c0f6cc39b26971ecce31e1d12040dc3e397f9ad9
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2017-05-19  Chris Dumez  <cdumez@apple.com>
2
3         CSSOM insertRule() index argument is optional with default 0
4         https://bugs.webkit.org/show_bug.cgi?id=172219
5
6         Reviewed by Sam Weinig.
7
8         Index parameter to CSSSupportsRule.insertRule() and CSSStyleSheet.insertRule() should
9         be optional with a default value of 0, as per the latest specification:
10         - https://github.com/w3c/csswg-drafts/commit/7949d41a2d86107f8ad4624c055b4b0c9c28ad0d
11         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=27384
12
13         Tests: imported/w3c/web-platform-tests/cssom/insertRule-charset-no-index.html
14                imported/w3c/web-platform-tests/cssom/insertRule-import-no-index.html
15                imported/w3c/web-platform-tests/cssom/insertRule-namespace-no-index.html
16                imported/w3c/web-platform-tests/cssom/insertRule-no-index.html
17
18         * css/CSSStyleSheet.cpp:
19         * css/CSSStyleSheet.h:
20         * css/CSSStyleSheet.idl:
21         * css/CSSSupportsRule.idl:
22
23 2017-05-19  Carlos Garcia Campos  <cgarcia@igalia.com>
24
25         [Threaded Compositor] Remove platform ifdefs from threaded compositor implementation
26         https://bugs.webkit.org/show_bug.cgi?id=172265
27
28         Reviewed by Žan Doberšek.
29
30         Remove PlatformDisplayWPE::EGLTarget.
31
32         * platform/graphics/wpe/PlatformDisplayWPE.cpp:
33         * platform/graphics/wpe/PlatformDisplayWPE.h:
34
35 2017-05-19  Jer Noble  <jer.noble@apple.com>
36
37         Unreviewed build fix; add undefined functions and constants to the CoreMediaSoftLink.h, and use the
38         correct (and previously soft-linked) method in WebCoreDecompressionSession.
39
40         * platform/cf/CoreMediaSoftLink.cpp:
41         * platform/cf/CoreMediaSoftLink.h:
42         * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
43         (WebCore::WebCoreDecompressionSession::imageForTime):
44
45 2017-05-19  Yusuke Suzuki  <utatane.tea@gmail.com>
46
47         [JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
48         https://bugs.webkit.org/show_bug.cgi?id=172098
49
50         Reviewed by Saam Barati.
51
52         Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpointFor${className}
53         function for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member
54
55         * CMakeLists.txt:
56         * WebCore.xcodeproj/project.pbxproj:
57         * bindings/js/JSDOMGlobalObject.cpp:
58         * bindings/js/JSDOMWindowBase.cpp:
59         * bindings/js/JSDOMWindowProperties.cpp:
60         * bindings/js/JSDOMWindowShell.cpp:
61         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
62         * bindings/js/JSWorkerGlobalScopeBase.cpp:
63         * bindings/scripts/CodeGeneratorJS.pm:
64         (GenerateHeader):
65         (GenerateImplementation):
66         (GenerateImplementationIterableFunctions):
67         (GenerateConstructorHelperMethods):
68         * bindings/scripts/IDLAttributes.json:
69         * bindings/scripts/test/JS/JSInterfaceName.cpp:
70         * bindings/scripts/test/JS/JSMapLike.cpp:
71         * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
72         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
73         * bindings/scripts/test/JS/JSTestCEReactions.cpp:
74         * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
75         * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
76         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
77         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
78         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
79         * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
80         * bindings/scripts/test/JS/JSTestDOMJIT.h:
81         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
82         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
83         * bindings/scripts/test/JS/JSTestException.cpp:
84         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
85         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
86         * bindings/scripts/test/JS/JSTestInterface.cpp:
87         * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
88         * bindings/scripts/test/JS/JSTestIterable.cpp:
89         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
90         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
91         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
92         * bindings/scripts/test/JS/JSTestNode.cpp:
93         * bindings/scripts/test/JS/JSTestObj.cpp:
94         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
95         * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
96         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
97         * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
98         * bindings/scripts/test/JS/JSTestSerialization.cpp:
99         * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
100         * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
101         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
102         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
103         * bridge/c/CRuntimeObject.cpp:
104         * bridge/c/c_instance.cpp:
105         * bridge/objc/ObjCRuntimeObject.mm:
106         * bridge/objc/objc_instance.mm:
107         * bridge/objc/objc_runtime.mm:
108         * bridge/runtime_array.cpp:
109         * bridge/runtime_method.cpp:
110         * bridge/runtime_object.cpp:
111         * dom/Document.idl:
112         * dom/DocumentFragment.idl:
113         * dom/Element.idl:
114         * dom/Event.idl:
115         * dom/Node.idl:
116         * domjit/JSDocumentDOMJIT.cpp:
117         (WebCore::checkSubClassPatchpointForJSDocument):
118         (WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
119         (WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
120         * domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
121         (WebCore::checkSubClassPatchpointForJSDocumentFragment):
122         * domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
123         (WebCore::checkSubClassPatchpointForJSElement):
124         * domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
125         (WebCore::checkSubClassPatchpointForJSEvent):
126         * domjit/JSNodeDOMJIT.cpp:
127         (WebCore::checkSubClassPatchpointForJSNode):
128         (WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
129         (WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
130         (WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
131         (WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
132         (WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
133         (WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
134         (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
135
136 2017-05-18  Jer Noble  <jer.noble@apple.com>
137
138         [MSE][Mac] Support painting MSE video-element to canvas
139         https://bugs.webkit.org/show_bug.cgi?id=125157
140         <rdar://problem/23062016>
141
142         Reviewed by Eric Carlson.
143
144         Test: media/media-source/media-source-paint-to-canvas.html
145
146         In order to have access to decoded video data for painting, decode the encoded samples manually
147         instead of adding them to the AVSampleBufferDisplayLayer. To facilitate doing so, add a new
148         utility class WebCoreDecompressionSession, which can decode samples and store them.
149
150         For the purposes of this patch, to avoid double-decoding of video data and to avoid severe complication
151         of our sample delivery pipeline, we will only support painting of decoded video samples when the video is
152         not displayed in the DOM.
153
154         * Modules/mediasource/MediaSource.cpp:
155         (WebCore::MediaSource::seekToTime): Always send waitForSeekCompleted() to give private a chance to delay seek completion.
156         * Modules/mediasource/SourceBuffer.cpp:
157         (WebCore::SourceBuffer::sourceBufferPrivateReenqueSamples): Added.
158         * Modules/mediasource/SourceBuffer.h:
159         * WebCore.xcodeproj/project.pbxproj:
160         * platform/cf/CoreMediaSoftLink.cpp: Added new soft link macros.
161         * platform/cf/CoreMediaSoftLink.h: Ditto.
162         * platform/cocoa/CoreVideoSoftLink.cpp: Ditto.
163         * platform/cocoa/CoreVideoSoftLink.h: Ditto.
164         * platform/graphics/SourceBufferPrivateClient.h:
165         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
166         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sampleBufferDisplayLayer): Simple accessor.
167         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::decompressionSession): Ditto.
168         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
169         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC):
170         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::load): Update whether we should be displaying in a layer or decompression session..
171         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVisible): Ditto.
172         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::waitForSeekCompleted): m_seeking is now an enum.
173         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seeking): Ditto.
174         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekCompleted): Ditto. If waiting for a video frame, delay completing seek.
175         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::nativeImageForCurrentTime): Call updateLastImage() and return result.
176         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::updateLastImage): Fetch the image for the current time.
177         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paint): Pass to paintCurrentFrameInCanvas.
178         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paintCurrentFrameInContext): Get a native image, and render it.
179         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged): Create or destroy a layer or decompression session as appropriate.
180         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): Creates a layer.
181         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::destroyLayer): Destroys a layer.
182         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureDecompressionSession): Creates a decompression session.
183         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::destroyDecompressionSession): Destroys a decompression session.
184         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setHasAvailableVideoFrame): If seek completion delayed, complete now. Ditto for ready state change.
185         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setReadyState): If waiting for a video frame, delay ready state change.
186         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Deleted.
187         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer): Deleted.
188         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
189         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
190         (WebCore::MediaSourcePrivateAVFObjC::hasVideo): Promote to a class function.
191         (WebCore::MediaSourcePrivateAVFObjC::hasSelectedVideo): Return whether any of the active source buffers have video and are selected.
192         (WebCore::MediaSourcePrivateAVFObjC::hasSelectedVideoChanged): Call setSourceBufferWithSelectedVideo().
193         (WebCore::MediaSourcePrivateAVFObjC::setVideoLayer): Set (or clear) the layer on the selected buffer.
194         (WebCore::MediaSourcePrivateAVFObjC::setDecompressionSession): Ditto for decompression session.
195         (WebCore::MediaSourcePrivateAVFObjC::setSourceBufferWithSelectedVideo): Remove the layer and decompression session from the unselected
196
197                 buffer and add the decompression session or layer to the newly selected buffer.
198         (WebCore::MediaSourcePrivateAVFObjCHasVideo): Deleted.
199         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
200         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
201         (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers): Clear the videoLayer and decompressionSession.
202         (WebCore::SourceBufferPrivateAVFObjC::hasSelectedVideo): Return whether the buffer has a selected video track.
203         (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled): The media player now manages the video layer and decompression session lifetimes.
204         (WebCore::SourceBufferPrivateAVFObjC::flush): Flush the decompression session, if it exists.
205         (WebCore::SourceBufferPrivateAVFObjC::enqueueSample): Enqueue to the decompression session, if it exists.
206         (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples): As the decompression session, if it exists.
207         (WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples): Tell the decompression session to stop requesting data, if it exists.
208         (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples): Request media data from the decompression session, if it exists.
209         (WebCore::SourceBufferPrivateAVFObjC::setVideoLayer): Added.
210         (WebCore::SourceBufferPrivateAVFObjC::setDecompressionSession): Added.
211         * platform/graphics/cocoa/WebCoreDecompressionSession.h: Added.
212         (WebCore::WebCoreDecompressionSession::create):
213         (WebCore::WebCoreDecompressionSession::isInvalidated):
214         (WebCore::WebCoreDecompressionSession::createWeakPtr):
215         * platform/graphics/cocoa/WebCoreDecompressionSession.mm: Added.
216         (WebCore::WebCoreDecompressionSession::WebCoreDecompressionSession): Register for media data requests.
217         (WebCore::WebCoreDecompressionSession::invalidate):  Unregister for same.
218         (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaDataCallback): Pass to maybeBecomeReadyForMoreMediaData.
219         (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData): Check in-flight decodes, and decoded frame counts.
220         (WebCore::WebCoreDecompressionSession::enqueueSample): Pass the sample to be decoded on a background queue.
221         (WebCore::WebCoreDecompressionSession::decodeSample): Decode the sample.
222         (WebCore::WebCoreDecompressionSession::decompressionOutputCallback): Call handleDecompressionOutput.
223         (WebCore::WebCoreDecompressionSession::handleDecompressionOutput): Pass decoded sample to be enqueued on the main thread.
224         (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
225         (WebCore::WebCoreDecompressionSession::enqueueDecodedSample): Enqueue the frame (if it's a displayed frame).
226         (WebCore::WebCoreDecompressionSession::isReadyForMoreMediaData): Return whether we've hit our high water sample count.
227         (WebCore::WebCoreDecompressionSession::requestMediaDataWhenReady):
228         (WebCore::WebCoreDecompressionSession::stopRequestingMediaData): Unset the same.
229         (WebCore::WebCoreDecompressionSession::notifyWhenHasAvailableVideoFrame): Set a callback to notify when a decoded frame has been enqueued.
230         (WebCore::WebCoreDecompressionSession::imageForTime): Successively dequeue images until reaching one at or beyond the requested time.
231         (WebCore::WebCoreDecompressionSession::flush): Synchronously empty the producer and consumer queues.
232         (WebCore::WebCoreDecompressionSession::getDecodeTime): Utility method.
233         (WebCore::WebCoreDecompressionSession::getPresentationTime): Ditto.
234         (WebCore::WebCoreDecompressionSession::getDuration): Ditto.
235         (WebCore::WebCoreDecompressionSession::compareBuffers): Ditto.
236         * platform/cocoa/VideoToolboxSoftLink.cpp: Added.
237         * platform/cocoa/VideoToolboxSoftLink.h: Added.
238
239 2017-05-18  Said Abou-Hallawa  <sabouhallawa@apple.com>
240
241         [REGRESSION](r216901): Delete ImageDecoder if BitmapImage::destroyDecodedData() was called to destroy all the decoded frames
242         https://bugs.webkit.org/show_bug.cgi?id=172325
243
244         Reviewed by Simon Fraser.
245
246         When calling BitmapImage::destroyDecodedData() with destroyAll = true, the
247         current ImageDecoder has to be deleted regardless the current frame needs
248         to be cached or not. This is true except when the image is animating.
249         Creating a new ImageDecoder for the animated image will lead to decoding
250         all the frames from frame-zero till the current frame.
251
252         Deleting the current ImageDecoder has the benefit of releasing its raster
253         data. We also must delete the current ImageDecoder when the CachedImage
254         switched its data SharedBuffer.
255
256         The fix is return the condition in BitmapImage::destroyDecodedData() to 
257         be as it was before r216901.
258
259         * platform/graphics/BitmapImage.cpp:
260         (WebCore::BitmapImage::destroyDecodedData):
261
262 2017-05-18  Ryan Haddad  <ryanhaddad@apple.com>
263
264         Unreviewed, rolling out r217079.
265
266         This change broke internal builds.
267
268         Reverted changeset:
269
270         "Redundant ellipsis box triggers
271         ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent()."
272         https://bugs.webkit.org/show_bug.cgi?id=172309
273         http://trac.webkit.org/changeset/217079
274
275 2017-05-18  Joseph Pecoraro  <pecoraro@apple.com>
276
277         Web Inspector: Release InjectedScripts when frontends close
278         https://bugs.webkit.org/show_bug.cgi?id=172313
279
280         Reviewed by Andreas Kling.
281
282         * inspector/InspectorController.cpp:
283         (WebCore::InspectorController::disconnectFrontend):
284         Release inspector resources together, including discarding injected
285         scripts so that they may be collected.
286
287         (WebCore::InspectorController::inspectedPageDestroyed):
288         (WebCore::InspectorController::disconnectAllFrontends):
289         Move the disconnect call inside of disconnectAllFrontends to establish
290         a pattern of releasing web inspector resources together.
291
292 2017-05-18  Simon Fraser  <simon.fraser@apple.com>
293
294         Add a newline after the URL in showLayerTree output.
295
296         Reviewed by Zalan Bujtas.
297
298         * rendering/RenderLayer.cpp:
299         (WebCore::showLayerTree):
300
301 2017-05-18  Wenson Hsieh  <wenson_hsieh@apple.com>
302
303         Attachment drag preview should not have the attachment outline
304         https://bugs.webkit.org/show_bug.cgi?id=172327
305         <rdar://problem/32282831>
306
307         Reviewed by Tim Horton.
308
309         When creating a drag image for an attachment element, don't include borders around the attachment.
310
311         * page/DragController.cpp:
312         (WebCore::DragController::startDrag):
313         * rendering/RenderAttachment.h:
314         * rendering/RenderThemeIOS.mm:
315         (WebCore::RenderThemeIOS::paintAttachment):
316
317 2017-05-18  Youenn Fablet  <youenn@apple.com>
318
319         Make WebRTC logging happen in Release
320         https://bugs.webkit.org/show_bug.cgi?id=172307
321
322         Reviewed by Eric Carlson.
323
324         No change of behavior.
325         Move from LOG(WebRTC...) to RELEASE_LOG(WebRTC...).
326
327         * Modules/mediastream/PeerConnectionBackend.cpp:
328         (WebCore::PeerConnectionBackend::createOfferSucceeded):
329         (WebCore::PeerConnectionBackend::createOfferFailed):
330         (WebCore::PeerConnectionBackend::createAnswerSucceeded):
331         (WebCore::PeerConnectionBackend::createAnswerFailed):
332         (WebCore::PeerConnectionBackend::setLocalDescriptionSucceeded):
333         (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
334         (WebCore::PeerConnectionBackend::setRemoteDescriptionSucceeded):
335         (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
336         (WebCore::PeerConnectionBackend::addIceCandidateSucceeded):
337         (WebCore::PeerConnectionBackend::addIceCandidateFailed):
338         (WebCore::PeerConnectionBackend::newICECandidate):
339         (WebCore::PeerConnectionBackend::doneGatheringCandidates):
340         * Modules/mediastream/RTCPeerConnection.cpp:
341         (WebCore::RTCPeerConnection::queuedCreateOffer):
342         (WebCore::RTCPeerConnection::queuedCreateAnswer):
343         (WebCore::RTCPeerConnection::queuedSetLocalDescription):
344         (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
345         (WebCore::RTCPeerConnection::queuedAddIceCandidate):
346
347 2017-05-18  Eric Carlson  <eric.carlson@apple.com>
348
349         [MediaStream] do not cache gUM permissions
350         https://bugs.webkit.org/show_bug.cgi?id=172245
351
352         Reviewed by Youenn Fablet.
353
354         No new tests, updated fast/mediastream/MediaDevices-getUserMedia.html.
355
356         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
357         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Add salt parameter.
358         * platform/mediastream/RealtimeMediaSourceCenter.h:
359
360 2017-05-18  Zalan Bujtas  <zalan@apple.com>
361
362         Redundant ellipsis box triggers ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent().
363         https://bugs.webkit.org/show_bug.cgi?id=172309
364         <rdar://problem/32262357>
365
366         Reviewed by Simon Fraser.
367
368         This patch stops the redundant ellipsis box trigger ASSERT_WITH_SECURITY_IMPLICATION.
369
370         In RootInlineBox::placeEllipsis we construct an ellipsis box and append it to a static HashMap which
371         keeps track of the ellipsis boxes on each line. However when the line already has an ellipsis, we
372         re-use the existing one and this newly constructed (but redundant) box gets destroyed as we return from this function.
373         In InlineBox's d'tor, we let the parent know that now it has a dangling child and we assert on it
374         later, while accessing the children list. However this redundant ellipsis box was never added to the line,
375         so the assertion hits incorrectly.
376
377         Test: fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html
378
379         * rendering/EllipsisBox.cpp:
380         (WebCore::EllipsisBox::EllipsisBox):
381         * rendering/InlineBox.cpp:
382         (WebCore::InlineBox::invalidateParentChildList):
383         * rendering/InlineBox.h:
384         * rendering/RootInlineBox.cpp:
385         (WebCore::RootInlineBox::placeEllipsis): Use the newly created ellipsis box instead.
386
387 2017-05-18  Andy Estes  <aestes@apple.com>
388
389         ENABLE(APPLE_PAY_DELEGATE) should be NO on macOS Sierra and earlier
390         https://bugs.webkit.org/show_bug.cgi?id=172305
391
392         Reviewed by Anders Carlsson.
393
394         * Configurations/FeatureDefines.xcconfig:
395
396 2017-05-18  Dean Jackson  <dino@apple.com>
397
398         Transform misplaces element 50% of the time
399         https://bugs.webkit.org/show_bug.cgi?id=172300
400
401         Reviewed by Simon Fraser.
402
403         A hardware-accelerated animation of the transform property
404         requires layout to happen if it contains a translate operation
405         using percentages, otherwise it may create an incorrect
406         animation. The "50% of the time" comes in to play because
407         the layout timer may sometimes fire before the animation
408         timer. The test case contains a example that is much more
409         likely to fail without this fix.
410
411         Test: animations/needs-layout.html
412
413         * page/animation/CSSAnimationController.cpp:
414         (WebCore::CSSAnimationControllerPrivate::animationTimerFired): If
415         we've been told that we need a layout, and we have one pending, then
416         force it before doing the rest of the animation logic.
417         (WebCore::CSSAnimationController::updateAnimations): Check if the
418         CompositeAnimation depends on layout, and tell the private controller
419         that it should check for the necessity of a layout as the animation
420         timer fires.
421
422         * page/animation/CompositeAnimation.cpp:
423         (WebCore::CompositeAnimation::animate): Ask the keyframes if this
424         animation depends on layout.
425
426         * page/animation/CompositeAnimation.h:
427         (WebCore::CompositeAnimation::hasAnimationThatDependsOnLayout):
428         * page/animation/KeyframeAnimation.cpp:
429         (WebCore::KeyframeAnimation::KeyframeAnimation):
430         (WebCore::KeyframeAnimation::computeLayoutDependency): Look at all
431         the keyframe properties for something that is a translation using
432         percentages.
433
434         * page/animation/KeyframeAnimation.h:
435
436 2017-05-18  Wenson Hsieh  <wenson_hsieh@apple.com>
437
438         Selection around attachment elements should not persist when beginning a drag
439         https://bugs.webkit.org/show_bug.cgi?id=172319
440         <rdar://problem/32283008>
441
442         Reviewed by Tim Horton.
443
444         When beginning to drag an attachment element, save and restore the visible selection when calling out to the
445         injected bundle for additional data, and when creating the drag image.
446
447         Augmented an existing API test: DataInteractionTests.AttachmentElementItemProviders.
448
449         * page/DragController.cpp:
450         (WebCore::DragController::startDrag):
451
452 2017-05-18  Daniel Bates  <dabates@apple.com>
453
454         Cleanup: Remove unused functions from RuntimeEnabledFeatures
455         https://bugs.webkit.org/show_bug.cgi?id=172315
456
457         Reviewed by Jer Noble.
458
459         * page/RuntimeEnabledFeatures.cpp:
460         (WebCore::RuntimeEnabledFeatures::htmlMediaElementEnabled): Deleted.
461         (WebCore::RuntimeEnabledFeatures::htmlVideoElementEnabled): Deleted.
462         (WebCore::RuntimeEnabledFeatures::htmlSourceElementEnabled): Deleted.
463         (WebCore::RuntimeEnabledFeatures::mediaControllerEnabled): Deleted.
464         (WebCore::RuntimeEnabledFeatures::mediaErrorEnabled): Deleted.
465         (WebCore::RuntimeEnabledFeatures::timeRangesEnabled): Deleted.
466         * page/RuntimeEnabledFeatures.h:
467         (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled): Deleted.
468         (WebCore::RuntimeEnabledFeatures::domIteratorEnabled): Deleted.
469         (WebCore::RuntimeEnabledFeatures::setGeolocationEnabled): Deleted.
470         (WebCore::RuntimeEnabledFeatures::geolocationEnabled): Deleted.
471
472 2017-05-18  Daniel Bates  <dabates@apple.com>
473
474         Improve error message for Access-Control-Allow-Origin violation due to misconfigured server
475         https://bugs.webkit.org/show_bug.cgi?id=162819
476         <rdar://problem/28575938>
477
478         Reviewed by Joseph Pecoraro.
479
480         Inspired by Blink change:
481         <https://src.chromium.org/viewvc/blink?view=revision&revision=163406>
482
483         At most one Access-Control-Allow-Origin header may be in an HTTP response. Improve the
484         error message emitted on a CORS failure when Access-Control-Allow-Origin contains more
485         than one origin, indicated by the presence of a ',', as a way to help web developers/server
486         administrators differentiate between a misconfigured Access-Control-Allow-Origin header
487         and a misconfigured server.
488
489         * loader/CrossOriginAccessControl.cpp:
490         (WebCore::passesAccessControlCheck): Defined a local variable to hold the value of securityOrigin.toString()
491         and referenced this variable throughout the code to avoid computing the stringified security
492         origin more than once. Switched to using makeString() to concatenate error message when the
493         origin of the page does not match the value of the Access-Control-Allow-Origin header.
