=145701

        Reviewed by Darin Adler.

        No new tests, no behavior changes.

        When building both targets, we have to include the wayland-egl
        headers in order to build the Wayland target. This causes that
        EGLNativePixmapType and EGLNativeWindowType get defined as
        different types than when building only the X11 target.

        By type casting them to the ones that are expected, we are able
        to build both targets at the same time.

        I have done tests (building each target alone as also both targets
        at the same time), and everything seems to works as expected.

        Once built for both targets, if you try to launch the MiniBrowser
        from inside a Wayland compositor (Weston on top of X for example),
        it will trigger the X11 target if the DISPLAY environment variable
        is set and the environment variable GDK_BACKEND is not set to wayland,
        otherwise it will trigger the Wayland target.

        * platform/graphics/GLContext.cpp:
        (WebCore::GLContext::createContextForWindow): Add type casts. We have
        to consider here two different type casts depending on the type of
        GLNativeWindowType to avoid a build failure on 32-bits platforms.
        The static_cast one was already beeing done as an implicit cast
        (from uint64_t to XID), the reinterpret_cast is the new one that
        we need to do only when building on both platforms.
        * platform/graphics/egl/GLContextEGL.cpp: Add missing include when
        building both targets that is required for defining DefaultRootWindow().
        (WebCore::GLContextEGL::createPixmapContext): Add type cast.

2015-06-15  Jon Honeycutt  <jhoneycutt@apple.com>

        [iOS] Crash long pressing on <input type=file>
        https://bugs.webkit.org/show_bug.cgi?id=146009
        <rdar://problem/21234453>

        Reviewed by Ryosuke Niwa.

        * dom/Position.cpp:
        (WebCore::Position::atStartOfTree):
        (WebCore::Position::atEndOfTree):
        Null check the container node before passing it to findParent().

2015-06-15  Chris Fleizach  <cfleizach@apple.com>

        AX:  iOS accessibility tests are not running because we need WKTR support
        https://bugs.webkit.org/show_bug.cgi?id=145991

        Reviewed by Daniel Bates.

        Make some minor modifications to support notification handling in WKTR.

        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postPlatformNotification):
        (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityClickPoint]):
        (-[WebAccessibilityObjectWrapper description]):
        (-[WebAccessibilityObjectWrapper accessibilitySetPostedNotificationCallback:withContext:]): Deleted.
        (-[WebAccessibilityObjectWrapper accessibilityPostedNotification:]): Deleted.

2015-06-16  Mark Lam  <mark.lam@apple.com>

        Use NakedPtr<Exception>& to return exception results.
        https://bugs.webkit.org/show_bug.cgi?id=145870

        Reviewed by Anders Carlsson and Filip Pizlo.

        No new WebCore tests because this functionality is already covered by existing tests.
        API tests added for WTF::NakedPtr.

        * bindings/js/JSCallbackData.cpp:
        (WebCore::JSCallbackData::invokeCallback):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSErrorHandler.cpp:
        (WebCore::JSErrorHandler::handleEvent):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSMainThreadExecState.cpp:
        (WebCore::JSMainThreadExecState::didLeaveScriptContext):
        (WebCore::functionCallHandlerFromAnyThread):
        (WebCore::evaluateHandlerFromAnyThread):
        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState::currentState):
        (WebCore::JSMainThreadExecState::call):
        (WebCore::JSMainThreadExecState::evaluate):
        * bindings/js/JSMutationCallback.cpp:
        (WebCore::JSMutationCallback::call):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::executeFunctionInContext):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld):
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::evaluate):
        (WebCore::WorkerScriptController::setException):
        * bindings/js/WorkerScriptController.h:
        (WebCore::WorkerScriptController::workerGlobalScopeWrapper):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject callWebScriptMethod:withArguments:]):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::importScripts):

2015-06-16  Brent Fulgham  <bfulgham@apple.com>

        CSS Scroll Snap - support snapping to nested elements
        https://bugs.webkit.org/show_bug.cgi?id=145843
        <rdar://problem/21339581>

        Reviewed by Darin Adler.

        Tested by css3/scroll-snap/nested-elements.html

        The Scroll Snap Point implementation was not properly handling nested elements.
        This could be resolved by recursively calling 'appendChildSnapOffsets', but this
        seemed like an inefficient approach, especially considering how often this method
        is called during various scaling and other operations.
        
        Instead, do the following:
        (1) Add a new HashSet to RenderView that holds a collection of RenderElements that
            have scroll-snap-coordinates.
        (2) During RenderElement::styleWillChange, register all elements that have the
            scroll-snap-coordinates style with the RenderView.
        (3) When performing 'appendChildSnapOffsets', refer to the HashSet of elements, select the
            subset of these entries relevant to the current scrolling container, and build up the
            set of scroll-snap-coordinates needed for the current scrolling container.

        * page/scrolling/AxisScrollSnapOffsets.cpp:
        (WebCore::appendChildSnapOffsets): Check the scroll-snap-coordinate RenderElement HashSet
        for the RenderView to find all elements that are children of the current scrolling container.
        Add the scroll-snap-coordinates for these RenderElements to the current set of snap points.
        * rendering/RenderElement.cpp:
        (WebCore::findEnclosingScrollableContainer): New helper function.
        (WebCore::RenderElement::styleWillChange): If the current element has scroll-snap-coordinate
        defined, remember it for later so we can use it with the relevant scrolling container
        after layout completes.
        (WebCore::RenderElement::willBeRemovedFromTree): Unregister the current element from the
        RenderView.
        (WebCore::RenderElement::findEnclosingScrollableContainer): Added. Locate the relevant
        scrolling container for the current object.
        * rendering/RenderElement.h:
        * rendering/RenderView.cpp:
        (WebCore::Document::registerRenderElementWithScrollSnapCoordinates): Added.
        (WebCore::Document::unregisterRenderElementWithScrollSnapCoordinates): Added.
        * rendering/RenderView.h:

2015-06-16  Brady Eidson  <beidson@apple.com>

        [IndexedDB] array index keys are concatenated across cursor lifetime
        <rdar://problem/19684902> and https://bugs.webkit.org/show_bug.cgi?id=138504

        Reviewed by Brady Eidson, patch by Mark Dixon <mark@lowla.io>

        Tested by:
        storage/indexeddb/keypath-arrays.html

        IDBKeyData and IDBKeyPath need to clear any existing array values before calling
        decodeObjects to update the value of an existing object.
        
