WebKit-https.git
6 years ago[CMake] Bump the minimum required version
zandobersek@gmail.com [Wed, 30 Jul 2014 07:45:05 +0000 (07:45 +0000)]
[CMake] Bump the minimum required version
https://bugs.webkit.org/show_bug.cgi?id=135382

Reviewed by Gyuyoung Kim.

* CMakeLists.txt: Bump the minimum required version to 2.8.11 after
we introduced usage of target_include_directories().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Remove WebKitCertificateInfo from WebKit2GTK+ API
carlosgc@webkit.org [Wed, 30 Jul 2014 07:06:43 +0000 (07:06 +0000)]
[GTK] Remove WebKitCertificateInfo from WebKit2GTK+ API
https://bugs.webkit.org/show_bug.cgi?id=134830

Reviewed by Gustavo Noronha Silva.

Source/WebKit2:
It was added to make the API more convenient but it has ended up
making it more complicated. WebKitWebView::load-failed-with-tls-errors
now receives a GTlsCertificate + GTlsCertificateFlags and
webkit_web_context_allow_tls_certificate_for_host() receives a GTlsCertificate
since the errors are not actually needed. This makes the API more
consistent with the existing method webkit_web_view_get_tls_info().

* PlatformGTK.cmake: Remove files from compilation.
* UIProcess/API/gtk/WebKitCertificateInfo.cpp: Removed.
* UIProcess/API/gtk/WebKitCertificateInfo.h: Removed.
* UIProcess/API/gtk/WebKitCertificateInfoPrivate.h: Removed.
* UIProcess/API/gtk/WebKitWebContext.cpp:
(webkit_web_context_allow_tls_certificate_for_host):
* UIProcess/API/gtk/WebKitWebContext.h:
* UIProcess/API/gtk/WebKitWebView.cpp:
(webkit_web_view_class_init):
(webkitWebViewLoadFailedWithTLSErrors):
* UIProcess/API/gtk/WebKitWebView.h:
* UIProcess/API/gtk/docs/webkit2gtk-docs.sgml:
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt:
* UIProcess/API/gtk/webkit2.h:

Tools:
Update the SSL test for the API changes.

* TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
(testLoadFailedWithTLSErrors):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EFL] Unreviewed EFL gardening. Rebaseline tests after r170418.
jinwoo7.song@samsung.com [Wed, 30 Jul 2014 06:16:37 +0000 (06:16 +0000)]
[EFL] Unreviewed EFL gardening. Rebaseline tests after r170418.

* platform/efl/mathml/opentype/horizontal-expected.txt:
* platform/efl/mathml/opentype/horizontal-munderover-expected.txt:
* platform/efl/mathml/opentype/large-operators-expected.txt:
* platform/efl/mathml/opentype/vertical-expected.txt:
* platform/efl/mathml/presentation/menclose-notation-default-longdiv-expected.txt:
* platform/efl/mathml/presentation/mo-stretch-expected.png:
* platform/efl/mathml/presentation/mo-stretch-expected.txt:
* platform/efl/mathml/presentation/roots-expected.png:
* platform/efl/mathml/presentation/roots-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: 80% of time during recording is spent creating source code locations...
commit-queue@webkit.org [Wed, 30 Jul 2014 05:42:21 +0000 (05:42 +0000)]
Web Inspector: 80% of time during recording is spent creating source code locations for profile nodes
https://bugs.webkit.org/show_bug.cgi?id=135399

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Profiling the inspector while recording a timeline, a significant amount of
time was spent creating SourceCodeLocation objects for profiling information
and call frames. A lot of this data was eagerly being processed, even though
it would not immediately be presentable to the user.

This makes two significant changes. We create a LazySourceCodeLocation class
which does as little as possible until display information is requested. We
also lazily convert the profiler payload data to a Profile object, so the
processing is only done if you drill into the Script specific timeline.

This results in a significant performance improvement in the overview view.

* UserInterface/Controllers/TimelineManager.js:
(WebInspector.TimelineManager.prototype.eventRecorded.processRecord):
(WebInspector.TimelineManager.prototype.eventRecorded):
(WebInspector.TimelineManager.prototype._callFramesFromPayload.createCallFrame):
(WebInspector.TimelineManager.prototype._callFramesFromPayload):
(WebInspector.TimelineManager.prototype._profileFromPayload.profileNodeFromPayload): Deleted.
(WebInspector.TimelineManager.prototype._profileFromPayload.profileNodeCallFromPayload): Deleted.
(WebInspector.TimelineManager.prototype._profileFromPayload): Deleted.
Do not eagerly process profile payloads. Instead pass the payload to ScriptTimelineRecords.
Likewise create callframes with lazy source code locations to do the minimum amount of work.

