WebKit-https.git
4 years ago[Win] Implement CryptoDigest
dbates@webkit.org [Thu, 10 Mar 2016 01:09:03 +0000 (01:09 +0000)]
[Win] Implement CryptoDigest
https://bugs.webkit.org/show_bug.cgi?id=155247
<rdar://problem/25065843>

Reviewed by Brent Fulgham.

Implement the CryptoDigest abstraction for Windows so that we can compute cryptographically
secure hashes. This will allow us to support Content Security Policy inline script and inline
stylesheet hashes on Windows.

* PlatformWin.cmake: Add file CryptoDigestWin.cpp.
* PlatformWinCairo.cmake: Ditto.
* platform/crypto/win/CryptoDigestWin.cpp: Added.
(WebCore::CryptoDigest::CryptoDigest): Instantiate a CryptoDigestContext object.
(WebCore::CryptoDigest::~CryptoDigest): Destroy the cryptographic service provider and hash
object if non-null.
(WebCore::CryptoDigest::create): Acquire a handle to a cryptographic service provider (HCRYPTPROV)
and a handle to a hash object (HCRYPTHASH).
(WebCore::CryptoDigest::addBytes): Add the contents of the specified buffer to the hash object.
(WebCore::CryptoDigest::computeHash): Compute and return a Vector of bytes that represent the digest.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix after r196870.
rniwa@webkit.org [Thu, 10 Mar 2016 01:02:35 +0000 (01:02 +0000)]
Build fix after r196870.

* public/include/report-processor.php:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197904 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd Size metric to perf dashboard
rniwa@webkit.org [Thu, 10 Mar 2016 01:00:14 +0000 (01:00 +0000)]
Add Size metric to perf dashboard
https://bugs.webkit.org/show_bug.cgi?id=155266

Reviewed by Chris Dumez.

Added the "Size" metric and use bytes as its unit.

* public/js/helper-classes.js:
(PerfTestRuns):
* public/v2/data.js:
(RunsData.unitFromMetricName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197903 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r197149): Missing availability checks when soft-linking DataDetectors...
ddkilzer@apple.com [Thu, 10 Mar 2016 00:56:31 +0000 (00:56 +0000)]
REGRESSION (r197149): Missing availability checks when soft-linking DataDetectors.framework
<http://webkit.org/b/155258>

Reviewed by Andy Estes.

Source/WebCore:

* page/mac/ServicesOverlayController.mm:
(WebCore::ServicesOverlayController::Highlight::setDDHighlight):
(WebCore::ServicesOverlayController::Highlight::paintContents):
(WebCore::ServicesOverlayController::mouseIsOverHighlight):
- Add check that returns early if DataDetectors.framework is not
  available.

* platform/spi/mac/DataDetectorsSPI.h:
- Mark Objective-C classses as optional.

Source/WebKit/mac:

* WebView/WebImmediateActionController.mm:
(-[WebImmediateActionController _clearImmediateActionState]):
(-[WebImmediateActionController immediateActionRecognizerWillBeginAnimation:]):
(-[WebImmediateActionController _animationControllerForDataDetectedText]):
(-[WebImmediateActionController _animationControllerForDataDetectedLink]):
- Add check that returns early if DataDetectors.framework is not
  available.

Source/WebKit2:

* Platform/mac/MenuUtilities.mm:
(WebKit::menuItemForTelephoneNumber):
(WebKit::menuForTelephoneNumber):
- Add check that returns early if DataDetectors.framework is not
  available.

* Shared/mac/WebHitTestResultData.mm:
(WebKit::WebHitTestResultData::platformDecode):
- Add Debug assertion.  The soft-linked code should never be
  called if there was no actionContext passed in.

* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::dismissContentRelativeChildWindowsFromViewOnly):
- Protect calls to DDActionsManager with availability check.

* UIProcess/mac/WKImmediateActionController.mm:
(-[WKImmediateActionController _clearImmediateActionState]):
(-[WKImmediateActionController immediateActionRecognizerWillBeginAnimation:]):
- Protect calls to DDActionsManager with availability check.
(-[WKImmediateActionController _animationControllerForDataDetectedText]):
(-[WKImmediateActionController _animationControllerForDataDetectedLink]):
- Add check that returns early if DataDetectors.framework is not
  available.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197902 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd state dumping facility
commit-queue@webkit.org [Thu, 10 Mar 2016 00:45:35 +0000 (00:45 +0000)]
Add state dumping facility
https://bugs.webkit.org/show_bug.cgi?id=154930
<rdar://problem/24939135>

Patch by Keith Rollin <krollin@apple.com> on 2016-03-09
Reviewed by Anders Carlsson.

Source/WebKit2:

Collect the times at which pages are loaded. Dump them when an OS
state dump is triggered.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::didCommitLoad):
* WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::lastPageLoadTime):
* WebProcess/WebProcess.h:
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::registerWithStateDumper):
(WebKit::WebProcess::platformInitializeProcess):

Source/WTF:

Add an OS_STATE flag to control the inclusion of process state dumping
functionality.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197901 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving reference to Dashboard.Repository.Internal.trac from open source unit tests.
jmarcell@apple.com [Thu, 10 Mar 2016 00:40:30 +0000 (00:40 +0000)]
Removing reference to Dashboard.Repository.Internal.trac from open source unit tests.
https://bugs.webkit.org/show_bug.cgi?id=155274

Reviewed by Alexey Proskuryakov.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js:
(setup): Deleted. In bug 154180 we removed Dashboard.Repository.Internal which was causing an
error in the unit tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197900 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoArray.isArray support for Proxy
sbarati@apple.com [Thu, 10 Mar 2016 00:36:06 +0000 (00:36 +0000)]
Array.isArray support for Proxy
https://bugs.webkit.org/show_bug.cgi?id=155179

Reviewed by Mark Lam.

This patch implements Array.isArray to be compliant
with the ES6 spec. Specifically, it needs to interface
properly with Proxy arguments.
https://tc39.github.io/ecma262/#sec-isarray

* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::getCallData):
(JSC::arrayConstructorIsArray):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):
* runtime/ArrayPrototype.cpp:
(JSC::speciesConstructArray):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::revoke):
(JSC::ProxyObject::isRevoked):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
(JSC::ProxyObject::target):
(JSC::ProxyObject::handler):
* tests/es6.yaml:
* tests/stress/proxy-is-array.js: Added.
(assert):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197899 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd heuristic for "main content" videos which override user gesture requirements
jer.noble@apple.com [Thu, 10 Mar 2016 00:22:12 +0000 (00:22 +0000)]
Add heuristic for "main content" videos which override user gesture requirements
https://bugs.webkit.org/show_bug.cgi?id=155224

Reviewed by Eric Carlson.

Source/WebCore:

Tests: media/video-main-content-allow-then-deny.html
       media/video-main-content-allow.html
       media/video-main-content-deny-display-none.html
       media/video-main-content-deny-not-in-dom.html
       media/video-main-content-deny-not-visible.html
       media/video-main-content-deny-obscured.html
       media/video-main-content-deny-too-small.html

Add a new behavior "restriction" to MediaElementSession that allows media elements
to optionally overriding their own user gesture requirements if the session determines
that the media element is the page's "main content".

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::didAttachRenderers):
(WebCore::HTMLMediaElement::updateShouldPlay):
* html/HTMLMediaElement.h:
* html/MediaElementSession.cpp:
(WebCore::restrictionName):
(WebCore::MediaElementSession::MediaElementSession):
(WebCore::MediaElementSession::addBehaviorRestriction):
(WebCore::MediaElementSession::playbackPermitted):
(WebCore::MediaElementSession::dataLoadingPermitted):
(WebCore::isMainContent):
(WebCore::MediaElementSession::mainContentCheckTimerFired):
(WebCore::MediaElementSession::updateIsMainContent):
* html/MediaElementSession.h:
* testing/Internals.cpp:
(WebCore::Internals::setMediaElementRestrictions):

LayoutTests:

* media/video-main-content-allow-expected.txt: Added.
* media/video-main-content-allow-then-deny-expected.txt: Added.
* media/video-main-content-allow-then-deny.html: Added.
* media/video-main-content-allow.html: Added.
* media/video-main-content-deny-display-none-expected.txt: Added.
* media/video-main-content-deny-display-none.html: Added.
* media/video-main-content-deny-not-in-dom-expected.txt: Added.
* media/video-main-content-deny-not-in-dom.html: Added.
* media/video-main-content-deny-not-visible-expected.txt: Added.
* media/video-main-content-deny-not-visible.html: Added.
* media/video-main-content-deny-obscured-expected.txt: Added.
* media/video-main-content-deny-obscured.html: Added.
* media/video-main-content-deny-too-small-expected.txt: Added.
* media/video-main-content-deny-too-small.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197898 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdded missing #if(SOUP) after r197591.
commit-queue@webkit.org [Thu, 10 Mar 2016 00:14:07 +0000 (00:14 +0000)]
Added missing #if(SOUP) after r197591.
https://bugs.webkit.org/show_bug.cgi?id=155259

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-03-09
Reviewed by Alex Christensen.

No new tests needed.

* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago_WKWebsiteDataSize.h should be an SPI header.
andersca@apple.com [Thu, 10 Mar 2016 00:03:04 +0000 (00:03 +0000)]
_WKWebsiteDataSize.h should be an SPI header.

Rubber-stamped by Tim Horton.

* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197896 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Fix the ARM64 MacroAssembler after r197816
commit-queue@webkit.org [Wed, 9 Mar 2016 23:57:30 +0000 (23:57 +0000)]
[JSC] Fix the ARM64 MacroAssembler after r197816
https://bugs.webkit.org/show_bug.cgi?id=155268

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-09
Reviewed by Mark Lam.

The patch tries to generate instructions that do not exist,
causing quite fun stuff at runtime.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store16):
(JSC::MacroAssemblerARM64::store8):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197895 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkipping js/regress/getter-richards-try-catch.html on ios-simulator debug
ryanhaddad@apple.com [Wed, 9 Mar 2016 23:47:57 +0000 (23:47 +0000)]
Skipping js/regress/getter-richards-try-catch.html on ios-simulator debug
https://bugs.webkit.org/show_bug.cgi?id=155271

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a getter for WebVideoFullscreenInterfaceObjC and update its rate property
adachan@apple.com [Wed, 9 Mar 2016 23:36:22 +0000 (23:36 +0000)]
Add a getter for WebVideoFullscreenInterfaceObjC and update its rate property
https://bugs.webkit.org/show_bug.cgi?id=155239

Reviewed by Eric Carlson.