494
495 2017-05-18  John Wilander  <wilander@apple.com>
496
497         Resource Load Statistics: Grandfather domains for existing data records
498         https://bugs.webkit.org/show_bug.cgi?id=172155
499         <rdar://problem/24913532>
500
501         Reviewed by Alex Christensen.
502
503         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
504
505         * loader/ResourceLoadObserver.cpp:
506         (WebCore::ResourceLoadObserver::setGrandfathered):
507         (WebCore::ResourceLoadObserver::isGrandfathered):
508         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
509         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
510             Functions for testing and configuration.
511             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
512             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
513         * loader/ResourceLoadObserver.h:
514         * loader/ResourceLoadStatisticsStore.cpp:
515         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
516         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
517             Now contains endOfGrandfatheringTimestamp.
518         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
519             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
520         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
521         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
522             Changed as a result of moving
523             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
524         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
525         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
526             Renamed since it now also takes grandfathering into account.
527         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
528             Fixed typo in local variable name.
529         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
530         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
531             Convenience function added.
532         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
533             Convenience function added.
534         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
535             Convenience function added.
536         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
537             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
538         * loader/ResourceLoadStatisticsStore.h:
539
540 2017-05-18  Daniel Bates  <dabates@apple.com>
541
542         Bindings: Require value for extended attributes EnabledAtRuntime and EnabledForWorld
543         https://bugs.webkit.org/show_bug.cgi?id=172252
544
545         Reviewed by Sam Weinig.
546
547         According to Sam Weinig it is an anti-feature that EnabledAtRuntime can be specified
548         without a value. We should make it require a value for the name of the RuntimeEnabledFeatures
549         function to use in the generated code. For similar reasons we should also require
550         a value for the extended attribute EnabledForWorld.
551
552         * Modules/websockets/WebSocket.idl: Substitute EnabledAtRuntime=WebSocket for EnabledAtRuntime.
553         * bindings/scripts/CodeGeneratorJS.pm:
554         (GetRuntimeEnableFunctionName):
555         * html/HTMLAudioElement.idl: Substitute EnabledAtRuntime=Audio for EnabledAtRuntime.
556         * page/RuntimeEnabledFeatures.cpp:
557         (WebCore::RuntimeEnabledFeatures::audioEnabled):
558         (WebCore::RuntimeEnabledFeatures::htmlAudioElementEnabled): Deleted. This function duplicated
559         the functionality of RuntimeEnabledFeatures::audioEnabled(). Instead we explicitly
560         write EnabledAtRuntime=Audio in HTMLAudioElement.idl to use RuntimeEnabledFeatures::audioEnabled()
561         to determine whether to expose/conceal the HTMLAudioElement global constructor at runtime.
562         * page/RuntimeEnabledFeatures.h:
563
564 2017-05-18  Jer Noble  <jer.noble@apple.com>
565
566         Allow nested timers to propagate user gestures so long as the total nested interval is less than 1s.
567         https://bugs.webkit.org/show_bug.cgi?id=172173
568
569         Reviewed by Andy Estes.
570
571         Test: media/restricted-audio-playback-with-multiple-settimeouts.html
572
573         Store the current nested timer interval in DOMTimerFireState, and use that value to propagate the
574         nested interval through multiple invocations of setTimeout().
575
576         Drive-by fix: instead of manually resetting the nesting level in DOMTimer::fired(), add the
577         nesting level to the DOMTimerFireState, and reset the nesting level on the state's destruction.
578         This fixes one place in DOMTimer::fire() where an early return lead to the timer's nesting level
579         not being reset.
580
581         * page/DOMTimer.cpp:
582         (WebCore::DOMTimerFireState::DOMTimerFireState):
583         (WebCore::DOMTimerFireState::~DOMTimerFireState):
584         (WebCore::DOMTimerFireState::nestedTimerInterval):
585         (WebCore::shouldForwardUserGesture):
586         (WebCore::userGestureTokenToForward):
587         (WebCore::currentNestedTimerInterval):
588         (WebCore::DOMTimer::DOMTimer):
589         (WebCore::DOMTimer::fired):
590         * page/DOMTimer.h:
591
592 2017-05-18  Youenn Fablet  <youenn@apple.com>
593
594         RealtimeOutgoingAudioSource should use the source sample rate
595         https://bugs.webkit.org/show_bug.cgi?id=172297
596
597         Reviewed by Eric Carlson.
598
599         Covered by manual tests.
600
601         * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
602         (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable): Using the audio source sample rate so that the converter does the right conversion.
603
604 2017-05-18  Andy Estes  <aestes@apple.com>
605
606         Add "countryCode" to ApplePayErrorContactField
607         https://bugs.webkit.org/show_bug.cgi?id=172264
608         <rdar://problem/32004909>
609
610         Reviewed by Anders Carlsson.
611
612         Added ApplePayError tests to http/tests/ssl/applepay/ApplePaySession.html
613
614         * Modules/applepay/ApplePayError.idl:
615         * Modules/applepay/PaymentRequest.h:
616
617 2017-05-18  Daniel Bates  <dabates@apple.com>
618
619         Cleanup: Remove unnecessary call to AddToImplIncludes("RuntimeEnabledFeatures.h") in GenerateImplementation()
620         https://bugs.webkit.org/show_bug.cgi?id=172236
621
622         Reviewed by Chris Dumez.
623
624         It is unnecessary for GenerateImplementation() to explicitly call AddToImplIncludes("RuntimeEnabledFeatures.h")
625         to add the header RuntimeEnabledFeatures.h to the list of headers in the generated implementation
626         as this header is added when GetRuntimeEnableFunctionName() is called. And GenerateImplementation()
627         calls GetRuntimeEnableFunctionName().
628
629         No functionality changed. So, no new tests.
630
631         * bindings/scripts/CodeGeneratorJS.pm:
632         (GenerateImplementation):
633
634 2017-05-18  Daniel Bates  <dabates@apple.com>
635
636         REGRESSION (r209608): Cross-origin plugin document opened in child window blocked by parent
637         window CSP when object-src 'none' is set
638         https://bugs.webkit.org/show_bug.cgi?id=172038
639         <rdar://problem/32258262>
640
641         Reviewed by Andy Estes.
642
643         Fixes an issue where a cross-origin plugin document opened in a child window would inherit
644         the Content Security Policy (CSP) of its opener. In particular, a cross-origin plugin
645         document opened in a child window would be blocked when the CSP of its opener disallows
646         plugins (e.g. object-source 'none').
647
648         Prior to r209608 a document opened in a child window never inherited the CSP from its opener
649         and a plugin document loaded in a subframe would unconditionally inherit the CSP from its
650         parent frame. So, a plugin document opened in a child window would be allowed to load
651         regardless of whether its opener had a CSP that prevented plugins. Following r209608 a
652         document opened in a child window would inherit its CSP from its opener if and only if it
653         would inherit the security origin from its opener (e.g. about:blank) or was a plugin
654         document. The latter condition makes plugin documents opened in a child window unconditionally
655         inherit the CSP from their opener and is the cause of this bug. It seems reasonable to exempt
656         cross-origin plugin documents opened in a child window from the CSP inheritance rule because
657         such documents cannot compromise the origin of their opener. Same-origin plugin documents
658         opened in a child window will continue to inherit the CSP from their opener because such
659         documents can compromise the origin of their opener.
660
661         Tests: http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window.html
662                http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window.html
663                http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html
664
665         * dom/Document.cpp:
666         (WebCore::Document::shouldInheritContentSecurityPolicyFromOwner): Added.
667         (WebCore::Document::initContentSecurityPolicy):
668         * dom/Document.h:
669
670 2017-05-18  Keith Miller  <keith_miller@apple.com>
671
672         WebAssembly API: test with neutered inputs
673         https://bugs.webkit.org/show_bug.cgi?id=163899
674
675         Reviewed by JF Bastien.
676
677         Make it not possible to transfer an ArrayBuffer that is backed by a
678         wasm memory.
679
680         Test: workers/wasm-mem-post-message.html
681
682         * bindings/js/SerializedScriptValue.cpp:
683         (WebCore::SerializedScriptValue::create):
684
685 2017-05-18  Commit Queue  <commit-queue@webkit.org>
686
687         Unreviewed, rolling out r217031, r217032, and r217037.
688         https://bugs.webkit.org/show_bug.cgi?id=172293
689
690         cause linking errors in Windows (Requested by yusukesuzuki on
691         #webkit).
692
693         Reverted changesets:
694
695         "[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass"
696         https://bugs.webkit.org/show_bug.cgi?id=172098
697         http://trac.webkit.org/changeset/217031
698
699         "Unreviewed, rebaseline for newly added ClassInfo"
700         https://bugs.webkit.org/show_bug.cgi?id=172098
701         http://trac.webkit.org/changeset/217032
702
703         "Unreviewed, fix debug and non-JIT build"
704         https://bugs.webkit.org/show_bug.cgi?id=172098
705         http://trac.webkit.org/changeset/217037
706
707 2017-05-18  Per Arne Vollan  <pvollan@apple.com>
708
709         Protect MediaDeviceRequest instance during context destruction.
710         https://bugs.webkit.org/show_bug.cgi?id=172285
711         <rdar://problem/30369017>
712
713         Reviewed by Brent Fulgham.
714
715         In MediaDevicesRequest::contextDestroyed(), the call to m_enumerationRequest->cancel() might
716         end up deleting itself (MediaDevicesRequest). The std::function member m_completionHandler
717         in MediaDevicesEnumerationRequest contains a captured variable of type
718         RefPtr<MediaDevicesRequest>. When m_completionHandler is set to null in the cancel() method,
719         the MediaDevicesRequest object will be deleted if the m_completionHandler member is holding
720         the last reference.
721
722         No new tests, since I am unable to reproduce.
723
724         * Modules/mediastream/MediaDevicesRequest.cpp:
725         (WebCore::MediaDevicesRequest::contextDestroyed):
726
727 2017-05-18  Antti Koivisto  <antti@apple.com>
728
729         Design mode should not affect UA shadow trees
730         https://bugs.webkit.org/show_bug.cgi?id=171854
731         <rdar://problem/32071037>
732
733         Reviewed by Zalan Bujtas.
734
735         Test: editing/deleting/search-shadow-tree-delete.html
736
737         * html/HTMLElement.cpp:
738         (WebCore::HTMLElement::editabilityFromContentEditableAttr):
739
740             Ignore design mode for UA shadow trees.
741
742         * html/SearchInputType.cpp:
743         (WebCore::SearchInputType::~SearchInputType):
744         (WebCore::SearchInputType::createShadowSubtree):
745         (WebCore::SearchInputType::resultsButtonElement):
746         (WebCore::SearchInputType::cancelButtonElement):
747         * html/SearchInputType.h:
748
749             Use RefPtr.
750
751 2017-05-18  Vanessa Chipirrás Navalón  <vchipirras@igalia.com>
752
753         [GTK][GStreamer][MSE] Crash on youtube when MSE is enabled but gstreamer cant find the decoder element.
754         https://bugs.webkit.org/show_bug.cgi?id=167120
755
756         Reviewed by Žan Doberšek.
757
758         This is because supportCodecs() doesn't check in runtime which plugins the player has.
759         So, a static function which returns a map with the plugins has been created. That map is later
760         used in the supportsCodecs() method to check if the requested codec matches any of the map.
761
762         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
763         (WebCore::MediaPlayerPrivateGStreamerBase::initializeGStreamerAndRegisterWebKitElements):
764         The declaration is moved into this class.
765         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
766         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): This function calls the implementation of
767         initializeGstreamerAndRegisterWebKitElements function.
768         (WebCore::MediaPlayerPrivateGStreamer::load): Ditto
769         (WebCore::mimeTypeSet): Ditto
770         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: It is static type to expose
771         initializeGStreamerAndRegisterWebKitElements() function to be called from internal function
772         "which runs before MediaPlayerPrivateGStreamerBase initialization but needs to have GStreamer initialized".
773         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
774         (WebCore::codecSet): It returns a map with the plugins has been created.
775         (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs): To check if the requested codec
776         matches any of the map from codecSet().
777
778 2017-05-18  Romain Bellessort  <romain.bellessort@crf.canon.fr>
779
780         [Readable Streams API] Align getDesiredSize with spec
781         https://bugs.webkit.org/show_bug.cgi?id=172220
782
783         Reviewed by Chris Dumez.
784
785         Aligned implementation of getDesiredSize operation for both controllers:
786         - https://streams.spec.whatwg.org/#readable-stream-default-controller-get-desired-size
787         - https://streams.spec.whatwg.org/#readable-byte-stream-controller-get-desired-size
788
789         Implementation slightly differs from spec as queueTotalSize refactoring is not
790         yet implemented, but behavior is now similar.
791
792         No new tests (already covered by WPT tests, corresponding expectations have been updated).
793
794         * Modules/streams/ReadableByteStreamInternals.js:
795         (readableByteStreamControllerGetDesiredSize): Updated.
796         * Modules/streams/ReadableStreamInternals.js:
797         (readableStreamDefaultControllerGetDesiredSize): Updated.
798
799 2017-05-18  Tim Horton  <timothy_horton@apple.com>
800
801         More WebKit2 header cleanup
802         https://bugs.webkit.org/show_bug.cgi?id=172214
803
804         Reviewed by Simon Fraser.
805
806         * Modules/mediastream/UserMediaController.cpp:
807         * Modules/mediastream/UserMediaController.h:
808
809 2017-05-16  Yusuke Suzuki  <utatane.tea@gmail.com>
810
811         [JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
812         https://bugs.webkit.org/show_bug.cgi?id=172098
813
814         Reviewed by Saam Barati.
815
816         Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpoint function
817         for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member.
818
819         * CMakeLists.txt:
820         * WebCore.xcodeproj/project.pbxproj:
821         * bindings/js/JSDOMGlobalObject.cpp:
822         * bindings/js/JSDOMWindowBase.cpp:
823         * bindings/js/JSDOMWindowProperties.cpp:
824         * bindings/js/JSDOMWindowShell.cpp:
825         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
826         * bindings/js/JSWorkerGlobalScopeBase.cpp:
827         * bindings/scripts/CodeGeneratorJS.pm:
828         (GenerateHeader):
829         (GenerateImplementation):
830         (GenerateImplementationIterableFunctions):
831         (GenerateConstructorHelperMethods):
832         * bindings/scripts/IDLAttributes.json:
833         * bindings/scripts/test/JS/JSInterfaceName.cpp:
834         * bindings/scripts/test/JS/JSMapLike.cpp:
835         * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
836         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
837         * bindings/scripts/test/JS/JSTestCEReactions.cpp:
838         * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
839         * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
840         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
841         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
842         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
843         * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
844         * bindings/scripts/test/JS/JSTestDOMJIT.h:
845         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
846         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
847         * bindings/scripts/test/JS/JSTestException.cpp:
848         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
849         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
850         * bindings/scripts/test/JS/JSTestInterface.cpp:
851         * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
852         * bindings/scripts/test/JS/JSTestIterable.cpp:
853         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
854         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
855         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
856         * bindings/scripts/test/JS/JSTestNode.cpp:
857         * bindings/scripts/test/JS/JSTestObj.cpp:
858         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
859         * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
860         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
861         * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
862         * bindings/scripts/test/JS/JSTestSerialization.cpp:
863         * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
864         * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
865         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
866         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
867         * bridge/c/CRuntimeObject.cpp:
868         * bridge/c/c_instance.cpp:
869         * bridge/objc/ObjCRuntimeObject.mm:
870         * bridge/objc/objc_instance.mm:
871         * bridge/objc/objc_runtime.mm:
872         * bridge/runtime_array.cpp:
873         * bridge/runtime_method.cpp:
874         * bridge/runtime_object.cpp:
875         * dom/Document.idl:
876         * dom/DocumentFragment.idl:
877         * dom/Element.idl:
878         * dom/Event.idl:
879         * dom/Node.idl:
880         * domjit/JSDocumentDOMJIT.cpp:
881         (WebCore::JSDocument::checkSubClassPatchpoint):
882         (WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
883         (WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
884         * domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
885         (WebCore::JSDocumentFragment::checkSubClassPatchpoint):
886         * domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
887         (WebCore::JSElement::checkSubClassPatchpoint):
888         * domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
889         (WebCore::JSEvent::checkSubClassPatchpoint):
890         * domjit/JSNodeDOMJIT.cpp:
891         (WebCore::JSNode::checkSubClassPatchpoint):
892         (WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
893         (WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
894         (WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
895         (WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
896         (WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
897         (WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
898         (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
899
900 2017-05-17  Youenn Fablet  <youenn@apple.com>
901
902         r216999 broke win build
903         https://bugs.webkit.org/show_bug.cgi?id=172257
904
905         Unreviewed.
906
907         * testing/Internals.cpp:
908         (WebCore::Internals::setPageVisibility): Moving setPageVisibility out of MEDIA_STREAM compilation flag.
909
910 2017-05-17  Andy Estes  <aestes@apple.com>
911
912         [Cocoa] errors are not propagated to PassKit when calling ApplePaySession.completePayment()
913         https://bugs.webkit.org/show_bug.cgi?id=172253
914         <rdar://problem/32258020>
915
916         Reviewed by Dan Bernstein.
917
918         In ApplePaySession::completePayment(), releaseReturnValue() was being called twice on the
919         same convertedResult. Since the first call moved the errors vector out of convertedResult,
920         the vector is empty in the second call. It's the second call that sends the result to the
921         UI process, so we end up with an empty arary when we call PassKit's delegate completion
922         handler.
923
924         * Modules/applepay/ApplePaySession.cpp:
925         (WebCore::ApplePaySession::completePayment):
926
927 2017-05-17  Ryan Haddad  <ryanhaddad@apple.com>
928
929         Unreviewed, rolling out r217014.
930
931         This change caused mac-wk2 LayoutTests to exit early due to
932         crashes.
933
934         Reverted changeset:
935
936         "Resource Load Statistics: Grandfather domains for existing
937         data records"
938         https://bugs.webkit.org/show_bug.cgi?id=172155
939         http://trac.webkit.org/changeset/217014
940
941 2017-05-17  Zalan Bujtas  <zalan@apple.com>
942
943         Tighten TextIterator::handleTextNode run-renderer mapping logic.
944         https://bugs.webkit.org/show_bug.cgi?id=172174
945
946         Reviewed by Antti Koivisto.
947
948         This patch ensure that when runs and renderers are getting out of sync
949         we don't run into problems like webkit.org/b/172113 (where we end up
950         using incorrect content start/end positions).
951
952         * editing/TextIterator.cpp:
953         (WebCore::TextIterator::handleTextNode):
954
955 2017-05-17  John Wilander  <wilander@apple.com>
956
957         Resource Load Statistics: Grandfather domains for existing data records
958         https://bugs.webkit.org/show_bug.cgi?id=172155
959         <rdar://problem/24913532>
960
961         Reviewed by Alex Christensen.
962
963         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
964
965         * loader/ResourceLoadObserver.cpp:
966         (WebCore::ResourceLoadObserver::setGrandfathered):
967         (WebCore::ResourceLoadObserver::isGrandfathered):
968         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
969         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
970             Functions for testing and configuration.
971             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
972             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
973         * loader/ResourceLoadObserver.h:
974         * loader/ResourceLoadStatisticsStore.cpp:
975         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
976         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
977             Now contains endOfGrandfatheringTimestamp.
978         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
979             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
980         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
981         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
982             Changed as a result of moving
983             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
984         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
985         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
986             Renamed since it now also takes grandfathering into account.
987         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
988             Fixed typo in local variable name.
989         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
990         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
991             Convenience function added.
992         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
993             Convenience function added.
994         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
995             Convenience function added.
996         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
997             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
998         * loader/ResourceLoadStatisticsStore.h:
999
1000 2017-05-17  Zalan Bujtas  <zalan@apple.com>
1001
1002         Debug ASSERT: WebCore::RenderImageResource::shutdown
1003         https://bugs.webkit.org/show_bug.cgi?id=172238
1004         <rdar://problem/30064601>
1005
1006         Reviewed by Simon Fraser.
1007
1008         While constructing new renderers, as part of the render tree update, we check if the insertion point is valid for them. 
1009         When this newly constructed child renderer can't be injected to a specific place, we destroy it right away.
1010         This assert was added with the assumption that the image resource object gets initialized
1011         (through RenderObject::initializeStyle) even when the renderer turns out to be invalid.
1012
1013         Test: fast/images/assert-when-insertion-point-is-incorrect.html
1014
1015         * rendering/RenderImageResource.cpp:
1016         (WebCore::RenderImageResource::RenderImageResource):
1017         (WebCore::RenderImageResource::shutdown):
1018         * rendering/RenderImageResource.h:
1019
1020 2017-05-17  Per Arne Vollan  <pvollan@apple.com>
1021
1022         Crash under WebCore::AudioSourceProviderAVFObjC::process().
1023         https://bugs.webkit.org/show_bug.cgi?id=172101
1024         rdar://problem/27446589
1025
1026         Reviewed by Jer Noble.
1027
1028         Calling the function MTAudioProcessingTapGetSourceAudio when the value of the
1029         MTAudioProcessingTapRef parameter is null, will lead to a null dereference.
1030         This can for example happen if MediaPlayerPrivateAVFoundationObjC::cancelLoad()
1031         is called on the main thread while MediaToolbox is calling the
1032         WebCore::AudioSourceProviderAVFObjC::processCallback function on a secondary
1033         thread. MediaPlayerPrivateAVFoundationObjC::cancelLoad() will then call
1034         AudioSourceProviderAVFObjC::setPlayerItem(nullptr), which will call
1035         AudioSourceProviderAVFObjC::destroyMix(), which will set m_tap to null. When
1036         AudioSourceProviderAVFObjC::process is called on the secondary thread, using
1037         the m_tap member in the call to MTAudioProcessingTapGetSourceAudio, the process
1038         will crash.
1039
1040         No new tests since I am not able to reproduce.
1041
1042         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
1043         (WebCore::AudioSourceProviderAVFObjC::initCallback):
1044         (WebCore::AudioSourceProviderAVFObjC::process):
1045
1046 2017-05-17  Chris Dumez  <cdumez@apple.com>
1047
1048         Setting URL.search to '' results in a stringified URL ending in '?'
1049         https://bugs.webkit.org/show_bug.cgi?id=162345
1050         <rdar://problem/31800441>
1051
1052         Reviewed by Alex Christensen.
1053
1054         As per the specification for the URL.search setter [1], if the given value is
1055         the empty string, then we should set the URL's query to null. We would
1056         previously set the URL's query to the empty string in this case. This aligns
1057         our behavior with Firefox and Chrome.
1058
1059         [1] https://url.spec.whatwg.org/#dom-url-search
1060
1061         No new tests, updated existing tests.
1062
1063         * html/URLUtils.h:
1064         (WebCore::URLUtils<T>::setSearch):
1065
1066 2017-05-17  Eric Carlson  <eric.carlson@apple.com>
1067
1068         [MediaStream] videoWidth and videoHeight should be set when 'loadedmetadata' event fires
1069         https://bugs.webkit.org/show_bug.cgi?id=172223
1070         <rdar://problem/31899755>
1071
1072         Reviewed by Jer Noble.
1073
1074         Test: fast/mediastream/get-user-media-on-loadedmetadata.html
1075
1076         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
1077         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentReadyState): If a stream has
1078         a video track, return HaveNothing until we have a sample.
1079        
1080         * platform/mediastream/RealtimeMediaSource.h:
1081         * platform/mock/MockRealtimeAudioSource.cpp:
1082         (WebCore::MockRealtimeAudioSource::tick): Optionally delay the next sample.