* UserInterface/Models/ScriptTimelineRecord.js:
(WebInspector.ScriptTimelineRecord):
(WebInspector.ScriptTimelineRecord.prototype.get profile):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload.profileNodeFromPayload):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload.profileNodeCallFromPayload):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload):
Only when the profile is asked do we process the profiler payload information.
This defer the processing until at least the user drills into the Script timeline.

* UserInterface/Main.html:
Add the new class and ensure SourceCodeLocation is available beforehand.

* UserInterface/Models/LazySourceCodeLocation.js: Added.
(WebInspector.LazySourceCodeLocation):
(WebInspector.LazySourceCodeLocation.prototype.isEqual):
(WebInspector.LazySourceCodeLocation.prototype.get sourceCode):
(WebInspector.LazySourceCodeLocation.prototype.set sourceCode):
(WebInspector.LazySourceCodeLocation.prototype.get formattedLineNumber):
(WebInspector.LazySourceCodeLocation.prototype.get formattedColumnNumber):
(WebInspector.LazySourceCodeLocation.prototype.formattedPosition):
(WebInspector.LazySourceCodeLocation.prototype.hasFormattedLocation):
(WebInspector.LazySourceCodeLocation.prototype.hasDifferentDisplayLocation):
(WebInspector.LazySourceCodeLocation.prototype.resolveMappedLocation):
(WebInspector.LazySourceCodeLocation.prototype._lazyInitialization):
Only when display information is requested will we perform extra processing.
For basic information we do not need to check for formatted (pretty-printed) info.

* UserInterface/Models/SourceCode.js:
(WebInspector.SourceCode.prototype.createLazySourceCodeLocation):
Provide an explict create function for lazy source codes.

* UserInterface/Models/SourceCodeLocation.js:
(WebInspector.SourceCodeLocation.prototype.set sourceCode):
(WebInspector.SourceCodeLocation.prototype.get displaySourceCode):
(WebInspector.SourceCodeLocation.prototype.get displayLineNumber):
(WebInspector.SourceCodeLocation.prototype.get displayColumnNumber):
(WebInspector.SourceCodeLocation.prototype.hasMappedLocation):
(WebInspector.SourceCodeLocation.prototype.setSourceCode):
(WebInspector.SourceCodeLocation.prototype.resolveMappedLocation):
(WebInspector.SourceCodeLocation.prototype._makeChangeAndDispatchChangeEventIfNeeded):
(WebInspector.SourceCodeLocation.prototype._resolveMappedLocation): Deleted.
Include two protected functions which LazySourceCodeLocation overrides.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAdd knowledge of the iOS Simulator to webkitpy
dfarler@apple.com [Wed, 30 Jul 2014 04:49:32 +0000 (04:49 +0000)]
Add knowledge of the iOS Simulator to webkitpy
http://bugs.webkit.org/show_bug.cgi?id=133963

Reviewed by Simon Fraser.

* Scripts/webkitdirs.pm:
(argumentsForConfiguration): Add --ios-sim*
* Scripts/webkitpy/layout_tests/run_webkit_tests.py:
--runtime and --device-type args added.
* Scripts/webkitpy/port/base.py:
* Scripts/webkitpy/port/driver.py: Add simulator driver.
(IOSSimulatorDriver): Added.
* Scripts/webkitpy/port/factory.py: Add simulator platform.
* Scripts/webkitpy/port/ios.py: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EFL] Do not initialize g_type system explicitly in the ewk_init()
jinwoo7.song@samsung.com [Wed, 30 Jul 2014 04:26:10 +0000 (04:26 +0000)]
[EFL] Do not initialize g_type system explicitly in the ewk_init()
https://bugs.webkit.org/show_bug.cgi?id=135407

Reviewed by Gyuyoung Kim.

EFL build requires glib version 2.38 but g_type_init() has been deprecated
since version 2.36. As the type system is initialized automatically since
version 2.36, we do not need to call g_type_init() in the ewk_init().

https://developer.gnome.org/gobject/unstable/gobject-Type-Information.html#g-type-init

* UIProcess/API/efl/ewk_main.cpp:
(ewk_init):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Only compute full ProfileNode times if needed - Legacy Profiler
commit-queue@webkit.org [Wed, 30 Jul 2014 04:17:28 +0000 (04:17 +0000)]
Web Inspector: Only compute full ProfileNode times if needed - Legacy Profiler
https://bugs.webkit.org/show_bug.cgi?id=135406

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Full ProfileNode times are only used by the Legacy Profiler. The new profile
information in the Scripts Timelines currently never uses the pass. We should
avoid calculating it if we never use it.