        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::decode):
        * Modules/indexeddb/IDBKeyPath.cpp:
        (WebCore::IDBKeyPath::decode):

2015-06-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Canvas dimensions should be limited to 4096x4096 pixels on iOS devices.
        https://bugs.webkit.org/show_bug.cgi?id=145998

        Reviewed by Darin Adler.

        The value of MaxCanvasArea should depend on the platform. If the platform
        is iOS, the limit should be 64M. Otherwise the limit should be 1G.

        Test: fast/canvas/pattern-too-large-to-create-2.html

        * html/HTMLCanvasElement.cpp: Change MaxCanvasArea value based on the platform. 
        
        * rendering/svg/RenderSVGShape.h:
        (WebCore::RenderSVGShape::graphicsElement): Remove un-implemented constructor.

2015-06-16  Chris Dumez  <cdumez@apple.com>

        REGRESSION(r185012): chat frame in Gmail now says "Something's not right"
        https://bugs.webkit.org/show_bug.cgi?id=146025
        <rdar://problem/21391412>

        Reviewed by Darin Adler.

        Only throttle timers in non-visible iframes once they've reached the
        max nesting level to avoid throttling critical one-shot timers. This is
        consistent with the default DOMTimer throttling behavior that is
        defined in the specification.

        Power-wise, we are mostly interested in DOMTimers that fire frequently
        and cause high CPU usage over an extended period of time anyway.

        * dom/Document.cpp:
        (WebCore::Document::setTimerThrottlingEnabled):
        (WebCore::Document::timerAlignmentInterval):
        * dom/Document.h:
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::timerAlignmentInterval):
        * dom/ScriptExecutionContext.h:
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::alignedFireTime):

2015-06-16  sylvain-galineau  <galineau@adobe.com>

        Incorrect order of arguments in initial-letter property
        https://bugs.webkit.org/show_bug.cgi?id=139667

        Reviewed by Sam Weinig.

        The CSS specification swapped the order of the initial-letters numeric values.
        The drop cap's height now comes first, followed by its optional vertical position.
        See http://www.w3.org/TR/css-inline/#sizing-drop-initials.
         
        No new tests. Existing tests updated.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue): swap arguments to reflect new spec order.

2015-06-16  Alex Christensen  <achristensen@webkit.org>

        Remove some unused values.
        https://bugs.webkit.org/show_bug.cgi?id=145997

        Reviewed by Gyuyoung Kim.

        This patch should have no change in behavior.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::computeBestScrollOffset):
        (WebCore::AccessibilityObject::scrollToMakeVisibleWithSubFocus):
        (WebCore::AccessibilityObject::scrollToGlobalPoint):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateTexFuncData):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateTexFuncData):
        * platform/graphics/StringTruncator.cpp:
        (WebCore::leftTruncateToBuffer):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::paintCurrentFrameInContext):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::localSelectionRect):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::anchorRect):
        * rendering/SimpleLineLayoutTextFragmentIterator.cpp:
        (WebCore::SimpleLineLayout::TextFragmentIterator::skipToNextPosition):
        * rendering/svg/SVGTextQuery.cpp:
        (WebCore::SVGTextQuery::modifyStartEndPositionsRespectingLigatures):
        Remove unused values.

2015-06-16  Youenn Fablet <youenn.fablet@crf.canon.fr> and Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] Calling controller.error() should trigger storing an undefined error
        https://bugs.webkit.org/show_bug.cgi?id=145976

        Reviewed by Darin Adler.

        Covered by rebased test.

        * bindings/js/JSReadableStreamControllerCustom.cpp:
        (WebCore::JSReadableStreamController::error): Storing undefined if no error value passed.
        * bindings/js/ReadableJSStream.cpp: Removed storeError(ExecState*).
        (WebCore::ReadableJSStream::ReadableJSStream):

2015-06-16  Chris Dumez  <cdumez@apple.com>

        Purge StyledElement's presentation attribute cache on memory pressure
        https://bugs.webkit.org/show_bug.cgi?id=145999
        <rdar://problem/21359252>

        Reviewed by Andreas Kling.

        Purge StyledElement's presentation attribute cache on memory pressure.

        * dom/StyledElement.cpp:
        (WebCore::presentationAttributeCache):
        (WebCore::presentationAttributeCacheCleaner):
        (WebCore::StyledElement::clearPresentationAttributeCache):
        * dom/StyledElement.h:
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseNoncriticalMemory):

2015-06-15  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION(r175251, Mavericks Only): Playback may stall
        https://bugs.webkit.org/show_bug.cgi?id=145989
        <rdar://problem/21271919>

        Unreviewed post-review correction.

        Dave Kilzer pointed out that the macro around the waitForVideoOutputMediaDataWillChange
        call was incorrect. This patch corrects this error.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput): Correct the
        macro definition.

2015-06-15  Chris Fleizach  <cfleizach@apple.com>

        AX: Changing state of radio buttons causes VoiceOver to go busy for a short time.
        https://bugs.webkit.org/show_bug.cgi?id=145933

        Reviewed by Dean Jackson.

        When radio buttons animate the new focus selection state, the thread activity looks a lot like short burst of
        activity to draw, then wait on CoreAnimation to apply those changes.

        Since those periods of activity during animation are so short, VoiceOver is not able to query for all the
        attributes it needs, and gets stuck in the queue behind rendering.

        The fix here is to turn off button state animations while VoiceOver is running.

        * platform/mac/ThemeMac.mm:
        (WebCore::updateStates):

2015-06-15  Zalan Bujtas  <zalan@apple.com>

        RootInlineBox::m_lineBreakObj becomes invalid when a child renderer is removed and the line does not get marked dirty.
        https://bugs.webkit.org/show_bug.cgi?id=145988
        rdar://problem/20959137

        Reviewed by David Hyatt.

        This patch ensures that we find the right first inline box so that we can dirty the
        the appropriate line boxes.
        With marking the right line boxes dirty, now we can update RootInlineBox::m_lineBreakObj at the next layout.

        Test: fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::culledInlineFirstLineBox):
        (WebCore::RenderInline::culledInlineLastLineBox):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::setLineBreakInfo): Deleted. Remove misleading assert and comment.

2015-06-15  Matt Rajca  <mrajca@apple.com>

        Media Session: Improve the safety of playback toggling
        https://bugs.webkit.org/show_bug.cgi?id=145986

        Reviewed by Darin Adler.

        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::togglePlayback): Improved the safety of the loop so that we don't re-visit elements that
          may have been deleted underneath us.
        * Modules/mediasession/MediaSession.h: Added a pointer to the set of iterated active participating elements so
          we can remove any elements that are deleted from the underlying "real" set.