1083         (WebCore::MockRealtimeAudioSource::delaySamples):
1084         * platform/mock/MockRealtimeAudioSource.h:
1085
1086         * platform/mock/MockRealtimeVideoSource.cpp:
1087         (WebCore::MockRealtimeVideoSource::delaySamples):
1088         (WebCore::MockRealtimeVideoSource::generateFrame): Optionally delay the next sample.
1089         * platform/mock/MockRealtimeVideoSource.h:
1090
1091         * testing/Internals.cpp:
1092         (WebCore::Internals::delayMediaStreamTrackSamples):
1093         * testing/Internals.h:
1094         * testing/Internals.idl:
1095
1096 2017-05-17  Youenn Fablet  <youenn@apple.com>
1097
1098         iOS WebRTC Media Capture should not allow camera capture from background tab
1099         https://bugs.webkit.org/show_bug.cgi?id=172200
1100
1101         Reviewed by Eric Carlson.
1102
1103         Test: platform/ios/mediastream/getUserMedia-disabled-in-background-tabs.html and manual tests.
1104
1105         Making Video Capture Factory aware of Document visibility changes.
1106         On iOS, muting/unmuting the current video source according Document visibility.
1107         Not using Document visibility change observer as factories are platform and cannot implement
1108         the visibility observer interface without moving the visibility observer interface.
1109
1110         Introducing internals API to switch on/off the page visibility.
1111
1112         * dom/Document.cpp:
1113         (WebCore::Document::visibilityStateChanged):
1114         (WebCore::Document::notifyVisibilityChangedToMediaCapture):
1115         * dom/Document.h:
1116         * platform/mediastream/RealtimeMediaSource.h:
1117         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
1118         (WebCore::RealtimeMediaSourceCenter::setVisibility):
1119         * platform/mediastream/RealtimeMediaSourceCenter.h:
1120         * platform/mediastream/mac/AVVideoCaptureSource.mm:
1121         (WebCore::AVVideoCaptureSourceFactory::setVisibility):
1122         * testing/Internals.cpp:
1123         (WebCore::Internals::setPageVisibility):
1124         * testing/Internals.h:
1125         * testing/Internals.idl:
1126
1127 2017-05-17  Said Abou-Hallawa  <sabouhallawa@apple.com>
1128
1129         When the image decoding thread makes a callOnMainThread(), ensure all the objects it needs are protected
1130         https://bugs.webkit.org/show_bug.cgi?id=171614
1131
1132         Reviewed by David Kilzer.
1133
1134         The asynchronous image decoding was designed to not block the main thread if
1135         the image is deleted. To achieve that we allow decoding the current frame
1136         even if it is not going to be used after closing the decoding queue. We 
1137         protect all the objects which the decoding thread uses. But when a frame
1138         finishes decoding the native image frame is cached on the main thread. Not
1139         all of the objects are protected when the callOnMainThread() is dispatched.
1140         The ImageFrameCache and the ImageDecoder objects are not protected.
1141
1142         This might lead to two kinds of crashes:
1143         1. A segfault inside the ImageDecoder trying to access one of its member
1144         2. A segfault inside the ImageFrameCache trying to access one of its frames
1145
1146         The fix is to protect the ImageFrameCache and the ImageDecoder when the
1147         decoding thread makes a callOnMainThread(). Also switch all the pointers
1148         the decoding threads protect to be ThreadSafeRefCounted.
1149
1150         * platform/graphics/ImageFrameCache.cpp:
1151         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
1152         * platform/graphics/ImageFrameCache.h:
1153         * platform/graphics/cg/ImageDecoderCG.h:
1154         * platform/graphics/win/ImageDecoderDirect2D.h:
1155         * platform/image-decoders/ImageDecoder.h:
1156
1157 2017-05-17  Wenson Hsieh  <wenson_hsieh@apple.com>
1158
1159         A URL type is vended for a non-URL plain text string when starting data interaction
1160         https://bugs.webkit.org/show_bug.cgi?id=172228
1161         <rdar://problem/32166729>
1162
1163         Reviewed by Andy Estes.
1164
1165         Previously, when writing a plain text string to WebItemProviderPasteboard, we would write an NSString directly
1166         to the item provider by using built-in functionality in NSString+UIItemProvider. However, this causes plain
1167         strings such as "apple" to be considered URLs, since -[NSURL URLWithString:] creates a non-null NSURL. To fix
1168         this, we instead write the string as UTF8 data, for the UTI kUTTypeUTF8PlainText, if the plain text is not a
1169         URL. If the plain text is clearly a URL (determined by constructing a new WebCore URL with no base URL and the
1170         plaintext string as the absolute URL) then we additionally write an NSURL to the pasteboard.
1171
1172         2 new API tests:
1173         DataInteractionTests.SinglePlainTextWordTypeIdentifiers
1174         DataInteractionTests.SinglePlainTextURLTypeIdentifiers
1175
1176         * platform/ios/PlatformPasteboardIOS.mm:
1177         (WebCore::addRepresentationsForPlainText):
1178         (WebCore::PlatformPasteboard::writeObjectRepresentations):
1179
1180 2017-05-15  Jiewen Tan  <jiewen_tan@apple.com>
1181
1182         Replace CryptoOperationData with BufferSource for WebKitSubtleCrypto
1183         https://bugs.webkit.org/show_bug.cgi?id=172146
1184         <rdar://problem/32122256>
1185
1186         Reviewed by Brent Fulgham.
1187
1188         In this patch, we replaces CryptoOperationData with BufferSource for WebKitSubtleCrypto in
1189         the custom binding codes.
1190
1191         Test: crypto/webkitSubtle/import-export-raw-key-leak.html
1192
1193         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
1194         (WebCore::JSWebKitSubtleCrypto::encrypt):
1195         (WebCore::JSWebKitSubtleCrypto::decrypt):
1196         (WebCore::JSWebKitSubtleCrypto::sign):
1197         (WebCore::JSWebKitSubtleCrypto::verify):
1198         (WebCore::JSWebKitSubtleCrypto::digest):
1199         (WebCore::JSWebKitSubtleCrypto::importKey):
1200         (WebCore::JSWebKitSubtleCrypto::unwrapKey):
1201         * crypto/WebKitSubtleCrypto.idl:
1202
1203 2017-05-17  Youenn Fablet  <youenn@apple.com>
1204
1205         Move-related refactoring on UserMediaPermissionRequestProxy
1206         https://bugs.webkit.org/show_bug.cgi?id=172195
1207
1208         Reviewed by Alex Christensen.
1209
1210         No behavioral change.
1211
1212         * platform/mediastream/RealtimeMediaSourceCenter.h: Cleaning the function definition.
1213
1214 2017-05-17  David Kilzer  <ddkilzer@apple.com>
1215
1216         BlobDataFileReference::generateReplacementFile() should use mkstemp()
1217         <https://webkit.org/b/172192>
1218
1219         Reviewed by Brent Fulgham.
1220
1221         * platform/network/mac/BlobDataFileReferenceMac.mm:
1222         (WebCore::BlobDataFileReference::generateReplacementFile): Use
1223         mkstemp().
1224
1225 2017-05-17  Matt Lewis  <jlewis3@apple.com>
1226
1227         Unreviewed, rolling out r216974.
1228
1229         Revision caused consistent timeouts on all platforms.
1230
1231         Reverted changeset:
1232
1233         "Add a RuntimeEnabledFeature for display: contents, defaulted
1234         to false."
1235         https://bugs.webkit.org/show_bug.cgi?id=171984
1236         http://trac.webkit.org/changeset/216974
1237
1238 2017-05-17  Nan Wang  <n_wang@apple.com>
1239
1240         ASSERTION FAILED in WebCore::AccessibilityNodeObject::insertChild()
1241         https://bugs.webkit.org/show_bug.cgi?id=171927
1242         <rdar://problem/32109781>
1243
1244         Reviewed by Chris Fleizach.
1245
1246         The nextSibling() logic might include the continuation sibling that's not
1247         the child of the current renderer. Make sure we only insert the valid child.
1248
1249         Test: accessibility/insert-children-assert.html
1250
1251         * accessibility/AccessibilityObject.cpp:
1252         (WebCore::AccessibilityObject::setIsIgnoredFromParentDataForChild):
1253         * accessibility/AccessibilityRenderObject.cpp:
1254         (WebCore::AccessibilityRenderObject::nextSibling):
1255
1256 2017-05-17  Ryosuke Niwa  <rniwa@webkit.org>
1257
1258         getElementById can return a wrong elemnt when a matching element is removed during beforeload event
1259         https://bugs.webkit.org/show_bug.cgi?id=171374
1260
1261         Reviewed by Brent Fulgham.
1262
1263         The bug was caused by HTMLLinkElement firing beforeload event inside insertedInto before the tree state is updated.
1264         Delay the event dispatch to the post insertion callback.
1265
1266         Test: fast/html/link-element-removal-during-beforeload.html
1267
1268         * html/HTMLLinkElement.cpp:
1269         (WebCore::HTMLLinkElement::insertedInto):
1270         (WebCore::HTMLLinkElement::finishedInsertingSubtree):
1271         * html/HTMLLinkElement.h:
1272
1273 2017-05-17  Alex Christensen  <achristensen@webkit.org>
1274
1275         Interacting with WKHTTPCookieStores before creating WKWebViews and WKProcessPools should affect cookies used
1276         https://bugs.webkit.org/show_bug.cgi?id=171987
1277
1278         Reviewed by Brady Eidson.
1279
1280         Covered by new API tests.
1281
1282         * CMakeLists.txt:
1283         * platform/Cookie.h:
1284         (WebCore::Cookie::Cookie):
1285         (WebCore::Cookie::isNull):
1286         (WebCore::CookieHash::hash):
1287         (WebCore::CookieHash::equal):
1288         (WTF::HashTraits<WebCore::Cookie>::emptyValue):
1289         (WTF::HashTraits<WebCore::Cookie>::constructDeletedValue):
1290         (WTF::HashTraits<WebCore::Cookie>::isDeletedValue):
1291         * platform/network/Cookie.cpp: Added.
1292         (WebCore::Cookie::operator==):
1293         (WebCore::Cookie::hash):
1294         * platform/network/cocoa/CookieCocoa.mm:
1295         (WebCore::Cookie::operator NSHTTPCookie *):
1296         (WebCore::Cookie::operator==):
1297         (WebCore::Cookie::hash):
1298         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
1299         (WebCore::NetworkStorageSession::setCookies):
1300         Use NSHTTPCookie's hash and equality comparison to more closely match the NSHTTPCookie behavior.
1301
1302 2017-05-17  Emilio Cobos Álvarez  <ecobos@igalia.com>
1303
1304         Add a RuntimeEnabledFeature for display: contents, defaulted to false.
1305         https://bugs.webkit.org/show_bug.cgi?id=171984
1306
1307         Reviewed by Antti Koivisto.
1308
1309         The "defaulted to false" is not only because there are spec issues,
1310         but because I ran the WPT suite, and there was a fair amount of
1311         crashes and messed render trees.
1312
1313         * css/StyleResolver.cpp:
1314         (WebCore::StyleResolver::adjustRenderStyle):
1315         * page/RuntimeEnabledFeatures.h:
1316         (WebCore::RuntimeEnabledFeatures::setDisplayContentsEnabled):
1317         (WebCore::RuntimeEnabledFeatures::displayContentsEnabled):
1318
1319 2017-05-17  Antti Koivisto  <antti@apple.com>
1320
1321         Regression (198943): <marquee> shouldn't wrap text
1322         https://bugs.webkit.org/show_bug.cgi?id=172217
1323
1324         Reviewed by Andreas Kling.
1325
1326         RenderMarquee::updateMarqueeStyle mutated the style and then expected it to inherit to children.
1327         This doesn't work anymore because render tree construction is now separated from style resolution
1328         where inheritance happens.
1329
1330         Test: fast/html/marquee-child-wrap.html
1331
1332         * css/StyleResolver.cpp:
1333         (WebCore::StyleResolver::adjustRenderStyle):
1334
1335             Implement marquee hacks in adjustRenderStyle instead. This can't do the childrenInline check
1336             the previous code had but it wasn't working anyway (there are no children when updateMarqueeStyle
1337             gets called).
1338
1339         * rendering/RenderMarquee.cpp:
1340         (WebCore::RenderMarquee::updateMarqueeStyle):
1341
1342             This no longer needs mutable style.
1343
1344 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1345
1346         Remove C-style casts by using xmlDocPtr instead of void*
1347         <https://webkit.org/b/172189>
1348
1349         Reviewed by Alex Christensen.
1350
1351         * dom/TransformSource.h: Fix whitespace indentation.
1352         (typedef PlatformTransformSource): Use xmlDocPtr not void*.
1353         * dom/TransformSourceLibxslt.cpp:
1354         (WebCore::TransformSource::~TransformSource): Remove cast.
1355         * xml/XSLStyleSheetLibxslt.cpp:
1356         (WebCore::XSLStyleSheet::document): Remove cast.
1357         * xml/XSLTProcessorLibxslt.cpp:
1358         (WebCore::xmlDocPtrFromNode): Remove casts.
1359         * xml/parser/XMLDocumentParser.h:
1360         (WebCore::xmlDocPtrForString): Update declaration to return
1361         xmlDocPtr not void*.
1362         * xml/parser/XMLDocumentParserLibxml2.cpp:
1363         (WebCore::XMLDocumentParser::doEnd): Change type of local
1364         variable from void* to xmlDocPtr.
1365         (WebCore::xmlDocPtrForString): Update to return xmlDocPtr
1366         not void*.
1367
1368 2017-05-16  Sam Weinig  <sam@webkit.org>
1369
1370         Bring Notification.idl up to spec
1371         https://bugs.webkit.org/show_bug.cgi?id=172156
1372
1373         Reviewed by Chris Dumez.
1374
1375         Test: http/tests/notifications/notification.html
1376
1377         * CMakeLists.txt:
1378         * DerivedSources.make:
1379         * WebCore.xcodeproj/project.pbxproj:
1380         Add new files.
1381
1382         * Modules/notifications/Notification.cpp:
1383         (WebCore::Notification::create):
1384         (WebCore::Notification::Notification):
1385         (WebCore::Notification::show):
1386         (WebCore::directionString): Deleted.
1387         (WebCore::Notification::permission): Deleted.
1388         (WebCore::Notification::permissionString): Deleted.
1389         * Modules/notifications/Notification.h:
1390         * Modules/notifications/Notification.idl:
1391         * Modules/notifications/NotificationClient.h:
1392         * Modules/notifications/NotificationDirection.h: Added.
1393         * Modules/notifications/NotificationPermission.h: Added.
1394         * Modules/notifications/NotificationPermission.idl: Added.
1395         * Modules/notifications/NotificationPermissionCallback.h:
1396         * Modules/notifications/NotificationPermissionCallback.idl:
1397         Bring up to spec, replacing DOMStrings with enums where appropriate and adding
1398         additional readonly properties to Notification to mirror options provided
1399         in construction.
1400
1401 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1402
1403         Do not skip <slot> children when collecting content for innerText.
1404         https://bugs.webkit.org/show_bug.cgi?id=172113
1405         <rdar://problem/30362324>
1406
1407         Reviewed by Ryosuke Niwa and Brent Fulgham.
1408
1409         "display: contents" elements do not generate renderers but their children might.
1410         This patch ensure that we don't skip them while collecting text content.  
1411
1412         Test: fast/text/inner-text-should-include-slot-subtree.html
1413
1414         * editing/TextIterator.cpp:
1415         (WebCore::TextIterator::advance):
1416
1417 2017-05-16  Filip Pizlo  <fpizlo@apple.com>
1418
1419         GCController::garbageCollectNowIfNotDoneRecently should request Async Full GCs
1420         https://bugs.webkit.org/show_bug.cgi?id=172204
1421
1422         Reviewed by Saam Barati.
1423
1424         No new tests because existing tests will tell us if there is a problem.
1425         
1426         The goal of this change is to reduce the likelihood that we block for a GC. We want it to be
1427         benchmark-neutral.
1428         
1429         It's a 0.14% speed-up on JetStream with 24% probability.
1430         
1431         It's a 0.12% slow-down on PLT3 with 43% probability.
1432         
1433         So it's neutral on my machine.
1434
1435         * bindings/js/GCController.cpp:
1436         (WebCore::GCController::garbageCollectNowIfNotDoneRecently):
1437
1438 2017-05-16  Tim Horton  <timothy_horton@apple.com>
1439
1440         [macOS] REGRESSION: Drag images for links with right-to-left titles are incorrect (172006)
1441         https://bugs.webkit.org/show_bug.cgi?id=172006
1442         <rdar://problem/32165137>
1443
1444         Reviewed by Dean Jackson.
1445
1446         * platform/mac/DragImageMac.mm:
1447         (WebCore::LinkImageLayout::LinkImageLayout):
1448         (WebCore::createDragImageForLink):
1449         (WebCore::LinkImageLayout::addLine): Deleted.
1450         * platform/spi/cocoa/CoreTextSPI.h:
1451         Set and paint the entire frame as a single unit, making use of the
1452         CTFrameMaximumNumberOfLines attribute to limit the number of lines.
1453         This gives CoreText power over text alignment and makes RTL text lay
1454         out correctly.
1455
1456 2017-05-16  Chris Dumez  <cdumez@apple.com>
1457
1458         Implement DOMMatrix / DOMMatrixReadOnly
1459         https://bugs.webkit.org/show_bug.cgi?id=110001
1460
1461         Reviewed by Sam Weinig and Simon Fraser.
1462
1463         Implement DOMMatrix / DOMMatrixReadOnly as per:
1464         - https://drafts.fxtf.org/geometry/#DOMMatrix
1465
1466         For now, these new types co-exist with WebKitCSSMatrix / SVGMatrix. However, in the future,
1467         WebKitCSSMatrix / SVGMatrix are supposed to become aliases to DOMMatrix.
1468
1469         Most of it has been implemented. What remaining to be implemented is:
1470         - Make WebKitCSSMatrix / SVGMatrix aliases to DOMMatrix
1471         - DOMMatrix.fromFloat32Array() / fromFloat64Array()
1472         - DOMMatrixReadOnly.fromFloat32Array() / fromFloat64Array() / toFloat32Array() / toFloat64Array()
1473         - DOMMatrixReadOnly.transformPoint().
1474
1475         Tests: imported/w3c/web-platform-tests/css/geometry-1/*
1476
1477         * CMakeLists.txt:
1478         * DerivedSources.make:
1479         * WebCore.xcodeproj/project.pbxproj:
1480
1481         * bindings/scripts/CodeGeneratorJS.pm:
1482         * bindings/scripts/test/JS/JSTestObj.cpp:
1483         Fix a bug in the bindings generator causing the generator code for
1484         "Constructor(optional (DOMString or sequence<unrestricted double>) init)" to be wrong
1485         and not build.
1486
1487         * css/DOMMatrix.cpp: Added.
1488         (WebCore::DOMMatrix::DOMMatrix):
1489         (WebCore::DOMMatrix::fromMatrix):
1490         (WebCore::DOMMatrix::multiplySelf):
1491         (WebCore::DOMMatrix::preMultiplySelf):
1492         (WebCore::DOMMatrix::translateSelf):
1493         (WebCore::DOMMatrix::scaleSelf):
1494         (WebCore::DOMMatrix::scale3dSelf):
1495         (WebCore::DOMMatrix::rotateSelf):
1496         (WebCore::DOMMatrix::rotateFromVectorSelf):
1497         (WebCore::DOMMatrix::rotateAxisAngleSelf):
1498         (WebCore::DOMMatrix::skewXSelf):
1499         (WebCore::DOMMatrix::skewYSelf):
1500         (WebCore::DOMMatrix::invertSelf):
1501         (WebCore::DOMMatrix::setMatrixValueForBindings):
1502         * css/DOMMatrix.h: Added.
1503         (WebCore::DOMMatrix::create):
1504         (WebCore::DOMMatrix::setA):
1505         (WebCore::DOMMatrix::setB):
1506         (WebCore::DOMMatrix::setC):
1507         (WebCore::DOMMatrix::setD):
1508         (WebCore::DOMMatrix::setE):
1509         (WebCore::DOMMatrix::setF):
1510         (WebCore::DOMMatrix::setM11):
1511         (WebCore::DOMMatrix::setM12):
1512         (WebCore::DOMMatrix::setM13):
1513         (WebCore::DOMMatrix::setM14):
1514         (WebCore::DOMMatrix::setM21):
1515         (WebCore::DOMMatrix::setM22):
1516         (WebCore::DOMMatrix::setM23):
1517         (WebCore::DOMMatrix::setM24):
1518         (WebCore::DOMMatrix::setM31):
1519         (WebCore::DOMMatrix::setM32):
1520         (WebCore::DOMMatrix::setM33):
1521         (WebCore::DOMMatrix::setM34):
1522         (WebCore::DOMMatrix::setM41):
1523         (WebCore::DOMMatrix::setM42):
1524         (WebCore::DOMMatrix::setM43):
1525         (WebCore::DOMMatrix::setM44):
1526         * css/DOMMatrix.idl: Added.
1527         * css/DOMMatrixInit.h: Added.
1528         * css/DOMMatrixInit.idl: Added.
1529         * css/DOMMatrixReadOnly.cpp: Added.
1530         (WebCore::DOMMatrixReadOnly::DOMMatrixReadOnly):
1531         (WebCore::DOMMatrixReadOnly::validateAndFixup):
1532         (WebCore::DOMMatrixReadOnly::fromMatrix):
1533         (WebCore::DOMMatrixReadOnly::isIdentity):
1534         (WebCore::DOMMatrixReadOnly::setMatrixValue):
1535         (WebCore::DOMMatrixReadOnly::translate):
1536         (WebCore::DOMMatrixReadOnly::flipX):
1537         (WebCore::DOMMatrixReadOnly::flipY):
1538         (WebCore::DOMMatrixReadOnly::multiply):
1539         (WebCore::DOMMatrixReadOnly::scale):
1540         (WebCore::DOMMatrixReadOnly::scale3d):
1541         (WebCore::DOMMatrixReadOnly::rotate):
1542         (WebCore::DOMMatrixReadOnly::rotateFromVector):
1543         (WebCore::DOMMatrixReadOnly::rotateAxisAngle):
1544         (WebCore::DOMMatrixReadOnly::skewX):
1545         (WebCore::DOMMatrixReadOnly::skewY):
1546         (WebCore::DOMMatrixReadOnly::inverse):
1547         (WebCore::DOMMatrixReadOnly::toString):
1548         * css/DOMMatrixReadOnly.h: Added.
1549         (WebCore::DOMMatrixReadOnly::create):
1550         (WebCore::DOMMatrixReadOnly::a):
1551         (WebCore::DOMMatrixReadOnly::b):
1552         (WebCore::DOMMatrixReadOnly::c):
1553         (WebCore::DOMMatrixReadOnly::d):
1554         (WebCore::DOMMatrixReadOnly::e):
1555         (WebCore::DOMMatrixReadOnly::f):
1556         (WebCore::DOMMatrixReadOnly::m11):
1557         (WebCore::DOMMatrixReadOnly::m12):
1558         (WebCore::DOMMatrixReadOnly::m13):
1559         (WebCore::DOMMatrixReadOnly::m14):
1560         (WebCore::DOMMatrixReadOnly::m21):
1561         (WebCore::DOMMatrixReadOnly::m22):
1562         (WebCore::DOMMatrixReadOnly::m23):
1563         (WebCore::DOMMatrixReadOnly::m24):
1564         (WebCore::DOMMatrixReadOnly::m31):
1565         (WebCore::DOMMatrixReadOnly::m32):
1566         (WebCore::DOMMatrixReadOnly::m33):
1567         (WebCore::DOMMatrixReadOnly::m34):
1568         (WebCore::DOMMatrixReadOnly::m41):
1569         (WebCore::DOMMatrixReadOnly::m42):
1570         (WebCore::DOMMatrixReadOnly::m43):
1571         (WebCore::DOMMatrixReadOnly::m44):
1572         (WebCore::DOMMatrixReadOnly::is2D):
1573         (WebCore::DOMMatrixReadOnly::fromMatrixHelper):
1574         * css/DOMMatrixReadOnly.idl: Added.