* platform/mac/WebVideoFullscreenInterfaceMac.h:
Move the stub implementation of setVideoDimensions() to the mm file.
Declare a getter to WebVideoFullscreenInterfaceMacObjC.
* platform/mac/WebVideoFullscreenInterfaceMac.mm:
(WebCore::WebVideoFullscreenInterfaceMac::setRate):
Also update the rate property of WebVideoFullscreenInterfaceMacObjC.
(WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
Stub implementation of setVideoDimensions() has been moved to here.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix Mac build without video enabled after r197633.
achristensen@apple.com [Wed, 9 Mar 2016 23:33:55 +0000 (23:33 +0000)]
Fix Mac build without video enabled after r197633.

* bindings/objc/DOM.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agouse ulimit command to check process limit in webkitpy
aakash_jain@apple.com [Wed, 9 Mar 2016 23:07:49 +0000 (23:07 +0000)]
use ulimit command to check process limit in webkitpy
https://bugs.webkit.org/show_bug.cgi?id=155260

Reviewed by Alexey Proskuryakov.

* Scripts/webkitpy/port/ios.py:
(IOSSimulatorPort.default_child_processes): Use ulimit command output instead of
launchctl limit maxproc command.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197891 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip two flaky tests on mac-wk1
ryanhaddad@apple.com [Wed, 9 Mar 2016 23:02:57 +0000 (23:02 +0000)]
Skip two flaky tests on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=155196

Unreviewed test gardening.

media/video-with-blob-url-allowed-by-csp-media-src-star.html and media/video-with-data-url-allowed-by-csp-media-src-star.html
are flaky on mac-wk1. Skipping to get bots to green during investigation.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHandling 'allowUniversalAccessFromFileURLs' on WKWebViewConfiguration causes test...
bfulgham@apple.com [Wed, 9 Mar 2016 23:00:57 +0000 (23:00 +0000)]
Handling 'allowUniversalAccessFromFileURLs' on WKWebViewConfiguration causes test breakage
https://bugs.webkit.org/show_bug.cgi?id=155265

Unreviewed work-around to allow testing to continue.

* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]): Workaround build break.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197889 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197873.
commit-queue@webkit.org [Wed, 9 Mar 2016 22:34:08 +0000 (22:34 +0000)]
Unreviewed, rolling out r197873.
https://bugs.webkit.org/show_bug.cgi?id=155262

"Crashes some JSC tests" (Requested by mlam on #webkit).

Reverted changeset:

"Add dumping of function expression names in CodeBlock
bytecode dump."
https://bugs.webkit.org/show_bug.cgi?id=155248
http://trac.webkit.org/changeset/197873

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197888 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename Node.treeRoot to rootNode and turn it on by default
rniwa@webkit.org [Wed, 9 Mar 2016 22:29:33 +0000 (22:29 +0000)]
Rename Node.treeRoot to rootNode and turn it on by default
https://bugs.webkit.org/show_bug.cgi?id=155226

Reviewed by Antonio Gomes.
Source/WebCore:

Node.prototype.treeRoot has been merged into DOM spec from Shadow DOM spec and renamed to rootNode:
https://dom.spec.whatwg.org/#dom-node-rootnode

Rename the method and expose it unconditionally on Node.prototype.

Tests: fast/dom/Node/rootNode.html
       fast/shadow-dom/Node-interface-rootNode.html

* dom/ContainerNode.h:
(WebCore::Node::highestAncestor): Deleted. There is no need for this function to be inlined.
* dom/Document.h: Now that both TreeScope and Node defines rootNode, we need to pick either.
Here, we pick TreeScope's definition since Document is by definition always in a document so there is
no need to even check inTreeScope().
* dom/Node.cpp:
(WebCore::Node::rootNode): Moved here. Also added a fast path for when "this" node is in a document
or a shadow root since TreeScope stores its root node as a member variable (m_rootNode).
* dom/Node.h:
* dom/Node.idl: Renamed the method and removed Conditional=SHADOW_DOM.
* dom/ShadowRoot.h: Similar to the change in Document.h. See above.
* editing/Editor.cpp:
(WebCore::correctSpellcheckingPreservingTextCheckingParagraph): Use rootNode instead of free function
defined in htmlediting.cpp, which was removed in this patch.
* editing/htmlediting.cpp:
(WebCore::highestAncestor): Deleted.
* editing/htmlediting.h:
* html/FormAssociatedElement.cpp:
(WebCore::computeRootNode): Added.
(WebCore::FormAssociatedElement::removedFrom): We can't use Node::rootNode here because this function
is called in the middle of removing a subtree, and some associated form element's inDocument flag may
not have been updated yet. So use computeRootNode to manually find the highest ancestor.
(WebCore::FormAssociatedElement::formRemovedFromTree): Ditto.
* xml/XPathPath.cpp:
(WebCore::XPath::LocationPath::evaluate):

LayoutTests:

Split Node-interface-treeRoot.html into two pieces, the one that doesn't invoke shadow DOM and the other that tests
shadow DOM related cases. I intend to upstream these tests to W3C at some point so keep them in testharness.js form.

* fast/dom/Node/rootNode-expected.txt: Added.
* fast/dom/Node/rootNode.html: Copied from LayoutTests/fast/shadow-dom/Node-interface-treeRoot.html.
* fast/shadow-dom/Node-interface-rootNode-expected.txt: Renamed from Node-interface-treeRoot-expected.txt.
* fast/shadow-dom/Node-interface-rootNode.html: Renamed from LayoutTests/fast/shadow-dom/Node-interface-treeRoot.html.
* js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/efl/js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/gtk/js/dom/dom-static-property-for-in-iteration-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197887 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Fixed All-in-One build.
commit-queue@webkit.org [Wed, 9 Mar 2016 21:50:04 +0000 (21:50 +0000)]
[cmake] Fixed All-in-One build.
https://bugs.webkit.org/show_bug.cgi?id=155241

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-03-09
Reviewed by Csaba Osztrogon√°c.

.:

* Source/cmake/WebKitMacros.cmake: Last item of WebCore_SOURCES was
not removed in PROCESS_ALLINONE_FILE.

Source/WebCore:

No new tests needed.

* bindings/js/JSBindingsAllInOne.cpp: Should not include generated
file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197886 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix use-after-free when cancelling synchronous XHR when using NetworkSession
achristensen@apple.com [Wed, 9 Mar 2016 21:49:59 +0000 (21:49 +0000)]
Fix use-after-free when cancelling synchronous XHR when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155253

Reviewed by Brady Eidson.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueWillSendRequest):
Store the completion handler on the stack before calling didFail, which deletes the
NetworkLoad, so we don't access m_redirectCompletionHandler after deleting the NetworkLoad.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rebaseline bindings tests after r197874.
cdumez@apple.com [Wed, 9 Mar 2016 21:48:19 +0000 (21:48 +0000)]
Unreviewed, rebaseline bindings tests after r197874.

* bindings/scripts/test/JS/JSattribute.cpp:
(WebCore::JSattribute::getOwnPropertySlot):
* bindings/scripts/test/JS/JSattribute.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStop building armv7 on iOS device builders
ap@apple.com [Wed, 9 Mar 2016 21:44:00 +0000 (21:44 +0000)]
Stop building armv7 on iOS device builders
https://bugs.webkit.org/show_bug.cgi?id=155246

Reviewed by David Kilzer.

* BuildSlaveSupport/build.webkit.org-config/config.json: Building both armv7 and
armv7s makes the bots unnecessarily slow. We can catch super rare v7-only regressions
elsewhere.

* Scripts/webkitpy/common/config/ews.json: Changed EWS to match, as we always want
EWS configuration to be verified by buildbot queues.

* Scripts/webkitdirs.pm:
* Scripts/webkitpy/port/ios.py:
Changed default to arm64. I think that the default is probably not used in any
practical scenarios, but it's nice to make it more sensible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197883 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197698.
commit-queue@webkit.org [Wed, 9 Mar 2016 21:31:03 +0000 (21:31 +0000)]
Unreviewed, rolling out r197698.
https://bugs.webkit.org/show_bug.cgi?id=155252

Caused assertions, and wasn't reviewed by a WK2 owner
(Requested by andersca on #webkit).

Reverted changeset:

"Last opened tab does not receive
SetHiddenPageTimerThrottlingIncreaseLimit message"
https://bugs.webkit.org/show_bug.cgi?id=155126
http://trac.webkit.org/changeset/197698

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197882 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebsiteDataStore::Configuration::legacyWebsiteDataStoreConfiguration() should respect...
conrad_shultz@apple.com [Wed, 9 Mar 2016 21:30:45 +0000 (21:30 +0000)]
WebsiteDataStore::Configuration::legacyWebsiteDataStoreConfiguration() should respect the passed-in configuration
https://bugs.webkit.org/show_bug.cgi?id=155250

Reviewed by Anders Carlsson.

Note that the legacy directories are already set by default in ProcessPoolConfiguration::createWithLegacyOptions(),
which is also where the shouldHaveLegacyDataStore flag, which will cause this code path to be reached, is set.

* UIProcess/WebProcessPool.cpp:
(WebKit::legacyWebsiteDataStoreConfiguration):
Use the passed-in configuration to set the application cache, network cache, and media keys storage directories.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFor RSS feeds, convert image and link relative URIs to absolute URIs
jond@apple.com [Wed, 9 Mar 2016 21:30:07 +0000 (21:30 +0000)]
For RSS feeds, convert image and link relative URIs to absolute URIs
https://bugs.webkit.org/show_bug.cgi?id=155237

Reviewed by Timothy Hatcher.

* wp-content/themes/webkit/functions.php:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeculative disk cache resource revalidations are sometimes wasted
cdumez@apple.com [Wed, 9 Mar 2016 21:22:36 +0000 (21:22 +0000)]
Speculative disk cache resource revalidations are sometimes wasted
https://bugs.webkit.org/show_bug.cgi?id=155187
<rdar://problem/25032905>

Reviewed by Antti Koivisto.

Speculative disk cache resource revalidations were sometimes wasted.

We would sometimes correctly revalidate a resource but the
NetworkResourceLoader then either:
1. Fail to reuse the speculatively validated entry
2. Reuse the speculatively validated entry but then validate it again

Bug 1 was caused by the revalidated entry key sometimes being
different from the cached entry key. This could happen when
revalidation fails (the server did not send back a 304) in
which case we call NetworkCache::store() which creates a new
cache Entry, generating a cache key from our revalidation
request. If the original request has a cache partition or a
range, then the keys would not match because we did not set
the cache partition or the range on the revalidation request.
This has been addressed by setting the cache partition on the
revalidation request in constructRevalidationRequest() and by
not doing revalidation if the original request had a 'range'
header.