2015-06-15  Brent Fulgham  <bfulgham@apple.com>

        REGRESSION(r175251, Mavericks Only): Playback may stall
        https://bugs.webkit.org/show_bug.cgi?id=145989
        <rdar://problem/21271919>

        Reviewed by Dean Jackson.

        Revert r175251 for Mavericks build targets.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):

2015-06-15  Darin Adler  <darin@apple.com>

        REGRESSION (r182215): Reproducible crash at drawsvg.org due to reentrant layout
        https://bugs.webkit.org/show_bug.cgi?id=145964

        Reviewed by Simon Fraser.

        Test: svg/as-object/mutate-on-load.html

        * page/FrameView.cpp:
        (WebCore::FrameView::forceLayoutParentViewIfNeeded): Don't do a synchronous layout here,
        because it can lead indirectly to unwanted layout reentrancy. Instead schedule a layout.

2015-06-15  Matt Rajca  <mrajca@apple.com>

        Media Session: Active participating elements can change while being iterated 
        https://bugs.webkit.org/show_bug.cgi?id=145978

        Reviewed by Alex Christensen.

        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::togglePlayback): Iterate through a copy of m_activeParticipatingElements since its contents
          can be modified in the loop.

2015-06-15  Chris Fleizach  <cfleizach@apple.com>

        AX: no accessibility support for details element
        https://bugs.webkit.org/show_bug.cgi?id=131111

        Reviewed by Darin Adler.

        Add accessibility support for Mac for details element by:
           1) Returning new subroles for <details> and <summary>
           2) Exposing isExpanded property for <details> element.

        Test: platform/mac/accessibility/details-summary.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAPressed):
        (WebCore::AccessibilityObject::supportsExpanded):
        (WebCore::AccessibilityObject::isExpanded):
        (WebCore::AccessibilityObject::supportsARIAExpanded): Deleted.
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::canvasHasFallbackContent):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):
        (-[WebAccessibilityObjectWrapper accessibilityIsExpanded]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):
        * html/HTMLDetailsElement.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

2015-06-15  Alex Christensen  <achristensen@webkit.org>

        [Content Extensions] Limit number of rules.
        https://bugs.webkit.org/show_bug.cgi?id=145663

        Reviewed by Benjamin Poulain.

        Added an API test to make sure that parsing fails when there are too many rules.

        * contentextensions/ContentExtensionError.cpp:
        (WebCore::ContentExtensions::contentExtensionErrorCategory):
        * contentextensions/ContentExtensionError.h:
        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::loadEncodedRules):
        Fail to parse a content extension with more than 50000 rules.

2015-06-12  Alexey Proskuryakov  <ap@apple.com>

        -[WKWebView evaluateJavaScript] provides a misleading error when the return cannot be serialized
        https://bugs.webkit.org/show_bug.cgi?id=145900

        Reviewed by Sam Weinig.

        * English.lproj/Localizable.strings:

2015-06-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] Custom URI schemes don't work for requests containing a fragment identifier
        https://bugs.webkit.org/show_bug.cgi?id=145969

        Reviewed by Sergio Villar Senin.

        For URIs like foo:bar#baz, what the custom protocol manager
        receives in the UI process is foo:bar, so the user can't handle fragments.

        * platform/network/soup/ResourceRequestSoup.cpp:
        (WebCore::ResourceRequest::updateSoupRequest): If the SoupRequest
        is a WebKitSoupRequestGeneric, call
        webkitSoupRequestGenericSetRequest with the ResourceRequest.
        * platform/network/soup/WebKitSoupRequestGeneric.cpp:
        (webkitSoupRequestGenericSetRequest):
        (webkitSoupRequestGenericGetRequest):
        * platform/network/soup/WebKitSoupRequestGeneric.h:

2015-06-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] Move WebKitSoupRequestGeneric to platform layer
        https://bugs.webkit.org/show_bug.cgi?id=145968

        Reviewed by Sergio Villar Senin.

        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * platform/network/soup/WebKitSoupRequestGeneric.cpp: Renamed from Source/WebKit2/WebProcess/soup/WebKitSoupRequestGeneric.cpp.
        (webkitSoupRequestGenericFinalize):
        (webkit_soup_request_generic_init):
        (webkitSoupRequestGenericSendAsync):
        (webkitSoupRequestGenericSendFinish):
        (webkitSoupRequestGenericGetContentLength):
        (webkitSoupRequestGenericGetContentType):
        (webkit_soup_request_generic_class_init):
        (webkitSoupRequestGenericSetContentLength):
        (webkitSoupRequestGenericSetContentType):
        * platform/network/soup/WebKitSoupRequestGeneric.h: Renamed from Source/WebKit2/WebProcess/soup/WebKitSoupRequestGeneric.h.
        * platform/network/soup/WebKitSoupRequestGenericClient.h: Renamed from Source/WebKit2/WebProcess/soup/WebKitSoupRequestGenericClient.h.

2015-06-13  Chris Dumez  <cdumez@apple.com>

        [WK2] API::Navigation objects are leaked on history navigation to HistoryItems in PageCache
        https://bugs.webkit.org/show_bug.cgi?id=145948

        Reviewed by Darin Adler.

        API::Navigation objects were leaked on history navigation to
        HistoryItems in PageCache. In such case, we would create 2 Navigation
        objects instead of 1 and the first one would be leaked. The reason
        we create the second one is because we fail to pass along the
        navigationID from the UIProcess to the WebProcess and then back to the
        UIProcess. On the IPC back to the UIProcess, the navigationID ends up
        being 0 so the UIProcess creates a new Navigation object, thinking that
        the load was triggered by the WebContent process.

        We now pass along the navigationID, even if the HistoryItem is in the
        PageCache and we end up reusing the cached DocumentLoader, instead of
        creating a new one. A new updateCachedDocumentLoader() delegate is
        added to the FrameLoaderClient, similarly to the pre-existing
        createDocumentLoader() but for the case where the DocumentLoader gets
        reused.

        * loader/EmptyClients.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoaderClient.h:

2015-06-13  Xabier Rodriguez Calvar  <calvaris@igalia.com> and Youenn Fablet <youenn.fablet@crf.canon.fr>

        [Streams API] ReadableJSStream should handle promises returned by JS source start callback
        https://bugs.webkit.org/show_bug.cgi?id=145792

        Reviewed by Darin Adler.

        Covered by rebased tests.

        When calling start callback, the returned value is checked.
        If it is not a promise, we do as if it is a resolved promise.
        If it is a promise, we call its then() method with two resolve/reject JS functions.