1575         * css/WebKitCSSMatrix.h:
1576         * css/WebKitCSSMatrix.idl:
1577         * svg/SVGMatrix.h:
1578         * svg/SVGMatrix.idl:
1579
1580 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1581
1582         [MediaStream] AudioSampleBufferList::zeroABL takes byte count, not sample count
1583         https://bugs.webkit.org/show_bug.cgi?id=172194
1584         <rdar://problem/32233799>
1585
1586         Reviewed by Jer Noble.
1587
1588         * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
1589         (WebCore::AudioTrackPrivateMediaStreamCocoa::render): Pass number of bytes to zero,
1590         not number of samples.
1591
1592 2017-05-16  Mark Lam  <mark.lam@apple.com>
1593
1594         WorkerRunLoop::Task::performTask() needs to null check context->script() before use.
1595         https://bugs.webkit.org/show_bug.cgi?id=172193
1596         <rdar://problem/32225346>
1597
1598         Reviewed by Filip Pizlo.
1599
1600         According to https://build-safari.apple.com/results/Trunk%20Fuji%20GuardMalloc%20Production%20WK2%20Tests/r216929_459760e0918316187c8e52c6585a3a9ba9181204%20(12066)/results.html,
1601         we see a crash with this crash trace:
1602
1603         Thread 13 Crashed:: WebCore: Worker
1604         0 com.apple.WebCore        0x00000001099607b2 WebCore::WorkerScriptController::isTerminatingExecution() const + 18
1605         1 com.apple.WebCore        0x000000010995ebbf WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 143
1606         2 com.apple.WebCore        0x000000010995e80f WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 111
1607         3 com.apple.WebCore        0x00000001099621b6 WebCore::WorkerThread::workerThread() + 742
1608         4 com.apple.JavaScriptCore 0x000000010a964b92 WTF::threadEntryPoint(void*) + 178
1609         5 com.apple.JavaScriptCore 0x000000010a964a69 WTF::wtfThreadEntryPoint(void*) + 121
1610         6 libsystem_pthread.dylib  0x00007fffbdb5caab _pthread_body + 180
1611         7 libsystem_pthread.dylib  0x00007fffbdb5c9f7 _pthread_start + 286
1612         8 libsystem_pthread.dylib  0x00007fffbdb5c1fd thread_start + 13
1613
1614         ... and the crashing address is:
1615
1616         Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000022
1617
1618         0x0000000000000022 is the offset of m_scheduledTerminationMutex in the
1619         WorkerScriptController.  This means that WorkerScriptController::isTerminatingExecution()
1620         is passed a NULL this pointer.  This means that it's possible to have a race
1621         where a WorkerRunLoop::Task gets enqueued beyond the Cleanup task that deletes the
1622         context->script().  As a result, WorkerRunLoop::Task::performTask() (called by
1623         runCleanupTasks()) may see a null context->script().
1624
1625         Hence, WorkerRunLoop::Task::performTask() should null check context->script()
1626         before invoking the isTerminatingExecution() query on it.
1627
1628         No new tests because this is already covered by existing tests.
1629
1630         * workers/WorkerRunLoop.cpp:
1631         (WebCore::WorkerRunLoop::Task::performTask):
1632
1633 2017-05-16  Youenn Fablet  <youenn@apple.com>
1634
1635         Modernize WebKit2 getUserMedia passing of parameters
1636         https://bugs.webkit.org/show_bug.cgi?id=172161
1637
1638         Reviewed by Eric Carlson.
1639
1640         No change of behavior.
1641
1642         * platform/mediastream/RealtimeMediaSourceCenter.h: Using WTF::Function to enable capture Ref<>.
1643
1644 2017-05-16  Jeremy Jones  <jeremyj@apple.com>
1645
1646         Captions and subtitles not showing up in picture-in-picture for MSE content.
1647         https://bugs.webkit.org/show_bug.cgi?id=172145
1648
1649         Reviewed by Eric Carlson.
1650
1651         No new tests as this has no affect on the DOM.
1652
1653         Add TextTrackRepresentation code from MediaPlayerPrivateAVFoundationObj to MediaPlayerPrivateMediaSourceAVFObjc.
1654         This moves the TextTrackRepresentation platfrom layer into the fullscreen container layer when going into
1655         pip for fullscreen, allowing the captions to be visible.
1656
1657         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
1658         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
1659         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer):
1660         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
1661         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenFrame):
1662         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::requiresTextTrackRepresentation):
1663         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::syncTextTrackBounds):
1664         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setTextTrackRepresentation):
1665
1666 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1667
1668         WebCore::leakCGColor() needs CF_RETURNS_RETAINED annotation
1669         <https://webkit.org/b/172190>
1670
1671         Reviewed by Simon Fraser.
1672
1673         * platform/graphics/cg/ColorCG.cpp:
1674         (WebCore::leakCGColor): Annotate with CF_RETURNS_RETAINED since
1675         it does not follow the CF naming convention, which means the
1676         expected behavior can't be inferred by the clang static
1677         analyzer.
1678
1679 2017-05-16  Youenn Fablet  <youenn@apple.com>
1680
1681         RealtimeOutgoingVideoSource should support sinkWants for rotation
1682         https://bugs.webkit.org/show_bug.cgi?id=172123
1683         <rdar://problem/32200017>
1684
1685         Reviewed by Eric Carlson.
1686
1687         Covered by manual testing.
1688
1689         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
1690         (WebCore::RealtimeOutgoingVideoSource::AddOrUpdateSink): Triggering pixel rotation based on sink.
1691         (WebCore::RealtimeOutgoingVideoSource::sendFrame): Doing the rotation using libwebrtc API.
1692         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
1693
1694 2017-05-16  Myles C. Maxfield  <mmaxfield@apple.com>
1695
1696         REGRESSION(r212513): LastResort is platform-dependent, so its semantics should not be required to perform font loading correctly.
1697         https://bugs.webkit.org/show_bug.cgi?id=168487
1698
1699         Reviewed by Antti Koivisto.
1700
1701         There are three ways a Web author can chain multiple font files together:
1702         1. Multiple entries in the "src" descriptor in an @font-face rule
1703         2. Multiple @font-face rules with the same "font-family" descriptor
1704         3. Multiple entries in the "font-family" property on an element
1705
1706         Before r212513, the code which iterated across #2 and #3 above could have
1707         triggered each item in the chain to download. r212513 tried to solve this
1708         by using LastResort as the interstitial font used during downloads, because
1709         LastResort supports every character and therefore solves #3 above. However,
1710         this change had a few problems:
1711
1712         1. Previously, our code would try to avoid using the interstitial font for
1713         layout or rendering whenever possible (because one of the chains above may
1714         have named a local font which would be better to use). In order to use the
1715         benefits of LastResort, I had to remove this avoidance logic and make
1716         WebKit try to use the interstitial font as often as possible. However, due
1717         to the large metrics of LastResort, this means that offsetWidth queries
1718         during font loading would be wildly inaccurate, causing Google Docs to break.
1719         2. It also means that canvas drawing during font loading would actually draw
1720         LastResort, causing Bing maps to break.
1721         3. LastResort is platform-specific, so only platforms which have it would
1722         actually be able to load fonts correctly.
1723
1724         Instead, we should keep the older logic about avoiding using the
1725         interstitial font so that loading has a better experience for the user.
1726         We solve the unnecessary download problem by giving our loading code a
1727         downloading policy enum, which has two values: allow downloads or forbid
1728         downloads. Whenever our loading code returns the interstitial font, we
1729         continue our search, but we change the policy to forbid downloads.
1730
1731         There is one piece of subtlety, though: It is more common for web authors
1732         to put good fallbacks in the "font-family" property than in the "src"
1733         descriptor inside @font-face. This means that we shouldn't exhaustively
1734         search through the @font-face src list first. Instead, we should look
1735         through the src list until we hit a non-local font, and then immediately
1736         start looking through the other other chains.
1737
1738         Tests: fast/text/font-download-font-face-src-list.html
1739                fast/text/font-download-font-family-property.html
1740                fast/text/font-download-remote-fallback-all.html
1741                fast/text/font-interstitial-invisible-width-while-loading.html
1742                fast/text/font-weight-download-3.html
1743                fast/text/web-font-load-fallback-during-loading-2.html
1744                fast/text/web-font-load-invisible-during-loading.html
1745
1746         * css/CSSFontFace.cpp:
1747         (WebCore::CSSFontFace::fontLoadEventOccurred): Implement support for
1748         the font download policy.
1749         (WebCore::CSSFontFace::setStatus): After 3 seconds of loading, we
1750         will start drawing the fallback font. However, for testing, we have an
1751         internal setting to make this switch happen immediately. This patch now
1752         requires that this internal switch happen synchronously.
1753         (WebCore::CSSFontFace::pump): Implement support for the font download
1754         policy.
1755         (WebCore::CSSFontFace::load): Ditto.
1756         (WebCore::CSSFontFace::font): Ditto.
1757         * css/CSSFontFace.h: Ditto.
1758         * css/CSSFontSelector.cpp:
1759         (WebCore::CSSFontSelector::beginLoadingFontSoon): Implement support for
1760         synchronous font download timeouts.
1761         * css/CSSSegmentedFontFace.cpp:
1762         (WebCore::CSSSegmentedFontFace::fontRanges): Implement support for the
1763         font download policy.
1764         * platform/graphics/Font.cpp: Add new flag which represents if the
1765         interstitial font was created after the 3 second timeout or before.
1766         Previously, we would distinguish between these two cases by knowing
1767         that one font was LastResort and the other font was a fallback. Now that
1768         we're using fallback fonts on both sides of the 3 second timeout, we
1769         now no longer know which one should be invisible. This new enum solves
1770         this problem.
1771         (WebCore::Font::Font):
1772         (WebCore::Font::verticalRightOrientationFont):
1773         (WebCore::Font::uprightOrientationFont):
1774         * platform/graphics/Font.h: Ditto.
1775         (WebCore::Font::create):
1776         (WebCore::Font::origin):
1777         (WebCore::Font::visibility):
1778         * platform/graphics/FontCache.h:
1779         * platform/graphics/FontCascade.cpp: We try to fall back to a local() font
1780         during downloads, but there might not be one that we can use. Therefore, we
1781         can't use the presence of the interstitial font to detect if we should paint
1782         invisibly. Instead, we can move this logic into the font-specific part of
1783         painting, and consult with the specific font to know if it was created from
1784         a timed-out @font-face rule or not.
1785         (WebCore::FontCascade::drawText):
1786         (WebCore::shouldDrawIfLoading):
1787         (WebCore::FontCascade::drawGlyphBuffer):
1788         (WebCore::FontCascade::drawEmphasisMarks):
1789         * platform/graphics/FontCascade.h:
1790         * platform/graphics/FontCascadeFonts.cpp:
1791         (WebCore::FontCascadeFonts::glyphDataForVariant): Implement the logic
1792         described above where we switch the policy if we encounter the intestitial
1793         font.
1794         (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto.
1795         (WebCore::glyphPageFromFontRanges): Ditto.
1796         * platform/graphics/FontRanges.cpp: Implement support for the font download
1797         policy.
1798         (WebCore::FontRanges::Range::font):
1799         (WebCore::FontRanges::glyphDataForCharacter):
1800         (WebCore::FontRanges::fontForCharacter):
1801         (WebCore::FontRanges::fontForFirstRange):
1802         * platform/graphics/FontRanges.h:
1803         * platform/graphics/FontSelector.h:
1804         * platform/graphics/freetype/FontCacheFreeType.cpp:
1805         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1806         * platform/graphics/mac/FontCacheMac.mm:
1807         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1808         * platform/graphics/win/FontCacheWin.cpp:
1809         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1810
1811 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1812
1813         Simple line layout: Move setCollapedWhitespaceWidth call to updateLineConstrains.
1814         https://bugs.webkit.org/show_bug.cgi?id=172178
1815
1816         Reviewed by Antti Koivisto.
1817
1818         No change in functionality.
1819
1820         * rendering/SimpleLineLayout.cpp:
1821         (WebCore::SimpleLineLayout::updateLineConstrains):
1822         (WebCore::SimpleLineLayout::createLineRuns):
1823
1824 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1825
1826         [MediaStream] Return default device list until user gives permission to capture
1827         https://bugs.webkit.org/show_bug.cgi?id=172168
1828         <rdar://problem/31816884>
1829
1830         Reviewed by Youenn Fablet.
1831
1832         Test: fast/mediastream/media-devices-enumerate-devices.html
1833
1834         * Modules/mediastream/MediaDevicesRequest.cpp:
1835         (WebCore::MediaDevicesRequest::filterDeviceList): Remove all but the "default" number of
1836         devices of each type.
1837         (WebCore::MediaDevicesRequest::start): Call filterDeviceList.
1838         * Modules/mediastream/MediaDevicesRequest.h:
1839
1840 2017-05-16  Claudio Saavedra  <csaavedra@igalia.com>
1841
1842         Silent a few warnings about unused parameters
1843         https://bugs.webkit.org/show_bug.cgi?id=172169
1844
1845         Reviewed by Sam Weinig.
1846
1847         * page/Page.cpp:
1848         (WebCore::Page::mainFrameLoadStarted):
1849         * platform/graphics/cairo/ImageBufferCairo.cpp:
1850         (WebCore::ImageBuffer::toData):
1851         * platform/network/ResourceRequestBase.cpp:
1852         (WebCore::ResourceRequestBase::partitionName):
1853
1854 2017-05-16  Wenson Hsieh  <wenson_hsieh@apple.com>
1855
1856         WebItemProviderPasteboard should be robust when temporary files are missing path extensions
1857         https://bugs.webkit.org/show_bug.cgi?id=172170
1858
1859         Reviewed by Tim Horton.
1860
1861         Makes a slight adjustment to the temporary file URLs are handled when using WebItemProviderPasteboard to load
1862         data off of item providers. Previously, we would bail early and not load any data if the temporary URL is
1863         missing an extension. Since the switch to NSItemProviders from UIItemProviders, some types of temporary files
1864         generated by item providers are missing extensions, so this extra check is meaningless.
1865
1866         Covered by existing data interaction unit tests.
1867
1868         * platform/ios/WebItemProviderPasteboard.mm:
1869         (temporaryFileURLForDataInteractionContent):
1870         (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
1871
1872 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1873
1874         [WPE] GLContextEGL::createWPEContext() should fall back to pbuffer-based contexts when offscreen target provides no native window
1875         https://bugs.webkit.org/show_bug.cgi?id=172162
1876
1877         Reviewed by Carlos Garcia Campos.
1878
1879         When creating an offscreen GLContext, the underlying implementation might
1880         provide a mock native window that's to be used as the window target upon
1881         which a window-based GLContext should be created. But we should also support
1882         falling back to pbuffer-based GLContexts when the underlying implementation
1883         can't provide such mock targets.
1884
1885         * platform/graphics/egl/GLContextEGLWPE.cpp:
1886         (WebCore::GLContextEGL::createWPEContext):
1887
1888 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1889
1890         [GLib] Name more GSource-based RunLoop::Timers
1891         https://bugs.webkit.org/show_bug.cgi?id=172158
1892
1893         Reviewed by Carlos Garcia Campos.
1894
1895         * platform/glib/MainThreadSharedTimerGLib.cpp:
1896         (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
1897         Specify 'MainThreadSharedTimer' as the name of this GSource-based RunLoop::Timer.
1898
1899 2017-05-16  Romain Bellessort  <romain.bellessort@crf.canon.fr>
1900
1901         [Readable Streams API] Implement ReadableStreamBYOBReader releaseLock()
1902         https://bugs.webkit.org/show_bug.cgi?id=172111
1903
1904         Reviewed by Chris Dumez.
1905
1906         Implemented ReadableStreamBYOBReader releaseLock():
1907         - https://streams.spec.whatwg.org/#byob-reader-release-lock;
1908         - https://streams.spec.whatwg.org/#readable-stream-reader-generic-release.
1909
1910         Added tests to check releaseLock behavior.
1911
1912         * Modules/streams/ReadableStreamBYOBReader.js:
1913         (releaseLock): Implemented.
1914         * Modules/streams/ReadableStreamInternals.js:
1915         (readableStreamReaderGenericRelease): Aligned with spec.
1916
1917 2017-05-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1918
1919         Unreviewed. Try to fix GTK+ build with MEDIA_STREAM enabled after r216918.
1920
1921         * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
1922         (WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):
1923
1924 2017-05-16  Youenn Fablet  <youenn@apple.com>
1925
1926         Remove MediaConstraintsData and MediaConstraintsImpl
1927         https://bugs.webkit.org/show_bug.cgi?id=172132
1928
1929         Reviewed by Eric Carlson.
1930
1931         No observable change of behavior.
1932
1933         Removing MediaConstraintsData and MediaConstraintsImpl allows simplifying the code.
1934         Further simplified the code by making MediaConstraints no longer ref counted and now a struct.
1935         Simplified some RealtimeMediaSource subclasses by removing unused MediaConstraints class members.
1936
1937         * CMakeLists.txt: Removing MediaConstraintsImpl.cpp.
1938         * Modules/mediastream/MediaConstraintsImpl.cpp: Removed.
1939         * Modules/mediastream/MediaConstraintsImpl.h: Removed.
1940         * Modules/mediastream/MediaDevices.cpp:
1941         (WebCore::createMediaConstraints):
1942         (WebCore::MediaDevices::getUserMedia):
1943         (WebCore::createMediaConstraintsImpl): Deleted.
1944         * Modules/mediastream/MediaStreamTrack.cpp:
1945         (WebCore::createMediaConstraints):
1946         (WebCore::MediaStreamTrack::applyConstraints):
1947         (WebCore::createMediaConstraintsImpl): Deleted.
1948         * Modules/mediastream/MediaTrackConstraints.cpp:
1949         (WebCore::createMediaConstraints):
1950         (WebCore::createMediaConstraintsImpl): Deleted.
1951         * Modules/mediastream/MediaTrackConstraints.h:
1952         * Modules/mediastream/UserMediaRequest.cpp:
1953         (WebCore::UserMediaRequest::start):
1954         (WebCore::UserMediaRequest::UserMediaRequest):
1955         (WebCore::UserMediaRequest::allow):
1956         * Modules/mediastream/UserMediaRequest.h:
1957         (WebCore::UserMediaRequest::audioConstraints):
1958         (WebCore::UserMediaRequest::videoConstraints):
1959         * WebCore.xcodeproj/project.pbxproj:
1960         * platform/mediastream/MediaConstraints.cpp:
1961         (WebCore::addDefaultVideoConstraints):
1962         (WebCore::MediaConstraints::isConstraintSet):
1963         (WebCore::MediaConstraints::setDefaultVideoConstraints):
1964         * platform/mediastream/MediaConstraints.h:
1965         (WebCore::MediaConstraints::~MediaConstraints): Deleted.
1966         (WebCore::MediaConstraints::MediaConstraints): Deleted.
1967         * platform/mediastream/MediaStreamConstraintsValidationClient.h:
1968         * platform/mediastream/RealtimeMediaSource.cpp:
1969         (WebCore::RealtimeMediaSource::selectSettings):
1970         (WebCore::RealtimeMediaSource::supportsConstraints):
1971         (WebCore::RealtimeMediaSource::applyConstraints):
1972         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
1973         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints):
1974         * platform/mediastream/RealtimeMediaSourceCenter.h:
1975         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
1976         (WebCore::RealtimeIncomingAudioSource::supportedConstraints): Deleted.
1977         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
1978         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
1979         (WebCore::RealtimeIncomingVideoSource::supportedConstraints): Deleted.
1980         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
1981         * platform/mock/MockRealtimeMediaSource.h:
1982         (WebCore::MockRealtimeMediaSource::constraints): Deleted.
1983
1984 2017-05-16  Andy Estes  <aestes@apple.com>
1985
1986         [Cocoa] Tell NEFilterSource about the presenting app's PID
1987         https://bugs.webkit.org/show_bug.cgi?id=172152
1988         <rdar://problem/32197740>
1989
1990         Reviewed by Dan Bernstein.
1991
1992         * platform/cocoa/NetworkExtensionContentFilter.mm:
1993         (WebCore::NetworkExtensionContentFilter::initialize):
1994         * platform/spi/cocoa/NEFilterSourceSPI.h:
1995
1996 2017-05-16  Manuel Rego Casasnovas  <rego@igalia.com>
1997
1998         [css-grid] Fix static position of positioned grid items
1999         https://bugs.webkit.org/show_bug.cgi?id=172108
2000
2001         Reviewed by Sergio Villar Senin.
2002
2003         This patch makes us follow the text on the spec
2004         (https://drafts.csswg.org/css-grid/#static-position):
2005         "The static position of an absolutely-positioned child
2006          of a grid container is determined as if it were the sole grid item
2007          in a grid area whose edges coincide with the padding edges
2008          of the grid container."
2009
2010         Test: fast/css-grid-layout/absolute-positioning-grid-container-parent.html
2011
2012         * rendering/RenderGrid.cpp:
2013         (WebCore::RenderGrid::prepareChildForPositionedLayout): Modified to avoid
2014         including padding to match the spec behavior.
2015
2016 2017-05-16  Per Arne Vollan  <pvollan@apple.com>
2017
2018         Compile error, include file is not found.
2019         https://bugs.webkit.org/show_bug.cgi?id=172105
2020
2021         Reviewed by Brent Fulgham.
2022
2023         Use __has_include to detect if include file exists.
2024
2025         * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
2026
2027 2017-05-15  Andy Estes  <aestes@apple.com>
2028
2029         Make the application PID available to WebCore
2030         https://bugs.webkit.org/show_bug.cgi?id=172133
2031
2032         Reviewed by Andreas Kling.
2033
2034         * CMakeLists.txt:
2035         * PlatformMac.cmake:
2036         * WebCore.xcodeproj/project.pbxproj:
2037         * platform/RuntimeApplicationChecks.cpp: Added.
2038         (WebCore::presentingApplicationPIDOverride):
2039         (WebCore::presentingApplicationPID): Returns the override PID if set, or getCurrentProcessID()
2040         otherwise.
2041         (WebCore::setPresentingApplicationPID):
2042         * platform/RuntimeApplicationChecks.h:
2043         * platform/cocoa/RuntimeApplicationChecksCocoa.mm: Renamed from Source/WebCore/platform/RuntimeApplicationChecks.mm.
