WebKit-https.git
2 years agoUse the parent box style to adjust RenderStyle for alignment.
commit-queue@webkit.org [Mon, 29 May 2017 14:09:37 +0000 (14:09 +0000)]
Use the parent box style to adjust RenderStyle for alignment.
https://bugs.webkit.org/show_bug.cgi?id=172215

Patch by Emilio Cobos Álvarez <ecobos@igalia.com> on 2017-05-29
Reviewed by Antti Koivisto.

Source/WebCore:

The css-flexbox spec defined align-self in terms of the parent
element, which is what this code did.

The css-align spec defines these properties in terms of the style of
the containing box instead, which means display: contents styles
should not be used for this adjustment, but the parent box style
instead.

For example, align-items is defined as:

> This property specifies the default align-self for all of the boxes
> (including anonymous boxes) participating in this box’s formatting
> context.

Note that the css-align spec was recently updated to align (no pun
intended) with Gecko, and make the |auto| value compute to itself.
This patch puts us in a more recent spec than before, but not totally
up-to-date.

Tests: imported/w3c/web-platform-tests/css/css-display-3/display-contents-alignment-001.html
       imported/w3c/web-platform-tests/css/css-display-3/display-contents-alignment-002.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle):
(WebCore::StyleResolver::adjustStyleForAlignment):

LayoutTests:

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, disable faster Interpreter::getOpcodeID for ARM_THUMB2 with non-Darwin...
utatane.tea@gmail.com [Mon, 29 May 2017 10:37:58 +0000 (10:37 +0000)]
Unreviewed, disable faster Interpreter::getOpcodeID for ARM_THUMB2 with non-Darwin OSes
https://bugs.webkit.org/show_bug.cgi?id=172686

Because of test failures.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed Windows test gardening, update expected results after r217418.
pvollan@apple.com [Mon, 29 May 2017 09:03:02 +0000 (09:03 +0000)]
Unreviewed Windows test gardening, update expected results after r217418.

* platform/win/fast/block/float/032-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217534 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WPE] Build fix after r217531
csaavedra@igalia.com [Mon, 29 May 2017 08:41:54 +0000 (08:41 +0000)]
[WPE] Build fix after r217531

Unreviewed.

* UIProcess/API/C/wpe/WKAPICastWPE.h:
(WebKit::toAPI): Add missing WebGrammarDetail API cast.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217533 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed Windows test gardening, update expected results after r217418.
pvollan@apple.com [Mon, 29 May 2017 07:15:56 +0000 (07:15 +0000)]
Unreviewed Windows test gardening, update expected results after r217418.

* platform/win/fast/forms/input-appearance-spinbutton-expected.txt:
* platform/win/fast/forms/input-appearance-spinbutton-up-expected.txt:
* platform/win/fast/forms/number/number-appearance-rtl-expected.txt:
* platform/win/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt:
* platform/win/fast/forms/number/number-appearance-spinbutton-layer-expected.txt:
* platform/win/fast/forms/search-vertical-alignment-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[Xcode] ALWAYS_SEARCH_USER_PATHS is set to YES
mitz@apple.com [Mon, 29 May 2017 05:30:59 +0000 (05:30 +0000)]
[Xcode] ALWAYS_SEARCH_USER_PATHS is set to YES
https://bugs.webkit.org/show_bug.cgi?id=172691

Reviewed by Tim Horton.

* Configurations/Base.xcconfig: Set ALWAYS_SEARCH_USER_PATHS to NO.
Source/JavaScriptCore:

* JavaScriptCore.xcodeproj/project.pbxproj: Added ParseInt.h to the JavaScriptCore target.

Source/WebCore:

* WebCore.xcodeproj/project.pbxproj: Added DateTimeChooser.h, DateTimeChooserClient.h,
  PerformanceMark.h, PerformanceMeasure.h, SVGUnknownElement.h, and MathMLUnknownElement.h
  to the WebCore target.

Source/WebKit2:

* UIProcess/API/C/WKAPICast.h: Moved GTK-only definitions that used WebGrammarDetail.h to
  WKAPICastGtk.h. This had the effect of no longer including APIArray.h from this header.

* UIProcess/API/C/gtk/WKAPICastGtk.h: Moved GTK-only definitions to here.
(WebKit::toAPI):
* UIProcess/WebGrammarDetail.h: Replaced include of APIArray.h with a forward declaration.

* Shared/API/c/WKRenderLayer.cpp:
* Shared/API/c/WKRenderObject.cpp:
* UIProcess/API/C/WKApplicationCacheManager.cpp:
* UIProcess/API/C/WKContext.cpp:
* UIProcess/API/C/WKContextConfigurationRef.cpp:
* UIProcess/API/C/WKCookieManager.cpp:
* UIProcess/API/C/WKKeyValueStorageManager.cpp:
* UIProcess/API/C/WKNotificationManager.cpp:
* UIProcess/API/C/WKOpenPanelResultListener.cpp:
* UIProcess/API/C/WKPageGroup.cpp:
* UIProcess/API/C/WKResourceCacheManager.cpp:
* UIProcess/API/C/WKUserContentControllerRef.cpp:
* UIProcess/API/gtk/WebKitBackForwardList.cpp:
* UIProcess/WebContextMenuListenerProxy.cpp:

  Added #include "APIArray.h" to these files now that WKAPICast.h does not include it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[JSC] Provide better type information of toLength and tighten bytecode
utatane.tea@gmail.com [Mon, 29 May 2017 05:09:16 +0000 (05:09 +0000)]
[JSC] Provide better type information of toLength and tighten bytecode
https://bugs.webkit.org/show_bug.cgi?id=172690

Reviewed by Sam Weinig.

In this patch, we carefully leverage operator + in order to

1. tighten bytecode

operator+ emits to_number bytecode. What this bytecode does is the same
to @Number() call. It is more efficient, and it is smaller bytecode
than @Number() call (load global variable @Number, set up arguments, and
call it).

2. offer better type prediction data

Now, we have code like

    length > 0 ? (length < @MAX_SAFE_INTEGER ? length : @MAX_SAFE_INTEGER) : 0

This is not good because DFG prediction propagation phase predicts as Double
since @MAX_SAFE_INTEGER is double. But actually it rarely becomes Double.
Usually, the result becomes Int32. This patch leverages to_number in a bit
interesting way: to_number has value profiling to offer better type prediction.
This value profiling can offer a chance to change the prediction to Int32 efficiently.
It is a bit tricky. But it is worth doing to speed up our builtin functions,
which should leverage all the JSC's tricky things to be optimized.

Related microbenchmarks show performance improvement.

                                          baseline                  patched

    array-prototype-forEach           50.2348+-2.2331           49.7568+-2.3507
    array-prototype-map               51.0574+-1.8166           47.9531+-2.1653          might be 1.0647x faster
    array-prototype-some              52.3926+-1.8882     ^     48.3632+-2.0852        ^ definitely 1.0833x faster
    array-prototype-every             52.7394+-2.0712           50.2896+-2.1480          might be 1.0487x faster
    array-prototype-reduce            54.9994+-2.3638           51.8716+-2.6253          might be 1.0603x faster
    array-prototype-reduceRight      209.7594+-9.2594     ^     51.5867+-2.5745        ^ definitely 4.0662x faster

* builtins/GlobalOperations.js:
(globalPrivate.toInteger):
(globalPrivate.toLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WebIDL] @@iterator should only be accessed once when disambiguating a union type
commit-queue@webkit.org [Mon, 29 May 2017 01:30:58 +0000 (01:30 +0000)]
[WebIDL] @@iterator should only be accessed once when disambiguating a union type
https://bugs.webkit.org/show_bug.cgi?id=172684

Patch by Sam Weinig <sam@webkit.org> on 2017-05-28
Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

* runtime/IteratorOperations.cpp:
(JSC::iteratorMethod):
(JSC::iteratorForIterable):
* runtime/IteratorOperations.h:
(JSC::forEachInIterable):
Add additional iterator helpers to allow union + sequence conversion code
to check for iterability by getting the iterator method, and iterate using
that method later on.

Source/WebCore:

WebIDL specifies that when determining if the value you are converting to a union
is a sequence, you must get the @@iterator property and, should it exist, use it
to iterate the sequence. While we correctly accessing the property to make the
determination, we were not passing it into the sequence conversion code, and thus
the sequence conversion code re-accessed it, which is observable and wrong.

This patch pipes the @@iterator method through the sequence conversion code to avoid
this.

Test: js/dom/sequence-in-union-iterator-access.html

* bindings/js/JSDOMConvertSequences.h:
(WebCore::Detail::GenericSequenceConverter::convert):
(WebCore::Detail::NumericSequenceConverter::convertArray):
(WebCore::Detail::NumericSequenceConverter::convert):
(WebCore::Detail::SequenceConverter::convertArray):
(WebCore::Detail::SequenceConverter::convert):
(WebCore::Detail::SequenceConverter<IDLLong>::convert):
(WebCore::Detail::SequenceConverter<IDLFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLDouble>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedDouble>::convert):
(WebCore::Converter<IDLSequence<T>>::convert):
(WebCore::Converter<IDLFrozenArray<T>>::convert):
Add variants of convert that take a JSObject* (sequence) / JSValue (iterator method)
rather than just the JSValue (sequence). To avoid too much duplication, split some
parts of SequenceConverter and NumericSequenceConverter up so they could be reused.

* bindings/js/JSDOMConvertUnion.h:
- Fix incorrect step 3 (WebIDL got updated at some point and we didn't notice) to remove
  records.
- Update sequence and FrozenArray checking/conversion to get the iterator method and pass
  it along, using the new ConditionalSequenceConverter helper which forwards to the new
  sequence converters that accept the iterator method.

LayoutTests:

* js/dom/sequence-in-union-iterator-access-expected.txt: Added.
* js/dom/sequence-in-union-iterator-access.html: Added.
Add test case showing that @@iterator is only accessed once when converting a sequence
as part of a union.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217529 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[JSC][Linux][FreeBSD] Use faster Interpreter::getOpcodeID()
utatane.tea@gmail.com [Sun, 28 May 2017 14:11:56 +0000 (14:11 +0000)]
[JSC][Linux][FreeBSD] Use faster Interpreter::getOpcodeID()
https://bugs.webkit.org/show_bug.cgi?id=172686

Reviewed by Mark Lam.

As of r217526, JSC gets faster Interpreter::getOpcodeID() by
embedding OpcodeID value just before the LLInt machine code
handler pointer. By doing so, we can retrieve OpcodeID from
the LLInt machine code handler by dereferencing the code
pointer. `*((int*)ptr - 1)`.

This patch allows Linux and FreeBSD environments to use this
optimization.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, build fix for Windows
utatane.tea@gmail.com [Sun, 28 May 2017 11:33:44 +0000 (11:33 +0000)]
Unreviewed, build fix for Windows
https://bugs.webkit.org/show_bug.cgi?id=172413

Optimized jsDynamicCast for JSMap and JSSet will be handled in [1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=172685

* runtime/JSMap.h:
(JSC::isJSMap):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.
* runtime/JSSet.h:
(JSC::isJSSet):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.
* runtime/MapConstructor.cpp:
(JSC::constructMap):
* runtime/SetConstructor.cpp:
(JSC::constructSet):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217527 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoImplement a faster Interpreter::getOpcodeID().
mark.lam@apple.com [Sun, 28 May 2017 08:12:09 +0000 (08:12 +0000)]
Implement a faster Interpreter::getOpcodeID().
https://bugs.webkit.org/show_bug.cgi?id=172669

Reviewed by Saam Barati.

Source/JavaScriptCore:

We can implement Interpreter::getOpcodeID() without a hash table lookup by always
embedding the OpcodeID in the 32-bit word just before the start of the LLInt
handler code that executes each opcode.  getOpcodeID() can therefore just read
the 32-bits before the opcode address to get its OpcodeID.

This is currently only enabled for CPU(X86), CPU(X86_64), CPU(ARM64),
CPU(ARM_THUMB2), and only for OS(DARWIN).  It'll probably just work for linux as
well, but I'll let the Linux folks turn that on after they have verified that it
works on linux too.

I'll also take this opportunity to clean up how we initialize the opcodeIDTable:
1. we only need to initialize it once per process, not once per VM / interpreter
   instance.
2. we can initialize it in the Interpreter constructor instead of requiring a
   separate call to an initialize() function.

On debug builds, the Interpreter constructor will also verify that getOpcodeID()
is working correctly for each opcode when USE(LLINT_EMBEDDED_OPCODE_ID).

* bytecode/BytecodeList.json:
* generate-bytecode-files:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::Interpreter):
(JSC::Interpreter::opcodeIDTable):
(JSC::Interpreter::initialize): Deleted.
* interpreter/Interpreter.h:
(JSC::Interpreter::getOpcode):
(JSC::Interpreter::getOpcodeID):
* llint/LowLevelInterpreter.cpp:
* runtime/VM.cpp:
(JSC::VM::VM):

Source/WTF:

Added the USE(LLINT_EMBEDDED_OPCODE_ID) configuration.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[JSC] Map and Set constructors should have fast path for cloning
utatane.tea@gmail.com [Sat, 27 May 2017 23:21:53 +0000 (23:21 +0000)]
[JSC] Map and Set constructors should have fast path for cloning
https://bugs.webkit.org/show_bug.cgi?id=172413

Reviewed by Saam Barati.

JSTests:

* stress/map-clone-instance-iterator-change.js: Added.
(shouldBe):
(map.Symbol.iterator):
* stress/map-clone-iterator-change.js: Added.
(shouldBe):
(Map.prototype.Symbol.iterator):
* stress/map-clone-next-change.js: Added.
(shouldBe):
(map.Symbol.iterator.__proto__.next):
* stress/map-clone.js: Added.
(shouldBe):
(Map.prototype):
* stress/map-inherit-set.js: Added.
(shouldBe):
(DerivedMap):
(set for):
* stress/set-clone-instance-iterator-change.js: Added.
(shouldBe):
(set Symbol.iterator):
* stress/set-clone-iterator-change.js: Added.
(shouldBe):
(set Set.prototype.Symbol.iterator):
* stress/set-clone-next-change.js: Added.
(shouldBe):
(set Symbol.iterator.__proto__.next):
* stress/set-clone.js: Added.
(shouldBe):
(set Set.prototype.add):
* stress/set-inherit-add.js: Added.
(shouldBe):
(DerivedSet.set add):

Source/JavaScriptCore:

In this patch, we add a fast path for cloning in Set and Map constructors.