Bug 2 was caused by us marking a speculatively revalidated entry
as "not needing revalidating" only in Cache::update(). Cache::update()
is only called in the case the revalidation was successful (server
returned a 304). If revalidation was not successful, Cache::store()
would be called instead was we would fail to update the
needsRevalidation flag. NetworkResourceLoader would then validate
again the resource that was already speculatively revalidated.
To address the problem, we now update the 'needsRevalidation' flag
as soon as the speculative revalidation completes, in
SpeculativeLoad::didComplete().

* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::makeCacheKey):
(WebKit::NetworkCache::Cache::update):
* NetworkProcess/cache/NetworkCacheEntry.cpp:
(WebKit::NetworkCache::Entry::setNeedsValidation):
* NetworkProcess/cache/NetworkCacheEntry.h:
* NetworkProcess/cache/NetworkCacheKey.cpp:
(WebKit::NetworkCache::noPartitionString):
(WebKit::NetworkCache::Key::Key):
(WebKit::NetworkCache::Key::hasPartition):
* NetworkProcess/cache/NetworkCacheKey.h:
* NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:
(WebKit::NetworkCache::SpeculativeLoad::didComplete):
* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::constructRevalidationRequest):
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
(WebKit::NetworkCache::SpeculativeLoadManager::revalidateEntry):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix old iOS
oliver@apple.com [Wed, 9 Mar 2016 21:15:00 +0000 (21:15 +0000)]
Fix old iOS

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unnecessary constructor
commit-queue@webkit.org [Wed, 9 Mar 2016 21:13:51 +0000 (21:13 +0000)]
Web Inspector: Remove unnecessary constructor
https://bugs.webkit.org/show_bug.cgi?id=155249

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-09
Reviewed by Timothy Hatcher.

* UserInterface/Views/ScriptTimelineDataGrid.js:
(WebInspector.ScriptTimelineDataGrid):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197877 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWincairo buildfix
oliver@apple.com [Wed, 9 Mar 2016 21:09:51 +0000 (21:09 +0000)]
Wincairo buildfix
https://bugs.webkit.org/show_bug.cgi?id=155245

Reviewed by Mark Lam.

Fix up exports for a few symbols

* jit/ExecutableAllocator.h:
* jit/ExecutableAllocatorFixedVMPool.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197876 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofocus() / blur() should be on HTMLElement / SVGElement, not Element
cdumez@apple.com [Wed, 9 Mar 2016 20:55:28 +0000 (20:55 +0000)]
focus() / blur() should be on HTMLElement / SVGElement, not Element
https://bugs.webkit.org/show_bug.cgi?id=155216

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

focus() / blur() should be on HTMLElement / SVGElement, not Element:
- https://html.spec.whatwg.org/multipage/dom.html#htmlelement
- https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement

Chrome and Firefox match the specification.

Note that after this change, focus() / blur() is no longer exposed
on MathMLElement. This matches the MathML specification and is
consistent with Firefox and Chrome.

* dom/Element.idl:
* html/HTMLElement.idl:
* svg/SVGElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove attributes to the instance for most interfaces that have "Error" in their name
cdumez@apple.com [Wed, 9 Mar 2016 20:37:36 +0000 (20:37 +0000)]
Move attributes to the instance for most interfaces that have "Error" in their name
https://bugs.webkit.org/show_bug.cgi?id=155231

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Our bindings generator was keeping attributes on the instances for
interfaces having "Error" or "Exception" in their name. The reason is
that interfaces that have "Error" in their prototype would not behave
correctly otherwise because "Error" incorrectly has its attributes on
the instance at the moment. However, in our bindings generator, the
condition to decide if an interface's prototype should be "Error" is
if $interface->isException. Therefore, we should use the same condition
to decide if we should keep attributes on the instance until "Error"
is updated to have its attributes on the prototype. Doing this for any
interface having "Error" or "Exception" in their name is overkill.

No new tests, already covered by existing test.

* bindings/scripts/CodeGeneratorJS.pm:
(InterfaceRequiresAttributesOnInstance):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd dumping of function expression names in CodeBlock bytecode dump.
mark.lam@apple.com [Wed, 9 Mar 2016 20:36:40 +0000 (20:36 +0000)]
Add dumping of function expression names in CodeBlock bytecode dump.
https://bugs.webkit.org/show_bug.cgi?id=155248

Reviewed by Filip Pizlo.

Because ...
[  19] new_func_exp      loc5, loc3, f0:foo

... is more informative than
[  19] new_func_exp      loc5, loc3, f0

Anonymous functions will be dumped as <anon>.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpFunctionExpr):
(JSC::CodeBlock::dumpBytecode):
* bytecode/CodeBlock.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197873 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS Simulator EWS to bot watcher's dashboard
ap@apple.com [Wed, 9 Mar 2016 20:36:35 +0000 (20:36 +0000)]
Add iOS Simulator EWS to bot watcher's dashboard
https://bugs.webkit.org/show_bug.cgi?id=155220

Reviewed by Lucas Forschler.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueServer.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197872 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename WebCore/platform/crypto/mac/CryptoDigestMac.cpp to WebCore/platform/crypto...
dbates@webkit.org [Wed, 9 Mar 2016 20:25:25 +0000 (20:25 +0000)]
Rename WebCore/platform/crypto/mac/CryptoDigestMac.cpp to WebCore/platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp
https://bugs.webkit.org/show_bug.cgi?id=155244

Reviewed by Alexey Proskuryakov.

The file WebCore/platform/crypto/mac/CryptoDigestMac.cpp is applicable to both iOS and OS X.
We should move and rename this file to reflect that is applicable to both of these platforms.

* PlatformMac.cmake:
* WebCore.xcodeproj/project.pbxproj:
* platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp: Renamed from Source/WebCore/platform/crypto/mac/CryptoDigestMac.cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197871 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLocal HTML should be blocked from localStorage access unless "Disable Local File...
bfulgham@apple.com [Wed, 9 Mar 2016 20:22:28 +0000 (20:22 +0000)]
Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
https://bugs.webkit.org/show_bug.cgi?id=155185
Source/WebKit2:

Reviewed by Anders Carlsson.
<rdar://problem/11101440>

Tested by TestWebKitAPI tests IndexedDB.IndexedDBMultiProcess and IndexedDB.IndexedDBPersistence.

Allow Cocoa WKWebViewConfiguration access to the 'allowUniversalAccessFromFileURLs' setting.

* UIProcess/API/Cocoa/WKWebView.mm:
(- [WKWebView _initializeWithConfiguration]): Set 'allowUniversalAccessFromFileURLsKey' in
page configuration.
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration _allowUniversalAccessFromFileURLs]): Added,
(-[WKWebViewConfiguration _setAllowUniversalAccessFromFileURLs:]): Added.
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:

Tools:

<rdar://problem/11101440>

Reviewed by Anders Carlsson.

* TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp:
(TestWebKitAPI::TEST): Allow local file accesss to run test.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:
(TEST): Ditto.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm:
(TEST): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement RegExp sticky flag and related functionality
msaboff@apple.com [Wed, 9 Mar 2016 20:11:46 +0000 (20:11 +0000)]
[ES6] Implement RegExp sticky flag and related functionality
https://bugs.webkit.org/show_bug.cgi?id=155177

Reviewed by Saam Barati.

Source/JavaScriptCore:

Implemented the ES6 RegExp sticky functionality.

There are two main behavior changes when the sticky flag is specified.
1) Matching starts at lastIndex and lastIndex is updated after the match.
2) The regular expression is only matched from the start position in the string.
See ES6 section 21.2.5.2.2 for details.

Changed both the Yarr interpreter and jit to not loop to the next character for sticky RegExp's.
Updated RegExp exec and match, and stringProtoFuncMatch to handle lastIndex changes.

Restructured the way flags are passed to and through YarrPatterns to use RegExpFlags instead of
individual bools.

Updated tests for 'y' flag and new behavior.

* bytecode/CodeBlock.cpp:
(JSC::regexpToSourceString):
* inspector/ContentSearchUtilities.cpp:
(Inspector::ContentSearchUtilities::findMagicComment):
* runtime/CommonIdentifiers.h:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* runtime/RegExp.h:
* runtime/RegExpKey.h:
* runtime/RegExpObjectInlines.h:
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncCompile):
(JSC::flagsString):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
* tests/es6.yaml:
* tests/stress/static-getter-in-names.js:
(shouldBe):
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::compile):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::tryConsumeBackReference):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
(JSC::Yarr::Interpreter::matchAssertionWordBoundary):
(JSC::Yarr::Interpreter::matchDotStarEnclosure):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
* yarr/YarrInterpreter.h:
(JSC::Yarr::BytecodePattern::BytecodePattern):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::ignoreCase):
(JSC::Yarr::BytecodePattern::multiline):
(JSC::Yarr::BytecodePattern::sticky):
(JSC::Yarr::BytecodePattern::unicode):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generateAssertionBOL):
(JSC::Yarr::YarrGenerator::generateAssertionEOL):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
(JSC::Yarr::YarrGenerator::backtrack):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPatternConstructor::optimizeBOL):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::YarrPattern::reset):
(JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
(JSC::Yarr::YarrPattern::ignoreCase):
(JSC::Yarr::YarrPattern::multiline):
(JSC::Yarr::YarrPattern::sticky):
(JSC::Yarr::YarrPattern::unicode):

LayoutTests:

New and updated tests.

* js/Object-getOwnPropertyNames-expected.txt:
* js/regexp-flags-expected.txt:
* js/regexp-sticky-expected.txt: Added.
* js/regexp-sticky.html: Added.
* js/script-tests/Object-getOwnPropertyNames.js:
* js/script-tests/regexp-flags.js:
(RegExp.prototype.hasOwnProperty): Deleted check for sticky property.
* js/script-tests/regexp-sticky.js: New test.
(asString):
(testStickyExec):
(testStickyMatch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving and re-adding a script message handler with the same name results in an...
timothy_horton@apple.com [Wed, 9 Mar 2016 19:56:41 +0000 (19:56 +0000)]
Removing and re-adding a script message handler with the same name results in an unusable message handler
https://bugs.webkit.org/show_bug.cgi?id=155223

Reviewed by Sam Weinig.
Source/WebCore:

New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

* page/UserMessageHandler.h:
(WebCore::UserMessageHandler::descriptor):
* page/UserMessageHandlersNamespace.cpp:
(WebCore::UserMessageHandlersNamespace::handler):
This lazy removal mechanism combined with the fact that we only compare
handler name and world makes it such that m_messageHandlers could have
a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
only in client.

It is safe to compare the descriptors by pointer instead because m_messageHandler
holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
that the add-remove-add path (with identical name and world) causes a new
UserContentController to be created.