2044
2045 2017-05-15  Antti Koivisto  <antti@apple.com>
2046
2047         RenderTheme does not need to be per-page
2048         https://bugs.webkit.org/show_bug.cgi?id=172116
2049         <rdar://problem/30426457>
2050
2051         Reviewed by Zalan Bujtas.
2052
2053         There are no implementations of RenderTheme::themeForPage that actually care about the page.
2054         It can be replaced with a singleton, simplifying a bunch of code.
2055
2056         * Modules/mediacontrols/MediaControlsHost.cpp:
2057         (WebCore::MediaControlsHost::shadowRootCSSText):
2058         (WebCore::MediaControlsHost::base64StringForIconNameAndType):
2059         * css/CSSDefaultStyleSheets.cpp:
2060         (WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle):
2061         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
2062
2063             Fix a potential crash if we get here when page is null (though it doesn't appear to repro on trunk).
2064
2065         * css/StyleColor.cpp:
2066         (WebCore::StyleColor::colorFromKeyword):
2067         * css/StyleResolver.cpp:
2068         (WebCore::StyleResolver::adjustRenderStyle):
2069         * css/parser/CSSParser.cpp:
2070         (WebCore::CSSParser::parseSystemColor):
2071         * css/parser/CSSParser.h:
2072         * css/parser/CSSPropertyParser.cpp:
2073         (WebCore::CSSPropertyParser::consumeSystemFont):
2074         * editing/FrameSelection.cpp:
2075         (WebCore::FrameSelection::updateAppearance):
2076         * html/HTMLMediaElement.cpp:
2077         (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
2078         * html/HTMLMeterElement.cpp:
2079         (WebCore::HTMLMeterElement::createElementRenderer):
2080         * html/HTMLSelectElement.cpp:
2081         (WebCore::HTMLSelectElement::usesMenuList):
2082         (WebCore::HTMLSelectElement::platformHandleKeydownEvent):
2083         (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
2084         * html/HTMLTextFormControlElement.cpp:
2085         (WebCore::HTMLTextFormControlElement::adjustInnerTextStyle):
2086         * html/InputType.cpp:
2087         (WebCore::InputType::themeSupportsDataListUI):
2088         * html/TextFieldInputType.cpp:
2089         (WebCore::TextFieldInputType::shouldHaveSpinButton):
2090         (WebCore::TextFieldInputType::shouldHaveCapsLockIndicator):
2091         * html/canvas/CanvasRenderingContext2D.cpp:
2092         (WebCore::CanvasRenderingContext2D::setStrokeColor):
2093         (WebCore::CanvasRenderingContext2D::setFillColor):
2094         * html/canvas/CanvasStyle.cpp:
2095         (WebCore::parseColor):
2096         (WebCore::parseColorOrCurrentColor):
2097         (WebCore::CanvasStyle::createFromString):
2098         * html/canvas/CanvasStyle.h:
2099         * html/shadow/MediaControlElements.cpp:
2100         (WebCore::MediaControlPanelElement::startTimer):
2101         (WebCore::MediaControlPanelElement::makeOpaque):
2102         (WebCore::MediaControlPanelElement::makeTransparent):
2103         * html/shadow/MediaControls.cpp:
2104         (WebCore::MediaControls::reset):
2105         (WebCore::MediaControls::reportedError):
2106         (WebCore::MediaControls::updateCurrentTimeDisplay):
2107         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2108         (WebCore::ImageControlsButtonElementMac::tryCreate):
2109         * page/MemoryRelease.cpp:
2110         (WebCore::releaseNoncriticalMemory):
2111         * page/Page.cpp:
2112         (WebCore::Page::Page):
2113         * page/Page.h:
2114         (WebCore::Page::theme): Deleted.
2115         * platform/wpe/RenderThemeWPE.cpp:
2116         (WebCore::RenderTheme::singleton):
2117         (WebCore::RenderTheme::themeForPage): Deleted.
2118         * rendering/RenderEmbeddedObject.cpp:
2119         (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
2120         * rendering/RenderObject.cpp:
2121         (WebCore::RenderObject::theme):
2122         * rendering/RenderTheme.cpp:
2123         (WebCore::RenderTheme::focusRingColor):
2124         * rendering/RenderTheme.h:
2125         (WebCore::RenderTheme::defaultTheme): Deleted.
2126         * rendering/RenderThemeGtk.cpp:
2127         (WebCore::RenderTheme::singleton):
2128         (WebCore::RenderTheme::themeForPage): Deleted.
2129         * rendering/RenderThemeIOS.mm:
2130         (WebCore::RenderTheme::singleton):
2131         (WebCore::RenderTheme::themeForPage): Deleted.
2132         * rendering/RenderThemeMac.mm:
2133         (WebCore::RenderTheme::singleton):
2134         (WebCore::RenderTheme::themeForPage): Deleted.
2135         * rendering/RenderThemeWin.cpp:
2136         (WebCore::RenderTheme::singleton):
2137         (WebCore::RenderTheme::themeForPage): Deleted.
2138         * rendering/TextPaintStyle.cpp:
2139         (WebCore::computeTextPaintStyle):
2140
2141 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
2142
2143         Do not delete asynchronously decoded frames for large images if their clients are in the viewport
2144         https://bugs.webkit.org/show_bug.cgi?id=170640
2145
2146         Reviewed by Simon Fraser.
2147
2148         The image flickering problem happens when a large image is visible in the
2149         view port and for some reason, the decoded frame gets destroyed. When this
2150         image is repainted, BitmapImage::draw() does not find a valid decoded frame
2151         for that image. It then requests an async decoding for the image and just
2152         draws nothing in the image rectangle. Drawing no content between two drawing
2153         phases in which the image is drawn causes the unwanted flickering.
2154
2155         To fix this issue we need to protect the decoded frames of all the images
2156         in the view port from being destroyed. When BitmapImage::destroyDecodedData()
2157         is called, it is going to check, through the ImageObserver, whether any
2158         of its clients is visible. And if so, the current decoded frame won't be
2159         destroyed.
2160
2161         Tests: Modifying existing tests.
2162
2163         * loader/cache/CachedImage.cpp:
2164         (WebCore::CachedImage::CachedImageObserver::decodedSizeChanged):
2165         (WebCore::CachedImage::CachedImageObserver::didDraw):
2166         (WebCore::CachedImage::CachedImageObserver::canDestroyDecodedData):
2167         (WebCore::CachedImage::CachedImageObserver::imageFrameAvailable):
2168         (WebCore::CachedImage::CachedImageObserver::changedInRect):
2169         (WebCore::CachedImage::decodedSizeChanged):
2170         (WebCore::CachedImage::didDraw):
2171         (WebCore::CachedImage::canDestroyDecodedData): Finds out whether it's okay
2172         to discard the image decoded data or not.
2173         (WebCore::CachedImage::imageFrameAvailable):
2174         (WebCore::CachedImage::changedInRect):
2175         * loader/cache/CachedImage.h:
2176         * loader/cache/CachedImageClient.h:
2177         (WebCore::CachedImageClient::canDestroyDecodedData):
2178         * loader/cache/MemoryCache.cpp:
2179         (WebCore::MemoryCache::destroyDecodedDataForAllImages): This function is
2180         currently not used. Use in the internal destroyDecodedDataForAllImages()
2181         but unlike what CachedImage::destroyDecodedData() does, make it destroy
2182         the decoded frames without deleting the image itself.
2183         * loader/cache/MemoryCache.h:
2184         * platform/graphics/BitmapImage.cpp:
2185         (WebCore::BitmapImage::destroyDecodedData):
2186         (WebCore::BitmapImage::draw):
2187         (WebCore::BitmapImage::canDestroyCurrentFrameDecodedData): 
2188         (WebCore::BitmapImage::advanceAnimation):
2189         (WebCore::BitmapImage::internalAdvanceAnimation):
2190         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
2191         * platform/graphics/BitmapImage.h:
2192         * platform/graphics/GraphicsContext3D.cpp:
2193         (WebCore::GraphicsContext3D::packImageData):
2194         * platform/graphics/ImageFrameCache.cpp:
2195         (WebCore::ImageFrameCache::decodedSizeChanged):
2196         (ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): The assertion in this
2197         function is wrong. frameIsCompleteAtIndex() can be false when the an image
2198         decoding is requested but can be true when the decoding finishes.
2199         * platform/graphics/ImageObserver.h:
2200         * platform/graphics/cairo/ImageCairo.cpp:
2201         (WebCore::Image::drawPattern):
2202         * platform/graphics/cg/ImageCG.cpp:
2203         (WebCore::Image::drawPattern):
2204         * platform/graphics/cg/ImageDecoderCG.cpp:
2205         (WebCore::ImageDecoder::frameIsCompleteAtIndex):
2206         * platform/graphics/cg/PDFDocumentImage.cpp:
2207         (WebCore::PDFDocumentImage::decodedSizeChanged):
2208         (WebCore::PDFDocumentImage::draw):
2209         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
2210         (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):
2211         * platform/graphics/win/ImageDirect2D.cpp:
2212         (WebCore::Image::drawPattern):
2213         * rendering/RenderElement.cpp:
2214         (WebCore::RenderElement::isVisibleInDocumentRect):
2215         (WebCore::RenderElement::isVisibleInViewport):
2216         (WebCore::RenderElement::imageFrameAvailable):
2217         (WebCore::RenderElement::repaintForPausedImageAnimationsIfNeeded):
2218         (WebCore::RenderElement::shouldRepaintInVisibleRect): Deleted. Function
2219         is renamed to isVisibleInViewport() for better readability.
2220         * rendering/RenderElement.h:
2221         * svg/graphics/SVGImage.cpp:
2222         (WebCore::SVGImage::draw):
2223         * svg/graphics/SVGImageClients.h:
2224         * testing/Internals.cpp:
2225         (WebCore::Internals::destroyDecodedDataForAllImages):
2226         * testing/Internals.h:
2227         * testing/Internals.idl:
2228
2229 2017-05-15  Youenn Fablet  <youenn@apple.com>
2230
2231         Simplify RealtimeMediaSource data production and state
2232         https://bugs.webkit.org/show_bug.cgi?id=171999
2233
2234         Reviewed by Eric Carlson.
2235
2236         RealtimeMediaSource takes 3 booleans:
2237         - m_isProducingData tells whether data is produced or not. In the case of capturing, it tells whether capture
2238           happens.
2239         - m_muted/m_enabled allows JS or WebKit level to start/stop the source.
2240
2241         Changed MediaStream capture state computation so that capture is reported as follows:
2242         - m_isProducing is true, capture is happenning and is active
2243         - m_muted is true, capture is happening but is inactive.
2244
2245         Except in the case of WebRTC incoming sources, for which sources may be created as muted as per the spec,
2246         all sources are unmuted, enabled and not producing data when created.
2247
2248         RealtimeMediaSource is now activable either by calling start/stop or by calling setMuted/setEnabled.
2249         This in turns will set the boolean values accordingly and will call the underlying
2250         startProducingData/stopProducingData methods doing the actual stuff.
2251
2252         Removing from all RealtimeMediaSource subclasses the handling of producing data.
2253         Making more methods non-virtual/member fields private to simplify the model.
2254
2255         * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
2256         (WebCore::CanvasCaptureMediaStreamTrack::Source::create):
2257         (WebCore::CanvasCaptureMediaStreamTrack::Source::startProducingData):
2258         (WebCore::CanvasCaptureMediaStreamTrack::Source::stopProducingData):
2259         (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
2260         (WebCore::CanvasCaptureMediaStreamTrack::Source::captureCanvas):
2261         * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
2262         * Modules/mediastream/MediaStream.cpp:
2263         (WebCore::MediaStream::mediaState):
2264         * platform/mediastream/MediaStreamTrackPrivate.h:
2265         (WebCore::MediaStreamTrackPrivate::startProducingData):
2266         (WebCore::MediaStreamTrackPrivate::stopProducingData):
2267         * platform/mediastream/RealtimeMediaSource.cpp:
2268         (WebCore::RealtimeMediaSource::setMuted):
2269         (WebCore::RealtimeMediaSource::notifyMutedChange):
2270         (WebCore::RealtimeMediaSource::setEnabled):
2271         (WebCore::RealtimeMediaSource::start):
2272         (WebCore::RealtimeMediaSource::stop):
2273         (WebCore::RealtimeMediaSource::requestStop):
2274         (WebCore::RealtimeMediaSource::reset): Deleted.
2275         * platform/mediastream/RealtimeMediaSource.h:
2276         * platform/mediastream/mac/AVMediaCaptureSource.h:
2277         * platform/mediastream/mac/AVMediaCaptureSource.mm:
2278         (WebCore::AVMediaCaptureSource::AVMediaCaptureSource):
2279         (WebCore::AVMediaCaptureSource::captureSessionIsRunningDidChange):
2280         (WebCore::AVMediaCaptureSource::reset): Deleted.
2281         (WebCore::AVMediaCaptureSource::isProducingData): Deleted.
2282         * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
2283         (WebCore::CoreAudioCaptureSource::CoreAudioCaptureSource):
2284         (WebCore::CoreAudioCaptureSource::startProducingData):
2285         (WebCore::CoreAudioCaptureSource::stopProducingData):
2286         (WebCore::CoreAudioCaptureSource::audioSourceProvider):
2287         * platform/mediastream/mac/CoreAudioCaptureSource.h:
2288         * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
2289         (WebCore::MockRealtimeAudioSourceMac::render):
2290         (WebCore::MockRealtimeAudioSource::createMuted): Deleted.
2291         * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:
2292         (WebCore::MockRealtimeVideoSource::createMuted): Deleted.
2293         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
2294         (WebCore::RealtimeIncomingAudioSource::create):
2295         (WebCore::RealtimeIncomingAudioSource::RealtimeIncomingAudioSource):
2296         (WebCore::RealtimeIncomingAudioSource::~RealtimeIncomingAudioSource):
2297         (WebCore::RealtimeIncomingAudioSource::startProducingData):
2298         (WebCore::RealtimeIncomingAudioSource::stopProducingData):
2299         (WebCore::RealtimeIncomingAudioSource::setSourceTrack):
2300         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
2301         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
2302         (WebCore::RealtimeIncomingVideoSource::create):
2303         (WebCore::RealtimeIncomingVideoSource::RealtimeIncomingVideoSource):
2304         (WebCore::RealtimeIncomingVideoSource::startProducingData):
2305         (WebCore::RealtimeIncomingVideoSource::setSourceTrack):
2306         (WebCore::RealtimeIncomingVideoSource::stopProducingData):
2307         (WebCore::RealtimeIncomingVideoSource::OnFrame):
2308         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
2309         * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
2310         (WebCore::WebAudioSourceProviderAVFObjC::setClient):
2311         * platform/mock/MockMediaEndpoint.cpp:
2312         (WebCore::MockMediaEndpoint::createMutedRemoteSource):
2313         (WebCore::MockMediaEndpoint::unmuteTimerFired):
2314         * platform/mock/MockRealtimeAudioSource.cpp:
2315         (WebCore::MockRealtimeAudioSource::createMuted):
2316         (WebCore::MockRealtimeAudioSource::startProducingData):
2317         (WebCore::MockRealtimeAudioSource::stopProducingData):
2318         * platform/mock/MockRealtimeAudioSource.h:
2319         * platform/mock/MockRealtimeMediaSource.cpp:
2320         (WebCore::MockRealtimeMediaSource::startProducingData): Deleted.
2321         (WebCore::MockRealtimeMediaSource::stopProducingData): Deleted.
2322         * platform/mock/MockRealtimeMediaSource.h:
2323         * platform/mock/MockRealtimeVideoSource.cpp:
2324         (WebCore::MockRealtimeVideoSource::createMuted):
2325         (WebCore::MockRealtimeVideoSource::startProducingData):
2326         (WebCore::MockRealtimeVideoSource::stopProducingData):
2327         (WebCore::MockRealtimeVideoSource::generateFrame):
2328         * platform/mock/MockRealtimeVideoSource.h:
2329
2330 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2331
2332         Migrate Font constructor from bools to enums
2333         https://bugs.webkit.org/show_bug.cgi?id=172140
2334
2335         Reviewed by Tim Horton.
2336
2337         In https://bugs.webkit.org/show_bug.cgi?id=168487, I'm adding a new flag to Font. We can't
2338         keep having just a pile of bools in this class. Instead, we should be using enums.
2339
2340         No new tests because there is no behavior change.
2341
2342         * css/CSSFontFace.cpp:
2343         (WebCore::CSSFontFace::font):
2344         * css/CSSFontFaceSource.cpp:
2345         (WebCore::CSSFontFaceSource::font):
2346         * css/CSSSegmentedFontFace.cpp:
2347         * loader/cache/CachedFont.cpp:
2348         (WebCore::CachedFont::createFont):
2349         * platform/graphics/Font.cpp:
2350         (WebCore::Font::Font):
2351         (WebCore::Font::verticalRightOrientationFont):
2352         (WebCore::Font::uprightOrientationFont):
2353         (WebCore::Font::brokenIdeographFont):
2354         (WebCore::Font::description):
2355         (WebCore::Font::mathData):
2356         * platform/graphics/Font.h:
2357         (WebCore::Font::create):
2358         (WebCore::Font::origin):
2359         (WebCore::Font::isInterstitial):
2360         (WebCore::Font::widthForGlyph):
2361         (WebCore::Font::isCustomFont): Deleted.
2362         (WebCore::Font::isLoading): Deleted.
2363         * platform/graphics/FontRanges.cpp:
2364         * platform/graphics/cocoa/FontCocoa.mm:
2365         (WebCore::Font::platformInit):
2366         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
2367         (WebCore::Font::platformCreateScaledFont):
2368         * platform/graphics/win/SimpleFontDataCGWin.cpp:
2369         (WebCore::Font::platformInit):
2370         * platform/graphics/win/SimpleFontDataDirect2D.cpp:
2371         (WebCore::Font::platformInit):
2372         * platform/graphics/win/SimpleFontDataWin.cpp:
2373         (WebCore::Font::platformCreateScaledFont):
2374         (WebCore::Font::determinePitch):
2375         * rendering/SimpleLineLayout.cpp:
2376         (WebCore::SimpleLineLayout::canUseForFontAndText):
2377
2378 2017-05-15  Youenn Fablet  <youenn@apple.com>
2379
2380         WebRTC outgoing muted video sources should send black frames
2381         https://bugs.webkit.org/show_bug.cgi?id=170627
2382         <rdar://problem/31513869>
2383
2384         Reviewed by Eric Carlson.
2385
2386         Covered by updated test.
2387
2388         Instead of sending one black frame and then another one asynchronously,
2389         we use the timer to send a black frame every second when outgoing source is muted.
2390
2391         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
2392         (WebCore::RealtimeOutgoingVideoSource::sourceMutedChanged):
2393         (WebCore::RealtimeOutgoingVideoSource::sourceEnabledChanged):
2394         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrames):
2395         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrame): Deleted.
2396         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
2397         * testing/Internals.cpp:
2398         (WebCore::Internals::videoSampleAvailable):
2399
2400 2017-05-15  David Kilzer  <ddkilzer@apple.com>
2401
2402         Crash in libxml2.2.dylib: xmlDictReference
2403         <https://webkit.org/b/172086>
2404         <rdar://problem/23643436>
2405
2406         Reviewed by Daniel Bates.
2407
2408         Speculative fix and code clean-up based on source code
2409         inspection.  The fix for the crash is in two parts that change
2410         XSLStyleSheet::parseString():
2411         1. Always set m_stylesheetDoc to nullptr after freeing it via
2412            XSLStyleSheet::clearXSLStylesheetDocument().
2413         2. Add nullptr check before using m_stylesheetDoc from parent.
2414
2415         Broadly speaking, the changes are:
2416         - Extract code to reset m_stylesheetDoc into new private
2417           XSLStyleSheet::clearXSLStylesheetDocument() method.  There is
2418           a special contract between m_stylesheetDoc and
2419           m_stylesheetDocTaken that wasn't being followed every time.
2420           See comment in XSLStyleSheet::compileStyleSheet().
2421         - XSLStyleSheet::clearDocuments() now calls new
2422           clearXSLStylesheetDocument() method.  Previously, it was not
2423           checking or resetting m_stylesheetDocTaken, and it might have
2424           leaked an xmlDocPtr if m_stylesheetDoc was set and
2425           m_stylesheetDocTaken was false.
2426         - XSLStyleSheet::parseString() now calls new
2427           clearXSLStylesheetDocument() method.  Previously, it did not
2428           clear m_stylesheetDoc after freeing it, and it could return
2429           early due to a failure in xmlCreateMemoryParserCtxt().
2430         - In XSLStyleSheet::parseString() use checked arithmetic when
2431           calculating 'size' for xmlCreateMemoryParserCtxt() and
2432           xmlCtxtReadMemory().  This code used to do an implicit
2433           unsigned -> signed integer conversion that could overflow.
2434         - Always iterate m_children using an 'auto& import' variable.
2435
2436         * xml/XSLStyleSheet.h:
2437         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add declaration.
2438         (WebCore::XSLStyleSheet::m_disabled): Add default initializer.
2439         (WebCore::XSLStyleSheet::m_stylesheetDoc): Ditto.
2440         (WebCore::XSLStyleSheet::m_stylesheetDocTaken): Ditto.
2441         (WebCore::XSLStyleSheet::m_parentStyleSheet): Ditto.
2442
2443         * xml/XSLStyleSheetLibxslt.cpp:
2444         (WebCore::XSLStyleSheet::XSLStyleSheet): Get rid of redundant
2445         initializers.  Set m_parentStyleSheet if needed.
2446         (WebCore::XSLStyleSheet::~XSLStyleSheet): Call
2447         clearXSLStylesheetDocument() instead of custom code.  Switch
2448         m_children fast iteration to use 'auto& import' variable.
2449         (WebCore::XSLStyleSheet::isLoading): Switch m_children fast
2450         iteration to use 'auto& import' variable.
2451         (WebCore::XSLStyleSheet::clearDocuments): Call
2452         clearXSLStylesheetDocument() instead of setting m_stylesheetDoc
2453         to nullptr.  This might fix an occasional xmlDocPtr leak.
2454         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add.  This
2455         method always sets m_stylesheetDoc to nullptr (after freeing it
2456         if necessary) and sets m_stylesheetDocTaken to false.
2457         (WebCore::XSLStyleSheet::parseString): Call
2458         clearXSLStylesheetDocument().  Prior to this, m_stylesheetDoc
2459         might be left pointing to a freed value, and this method could
2460         return early if xmlCreateMemoryParserCtxt() failed.  Switch to
2461         using Checked<> to compute required buffer size to parse XSL
2462         stylesheet, and return early on overflow.  Clean up existing
2463         return statements to use boolean expressions.  Add nullptr check
2464         for m_parentStyleSheet->m_stylesheetDoc before using it.
2465         (WebCore::XSLStyleSheet::loadChildSheet): Get rid of local
2466         variable by calling loadSheet() from last array element.
2467         (WebCore::XSLStyleSheet::compileStyleSheet): Add debug assert
2468         that m_stylesheetDoc is not nullptr.
2469
2470 2017-05-15  Jer Noble  <jer.noble@apple.com>
2471
2472         Add experimental setting to allow document gesture interaction to fulfill media playback gesture requirement
2473         https://bugs.webkit.org/show_bug.cgi?id=172131
2474
2475         Reviewed by Eric Carlson.
2476
2477         Test: media/restricted-audio-playback-with-document-gesture.html
2478
2479         Move all calls to ScriptController::processingUserGestureForMedia() to the new Document equivalent. In Document,
2480         if the new setting is enabled, return true from processingUserGestureForMedia() if the top-level document has had
2481         a user gesture interaction.