* UserInterface/Models/ProfileNode.js:
(WebInspector.ProfileNode.prototype.get startTime):
(WebInspector.ProfileNode.prototype.get endTime):
(WebInspector.ProfileNode.prototype.get selfTime):
(WebInspector.ProfileNode.prototype.get totalTime):
(WebInspector.ProfileNode.prototype.establishRelationships):
(WebInspector.ProfileNode.prototype._computeTotalTimes):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Reduce forced layouts in TimelineOverview
commit-queue@webkit.org [Wed, 30 Jul 2014 04:00:39 +0000 (04:00 +0000)]
Web Inspector: Reduce forced layouts in TimelineOverview
https://bugs.webkit.org/show_bug.cgi?id=135405

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Remove another forced layout. The scroll container won't
change size unless the ContentView itself resized. Make the
distinction between a layout update due to a resize and
normal events (scale changes, etc) and only calculate
element sizes then.

* UserInterface/Views/TimelineContentView.js:
(WebInspector.TimelineContentView.prototype.updateLayout):
* UserInterface/Views/TimelineOverview.js:
(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.get visibleDuration):
(WebInspector.TimelineOverview.prototype.updateLayoutForResize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171786 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCrash when using 'em' units to specify font-size inside animation keyframe.
akling@apple.com [Wed, 30 Jul 2014 03:51:31 +0000 (03:51 +0000)]
Crash when using 'em' units to specify font-size inside animation keyframe.
<https://webkit.org/b/135395>
<rdar://problem/17851910>

Source/WebCore:
We'd forgotten to initialize the "parent style" when resolving keyframe
styles, and this led to a crash in length conversion where the code
assumes a parent style will be present.

To keep this fix minimal, simply make the "parent style" a clone of the
base element style.

Reviewed by Simon Fraser.

Test: fast/animation/keyframe-with-font-size-in-em-units.html

* css/StyleResolver.cpp:
(WebCore::StyleResolver::styleForKeyframe):

LayoutTests:
Add a reduced test case to cover this bug.

Reviewed by Simon Fraser.

* fast/animation/keyframe-with-font-size-in-em-units-expected.txt: Added.
* fast/animation/keyframe-with-font-size-in-em-units.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: breakpoints are always speculatively resolved when restored from local...
burg@cs.washington.edu [Wed, 30 Jul 2014 03:48:54 +0000 (03:48 +0000)]
Web Inspector: breakpoints are always speculatively resolved when restored from local storage
https://bugs.webkit.org/show_bug.cgi?id=135396

Reviewed by Timothy Hatcher.

A longstanding quirk/optimization in the frontend is that we immediately set a breakpoint
as resolved if the breakpoint was successfully set in the backend. This ensures that clicking in
the gutter immediately produces a resolved breakpoint with only one round-trip.

However, not all breakpoints should be speculatively resolved, because the corresponding resource
may not be loaded yet. This situation causes problems for code that assumes a resolved breakpoint
also has a valid sourceCodeLocation.sourceCode.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.restoreBreakpointsSoon): Don't leak the variable to global scope.
(WebInspector.DebuggerManager):
(WebInspector.DebuggerManager.prototype.speculativelyResolveBreakpoint):
(WebInspector.DebuggerManager.prototype.addBreakpoint): Speculatively resolve here if requested
using the success callback passed to _setBreakpoint.

(WebInspector.DebuggerManager.prototype.didSetBreakpoint): Emit simulated
Debugger.breakpointResolved events since they are only sent by the backend when a script is parsed.

(WebInspector.DebuggerManager.prototype._setBreakpoint):
* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype.textEditorBreakpointAdded): Request speculative resolve.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Eliminate more forced layouts during timeline recordings
commit-queue@webkit.org [Wed, 30 Jul 2014 00:30:52 +0000 (00:30 +0000)]
Web Inspector: Eliminate more forced layouts during timeline recordings
https://bugs.webkit.org/show_bug.cgi?id=135397

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Instead of computing the secondsPerPixel in each overview graph,
we can ask the overview view itself which has a cached value.
The computation used to force a layout, now it doesn't need to.