We also now clean up any stale UserMessageHandlers whenever we're about to
add a new one, by removing any which the UserContentController no longer knows about.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
(TEST):
Add a test ensuring that it is possible to remove and re-add a script message handler
with the same name and still dispatch messages to it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197868 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFunctionExecutable::ecmaName() should not be based on inferredName().
mark.lam@apple.com [Wed, 9 Mar 2016 19:36:21 +0000 (19:36 +0000)]
FunctionExecutable::ecmaName() should not be based on inferredName().
https://bugs.webkit.org/show_bug.cgi?id=155203

Reviewed by Michael Saboff.

Source/JavaScriptCore:

The ES6 rules for how a function name should be inferred closely matches JSC's
implementation with one exception:
    var o = {}
    o.foo = function() {}

JSC's inferredName for o.foo would be "foo".
ES6 specifies that o.foo.name is "".

The fix is to add a distinct FunctionExecutable::ecmaName() which applies the ES6
rules for inferring the initial value of Function.name.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::makeAssignNode):
* parser/Nodes.h:
* runtime/Executable.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):
* tests/es6.yaml:

LayoutTests:

* js/script-tests/function-toString-vs-name.js:
- Fixed up object property test section and added new test cases.
* platform/mac/http/tests/media/media-source/mediasource-sourcebuffer-mode-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197867 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd two finger tap on links.
enrica@apple.com [Wed, 9 Mar 2016 19:29:29 +0000 (19:29 +0000)]
Add two finger tap on links.
https://bugs.webkit.org/show_bug.cgi?id=155205
rdar://problem/22937516

Reviewed by Sam Weinig.

Adds two finger tap gesture recognizer. When performed
on a link, it calls the delegate.

* Platform/spi/ios/UIKitSPI.h:
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/WebPageProxy.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView setupInteraction]):
(-[WKContentView cleanupInteraction]):
(-[WKContentView _removeDefaultGestureRecognizers]):
(-[WKContentView _addDefaultGestureRecognizers]):
(-[WKContentView _twoFingerSingleTapGestureRecognized:]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::handleTwoFingerTapAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlways call NSURLSession completion handlers
commit-queue@webkit.org [Wed, 9 Mar 2016 19:04:07 +0000 (19:04 +0000)]
Always call NSURLSession completion handlers
https://bugs.webkit.org/show_bug.cgi?id=155137

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-09
Reviewed by Darin Adler.

There are some edge cases which should not be hit, but if they are they would cause the
network process to hang and network resources to be leaked.  This can be avoided.
There are also a few release asserts that do not need to crash release builds.

* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::didReceiveChallenge):
(WebKit::NetworkDataTask::didCompleteWithError):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::didReceiveData):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::scheduleFailure):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197865 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlign HTMLKeygenElement.keytype with the specification
cdumez@apple.com [Wed, 9 Mar 2016 18:45:18 +0000 (18:45 +0000)]
Align HTMLKeygenElement.keytype with the specification
https://bugs.webkit.org/show_bug.cgi?id=155214

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Align HTMLKeygenElement.keytype with the specification:
- https://html.spec.whatwg.org/#dom-keygen-keytype
- https://html.spec.whatwg.org/#attr-keygen-keytype

In particular, the following changes were made:
1. Return "rsa" by default (i.e. when the corresponding content attribute is missing)
2. Only return known values

Test: fast/dom/HTMLKeygenElement/keygen-keytype.html

* html/HTMLKeygenElement.cpp:
(WebCore::HTMLKeygenElement::setKeytype):
(WebCore::HTMLKeygenElement::keytype):
(WebCore::HTMLKeygenElement::appendFormData):
* html/HTMLKeygenElement.h:
* html/HTMLKeygenElement.idl:

LayoutTests:

Add test coverage for HTMLKeygenElement.keytype.

* fast/dom/HTMLKeygenElement/keygen-keytype-expected.txt: Added.
* fast/dom/HTMLKeygenElement/keygen-keytype.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GStreamer] Fix MediaPlayerPrivate conflicts
philn@webkit.org [Wed, 9 Mar 2016 18:26:38 +0000 (18:26 +0000)]
[GStreamer] Fix MediaPlayerPrivate conflicts
https://bugs.webkit.org/show_bug.cgi?id=155236

Reviewed by Martin Robinson.

In some cases the mediastream player would be used to play
non-mediastream videos or MSE streams. The OWR player should be
used only for mediastreams and the MediaPlayerPrivateGStreamer
player should be used only for normal <video> elements and
MediaSource support.

This patch intends to fix the massive tests timeouts currently
happening on the GTK bots after r197752.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::supportsType): Bail out if
the type checked represents a mediastream.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
Prevent signal disconnection on possible NULL GObjects.
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
(WebCore::MediaPlayerPrivateGStreamerOwr::MediaPlayerPrivateGStreamerOwr):
Simplify constructor to the bare minimum.
(WebCore::MediaPlayerPrivateGStreamerOwr::load): Create sinks only
if needed from the load method.
(WebCore::MediaPlayerPrivateGStreamerOwr::getSupportedTypes):
Initialize the type cache to an empty static hashset.
(WebCore::MediaPlayerPrivateGStreamerOwr::supportsType): This
player does support mediastreams and nothing else.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197863 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHarden JSC Root element functions from bad values
msaboff@apple.com [Wed, 9 Mar 2016 18:10:59 +0000 (18:10 +0000)]
Harden JSC Root element functions from bad values
https://bugs.webkit.org/show_bug.cgi?id=155234

Reviewed by Saam Barati.

Changed jsCast() to jsDynamicCast() in Root related function to protect against being
called with non-Root arguments.

* jsc.cpp:
(functionCreateElement):
(functionGetElement):
(functionSetElementRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
benjamin@webkit.org [Wed, 9 Mar 2016 17:51:38 +0000 (17:51 +0000)]
[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
https://bugs.webkit.org/show_bug.cgi?id=155217

Reviewed by Filip Pizlo.

This patch addresses 2 types of problems with tiering up to FTL
with OSR Entry in a loop:
-When there are nested loops, it is generally valuable to enter
 an outer loop rather than an inner loop.
-When tiering up at a point that cannot OSR Enter, we are at
 the mercy of the outer loop frequency to compile the right
 entry point.

The first case is significant in the test "gaussian-blur".
That test has 4 nested loops. When we have an OSR Entry,
the analysis phases have to be pesimistic where we enter:
we do not really know what constraint can be proven from
the DFG code that was running.

In "gaussian-blur", integer-range analysis removes pretty
much all overflow checks in the inner loops of where we entered.
The more outside we enter, the better code we generate.

Since we spend the most iterations in the inner loop, we naturally
tend to OSR Enter into the 2 most inner loops, making the most
pessimistic assumptions.

To avoid such problems, I changed how we decide where to OSR Enter.
Previously, the last CheckTierUpAndOSREnter to cross the threshold
was where we take the entry point for FTL.

What happens now is that the entry point is not decied when
compiling the CheckTierUp variants. Instead, all the information
we need is gathered during compilation and keept on the JITCode
to be used at runtime.

When we try to tier up and decide to OSR Enter, we use the information
we have to pick a good outer loop for OSR Entry.

Now the problem is outer loop do not CheckTierUpAndOSREnter often,
wasting several miliseconds before entering the newly compiled FTL code.

To solve that, every CheckTierUpAndOSREnter has its own trigger that
bypass the counter. When the FTL Code is compiled, the trigger is set
and we enter through the right CheckTierUpAndOSREnter immediately.

---

This new mechanism also solves a problem of ai-astar.
When we try to tier up in ai-astar, we had nothing to compile until
the outer loop is reached.

To make sure we reached the CheckTierUpAndOSREnter in a reasonable time,
we had CheckTierUpWithNestedTriggerAndOSREnter with a special trigger.

With the new mechanism, we can do much better:
-When we keep hitting CheckTierUpInLoop, we now have all the information
 we need to already start compiling the outer loop.
 Instead of waiting for the outer loop to be reached a few times, we compile
 it as soon as the inner loop is hammering CheckTierUpInLoop.
-With the new triggers, the very next time we hit the outer loop, we OSR Enter.

This allow us to compile what we need sooner and enter sooner.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize): Deleted.
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC): Deleted.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode): Deleted.
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::compileEntryExecutionFlag):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.h:
(JSC::DFG::Plan::canTierUpAndOSREnter):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile): Deleted.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::TierUpCheckInjectionPhase::buildNaturalLoopToLoopHintMap):
(JSC::DFG::TierUpCheckInjectionPhase::findLoopsContainingLoopHintWithoutOSREnter): Deleted.
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::Ref<ToFTLForOSREntryDeferredCompilationCallback>ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCleaning up TestExpectations files to remove deleted tests and duplicate entries...
ryanhaddad@apple.com [Wed, 9 Mar 2016 17:44:24 +0000 (17:44 +0000)]
Cleaning up TestExpectations files to remove deleted tests and duplicate entries for ios-simulator.

Unreviewed test gardening.

* TestExpectations:
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197860 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkipping fast/events/max-tabindex-focus.html on ios-simulator
ryanhaddad@apple.com [Wed, 9 Mar 2016 17:25:23 +0000 (17:25 +0000)]
Skipping fast/events/max-tabindex-focus.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155233

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197859 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLocal HTML should be blocked from localStorage access unless "Disable Local File...
bfulgham@apple.com [Wed, 9 Mar 2016 17:06:56 +0000 (17:06 +0000)]
Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

* storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
* storage/domstorage/localstorage/blocked-file-access.html: Added.
* storage/domstorage/localstorage/resources/blocked-example.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197858 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Allow to place positioned grid items on the padding
rego@igalia.com [Wed, 9 Mar 2016 14:26:39 +0000 (14:26 +0000)]
[css-grid] Allow to place positioned grid items on the padding
https://bugs.webkit.org/show_bug.cgi?id=155199

Reviewed by Sergio Villar Senin.

Source/WebCore:

According to the following discussion on the CSS WG mailing list,
we should be able to place positioned grid items on the padding directly:
https://lists.w3.org/Archives/Public/www-style/2015Nov/0070.html

This means that a positioned grid item can be placed on the padding itself.
The "auto" value resolves to the padding edges (0th and -0th lines).
So if a positioned item is placed with: grid-column: auto / 1;
it'd be placed on the padding, from line 0th to 1st line.

On top of that, we've to detect properly the first and last explicit
grid lines during the layout of positioned grid items.
We have to consider that the grid can have implicit tracks created
previously by regular grid items.

Tests: fast/css-grid-layout/grid-positioned-items-padding.html
       fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

Add new tests and updated results in a current one.

* fast/css-grid-layout/grid-positioned-items-implicit-grid.html:
* fast/css-grid-layout/grid-positioned-items-padding-expected.txt: Added.
* fast/css-grid-layout/grid-positioned-items-padding.html: Added.
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track-expected.txt: Added.
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197857 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImageDocuments leak their world.
akling@apple.com [Wed, 9 Mar 2016 12:00:32 +0000 (12:00 +0000)]
ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

This got rolled out the first time because it failed on bots. It failed due
to expecting a specific number of documents to be live at the start of the
test, which was not reliable on bots since we appear to have more leaks(!)