2482
2483         * Modules/mediastream/MediaStream.cpp:
2484         (WebCore::MediaStream::processingUserGestureForMedia):
2485         * Modules/mediastream/MediaStream.h:
2486         * Modules/webaudio/AudioContext.cpp:
2487         (WebCore::AudioContext::processingUserGestureForMedia):
2488         (WebCore::AudioContext::willBeginPlayback):
2489         (WebCore::AudioContext::willPausePlayback):
2490         * Modules/webaudio/AudioContext.h:
2491         * dom/Document.cpp:
2492         (WebCore::Document::processingUserGestureForMedia):
2493         * dom/Document.h:
2494         * html/HTMLMediaElement.cpp:
2495         (WebCore::HTMLMediaElement::load):
2496         (WebCore::HTMLMediaElement::audioTrackEnabledChanged):
2497         (WebCore::HTMLMediaElement::seekWithTolerance):
2498         (WebCore::HTMLMediaElement::play):
2499         (WebCore::HTMLMediaElement::playInternal):
2500         (WebCore::HTMLMediaElement::pause):
2501         (WebCore::HTMLMediaElement::pauseInternal):
2502         (WebCore::HTMLMediaElement::setMuted):
2503         (WebCore::HTMLMediaElement::webkitShowPlaybackTargetPicker):
2504         (WebCore::HTMLMediaElement::processingUserGestureForMedia):
2505         * html/HTMLMediaElement.h:
2506         * html/MediaElementSession.cpp:
2507         (WebCore::MediaElementSession::playbackPermitted):
2508         (WebCore::MediaElementSession::dataLoadingPermitted):
2509         (WebCore::MediaElementSession::fullscreenPermitted):
2510         (WebCore::MediaElementSession::canShowControlsManager):
2511         (WebCore::MediaElementSession::showPlaybackTargetPicker):
2512         * page/Settings.in:
2513         * platform/audio/PlatformMediaSession.h:
2514
2515 2017-05-15  Jer Noble  <jer.noble@apple.com>
2516
2517         Only ever initialize LibWebRTCProvider's staticFactoryAndThreads() factories once.
2518         https://bugs.webkit.org/show_bug.cgi?id=172047
2519
2520         Reviewed by Youenn Fablet.
2521
2522         Wrap the initilization of the factories contained in staticFactoryAndThreads() in a call_once to ensure
2523         new factories aren't created every time it's called.
2524
2525         * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
2526         (WebCore::staticFactoryAndThreads):
2527
2528 2017-05-15  Joseph Pecoraro  <pecoraro@apple.com>
2529
2530         Web Inspector: CRASH seen with DOM.setOuterHTML when there is no documentElement
2531         https://bugs.webkit.org/show_bug.cgi?id=172135
2532         <rdar://problem/32175860>
2533
2534         Reviewed by Brian Burg.
2535
2536         Test: inspector/dom/setOuterHTML-no-document-element.html
2537
2538         * inspector/DOMPatchSupport.cpp:
2539         (WebCore::DOMPatchSupport::patchDocument):
2540         Null check the document element which might not exist.
2541
2542 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
2543
2544         REGRESSION (216471): Infinite repaint-drawing loop when asynchronously decoding incomplete image frames
2545         https://bugs.webkit.org/show_bug.cgi?id=171900
2546
2547         Reviewed by Tim Horton.
2548
2549         -- Don't destroy incomplete decoded image frames for large images. This
2550         is to avoid flickering while decoding another image frame with the new
2551         data. The old incomplete image frame will be destroyed once the newer one
2552         finishes decoding.
2553
2554         -- Extend the enum ImageFrame::DecodingStatus by adding a new value called
2555         'Decoding'. This new value will never be cached in the ImageFrame::
2556         m_decodingStatus. Add a member m_currentFrameDecodingStatus to BitmapImage.
2557         The purpose of this member is to invalidate the current frame, without
2558         deleting it, when new encoded data is received.
2559
2560         -- Don't wait until the native image is decoded to cache the ImageFrame
2561         decodingStatus. There is a big chance that more data arrives between
2562         starting the decoding and finishing it such that the decoding changes
2563         from Partial to Complete. We need to prevent keeping incomplete ImageFrames
2564         cached because we mistakenly assume they are complete. To fix this issue
2565         we need to know the ImageFrame decodingStatus when the decoding is requested.
2566
2567         * platform/graphics/BitmapImage.cpp:
2568         (WebCore::BitmapImage::destroyDecodedData):
2569         (WebCore::BitmapImage::dataChanged):
2570         (WebCore::BitmapImage::draw):
2571         (WebCore::BitmapImage::internalStartAnimation): At the beginning of this 
2572         function we check whether the next frame is being decoded or not and we 
2573         return DecodingActive if it is. Let's handle the second check here also 
2574         before requesting the decoding of nextFrame. We need to check whether the
2575         nextFrame has a native image with decoded with the native size or not.
2576         (WebCore::BitmapImage::internalAdvanceAnimation):
2577         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
2578         * platform/graphics/BitmapImage.h:
2579         * platform/graphics/ImageFrame.cpp:
2580         (WebCore::ImageFrame::operator=):
2581         (WebCore::ImageFrame::setDecodingStatus):
2582         (WebCore::ImageFrame::decodingStatus):
2583         * platform/graphics/ImageFrame.h:
2584         (WebCore::ImageFrame::isInvalid):
2585         (WebCore::ImageFrame::isPartial):
2586         (WebCore::ImageFrame::isComplete):
2587         (WebCore::ImageFrame::setDecoding): Deleted.
2588         (WebCore::ImageFrame::decoding): Deleted.
2589         (WebCore::ImageFrame::isEmpty): Deleted.
2590         * platform/graphics/ImageFrameCache.cpp:
2591         (WebCore::ImageFrameCache::setNativeImage):
2592         (WebCore::ImageFrameCache::cacheMetadataAtIndex):
2593         (WebCore::ImageFrameCache::cacheNativeImageAtIndex):
2594         (WebCore::ImageFrameCache::cacheNativeImageAtIndexAsync):
2595         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
2596         (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex):
2597         (WebCore::ImageFrameCache::stopAsyncDecodingQueue):
2598         (WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded):
2599         (WebCore::ImageFrameCache::frameDecodingStatusAtIndex):
2600         (WebCore::ImageFrameCache::cacheFrameMetadataAtIndex): Deleted.
2601         (WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Deleted.
2602         (WebCore::ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): Deleted.
2603         (WebCore::ImageFrameCache::frameIsCompleteAtIndex): Deleted.
2604         * platform/graphics/ImageFrameCache.h:
2605         (WebCore::ImageFrameCache::ImageFrameRequest::operator==):
2606         * platform/graphics/ImageSource.cpp:
2607         (WebCore::ImageSource::dataChanged):
2608         * platform/graphics/ImageSource.h:
2609         (WebCore::ImageSource::destroyIncompleteDecodedData):
2610         (WebCore::ImageSource::requestFrameAsyncDecodingAtIndex): Let the caller
2611         decide whether another request for the same image frame is allowed or not.
2612         (WebCore::ImageSource::frameDecodingStatusAtIndex):
2613         (WebCore::ImageSource::frameIsCompleteAtIndex): Deleted.
2614         * platform/image-decoders/ImageDecoder.cpp:
2615         (WebCore::ImageDecoder::frameDurationAtIndex):
2616         (WebCore::ImageDecoder::createFrameImageAtIndex):
2617         * platform/image-decoders/bmp/BMPImageReader.cpp:
2618         (WebCore::BMPImageReader::decodeBMP):
2619         * platform/image-decoders/gif/GIFImageDecoder.cpp:
2620         (WebCore::GIFImageDecoder::clearFrameBufferCache):
2621         (WebCore::GIFImageDecoder::haveDecodedRow):
2622         (WebCore::GIFImageDecoder::frameComplete):
2623         (WebCore::GIFImageDecoder::initFrameBuffer):
2624         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
2625         (WebCore::JPEGImageDecoder::outputScanlines):
2626         (WebCore::JPEGImageDecoder::jpegComplete):
2627         * platform/image-decoders/png/PNGImageDecoder.cpp:
2628         (WebCore::PNGImageDecoder::rowAvailable):
2629         (WebCore::PNGImageDecoder::pngComplete):
2630         (WebCore::PNGImageDecoder::clearFrameBufferCache):
2631         (WebCore::PNGImageDecoder::frameComplete):
2632         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
2633         (WebCore::WEBPImageDecoder::decode):
2634
2635 2017-05-15  Chris Dumez  <cdumez@apple.com>
2636
2637         Align WebKitCSSMatrix stringifier with spec for DOMMatrix
2638         https://bugs.webkit.org/show_bug.cgi?id=172114
2639
2640         Reviewed by Simon Fraser.
2641
2642         Align WebKitCSSMatrix stringifier with spec for DOMMatrix after:
2643         - https://github.com/w3c/fxtf-drafts/pull/148
2644
2645         The following changes were made:
2646         - Use EcmaScript's ToString() to convert floating point values to string
2647         - Throw an invalid state error if the matrix contains non-finite values
2648         - Made WebKitCSSMatrix.toString enumerable as per [1].
2649
2650         [1] https://heycam.github.io/webidl/#es-stringifier
2651
2652         Test: fast/css/matrix-stringifier.html
2653
2654         * css/WebKitCSSMatrix.cpp:
2655         (WebCore::WebKitCSSMatrix::toString):
2656         * css/WebKitCSSMatrix.h:
2657         * css/WebKitCSSMatrix.idl:
2658         * platform/graphics/transforms/TransformationMatrix.cpp:
2659         (WebCore::TransformationMatrix::containsOnlyFiniteValues):
2660         * platform/graphics/transforms/TransformationMatrix.h:
2661
2662 2017-05-15  Mark Lam  <mark.lam@apple.com>
2663
2664         WorkerRunLoop::Task::performTask() should check !scriptController->isTerminatingExecution().
2665         https://bugs.webkit.org/show_bug.cgi?id=171775
2666         <rdar://problem/30975761>
2667
2668         Reviewed by Filip Pizlo.
2669
2670         Currently, WorkerThread::stop() calls scheduleExecutionTermination() to terminate
2671         JS execution first, followed by posting a cleanup task to the worker, and lastly,
2672         it invokes terminate() on the WorkerRunLoop.
2673
2674         As a result, before the run loop is terminated, the worker thread may observe the
2675         TerminatedExecutionException in JS code, bail out, see another JS task to run,
2676         re-enters the VM to run said JS code, and fails with an assertion due to the
2677         TerminatedExecutionException still being pending on VM entry.
2678
2679         WorkerRunLoop::Task::performTask() already has a check to only allow a task to
2680         run if and only if !runLoop.terminated() and the task is not a clean up task.
2681         We'll fix the above race by changing WorkerRunLoop::Task::performTask() to check
2682         !context->script()->isTerminatingExecution() instead of !runLoop.terminated().
2683         Since WorkerThread::stop() always scheduleExecutionTermination() before it
2684         terminates the run loop, !context->script()->isTerminatingExecution() implies
2685         !runLoop.terminated().
2686
2687         The only time that runLoop is terminated without scheduleExecutionTermination()
2688         being called is when WorkerThread::stop() is called before the WorkerThread has
2689         finished creating its WorkerGlobalScope.  In this scenario, WorkerThread::stop()
2690         will still terminate the run loop.  Hence, after the WorkerGlobalScope is created
2691         (in WorkerThread::workerThread()), we will check if the run loop has been
2692         terminated (i.e. stop() was called).  If so, we'll scheduleExecutionTermination()
2693         there, and guarantee that if runloop.terminated() is true, then
2694         context->script()->isTerminatingExecution() is also true.
2695
2696         Solutions that were considered but did not work (recorded for future reference):
2697
2698         1. In WorkerThread::stop(), call scheduleExecutionTermination() only after it
2699            posts the cleanup task and terminate the run loop.
2700
2701            This did not work because this creates a race where the worker thread may run
2702            the cleanup task before WorkerThread::stop() finishes.  As a result, the
2703            scriptController may be deleted before we get to invoke scheduleExecutionTermination()
2704            on it, thereby resulting in a use after free.
2705
2706            To make this work, we would have to change the life cycle management strategy
2707            of the WorkerScriptController.  This is a more risky change that we would
2708            want to take on at this time, and may also not be worth the gain.
2709
2710         2. Break scheduleExecutionTermination() up into 2 parts i.e. WorkerThread::stop()
2711            will:
2712            1. set the scriptControllers m_isTerminatingExecution flag before
2713               posting the cleanup task and terminating the run loop, and
2714            2. invoke VM::notifyNeedsTermination() after posting the cleanup task and
2715               terminating the run loop.
2716
2717            This requires that we protect the liveness of the VM until we can invoke
2718            notifyNeedsTermination() on it.
2719
2720            This did not work because:
2721            1. We may end up destructing the VM in WorkerThread::stop() i.e. in the main
2722               web frame, but only the worker thread holds the JS lock for the VM.
2723
2724               We can make the WorkerThread::stop() acquire the JS lock just before it
2725               releases the protected VM's RefPtr, but that would mean the main thread
2726               may be stuck waiting a bit for the worker thread to release its JSLock.
2727               This is not desirable.
2728
2729            2. In practice, changing the liveness period of the Worker VM relative to its
2730               WorkerScriptController and WorkerGlobalScope also has unexpected
2731               ramifications.  We observed many worker tests failing with assertion
2732               failures and crashes due to this change.
2733
2734            Hence, this approach is also a more risky change than it appears on the
2735            surface, and is not worth exploring at this time.
2736
2737         In the end, changing WorkerRunLoop::Task::performTask() to check for
2738         !scriptController->isTerminatingExecution() is the most straight forward solution
2739         that is easy to prove correct.
2740
2741         Also fixed a race in WorkerThread::workerThread() where it can delete the
2742         WorkerGlobalScope while WorkerThread::stop() is in the midst of accessing it.
2743         We now guard the the nullifying of m_workerGlobalScope with the
2744         m_threadCreationAndWorkerGlobalScopeMutex as well.
2745
2746         UPDATE: the only new thing in this patch for re-landing (vs one previously landed)
2747         is that instead of nullifying m_workerGlobalScope directly (thereby deleting the
2748         WorkerGlobalScope context), we'll swap it out and delete it only after we've
2749         unlocked the m_threadCreationAndWorkerGlobalScopeMutex.  This is needed because
2750         the destruction of the WorkerGlobalScope will cause the main thread to race against
2751         the worker thread to delete the WorkerThread object, and the WorkerThread object
2752         owns the mutex that we need to unlock after nullifying the m_workerGlobalScope
2753         field.
2754
2755         This issue is covered by an existing test that I just unskipped in TestExpectations.
2756
2757         * bindings/js/JSDOMPromiseDeferred.cpp:
2758         (WebCore::DeferredPromise::callFunction):
2759
2760         * bindings/js/WorkerScriptController.cpp:
2761         (WebCore::WorkerScriptController::scheduleExecutionTermination):
2762         - Added a check to do nothing and return early if the scriptController is already
2763           terminating execution.
2764
2765         * workers/WorkerRunLoop.cpp:
2766         (WebCore::WorkerRunLoop::runInMode):
2767         (WebCore::WorkerRunLoop::runCleanupTasks):
2768         (WebCore::WorkerRunLoop::Task::performTask):
2769
2770         * workers/WorkerRunLoop.h:
2771         - Made Task::performTask() private and make Task befriend the WorkerRunLoop class.
2772           This ensures that only the WorkerRunLoop may call performTask().
2773           Note: this change only formalizes and hardens a relationship that was already
2774           in place before this.
2775
2776         * workers/WorkerThread.cpp:
2777         (WebCore::WorkerThread::start):
2778         (WebCore::WorkerThread::workerThread):
2779         (WebCore::WorkerThread::stop):
2780         * workers/WorkerThread.h:
2781         - Renamed m_threadCreationMutex to m_threadCreationAndWorkerGlobalScopeMutex so
2782           that it more accurately describes what it guards.
2783
2784 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2785
2786         Unicode characters which can't be rendered in any font are invisible
2787         https://bugs.webkit.org/show_bug.cgi?id=171942
2788         <rdar://problem/32054234>
2789
2790         Reviewed by Tim Horton.
2791
2792         There are some Unicode characters which don't have any font on the system which can render them.
2793         These characters should be drawn as the .notdef "tofu." This is for security and usability, as
2794         well as what Firefox and Chrome do. However, we still shouldn't draw characters with the
2795         Default_Ignorable_Code_Point property, because this is what CoreText does.
2796
2797         This behavior is also what the Unicode spec recommends: In UTR #36 Unicode Security Considerations:
2798         http://www.unicode.org/reports/tr36/#Recommendations_General
2799         "If there is no available glyph for a character, never show a simple "?" or omit the character."
2800
2801         Also relevant is the Unicode Standard section 5.3 Unknown and MIssing Characters, starting at page
2802         marked 203 in the following: http://www.unicode.org/versions/Unicode9.0.0/ch05.pdf
2803
2804         Tests: fast/text/default-ignorable.html
2805                fast/text/unknown-char-notdef.html
2806
2807         * platform/graphics/WidthIterator.cpp:
2808         (WebCore::characterMustDrawSomething):
2809
2810 2017-05-15  Timothy Horton  <timothy_horton@apple.com>
2811
2812         Null deref under WebContentReader::readURL when interacting with a file URL
2813         https://bugs.webkit.org/show_bug.cgi?id=172045
2814         <rdar://problem/25880647>
2815
2816         Reviewed by Wenson Hsieh.
2817
2818         * editing/ios/EditorIOS.mm:
2819         (WebCore::Editor::WebContentReader::readURL):
2820         The AppSupport soft link was wrong, as there is no such framework in /System/Library/Frameworks.
2821         Thus, any time we hit this codepath, the soft linked function would be null, and calling it would crash.
2822         Instead of just fixing the soft link, remove the code, because it does not seem necessary to
2823         special-case fileURLs to images in the media directory.
2824
2825 2017-05-15  Eric Carlson  <eric.carlson@apple.com>
2826
2827         ASSERTION FAILED: wasRemoved in WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver(DevicesChangedObserverToken)
2828         https://bugs.webkit.org/show_bug.cgi?id=171529
2829         <rdar://problem/31945791>
2830
2831         Reviewed by Jer Noble.
2832
2833         No new tests, fixes a crash in existing tests.
2834
2835         * Modules/mediastream/MediaDevices.cpp:
2836         (WebCore::MediaDevices::MediaDevices): Use a weak ptr.
2837
2838         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2839         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2840         (WebCore::observerMap):  Use a static hash map for observers because the
2841         source center can change at runtime.
2842         (WebCore::RealtimeMediaSourceCenter::addDevicesChangedObserver):
2843         (WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver):
2844         (WebCore::RealtimeMediaSourceCenter::captureDevicesChanged):
2845
2846 2017-05-15  Brent Fulgham  <bfulgham@apple.com>
2847
2848         [iOS WK1] Do not try to dispatch messages to subframes if their documents have not been constructed yet.
2849         https://bugs.webkit.org/show_bug.cgi?id=172059
2850         <rdar://problem/31963192>
2851
2852         Reviewed by Zalan Bujtas.
2853
2854         On iOS WK1 we can end up in an inconsistent state, where
2855         1. The web thread is inside a newly-injected iframe's document's constructor and
2856         2. waiting on a delegate callback on the main thread
2857         while the main thread
2858         (a) Evaluates arbitrary JavaScript that modifies storage which
2859         (b) Triggers an event dispatch.
2860  
2861         * storage/StorageEventDispatcher.cpp:
2862         (WebCore::StorageEventDispatcher::dispatchSessionStorageEvents): If the sub-frame's document
2863         is in an inconsistent state, skip it.
2864         (WebCore::StorageEventDispatcher::dispatchLocalStorageEvents): Ditto.
2865         (WebCore::StorageEventDispatcher::dispatchSessionStorageEventsToFrames): Ditto.
2866         (WebCore::StorageEventDispatcher::dispatchLocalStorageEventsToFrames): Ditto.
2867
2868 2017-05-15  Zalan Bujtas  <zalan@apple.com>
2869
2870         Simple line layout: Leading whitespace followed by a <br> produces an extra linebreak.
2871         https://bugs.webkit.org/show_bug.cgi?id=172076
2872
2873         Reviewed by Antti Koivisto.
2874
2875         When the collapsed whitespace does not fit the line, we need to push it to the next line
2876         so that we can decide whether any soft/hard linebreak should be skipped (to avoid double line breaks) or not.
2877
2878         Test: fast/text/simple-line-layout-leading-whitespace-with-soft-hard-linebreak.html
2879
2880         * rendering/SimpleLineLayout.cpp:
2881         (WebCore::SimpleLineLayout::consumeLineBreakIfNeeded): special handling <br>
2882         (WebCore::SimpleLineLayout::firstFragment): Now we need to deal with leading collapsed whitespace.
2883         (WebCore::SimpleLineLayout::createLineRuns): We need to push even the collapsed whitespace to the next line.
2884
2885 2017-05-15  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2886
2887         Invalid MediaSource duration value should throw TyperError instead of InvalidStateError
2888         https://bugs.webkit.org/show_bug.cgi?id=171653
2889
2890         Reviewed by Chris Dumez.
2891
2892         Modify MediaSource::setDuration to throw a TypeError when duration value is invalid as per MSE specification
2893         (https://www.w3.org/TR/2016/REC-media-source-20161117/#dom-mediasource-duration).
2894
2895         Update expectations of corresponding WPT test.
2896
2897         * Modules/mediasource/MediaSource.cpp:
2898         (WebCore::MediaSource::setDuration):
2899         (WebCore::MediaSource::setDurationInternal):
2900
2901 2017-05-15  Gwang Yoon Hwang  <yoon@igalia.com>
2902
2903         [CAIRO] Painting an image mask with a matrix above Pixman's limit breaks internal states of Cairo
2904         https://bugs.webkit.org/show_bug.cgi?id=169094
2905
2906         Reviewed by Žan Doberšek.
2907
2908         It is the same problem which addressed in r212431.
2909         In HiDPI situation, it happens easily due to the size of coordinates.
2910         Also, if this bug happens, it will break the rendering continuously
2911         since we are reusing graphics contexts to render webpages in same
2912         webview.
2913
2914         Test: fast/hidpi/hidpi-long-page-with-inset-element.html
2915
2916         * platform/graphics/cairo/PlatformContextCairo.cpp:
2917         (WebCore::PlatformContextCairo::pushImageMask):
2918         We can avoid the limit of the Pixman by reducing the source surface's
2919         size, and it will create a minimal pattern matrix.
2920
2921 2017-05-14  Zan Dobersek  <zdobersek@igalia.com>
2922
2923         Unreviewed build fix with newer Perl versions.
2924
2925         * bindings/scripts/CodeGeneratorJS.pm:
2926         (AddLegacyCallerOperationIfNeeded): Support for experimental push on scalar (and
2927         other auto-dereferencing) was removed in Perl 5.24. Instead, the LegacyCallers array
2928         has to be dereferenced when pushing new values to it.
2929
2930 2017-05-14  Sam Weinig  <sam@webkit.org>
2931
2932         [WebIDL/DOM] Remove need for custom bindings for HTMLAllCollection and bring up to spec
2933         https://bugs.webkit.org/show_bug.cgi?id=172095
2934
2935         Reviewed by Darin Adler.
2936
2937         - Adds support for the legacycaller WebIDL special annotation.
2938         - Updates implementation of HTMLAllCollection to match the current HTML spec.
2939
2940         Test: fast/dom/document-all.html
2941
2942         * CMakeLists.txt:
2943         * WebCore.xcodeproj/project.pbxproj:
2944         * bindings/js/JSBindingsAllInOne.cpp:
2945         * bindings/js/JSHTMLAllCollectionCustom.cpp: Removed.
2946         Removed JSHTMLAllCollectionCustom.cpp
2947
2948         * bindings/scripts/CodeGeneratorJS.pm:
2949         (GenerateInterface):
2950         (AddLegacyCallerOperationIfNeeded):
2951         Before code generation, clone all the legacycaller operations and put them
2952         in their own set, so they can form an overload set.