* UserInterface/Views/LayoutTimelineOverviewGraph.js:
* UserInterface/Views/NetworkTimelineOverviewGraph.js:
* UserInterface/Views/ScriptTimelineOverviewGraph.js:
* UserInterface/Views/TimelineOverview.js:
(WebInspector.TimelineOverview):
* UserInterface/Views/TimelineOverviewGraph.js:
(WebInspector.TimelineOverviewGraph):
(WebInspector.TimelineOverviewGraph.prototype.get timelineOverview):
(WebInspector.TimelineOverviewGraph.prototype.set timelineOverview):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171783 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION [WebKit2 iOS]: Cannot add shortcut to user dictionary from non editable...
enrica@apple.com [Wed, 30 Jul 2014 00:17:45 +0000 (00:17 +0000)]
REGRESSION [WebKit2 iOS]: Cannot add shortcut to user dictionary from non editable content.
https://bugs.webkit.org/show_bug.cgi?id=135392
<rdar://problem/17760073>

Reviewed by Benjamin Poulain.

Adding a shortcut to the user dictionary needs to be available in non editable content too.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _addShortcut:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWKPDFView paints rotated pages squished
timothy_horton@apple.com [Tue, 29 Jul 2014 23:01:47 +0000 (23:01 +0000)]
WKPDFView paints rotated pages squished
https://bugs.webkit.org/show_bug.cgi?id=135401
<rdar://problem/17173916>

Reviewed by Simon Fraser.

* UIProcess/ios/WKPDFView.mm:
(-[WKPDFView _computePageAndDocumentFrames]):
[page size] returns the crop box's size, ignoring rotation.
[page cropBoxAccountForRotation] respects rotation, but otherwise returns the same size.
UIPDFPageView will respect rotation when painting, so we
should make sure that it is given an aspect ratio that also
respects rotation, so that the page isn't squished.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agofast/borders/border-radius-on-subpixel-position-non-hidpi.html fails on Retina machines
ap@apple.com [Tue, 29 Jul 2014 22:41:19 +0000 (22:41 +0000)]
fast/borders/border-radius-on-subpixel-position-non-hidpi.html fails on Retina machines
https://bugs.webkit.org/show_bug.cgi?id=135398

Reviewed by Zalan Bujtas.

Tools:
* WebKitTestRunner/TestController.cpp: (WTR::TestController::updateWindowScaleForTest):
"hidpi-" should be at the start. This allows "hidpi-" in both file and directory names.

* DumpRenderTree/mac/DumpRenderTree.mm: (changeWindowScaleIfNeeded): Same fix.
For some reason, I wasn't seeing this test fail on WK1 even without the fix, not
sure why.

LayoutTests:
* platform/mac-wk2/TestExpectations: Let's try to unskip the test, maybe this was
the actual reason for it to appear failing?

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171772 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] REGRESSION(r171526): PDF documents fail to load in WebKit1 with disk image...
psolanki@apple.com [Tue, 29 Jul 2014 21:41:36 +0000 (21:41 +0000)]
[iOS] REGRESSION(r171526): PDF documents fail to load in WebKit1 with disk image caching enabled
https://bugs.webkit.org/show_bug.cgi?id=135359
<rdar://problem/17824645>

Reviewed by Darin Adler.

r171526 broke the case where we have a memory mapped file from the DiskImageCache in the
SharedBuffer. In such a case, m_buffer is empty and createCFData() returned an
WebCoreSharedBufferData with an empty buffer.

Fix this by taking the easy route of bringing back the old code for the disk image cache
file backed case. In the long run we probably want to remove the iOS specific disk image
cache anyway.

Review also uncovered another bug in r171526 where we were balancing an Objective-C alloc
with a CFRelease which is incorrect when running under GC. Fix that by using adoptNS along
with adoptCF which is what the code did before.

No new tests because the bug only occurs on device and we can't run tests on device yet.

* platform/mac/SharedBufferMac.mm:
(-[WebCoreSharedBufferData initWithDiskImageSharedBuffer:]):
(-[WebCoreSharedBufferData length]):
(-[WebCoreSharedBufferData bytes]):
(WebCore::SharedBuffer::createCFData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171766 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoPPT: run-webkit-tests doesn't upload crash logs to bots
ap@apple.com [Tue, 29 Jul 2014 20:33:53 +0000 (20:33 +0000)]
PPT: run-webkit-tests doesn't upload crash logs to bots
https://bugs.webkit.org/show_bug.cgi?id=135391

Reviewed by Joseph Pecoraro.