        * Modules/streams/ReadableStream.cpp:
        * bindings/js/ReadableJSStream.cpp:
        (WebCore::ReadableJSStream::invoke): Returns a JSPromise* if any is returned by the JS source callback.
        (WebCore::thenPromise): Utility method to call the promise.
        (WebCore::createStartResultFulfilledFunction): The promise resolve callback.
        (WebCore::ReadableJSStream::doStart): Calls thenPromise if a JSPromise* is returned by invoke.
        (WebCore::ReadableJSStream::ReadableJSStream):
        * bindings/js/ReadableJSStream.h:

2015-06-13  Andres Gonzalez  <agonzalez334@nc.rr.com>

        AX: WebKit exposes all Ruby Text as Unknown (Japanese EPUB accessibility blocker)
        https://bugs.webkit.org/show_bug.cgi?id=141303

        Reviewed by Chris Fleizach.

        Test: accessibility/ruby-hierarchy-roles.html

        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):

2015-06-12  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: after updating control, VoiceOver speaks aria-expanded states reversed (says "collapsed" when "expanded")
        https://bugs.webkit.org/show_bug.cgi?id=145943

        Reviewed by Darin Adler.

        iOS Accessibility platform needs to be notified of when aria expanded changes.

        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postPlatformNotification):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper postValueChangedNotification]):
        (-[WebAccessibilityObjectWrapper postExpandedChangedNotification]):
        (-[WebAccessibilityObjectWrapper postScrollStatusChangeNotification]):

2015-06-12  Chris Fleizach  <cfleizach@apple.com>

        AX:ARIA Toggle buttons aren't properly conveyed on iOS using VoiceOver
        https://bugs.webkit.org/show_bug.cgi?id=145949

        Reviewed by Darin Adler.

        Expose pressed state information to the iOS platform AX API.

        Test: Updated inspector-protocol/dom/getAccessibilityPropertiesForNode.html 
              There was a FIXME for this issue in that test: https://bugs.webkit.org/show_bug.cgi?id=129830

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::isPressed):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::classList):
        (WebCore::AccessibilityObject::supportsARIAPressed):
        (WebCore::AccessibilityObject::supportsARIAExpanded):
        * accessibility/AccessibilityObject.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilityARIALiveRegionIsAtomic]):
        (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAPressed]):
        (-[WebAccessibilityObjectWrapper accessibilityIsPressed]):
        (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):

2015-06-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Purge PassRefPtr in JavaScriptCore - 2
        https://bugs.webkit.org/show_bug.cgi?id=145834

        Reviewed by Darin Adler.

        Fix call sites depends on changing of JSC.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getParameter):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getParameter):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::getUniform):
        (WebCore::WebGLRenderingContextBase::getVertexAttrib):
        (WebCore::WebGLRenderingContextBase::getWebGLFloatArrayParameter):
        (WebCore::WebGLRenderingContextBase::getWebGLIntArrayParameter):

2015-06-12  Zalan Bujtas  <zalan@apple.com>

        Be more defensive at renderer type checking when initializing flow segments.
        https://bugs.webkit.org/show_bug.cgi?id=145942

        Reviewed by Simon Fraser.

        FlowContents::initializeSegments should ignore unsupported renderers so that when we miss
        a simple line layout path invalidation, we don't downcast the unsupported renderer to RenderText.

        I have not reproduced this issue (but related to rdar://problem/21312452)

        * rendering/SimpleLineLayoutFlowContents.cpp:
        (WebCore::SimpleLineLayout::initializeSegments):

2015-06-12  Anders Carlsson  <andersca@apple.com>

        deleteEmptyDirectory should delete .DS_Store files on OS X
        https://bugs.webkit.org/show_bug.cgi?id=145944

        Reviewed by Dan Bernstein.

        deleteEmptyDirectory is often used when clearing website data, so we should
        take extra care to delete empty directories so the user won't think that clearing
        website data didn't do anything because it would leave directories with .DS_Store 
        files behind.

        * platform/mac/FileSystemMac.mm:
        (WebCore::deleteEmptyDirectory):
        * platform/posix/FileSystemPOSIX.cpp:

2015-06-12  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Fix grid-template-areas parsing to avoid spaces
        https://bugs.webkit.org/show_bug.cgi?id=145860

        Reviewed by Sergio Villar Senin.

        The spec doesn't require to have spaces between unnamed and named areas
        in grid-template-areas syntax. But spaces are currently required in our
        code.

        This was confirmed in the CSS WG mailing list:
        https://lists.w3.org/Archives/Public/www-style/2015May/0239.html

        This patch updates grid-template-areas parsing to allow the possibility
        of removing spaces between unnamed and named areas.

        Added new cases to fast/css-grid-layout/grid-template-areas-get-set.html.

        * css/CSSParser.cpp:
        (WebCore::parseGridTemplateAreasColumnNames): New helper method to
        determine the column names split by white spaces or dots.
        (WebCore::CSSParser::parseGridTemplateAreasRow): Use the new helper
        method to get the column names.
        (WebCore::containsOnlyDots): Deleted. Not needed anymore as
        parseGridTemplateAreasColumnNames() is using a single dot for unnamed
        grid areas (despite of being defined with 1 or more dots).

2015-06-12  Eric Carlson  <eric.carlson@apple.com>

        [Mac] AirPlay menu button doesn't always show on page load
        https://bugs.webkit.org/show_bug.cgi?id=145936

        Reviewed by Brent Fulgham.

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::mediaProducerStateString): New, return a string representing MediaStateFlags.
        (WebCore::WebMediaSessionManager::clientStateDidChange): Log the states as strings.
        (WebCore::WebMediaSessionManager::toString): New, return a string representing ConfigurationTasks.
        (WebCore::WebMediaSessionManager::scheduleDelayedTask): Add logging.
        (WebCore::WebMediaSessionManager::taskTimerFired): Add logging.
        * Modules/mediasession/WebMediaSessionManager.h:

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: Override wirelessVideoPlaybackDisabled
          so it is possible to activate route monitoring for a movie loaded with this engine.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.h: Ditto.

2015-06-12  Zan Dobersek  <zdobersek@igalia.com>

        Add the remaining missing override specifiers under Source/WebCore/
        https://bugs.webkit.org/show_bug.cgi?id=145907

        Reviewed by Darin Adler.

        Fix the remaining compiler warnings about missing override specifiers
        for overriding method declarations in classes under Source/WebCore/.

        Where the addition had to be performed on all virtual methods of the
        class, the virtual specifier was removed so now only the override
        specifier is in use.