2953         
2954         (AddStringifierOperationIfNeeded):
2955         Use IDLParser::cloneType as the FIXME suggested.
2956
2957         (GenerateHeader):
2958         Group call related functionality together and use new IsCallable predicate.
2959
2960         (GenerateOverloadedFunctionOrConstructor):
2961         Generalize a little bit to allow the function being overloaded to be an overloaded legacycaller.
2962
2963         (GenerateImplementation):
2964         Add call to generate the legacycaller code.
2965
2966         (GenerateLegacyCallerDefinitions):
2967         (GenerateLegacyCallerDefinition):
2968         Generate the legacycaller definition, using GenerateArgumentsCountCheck, GenerateParametersCheck
2969         and GenerateImplementationFunctionCall to do all the heavy lifting.
2970
2971         (IsCallable):
2972         Add helper predicate for both custom calls and legacycaller.
2973
2974         * bindings/scripts/IDLParser.pm:
2975         (cloneType):.
2976         (cloneArgument):.
2977         (cloneOperation):
2978         Add cloning functions for IDLArgument and IDLOperation, and make IDLType's
2979         clone feasible for calling outside the package by removing the unneeded 
2980         self parameter.
2981
2982         * bindings/scripts/test/JS/JSTestObj.cpp
2983         * bindings/scripts/test/JS/JSTestObj.h
2984         * bindings/scripts/test/TestObj.idl:
2985         Add testing of legacycaller overloading.
2986
2987         * dom/Document.cpp:
2988         (WebCore::Document::allFilteredByName):
2989         * dom/Document.h:
2990         Add new collection access for the HTMLAllNamedSubCollection.
2991
2992         * html/CachedHTMLCollection.h:
2993         (WebCore::nameShouldBeVisibleInDocumentAll):
2994         Update list of tags to match the current spec.
2995
2996         * html/CollectionType.h:
2997         Add new type for HTMLAllNamedSubCollection.
2998
2999         * html/GenericCachedHTMLCollection.cpp:
3000         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
3001         Specify that DocumentAllNamedItems does not want
3002         the default elementMatches.
3003  
3004         * html/HTMLAllCollection.cpp:
3005         (WebCore::HTMLAllCollection::namedOrIndexedItemOrItems):
3006         (WebCore::HTMLAllCollection::namedItemOrItems):
3007         (WebCore::HTMLAllNamedSubCollection::~HTMLAllNamedSubCollection):
3008         (WebCore::HTMLAllNamedSubCollection::elementMatches):
3009         * html/HTMLAllCollection.h:
3010         Move implementations from the custom binding, and re-implement to
3011         match the spec. Alternate names to item/namedItem were needed to not
3012         shadow the existing ones in HTMLCollection. HTMLAllNamedSubCollection
3013         is a simple HTMLCollection that matches on a name, following the rules
3014         of document.all about which tags can have name attributes.
3015
3016         * html/HTMLAllCollection.idl:
3017         Remove custom annotations and add legacycaller which is now supported.
3018
3019         * html/HTMLCollection.cpp:
3020         (WebCore::invalidationTypeExcludingIdAndNameAttributes):
3021         (WebCore::HTMLCollection::~HTMLCollection):
3022         Add DocumentAllNamedItems.
3023
3024 2017-05-14  Zalan Bujtas  <zalan@apple.com>
3025
3026         Remove unused lambda in TextFragmentIterator::TextFragment::split() and cleanup dependencies.
3027         https://bugs.webkit.org/show_bug.cgi?id=172089
3028
3029         Reviewed by David Kilzer.
3030
3031         * rendering/SimpleLineLayout.cpp:
3032         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
3033         * rendering/SimpleLineLayoutTextFragmentIterator.h:
3034         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::split):
3035         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::splitWithHyphen):
3036
3037 2017-05-13  David Kilzer  <ddkilzer@apple.com>
3038
3039         Unused lambda in JSWebKitSubtleCrypto::wrapKey()
3040         <https://webkit.org/b/172087>
3041
3042         Reviewed by Chris Dumez.
3043
3044         Fixes the following warning with newer clang:
3045
3046             Source/WebCore/bindings/js/JSWebKitSubtleCryptoCustom.cpp:594:35: error: lambda capture 'keyFormat' is not used [-Werror,-Wunused-lambda-capture]
3047                 auto exportSuccessCallback = [keyFormat, algorithm, parameters, wrappingKey, wrapper](const Vector<uint8_t>& exportedKeyData) mutable {
3048                                               ^
3049
3050         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
3051         (WebCore::JSWebKitSubtleCrypto::wrapKey): Remove unused lambda.
3052
3053 2017-05-13  Eric Carlson  <eric.carlson@apple.com>
3054
3055         [MediaStream] deviceId constraint doesn't work with getUserMedia
3056         https://bugs.webkit.org/show_bug.cgi?id=171877
3057         <rdar://problem/31899730>
3058
3059         Reviewed by Jer Noble.
3060
3061         Test: fast/mediastream/get-user-media-device-id.html
3062
3063         * Modules/mediastream/MediaConstraintsImpl.h:
3064         (WebCore::MediaConstraintsData::MediaConstraintsData): Add a constructor that 
3065         takes a const MediaConstraints&.
3066
3067         * Modules/mediastream/MediaDevices.cpp:
3068         (WebCore::MediaDevices::~MediaDevices): m_deviceChangedToken is a std::optional<>.
3069         * Modules/mediastream/MediaDevices.h:
3070
3071         * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
3072         (WebCore::MediaDevicesEnumerationRequest::topLevelDocumentOrigin): Don't return
3073         NULL for the main frame so the origin matches that returned for a UserMediaRequest.
3074
3075         * Modules/mediastream/UserMediaController.h:
3076         (WebCore::UserMediaController::setDeviceIDHashSalt): Deleted, not used.
3077         (WebCore::UserMediaController::deviceIDHashSalt): Deleted, not used.
3078
3079         * Modules/mediastream/UserMediaRequest.cpp:
3080         (WebCore::UserMediaRequest::allow): Add device ID hash salt parameter, set it on
3081         constraints.
3082         * Modules/mediastream/UserMediaRequest.h:
3083
3084         * platform/mediastream/MediaConstraints.h:
3085         * platform/mediastream/RealtimeMediaSource.cpp:
3086         (WebCore::RealtimeMediaSource::fitnessDistance): ASSERT if called for DeviceId.
3087         (WebCore::RealtimeMediaSource::selectSettings): Special case DeviceId because it
3088         we have to hash the device ID before comparing, and because the DeviceId can't be
3089         changed so it should never be added to the flattened constraints.
3090         (WebCore::RealtimeMediaSource::supportsConstraints):
3091         (WebCore::RealtimeMediaSource::applyConstraints):
3092         * platform/mediastream/RealtimeMediaSource.h:
3093
3094         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
3095         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Implement.
3096         * platform/mediastream/RealtimeMediaSourceCenter.h:
3097
3098         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.cpp:
3099         (WebCore::RealtimeMediaSourceSupportedConstraints::nameForConstraint): Deleted, unused.
3100         (WebCore::RealtimeMediaSourceSupportedConstraints::constraintFromName): Deleted, unused.
3101         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.h:
3102
3103         * platform/mediastream/mac/AVVideoCaptureSource.mm:
3104         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
3105         (WebCore::RealtimeMediaSourceCenterMac::bestSourcesForTypeAndConstraints): Pass device
3106         id, not empty string.
3107         (WebCore::RealtimeMediaSourceCenterMac::validateRequestConstraints): Deleted.
3108         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:
3109
3110         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
3111         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints): Deleted.
3112         * platform/mock/MockRealtimeMediaSourceCenter.h:
3113
3114 2017-05-13  Chris Dumez  <cdumez@apple.com>
3115
3116         Stop using RefPtr::release()
3117         https://bugs.webkit.org/show_bug.cgi?id=172074
3118
3119         Reviewed by Geoffrey Garen.
3120
3121         * css/parser/CSSPropertyParser.cpp:
3122         (WebCore::FontVariantLigaturesParser::finalizeValue):
3123         (WebCore::FontVariantNumericParser::finalizeValue):
3124         * css/parser/CSSPropertyParserHelpers.cpp:
3125         (WebCore::CSSPropertyParserHelpers::CalcParser::consumeValue):
3126         * loader/SubresourceLoader.cpp:
3127         (WebCore::SubresourceLoader::create):
3128         * loader/archive/mhtml/MHTMLArchive.cpp:
3129         (WebCore::MHTMLArchive::generateMHTMLData):
3130         * loader/archive/mhtml/MHTMLArchive.h:
3131         * loader/archive/mhtml/MHTMLParser.cpp:
3132         (WebCore::MHTMLParser::parseArchiveWithHeader):
3133         * platform/audio/ios/AudioFileReaderIOS.cpp:
3134         (WebCore::AudioFileReader::createBus):
3135         * platform/glib/SharedBufferGlib.cpp:
3136         (WebCore::SharedBuffer::createFromReadingFile):
3137         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
3138         (WebCore::CACFLayerTreeHost::create):
3139         * platform/graphics/cairo/CairoUtilities.cpp:
3140         (WebCore::copyCairoImageSurface):
3141         * platform/graphics/cairo/ImageBufferCairo.cpp:
3142         (WebCore::getImageData):
3143         * platform/graphics/gtk/IconGtk.cpp:
3144         (WebCore::Icon::createIconForFiles):
3145         * platform/graphics/win/FontCacheWin.cpp:
3146         (WebCore::FontCache::systemFallbackForCharacters):
3147         * platform/win/SharedBufferWin.cpp:
3148         (WebCore::SharedBuffer::createFromReadingFile):
3149
3150 2017-05-13  Javier Fernandez  <jfernandez@igalia.com>
3151
3152         [css-align] Implement the place-self shorthand
3153         https://bugs.webkit.org/show_bug.cgi?id=168846
3154
3155         Reviewed by Zalan Bujtas.
3156
3157         The CSS Box Alignment specification defines a new shorthand to set the
3158         Content Alignment properties (align-self and justify-self) at the
3159         same time.
3160
3161         This patch provides the implementation of the CSS parsing logic and the
3162         required regression tests.
3163
3164         Test: css3/parse-place-self.html
3165
3166         * css/CSSComputedStyleDeclaration.cpp:
3167         (WebCore::ComputedStyleExtractor::propertyValue):
3168         * css/CSSProperties.json:
3169         * css/StyleProperties.cpp:
3170         (WebCore::StyleProperties::getPropertyValue):
3171         * css/parser/CSSPropertyParser.cpp:
3172         (WebCore::CSSPropertyParser::consumePlaceSelfShorthand):
3173         (WebCore::CSSPropertyParser::parseShorthand):
3174         * css/parser/CSSPropertyParser.h:
3175
3176 2017-05-13  Commit Queue  <commit-queue@webkit.org>
3177
3178         Unreviewed, rolling out r216801.
3179         https://bugs.webkit.org/show_bug.cgi?id=172072
3180
3181         Many memory corruption crashes on worker threads (Requested by
3182         ap on #webkit).
3183
3184         Reverted changeset:
3185
3186         "WorkerRunLoop::Task::performTask() should check
3187         !scriptController->isTerminatingExecution()."
3188         https://bugs.webkit.org/show_bug.cgi?id=171775
3189         http://trac.webkit.org/changeset/216801
3190
3191 2017-05-13  Zalan Bujtas  <zalan@apple.com>
3192
3193         AccessibilityRenderObject::textUnderElement needs to assert on unclean tree.
3194         https://bugs.webkit.org/show_bug.cgi?id=172065
3195
3196         Reviewed by Simon Fraser.
3197
3198         r192103 changed the assert logic incorrectly. If the tree is dirty, regardless of the renderer's type,
3199         TextIterator will end up forcing style update/layout on the render tree.
3200         The original assert would have hit with bug 171546 prior to r216726.
3201
3202         * accessibility/AccessibilityRenderObject.cpp:
3203         (WebCore::AccessibilityRenderObject::textUnderElement):
3204
3205 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3206
3207         event.clientX/clientY should be in layout viewport coordinates
3208         https://bugs.webkit.org/show_bug.cgi?id=172018
3209
3210         Reviewed by Zalan Bujtas.
3211
3212         Fix clientX and clientY on mouse events to be relative to the layout viewport, to match
3213         getBoundingClientRect(), getClientRects() and fixed-position objects.
3214
3215         Also minor cleanup of MouseRelatedEvent to use initializers.
3216
3217         Test: fast/visual-viewport/client-coordinates-relative-to-layout-viewport.html
3218
3219         * dom/MouseRelatedEvent.cpp:
3220         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
3221         (WebCore::MouseRelatedEvent::init):
3222         (WebCore::MouseRelatedEvent::initCoordinates):
3223         (WebCore::contentsScrollOffset): Deleted.
3224         * dom/MouseRelatedEvent.h:
3225
3226 2017-05-12  Sam Weinig  <sam@webkit.org>
3227
3228         [WebIDL] Remove need for custom binding for Worker constructor
3229         https://bugs.webkit.org/show_bug.cgi?id=172050
3230
3231         Reviewed by Chris Dumez.
3232
3233         * CMakeLists.txt:
3234         * WebCore.xcodeproj/project.pbxproj:
3235         * bindings/js/JSWorkerCustom.cpp: Removed.
3236         Remove JSWorkerCustom.cpp
3237
3238         * bindings/scripts/CodeGeneratorJS.pm:
3239         (GenerateCallWith):
3240         * bindings/scripts/IDLAttributes.json:
3241         Add RuntimeFlags as a new option for the ConstructorCallWith extended attribute.
3242
3243         * workers/Worker.cpp:
3244         (WebCore::Worker::create):
3245         * workers/Worker.h:
3246         Update order of arguments to appease the generator.
3247
3248         * workers/Worker.idl:
3249         Add extended attributes for the constructor.
3250
3251 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3252
3253         The rects returned by Element/Range.getClientRects() should not be rounded
3254         https://bugs.webkit.org/show_bug.cgi?id=172057
3255
3256         Reviewed by Chris Dumez.
3257
3258         Fix createDOMRectVector() to not expand the rects to integer boundaries (which
3259         quad.enclosingBoundingBox() does), but to return rects with floating point
3260         values. This matches Chrome and Firefox, and matches getBoundingClientRect(),
3261         which does not integral snap.
3262
3263         * dom/DOMRect.cpp:
3264         (WebCore::createDOMRectVector):
3265
3266 2017-05-12  Jiewen Tan  <jiewen_tan@apple.com>
3267
3268         Elements should be inserted into a template element as its content's last child
3269         https://bugs.webkit.org/show_bug.cgi?id=171373
3270         <rdar://problem/31862949>
3271
3272         Reviewed by Ryosuke Niwa.
3273
3274         Before this change, our HTML parser obeys the following premises:
3275         1) A fostering child whose parent is a table should be inserted before its parent and under its grandparent.
3276         2) When inserting into a template element, an element should be inserted into its content.
3277
3278         Let's walk through the example:
3279         a) Before eventhandler takes place
3280         template
3281         table
3282             svg <- parser
3283         b) After eventhandler takes place
3284         template
3285             table
3286                 svg <- parser
3287         c) after parsing svg
3288         template
3289             content
3290                 svg
3291                 (table)
3292             table
3293
3294         Finally, in the example, the svg element will be inserted into the content of the template element while
3295         having its next sibling point to the table element. However, the table element is actually under the
3296         template element not its content.
3297
3298         This messy tree is constructed because the second premise is incompleted. It should be: When inserting into
3299         a template element, an element should be inserted into its content as its last child.
3300         Quoted from Step 3 of https://html.spec.whatwg.org/multipage/syntax.html#appropriate-place-for-inserting-a-node
3301         A correct tree will then looks like:
3302         template
3303             content
3304                 svg
3305             table
3306
3307         Tests: fast/dom/HTMLTemplateElement/insert-fostering-child-crash.html
3308                fast/dom/HTMLTemplateElement/insert-fostering-child.html
3309
3310         * html/parser/HTMLConstructionSite.cpp:
3311         (WebCore::insert):
3312         By nullifying task.nextChild, it will force the parser to append the element as task.parent's last child.
3313
3314 2017-05-12  Alex Christensen  <achristensen@webkit.org>
3315
3316         Rename WKContentExtension to WKContentRuleList
3317         https://bugs.webkit.org/show_bug.cgi?id=172053
3318         <rdar://problem/32141005>
3319
3320         Reviewed by Geoffrey Garen.
3321
3322         Covered by existing API tests.
3323
3324         * English.lproj/Localizable.strings:
3325
3326 2017-05-12  Timothy Horton  <timothy_horton@apple.com>
3327
3328         Don't use LinkPresentation URL shortening if it's not available
3329         https://bugs.webkit.org/show_bug.cgi?id=172064
3330         <rdar://problem/32169232>
3331
3332         Rubber-stamped by Wenson Hsieh.
3333
3334         * platform/mac/DragImageMac.mm:
3335         (WebCore::LinkImageLayout::LinkImageLayout):
3336         * platform/spi/cocoa/LinkPresentationSPI.h:
3337
3338 2017-05-11  Simon Fraser  <simon.fraser@apple.com>
3339
3340         Incorrect position when dragging jQuery Draggable elements with position fixed after pinch zoom
3341         https://bugs.webkit.org/show_bug.cgi?id=171113
3342         rdar://problem/31746516
3343
3344         Reviewed by Tim Horton.
3345
3346         Make getBoundingClientRect() and getClientRects() return rects which are relative to the layout
3347         viewport, rather than the visual viewport. This goes part of the way to fixing webkit.org/b/170981,
3348         which aims to make pinch-zoom invisible to web pages ("inert visual viewport"). It fixes issues on various
3349         sites like Facebook when zoomed.
3350
3351         Factor coordinate conversion code into functions on FrameView, which now documents
3352         the various coordinate systems in a big comment. Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale()
3353         and Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale() are renamed and factored
3354         to use these helpers.
3355
3356         There are two behavior changes here:
3357
3358         1. FrameView::documentToClientOffset() now uses the origin of the layout viewport in the "document to client"
3359            coordinate mapping.
3360            
3361         2. The two document functions would apply the scale and offset in the wrong order. We need
3362            to first undo the effects of CSS zoom, page zoom and page scale, and then map from document
3363            to client coordinates.
3364
3365         Tests: fast/visual-viewport/client-rects-relative-to-layout-viewport.html
3366                fast/zooming/client-rects-with-css-and-page-zoom.html
3367
3368         * dom/Document.cpp:
3369         (WebCore::Document::convertAbsoluteToClientQuads):
3370         (WebCore::Document::convertAbsoluteToClientRect):
3371         (WebCore::Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale): Deleted.
3372         (WebCore::Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale): Deleted.
3373         * dom/Document.h:
3374         * dom/Element.cpp:
3375         (WebCore::Element::getClientRects):
3376         (WebCore::Element::getBoundingClientRect):
3377         * dom/Range.cpp:
3378         (WebCore::Range::borderAndTextQuads):
3379         * page/FrameView.cpp:
3380         (WebCore::FrameView::absoluteToDocumentScaleFactor):
3381         (WebCore::FrameView::absoluteToDocumentRect):
3382         (WebCore::FrameView::absoluteToDocumentPoint):
3383         (WebCore::FrameView::documentToClientOffset):
3384         (WebCore::FrameView::documentToClientRect):
3385         (WebCore::FrameView::documentToClientPoint):
3386         * page/FrameView.h:
3387         * platform/ScrollableArea.h: #pragma once
3388         * platform/Scrollbar.h: #pragma once
3389         * platform/Widget.h: #pragma once
3390
3391 2017-05-12  Mark Lam  <mark.lam@apple.com>
3392
3393         WorkerRunLoop::Task::performTask() should check !scriptController->isTerminatingExecution().
3394         https://bugs.webkit.org/show_bug.cgi?id=171775
3395         <rdar://problem/30975761>
3396
3397         Reviewed by Saam Barati.
3398
3399         Currently, WorkerThread::stop() calls scheduleExecutionTermination() to terminate
3400         JS execution first, followed by posting a cleanup task to the worker, and lastly,
3401         it invokes terminate() on the WorkerRunLoop.
3402
3403         As a result, before the run loop is terminated, the worker thread may observe the
3404         TerminatedExecutionException in JS code, bail out, see another JS task to run,
3405         re-enters the VM to run said JS code, and fails with an assertion due to the
3406         TerminatedExecutionException still being pending on VM entry.
3407
3408         WorkerRunLoop::Task::performTask() already has a check to only allow a task to
3409         run if and only if !runLoop.terminated() and the task is not a clean up task.
3410         We'll fix the above race by changing WorkerRunLoop::Task::performTask() to check
3411         !context->script()->isTerminatingExecution() instead of !runLoop.terminated().
3412         Since WorkerThread::stop() always scheduleExecutionTermination() before it
3413         terminates the run loop, !context->script()->isTerminatingExecution() implies
3414         !runLoop.terminated().
3415
3416         The only time that runLoop is terminated without scheduleExecutionTermination()
3417         being called is when WorkerThread::stop() is called before the WorkerThread has
3418         finished creating its WorkerGlobalScope.  In this scenario, WorkerThread::stop()
3419         will still terminate the run loop.  Hence, after the WorkerGlobalScope is created
3420         (in WorkerThread::workerThread()), we will check if the run loop has been
3421         terminated (i.e. stop() was called).  If so, we'll scheduleExecutionTermination()
3422         there, and guarantee that if runloop.terminated() is true, then
3423         context->script()->isTerminatingExecution() is also true.
3424
3425         Solutions that were considered but did not work (recorded for future reference):
3426
3427         1. In WorkerThread::stop(), call scheduleExecutionTermination() only after it
3428            posts the cleanup task and terminate the run loop.
3429
3430            This did not work because this creates a race where the worker thread may run
3431            the cleanup task before WorkerThread::stop() finishes.  As a result, the
3432            scriptController may be deleted before we get to invoke scheduleExecutionTermination()
3433            on it, thereby resulting in a use after free.
3434
3435            To make this work, we would have to change the life cycle management strategy
3436            of the WorkerScriptController.  This is a more risky change that we would
3437            want to take on at this time, and may also not be worth the gain.
3438
3439         2. Break scheduleExecutionTermination() up into 2 parts i.e. WorkerThread::stop()
3440            will:
3441            1. set the scriptControllers m_isTerminatingExecution flag before
3442               posting the cleanup task and terminating the run loop, and
3443            2. invoke VM::notifyNeedsTermination() after posting the cleanup task and
3444               terminating the run loop.
3445
3446            This requires that we protect the liveness of the VM until we can invoke
3447            notifyNeedsTermination() on it.
3448
3449            This did not work because:
3450            1. We may end up destructing the VM in WorkerThread::stop() i.e. in the main
3451               web frame, but only the worker thread holds the JS lock for the VM.
3452
3453               We can make the WorkerThread::stop() acquire the JS lock just before it
3454               releases the protected VM's RefPtr, but that would mean the main thread
3455               may be stuck waiting a bit for the worker thread to release its JSLock.
3456               This is not desirable.
3457
3458            2. In practice, changing the liveness period of the Worker VM relative to its
3459               WorkerScriptController and WorkerGlobalScope also has unexpected
3460               ramifications.  We observed many worker tests failing with assertion
3461               failures and crashes due to this change.
3462
3463            Hence, this approach is also a more risky change than it appears on the
3464            surface, and is not worth exploring at this time.
3465
3466         In the end, changing WorkerRunLoop::Task::performTask() to check for
3467         !scriptController->isTerminatingExecution() is the most straight forward solution
3468         that is easy to prove correct.