In ARES-6 Air, we have code like `new Set(set)` to clone the given set.
At that time, our generic path just iterates the given set object and add
it to the newly created one. It is quite slow because we need to follow
the iterator protocol inside C++ and we need to call set.add() repeatedly
while the given set guarantees the elements are unique.

This patch implements clone() function to JSMap and JSSet. Cloning JSMap
and JSSet are done really fast without invoking any observable JS functions.
To check whether we can use this clone() function in Set and Map constructors,
we set several watchpoints.

In the case of Set,

1. Set.prototype[Symbol.iterator] is not changed.
2. SetIterator.prototype.next is not changed.
3. Set.prototype.add is not changed.
4. The given Set does not have [Symbol.iterator] function in its instance.
5. The given Set's [[Prototype]] is Set.prototype.
6. Newly created set's [[Prototype]] is Set.prototype.

If the above requirements are met, cloning the given Set is not observable to users.
Thus we can take a fast path.

Currently, we do not integrate this optimization into DFG and FTL.
And we do not optimize other iterables. For example, we can optimize Set
constructor taking Int32 Array. And we should optimize generic iterator cases too.
They are planned as part of a separate bug[1].

This change improves ARES-6 Air by 5.3% in steady state.

Baseline:
    Running... Air ( 1  to go)
    firstIteration:     76.41 +- 15.60 ms
    averageWorstCase:   40.63 +- 7.54 ms
    steadyState:        9.13 +- 0.51 ms

Patched:
    Running... Air ( 1  to go)
    firstIteration:     75.00 +- 22.54 ms
    averageWorstCase:   39.18 +- 8.45 ms
    steadyState:        8.67 +- 0.28 ms

[1]: https://bugs.webkit.org/show_bug.cgi?id=172419

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/ArrayIteratorAdaptiveWatchpoint.cpp: Removed.
* runtime/HashMapImpl.h:
(JSC::HashMapBucket::extractValue):
(JSC::HashMapImpl::finishCreation):
(JSC::HashMapImpl::add):
(JSC::HashMapImpl::setUpHeadAndTail):
(JSC::HashMapImpl::addNormalizedNonExistingForCloning):
(JSC::HashMapImpl::addNormalizedInternal):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructureSlow):
(JSC::InternalFunction::createSubclassStructure): Deleted.
* runtime/InternalFunction.h:
(JSC::InternalFunction::createSubclassStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::mapIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::setIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::mapSetWatchpoint):
(JSC::JSGlobalObject::setAddWatchpoint):
(JSC::JSGlobalObject::mapPrototype):
(JSC::JSGlobalObject::jsSetPrototype):
(JSC::JSGlobalObject::setStructure):
* runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::isMapPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isMapPrototypeSetFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeAddFastAndNonObservable):
* runtime/JSMap.cpp:
(JSC::JSMap::clone):
(JSC::JSMap::canCloneFastAndNonObservable):
* runtime/JSMap.h:
(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSMap::createStructure): Deleted.
(JSC::JSMap::create): Deleted.
(JSC::JSMap::set): Deleted.
(JSC::JSMap::JSMap): Deleted.
* runtime/JSSet.cpp:
(JSC::JSSet::clone):
(JSC::JSSet::canCloneFastAndNonObservable):
* runtime/JSSet.h:
(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSSet::createStructure): Deleted.
(JSC::JSSet::create): Deleted.
(JSC::JSSet::JSSet): Deleted.
* runtime/MapConstructor.cpp:
(JSC::constructMap):
* runtime/ObjectPropertyChangeAdaptiveWatchpoint.h: Renamed from Source/JavaScriptCore/runtime/ArrayIteratorAdaptiveWatchpoint.h.
(JSC::ObjectPropertyChangeAdaptiveWatchpoint::ObjectPropertyChangeAdaptiveWatchpoint):
* runtime/SetConstructor.cpp:
(JSC::constructSet):

Tools:

* TestWebKitAPI/Tests/WTF/MathExtras.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoimported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure...
cdumez@apple.com [Sat, 27 May 2017 20:15:02 +0000 (20:15 +0000)]
imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172472
<rdar://problem/32334831>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute-expected.txt:
Rebaseline test now that more checks are passing. We were previously wrongly resetting the input form owner
to null when removing the form from the document and the input had a form attribute set and was a descendant
of the form.

Source/WebCore:

Fix assertion hit when running imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html.

When the form was removed from the document, A descendant would try to find a new form owner in the document. If the descendant had
a form content attribute and there was another form in the document with this ID, then we would erroneously associate the descendant with
that other form, even though that descendant is being disconnected. This is because when the form with the given id is removed, we
notify the IdTargetObservers of the change. In this case, the form control is an IdTargetObserver and gets notified after
removedFrom() has been called on the form but *before* removedFrom() has been called on its descendant form control. As a result, the
form control still thinks it is in the tree (i.e. isConnected() wrongly returns true) and we make the wrong decision and try to
associate it with another form in the document.

To address the problem, we leverage the fact that when a form element is being removed, it already notifies its associated form
controls that it is being removed. When it does, we make sure to clear the control's id observer if the form is its ancestor.
The ID observer is no longer needed beyond this point since the control is now disconnected from the document, and the ID observer
callback would erroneously associate it with another form element in the document of the same ID because isConnected() still returns
true at that point.
As a result, the control's form owner is kept unchanged, which is the right thing to do here, since it is its ancestor, even
though both are detached.

Test: fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html

* dom/ContainerNode.h:
(WebCore::Node::rootNode):
Inline rootNode to avoid an extra function call in the fast path case. For the slow path, we now
call traverseToRootNode() to avoid duolicating logic.

* dom/Node.cpp:
(WebCore::Node::traverseToRootNode):
Add a traverseToRootNode() method which gets the root node by traversing the ancestors. This logic was duplicated in 3 places:
- Slow path in Node::rootNode()
- computeRootNode() in FormAssociatedElement.cpp
- findRoot() in HTMLFormElement.cpp
They are now consolidated in a single place to avoid duplication.

* dom/Node.h:
* html/FormAssociatedElement.cpp:
(WebCore::FormAssociatedElement::removedFrom):
Just simplify the logic a bit:
- Clear the id observer (i.e. m_formAttributeTargetObserver) no matter what. Since the element is no longer part of the document,
  it is no longer needed. We would previously have checks that would basically avoid resetting m_formAttributeTargetObserver to
  null if it is already null. Settign m_formAttributeTargetObserver to null is cheap so there is no reason for those checks. Those
  checks were also confusing because they made it look like we would sometimes keep on id observer after being removed from the
  document.
- Use new traverseToRootNode() utility function (no behavior change)
- Drop unnecessary |element| local variable

(WebCore::FormAssociatedElement::formOwnerRemovedFromTree):
- Rename to formOwnerRemovedFromTree() to make it clear that it is the element's form owner that is removed, and not just any form.
- As we traverse the tree up to find the root, also check if we find the form owner. If we do, clear the id observer since we are
  effectively detached from the document and return early since there is no need to reset our form owner in this case.

* html/FormAssociatedElement.h:
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::removedFrom):
- Use new traverseToRootNode() utility function (no behavior change)

LayoutTests:

* TestExpectations:
Unskip test that is no longer crashing in Debug builds.

* fast/dom/HTMLFormElement/form-removal-duplicate-id-crash-expected.txt: Added.
* fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html: Added.
Add reduced test case reproducing the crash.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[DOMJIT] Move DOMJIT patchpoint infrastructure out of domjit
utatane.tea@gmail.com [Sat, 27 May 2017 19:03:41 +0000 (19:03 +0000)]
[DOMJIT] Move DOMJIT patchpoint infrastructure out of domjit
https://bugs.webkit.org/show_bug.cgi?id=172260

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

DOMJIT::Patchpoint is now used for generalized CheckSubClass. And it becomes mature enough
to be used as a general-purpose injectable compiler over all the JIT tiers.

We extract DOMJIT::Patchpoint to jit/ and rename it JSC::Snippet.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/AccessCaseSnippetParams.cpp: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.cpp.
(JSC::SlowPathCallGeneratorWithArguments::generateImpl):
(JSC::AccessCaseSnippetParams::emitSlowPathCalls):
* bytecode/AccessCaseSnippetParams.h: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.h.
(JSC::AccessCaseSnippetParams::AccessCaseSnippetParams):
* bytecode/GetterSetterAccessCase.cpp:
(JSC::GetterSetterAccessCase::emitDOMJITGetter):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::blessCallDOMGetter):
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
* dfg/DFGSnippetParams.cpp: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.cpp.
* dfg/DFGSnippetParams.h: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.h.
(JSC::DFG::SnippetParams::SnippetParams):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::allocateTemporaryRegistersForSnippet):
(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::allocateTemporaryRegistersForPatchpoint): Deleted.
* domjit/DOMJITCallDOMGetterSnippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITCallDOMGetterPatchpoint.h.
(JSC::DOMJIT::CallDOMGetterSnippet::create):
* domjit/DOMJITGetterSetter.h:
* domjit/DOMJITSignature.h:
* domjit/DOMJITValue.h: Removed.
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
* ftl/FTLSnippetParams.cpp: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.cpp.
* ftl/FTLSnippetParams.h: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.h.
(JSC::FTL::SnippetParams::SnippetParams):
* jit/Snippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpoint.h.
(JSC::Snippet::create):
(JSC::Snippet::setGenerator):
(JSC::Snippet::generator):
* jit/SnippetParams.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpointParams.h.
(JSC::SnippetParams::~SnippetParams):
(JSC::SnippetParams::Value::Value):
(JSC::SnippetParams::Value::isGPR):
(JSC::SnippetParams::Value::isFPR):
(JSC::SnippetParams::Value::isJSValueRegs):
(JSC::SnippetParams::Value::gpr):
(JSC::SnippetParams::Value::fpr):
(JSC::SnippetParams::Value::jsValueRegs):
(JSC::SnippetParams::Value::reg):
(JSC::SnippetParams::Value::value):
(JSC::SnippetParams::SnippetParams):
* jit/SnippetReg.h: Renamed from Source/JavaScriptCore/domjit/DOMJITReg.h.
(JSC::SnippetReg::SnippetReg):
* jit/SnippetSlowPathCalls.h: Renamed from Source/JavaScriptCore/domjit/DOMJITSlowPathCalls.h.
* jsc.cpp:
(WTF::DOMJITNode::checkSubClassSnippet):
(WTF::DOMJITFunctionObject::checkSubClassSnippet):
(WTF::DOMJITNode::checkSubClassPatchpoint): Deleted.
(WTF::DOMJITFunctionObject::checkSubClassPatchpoint): Deleted.
* runtime/ClassInfo.h:

Source/WebCore:

* ForwardingHeaders/jit/Snippet.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpoint.h.
* ForwardingHeaders/jit/SnippetParams.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpointParams.h.
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestDOMJIT.h:
* domjit/DOMJITCheckDOM.h:
(WebCore::DOMJIT::checkDOM):
* domjit/DOMJITHelpers.h:
(WebCore::DOMJIT::toWrapper):
* domjit/JSDocumentDOMJIT.cpp:
(WebCore::checkSubClassSnippetForJSDocument):
(WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
(WebCore::DocumentBodyDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSDocument): Deleted.
* domjit/JSDocumentFragmentDOMJIT.cpp:
(WebCore::checkSubClassSnippetForJSDocumentFragment):
(WebCore::checkSubClassPatchpointForJSDocumentFragment): Deleted.
* domjit/JSElementDOMJIT.cpp:
(WebCore::checkSubClassSnippetForJSElement):
(WebCore::checkSubClassPatchpointForJSElement): Deleted.
* domjit/JSEventDOMJIT.cpp:
(WebCore::checkSubClassSnippetForJSEvent):
(WebCore::checkSubClassPatchpointForJSEvent): Deleted.
* domjit/JSNodeDOMJIT.cpp:
(WebCore::checkSubClassSnippetForJSNode):
(WebCore::createCallDOMGetterForOffsetAccess):
(WebCore::NodeFirstChildDOMJIT::callDOMGetter):
(WebCore::NodeLastChildDOMJIT::callDOMGetter):
(WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
(WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
(WebCore::NodeParentNodeDOMJIT::callDOMGetter):
(WebCore::NodeNodeTypeDOMJIT::callDOMGetter):
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSNode): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agogetComputedStyle returns percentage values for left / right / top / bottom
simon.fraser@apple.com [Sat, 27 May 2017 17:13:58 +0000 (17:13 +0000)]
getComputedStyle returns percentage values for left / right / top / bottom
https://bugs.webkit.org/show_bug.cgi?id=29084

Reviewed by Zalan Bujtas.
LayoutTests/imported/w3c:

New baselines (still failing).

* web-platform-tests/css-timing-1/frames-timing-functions-output-expected.txt:
* web-platform-tests/html/semantics/interactive-elements/the-dialog-element/centering-expected.txt:

Source/WebCore:

Fix getComputedStyle() to return pixel values for left / right / top / bottom, per spec.

This is mostly a merge of https://codereview.chromium.org/13871003/.

Behavior now matches Chrome and Firefox.

Test: fast/css/getComputedStyle/getComputedStyle-offsets.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::getOffsetComputedLength):
(WebCore::getOffsetUsedStyleRelative):
(WebCore::getOffsetUsedStyleAbsolute):
(WebCore::positionOffsetValue):
(WebCore::positionOffsetValueIsRendererDependent):
(WebCore::isNonReplacedInline):
(WebCore::isLayoutDependent):
(WebCore::ComputedStyleExtractor::propertyValue):

LayoutTests:

Some new baselines, a new test, and an improved test.

* animations/trigger-container-scroll-boundaries-expected.txt:
* animations/trigger-container-scroll-boundaries.html:
* animations/trigger-container-scroll-empty-expected.txt:
* animations/trigger-container-scroll-empty.html:
* animations/trigger-container-scroll-simple-expected.txt:
* animations/trigger-container-scroll-simple.html:
* fast/css/getComputedStyle/computed-style-expected.txt:
* fast/css/getComputedStyle/computed-style-negative-top-expected.txt:
* fast/css/getComputedStyle/computed-style-negative-top.html: Convert to a real JS test, add more cases.
* fast/css/getComputedStyle/getComputedStyle-offsets-expected.txt: Added.
* fast/css/getComputedStyle/getComputedStyle-offsets.html: Added.
* fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size-expected.txt:
* fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size.html:  It doesn't make any sense to test right/bottom.
* fast/css/hover-affects-child-expected.txt:
* fast/css/hover-affects-child.html:
* platform/mac-elcapitan/fast/css/getComputedStyle/computed-style-expected.txt:
* transitions/transition-to-from-auto-expected.txt:
* transitions/transition-to-from-auto.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoenclosingIntRect returns a rect with -1 width/height when the input FloatRect overflo...
zalan@apple.com [Sat, 27 May 2017 16:23:24 +0000 (16:23 +0000)]
enclosingIntRect returns a rect with -1 width/height when the input FloatRect overflows integer.
https://bugs.webkit.org/show_bug.cgi?id=172676

Reviewed by Simon Fraser.