Tweaked the test to check the delta in live document count instead.

* fast/dom/ImageDocument-world-leak-expected.txt: Added.
* fast/dom/ImageDocument-world-leak.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197856 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Fix auto-track sizing with min-size:auto and specific sizes
svillar@igalia.com [Wed, 9 Mar 2016 11:02:40 +0000 (11:02 +0000)]
[css-grid] Fix auto-track sizing with min-size:auto and specific sizes
https://bugs.webkit.org/show_bug.cgi?id=155165

Reviewed by Darin Adler.

Source/WebCore:

Specs recently changed the way auto tracks are sized. In the
previous versions, when sizing auto minimums, only the
min-width|height of the items spanning through the auto tracks
were used to size them. The new text specifies that for items
with a specified minimum size of auto, the behavior is
equivalent to a min-content minimum.

This means that from now on, auto tracks with min-size:auto
will no longer be smaller than min-content tracks (which was
pretty weird from the user POV).

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::minSizeForChild): use grid items
min-content contributions whenever the specified size is not
auto or when min-size is auto.

LayoutTests:

* fast/css-grid-layout/grid-automatic-minimum-for-auto-columns-expected.txt:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-columns.html:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-rows-expected.txt:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-rows.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197854 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Initial support for implicit grid before explicit grid
rego@igalia.com [Wed, 9 Mar 2016 10:15:23 +0000 (10:15 +0000)]
[css-grid] Initial support for implicit grid before explicit grid
https://bugs.webkit.org/show_bug.cgi?id=155014

Reviewed by Darin Adler.

Source/WebCore:

Change GridSpan to store int instead of unsigned. This allows us to
resolve positions before the explicit grid with negative values.

This patch adds a new type of GridSpan called "Untranslated".
This type is only used in populateExplicitGridAndOrderIterator().
Where we store the smallest negative position in both axis.

Then the GridSpans are translated into positive values, using the offset
calculated before. This is done in placeItemsOnGrid() and from that
moment the rest of the code uses "Definite" GridSpans, which returns
only positive positions (unsigned instead of int).
This allows us to don't have to modify the rest of the code, as it keeps
using GridSpans as before.

Let's use an example to explain how it works. Imagine that we've a 2
columns grid and 2 items placed like:
* Item A: grid-column: -5;
* Item B: grid-column: 1;

Initially we'll use "Unstranslated" GridSpans with the following values:
* Item A: GridSpan(-2, -1)
* Item B: GridSpan(0, 1)

Then we'll translate them using the smallest position as offset (-2)
so we've "Definite" GridSpans:
* Item A: GridSpan(0, 1)
* Item B: GridSpan(2, 3)

Test: fast/css-grid-layout/implicit-tracks-before-explicit.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseGridTemplateAreasRow):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::gridTrackSize):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
(WebCore::RenderGrid::layoutPositionedObject): Deleted.
* rendering/RenderGrid.h:
* rendering/style/GridCoordinate.h:
(WebCore::GridSpan::untranslatedDefiniteGridSpan):
(WebCore::GridSpan::translatedDefiniteGridSpan):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::untranslatedResolvedInitialPosition):
(WebCore::GridSpan::untranslatedResolvedFinalPosition):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::isTranslatedDefinite):
(WebCore::GridSpan::isIndefinite):
(WebCore::GridSpan::translate):
(WebCore::GridSpan::GridSpan):
(WebCore::GridSpan::operator==): Deleted.
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator): Deleted.
(WebCore::GridSpan::GridSpanIterator::operator unsigned&): Deleted.
* rendering/style/GridResolvedPosition.cpp:
(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
(WebCore::GridResolvedPosition::spanSizeForAutoPlacedItem): Deleted.

LayoutTests:

Updated results in current tests and added specific test for this.

* fast/css-grid-layout/grid-auto-flow-resolution.html:
* fast/css-grid-layout/grid-item-negative-position-resolution.html:
* fast/css-grid-layout/grid-item-spanning-resolution.html:
* fast/css-grid-layout/implicit-tracks-before-explicit-expected.txt: Added.
* fast/css-grid-layout/implicit-tracks-before-explicit.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Arabic text on Wikipedia is shown as boxes
mmaxfield@apple.com [Wed, 9 Mar 2016 08:54:56 +0000 (08:54 +0000)]
[iOS] Arabic text on Wikipedia is shown as boxes
https://bugs.webkit.org/show_bug.cgi?id=155129
<rdar://problem/24919902>

Reviewed by Darin Adler.

Source/WebCore:

GeezaPro is the PostScript name, not the family name.

Test: fast/text/arabic-blacklisted.html

* platform/graphics/ios/FontCacheIOS.mm:
(WebCore::platformLookupFallbackFont):

LayoutTests:

This test is iOS-specific.

* platform/efl/TestExpectations:
* platform/gtk/TestExpectations:
* platform/mac/TestExpectations:
* platform/win/TestExpectations:
* fast/text/arabic-blacklisted-expected.html: Added.
* fast/text/arabic-blacklisted.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197825.
commit-queue@webkit.org [Wed, 9 Mar 2016 07:45:19 +0000 (07:45 +0000)]
Unreviewed, rolling out r197825.
https://bugs.webkit.org/show_bug.cgi?id=155222

It broke the EFL build. It is not dead code. (Requested by
gyuyoung on #webkit).

Reverted changeset:

"Delete dead scrolling code"
https://bugs.webkit.org/show_bug.cgi?id=155210
http://trac.webkit.org/changeset/197825

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove failing assertion. There are strings that claim to be atomic but that the
fpizlo@apple.com [Wed, 9 Mar 2016 07:29:43 +0000 (07:29 +0000)]
Remove failing assertion. There are strings that claim to be atomic but that the
compiler thread can totally deal with, like the empty string.

Rubber stamped by Mark Lam.

* wtf/text/StringImpl.h:
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElement with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
cdumez@apple.com [Wed, 9 Mar 2016 06:27:54 +0000 (06:27 +0000)]
Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
https://bugs.webkit.org/show_bug.cgi?id=155215

Reviewed by Ryosuke Niwa.

Source/WebCore:

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
due to a bug in r197726. This patch fixes the issue by only comparing
candidate.tabIndex to winningTabIndex if winner is non-null.

Test: fast/events/max-tabindex-focus.html

* page/FocusController.cpp:
(WebCore::nextElementWithGreaterTabIndex):

LayoutTests:

Add test to make sure that an Element with a tabIndex equal to
2147483647 (maximum tabIndex) can be focused.

* fast/events/max-tabindex-focus-expected.txt: Added.
* fast/events/max-tabindex-focus.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix iOS Simulator EWS.
ap@apple.com [Wed, 9 Mar 2016 05:53:54 +0000 (05:53 +0000)]
Fix iOS Simulator EWS.

Unreviewed build fix.

* Scripts/webkitpy/common/config/ports.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDFG should be able to constant-fold strings
fpizlo@apple.com [Wed, 9 Mar 2016 05:16:47 +0000 (05:16 +0000)]
DFG should be able to constant-fold strings
https://bugs.webkit.org/show_bug.cgi?id=155200

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This adds constant-folding of string1 + string2 and string.length. The actual folding
rule is easy, but there are some gotchas.

The problem is that the DFG cannot allocate new JSString objects until we are on the
main thread. So, DFG IR must have a node for a JSValue string constant that hasn't been
created yet - i.e. it doesn't have any concrete JSValue bits yet.

We have the ability to speak of such things, using LazyJSValue. But that's a class, not
a node type. This patch now adds a node type, LazyJSConstant, which is a Node that holds
a LazyJSValue.

This puts us in a weird situation: AI uses JSValue to represent constants. It would take
a lot of work to change it to use LazyJSValue. So, this implements the constant folding
in StrengthReductionPhase. I created a bug and put a FIXME about moving these rules into
AI.

OTOH, our experience in B3 shows that constant folding in strength reduction is quite
nice. It would totally make sense to have strength reduction have constant folding rules
that mirror the rules in AI, or to factor out the AI constant folding rules, the same
way that B3 factors out those rules into Value methods.

Another issue is how to represent the cumulative result of possibly many foldings. I
initially considered adding LazyJSValue kinds that represented concatenation. Folding
the concatenation to a constant meand that this constant was actually a LazyJSValue that
represented the concatenation of two other things. But this would get super messy if we
wanted to fold an operation that uses the results of another folded operation.

So, the JIT thread folds string operations by creating a WTF::String that contains the
result. The DFG::Graph holds a +1 on the underlying StringImpl, so we can pass the
StringImpl* around without reference counting. The LazyJSValue now has a special kind
that means: we created this StringImpl* on the JIT thread, and once the JIT is done, we
will relinquish ownership of it. LazyJSValue has some magic to emit code for these
to-be-created-JSStrings while also transferring ownership of the StringImpl from the JIT
thread to the main thread and registering the JSString with the GC.

This just implements folding for concatenation and GetArrayLength. It's just a proof of
concept for evil things I want to do later.

This change is a 2.5x speed-up on the string concatenation microbenchmarks I added in
this patch.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGFrozenValue.cpp:
(JSC::DFG::FrozenValue::emptySingleton):
(JSC::DFG::FrozenValue::tryGetString):
(JSC::DFG::FrozenValue::dumpInContext):
* dfg/DFGFrozenValue.h:
(JSC::DFG::FrozenValue::strength):
* dfg/DFGGraph.h:
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::newString):
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToStringImpl):
(JSC::DFG::LazyJSValue::tryGetStringImpl):
(JSC::DFG::LazyJSValue::tryGetString):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::switchLookupValue):
(JSC::DFG::LazyJSValue::emit):
(JSC::DFG::LazyJSValue::dumpInContext):
* dfg/DFGLazyJSValue.h:
(JSC::DFG::LazyJSValue::LazyJSValue):
(JSC::DFG::LazyJSValue::knownStringImpl):
(JSC::DFG::LazyJSValue::kind):
(JSC::DFG::LazyJSValue::tryGetValue):
(JSC::DFG::LazyJSValue::character):
(JSC::DFG::LazyJSValue::stringImpl):
* dfg/DFGMayExit.cpp:
(JSC::DFG::mayExit):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentityOn):
(JSC::DFG::Node::convertToLazyJSConstant):
(JSC::DFG::Node::convertToPutHint):
(JSC::DFG::Node::convertToPutClosureVarHint):
(JSC::DFG::Node::tryGetString):
(JSC::DFG::Node::promotedLocationDescriptor):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::convertToConstantStoragePointer):
(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::hasLazyJSValue):
(JSC::DFG::Node::lazyJSValue):
(JSC::DFG::Node::initializationValueForActivation):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileLazyJSConstant):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Constant):
(JSC::FTL::DFG::LowerDFGToB3::compileLazyJSConstant):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):

Source/WTF:

Also disable assertions about reference counting strings on the JIT thread. We will do
that now and it's OK.