        * Modules/indexeddb/IDBOpenDBRequest.h:
        * Modules/indexeddb/IDBRequest.h:
        * Modules/webdatabase/DatabaseServer.h:
        * bindings/js/ReadableJSStream.h:
        * editing/InsertTextCommand.h:
        * mathml/MathMLInlineContainerElement.h:
        * platform/audio/EqualPowerPanner.h:
        (WebCore::EqualPowerPanner::reset):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::NullMediaPlayerPrivate::load):
        (WebCore::NullMediaPlayerPrivate::cancelLoad):
        (WebCore::NullMediaPlayerPrivate::prepareToPlay):
        (WebCore::NullMediaPlayerPrivate::play):
        (WebCore::NullMediaPlayerPrivate::pause):
        (WebCore::NullMediaPlayerPrivate::platformMedia):
        (WebCore::NullMediaPlayerPrivate::platformLayer):
        (WebCore::NullMediaPlayerPrivate::naturalSize):
        (WebCore::NullMediaPlayerPrivate::hasVideo):
        (WebCore::NullMediaPlayerPrivate::hasAudio):
        (WebCore::NullMediaPlayerPrivate::setVisible):
        (WebCore::NullMediaPlayerPrivate::durationDouble):
        (WebCore::NullMediaPlayerPrivate::currentTimeDouble):
        (WebCore::NullMediaPlayerPrivate::seekDouble):
        (WebCore::NullMediaPlayerPrivate::seeking):
        (WebCore::NullMediaPlayerPrivate::setRateDouble):
        (WebCore::NullMediaPlayerPrivate::setPreservesPitch):
        (WebCore::NullMediaPlayerPrivate::paused):
        (WebCore::NullMediaPlayerPrivate::setVolumeDouble):
        (WebCore::NullMediaPlayerPrivate::supportsMuting):
        (WebCore::NullMediaPlayerPrivate::setMuted):
        (WebCore::NullMediaPlayerPrivate::hasClosedCaptions):
        (WebCore::NullMediaPlayerPrivate::setClosedCaptionsVisible):
        (WebCore::NullMediaPlayerPrivate::networkState):
        (WebCore::NullMediaPlayerPrivate::readyState):
        (WebCore::NullMediaPlayerPrivate::maxTimeSeekableDouble):
        (WebCore::NullMediaPlayerPrivate::minTimeSeekable):
        (WebCore::NullMediaPlayerPrivate::buffered):
        (WebCore::NullMediaPlayerPrivate::totalBytes):
        (WebCore::NullMediaPlayerPrivate::didLoadingProgress):
        (WebCore::NullMediaPlayerPrivate::setSize):
        (WebCore::NullMediaPlayerPrivate::canLoadPoster):
        (WebCore::NullMediaPlayerPrivate::setPoster):
        (WebCore::NullMediaPlayerPrivate::hasSingleSecurityOrigin):
        * platform/graphics/filters/DistantLightSource.h:
        * platform/graphics/filters/FEComposite.h:
        * platform/graphics/filters/FEDisplacementMap.h:
        (WebCore::FEDisplacementMap::determineAbsolutePaintRect):
        * platform/graphics/filters/FEFlood.h:
        (WebCore::FEFlood::determineAbsolutePaintRect):
        * platform/graphics/filters/PointLightSource.h:
        * platform/graphics/filters/SpotLightSource.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        (WebCore::MediaPlayerPrivateGStreamer::hasVideo):
        (WebCore::MediaPlayerPrivateGStreamer::hasAudio):
        (WebCore::MediaPlayerPrivateGStreamer::audioSourceProvider):
        (WebCore::MediaPlayerPrivateGStreamer::engineDescription):
        (WebCore::MediaPlayerPrivateGStreamer::isLiveStream):
        (WebCore::MediaPlayerPrivateGStreamer::totalVideoFrames):
        (WebCore::MediaPlayerPrivateGStreamer::droppedVideoFrames):
        (WebCore::MediaPlayerPrivateGStreamer::corruptedVideoFrames):
        (WebCore::MediaPlayerPrivateGStreamer::totalFrameDelay):
        * platform/graphics/texmap/BitmapTextureGL.h:
        (WebCore::BitmapTextureGL::isBackedByOpenGL):
        * platform/graphics/transforms/Matrix3DTransformOperation.h:
        * platform/graphics/transforms/MatrixTransformOperation.h:
        * platform/graphics/transforms/PerspectiveTransformOperation.h:
        * platform/graphics/transforms/RotateTransformOperation.h:
        * platform/graphics/transforms/ScaleTransformOperation.h:
        * platform/graphics/transforms/SkewTransformOperation.h:
        * platform/image-decoders/png/PNGImageDecoder.h:
        (WebCore::PNGImageDecoder::filenameExtension):
        * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.h:
        * platform/mock/MockRealtimeMediaSourceCenter.h:

2015-06-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r185512.
        https://bugs.webkit.org/show_bug.cgi?id=145932

        Many asserts on layout tests and on API tests (Requested by
        ap_ on #webkit).

        Reverted changeset:

        "Use modern for-loops in WebCore/rendering - 1"
        https://bugs.webkit.org/show_bug.cgi?id=145831
        http://trac.webkit.org/changeset/185512

2015-06-12  Simon Fraser  <simon.fraser@apple.com>

        OpenGLESSPI.h doesn't need to include UIKit.h
        https://bugs.webkit.org/show_bug.cgi?id=145931

        Reviewed by Darin Adler.

        No need to suck in all of UIKit from OpenGLESSPI.h.

        * platform/spi/ios/OpenGLESSPI.h:

2015-06-12  Matt Rajca  <mrajca@apple.com>

        Add barebones implementation of media session invocation algorithm.
        https://bugs.webkit.org/show_bug.cgi?id=145847

        Reviewed by Darin Adler.

        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::invoke): Move the media session to an active state.
        * Modules/mediasession/MediaSession.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::playInternal): Call the media session invocation algorithm as described in the
          Media Session spec.

2015-06-12  Hunseop Jeong  <hs85.jeong@samsung.com>

        Use modern for-loops in WebCore/rendering - 1
        https://bugs.webkit.org/show_bug.cgi?id=145831

        Reviewed by Darin Adler.

        No new tests because there is no behavior change.