Source/WebCore:

Clamp integer values soon after the enclosing rectangle is resolved.

* platform/graphics/FloatRect.cpp:
(WebCore::enclosingIntRect):

Tools:

* TestWebKitAPI/Tests/WebCore/FloatRect.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSimply some NSNumber usage
commit-queue@webkit.org [Sat, 27 May 2017 05:25:06 +0000 (05:25 +0000)]
Simply some NSNumber usage
https://bugs.webkit.org/show_bug.cgi?id=172677

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Sam Weinig.

Source/WebCore:

* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper _addAccessibilityObject:toTextMarkerArray:]):
(AXAttributeStringSetFont):
(AXAttributeStringSetStyle):
* accessibility/mac/AXObjectCacheMac.mm:
(WebCore::AXObjectCache::postTextStateChangePlatformNotification):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(AXAttributeStringSetStyle):
(AXAttributeStringSetSpelling):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
* platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::levelIndicatorFor):

Source/WebKit2:

* PluginProcess/mac/PluginControllerProxyMac.mm:
(WebKit::PluginControllerProxy::platformGeometryDidChange):
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::registerUserDefaultsIfNeeded):
* WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:
(-[WKAccessibilityWebPageObject accessibilityAttributeValue:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217520 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoWebRTC stats should be in milliseconds
commit-queue@webkit.org [Sat, 27 May 2017 03:27:51 +0000 (03:27 +0000)]
WebRTC stats should be in milliseconds
https://bugs.webkit.org/show_bug.cgi?id=172644

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

Source/WebCore:

Covered by updated tests.

* Modules/mediastream/RTCStatsReport.h:
* Modules/mediastream/RTCStatsReport.idl:
* Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
(WebCore::fillRTCStats):

LayoutTests:

* TestExpectations:
* webrtc/video-stats.html: Making it less flaky prone.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WebIDL] Overloaded functions should throw this object check exception before argumen...
weinig@apple.com [Sat, 27 May 2017 02:54:02 +0000 (02:54 +0000)]
[WebIDL] Overloaded functions should throw this object check exception before argument check exception
https://bugs.webkit.org/show_bug.cgi?id=172480

Reviewed by Chris Dumez.

Source/WebCore:

- Codifies naming for both parts of the operation/attribute function implementation:
  - The 'trampoline' which is the actual host function and simply calls IDLOperation,
    IDLOperationReturningPromise or IDLAttribute.
  - The 'body' which is where argument checking and calling into the implementation
    takes place.
- Made it so all operations, including static ones, use the trampoline / body model,
  simplifying code generation. The one exception is for overloaded operations, which
  now have a trampoline and body for the dispatcher, and only bodies for all the
  overloads. This is what fixes the bug, since now that the dispatcher has a trampoline,
  it can do the correct this object checking via IDLOperation / IDLOperationReturningPromise.
- Split out code generation for trampoline and body into separate subroutines and
  simplified their implementations.
- Changed GenerateOverloadDispatcher to only generate the body of the function, leaving it
  up to the caller to generate the signature, braces and conditionals if needed.
- Made more subroutines take an output array and indent, in support of future endeavors
  that will need that support.
- Remove unnecessary #includes of <runtime/Error.h>, which gets included already by virtue
  of JSDOMExceptionHandling.h

Test: js/dom/overloaded-operation-exception-order.html

* bindings/js/JSDOMOperation.h:
* bindings/js/JSDOMOperationReturningPromise.h:
Add no-op static versions of the bouncer functions.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateOverloadDispatcher):
(GenerateOperationTrampolineDefinition):
(GenerateOperationBodyDefinition):
(GenerateOperationDefinition):
(GenerateSerializerDefinition):
(GenerateLegacyCallerDefinitions):
(GenerateLegacyCallerDefinition):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
(GenerateImplementationCustomFunctionCall):
(GenerateConstructorDefinitions):
(GenerateConstructorDefinition):

* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
Update test results.

LayoutTests:

Add test case that shows that using the wrong this object on an overloaded function,
even if you are passing the wrong number of arguments, results in an invalid this
object exception.

* js/dom/overloaded-operation-exception-order-expected.txt: Added.
* js/dom/overloaded-operation-exception-order.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoREEGRESSION(r217459): testapi fails in JSExportTest's wrapperForNSObjectisObject().
keith_miller@apple.com [Sat, 27 May 2017 02:33:09 +0000 (02:33 +0000)]
REEGRESSION(r217459): testapi fails in JSExportTest's wrapperForNSObjectisObject().
https://bugs.webkit.org/show_bug.cgi?id=172654

Reviewed by Mark Lam.

The test's intent is to assert that an exception has not been
thrown (as indicated by the message string), but the test was
erroneously checking for ! the right condition. This is now fixed.

* API/tests/JSExportTests.mm:
(wrapperForNSObjectisObject):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoTestWebKitAPI: EnclosingIntRect and RoundedIntRect should use EXPECT_EQ.
zalan@apple.com [Sat, 27 May 2017 01:32:26 +0000 (01:32 +0000)]
TestWebKitAPI: EnclosingIntRect and RoundedIntRect should use EXPECT_EQ.
https://bugs.webkit.org/show_bug.cgi?id=172674

Reviewed by Simon Fraser.

* TestWebKitAPI/Tests/WebCore/FloatRect.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217516 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WK2] Address thread safety issues with ResourceLoadStatistics
bfulgham@apple.com [Sat, 27 May 2017 00:38:37 +0000 (00:38 +0000)]
[WK2] Address thread safety issues with ResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=172519
<rdar://problem/31707642>

Reviewed by Chris Dumez.

Source/WebCore:

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::setStatisticsQueue): Added.
(WebCore::ResourceLoadObserver::clearInMemoryStore): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::clearInMemoryAndPersistentStore): Ditto.
(WebCore::ResourceLoadObserver::logFrameNavigation): Ditto.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
(WebCore::ResourceLoadObserver::logWebSocketLoading): Ditto.
(WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution): Ditto.
(WebCore::ResourceLoadObserver::logUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::clearUserInteraction): Protect HashTable while reading.
(WebCore::ResourceLoadObserver::hasHadUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::setPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::isPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::clearPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::setGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::isGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::setSubframeUnderTopFrameOrigin): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::setSubresourceUnderTopFrameOrigin): Ditto.
(WebCore::ResourceLoadObserver::setSubresourceUniqueRedirectTo): Ditto.
(WebCore::ResourceLoadObserver::fireDataModificationHandler): ASSERT this is only called from the main thread, since this is
only meant to be used as part of the testing harness.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.
* loader/ResourceLoadObserver.h:
* loader/ResourceLoadStatisticsStore.cpp:
(WebCore::ResourceLoadStatisticsStore::isPrevalentResource): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::ensureResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): ASSERT this isn't being done on the main thread, and
protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemory): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsForOrigin): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::takeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::mergeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::setNotificationCallback): Use WTF::Function.
(WebCore::ResourceLoadStatisticsStore::setShouldPartitionCookiesCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setWritePersistentStoreCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): ASSERT this is not called on the main thread,
but dispatch the registered handler on the main thread.
(WebCore::ResourceLoadStatisticsStore::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadStatisticsStore::processStatistics): ASSERT this isn't being done on the main thread, and
protect the HashTable while using it. Also switch to WTF::Function.
(WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction): Make const correct.
(WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords): Ditto.
(WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore): Ditto.
(WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords): Make const correct. ASSERT this is not being called
on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved): ASSERT this is not being called on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsLock): Added.
* loader/ResourceLoadStatisticsStore.h:

Source/WebKit/mac:

Create a new WorkQueue for the ResourceLoadStatistics store to use for processing data.

* WebView/WebView.mm:
(WebKitInitializeApplicationStatisticsStoragePathIfNecessary): Pass WorkQueue to the observer.

Source/WebKit2:

Address some thread safety issues with the ResourceLoadStatistics architecture.

* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::removeDataRecords): Assert that this is never called on the main thread. Also
ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::processStatisticsAndDataRecords): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Assert we do not hit this method
on the main thread.
(WebKit::WebResourceLoadStatisticsStore::registerSharedResourceLoadObserver): Assert that this is being called on the
main thread. Also ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::grandfatherExistingWebsiteData): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Lock data before operating on it.
(WebKit::WebResourceLoadStatisticsStore::writeStoreToDisk): Assert we do not hit this method on the main thread.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.
* UIProcess/WebResourceLoadStatisticsStore.h:
* WebProcess/WebProcess.cpp: Add a queue for the local WebProcess ResourceLoadStatisticsStore to use while processing data.
(WebKit::m_statisticsQueue): Added.
* WebProcess/WebProcess.h:

Source/WTF:

Add a new specialization for HashSet.

* wtf/CrossThreadCopier.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSkip fast/events/before-unload-returnValue.html on iOS.
ryanhaddad@apple.com [Sat, 27 May 2017 00:22:49 +0000 (00:22 +0000)]
Skip fast/events/before-unload-returnValue.html on iOS.
https://bugs.webkit.org/show_bug.cgi?id=172672

Unreviewed test gardening.

* platform/ios/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoMark workers/wasm-long-compile-many.html as flaky on mac-wk1.
ryanhaddad@apple.com [Sat, 27 May 2017 00:22:46 +0000 (00:22 +0000)]
Mark workers/wasm-long-compile-many.html as flaky on mac-wk1.
https://bugs.webkit.org/show_bug.cgi?id=172331

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[Cocoa] Simplify some WebViewImpl pasteboard code
commit-queue@webkit.org [Fri, 26 May 2017 23:00:22 +0000 (23:00 +0000)]
[Cocoa] Simplify some WebViewImpl pasteboard code
https://bugs.webkit.org/show_bug.cgi?id=172668

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Tim Horton.

* Shared/mac/PasteboardTypes.mm:
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::setFileAndURLTypes):
(WebKit::WebViewImpl::setPromisedDataForAttachment):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoJSContext Inspector: Improve the reliability of automatically pausing in auto-attach
commit-queue@webkit.org [Fri, 26 May 2017 22:56:56 +0000 (22:56 +0000)]
JSContext Inspector: Improve the reliability of automatically pausing in auto-attach
https://bugs.webkit.org/show_bug.cgi?id=172664
<rdar://problem/32362933>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Matt Baker.

Source/JavaScriptCore:

Automatically pause on connection was triggering a pause before the
frontend may have initialized. Often during frontend initialization
the frontend may perform an action that clears the pause state requested
by the developer. This change defers the pause until after the frontend
has initialized, right before returning to the application's code.

* inspector/remote/RemoteControllableTarget.h:
* inspector/remote/RemoteInspectionTarget.h:
* inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:
(Inspector::RemoteConnectionToTarget::setup):
* inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:
(Inspector::RemoteConnectionToTarget::setup):
* runtime/JSGlobalObjectDebuggable.cpp:
(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::pause): Deleted.
* runtime/JSGlobalObjectDebuggable.h:
Pass an immediatelyPause boolean on to the controller. Remove
the current path that invokes a pause before initialization.

* inspector/JSGlobalObjectInspectorController.h:
* inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::connectFrontend):
(Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
Manage should immediately pause state.

(Inspector::JSGlobalObjectInspectorController::frontendInitialized):
(Inspector::JSGlobalObjectInspectorController::pause): Deleted.
When initialized, trigger a pause if requested.

Source/WebCore:

* inspector/InspectorController.h:
* page/PageDebuggable.cpp:
(WebCore::PageDebuggable::connect):
* page/PageDebuggable.h:
Pass an immediatelyPause boolean on to the controller.

* inspector/InspectorController.cpp:
(WebCore::InspectorController::connectFrontend):
(WebCore::InspectorController::disconnectFrontend):
(WebCore::InspectorController::disconnectAllFrontends):
Manage should immediately pause state.

(WebCore::InspectorController::frontendInitialized):
When initialized, trigger a pause if requested.

Source/WebKit2:

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::connect):
* UIProcess/Automation/WebAutomationSession.h:
Special connection options are ignored in automation sessions.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[CMake] Consolidate CMake code related to FreeType
commit-queue@webkit.org [Fri, 26 May 2017 21:41:19 +0000 (21:41 +0000)]
[CMake] Consolidate CMake code related to FreeType
https://bugs.webkit.org/show_bug.cgi?id=172656

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Michael Catanzaro.

No new tests. No change in behavior.

* PlatformGTK.cmake:
* PlatformWPE.cmake:
* platform/FreeType.cmake: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217508 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WebIDL] Another bindings cleanup pass, this time focusing on attributes
commit-queue@webkit.org [Fri, 26 May 2017 21:33:15 +0000 (21:33 +0000)]
[WebIDL] Another bindings cleanup pass, this time focusing on attributes
https://bugs.webkit.org/show_bug.cgi?id=172619

Patch by Sam Weinig <sam@webkit.org> on 2017-05-26
Reviewed by Chris Dumez.

- Moved attribute getter / setter generation into their own subroutines.
- As was done for operations, moved trampoline functions for attributes
  below their implementation functions to avoid unseemly forward declaration.
- Changed to place the getter and setter for an attribute next to each other,
  rather than having all the getters and then all the setters.
- Moved JSFoo::getConstructor and JSFoo::getNamedConstructor up to be with other
  member functions.
- Fix an issue where we were generating a setJSFooConstructor function and not
  installing it anywhere. Now we always generate either both the getter and setter
  or neither for the constructor property. Also moved their definition to just above
  all the attributes, rather than the odd placements of between the getters and
  setters which is where they had been.
- Made InstanceNeedsVisitChildren a complete answer, rather than relying on some
  loop of the attributes to update needsVisitChildren bit.
- Move use of passing conditionals when adding headers.

* bindings/scripts/CodeGeneratorJS.pm:
(InstanceNeedsVisitChildren):
(GenerateHeader):
(GenerateImplementation):
(GenerateAttributeGetterDefinition):
(GenerateAttributeSetterDefinition):
(NeedsConstructorProperty):

* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
Update test results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[CMake] Wrap CODE_GENERATOR_PREPROCESSOR_EXECUTABLE on Windows hosts
commit-queue@webkit.org [Fri, 26 May 2017 21:28:35 +0000 (21:28 +0000)]
[CMake] Wrap CODE_GENERATOR_PREPROCESSOR_EXECUTABLE on Windows hosts
https://bugs.webkit.org/show_bug.cgi?id=172553

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Brent Fulgham.