3469
3470         Also fixed a race in WorkerThread::workerThread() where it can delete the
3471         WorkerGlobalScope while WorkerThread::stop() is in the midst of accessing it.
3472         We now guard the the nullifying of m_workerGlobalScope with the
3473         m_threadCreationAndWorkerGlobalScopeMutex as well.
3474
3475         This issue is covered by an existing test that I just unskipped in TestExpectations.
3476
3477         * bindings/js/JSDOMPromiseDeferred.cpp:
3478         (WebCore::DeferredPromise::callFunction):
3479
3480         * bindings/js/WorkerScriptController.cpp:
3481         (WebCore::WorkerScriptController::scheduleExecutionTermination):
3482         - Added a check to do nothing and return early if the scriptController is already
3483           terminating execution.
3484
3485         * workers/WorkerRunLoop.cpp:
3486         (WebCore::WorkerRunLoop::runInMode):
3487         (WebCore::WorkerRunLoop::runCleanupTasks):
3488         (WebCore::WorkerRunLoop::Task::performTask):
3489
3490         * workers/WorkerRunLoop.h:
3491         - Made Task::performTask() private and make Task befriend the WorkerRunLoop class.
3492           This ensures that only the WorkerRunLoop may call performTask().
3493           Note: this change only formalizes and hardens a relationship that was already
3494           in place before this.
3495
3496         * workers/WorkerThread.cpp:
3497         (WebCore::WorkerThread::start):
3498         (WebCore::WorkerThread::workerThread):
3499         (WebCore::WorkerThread::stop):
3500         * workers/WorkerThread.h:
3501         - Renamed m_threadCreationMutex to m_threadCreationAndWorkerGlobalScopeMutex so
3502           that it more accurately describes what it guards.
3503
3504 2017-05-12  Zalan Bujtas  <zalan@apple.com>
3505
3506         [iOS WK1] Do not try to layout a subframe if its document has not been constructed yet.
3507         https://bugs.webkit.org/show_bug.cgi?id=172042
3508         <rdar://problem/32084098>
3509
3510         Reviewed by Antti Koivisto.
3511
3512         On iOS WK1 we can end up in an inconsistent state, where 
3513         1. the web thread is inside a newly injected iframe's document's c'tor and 
3514         2. waiting on a delegate callback on the main thread
3515         while the main thread
3516         1. executes a pending didLayout() task
3517         2. triggers layout on the newly injected iframe.
3518
3519         * rendering/RenderWidget.cpp:
3520         (WebCore::RenderWidget::updateWidgetPosition):
3521
3522 2017-05-11  Jiewen Tan  <jiewen_tan@apple.com>
3523
3524         Check existence of a page before accessing its plugins
3525         https://bugs.webkit.org/show_bug.cgi?id=171712
3526         <rdar://problem/32007806>
3527
3528         Reviewed by Brent Fulgham.
3529
3530         Test: plugins/navigator-plugin-crash.html
3531
3532         * plugins/DOMPlugin.cpp:
3533         (WebCore::DOMPlugin::item):
3534         (WebCore::DOMPlugin::namedItem):
3535
3536 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3537
3538         Add some logging for layer tree commits, and resize and orientation change events
3539         https://bugs.webkit.org/show_bug.cgi?id=172041
3540
3541         Reviewed by Tim Horton.
3542
3543         Add some logging that's useful during rotation investigations.
3544
3545         * dom/Document.cpp:
3546         (WebCore::Document::orientationChanged):
3547         * page/FrameView.cpp:
3548         (WebCore::FrameView::sendResizeEventIfNeeded):
3549
3550 2017-05-12  Romain Bellessort  <romain.bellessort@crf.canon.fr>
3551
3552         [Readable Streams API] Add ReadableStreamBYOBReader closed getter
3553         https://bugs.webkit.org/show_bug.cgi?id=172024
3554
3555         Reviewed by Youenn Fablet.
3556
3557         Added tests to check closed getter behaviour.
3558
3559         * Modules/streams/ReadableStreamBYOBReader.js:
3560         (closed): Implemented.
3561
3562 2017-05-12  Andreas Kling  <akling@apple.com>
3563
3564         MediaResourceLoader shouldn't keep its HTMLMediaElement alive.
3565         https://bugs.webkit.org/show_bug.cgi?id=172032
3566         <rdar://problem/30816144>
3567
3568         Reviewed by Joseph Pecoraro.
3569
3570         Use a WeakPtr<HTMLMediaElement> in MediaResourceLoader instead, since the loader
3571         is retained by a NSURLSession object we hand over to AVFoundation.
3572
3573         This prevents AVFoundation from keeping entire documents alive outside our control.
3574
3575         * html/HTMLMediaElement.cpp:
3576         (WebCore::HTMLMediaElement::HTMLMediaElement):
3577         * html/HTMLMediaElement.h:
3578         (WebCore::HTMLMediaElement::createWeakPtr):
3579         * loader/MediaResourceLoader.cpp:
3580         (WebCore::MediaResourceLoader::MediaResourceLoader):
3581         (WebCore::MediaResourceLoader::requestResource):
3582         * loader/MediaResourceLoader.h:
3583
3584 2017-05-12  Andreas Kling  <akling@apple.com>
3585
3586         Memory pressure response should only do sync bmalloc scavenge in sync mode.
3587         https://bugs.webkit.org/show_bug.cgi?id=172035
3588
3589         Reviewed by Michael Saboff.
3590
3591         Only call WTF::releaseFastMallocFreeMemory() and his threading-related friends
3592         when releaseMemory() is invoked with Synchronous::Yes, or if it's a critical
3593         pressure response (maintaining the behavior added in r215775.)
3594
3595         * page/MemoryRelease.cpp:
3596         (WebCore::releaseMemory):
3597
3598 2017-05-12  Daniel Bates  <dabates@apple.com>
3599
3600         Cleanup: Use Ref instead of RefPtr to hold DOMWrapperWorld
3601         https://bugs.webkit.org/show_bug.cgi?id=171988
3602
3603         Reviewed by Chris Dumez.
3604
3605         * bindings/js/JSCustomElementInterface.cpp:
3606         (WebCore::JSCustomElementInterface::JSCustomElementInterface):
3607         (WebCore::JSCustomElementInterface::upgradeElement):
3608         (WebCore::JSCustomElementInterface::invokeCallback):
3609         * bindings/js/JSCustomElementInterface.h:
3610         * bindings/js/JSMutationCallback.cpp:
3611         (WebCore::JSMutationCallback::JSMutationCallback):
3612         (WebCore::JSMutationCallback::call):
3613         * bindings/js/JSMutationCallback.h:
3614         * bindings/js/ScheduledAction.cpp:
3615         (WebCore::ScheduledAction::ScheduledAction):
3616         (WebCore::ScheduledAction::execute):
3617         * bindings/js/ScheduledAction.h:
3618         (WebCore::ScheduledAction::ScheduledAction):
3619         * page/DOMWindowExtension.cpp:
3620         (WebCore::DOMWindowExtension::DOMWindowExtension):
3621         * page/DOMWindowExtension.h:
3622         (WebCore::DOMWindowExtension::world):
3623
3624 2017-05-12  Daniel Bates  <dabates@apple.com>
3625
3626         Cleanup: Make QueueTaskToEventLoopFunctionPtr take JSGlobalObject&
3627         https://bugs.webkit.org/show_bug.cgi?id=172021
3628
3629         Reviewed by Mark Lam.
3630
3631         * bindings/js/JSDOMGlobalObjectTask.cpp: Include header JSDOMGlobalObject.h.
3632         (WebCore::JSGlobalObjectTask::JSGlobalObjectTask): Change type of first argument from JSDOMGlobalObject*
3633         to JSDOMGlobalObject& and update code as necessary. Also, use C++11 brace initialization syntax
3634         for member initializer list.
3635         * bindings/js/JSDOMGlobalObjectTask.h: Remove header JSDOMGlobalObject.h and forward declare
3636         JSDOMGlobalObject and JSC::Microtask.
3637         * bindings/js/JSDOMWindowBase.cpp:
3638         (WebCore::JSDOMWindowMicrotaskCallback::create):
3639         (WebCore::JSDOMWindowMicrotaskCallback::JSDOMWindowMicrotaskCallback): Change type of first argument
3640         from JSDOMWindowBase* to JSDOMWindowBase& and update code as necessary. Also, use C++11 brace
3641         initialization syntax for member initializer list.
3642         (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
3643         * bindings/js/JSDOMWindowBase.h:
3644         * bindings/js/JSWorkerGlobalScopeBase.cpp:
3645         (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
3646         * bindings/js/JSWorkerGlobalScopeBase.h:
3647
3648 2017-05-12  Jer Noble  <jer.noble@apple.com>
3649
3650         [MediaStream] Streams while play while page is in background can get "stuck" when page is forgrounded.
3651         https://bugs.webkit.org/show_bug.cgi?id=172022
3652
3653         Reviewed by Youenn Fablet.
3654
3655         When an AVSampleBufferDisplayLayer is disconnected from the CA renderer, none of its samples will be decoded
3656         and enqueued for rendering. Once the layer is attached to a renderer again, it's stuffed full of samples which
3657         will never be decoded as their decode time has long passed.
3658
3659         Pass the visibility state of the element through to the MediaPlayer so that MediaPlayerPrivateMediaStreamAVFObjC
3660         can flush its renderers when going from not visible -> visible.
3661
3662         * html/HTMLMediaElement.cpp:
3663         (WebCore::HTMLMediaElement::visibilityStateChanged):
3664         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
3665         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
3666         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisible):
3667         * rendering/RenderVideo.cpp:
3668         (WebCore::RenderVideo::updatePlayer):
3669
3670 2017-05-12  Per Arne Vollan  <pvollan@apple.com>
3671
3672         Unreviewed Windows build fix.
3673
3674         * bindings/js/JSWebGLRenderingContextCustom.cpp:
3675
3676 2017-05-12  Antti Koivisto  <antti@apple.com>
3677
3678         Updating class name of a shadow host does not update the style applied by descendants of :host()
3679         https://bugs.webkit.org/show_bug.cgi?id=170762
3680         <rdar://problem/31572668>
3681
3682         Reviewed by Ryosuke Niwa.
3683
3684         We need to invalidate shadow tree style when host classes or attributes change if it may be
3685         affected by host rules.
3686
3687         Test: fast/shadow-dom/css-scoping-host-class-and-attribute-mutation.html
3688
3689         * css/RuleSet.cpp:
3690         (WebCore::isHostSelectorMatchingInShadowTree):
3691         (WebCore::RuleSet::addRule):
3692
3693             Check if we have :host selectors that affect shadow tree.
3694
3695         * css/RuleSet.h:
3696         (WebCore::RuleSet::hasHostPseudoClassRulesMatchingInShadowTree):
3697         * style/AttributeChangeInvalidation.cpp:
3698         (WebCore::Style::mayBeAffectedByHostRules):
3699         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
3700
3701             Invalidate the whole subtree if there is a class change that may affect shadow tree style.
3702
3703         * style/ClassChangeInvalidation.cpp:
3704         (WebCore::Style::mayBeAffectedByHostRules):
3705         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
3706         * style/IdChangeInvalidation.cpp:
3707         (WebCore::Style::mayBeAffectedByHostRules):
3708         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
3709
3710             Same for classes and ids.
3711             This should be refactored at some point to reduce copy-code.
3712
3713 2017-05-12  Carlos Garcia Campos  <cgarcia@igalia.com>
3714
3715         [GTK] ASSERTION FAILED: !m_flushingLayers
3716         https://bugs.webkit.org/show_bug.cgi?id=172025
3717
3718         Reviewed by Žan Doberšek.
3719
3720         The problem is that syncImageBacking() is calling didChangeLayerState(). All sync methods are called by
3721         flushCompositingStateForThisLayerOnly() while flushing layers, so none of them should call didChange method that
3722         will schedule a new flush while flushing.
3723
3724         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
3725         (WebCore::CoordinatedGraphicsLayer::syncImageBacking):
3726
3727 2017-05-12  Carlos Garcia Campos  <cgarcia@igalia.com>
3728
3729         [GTK] GIF images are not properly loaded the first time
3730         https://bugs.webkit.org/show_bug.cgi?id=170432
3731
3732         Reviewed by Carlos Alberto Lopez Perez.
3733
3734         When the GIF image is loaded for the first time, it's always read from the network, and the decoder is usually
3735         fetched with chunks of data. Then the data is cached in disk by the network process, so that when loaded from
3736         the cache, the whole encoded data is available to fetch the encoder. The problem is that we are failing to
3737         decode the image when giving chunks of data, that's why it only happens the first time loaded. If the first
3738         chunk of data provided is enough to get some metadata, including the size, but not frame contents, the load fails
3739         in CachedImage::addIncrementalDataBuffer() because the EncodedDataStatus reported is SizeAvailable but
3740         Image::isNull() returns true. An Image is considered to be Null when its size is empty, and the size is
3741         calculated always using the first frame in ImageFrameCache. Since we still don't have frames, the image is
3742         always Null in this case. It is not expected that EncodedDataStatus returns SizeAvailable and the image is Null,
3743         that's why it's considered an error and the load finishes with a decode error. However, the non CG ImageDecoder
3744         has a m_size member to handle this particular case, and it's when m_size is set when EncodedDataStatus changes
3745         to SizeAvailable. We should return the ImageEncoder size as the ImageSize when we have a decoder but
3746         not frames yet.
3747
3748         Test: http/tests/images/gif-progressive-load.html
3749
3750         * platform/graphics/ImageFrameCache.cpp:
3751         (WebCore::ImageFrameCache::size): Return ImageDecoder::size() without caching it, if frame list is empty.
3752
3753 2017-05-12  Per Arne Vollan  <pvollan@apple.com>
3754
3755         The iBooks application is not able to get current position.
3756         https://bugs.webkit.org/show_bug.cgi?id=171982
3757         rdar://problem/29318409
3758
3759         Reviewed by Brent Fulgham.
3760
3761         Geolocation requests from iBooks are currently blocked. Make an exemption from the policy for iBooks.
3762
3763         No new tests since we currently can't mock the iBooks application bundle ID.
3764
3765         * Modules/geolocation/Geolocation.cpp:
3766         (WebCore::isRequestFromIBooks):
3767         (WebCore::Geolocation::shouldBlockGeolocationRequests):
3768
3769 2017-05-11  Per Arne Vollan  <pvollan@apple.com>
3770
3771         Geolocation requests should not be blocked when the security origin is local.
3772         https://bugs.webkit.org/show_bug.cgi?id=171857
3773         rdar://problem/29318409
3774
3775         Reviewed by Brent Fulgham.
3776
3777         Geolocation requests from security origins where the url scheme is registered as local,
3778         should not be blocked. This applies to the file url scheme, but also to other local url
3779         schemes.
3780
3781         Test: fast/misc/geolocation-local-security-origin.html
3782
3783         * Modules/geolocation/Geolocation.cpp:
3784         (WebCore::Geolocation::shouldBlockGeolocationRequests):
3785
3786 2017-05-11  Chris Dumez  <cdumez@apple.com>
3787
3788         Drop remaining uses of PassRefPtr in WebCore
3789         https://bugs.webkit.org/show_bug.cgi?id=172013
3790
3791         Reviewed by Yusuke Suzuki.
3792
3793         * bindings/js/ScriptController.cpp:
3794         (WebCore::ScriptController::createRootObject):
3795         * bindings/js/ScriptController.h:
3796         * bindings/js/ScriptControllerMac.mm:
3797         * bridge/objc/WebScriptObject.mm:
3798         (WebCore::createJSWrapper):
3799         (-[WebScriptObject _setImp:originRootObject:rootObject:]):
3800         (-[WebScriptObject _setOriginRootObject:andRootObject:]):
3801         (-[WebScriptObject _initWithJSObject:originRootObject:rootObject:]):
3802         * bridge/objc/WebScriptObjectPrivate.h:
3803
3804 2017-05-11  Zalan Bujtas  <zalan@apple.com>
3805
3806         RenderImageResource::hasImage is redundant and RenderImageResourceStyleImage's override is incorrect.
3807         https://bugs.webkit.org/show_bug.cgi?id=172010
3808         <rdar://problem/31086735>
3809
3810         Reviewed by Simon Fraser.
3811
3812         RenderImageResourceStyleImage::hasImage() always returns true even when ::cachedImage()
3813         returns nullptr (e.g. image is pending).
3814         Remove it and use cachedImage() instead.
3815
3816         Test: fast/images/missing-content-image-crash.html
3817
3818         * html/HTMLImageElement.cpp:
3819         (WebCore::HTMLImageElement::didAttachRenderers):
3820         * rendering/RenderImage.cpp:
3821         (WebCore::RenderImage::updateIntrinsicSizeIfNeeded):
3822         (WebCore::RenderImage::isShowingMissingOrImageError):
3823         (WebCore::RenderImage::hasNonBitmapImage):
3824         (WebCore::RenderImage::paintReplaced):
3825         (WebCore::RenderImage::paintIntoRect):
3826         (WebCore::RenderImage::foregroundIsKnownToBeOpaqueInRect):
3827         * rendering/RenderImageResource.h:
3828         (WebCore::RenderImageResource::cachedImage):
3829         (WebCore::RenderImageResource::hasImage): Deleted.
3830         * rendering/RenderImageResourceStyleImage.h:
3831         * rendering/svg/RenderSVGImage.cpp:
3832         (WebCore::RenderSVGImage::paint):
3833         * svg/SVGImageElement.cpp:
3834         (WebCore::SVGImageElement::hasSingleSecurityOrigin):
3835         (WebCore::SVGImageElement::didAttachRenderers):
3836
3837 2017-05-11  Zalan Bujtas  <zalan@apple.com>
3838
3839         AX: Defer text changes until after the tree is clean if needed.
3840         https://bugs.webkit.org/show_bug.cgi?id=171546
3841         <rdar://problem/31934942>
3842
3843         Reviewed by Simon Fraser.
3844
3845         While updating an accessibility object state, we might
3846         trigger unintentional style updates. This style update could
3847         end up destroying renderes that are still referenced by functions
3848         on the callstack.
3849         To avoid that, defer such changes and let AXObjectCache operate on a clean tree.         
3850
3851         Test: accessibility/crash-when-render-tree-is-not-clean.html
3852
3853         * accessibility/AXObjectCache.cpp:
3854         (WebCore::AXObjectCache::remove):
3855         (WebCore::AXObjectCache::handleAttributeChanged):
3856         (WebCore::AXObjectCache::labelChanged):
3857         (WebCore::AXObjectCache::performDeferredCacheUpdate):
3858         (WebCore::AXObjectCache::deferRecomputeIsIgnored):
3859         (WebCore::AXObjectCache::deferTextChangedIfNeeded):
3860         (WebCore::AXObjectCache::recomputeDeferredIsIgnored): Deleted.
3861         (WebCore::AXObjectCache::deferTextChanged): Deleted.
3862         * accessibility/AXObjectCache.h: Decouple different type of changes.
3863         (WebCore::AXObjectCache::deferRecomputeIsIgnored):
3864         (WebCore::AXObjectCache::deferTextChangedIfNeeded):
3865         (WebCore::AXObjectCache::recomputeDeferredIsIgnored): Deleted.
3866         (WebCore::AXObjectCache::deferTextChanged): Deleted.
3867         * rendering/RenderBlock.cpp:
3868         (WebCore::RenderBlock::deleteLines):
3869         * rendering/RenderBlockLineLayout.cpp:
3870         (WebCore::RenderBlockFlow::createAndAppendRootInlineBox):
3871         * rendering/RenderText.cpp:
3872         (WebCore::RenderText::setText):
3873
3874 2017-05-11  Chris Dumez  <cdumez@apple.com>
3875
3876         Drop remaining uses of PassRefPtr under platform/
3877         https://bugs.webkit.org/show_bug.cgi?id=172007
3878
3879         Reviewed by Geoffrey Garen.
3880
3881         * platform/graphics/wpe/ImageWPE.cpp:
3882         (WebCore::Image::loadPlatformResource):
3883         * platform/ios/LegacyTileGrid.h:
3884         * platform/ios/LegacyTileGrid.mm:
3885         (WebCore::LegacyTileGrid::tileForIndex):
3886         (WebCore::LegacyTileGrid::tileForPoint):
3887         * platform/ios/LegacyTileGridTile.h:
3888         (WebCore::LegacyTileGridTile::create):
3889         * platform/mediastream/RTCIceCandidateDescriptor.cpp:
3890         (WebCore::RTCIceCandidateDescriptor::create):
3891         * platform/mediastream/RTCIceCandidateDescriptor.h:
3892         * platform/mediastream/RTCPeerConnectionHandlerClient.h:
3893         * platform/mediastream/RTCSessionDescriptionDescriptor.cpp:
3894         (WebCore::RTCSessionDescriptionDescriptor::create):
3895         * platform/mediastream/RTCSessionDescriptionDescriptor.h:
3896         * platform/mediastream/RTCSessionDescriptionRequest.h:
3897         (WebCore::RTCSessionDescriptionRequest::extraData):
3898         (WebCore::RTCSessionDescriptionRequest::setExtraData):
3899         * platform/mediastream/RealtimeMediaSourceCenter.h:
3900         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:
3901         * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
3902         (WebCore::RealtimeMediaSourceCenterOwr::firstSource):
3903         * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.h:
3904         * platform/mock/DeviceOrientationClientMock.cpp:
3905         (WebCore::DeviceOrientationClientMock::setOrientation):
3906         * platform/mock/DeviceOrientationClientMock.h:
3907         * platform/mock/GeolocationClientMock.cpp:
3908         (WebCore::GeolocationClientMock::setPosition):
3909         * platform/mock/GeolocationClientMock.h:
3910         * platform/mock/RTCNotifiersMock.cpp:
3911         (WebCore::SessionRequestNotifier::SessionRequestNotifier):
3912         (WebCore::SessionRequestNotifier::fire):
3913         (WebCore::VoidRequestNotifier::VoidRequestNotifier):
3914         * platform/mock/RTCNotifiersMock.h:
3915         * platform/mock/TimerEventBasedMock.h:
3916         (WebCore::TimerEventBasedMock::removeEvent):
3917         (WebCore::TimerEvent::TimerEvent):
3918         (WebCore::TimerEvent::timerFired):
3919         * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
3920         (WebCore::MockSourceBufferPrivateHasAudio):
3921         (WebCore::MockSourceBufferPrivateHasVideo):
3922         * platform/wpe/RenderThemeWPE.h:
3923
3924 2017-05-11  Carlos Alberto Lopez Perez  <clopez@igalia.com>
3925
3926         [WPE] Stop using PassRefPtr in platform/graphics/wpe
3927         https://bugs.webkit.org/show_bug.cgi?id=171977
3928
3929         Unreviewed build fix after r216702.
3930
3931         * platform/graphics/wpe/ImageWPE.cpp:
3932         (WebCore::Image::loadPlatformResource):
3933
3934 2017-05-11  Youenn Fablet  <youenn@apple.com>
3935
3936         [iOS] Unset active media capture source when stopped capturing
3937         https://bugs.webkit.org/show_bug.cgi?id=171815
3938         <rdar://problem/32117885>
3939
3940         Reviewed by Eric Carlson.
3941
3942         Test: platform/ios/mediastream/getUserMedia-single-capture.html
3943
3944         Introducing SingleSourceFactory template class to be used by capture factories for iOS.
3945         This class ensures that only one source is active at a time.
3946         Update all capture sources accordingly.
3947         Ensure sources are no longer considered as active sources when being destroyed.
3948         Add support for mock sources and introducing m_isProducingData for them as well.
3949
3950         Update WebRTC outgoing source classes to handle the case of replaced track and resetting the enabled/mute
3951         state according the new source.
3952
3953         Update the&nb