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::computeIntrinsicLogicalWidths):
        (WebCore::AutoTableLayout::calcEffectiveLogicalWidth):
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::build):
        (WebCore::FilterEffectRenderer::clearIntermediateResults):
        * rendering/FilterEffectRenderer.h:
        * rendering/FloatingObjects.cpp:
        (WebCore::FloatingObjects::clearLineBoxTreePointers):
        (WebCore::FloatingObjects::moveAllToFloatInfoMap):
        (WebCore::FloatingObjects::computePlacedFloatsTree):
        * rendering/FlowThreadController.cpp:
        (WebCore::FlowThreadController::collectFixedPositionedLayers):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::append):
        * rendering/ImageQualityController.cpp:
        (WebCore::ImageQualityController::highQualityRepaintTimerFired):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderBlock.cpp:
        (WebCore::removeBlockFromDescendantAndContainerMaps):
        (WebCore::RenderBlock::addOverflowFromPositionedObjects):
        (WebCore::RenderBlock::dirtyForLayoutFromPercentageHeightDescendants):
        (WebCore::RenderBlock::simplifiedNormalFlowLayout):
        (WebCore::RenderBlock::layoutPositionedObjects):
        (WebCore::RenderBlock::markPositionedObjectsForLayout):
        (WebCore::RenderBlock::paintContinuationOutlines):
        (WebCore::clipOutPositionedObjects):
        (WebCore::RenderBlock::removeFromTrackedRendererMaps):
        (WebCore::RenderBlock::removePositionedObjects):
        (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::rebuildFloatingObjectSetFromIntrudingFloats):
        (WebCore::RenderBlockFlow::styleDidChange):
        (WebCore::RenderBlockFlow::moveFloatsTo):
        (WebCore::RenderBlockFlow::addOverflowFromFloats):
        (WebCore::RenderBlockFlow::repaintOverhangingFloats):
        (WebCore::RenderBlockFlow::paintFloats):
        (WebCore::RenderBlockFlow::clipOutFloatingObjects):
        (WebCore::RenderBlockFlow::lowestFloatLogicalBottom):
        (WebCore::RenderBlockFlow::lowestInitialLetterLogicalBottom):
        (WebCore::RenderBlockFlow::addOverhangingFloats):
        (WebCore::RenderBlockFlow::addIntrudingFloats):
        (WebCore::RenderBlockFlow::markSiblingsWithFloatsForLayout):
        (WebCore::RenderBlockFlow::adjustForBorderFit):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::setLogicalWidthForTextRun):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
        (WebCore::RenderBlockFlow::repaintDirtyFloats):
        (WebCore::RenderBlockFlow::layoutLineBoxes):
        (WebCore::RenderBlockFlow::checkFloatsInCleanLine):
        (WebCore::RenderBlockFlow::determineStartPosition):
        (WebCore::RenderBlockFlow::checkPaginationAndFloatsAtEndLine):
        * rendering/RenderCounter.cpp:
        (WebCore::RenderCounter::destroyCounterNodes):
        (WebCore::updateCounters):
        (WebCore::RenderCounter::rendererStyleChanged):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::autoMarginOffsetInMainAxis):
        (WebCore::RenderFlexibleBox::freezeViolations):
        (WebCore::RenderFlexibleBox::resolveFlexibleLengths):
        (WebCore::RenderFlexibleBox::numberOfInFlowPositionedChildren):
        (WebCore::RenderFlexibleBox::layoutColumnReverse):
        (WebCore::RenderFlexibleBox::alignFlexLines):
        (WebCore::RenderFlexibleBox::alignChildren):
        (WebCore::RenderFlexibleBox::flipForWrapReverse):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::updateAllLayerToRegionMappings):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::addAnnotatedRegions):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateDescendantsAreContiguousInStackingOrder):
        (WebCore::RenderLayer::updateDescendantDependentFlags):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::descendantLayerPaintsIntoAncestor):
        (WebCore::RenderLayerBacking::startAnimation):
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::paint):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::updateFromElement):
        * rendering/RenderMenuList.cpp:
        (WebCore::selectedOptionCount):
        (RenderMenuList::updateOptionsWidth):
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::distributeImplicitBreaks):

2015-06-12  Csaba Osztrogonác  <ossy@webkit.org>

        Fix unused private field warning in ResourceHandleSoup.cpp
        https://bugs.webkit.org/show_bug.cgi?id=145910

        Reviewed by Darin Adler.

        * platform/network/soup/ResourceHandleSoup.cpp:

2015-06-12  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: CRASH trying to inspect text that was removed/replaced
        https://bugs.webkit.org/show_bug.cgi?id=145898

        Reviewed by Darin Adler.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::inspect):
        (WebCore::InspectorDOMAgent::focusNode):
        Ensure we only cause focusNode with a node to focus. If the original
        node that was provided is no longer in the document, then we won't
        actually find a node to inspect.

2015-06-12  KwangHyuk Kim  <hyuki.kim@samsung.com>

        [EFL] canvas/philip/tests/toDataURL.jpeg.foo tests have been failed since r185417.
        https://bugs.webkit.org/show_bug.cgi?id=145878

        Reviewed by Gyuyoung Kim.

        Fix input buffer alignment issue.

        No new tests, canvas/philip/tests/toDataURL.jpeg.foo can be used.

        * platform/graphics/efl/ImageBufferEfl.cpp:
        (WebCore::encodeImagePNG):
        (WebCore::encodeImageJPEG):
        (WebCore::ImageBuffer::toDataURL):

2015-06-12  Zan Dobersek  <zdobersek@igalia.com>

        Add missing override specifiers under Source/WebCore/svg/
        https://bugs.webkit.org/show_bug.cgi?id=145841

        Reviewed by Darin Adler.

        Add missing override specifiers to virtual method overrides for classes
        under Source/WebCore/svg/, suppressing a bunch of warnings when compiling
        with Clang 3.6.

        Add the BEGIN_DECLARE_ANIMATED_PROPERTIES_BASE() macro that doesn't
        override the localAttributeToPropertyMap() method declaration, and
        have the BEGIN_DECLARE_ANIMATED_PROPERTIES() macro add the override
        specifier. The new macro is used in SVGElement.

        Change the DECLARE_ANIMATED_PROPERTY() to accept the optional override
        specifier as the fifth parameter. Current DECLARE_ANIMATED_*() macros
        are modified to just pass an empty argument, not adding any specifier.
        DECLARE_ANIMATED_BOOLEAN_OVERRIDE() and DECLARE_ANIMATED_STRING_OVERRIDE()
        macros are added to override the methods for the externalResourcesRequired
        and href animated properties, where required.