.:

* Source/cmake/OptionsCommon.cmake:

Source/WebCore:

No new tests. No change in behavior.

* bindings/scripts/preprocessor.pm:
(applyPreprocessor): Use shellwords() instead of splitting
preprocessor command by space. Combine it back in open3() call on
Windows to work around Cygwin-specific issue.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoWeb Inspector: Reloading the page after switching from the Resource tab switches...
drousso@apple.com [Fri, 26 May 2017 21:14:31 +0000 (21:14 +0000)]
Web Inspector: Reloading the page after switching from the Resource tab switches back
https://bugs.webkit.org/show_bug.cgi?id=172622

Reviewed by Joseph Pecoraro.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel.prototype._treeSelectionDidChange):
* UserInterface/Views/ResourceSidebarPanel.js:
(WebInspector.ResourceSidebarPanel.prototype._treeSelectionDidChange):
* UserInterface/Views/SearchSidebarPanel.js:
(WebInspector.SearchSidebarPanel.prototype._treeSelectionDidChange):
Don't show the newly selected tree element's represented object if the sidebar is not visible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoProvide bug information when https://webkit.org/b/# URLs are added in comments
drousso@apple.com [Fri, 26 May 2017 20:59:30 +0000 (20:59 +0000)]
Provide bug information when https://webkit.org/b/# URLs are added in comments
https://bugs.webkit.org/show_bug.cgi?id=169707

Reviewed by David Kilzer.

* Bugzilla/Template.pm:
(quoteUrls):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoWeb Inspector: New Tab contents have extra vertical spacing when wrapped
drousso@apple.com [Fri, 26 May 2017 20:47:02 +0000 (20:47 +0000)]
Web Inspector: New Tab contents have extra vertical spacing when wrapped
https://bugs.webkit.org/show_bug.cgi?id=172530

Reviewed by Joseph Pecoraro.

* UserInterface/Views/NewTabContentView.css:
(.new-tab.tab.content-view):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, fix the build using the latest SDK
wenson_hsieh@apple.com [Fri, 26 May 2017 20:22:29 +0000 (20:22 +0000)]
Unreviewed, fix the build using the latest SDK

Add deprecation guards around newly introduced (and deprecated) SPI.

* platform/ios/WebItemProviderPasteboard.mm:
(-[WebItemProviderPasteboard setItemsUsingRegistrationInfoLists:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217501 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoTemporarily commenting out a JSExportTest test until webkit.org/b/172654 is fixed.
mark.lam@apple.com [Fri, 26 May 2017 19:45:48 +0000 (19:45 +0000)]
Temporarily commenting out a JSExportTest test until webkit.org/b/172654 is fixed.
https://bugs.webkit.org/show_bug.cgi?id=172655

Reviewed by Saam Barati.

* API/tests/JSExportTests.mm:
(wrapperForNSObjectisObject):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, rolling out r217458.
ryanhaddad@apple.com [Fri, 26 May 2017 19:27:41 +0000 (19:27 +0000)]
Unreviewed, rolling out r217458.

This change caused 55 JSC test failures.

Reverted changeset:

"Date should use historical data if it's available."
https://bugs.webkit.org/show_bug.cgi?id=172592
http://trac.webkit.org/changeset/217458

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoREGRESSION(216914): testCFStrings encounters an invalid ExecState callee pointer.
mark.lam@apple.com [Fri, 26 May 2017 18:45:43 +0000 (18:45 +0000)]
REGRESSION(216914): testCFStrings encounters an invalid ExecState callee pointer.
https://bugs.webkit.org/show_bug.cgi?id=172651

Reviewed by Saam Barati.

This is because the assertion utility functions used in testCFStrings() expects
to get the JSGlobalContextRef from the global context variable.  However,
testCFStrings() creates its own JSGlobalContextRef but does not set the global
context variable to it.

The fix is to make testCFStrings() initialize the global context variable properly.

* API/tests/testapi.c:
(testCFStrings):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoAdd test resources back into TestWebKitAPI Copy Resources phase
wenson_hsieh@apple.com [Fri, 26 May 2017 18:20:27 +0000 (18:20 +0000)]
Add test resources back into TestWebKitAPI Copy Resources phase

Rubber-stamped by Beth Dakin.

Add two files back into the Copy Resources phase after they were unintentionally
removed in r217447 and r217496.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoMedia documents inside iframes should not get controls in the TouchBar unless the
bdakin@apple.com [Fri, 26 May 2017 17:18:50 +0000 (17:18 +0000)]
Media documents inside iframes should not get controls in the TouchBar unless the
video is playing
https://bugs.webkit.org/show_bug.cgi?id=172620
-and corresponding-
rdar://problem/32165477

Reviewed by Jon Lee.

Source/WebCore:

Media documents get to return early with true, but that should only apply to
mainframe media documents.
* html/MediaElementSession.cpp:
(WebCore::MediaElementSession::canShowControlsManager):

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKit2Cocoa/offscreen-iframe-of-media-document.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoGive ModuleProgram the same treatment that we did for ProgramCode in bug#167725
utatane.tea@gmail.com [Fri, 26 May 2017 17:12:25 +0000 (17:12 +0000)]
Give ModuleProgram the same treatment that we did for ProgramCode in bug#167725
https://bugs.webkit.org/show_bug.cgi?id=167805

Reviewed by Saam Barati.

JSTests:

* modules/module-jit-reachability.js: Added.

Source/JavaScriptCore:

Since ModuleProgramExecutable is executed only once, we can skip compiling
code unreachable from the current program count. This can skip massive
initialization code.

We already do this for global code in bug#167725. This patch extends it to
module code.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeModuleProgram):
* interpreter/Interpreter.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::evaluate):
* runtime/JSModuleRecord.h:
(JSC::JSModuleRecord::moduleProgramExecutable): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoMinor clean-up related to DocumentThreadableLoader redirections
commit-queue@webkit.org [Fri, 26 May 2017 17:08:30 +0000 (17:08 +0000)]
Minor clean-up related to DocumentThreadableLoader redirections
https://bugs.webkit.org/show_bug.cgi?id=172647

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Chris Dumez.

No change of behavior.

Decrementing m_options redirect count directly instead of using an
additional counter.

To compare whether two URLs are same-origin, use scheme+host+port check
as per the spec.
This is fine as only the initial origin may have specific rules and we
are using the scheme+host+port checks when already being gone to
another origin.

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
* loader/DocumentThreadableLoader.h:
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217494 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoRebaseline js/dom/global-constructors-attributes.html.
ryanhaddad@apple.com [Fri, 26 May 2017 16:13:19 +0000 (16:13 +0000)]
Rebaseline js/dom/global-constructors-attributes.html.

Unreviewed test gardening.

* platform/mac-elcapitan/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSkip two LayoutTests that are failing due missing results.
ryanhaddad@apple.com [Fri, 26 May 2017 16:03:56 +0000 (16:03 +0000)]
Skip two LayoutTests that are failing due missing results.

Unreviewed test gardening.

* TestExpectations:
* platform/ios/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoFix memory leaks in MediaSampleAVFObjC::create
commit-queue@webkit.org [Fri, 26 May 2017 14:36:40 +0000 (14:36 +0000)]
Fix memory leaks in MediaSampleAVFObjC::create
https://bugs.webkit.org/show_bug.cgi?id=172600

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

No change of behavior.

* platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
(WebCore::MediaSampleAVFObjC::createImageSample):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217489 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, rolling out r217479.
commit-queue@webkit.org [Fri, 26 May 2017 13:28:51 +0000 (13:28 +0000)]
Unreviewed, rolling out r217479.
https://bugs.webkit.org/show_bug.cgi?id=172642

Exposes an underlying bug in WPEBackend-mesa that we have to
resolve separately (Requested by zdobersek on #webkit).

Reverted changeset:

"[WPE] Use AcceleratedDrawingArea instead of its fork"
https://bugs.webkit.org/show_bug.cgi?id=172496
http://trac.webkit.org/changeset/217479

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WPE] Mark animations/animation-delay-changed.htm as flaky
csaavedra@igalia.com [Fri, 26 May 2017 12:02:50 +0000 (12:02 +0000)]
[WPE] Mark animations/animation-delay-changed.htm as flaky

Unreviewed gardening. It's flaky on all platforms so why bother.

* platform/wpe/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[css-grid] Add support for orthogonal positioned grid items
rego@igalia.com [Fri, 26 May 2017 10:18:14 +0000 (10:18 +0000)]
[css-grid] Add support for orthogonal positioned grid items
https://bugs.webkit.org/show_bug.cgi?id=172591

Reviewed by Sergio Villar Senin.

LayoutTests/imported/w3c:

Imported new tests for this feature from WPT repository.

* resources/import-expectations.json:
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017-expected.html: Added.
* web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017.html: Added.
* web-platform-tests/css/css-grid-1/abspos/w3c-import.log:

Source/WebCore:

This patch adds support for positioned grid items with orthogonal flows.
Basically it just needs to check if the item is orthogonal to use
the column or row offset as logical left or top depending on the case.

Tests: imported/w3c/web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-***.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::layoutPositionedObject):

LayoutTests:

Two of the new imported tests are failing due to an issue with margins
and orthogonal items, which is unrelated to this patch (see bug #172590).

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217486 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[CMake] Pass -fdiagnostics-color=always to GCC when building with Ninja
aperez@igalia.com [Fri, 26 May 2017 10:16:06 +0000 (10:16 +0000)]
[CMake] Pass -fdiagnostics-color=always to GCC when building with Ninja
https://bugs.webkit.org/show_bug.cgi?id=172638

Reviewed by Yusuke Suzuki.

The oldest version of GCC supported for building WebKit is 4.9, which already accepts
-fdiagnostics-color=, therefore it is not needed to check the compiler version.

* Source/cmake/OptionsCommon.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed Mac cmake buildfix after r217137, just for fun.
ossy@webkit.org [Fri, 26 May 2017 09:50:21 +0000 (09:50 +0000)]
Unreviewed Mac cmake buildfix after r217137, just for fun.
https://bugs.webkit.org/show_bug.cgi?id=172362

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217484 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[GTK] Web Inspector: Add new GTK+ icons for Web Sockets
commit-queue@webkit.org [Fri, 26 May 2017 08:17:51 +0000 (08:17 +0000)]
[GTK] Web Inspector: Add new GTK+ icons for Web Sockets
https://bugs.webkit.org/show_bug.cgi?id=172296

Patch by Fujii Hironori <Hironori.Fujii@sony.com> on 2017-05-26
Reviewed by Carlos Garcia Campos.

Add more free icons for the Web Inspector of GTK+ port.

* UserInterface/Images/gtk/WebSocket.png: Added.
* UserInterface/Images/gtk/WebSocket@2x.png: Added.
* UserInterface/Images/gtk/WebSocketLarge.png: Added.
* UserInterface/Images/gtk/WebSocketLarge@2x.png: Added.
* UserInterface/Views/ResourceIcons.css:
(.resource-icon.resource-type-websocket .icon):
(.large .resource-icon.resource-type-websocket .icon):
(body:matches(.mac-platform, .windows-platform) .resource-icon.resource-type-websocket .icon): Deleted.
(body:matches(.mac-platform, .windows-platform) .large .resource-icon.resource-type-websocket .icon): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217482 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoShow patches applied in each A/B testing build requests
rniwa@webkit.org [Fri, 26 May 2017 08:16:00 +0000 (08:16 +0000)]
Show patches applied in each A/B testing build requests
https://bugs.webkit.org/show_bug.cgi?id=172636

Reviewed by Antti Koivisto.

List patches applied along side revisions inn the list of revisions for an A/B tesing build requests if there
are any patches applied.

* public/v3/components/test-group-revision-table.js:
(TestGroupRevisionTable.prototype._renderTable): Indicate which request is to build a patch and which one is
to run tests.
(TestGroupRevisionTable.prototype._buildCommitCell): Include the patch file's information when there is one.
We need to use the requested commit set instead of the one reported by testers or builders since they don't
include patch or root information.
(TestGroupRevisionTable.prototype._buildCustomRootsCell):
(TestGroupRevisionTable.prototype._buildFileInfo): Extracted from _buildCustomRootsCell.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoThe queue page is broke when there is a custom analysis task
rniwa@webkit.org [Fri, 26 May 2017 08:15:35 +0000 (08:15 +0000)]
The queue page is broke when there is a custom analysis task
https://bugs.webkit.org/show_bug.cgi?id=172631

Reviewed by Antti Koivisto.

Fix the bug that we were always assuming each build request to have a test associated.

* public/v3/models/test-group.js:
(TestGroup.createAndRefetchTestGroups): Fixed the bug that we were referring to a non-existent variable task.
* public/v3/pages/build-request-queue-page.js:
(BuildRequestQueuePage.prototype._constructBuildRequestTable): Fixed the bug. Collect every request in the group
and then find the first test request's test name. Make it clear that we're waiting for a build as needed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217480 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WPE] Use AcceleratedDrawingArea instead of its fork
carlosgc@webkit.org [Fri, 26 May 2017 08:07:32 +0000 (08:07 +0000)]
[WPE] Use AcceleratedDrawingArea instead of its fork
https://bugs.webkit.org/show_bug.cgi?id=172496

Reviewed by Žan Doberšek.

WPE uses its own drawing area implementation, which is actually a fork of AcceleratedDrawingArea, but simplified
for the case of compositing being always forced. AcceleratedDrawingArea already handles the case of compositing
being forced, so now that WPE is upstream we could simply use AcceleratedDrawingArea instead.

* PlatformWPE.cmake:
* Shared/DrawingAreaInfo.h: Remove DrawingAreaTypeWPE type.
* UIProcess/API/wpe/DrawingAreaProxyWPE.cpp: Removed.
* UIProcess/API/wpe/DrawingAreaProxyWPE.h: Removed.
* UIProcess/API/wpe/PageClientImpl.cpp:
(WebKit::PageClientImpl::createDrawingAreaProxy): Create an AcceleratedDrawingAreaProxy.
* WebProcess/WebPage/AcceleratedDrawingArea.cpp:
(WebKit::AcceleratedDrawingArea::mainFrameContentSizeChanged): Moved from DrawingAreaImpl since it actually
belongs here.
* WebProcess/WebPage/DrawingArea.cpp:
(WebKit::DrawingArea::create): Create an AcceleratedDrawingArea for WPE port.
* WebProcess/WebPage/DrawingAreaImpl.cpp: Remove mainFrameContentSizeChanged() that doesn't belong here.
* WebProcess/WebPage/DrawingAreaImpl.h:
* WebProcess/WebPage/wpe/DrawingAreaWPE.cpp: Removed.
* WebProcess/WebPage/wpe/DrawingAreaWPE.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217479 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoPrevent async methods named 'function'
gskachkov@gmail.com [Fri, 26 May 2017 07:00:43 +0000 (07:00 +0000)]
Prevent async methods named 'function'
https://bugs.webkit.org/show_bug.cgi?id=172598

Reviewed by Mark Lam.