* wtf/text/StringImpl.h:
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

LayoutTests:

* js/regress/script-tests/strcat-const.js: Added.
(foo):
(bar):
* js/regress/script-tests/strcat-length-const.js: Added.
(foo):
(bar):
* js/regress/strcat-const-expected.txt: Added.
* js/regress/strcat-const.html: Added.
* js/regress/strcat-length-const-expected.txt: Added.
* js/regress/strcat-length-const.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Timelines keeps switching to overview instead of keeping the selected...
commit-queue@webkit.org [Wed, 9 Mar 2016 05:02:15 +0000 (05:02 +0000)]
Web Inspector: Timelines keeps switching to overview instead of keeping the selected timeline
https://bugs.webkit.org/show_bug.cgi?id=155212
<rdar://problem/25052504>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Timothy Hatcher.

* UserInterface/Views/TimelineSidebarPanel.js:
(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie):
The sidebar was using out of date information in its tree outline causing it to
switch to the wrong sidebar. Use the up to date information from the recording view.

* UserInterface/Views/TimelineTabContentView.js:
(WebInspector.TimelineTabContentView.prototype._recordingSelected):
Fix typo not getting the right timeline type.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197832 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStop using the UserContentController for injecting the override style sheet from...
weinig@apple.com [Wed, 9 Mar 2016 04:39:49 +0000 (04:39 +0000)]
Stop using the UserContentController for injecting the override style sheet from CaptionUserPreferences
https://bugs.webkit.org/show_bug.cgi?id=155211

Reviewed by Dan Bernstein.

The UserContentController is going to become read only from WebCore's perspective. The CaptionUserPreferences
was relying on being able to set a UserStyleSheet on it, but this was really unnecessary complexity. Simplify
things by storing the style sheet's source directly on the Page and teaching ExtensionStyleSheets about it
explicitly.

* dom/ExtensionStyleSheets.cpp:
(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
If there is a captionUserPreferencesStyleSheet on the page, inject it.

* page/CaptionUserPreferences.cpp:
(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
Greatly simplify the code. Now, all this does is set the style sheet on each page.

* page/Page.cpp:
(WebCore::Page::invalidateInjectedStyleSheetCacheInAllFrames):
Extract this out from UserContentController.

(WebCore::Page::setUserContentController):
Call the newly extracted invalidateInjectedStyleSheetCacheInAllFrames().

(WebCore::Page::captionUserPreferencesStyleSheet):
(WebCore::Page::setCaptionUserPreferencesStyleSheet):
Add getter/setter. When setting, invalidate the style sheet cache.

* page/Page.h:
Add new members and functions.

* page/UserContentController.cpp:
(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::removeAllUserContent):
Switch to calling invalidateInjectedStyleSheetCacheInAllFramesInAllPages().

(WebCore::UserContentController::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
Rename and implement in terms of Page::invalidateInjectedStyleSheetCacheInAllFrames().

* page/UserContentController.h:
Rename function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBooting multiple iOS simulator parallely fails sometimes
aakash_jain@apple.com [Wed, 9 Mar 2016 02:50:22 +0000 (02:50 +0000)]
Booting multiple iOS simulator parallely fails sometimes
https://bugs.webkit.org/show_bug.cgi?id=155208
<rdar://problem/25019651>

Reviewed by Darin Adler.

* Scripts/webkitpy/port/ios.py:
(IOSSimulatorPort.setup_test_run): Increase the time delay between subsequent
simulator boot.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197830 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRoll r197632 back in now that the bots have caught up.
weinig@apple.com [Wed, 9 Mar 2016 02:27:18 +0000 (02:27 +0000)]
Roll r197632 back in now that the bots have caught up.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView textInputTraits]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197829 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS debug testers to flakiness dashboard
ap@apple.com [Wed, 9 Mar 2016 02:17:49 +0000 (02:17 +0000)]
Add iOS debug testers to flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=155206

Reviewed by Darin Adler.

* TestResultServer/static-dashboards/builders.jsonp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197828 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Memory Timeline should show MemoryPressure events
joepeck@webkit.org [Wed, 9 Mar 2016 02:06:55 +0000 (02:06 +0000)]
Web Inspector: Memory Timeline should show MemoryPressure events
https://bugs.webkit.org/show_bug.cgi?id=155158
<rdar://problem/25026610>

Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/protocol/Memory.json:

Source/WebCore:

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::releaseMemory):
When responding to memory pressure, notify page inspectors.

* platform/cocoa/MemoryPressureHandlerCocoa.mm:
Remove unused includes.

* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::didHandleMemoryPressureImpl):
* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::playbackStarted):
(WebCore::InspectorInstrumentation::playbackPaused):
(WebCore::InspectorInstrumentation::playbackFinished):
(WebCore::InspectorInstrumentation::playbackHitPosition):
(WebCore::InspectorInstrumentation::didHandleMemoryPressure):
* inspector/InspectorMemoryAgent.cpp:
(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):
* inspector/InspectorMemoryAgent.h:
* inspector/InstrumentingAgents.cpp:
(WebCore::InstrumentingAgents::reset):
* inspector/InstrumentingAgents.h:
(WebCore::InstrumentingAgents::inspectorMemoryAgent):
(WebCore::InstrumentingAgents::setInspectorMemoryAgent):
Plumbing to notify the right active inspector.

Source/WebInspectorUI:

* UserInterface/Main.html:
New resources.

* UserInterface/Base/Main.js:
(WebInspector.loaded):
* UserInterface/Controllers/MemoryManager.js:
(WebInspector.MemoryManager):
(WebInspector.MemoryManager.prototype.memoryPressure):
* UserInterface/Protocol/MemoryObserver.js:
(WebInspector.MemoryObserver.prototype.memoryPressure):
New manager for Memory domain events.

* UserInterface/Controllers/TimelineManager.js:
(WebInspector.TimelineManager):
(WebInspector.TimelineManager.defaultInstruments):
(WebInspector.TimelineManager.prototype._memoryPressure):
* UserInterface/Models/TimelineRecording.js:
(WebInspector.TimelineRecording.prototype.addMemoryPressureEvent):
Add events to the Memory Timeline of the active recording.

* UserInterface/Models/MemoryTimeline.js:
(WebInspector.MemoryTimeline.prototype.get memoryPressureEvents):
(WebInspector.MemoryTimeline.prototype.addMemoryPressureEvent):
(WebInspector.MemoryTimeline.prototype.reset):
(WebInspector.MemoryTimeline):
* UserInterface/Models/Timeline.js:
(WebInspector.Timeline.create):
Create a specific MemoryTimeline to hold records and memory pressure events.

* UserInterface/Models/MemoryPressureEvent.js:
(WebInspector.MemoryPressureEvent):
(WebInspector.MemoryPressureEvent.fromPayload):
(WebInspector.MemoryPressureEvent.prototype.get timestamp):
(WebInspector.MemoryPressureEvent.prototype.get severity):
Model object for a memory pressure event.

* UserInterface/Views/MemoryTimelineOverviewGraph.css:
(.timeline-overview-graph.memory .memory-pressure-event):
* UserInterface/Views/MemoryTimelineOverviewGraph.js:
(WebInspector.MemoryTimelineOverviewGraph):
(WebInspector.MemoryTimelineOverviewGraph.prototype.reset):
(WebInspector.MemoryTimelineOverviewGraph.prototype._visibleMemoryPressureEvents):
(WebInspector.MemoryTimelineOverviewGraph.prototype._memoryTimelineMemoryPressureEventAdded):
Include markers for memory pressure events.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197827 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add Heap domain start/stop tracking commands
joepeck@webkit.org [Wed, 9 Mar 2016 02:06:45 +0000 (02:06 +0000)]
Web Inspector: Add Heap domain start/stop tracking commands
https://bugs.webkit.org/show_bug.cgi?id=155190

Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::startTracking):
(Inspector::InspectorHeapAgent::stopTracking):
* inspector/agents/InspectorHeapAgent.h:
* inspector/protocol/Heap.json:

Source/WebInspectorUI:

* UserInterface/Protocol/HeapObserver.js:
(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
To be used when we have a HeapAllocationsInstrument and timeline.

LayoutTests:

* inspector/heap/tracking-expected.txt: Added.
* inspector/heap/tracking.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197826 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDelete dead scrolling code
mmaxfield@apple.com [Wed, 9 Mar 2016 02:05:13 +0000 (02:05 +0000)]
Delete dead scrolling code
https://bugs.webkit.org/show_bug.cgi?id=155210

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

* page/FrameView.cpp:
(WebCore::FrameView::layerForScrolling): Deleted.
* page/FrameView.h:
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::scrollLayerForScrollableArea): Deleted.
* page/scrolling/ScrollingCoordinator.h:
* platform/ScrollableArea.h:
(WebCore::ScrollableArea::horizontalScrollbar):
(WebCore::ScrollableArea::verticalScrollbar):
(WebCore::ScrollableArea::tiledBacking):
(WebCore::ScrollableArea::layerForHorizontalScrollbar):
(WebCore::ScrollableArea::layerForVerticalScrollbar):
(WebCore::ScrollableArea::layerForScrollCorner):
(WebCore::ScrollableArea::layerForOverhangAreas):
(WebCore::ScrollableArea::layerForScrolling): Deleted.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects): Deleted.
* rendering/RenderLayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Make debugging Test.html easier
commit-queue@webkit.org [Wed, 9 Mar 2016 01:44:47 +0000 (01:44 +0000)]
Web Inspector: Make debugging Test.html easier
https://bugs.webkit.org/show_bug.cgi?id=155207

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Brian Burg.

* UserInterface/Base/InspectorFrontendHostStub.js: Renamed from Source/WebInspectorUI/UserInterface/Protocol/InspectorFrontendHostStub.js.
(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.unbufferedLog):
Add new stub for test function.

* UserInterface/Main.html:
* UserInterface/Test.html:
Move the stub to the Base directory.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Enable the SVG -> OTF Font Converter
mmaxfield@apple.com [Wed, 9 Mar 2016 01:40:33 +0000 (01:40 +0000)]
[EFL] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155192

Reviewed by Gyuyoung Kim.

* Source/cmake/OptionsEfl.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197823 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add a way to create a Heap Snapshot
commit-queue@webkit.org [Wed, 9 Mar 2016 01:38:41 +0000 (01:38 +0000)]
Web Inspector: Add a way to create a Heap Snapshot
https://bugs.webkit.org/show_bug.cgi?id=155188

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/agents/InspectorHeapAgent.h:
* inspector/protocol/Heap.json:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::snapshot):
Take a heap snapshot and return the JSON string result.