        * svg/SVGAElement.h:
        * svg/SVGAltGlyphElement.h:
        * svg/SVGAnimatedAngle.h:
        * svg/SVGAnimatedBoolean.h:
        * svg/SVGAnimatedEnumeration.h:
        * svg/SVGAnimatedInteger.h:
        * svg/SVGAnimatedLength.h:
        * svg/SVGAnimatedNumber.h:
        * svg/SVGAnimatedPreserveAspectRatio.h:
        * svg/SVGAnimatedRect.h:
        * svg/SVGAnimatedString.h:
        * svg/SVGAnimationElement.h:
        * svg/SVGCircleElement.h:
        * svg/SVGClipPathElement.h:
        * svg/SVGCursorElement.h:
        * svg/SVGDefsElement.h:
        * svg/SVGElement.h:
        * svg/SVGEllipseElement.h:
        * svg/SVGFEImageElement.h:
        * svg/SVGFilterElement.h:
        * svg/SVGFontElement.h:
        * svg/SVGForeignObjectElement.h:
        * svg/SVGGElement.h:
        * svg/SVGGlyphRefElement.h:
        * svg/SVGGradientElement.h:
        * svg/SVGImageElement.h:
        * svg/SVGLineElement.h:
        * svg/SVGMPathElement.h:
        * svg/SVGMarkerElement.h:
        * svg/SVGMaskElement.h:
        * svg/SVGPathElement.h:
        * svg/SVGPatternElement.h:
        * svg/SVGPolyElement.h:
        * svg/SVGRectElement.h:
        * svg/SVGSVGElement.h:
        * svg/SVGScriptElement.h:
        * svg/SVGSwitchElement.h:
        * svg/SVGSymbolElement.h:
        * svg/SVGTRefElement.h:
        * svg/SVGTextContentElement.h:
        * svg/SVGTextPathElement.h:
        * svg/SVGURIReference.h: Add the hrefBaseValue() pure virtual method
        so it can be overridden by any class that also overrides the
        corresponding setHrefBaseValue() method.
        * svg/SVGUseElement.h:
        * svg/SVGViewElement.h:
        * svg/properties/SVGAnimatedPropertyMacros.h:
        * svg/properties/SVGMatrixTearOff.h:
        (WebCore::SVGMatrixTearOff::commitChange):

2015-06-12  Zan Dobersek  <zdobersek@igalia.com>

        [GLib] Move files under Source/WTF/wtf/gobject to Source/WTF/wtf/glib
        https://bugs.webkit.org/show_bug.cgi?id=145799

        Reviewed by Carlos Garcia Campos.

        Update header inclusions for headers that have been moved
        to Source/WTF/wtf/glib/.

        * accessibility/atk/AXObjectCacheAtk.cpp:
        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        * bindings/gobject/DOMObjectCache.cpp:
        * bindings/gobject/GObjectEventListener.h:
        * bindings/gobject/GObjectNodeFilterCondition.h:
        * bindings/gobject/GObjectXPathNSResolver.h:
        * bindings/gobject/WebKitDOMEventTarget.cpp:
        * platform/Pasteboard.h:
        * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
        * platform/audio/gstreamer/AudioFileReaderGStreamer.cpp:
        * platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
        * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
        * platform/audio/gtk/AudioBusGtk.cpp:
        * platform/geoclue/GeolocationProviderGeoclue.h:
        * platform/geoclue/GeolocationProviderGeoclue2.cpp:
        * platform/glib/BatteryProviderUPower.cpp:
        * platform/glib/BatteryProviderUPower.h:
        * platform/graphics/gstreamer/GRefPtrGStreamer.h:
        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        * platform/graphics/gstreamer/GUniquePtrGStreamer.h:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/MediaSourceGStreamer.cpp:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitMediaSourceGStreamer.cpp:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        * platform/graphics/gtk/ImageBufferGtk.cpp:
        * platform/graphics/gtk/ImageGtk.cpp:
        * platform/gtk/ContextMenuGtk.cpp:
        * platform/gtk/ContextMenuItemGtk.cpp:
        * platform/gtk/DataObjectGtk.cpp:
        * platform/gtk/DataObjectGtk.h:
        * platform/gtk/FileSystemGtk.cpp:
        * platform/gtk/GRefPtrGtk.h:
        * platform/gtk/GUniquePtrGtk.h:
        * platform/gtk/GamepadsGtk.cpp:
        * platform/gtk/GtkUtilities.cpp:
        * platform/gtk/LanguageGtk.cpp:
        * platform/gtk/LocalizedStringsGtk.cpp:
        * platform/gtk/PasteboardHelper.cpp:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        * platform/gtk/SharedBufferGtk.cpp:
        * platform/gtk/SharedTimerGtk.cpp:
        * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/gtk/CredentialBackingStore.cpp:
        * platform/network/soup/CertificateInfo.h:
        * platform/network/soup/CookieJarSoup.cpp:
        * platform/network/soup/DNSSoup.cpp:
        * platform/network/soup/GRefPtrSoup.h:
        * platform/network/soup/GUniquePtrSoup.h:
        * platform/network/soup/ResourceError.h:
        * platform/network/soup/ResourceErrorSoup.cpp:
        * platform/network/soup/ResourceHandleSoup.cpp:
        * platform/network/soup/ResourceResponse.h:
        * platform/network/soup/SocketStreamHandle.h:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        * platform/network/soup/SoupNetworkSession.h:
        * platform/text/gtk/HyphenationLibHyphen.cpp:
        * rendering/RenderThemeGtk.cpp:

2015-06-12  Yoav Weiss  <yoav@yoav.ws>

        Fix the build when the PICTURE_SIZES flag is off
        https://bugs.webkit.org/show_bug.cgi?id=145926

        Reviewed by Csaba Osztrogonác.

        No new tests since there's no functionality change.

        * html/parser/HTMLPreloadScanner.cpp: Remove the guard around the definition of m_sizesAttribute.

2015-06-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r185492.
        https://bugs.webkit.org/show_bug.cgi?id=145927

        Causes crashes on debug (Requested by rego on #webkit).

        Reverted changeset:

        "[CSS Grid Layout] Fix grid-template-areas parsing to avoid
        spaces"
        https://bugs.webkit.org/show_bug.cgi?id=145860
        http://trac.webkit.org/changeset/185492

2015-06-12  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Bindings generator should generate code for Promise-based APIs
        https://bugs.webkit.org/show_bug.cgi?id=145833

        Reviewed by Darin Adler.

        Covered by existing tests.