JSTests:

* stress/async-await-syntax.js:
(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntax):
(testTopLevelAsyncAwaitSyntaxSloppyMode):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode.testSyntax):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode):
(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntaxError):

Source/JavaScriptCore:

Prevent async method named 'function' in class.
Link to change in ecma262 specification
https://github.com/tc39/ecma262/pull/884

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseClass):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoDon't reset m_hasDisplayContents on ElementRareData::resetComputedStyle.
commit-queue@webkit.org [Fri, 26 May 2017 06:46:27 +0000 (06:46 +0000)]
Don't reset m_hasDisplayContents on ElementRareData::resetComputedStyle.
https://bugs.webkit.org/show_bug.cgi?id=172503

Patch by Emilio Cobos Álvarez <ecobos@igalia.com> on 2017-05-25
Reviewed by Antti Koivisto.

Source/WebCore:

We use that bit of information to determine whether we need to tear
down the renderers of a display: contents subtree, so better for it to
not change until the render tree is updated.

In practice, we may want to remove that bit and use ElementRareData's
RenderStyle instead (keeping it around as appropriate), to ensure they
don't go out of sync, but that's out of scope of this patch for now.

Tests: imported/w3c/web-platform-tests/css/css-display-3

* dom/ElementRareData.h:
(WebCore::ElementRareData::resetComputedStyle):

LayoutTests:

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoFix MediaDeviceInfo's extended attributes so they make sense
commit-queue@webkit.org [Fri, 26 May 2017 05:39:12 +0000 (05:39 +0000)]
Fix MediaDeviceInfo's extended attributes so they make sense
https://bugs.webkit.org/show_bug.cgi?id=172629

Patch by Sam Weinig <sam@webkit.org> on 2017-05-25
Reviewed by Daniel Bates.

Source/WebCore:

MediaDeviceInfo.idl had both a Constructor and NoInterfaceObject, which
doesn't really make sense. Either way, the spec says it should have
neither, so remove both. And, while were there, add missing serializer.

Test: fast/mediastream/media-device-info.html

* Modules/mediastream/MediaDeviceInfo.idl:

LayoutTests:

* fast/mediastream/media-device-info-expected.txt: Added.
* fast/mediastream/media-device-info.html: Added.
Test that MediaDeviceInfo has the expected properties and that
the serializer works.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217476 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[iOS] Disbale async image decoding when synchronously painting a newly parented WebView
commit-queue@webkit.org [Fri, 26 May 2017 04:41:22 +0000 (04:41 +0000)]
[iOS] Disbale async image decoding when synchronously painting a newly parented WebView
https://bugs.webkit.org/show_bug.cgi?id=172626

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

Large images have to be synchronously decoded when bringing a WebView to
the foreground because the whole page will be painted when we unblock the
UI process.

* Shared/mac/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::drawInContext): Get nextFlushIsForImmediatePaint
from RemoteLayerTreeContext and pass the correct GraphicsLayerPaintFlags
to drawLayerContents().
* WebProcess/WebPage/mac/RemoteLayerTreeContext.h:
(WebKit::RemoteLayerTreeContext::setNextFlushIsForImmediatePaint):
(WebKit::RemoteLayerTreeContext::nextFlushIsForImmediatePaint):
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::flushLayers): Pass
m_nextFlushIsForImmediatePaint to RemoteLayerTreeContext and then reset it.
(WebKit::RemoteLayerTreeDrawingArea::activityStateDidChange):
Set m_nextFlushIsForImmediatePaint to true to say that in the next flush,
large images have to be synchronously decoded.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago_WKUserStyleSheet and WKUserScript leak string data
commit-queue@webkit.org [Fri, 26 May 2017 04:24:10 +0000 (04:24 +0000)]
_WKUserStyleSheet and WKUserScript leak string data
https://bugs.webkit.org/show_bug.cgi?id=172583
<rdar://problem/32395209>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-25
Reviewed by Sam Weinig.

Source/WebKit2:

* UIProcess/API/Cocoa/WKUserScript.mm:
(-[WKUserScript dealloc]):
* UIProcess/API/Cocoa/_WKUserStyleSheet.mm:
(-[_WKUserStyleSheet dealloc]):
Follow the pattern of destructing the internal API object.

* UIProcess/API/Cocoa/WKUserScriptInternal.h:
* UIProcess/API/Cocoa/_WKUserStyleSheetInternal.h:
Remove unnecessary includes.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
We should not have been adopting an autoreleased object.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217474 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoimported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure...
cdumez@apple.com [Fri, 26 May 2017 04:19:14 +0000 (04:19 +0000)]
imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_owner_and_table_2.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172628
<rdar://problem/32418707>

Reviewed by Sam Weinig.

Source/WebCore:

In the event where a form is removed synchronously by a script during parsing,
FormAssociatedElement::m_formSetByParser may end up referring to a form that
is no longer in the document. As a result, we should make sure m_formSetByParser
is still connected in FormAssociatedElement::insertedInto() before we call
FormAssociatedElement::setForm(m_formSetByParser).

Test: fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html

* html/FormAssociatedElement.cpp:
(WebCore::FormAssociatedElement::insertedInto):

LayoutTests:

Add reduced test case.

* TestExpectations:
Unskip test that is no longer crashing in debug builds.

* fast/dom/HTMLFormElement/form-removed-during-parsing-crash-expected.txt: Added.
* fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoFrame's composited content is visible when the frame has visibility: hidden.
zalan@apple.com [Fri, 26 May 2017 03:53:24 +0000 (03:53 +0000)]
Frame's composited content is visible when the frame has visibility: hidden.
https://bugs.webkit.org/show_bug.cgi?id=125565
<rdar://problem/32196849>

Reviewed by Simon Fraser.

Source/WebCore:

Do not construct composited layers for hidden RenderWidgets (frameset, iframe, object).
Note that we still construct layers for the associated renderers as usual.

Tests: compositing/visibility/frameset-visibility-hidden.html
       compositing/visibility/iframe-visibility-hidden.html
       compositing/visibility/object-visibility-hidden.html

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::requiresCompositingForPlugin):
(WebCore::RenderLayerCompositor::requiresCompositingForFrame):

LayoutTests:

* compositing/resources/visibility.html: Added.
* compositing/visibility/frameset-visibility-hidden-expected.html: Added.
* compositing/visibility/frameset-visibility-hidden.html: Added.
* compositing/visibility/iframe-visibility-hidden-expected.html: Added.
* compositing/visibility/iframe-visibility-hidden.html: Added.
* compositing/visibility/object-visibility-hidden-expected.html: Added.
* compositing/visibility/object-visibility-hidden.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217472 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoGracefully handle missing localStorage support in results.html
bfulgham@apple.com [Fri, 26 May 2017 02:56:11 +0000 (02:56 +0000)]
Gracefully handle missing localStorage support in results.html
https://bugs.webkit.org/show_bug.cgi?id=172625
<rdar://problem/32118243>

Reviewed by Alexey Proskuryakov.

Handle the case where localStorage generates a SecurityError DOMException, treating this
as a non-fatal error.

* fast/harness/results.html:
(OptionWriter.save): Treat "SecurityError" as an expected condition.
(OptionWriter.apply): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, build fix in GTK and WPE ports
utatane.tea@gmail.com [Fri, 26 May 2017 02:40:58 +0000 (02:40 +0000)]
Unreviewed, build fix in GTK and WPE ports
https://bugs.webkit.org/show_bug.cgi?id=172580

Missing RenderSVGResourceMode declaration in SVGInlineTextBox.h.

* rendering/svg/SVGInlineTextBox.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217468 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, build fix for GCC
utatane.tea@gmail.com [Fri, 26 May 2017 02:14:06 +0000 (02:14 +0000)]
Unreviewed, build fix for GCC

std::tuple does not have implicit constructor.
Thus, we cannot use implicit construction with initializer brace.
We should specify the name like `GetInst { }`.

* bytecompiler/BytecodeGenerator.h:
(JSC::StructureForInContext::addGetInst):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217467 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoMerge split script tests, part 2
ap@apple.com [Fri, 26 May 2017 02:10:33 +0000 (02:10 +0000)]
Merge split script tests, part 2
https://bugs.webkit.org/show_bug.cgi?id=172423

Reviewed by Tim Horton.

Fix the few remaining special cases of split tests.

* editing/pasteboard/drop-text-events-sideeffect-crash.html:
* editing/pasteboard/script-tests/drop-text-events-sideeffect.js: Removed.
This JS file used to be shared between this test and editing/pasteboard/drop-text-events-sideeffect.html.
Now it's inlined in both.

* fast/canvas/canvas-ellipse-connecting-line-expected.html:
* fast/canvas/script-tests/js-ellipse-implementation.js: Removed.
This was really a resource, not a scrip test, and it was only only used in one test.

* fast/dom/HTMLElement/class-list-quirks.html:
* fast/dom/HTMLElement/script-tests/class-list.js: Removed.
Another JS that used to be shared (with fast/dom/HTMLElement/class-list.html).

* fast/dom/Window/resources/postmessage-test.js: Copied from LayoutTests/fast/dom/Window/script-tests/postmessage-test.js.
* fast/dom/Window/script-tests/postmessage-test.js: Removed.
Moved a shared resource to its proper location.

* fast/dom/Window/script-tests/postmessage-clone-deep-array.js: Removed.
* fast/dom/Window/script-tests/postmessage-clone-really-deep-array.js: Removed.
* fast/dom/Window/script-tests/postmessage-clone.js: Removed.
* fast/dom/Window/window-postmessage-clone-deep-array.html:
* fast/dom/Window/window-postmessage-clone-really-deep-array.html:
* fast/dom/Window/window-postmessage-clone.html:
Straightforward js-tests with file names that didn't match.

* fast/table/resources/min-width-helpers.js: Copied from LayoutTests/fast/table/script-tests/min-width-helpers.js.
* fast/table/script-tests/min-width-helpers.js: Removed.
Moved a shared resource to its proper location.

* fast/table/min-width-css-block-table.html:
* fast/table/min-width-css-inline-table.html:
* fast/table/min-width-html-block-table.html:
* fast/table/min-width-html-inline-table.html:
* fast/table/script-tests/min-width-css-block-table.js: Removed.
* fast/table/script-tests/min-width-css-inline-table.js: Removed.
* fast/table/script-tests/min-width-html-block-table.js: Removed.
* fast/table/script-tests/min-width-html-inline-table.js: Removed.
Straightforward JS tests, weren't moved previously because my script was confused by min-width-helpers.js.

* printing/break-after-avoid-expected.txt:
* printing/break-after-avoid-page-expected.txt:
* printing/break-after-avoid-page.html:
* printing/break-after-avoid.html:
* printing/script-tests/break-after-avoid-page.js: Removed.
* printing/script-tests/break-after-avoid.js: Removed.
* printing/script-tests/page-break-after-avoid.js: Removed.
* printing/script-tests/page-break-always-for-overflow.js: Removed.
These had a number of copy/paste mistakes, so the tests werent's actually testing what they said they did.

* svg/dom/SVGAnimatedEnumeration-SVGMaskElement-expected.txt:
* svg/dom/SVGAnimatedEnumeration-SVGMaskElement.html:
* svg/dom/SVGAnimatedEnumeration-SVGPatternElement-expected.txt:
* svg/dom/SVGAnimatedEnumeration-SVGPatternElement.html:
* svg/dom/script-tests/SVGAnimatedEnumeration-SVGMaskElement.js: Removed.
* svg/dom/script-tests/SVGAnimatedEnumeration-SVGPatternElement.js: Removed.
These tests were mixed up - pattern was being tested instead of mask, and vice versa.

* svg/dom/script-tests/SVGColor.js: Removed.
* svg/dom/script-tests/SVGPaint.js: Removed.
Removed unused files.

* svg/dynamic-updates/SVGFEFloodElement-inherit-flood-color.html:
* svg/dynamic-updates/SVGFEGaussianBlurElement-dom-stdDeviation-call.html:
* svg/dynamic-updates/SVGFESpecularLightingElement-dom-suraceScale-attr.html:
* svg/dynamic-updates/SVGFESpecularLightingElement-svgdom-suraceScale-prop.html:
* svg/dynamic-updates/script-tests/SVGFEFloodElement-inherit-flood-color-css-prop.js: Removed.
* svg/dynamic-updates/script-tests/SVGFEGaussianBlurElement-svgdom-stdDeviation-call.js: Removed.
* svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-dom-surfaceScale-attr.js: Removed.
* svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-svgdom-surfaceScale-prop.js: Removed.
Straightforward js-tests with mismatching names.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217466 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUse a typedef for SVG resource mode flags union
simon.fraser@apple.com [Fri, 26 May 2017 01:31:05 +0000 (01:31 +0000)]
Use a typedef for SVG resource mode flags union
https://bugs.webkit.org/show_bug.cgi?id=172580

Reviewed by Sam Weinig.

Use an OptionSet<> for RenderSVGResourceModes flags, and use it in render
SVG resource classes.