* inspector/protocol/Debugger.json:
Remove unused optional inferredName. Our displayName would be inferred.

Source/WebInspectorUI:

* UserInterface/Main.html:
* UserInterface/Test.html:
Add new Model resources.

* UserInterface/Models/HeapSnapshot.js: Added.
(WebInspector.HeapSnapshotClassCategory):
(WebInspector.HeapSnapshot):
(WebInspector.HeapSnapshot.fromPayload):
(WebInspector.HeapSnapshot.prototype.get rootNode):
(WebInspector.HeapSnapshot.prototype.get nodes):
(WebInspector.HeapSnapshot.prototype.get identifier):
(WebInspector.HeapSnapshot.prototype.get instances):
(WebInspector.HeapSnapshot.prototype.get categories):
(WebInspector.HeapSnapshot.prototype.get totalSize):
(WebInspector.HeapSnapshot.prototype.get totalObjectCount):
(WebInspector.HeapSnapshot.prototype.instancesWithClassName):
(WebInspector.HeapSnapshot.prototype.nodeWithObjectIdentifier):
* UserInterface/Models/HeapSnapshotEdge.js: Added.
(WebInspector.HeapSnapshotEdge):
(WebInspector.HeapSnapshotEdge.prototype.stringify):
* UserInterface/Models/HeapSnapshotNode.js: Added.
(WebInspector.HeapSnapshotNode):
Data structures for a HeapSnapshot.

LayoutTests:

* inspector/heap/snapshot-expected.txt: Added.
* inspector/heap/snapshot.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix ios bot build.
oliver@apple.com [Wed, 9 Mar 2016 01:05:53 +0000 (01:05 +0000)]
Fix ios bot build.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197821 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.
ryanhaddad@apple.com [Wed, 9 Mar 2016 01:00:34 +0000 (01:00 +0000)]
Move two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.

Unreviewed test gardening.

* TestExpectations:
* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197820 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix AppKitCompatibilityDeclarations build.
andersca@apple.com [Wed, 9 Mar 2016 00:40:03 +0000 (00:40 +0000)]
Fix AppKitCompatibilityDeclarations build.

* wtf/mac/AppKitCompatibilityDeclarations.h:
Remove duplicate declarations, conditionally define NSTextAlignment and
add a NSWindowStyleMask typedef.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197819 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix
oliver@apple.com [Wed, 9 Mar 2016 00:25:48 +0000 (00:25 +0000)]
Build fix

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197818 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement Function.name support for getters/setters and inferring name of function...
mark.lam@apple.com [Wed, 9 Mar 2016 00:21:26 +0000 (00:21 +0000)]
Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Rubber-stamped by Joseph Pecoraro.

Follow up to the fix for this bug: adding a few small clean-ups for issues Joe
pointed out in the bug.

* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::JSBoundSlotBaseFunction::create):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitiveByIndex):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197817 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStart moving to separated writable and executable mappings in the JIT
oliver@apple.com [Wed, 9 Mar 2016 00:08:53 +0000 (00:08 +0000)]
Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Fil Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

* Configurations/FeatureDefines.xcconfig:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

* wtf/FeatureDefines.h:
* wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197816 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement Function.name support for getters/setters and inferring name of function...
mark.lam@apple.com [Wed, 9 Mar 2016 00:01:09 +0000 (00:01 +0000)]
Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

1. toString() no longer uses the value of Function.name as the name of the
   function in the returned string, because ...

    i. Function.name is supposed to be configurable.  Hence, it can be made
       writable and can be set to any JSValue, or deleted.
   ii. Function.prototype.toString() is supposed to produce a string that can be
       eval'ed.  Hence, for JS functions, the function name in the produced
       string must be a legal function name (and not some arbitrary value set in
       Function.name).  For example, while a number is a legal value for
       Function.name, it is not legal as the function name in the toString()
       string.

   Instead, we'll always use the original name from the JS source that the
   function was parsed from.

2. JSFunction::name() now always return the original name, not the value of
   the Function.name property.  As a result, it also no longer needs an
   ExecState* arg.

   If the original name is an empty string, JSFunction::name() will use the
   inferred name.

3. For JS functions, the original name can be attained from their
   FunctionExecutable object.

   For host/native functions (which do not have a FunctionExecutable), we get the
   "original" name from its NativeExecutable.

4. The m_hostFunctionStubMap now keys its NativeExecutable pointers using the
   original name, in addition to the native function and constructor pointers.

   This is needed because we want a different NativeExecutable for functions with
   a different name (to satisfy (3) above).

5. Changed JSBoundFunction to store the name of its bound function in its
   NativeExecutable.  This will later be used to generate the toString() string.
   It's Function.name value is eagerly initialized at construction time.

6. Function.name for getters/setters are now prefixed with "get"/"set".
   This was done both for the JSBoundSlotBaseFunctions and JS definable get/set
   functions.

7. Added InternalFunction::m_originalName so that we can use it to generate the
   toString() string.  We're storing it as a JSString instead of a WTF::String
   only because we want InternalFunction to be continue to be trivially
   destructible.

* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::functionDetails):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
(JSC::JITThunks::hostFunctionStub):
* jit/JITThunks.h:
* runtime/Executable.h:
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::visitChildren):
(JSC::JSBoundFunction::toStringName): Deleted.
* runtime/JSBoundFunction.h:
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::create):
* runtime/JSFunction.cpp:
(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::name):
(JSC::JSFunction::displayName):
(JSC::JSFunction::calculatedDisplayName):
(JSC::JSFunction::reifyName):
* runtime/JSFunction.h:
* tests/es6.yaml:

LayoutTests:

* js/function-toString-vs-name-expected.txt: Added.
* js/function-toString-vs-name.html: Added.
* js/script-tests/function-toString-vs-name.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197815 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Enable the SVG -> OTF Font Converter
mmaxfield@apple.com [Tue, 8 Mar 2016 23:59:18 +0000 (23:59 +0000)]
[GTK] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155191

Reviewed by Martin Robinson.

* Source/cmake/OptionsGTK.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse NSUInteger instead of NSWindowStyleMask.
andersca@apple.com [Tue, 8 Mar 2016 23:58:45 +0000 (23:58 +0000)]
Use NSUInteger instead of NSWindowStyleMask.

* MiniBrowser/mac/MiniBrowser_Prefix.pch:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197813 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix build.
andersca@apple.com [Tue, 8 Mar 2016 23:56:37 +0000 (23:56 +0000)]
Fix build.

We intentionally don't use AppKitCompatibilityDeclarations.h here, since we want
MiniBrowser to build without WTF.

* MiniBrowser/mac/AppDelegate.m:
(-[BrowserAppDelegate _updateNewWindowKeyEquivalents]):
* MiniBrowser/mac/BrowserWindowController.m:
(-[BrowserWindowController windowDidLoad]):
* MiniBrowser/mac/MiniBrowser_Prefix.pch:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFont size computed style is innaccurate
mmaxfield@apple.com [Tue, 8 Mar 2016 23:52:39 +0000 (23:52 +0000)]
Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

* css3/calc/font-size-fractional-expected.txt:
* css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
* css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
* editing/mac/attributed-string/font-size-expected.txt:
* editing/mac/attributed-string/vertical-align-expected.txt:
* platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
* platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
* platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
* platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197811 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd AppKit compatibility header
andersca@apple.com [Tue, 8 Mar 2016 23:44:00 +0000 (23:44 +0000)]
Add AppKit compatibility header
https://bugs.webkit.org/show_bug.cgi?id=155202

Reviewed by Beth Dakin.

* WTF.xcodeproj/project.pbxproj:
* wtf/mac/AppKitCompatibilityDeclarations.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197810 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
ryanhaddad@apple.com [Tue, 8 Mar 2016 23:31:14 +0000 (23:31 +0000)]
Marking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155201

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197809 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
bfulgham@apple.com [Tue, 8 Mar 2016 23:30:23 +0000 (23:30 +0000)]
[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
https://bugs.webkit.org/show_bug.cgi?id=155189
<rdar://problem/25042678>

Reviewed by Alexey Proskuryakov.

Update the NetworkProcess sandbox profiles with a declaration that using the
system-fctl to touch the "hot file" flag (to support caching operations)
is allowed. I should have done this in Bug 154503, but did not.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: Add sandbox permission.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197808 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEnable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFO...
adachan@apple.com [Tue, 8 Mar 2016 23:16:29 +0000 (23:16 +0000)]
Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFObjC for Mac.
https://bugs.webkit.org/show_bug.cgi?id=153239

Reviewed by Eric Carlson.

Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
layer and the inline layer depending on the current presentation mode.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC):
Create m_videoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer):
Return the video inline layer from the VideoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):
Call VideoFullscreenLayerManager::setVideoLayer() with the m_videoBackgroundLayer. To make sure
the preview layer (a sublayer of m_videoBackgroundLayer) resize according to aspect ratio, set
its contents gravity to kCAGravityResizeAspect. Also, set its autoresizing mask so it'll resize
with its superlayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenFrame):
Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197807 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Miscellaneous inspector fixes for typos / stale code
commit-queue@webkit.org [Tue, 8 Mar 2016 23:02:55 +0000 (23:02 +0000)]
Web Inspector: Miscellaneous inspector fixes for typos / stale code
https://bugs.webkit.org/show_bug.cgi?id=155193

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Timothy Hatcher.

* UserInterface/Models/SourceCodeLocation.js:
(WebInspector.SourceCodeLocation.prototype._locationString):
Fix whitespace.

* UserInterface/Views/ApplicationCacheFrameContentView.js:
(WebInspector.ApplicationCacheFrameContentView):
Remove unused class name.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype._showPopoverForFunction.didGetDetails):
Remove inferredName, as that was never sent by our backend and is getting removed.

* UserInterface/Views/TimelineRuler.js:
(WebInspector.TimelineRuler.prototype._handleMouseUp):
Fix variable name typo.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197806 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS simulator EWS that runs tests
ap@apple.com [Tue, 8 Mar 2016 22:29:50 +0000 (22:29 +0000)]
Add iOS simulator EWS that runs tests
https://bugs.webkit.org/show_bug.cgi?id=155175

Reviewed by Lucas Forschler.