        * Modules/webaudio/AudioContext.idl: Removing custom binding for resume, suspend and close.
        * bindings/js/JSAudioContextCustom.cpp: Ditto.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Refactoring to use IsReturningPromise.
        (GenerateImplementation): Disabling include for return type if it is a promise.
        (GenerateParametersCheck): Adding DeferredWrapper() as argument to the DOM method if JS method returns a promise.
        (GenerateImplementationFunctionCall): Added support for promise-returning API.
        (IsReturningPromise): Checking whether function is returning a promise.
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_test_promise_function):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionTestPromiseFunction):
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj testPromiseFunction]):
        * bindings/scripts/test/TestObj.idl: Adding promise returning function.


2015-06-12  Manuel Rego Casasnovas  <rego@igalia.com>

        [CSS Grid Layout] Fix grid-template-areas parsing to avoid spaces
        https://bugs.webkit.org/show_bug.cgi?id=145860

        Reviewed by Sergio Villar Senin.

        The spec doesn't require to have spaces between unnamed and named areas
        in grid-template-areas syntax. But spaces are currently required in our
        code.

        This was confirmed in the CSS WG mailing list:
        https://lists.w3.org/Archives/Public/www-style/2015May/0239.html

        This patch updates grid-template-areas parsing to allow the possibility
        of removing spaces between unnamed and named areas.

        Added new cases to fast/css-grid-layout/grid-template-areas-get-set.html.

        * css/CSSParser.cpp:
        (WebCore::parseGridTemplateAreasColumnNames): New helper method to
        determine the column names split by white spaces or dots.
        (WebCore::CSSParser::parseGridTemplateAreasRow): Use the new helper
        method to get the column names.
        (WebCore::containsOnlyDots): Deleted. Not needed anymore as
        parseGridTemplateAreasColumnNames() is using a single dot for unnamed
        grid areas (despite of being defined with 1 or more dots).

2015-06-11  Mark Lam  <mark.lam@apple.com>

        WebCore::reportException() needs to be able to accept a raw thrown value in addition to Exception objects.
        https://bugs.webkit.org/show_bug.cgi?id=145872

        Reviewed by Michael Saboff.

        API test added: WebKit1.ReportExceptionTest.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        - Added a version of reportException() that takes a JSValue instead of an Exception
          object.  This version will ensure that we have an Exception object before calling
          into the original reportException() as follows:

          1. If the JSValue is already an Exception object, we're good to go.

          2. Else, if VM::lastException() is available, use that as the exception.
             This is how the old code use to behave (in terms of where it gets the exception
             stack trace).  The assumption is that reportException() will be called in
             a timely manner before the exception stack trace has been purged.

          3. Else, create an Exception object with no stack trace.  This is the fall back
             in case the client did not call reportException() in a timely manner.

        - Also clear the last exception after we've reported it.  This is how the old code
          before r185259 behave (in terms of the lifecycle of the last exception stack
          trace).  We're restoring that behavior here.

        * bindings/js/JSDOMBinding.h:

2015-06-11  Zalan Bujtas  <zalan@apple.com>

        Do not crash when the descendant frame tree is destroyed during layout.
        https://bugs.webkit.org/show_bug.cgi?id=144540
        rdar://problem/20793184

        Reviewed by Andreas Kling.

        Widget::setFrameRect(), through WebHTMLView layout, could trigger a style recalc, which in turn
        could initiate an onBeforeLoad callback.
        If javascript happens to destroy the current iframe in the onBeforeLoad callback, we lose the descendant
        render tree, including the child FrameView (the iframe element's view). However the RenderIFrame
        object stays protected until after the layout is done. (see protectRenderWidgetUntilLayoutIsDone())

        Climbing back on the callstack, we need to make sure that
        1. the root widget of the descendant render tree (FrameView) stays valid as long as it is needed.
        2. RenderFrameBase::layoutWithFlattening() can handle the case when the associated widget (child FrameView) is set to nullptr.
        (see RenderWidget::willBeDestroyed() -> setWidget(nullptr))

        (and later, when layout is finished this (RenderIFrame) object gets destroyed too.)

        Covered by fast/frames/flattening/crash-remove-iframe-during-object-beforeload.html.

        * page/FrameView.cpp:
        (WebCore::FrameView::setFrameRect):
        (WebCore::FrameView::updateEmbeddedObject):
        (WebCore::FrameView::updateWidgetPositions):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setFrameRect):
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::setFrameRect):
        * rendering/RenderFrameBase.cpp:
        (WebCore::RenderFrameBase::layoutWithFlattening):
        (WebCore::RenderFrameBase::childRenderView):
        (WebCore::RenderFrameBase::peformLayoutWithFlattening):
        * rendering/RenderFrameBase.h:
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::updateWidgetPosition):
        * rendering/RenderWidget.h:

2015-06-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r185470.
        https://bugs.webkit.org/show_bug.cgi?id=145902

        Caused ASan violations (Requested by ap on #webkit).

        Reverted changeset:

        "Add an appearance keyword for wireless playback / airplay
        icon"
        https://bugs.webkit.org/show_bug.cgi?id=145892
        http://trac.webkit.org/changeset/185470

2015-06-11  Brady Eidson  <beidson@apple.com>

        IndexedDB onupgradeneeded event has incorrect value for oldVersion.
        <rdar://problem/18309792> and https://bugs.webkit.org/show_bug.cgi?id=136888

        Reviewed by Sam Weinig.

        Test: storage/indexeddb/version-change-event-basic.html

        "NoIntVersion" is an internal bookkeeping concept that we never should've been passing to Javascript.
        
        This cleans up things by:
        - Adjusting an old version of "NoIntVersion" to "0" before making the version change callback.
        - Removing the VersionNullness parameter from almost everywhere.
        - Removing the nullability of the newVersion parameter from the IDL.

        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::onVersionChange):
        * Modules/indexeddb/IDBDatabase.h:
        
        * Modules/indexeddb/IDBDatabaseBackend.cpp:
        (WebCore::IDBDatabaseBackend::runIntVersionChangeTransaction):
        (WebCore::IDBDatabaseBackend::deleteDatabase):
        
        * Modules/indexeddb/IDBDatabaseCallbacks.h:
        * Modules/indexeddb/IDBDatabaseCallbacksImpl.cpp:
        (WebCore::IDBDatabaseCallbacksImpl::onVersionChange):
        * Modules/indexeddb/IDBDatabaseCallbacksImpl.h:
        
        * Modules/indexeddb/IDBOpenDBRequest.cpp:
        (WebCore::IDBOpenDBRequest::onBlocked):
        (WebCore::IDBOpenDBRequest::onUpgradeNeeded):
  &n