* rendering/svg/RenderSVGResource.cpp:
(WebCore::requestPaintingResource):
(WebCore::RenderSVGResource::fillPaintingResource):
(WebCore::RenderSVGResource::strokePaintingResource):
* rendering/svg/RenderSVGResource.h:
(WebCore::RenderSVGResource::postApplyResource):
* rendering/svg/RenderSVGResourceClipper.cpp:
(WebCore::RenderSVGResourceClipper::applyResource):
* rendering/svg/RenderSVGResourceClipper.h:
* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::applyResource):
(WebCore::RenderSVGResourceFilter::postApplyResource):
* rendering/svg/RenderSVGResourceFilter.h:
* rendering/svg/RenderSVGResourceGradient.cpp:
(WebCore::RenderSVGResourceGradient::applyResource):
* rendering/svg/RenderSVGResourceGradient.h:
* rendering/svg/RenderSVGResourceMarker.h:
* rendering/svg/RenderSVGResourceMasker.cpp:
(WebCore::RenderSVGResourceMasker::applyResource):
* rendering/svg/RenderSVGResourceMasker.h:
* rendering/svg/RenderSVGResourcePattern.cpp:
(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):
(WebCore::RenderSVGResourcePattern::postApplyResource):
* rendering/svg/RenderSVGResourcePattern.h:
* rendering/svg/RenderSVGResourceSolidColor.cpp:
(WebCore::RenderSVGResourceSolidColor::applyResource):
(WebCore::RenderSVGResourceSolidColor::postApplyResource):
* rendering/svg/RenderSVGResourceSolidColor.h:
* rendering/svg/RenderSVGShape.cpp:
(WebCore::RenderSVGShape::fillShape):
(WebCore::RenderSVGShape::strokeShape):
* rendering/svg/SVGInlineTextBox.cpp:
(WebCore::SVGInlineTextBox::SVGInlineTextBox):
(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paint):
(WebCore::SVGInlineTextBox::acquirePaintingResource):
(WebCore::SVGInlineTextBox::releasePaintingResource):
(WebCore::SVGInlineTextBox::paintDecoration):
(WebCore::SVGInlineTextBox::paintDecorationWithStyle):
* rendering/svg/SVGInlineTextBox.h:
* rendering/svg/SVGRenderingContext.cpp:
(WebCore::SVGRenderingContext::~SVGRenderingContext):
(WebCore::SVGRenderingContext::prepareToRenderSVGContent):
(WebCore::SVGRenderingContext::renderSubtreeToImageBuffer): Avoid needless IntPoint -> LayoutPoint
conversion.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WK1] iframes in layer-backed NSViews are not cleared between successive draws
mmaxfield@apple.com [Fri, 26 May 2017 00:42:58 +0000 (00:42 +0000)]
[WK1] iframes in layer-backed NSViews are not cleared between successive draws
https://bugs.webkit.org/show_bug.cgi?id=172554
<rdar://problem/31247133>

Reviewed by Simon Fraser.

Source/WebKit/mac:

Update an overridden internal AppKit function to the new signature.

* WebView/WebHTMLView.mm:
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inContext:topView:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:topView:]): Deleted.
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]): Deleted.

Tools:

Previously, there was no way to make DumpRenderTree's views layer-backed. Unfortunately,
simply setting [WebView setWantsLayer:] is insufficient; turning it on and then off again
leaves some state around inside the NSWindow which isn't easily cleaned up. Instead,
we should just tear down and rebuild the window whenever we need a layer-backed WebView.
We can also use the "webkit-test-runner" header comment to trigger this new layer-backed
codepath.

* DumpRenderTree/TestOptions.h:
* DumpRenderTree/TestOptions.mm:
(TestOptions::TestOptions):
(TestOptions::webViewIsCompatibleWithOptions):
* DumpRenderTree/mac/DumpRenderTree.mm:
(shouldIgnoreWebCoreNodeLeaks):
(allowedFontFamilySet):
(-[DRTMockScroller rectForPart:]):
(-[DRTMockScroller drawKnob]):
(-[DRTMockScroller drawRect:]):
(createWebViewAndOffscreenWindow):
(initializeGlobalsFromCommandLineOptions):
(prepareConsistentTestingEnvironment):
(dumpRenderTree):
(dumpAudio):
(dumpHistoryItem):
(dumpBackForwardListForWebView):
(resetWebViewToConsistentStateBeforeTesting):
(WebThreadLockAfterDelegateCallbacksHaveCompleted):
(runTest):

LayoutTests:

Cause two successive paints, and compare it against 0 paints.

* fast/frames/iframe-translucent-background-expected.html: Added.
* fast/frames/iframe-translucent-background.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoWeb Inspector: Don't create DetailsSidebarPanel classes until they are needed by...
drousso@apple.com [Fri, 26 May 2017 00:29:58 +0000 (00:29 +0000)]
Web Inspector: Don't create DetailsSidebarPanel classes until they are needed by a Tab
https://bugs.webkit.org/show_bug.cgi?id=172393

Reviewed by Joseph Pecoraro.

* UserInterface/Base/Main.js:
(WebInspector.contentLoaded):
Remove global instantiation of all DetailsSidebarPanel objects.

(WebInspector.instanceForClass):
Utility function for creating and accessing an instance of a given class.

* UserInterface/Views/ContentBrowserTabContentView.js:
(WebInspector.ContentBrowserTabContentView):
* UserInterface/Views/DebuggerTabContentView.js:
(WebInspector.DebuggerTabContentView):
(WebInspector.DebuggerTabContentView.prototype.showDetailsSidebarPanels):
* UserInterface/Views/ElementsTabContentView.js:
(WebInspector.ElementsTabContentView):
* UserInterface/Views/NetworkTabContentView.js:
(WebInspector.NetworkTabContentView):
* UserInterface/Views/ResourcesTabContentView.js:
(WebInspector.ResourcesTabContentView):
* UserInterface/Views/SearchTabContentView.js:
(WebInspector.SearchTabContentView):
* UserInterface/Views/StorageTabContentView.js:
(WebInspector.StorageTabContentView):
* UserInterface/Views/TabContentView.js:
(WebInspector.TabContentView):
(WebInspector.TabContentView.prototype.get detailsSidebarPanels):
* UserInterface/Views/TimelineTabContentView.js:
(WebInspector.TimelineTabContentView):
Now accepts an array of DetailsSidebarPanel classes that are all instantiated when they are
about to be added to the DetailsSidebar.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217460 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoCleanup tests after r217240
keith_miller@apple.com [Fri, 26 May 2017 00:18:25 +0000 (00:18 +0000)]
Cleanup tests after r217240
https://bugs.webkit.org/show_bug.cgi?id=172466

Reviewed by Mark Lam.

I forgot to make my test an actual test. Also, remove second call runJSExportTests()

* API/tests/JSExportTests.mm:
(wrapperForNSObjectisObject):
* API/tests/testapi.mm:
(testObjectiveCAPIMain):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217459 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoDate should use historical data if it's available.
keith_miller@apple.com [Fri, 26 May 2017 00:06:44 +0000 (00:06 +0000)]
Date should use historical data if it's available.
https://bugs.webkit.org/show_bug.cgi?id=172592

Reviewed by Mark Lam.

JSTests:

Remove parts of the date tests that rely on the absence of
historical data in Date.

* mozilla/ecma/Date/15.9.5.31-1.js:
(getTestCases):
* mozilla/ecma/Date/15.9.5.35-1.js:
(getTestCases):

Source/WTF:

The spec previously disallowed using historical data for Dates.
This is no longer the case. Additionally, not using historical
data, when available, seems unfortunate for users. This patch
removes the code dropping historical data.

* wtf/DateMath.cpp:
(WTF::calculateLocalTimeOffset):
(WTF::msToMilliseconds): Deleted.

LayoutTests:

Fix tests to work with historically accurate dates.

* js/dom/date-big-setdate-expected.txt: Removed.
* js/dom/date-big-setdate.html: Removed.
* js/dom/script-tests/date-big-setdate.js: Removed.
* storage/indexeddb/modern/date-basic-expected.txt:
* storage/indexeddb/modern/date-basic-private-expected.txt:
* storage/indexeddb/modern/get-keyrange-expected.txt:
* storage/indexeddb/modern/get-keyrange-private-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoThe default setting of Option::criticalGCMemoryThreshold is too high for iOS
msaboff@apple.com [Fri, 26 May 2017 00:03:13 +0000 (00:03 +0000)]
The default setting of Option::criticalGCMemoryThreshold is too high for iOS
https://bugs.webkit.org/show_bug.cgi?id=172617

Reviewed by Mark Lam.

Reducing criticalGCMemoryThreshold to 0.80 eliminated jetsam on iOS devices
when tested running JetStream.

* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agobmalloc: scavenger runs too much on JetStream
msaboff@apple.com [Thu, 25 May 2017 23:11:24 +0000 (23:11 +0000)]
bmalloc: scavenger runs too much on JetStream
https://bugs.webkit.org/show_bug.cgi?id=172373

Reviewed by Geoffrey Garen.

Instruments says that JetStream on macOS spends about 3% of its time in
madvise.

In <https://bugs.webkit.org/show_bug.cgi?id=160098>, Ben saw some
evidence that madvise was the reason that switching to bmalloc for
DFG::Node allocations was a slowdown the first time around.

In <https://bugs.webkit.org/show_bug.cgi?id=172124>, Michael saw that
scavening policy can affect JetStream.

Intuitively, it seems wrong for the heap to idle shrink during hardcore
benchmarking.

The strategy here is to back off in response to any heap growth event,
and to wait 2s instead of 0.5s for heap growth to take place -- but we
scavenge immediately in response to critical memory pressure, to avoid
jetsam.

One hole in this strategy is that a workload with a perfectly
unfragmented heap that allocates and deallocates ~16kB every 2s will
never shrink its heap. This doesn't seem to be a problem in practice.

This looks like a 2% - 4% speedup on JetStream on Mac Pro and MacBook Air.

* bmalloc/AsyncTask.h:
(bmalloc::AsyncTask::willRun):
(bmalloc::AsyncTask::willRunSoon):
(bmalloc::Function>::AsyncTask):
(bmalloc::Function>::run):
(bmalloc::Function>::runSoon):
(bmalloc::Function>::threadRunLoop):
(bmalloc::Function>::runSlowCase): Deleted. Added a "run soon" state
so that execution delay is modeled directly instead of implicitly
through sleep events. This enables the Heap to issue a "run now" event
at any moment in response ot memory pressure.

* bmalloc/Heap.cpp:
(bmalloc::Heap::Heap): Don't call into our own API -- that's a layering
violation.

(bmalloc::Heap::updateMemoryInUseParameters): No need for
m_scavengeSleepDuration anymore.

(bmalloc::Heap::concurrentScavenge): Added a back-off policy when the
heap is growing.
(bmalloc::Heap::scavenge):

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Don't try to give up in the middle
of a scavenge event. Our new backoff policy supplants that design. Also,
it's easier to profile and understand scavenging behavior if it always
runs to completion once started.

(bmalloc::Heap::scheduleScavenger):
(bmalloc::Heap::scheduleScavengerIfUnderMemoryPressure): Added a
synchronous amortized check for memory pressure. This check has the
benefit that it runs immediately during high rates of heap activity,
so we can detect memory pressure right away and wake the scavenger
instead of waiting for the scavenger to wake up.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::deallocateSmallLine):
(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::tryAllocateLarge):
(bmalloc::Heap::shrinkLarge):
(bmalloc::Heap::deallocateLarge):
* bmalloc/Heap.h:
(bmalloc::Heap::isUnderMemoryPressure):
* bmalloc/Sizes.h:
* bmalloc/VMHeap.h:
(bmalloc::VMHeap::deallocateSmallPage):
* bmalloc/bmalloc.h:
(bmalloc::api::scavenge): Updated for API changes above.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217456 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoASSERT(m_websiteDataStore->websiteDataStore().sessionID() == m_sessionID) in PageConf...
cdumez@apple.com [Thu, 25 May 2017 22:33:28 +0000 (22:33 +0000)]
ASSERT(m_websiteDataStore->websiteDataStore().sessionID() == m_sessionID) in PageConfiguration::sessionID()
https://bugs.webkit.org/show_bug.cgi?id=172615
<rdar://problem/32277488>

Reviewed by Brady Eidson.

Fix assertion added in r215923 to take into account the fact that the PageConfiguration's sessionID
is SessionID::legacyPrivateSessionID() when private browsing is enabled, instead of being the
WebsiteDataStore's sessionID.

See code in WebProcessPool::createWebPage():
"""
pageConfiguration->setSessionID(pageConfiguration->preferences()->privateBrowsingEnabled() ? SessionID::legacyPrivateSessionID() : m_websiteDataStore->websiteDataStore().sessionID());
"""

* UIProcess/API/APIPageConfiguration.cpp:
(API::PageConfiguration::sessionID):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoRegression(r215686): Videos sometimes do not load in iBooks
cdumez@apple.com [Thu, 25 May 2017 22:20:14 +0000 (22:20 +0000)]
Regression(r215686): Videos sometimes do not load in iBooks
https://bugs.webkit.org/show_bug.cgi?id=172604
<rdar://problem/32003717>

Reviewed by Geoffrey Garen.

Before r215686, the loop would have a check at the beginning to check if the
dataRequest's currentOffset was greater than the buffer length and would
cause the function to return early.

This check was dropped in r215686, which caused us in some cases to call
finishLoading / stopLoading() after the loop, even though we did not have
enough data in the buffer to satisfy the data request.

To address the issue, we now return early after the loop if remainingLength
is greater than 0, meaning that we could not satisfy the request. This makes
sure we do not call finishLoading / stopLoading() prematurely.

Note that before r215686, the condition of the while loop was
"while (remainingLength)" so the only way to get out of the loop was to:
1. Get remainingLength to 0, in which case we would fall through and
   potentially call finishLoading / stopLoading() after the loop.
2. Fail the "(data->size() <= [dataRequest currentOffset] - responseOffset)"
   check at the beginning of the loop, meaning that we ran out of data in
   the buffer. This would cause us to return from the function, not fall
   through, so we would not call finishLoading / stopLoading().

No new tests, I do not know how to write a test for this.

* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::fulfillRequestWithResource):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoWeb Inspector: Changing the width of a Sidebar when it's collapsed shouldn't trigger...
drousso@apple.com [Thu, 25 May 2017 22:12:05 +0000 (22:12 +0000)]
Web Inspector: Changing the width of a Sidebar when it's collapsed shouldn't trigger a layout
https://bugs.webkit.org/show_bug.cgi?id=172606

Reviewed by Matt Baker.

* UserInterface/Views/Sidebar.js:
(WebInspector.Sidebar.prototype._recalculateWidth):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WebIDL] Use the term 'operation' more consistently
weinig@apple.com [Thu, 25 May 2017 21:35:18 +0000 (21:35 +0000)]
[WebIDL] Use the term 'operation' more consistently
https://bugs.webkit.org/show_bug.cgi?id=172601

Reviewed by Chris Dumez.

We were using the term 'operation', a WebIDL term for function-like
constructs, inconsistently in the code generator. Now, when we use
'operation' when referring to the IDL concept (usually the object the
parser produces) and 'function' when referring to code being generated.

Source/WebCore:

* bindings/scripts/CodeGenerator.pm:
* bindings/scripts/IDLParser.pm:
* bindings/scripts/generate-bindings.pl:

Tools:

* DumpRenderTree/Bindings/CodeGeneratorDumpRenderTree.pm:
* WebKitTestRunner/InjectedBundle/Bindings/CodeGeneratorTestRunner.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WK2][iOS] Add a mach-lookup exception for 'com.apple.lsd.mapdb' to Network sandbox
bfulgham@apple.com [Thu, 25 May 2017 21:31:57 +0000 (21:31 +0000)]
[WK2][iOS] Add a mach-lookup exception for 'com.apple.lsd.mapdb' to Network sandbox
https://bugs.webkit.org/show_bug.cgi?id=172465
<rdar://problem/32332836>

Reviewed by Alex Christensen.