* QueueStatusServer/config/queues.py:
* Scripts/webkitpy/common/config/ews.json:
* Scripts/webkitpy/common/config/ports.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] Crash when a single load request causes multiple fonts to fail loading
mmaxfield@apple.com [Tue, 8 Mar 2016 22:22:40 +0000 (22:22 +0000)]
[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

* css/CSSFontFace.cpp:
(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.
* css/CSSFontFace.h: Adding a way for clients to make sure they don't register
or deregister another client.
* css/CSSFontFaceSet.cpp:
(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):
* css/CSSFontFaceSet.h:
* css/FontFace.cpp: Ditto.
(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):
* css/FontFace.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.
* css/FontFaceSet.h:
* dom/Document.cpp:
(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

* fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
* fast/text/font-face-set-document-multiple-failure.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197793 and r197799.
commit-queue@webkit.org [Tue, 8 Mar 2016 21:58:30 +0000 (21:58 +0000)]
Unreviewed, rolling out r197793 and r197799.
https://bugs.webkit.org/show_bug.cgi?id=155195

something weird happened while landing this and everything
broke (Requested by olliej on #webkit).

Reverted changesets:

"Start moving to separated writable and executable mappings in
the JIT"
https://bugs.webkit.org/show_bug.cgi?id=155178
http://trac.webkit.org/changeset/197793

"arm64 build fix after r197793."
http://trac.webkit.org/changeset/197799

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Images being blocked by CSP 2.0
commit-queue@webkit.org [Tue, 8 Mar 2016 21:56:14 +0000 (21:56 +0000)]
Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Daniel Bates.

* UserInterface/Main.html:
Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197802 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2] Grant explicit read access to ManagedPreferences
bfulgham@apple.com [Tue, 8 Mar 2016 21:44:43 +0000 (21:44 +0000)]
[WK2] Grant explicit read access to ManagedPreferences
https://bugs.webkit.org/show_bug.cgi?id=155173
<rdar://problem/24910550>

Reviewed by Alexey Proskuryakov.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Add new
read permission.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios...
ryanhaddad@apple.com [Tue, 8 Mar 2016 21:42:47 +0000 (21:42 +0000)]
Skip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios-simulator

Unreviewed test gardening.

The test relies on mouse events, which are unsupported on ios-simulator.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoarm64 build fix after r197793.
achristensen@apple.com [Tue, 8 Mar 2016 21:36:41 +0000 (21:36 +0000)]
arm64 build fix after r197793.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
Use consistent ENABLE macro.  It looks like it was partially renamed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197799 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip css3/filters tests that seem to cause a crash on ios-simulator
ryanhaddad@apple.com [Tue, 8 Mar 2016 21:33:01 +0000 (21:33 +0000)]
Skip css3/filters tests that seem to cause a crash on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197798 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling in r197722.
ggaren@apple.com [Tue, 8 Mar 2016 21:21:38 +0000 (21:21 +0000)]
Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

    sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

    sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRegexp matching should incur less call overhead
fpizlo@apple.com [Tue, 8 Mar 2016 21:15:07 +0000 (21:15 +0000)]
Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.
* runtime/RegExp.h:
* runtime/RegExpInlines.h: Added.
(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):
* runtime/RegExpMatchesArray.cpp:
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.
* runtime/RegExpObject.h:
(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):
* runtime/RegExpObjectInlines.h: Added.
(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore deprecation warnings.
andersca@apple.com [Tue, 8 Mar 2016 21:02:09 +0000 (21:02 +0000)]
Ignore deprecation warnings.

* Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::stopNSAppRunLoop):
* Shared/mac/WebEventFactory.mm:
(WebKit::mouseButtonForEvent):
(WebKit::mouseEventTypeForEvent):
(WebKit::clickCountForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::textFromEvent):
(WebKit::unmodifiedTextFromEvent):
(WebKit::isKeypadEvent):
(WebKit::isKeyUpEvent):
(WebKit::modifiersForEvent):
(WebKit::WebEventFactory::createWebKeyboardEvent):
* UIProcess/API/Cocoa/WKNavigationAction.mm:
(toNSEventModifierFlags):
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::becomeFirstResponder):
(WebKit::WebViewImpl::updateContentInsetsIfAutomatic):
(WebKit::WebViewImpl::viewDidMoveToWindow):
(WebKit::WebViewImpl::postFakeMouseMovedEventForFlagsChangedEvent):
(WebKit::WebViewImpl::createFullScreenWindow):
(WebKit::WebViewImpl::sendToolTipMouseExited):
(WebKit::WebViewImpl::sendToolTipMouseEntered):
(WebKit::applicationFlagsForDrag):
(WebKit::WebViewImpl::setLastMouseDownEvent):
(WebKit::WebViewImpl::doneWithKeyEvent):
(WebKit::WebViewImpl::collectKeyboardLayoutCommandsForEvent):
(WebKit::WebViewImpl::performKeyEquivalent):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::beginModal):
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::showContextMenu):
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::platformCanAttach):
* UIProcess/mac/WebPopupMenuProxyMac.mm:
(WebKit::WebPopupMenuProxyMac::populate):
(WebKit::WebPopupMenuProxyMac::showPopupMenu):
* WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:
(WebKit::modifierFlagsFromWebEvent):
(WebKit::getEventTypeFromWebEvent):
* WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:
(WebKit::cssAlignmentValueForNSTextAlignment):
* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:
(WebKit::convertImageToBitmap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197795 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agosynthesizePrototype() and friends need to be followed by exception checks (or equival...
mark.lam@apple.com [Tue, 8 Mar 2016 20:57:25 +0000 (20:57 +0000)]
synthesizePrototype() and friends need to be followed by exception checks (or equivalent).
https://bugs.webkit.org/show_bug.cgi?id=155169

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

With the exception checks, we may end up throwing new exceptions over an existing
one that has been thrown but not handled yet, thereby obscuring it.  It may also
mean that the VM will continue running on potentially unstable state, which may
have undesirable consequences.

I first observed this in some failed assertion while running tests on a patch for
https://bugs.webkit.org/show_bug.cgi?id=154865.

Performance is neutral with this patch (tested on x86_64).

1. Deleted JSNotAnObject, and removed all uses of it.

2. Added exception checks, when needed, following calls to synthesizePrototype()
   and JSValue::toObject().

   The cases that do not need an exception check are the ones that already ensures
   that JSValue::toObject() is only called on a value that is convertible to an
   object.  In those cases, I added an assertion that no exception was thrown
   after the call.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStackFromException):
* interpreter/Interpreter.cpp:
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/ExceptionHelpers.cpp:
* runtime/JSCJSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::getPropertySlot):
(JSC::JSValue::get):
* runtime/JSFunction.cpp:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
* runtime/JSNotAnObject.cpp: Removed.
* runtime/JSNotAnObject.h: Removed.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncToString):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WebCore:

No new tests because this issue is covered by existing tests when the fix for
https://bugs.webkit.org/show_bug.cgi?id=154865 lands.  That patch is waiting for
this patch to land first so as to not introduce test failures.

* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::installReplacement):
* bindings/js/JSDeviceMotionEventCustom.cpp:
(WebCore::readAccelerationArgument):
(WebCore::readRotationRateArgument):
* bindings/js/JSGeolocationCustom.cpp:
(WebCore::createPositionOptions):
* bindings/js/JSHTMLCanvasElementCustom.cpp:
(WebCore::get3DContextAttributes):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorDefinition):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorConstructor::construct):
* contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::getTypeFlags):
* html/HTMLMediaElement.cpp:
(WebCore::setPageScaleFactorProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197794 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStart moving to separated writable and executable mappings in the JIT
oliver@apple.com [Tue, 8 Mar 2016 20:53:11 +0000 (20:53 +0000)]
Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

* Configurations/FeatureDefines.xcconfig:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

* wtf/FeatureDefines.h:
* wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197766.
commit-queue@webkit.org [Tue, 8 Mar 2016 20:35:23 +0000 (20:35 +0000)]
Unreviewed, rolling out r197766.
https://bugs.webkit.org/show_bug.cgi?id=155183

Has platform-specific code in non-platform files (Requested by
smfr on #webkit).

Reverted changeset:

"AX: Force allow user zoom"
https://bugs.webkit.org/show_bug.cgi?id=155056
http://trac.webkit.org/changeset/197766

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore deprecation warnings.
andersca@apple.com [Tue, 8 Mar 2016 20:26:17 +0000 (20:26 +0000)]
Ignore deprecation warnings.

* Misc/WebNSEventExtras.m:
(-[NSEvent _web_isKeyEvent:]):
(-[NSEvent _web_isOptionTabKeyEvent]):
* Misc/WebNSViewExtras.m:
(-[NSView _web_dragShouldBeginFromMouseDown:withExpiration:xHysteresis:yHysteresis:]):
* Plugins/Hosted/NetscapePluginHostProxy.mm:
(WebKit::NetscapePluginHostProxy::beginModal):
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::syntheticKeyDownWithCommandModifier):
* Plugins/Hosted/WebHostedNetscapePluginView.mm:
(-[WebHostedNetscapePluginView drawRect:]):
* Plugins/WebNetscapePluginEventHandlerCocoa.mm:
(WebNetscapePluginEventHandlerCocoa::syntheticKeyDownWithCommandModifier):
* WebCoreSupport/PopupMenuMac.mm:
(PopupMenuMac::populate):
(PopupMenuMac::show):
* WebCoreSupport/WebContextMenuClient.mm:
(WebContextMenuClient::showContextMenu):
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::actionDictionary):
* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorFrontendClient::canAttach):
(-[WebInspectorWindowController window]):
* WebInspector/WebNodeHighlight.mm:
(-[WebNodeHighlight initWithTargetView:inspectorController:]):
* WebView/WebFrameView.mm:
(-[WebFrameView keyDown:keyDown:]):
* WebView/WebFullScreenController.mm:
(-[WebFullScreenController init]):
(createBackgroundFullscreenWindow):
* WebView/WebHTMLView.mm:
(-[WebHTMLView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WebHTMLView _setMouseDownEvent:_setMouseDownEvent:]):
(isQuickLookEvent):
(-[WebHTMLView hitTest:]):
(-[WebHTMLView _sendToolTipMouseExited]):
(-[WebHTMLView _sendToolTipMouseEntered]):
(mouseEventIsPartOfClickOrDrag):
(-[WebHTMLView _updateMouseoverWithEvent:]):
(-[WebHTMLView acceptsFirstResponder]):
(-[WebHTMLView viewDidMoveToWindow]):
(currentKeyboardEvent):
(-[WebHTMLView _handleStyleKeyEquivalent:]):
(-[WebHTMLView _interpretKeyEvent:savingCommands:]):
* WebView/WebPDFView.mm:
(-[WebPDFView hitTest:]):
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
(-[WebPDFView _fakeKeyEventWithFunctionKey:]):
* WebView/WebTextCompletionController.mm:
(-[WebTextCompletionController _buildUI]):
(-[WebTextCompletionController _placePopupWindow:]):
* WebView/WebView.mm:
(-[WebView applicationFlags:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197791 268f45cc-cd09-0410-ab3c-d52691b4dbfc