Expand sandbox to allow lookup of the mapdb that contains UTI information used
by the Network process.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed build fix after r217447; only run test where JSC's ObjC API is available.
jer.noble@apple.com [Thu, 25 May 2017 21:26:00 +0000 (21:26 +0000)]
Unreviewed build fix after r217447; only run test where JSC's ObjC API is available.

* TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSyncing script shouldn't schedule a build request when there is a build from another...
rniwa@webkit.org [Thu, 25 May 2017 21:10:09 +0000 (21:10 +0000)]
Syncing script shouldn't schedule a build request when there is a build from another test group in progress
https://bugs.webkit.org/show_bug.cgi?id=172577
<rdar://problem/32395049>

Reviewed by Chris Dumez.

When a buildbot master gets restarted while there is an in-progress build and a pending build, the master will
re-schedule the currently running build, and this can result in multiple build requests from different test
groups being scheduled simultaneously.

sync-buildbot.js was supposed to recover from this state by only processing build requests from one test group
at a time and eventually come back to a state where only a single test group is running per buildbot slave.

We had a test for this particular case but it wasn't testing what it claimed to test. Rewriten the test case
and fixed the bug by explicitly checking this condition and treating it as if there is a pending build already
scheduled in the builder in this case.

* public/api/test-groups.php:
(main): Fixed a regression from r217397. Return the platform ID of the first request when none of the requets
have been processed yet or all of them had failed.
* server-tests/tools-buildbot-triggerable-tests.js: Rewritten a test case intended to cover this bug.
(.assertRequestAndResolve): Added.
* tools/js/buildbot-syncer.js:
(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Fixed the bug. Avoid scheduling a new request on
this syncer if there is a build in progress for a test group different from that of the new request. Reuse the
code we had to deal with a pending build for this purpose.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217448 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSystem sleeps while playing to wireless target, ending stream.
jer.noble@apple.com [Thu, 25 May 2017 21:05:26 +0000 (21:05 +0000)]
System sleeps while playing to wireless target, ending stream.
https://bugs.webkit.org/show_bug.cgi?id=172541

Reviewed by Eric Carlson.

Source/WebCore:

API test: Tests/mac/MediaPlaybackSleepAssertion.mm

Keep the system from sleeping (but allow the display to sleep) while playing media to a wireless target.

Give the SleepDisabler a Type, either System or Display, which indicates what kind of sleep to disable.
Update HTMLMediaElement::shouldDisableSleep() to differentiate between a video which is playing locally,
one that is playing but not visible, and one that is playing remotely.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
(WebCore::HTMLMediaElement::updateSleepDisabling):
(WebCore::HTMLMediaElement::shouldDisableSleep):
* html/HTMLMediaElement.h:
* platform/SleepDisabler.cpp:
(WebCore::SleepDisabler::create):
(WebCore::SleepDisabler::SleepDisabler):
* platform/SleepDisabler.h:
(WebCore::SleepDisabler::type):
* platform/cocoa/SleepDisablerCocoa.cpp:
(WebCore::SleepDisabler::create):
(WebCore::SleepDisablerCocoa::SleepDisablerCocoa):
(WebCore::SleepDisablerCocoa::~SleepDisablerCocoa):
* platform/cocoa/SleepDisablerCocoa.h:
* platform/mac/WebVideoFullscreenController.mm:
(-[WebVideoFullscreenController updatePowerAssertions]):
* platform/spi/cocoa/IOPMLibSPI.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.html: Added.
* TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm: Added.
(-[MediaPlaybackSleepAssertionLoadDelegate webView:didCreateJavaScriptContext:forFrame:]):
(-[MediaPlaybackSleepAssertionPolicyDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:]):
(TestWebKitAPI::simulateKeyDown):
(TestWebKitAPI::hasAssertionType):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, rolling out r217423 and r217424.
jlewis3@apple.com [Thu, 25 May 2017 20:58:34 +0000 (20:58 +0000)]
Unreviewed, rolling out r217423 and r217424.
https://bugs.webkit.org/show_bug.cgi?id=172607

These caused an api failure on all testers. (Requested by
mlewis13 on #webkit).

Reverted changesets:

"REGRESSION (r216977): 4 leaks introduced in new
WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test"
https://bugs.webkit.org/show_bug.cgi?id=172558
http://trac.webkit.org/changeset/217423

"REGRESSION (r217423): Fix last-second typo in 'auto'"
http://trac.webkit.org/changeset/217424

Patch by Commit Queue <commit-queue@webkit.org> on 2017-05-25

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoDocumentThreadableLoader::redirectReceived() should not rely on the resource's loader
cdumez@apple.com [Thu, 25 May 2017 20:53:49 +0000 (20:53 +0000)]
DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader
https://bugs.webkit.org/show_bug.cgi?id=172578
<rdar://problem/30754582>

Reviewed by Youenn Fablet.

Source/WebCore:

DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader. The rest of the methods do not.
It is unsafe for it to rely on the resource's loader because it gets cleared when the load completes. A CachedRawresource
may be reused from the memory cache once its load has completed.

This would cause crashes in CachedRawResource::didAddClient() when replaying the redirects because it would call
DocumentThreadableLoader::redirectReceived() and potentially not have a loader anymore. To hit this exact code path,
you would need to make repeated XHR to a cacheable simple cross-origin resource that has cacheable redirect.

Test: http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
* loader/DocumentThreadableLoader.h:

LayoutTests:

Add layout test coverage.

* http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash-expected.txt: Added.
* http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agocom.apple.coremedia.videoencoder XPC service should be allowed by WebProcess sandbox
commit-queue@webkit.org [Thu, 25 May 2017 20:22:51 +0000 (20:22 +0000)]
com.apple.coremedia.videoencoder XPC service should be allowed by WebProcess sandbox
https://bugs.webkit.org/show_bug.cgi?id=172599

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-25
Reviewed by Alex Christensen.

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoVersioning.
matthew_hanson@apple.com [Thu, 25 May 2017 20:07:19 +0000 (20:07 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[iOS WK2] Avoid setting contentsScale and rasterizationScale on CATransformLayers
simon.fraser@apple.com [Thu, 25 May 2017 19:34:38 +0000 (19:34 +0000)]
[iOS WK2] Avoid setting contentsScale and rasterizationScale on CATransformLayers
https://bugs.webkit.org/show_bug.cgi?id=172569

Reviewed by Dean Jackson.

Setting contentsScale and rasterizationScale on CATransformLayers is a waste of CPU time,
and triggers unwanted logging, so don't do it.

* WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:
(WebKit::PlatformCALayerRemote::PlatformCALayerRemote):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217442 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoASSERTION FAILED: !needsStyleRecalc() || !document().childNeedsStyleRecalc()
zalan@apple.com [Thu, 25 May 2017 19:22:20 +0000 (19:22 +0000)]
ASSERTION FAILED: !needsStyleRecalc() || !document().childNeedsStyleRecalc()
https://bugs.webkit.org/show_bug.cgi?id=172576
<rdar://problem/32181979>

Reviewed by Brent Fulgham.

Ensure that we clean the subframe's document before start searching for a focusable element.

Covered by existing test.

* page/FocusController.cpp:
(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217441 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoCrash on WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance + 1195
jiewen_tan@apple.com [Thu, 25 May 2017 18:50:34 +0000 (18:50 +0000)]
Crash on WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance + 1195
https://bugs.webkit.org/show_bug.cgi?id=172555
<rdar://problem/32004724>

Reviewed by Ryosuke Niwa.

Source/WebCore:

setSelectionWithoutUpdatingAppearance could dispatch a synchronous focusin event,
which could invoke an event handler that deteles the frame. Therefore, add a
protector before the call.

Test: editing/selection/select-iframe-focusin-document-crash.html

* editing/FrameSelection.cpp:
(WebCore::FrameSelection::setSelection):

LayoutTests:

* editing/selection/resources/select-iframe-focusin-document-crash-frame.html: Added.
* editing/selection/select-iframe-focusin-document-crash-expected.txt: Added.
* editing/selection/select-iframe-focusin-document-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoOur for-in optimization in the bytecode generator does its static analysis incorrectly
sbarati@apple.com [Thu, 25 May 2017 18:47:38 +0000 (18:47 +0000)]
Our for-in optimization in the bytecode generator does its static analysis incorrectly
https://bugs.webkit.org/show_bug.cgi?id=172532
<rdar://problem/32369452>

Reviewed by Mark Lam.

JSTests:

* stress/for-in-invalidation-for-any-write.js: Added.
(assert):
(test):
(test.i):

Source/JavaScriptCore:

Our static analysis for when a for-in induction variable
is written to tried to its analysis as we generate
bytecode. This has issues, since it does not account for
the dynamic execution path of the program. Let's consider
a program where our old analysis worked:

```
for (let p in o) {
    o[p]; // We can transform this into a fast get_direct_pname
    p = 20;
    o[p]; // We cannot transform this since p has been changed.
}
```

However, our static analysis did not account for loops, which exist
in JavaScript. e.g, it would incorrectly compile this program as:
```
for (let p in o) {
    for (let i = 0; i < 20; ++i) {
        o[p]; // It transforms this to use get_direct_pname even though p will be over-written if we get here from the inner loop back edge!
        p = 20;
        o[p]; // We correctly do not transform this.
    }
}
```

Because of this flaw, I've made the optimization more conservative.
We now optimistically emit code for the optimized access. However,
if a for-in context is *ever* invalidated, before we pop it off
the stack, we rewrite the program's optimized accesses to no longer
be optimized. To do this, each context keeps track of its optimized
accesses.

This patch also adds a new bytecode, op_nop, which is just a no-op.
It was helpful to add this because reverting get_direct_pname to get_by_val
will leave us with an extra instruction word because get_direct_pname is
has a length of 7 where get_by_val has a length of 6. This leaves us with
an extra slot that we fill with an op_nop.

* bytecode/BytecodeDumper.cpp:
(JSC::BytecodeDumper<Block>::dumpBytecode):
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):
(JSC::StructureForInContext::pop):
(JSC::IndexedForInContext::pop):
* bytecompiler/BytecodeGenerator.h:
(JSC::StructureForInContext::addGetInst):
(JSC::IndexedForInContext::addGetInst):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_nop):
* llint/LowLevelInterpreter.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoEnsure ImageFrameCache does not access its BitmapImage after it is deleted
commit-queue@webkit.org [Thu, 25 May 2017 18:22:48 +0000 (18:22 +0000)]
Ensure ImageFrameCache does not access its BitmapImage after it is deleted
https://bugs.webkit.org/show_bug.cgi?id=172563

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

A crash may happen if the BitmapImage is deleted while the decoding thread
is still active. Once the current frame finishes decoding, the decoding
thread will make a callOnMainThread() which will access the deleted BitmapImage.

We need to ensure if BitmapImage is deleted, the raw pointer which references
it in ImageFrameCache is cleared. If this is done, nothing else is needed.
All all the accesses to container BitmapImage in ImageFrameCache are guarded
by checking m_image is not null.

* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::~BitmapImage): Make sure the decoding thread will
not have access to the deleted BitmapImage when it finishes decoding and
make its callOnMainThread().
(WebCore::BitmapImage::destroyDecodedData): Use the function new name.
(WebCore::BitmapImage::internalStartAnimation): Ditto.
* platform/graphics/ImageFrameCache.cpp:
(WebCore::ImageFrameCache::startAsyncDecodingQueue): Protect the sourceURL
for the decoding thread. ImageFrameCache::sourceURL() checks for the value
of m_image which now may change from the main thread.
* platform/graphics/ImageFrameCache.h:
(WebCore::ImageFrameCache::clearImage): Add a new function to clear the
raw pointer m_image when its is deleted.
* platform/graphics/ImageSource.cpp:
(WebCore::ImageSource::resetData): Rename clear() to resetData() for better
code readability. This function deletes the ImageDecoder and creates a new
one if data is not null. The purpose is to delete the decoder raster data.
(WebCore::ImageSource::clear): Deleted.
* platform/graphics/ImageSource.h:
(WebCore::ImageSource::clearImage): Wrapper for the ImageFrameCache function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217437 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoAdd some release logging for media elements
commit-queue@webkit.org [Thu, 25 May 2017 17:49:56 +0000 (17:49 +0000)]
Add some release logging for media elements
https://bugs.webkit.org/show_bug.cgi?id=172581

Patch by youenn fablet <youenn@apple.com> on 2017-05-25
Reviewed by Eric Carlson.

No change of behavior.

 Adding logging for getUserMedia, video autoplay and incoming/outgoing webrtc video tracks.

* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::UserMediaRequest::allow):
(WebCore::UserMediaRequest::deny):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::canTransitionFromAutoplayToPlay):
* html/MediaElementSession.cpp:
(WebCore::MediaElementSession::playbackPermitted):
* platform/Logging.h:
* platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
(WebCore::RealtimeIncomingVideoSource::OnFrame):
* platform/mediastream/mac/RealtimeIncomingVideoSource.h:
* platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
(WebCore::RealtimeOutgoingVideoSource::sendOneBlackFrame):
(WebCore::RealtimeOutgoingVideoSource::videoSampleAvailable):
* platform/mediastream/mac/RealtimeOutgoingVideoSource.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217436 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[css-align] Fixed errors in the CSS parsing tests of the "place-XXX" shorthands
jfernandez@igalia.com [Thu, 25 May 2017 17:40:49 +0000 (17:40 +0000)]
[css-align] Fixed errors in the CSS parsing tests of the "place-XXX" shorthands
https://bugs.webkit.org/show_bug.cgi?id=172593

Reviewed by Manuel Rego Casasnovas.

* css3/parse-place-content.html:
* css3/parse-place-items.html:
* css3/parse-place-self.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[CMake][Win] Use WTF_CPU not MSCV_CXX_ARCHITECTURE_ID when determining lib directories
commit-queue@webkit.org [Thu, 25 May 2017 17:40:14 +0000 (17:40 +0000)]
[CMake][Win] Use WTF_CPU not MSCV_CXX_ARCHITECTURE_ID when determining lib directories
https://bugs.webkit.org/show_bug.cgi?id=172570

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-25
Reviewed by Per Arne Vollan.

* Source/cmake/OptionsWin.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217434 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[WebIDL] Do a pass of cleanup in the bindings generator
weinig@apple.com [Thu, 25 May 2017 17:39:57 +0000 (17:39 +0000)]
[WebIDL] Do a pass of cleanup in the bindings generator
https://bugs.webkit.org/show_bug.cgi?id=172566

Reviewed by Chris Dumez.

- Split JSDOMBindingCaller.h into four new files to allow for less
  header inclusion (one includes a bunch of promise stuff that usually
  isn't needed):
    - JSDOMCastedThisErrorBehavior (with shared casting enum)
    - JSDOMAttribute (for attribute getting / setting)
    - JSDOMOperation (for normal operations)
    - JSDOMOperationReturningPromise (for operations returning promises, obviously).

  In addition to separating the files, rename to be more consistent with modern
  bindings conventions (new classes are IDLAttribute, IDLOperation, and
  IDLOperationReturningPromise) and simplify function names
    - 'callOperation' becomes 'call'
    - 'attribute' becomes 'get'
    - 'setAttribute' becomes 'set'

- Remove extra generated trampoline function for operations returning promises
  by making JSDOMOperationReturningPromise handle all the promise related overhead.

- Make [Custom] operations returning promises go through the normal IDLOperationReturningPromise
  code path (simplifying JSReadableStreamSource and JSSubtleCrypto). Added [ReturnsOwnPromise]
  extended attribute to allow some functions that want to retain specialized behavior to do so

- Swap order of trampoline and implementation of operation, to avoid the need for
  a forward declaration and make reading more straightforward.

* WebCore.xcodeproj/project.pbxproj:
Add / remove files.

* bindings/js/JSDOMBindingCaller.h: Removed.

* bindings/js/JSDOMCastedThisErrorBehavior.h: Added.
Shared header for enum needed by JSDOMAttribute, JSDOMOperation and JSDOMOperationReturningPromise.

* bindings/js/JSDOMAttribute.h: Added.
* bindings/js/JSDOMOperation.h: Added.
* bindings/js/JSDOMOperationReturningPromise.h: Added.
Split out JSDOMBindingCaller implementations into own classes / files. Simplify
naming.

* bindings/js/JSDOMPromiseDeferred.h:
(WebCore::callPromiseFunction):
Add a variant of callPromiseFunction that takes a lambda.

* bindings/js/JSEventTargetCustom.h:
(WebCore::IDLOperation<JSEventTarget>::call):
Update operation specialization to use new class.

* bindings/js/JSReadableStreamSourceCustom.cpp:
* bindings/js/JSSubtleCryptoCustom.cpp:
Simplify now that the callPromiseFunction is called for us.

* crypto/WebKitSubtleCrypto.idl:
* css/FontFace.idl:
* dom/CustomElementRegistry.idl:
Add [ReturnsOwnPromise] to retain custom promise behavior.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
Update header generation to account for custom functions that return promises now
having a Ref<DeferredPromise>&& parameter.

(GenerateImplementation):
- Update for new naming of cast functions.
- Use AddToImplIncludes (and pass in conditional) rather than using $implIncludes
  directly, #includes to be grouped correctly.
- Remove dead $inAppleCopyright code (it was moved to GenerateOperationDefinition
  earlier).

(GenerateOperationDefinition):
- Use $codeGenerator->IsPromiseType() rather than directly comparing to "Promise" string.
- Restructure code to allow trampoline (the code that calls IDLOperation) to come after
  the main operation implementation (the part that calls into the impl).
- Support custom functions returning promises (and the [ReturnsOwnPromise] variant).

(GenerateImplementationIterableFunctions):
Update for name change to IDLOperation.

* bindings/scripts/IDLAttributes.json:
Add [ReturnsOwnPromise].

* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
Update test results.

* bindings/scripts/test/TestObj.idl:
Add additional test cases for operations returning promises.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[Win] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
utatane.tea@gmail.com [Thu, 25 May 2017 17:18:57 +0000 (17:18 +0000)]
[Win] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
https://bugs.webkit.org/show_bug.cgi?id=172586

Reviewed by Brent Fulgham.

In ThreadHolder for Windows, we need to construct HashMap<ThreadIdentifier, ThreadHolder*>.
The problem is that ThreadHolder::platformInitialize touches Thread::id() even before Thread
is not established. In that case, id() returns incorrect value.

But, calling ThreadHolder::initialize() after waiting for completion of Thread::establish() is
not a good idea. Since we already have NewThreadContext->creationMutex, we can wait for completion
of Thread::establish() easily. However, if we do so, Thread::create() returns RefPtr<Thread> that
may not call ThreadHolder::initialize() in its thread yet. In that case, ThreadHolder::get() fails.
Thus, Windows WTF::waitForThreadCompletion implementation becomes broken. We can add a new mutex
to wait for completion of ThreadHolder::initialize in the creator of the thread (like a ping-pong!).
But it overly complicates the implementation.

The following is overly complicated initialization phase.

Creator -> AC mutex(1) -------> establishment -> RL mutex(1) ----------------------> AC mutex(2) ->

                       Thread -----------------> AC mutex(1) -> ThreadHolder init -> RL mutex(2) ->

So, instead, in this patch, we just use Thread::currentID(). When calling ThreadHolder::initialize(),
we pass ThreadIdentifier by using Thread::currentID(). This implementation works great because,

1. ThreadHolder::initialize requires ThreadIdentifier only in Windows environment because Pthread
   ThreadHolder does not create HashMap<>. And this is used for obsolete Threading APIs. Thus this
   hack will be removed in the near future.

2. In Windows, Thread::currentID() can return a valid value without using ThreadHolder. And it does
   not require Thread establishment. So, calling currentID() to initialize ThreadHolder is ok in
   Windows.

* wtf/ThreadHolder.cpp:
(WTF::ThreadHolder::initialize): Deleted.
* wtf/ThreadHolder.h:
* wtf/ThreadHolderPthreads.cpp:
(WTF::ThreadHolder::initialize):
* wtf/ThreadHolderWin.cpp:
(WTF::ThreadHolder::initialize):
(WTF::ThreadHolder::platformInitialize): Deleted.
* wtf/ThreadingWin.cpp:
(WTF::wtfThreadEntryPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoClang warns about (intended) returning pointer to stack location in WTF/wtf/Threading...
aperez@igalia.com [Thu, 25 May 2017 17:07:15 +0000 (17:07 +0000)]
Clang warns about (intended) returning pointer to stack location in WTF/wtf/ThreadingPthreads.cpp
https://bugs.webkit.org/show_bug.cgi?id=172595

Reviewed by Mark Lam.

* wtf/ThreadingPthreads.cpp: Use a #pragma to silence Clang warning about returning a
pointer to the stack (which is intended)

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoUnreviewed, rolling out r217409.
jlewis3@apple.com [Thu, 25 May 2017 17:06:40 +0000 (17:06 +0000)]
Unreviewed, rolling out r217409.

The revision caused api failures

Reverted changeset:

"_WKUserStyleSheet leaks string data"
https://bugs.webkit.org/show_bug.cgi?id=172583
http://trac.webkit.org/changeset/217409

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoObjectToStringAdaptiveInferredPropertyValueWatchpoint should not reinstall itself...
mark.lam@apple.com [Thu, 25 May 2017 17:03:13 +0000 (17:03 +0000)]
ObjectToStringAdaptiveInferredPropertyValueWatchpoint should not reinstall itself nor handleFire if it's dying shortly.
https://bugs.webkit.org/show_bug.cgi?id=172548
<rdar://problem/31458393>

Reviewed by Filip Pizlo.

JSTests:

* stress/regress-172548.patch: Added.

Source/JavaScriptCore:

Consider the following scenario:

1. A ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1, watches for
   structure transitions, e.g. structure S2 transitioning to structure S3.
   In this case, O1 would be installed in S2's watchpoint set.
2. When the structure transition happens, structure S2 will fire watchpoint O1.
3. O1's handler will normally re-install itself in the watchpoint set of the new
   "transitioned to" structure S3.
4. "Installation" here requires writing into the StructureRareData SD3 of the new
   structure S3.  If SD3 does not exist yet, the installation process will trigger
   the allocation of StructureRareData SD3.
5. It is possible that the Structure S1, and StructureRareData SD1 that owns the
   ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1 is no longer reachable
   by the GC, and therefore will be collected soon.
6. The allocation of SD3 in (4) may trigger the sweeping of the StructureRareData
   SD1.  This, in turn, triggers the deletion of the
   ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1.

After O1 is deleted in (6) and SD3 is allocated in (4), execution continues in
AdaptiveInferredPropertyValueWatchpointBase::fire() where O1 gets installed in
structure S3's watchpoint set.  This is obviously incorrect because O1 is already
deleted.  The result is that badness happens later when S3's watchpoint set fires
its watchpoints and accesses the deleted O1.

The fix is to enhance AdaptiveInferredPropertyValueWatchpointBase::fire() to
check if "this" is still valid before proceeding to re-install itself or to
invoke its handleFire() method.

ObjectToStringAdaptiveInferredPropertyValueWatchpoint (which extends
AdaptiveInferredPropertyValueWatchpointBase) will override its isValid() method,
and return false its owner StructureRareData is no longer reachable by the GC.
This ensures that it won't be deleted while it's installed to any watchpoint set.

Additional considerations and notes:
1. In the above, I talked about the ObjectToStringAdaptiveInferredPropertyValueWatchpoint
   being installed in watchpoint sets.  What actually happens is that
   ObjectToStringAdaptiveInferredPropertyValueWatchpoint has 2 members
   (m_structureWatchpoint and m_propertyWatchpoint) which may be installed in
   watchpoint sets.  The ObjectToStringAdaptiveInferredPropertyValueWatchpoint is
   not itself a Watchpoint object.

   But for brevity, in the above, I refer to the ObjectToStringAdaptiveInferredPropertyValueWatchpoint
   instead of its Watchpoint members.  The description of the issue is still
   accurate given the life-cycle of the Watchpoint members are embedded in the
   enclosing ObjectToStringAdaptiveInferredPropertyValueWatchpoint object, and
   hence, they share the same life-cycle.

2. The top of AdaptiveInferredPropertyValueWatchpointBase::fire() removes its
   m_structureWatchpoint and m_propertyWatchpoint if they have been added to any
   watchpoint sets.  This is safe to do even if the owner StructureRareData is no
   longer reachable by the GC.

   This is because the only way we can get to AdaptiveInferredPropertyValueWatchpointBase::fire()
   is if its Watchpoint members are still installed in some watchpoint set that
   fired.  This means that the AdaptiveInferredPropertyValueWatchpointBase
   instance has not been deleted yet, because its destructor will automatically
   remove the Watchpoint members from any watchpoint sets.

* bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
(JSC::AdaptiveInferredPropertyValueWatchpointBase::fire):
(JSC::AdaptiveInferredPropertyValueWatchpointBase::isValid):
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.h:
* heap/FreeList.cpp:
(JSC::FreeList::contains):
* heap/FreeList.h:
* heap/HeapCell.h:
* heap/HeapCellInlines.h:
(JSC::HeapCell::isLive):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::isFreeListedCell):
* heap/MarkedBlock.h:
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::isFreeListedCell):
* runtime/StructureRareData.cpp:
(JSC::ObjectToStringAdaptiveInferredPropertyValueWatchpoint::isValid):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
csaavedra@igalia.com [Thu, 25 May 2017 16:55:38 +0000 (16:55 +0000)]
[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Patch by Joanmarie Diggs <jdiggs@igalia.com> on 2017-05-25
Reviewed by Chris Fleizach.

* accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
* platform/gtk/accessibility/roles-exposed-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoSome <chrono> and ProgressTracker cleanup
simon.fraser@apple.com [Thu, 25 May 2017 16:54:18 +0000 (16:54 +0000)]
Some <chrono> and ProgressTracker cleanup
https://bugs.webkit.org/show_bug.cgi?id=172582

Reviewed by Sam Weinig.

Remove some unnecessary <chrono> includes.
Convert some std::chrono to use MonotonicTime/Seconds.
Clean up ProgressTracker.
Some #pragma once.

* dom/Document.h:
* loader/ProgressTracker.cpp:
(WebCore::ProgressTracker::ProgressTracker):
(WebCore::ProgressTracker::reset):
(WebCore::ProgressTracker::progressStarted):
(WebCore::ProgressTracker::finalProgressComplete):
(WebCore::ProgressTracker::incrementProgress):
* loader/ProgressTracker.h:
* page/Settings.h:
* platform/SearchPopupMenu.h:
* platform/Timer.h:
* platform/graphics/cg/IOSurfacePool.cpp:
(WebCore::IOSurfacePool::markOlderSurfacesPurgeable):
* platform/graphics/cg/IOSurfacePool.h:
(WebCore::IOSurfacePool::CachedSurfaceDetails::resetLastUseTime):
* platform/network/PlatformCookieJar.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
jdiggs@igalia.com [Thu, 25 May 2017 16:43:23 +0000 (16:43 +0000)]
[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Reviewed by Chris Fleizach.

Source/WebCore:

Add a new FootnoteRole accessibility role to WebCore and map it to
ATK_ROLE_FOOTNOTE for WebKitGtk and NSAccessibilityGroupRole with
a subrole of AXApplicationGroup for the Mac port.

No new tests because we already have coverage for this role.
The existing test expectations were updated to reflect the
new mapping of doc-footnote to ATK_ROLE_FOOTNOTE.

* accessibility/AccessibilityObject.cpp:
(WebCore::initializeRoleMap):
(WebCore::AccessibilityObject::computedRoleString):
* accessibility/AccessibilityObject.h:
* accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
(atkRole):
* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):

Tools:

Add map ATK_ROLE_FOOTNOTE to "AXFootnote" and bump jhbuild minimum
versions of atk, at-spi2-core, and at-spi2-atk to 2.25.2 (the earliest
releases which support the new platform footnote accessibility role.

* WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
* gtk/jhbuild.modules:

LayoutTests:

* accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
* platform/gtk/accessibility/roles-exposed-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years ago[GTK] [WebCrypto] Mark new WebCryptoAPI test failures after last WPT sync
clopez@igalia.com [Thu, 25 May 2017 16:24:31 +0000 (16:24 +0000)]
[GTK] [WebCrypto] Mark new WebCryptoAPI test failures after last WPT sync

Unreviewed GTK gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

2 years agoREGRESSION (r217423): Fix last-second typo in 'auto'
ddkilzer@apple.com [Thu, 25 May 2017 15:57:26 +0000 (15:57 +0000)]
REGRESSION (r217423): Fix last-second typo in 'auto'

* TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:
(WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test): Fix typo.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@217424 268f45cc-cd09-0410-ab3c-d52691b4dbfc