* WebKitTestRunner/TestController.cpp: (WTR::TestController::processDidCrash):
Not a fix to be proud of, but better than not having it work at all.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171756 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoURTBF for !ENABLE(DATABASE_PROCESS) platforms.
ossy@webkit.org [Tue, 29 Jul 2014 20:08:58 +0000 (20:08 +0000)]
URTBF for !ENABLE(DATABASE_PROCESS) platforms.

* WebProcess/OriginData/WebOriginDataManager.cpp:
(WebKit::WebOriginDataManager::getOrigins):
(WebKit::WebOriginDataManager::deleteEntriesForOrigin):
(WebKit::WebOriginDataManager::deleteEntriesModifiedBetweenDates):
(WebKit::WebOriginDataManager::deleteAllEntries):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoVisitedLinkState::determineLinkState should take a reference
benjamin@webkit.org [Tue, 29 Jul 2014 19:34:56 +0000 (19:34 +0000)]
VisitedLinkState::determineLinkState should take a reference
https://bugs.webkit.org/show_bug.cgi?id=135375

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-29
Reviewed by Sam Weinig.

* css/StyleResolver.cpp:
(WebCore::StyleResolver::State::initElement):
* dom/VisitedLinkState.h:
(WebCore::VisitedLinkState::determineLinkState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMake WKOriginDataManager actually operate on IndexedDatabases.
beidson@apple.com [Tue, 29 Jul 2014 17:37:58 +0000 (17:37 +0000)]
Make WKOriginDataManager actually operate on IndexedDatabases.
https://bugs.webkit.org/show_bug.cgi?id=135346

Reviewed by Sam Weinig (and David Kilzer and Alex Christensen)

Source/WebCore:
* WebCore.exp.in:

Source/WebKit2:
* DatabaseProcess/DatabaseProcess.cpp:
(WebKit::DatabaseProcess::DatabaseProcess):
(WebKit::DatabaseProcess::getIndexedDatabaseOrigins):
(WebKit::DatabaseProcess::doGetIndexedDatabaseOrigins):
(WebKit::removeAllDatabasesForOriginPath): Utility to delete all database files for the given origin path
    that have been modified between the given dates.
(WebKit::DatabaseProcess::deleteIndexedDatabaseEntriesForOrigin):
(WebKit::DatabaseProcess::doDeleteIndexedDatabaseEntriesForOrigin):
(WebKit::DatabaseProcess::deleteIndexedDatabaseEntriesModifiedBetweenDates):
(WebKit::DatabaseProcess::doDeleteIndexedDatabaseEntriesModifiedBetweenDates):
(WebKit::DatabaseProcess::deleteAllIndexedDatabaseEntries):
(WebKit::DatabaseProcess::doDeleteAllIndexedDatabaseEntries):
* DatabaseProcess/DatabaseProcess.h:

* Shared/WebCrossThreadCopier.cpp:
(WebCore::SecurityOriginData>::copy):
* Shared/WebCrossThreadCopier.h:

* UIProcess/WebOriginDataManagerProxy.cpp:
(WebKit::WebOriginDataManagerProxy::getOrigins):
(WebKit::WebOriginDataManagerProxy::didGetOrigins):
(WebKit::WebOriginDataManagerProxy::deleteEntriesForOrigin):
(WebKit::WebOriginDataManagerProxy::deleteEntriesModifiedBetweenDates):
(WebKit::WebOriginDataManagerProxy::deleteAllEntries):

* WebProcess/OriginData/WebOriginDataManager.cpp:
(WebKit::WebOriginDataManager::getOrigins): Pipe IDB requests through to the DatabaseProcess.
(WebKit::WebOriginDataManager::deleteEntriesForOrigin): Ditto.
(WebKit::WebOriginDataManager::deleteEntriesModifiedBetweenDates): Ditto.
(WebKit::WebOriginDataManager::deleteAllEntries): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171749 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r171704.
commit-queue@webkit.org [Tue, 29 Jul 2014 17:23:47 +0000 (17:23 +0000)]
Unreviewed, rolling out r171704.
https://bugs.webkit.org/show_bug.cgi?id=135389

Broke two IndexedDB tests (Requested by ap on #webkit).

Reverted changeset:

"IDB transactions never reset if the Web Process ends before
cleaning up"
https://bugs.webkit.org/show_bug.cgi?id=135218
http://trac.webkit.org/changeset/171704

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMoved the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential...
mitz@apple.com [Tue, 29 Jul 2014 16:40:17 +0000 (16:40 +0000)]
Moved the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class.
Work towards fixing https://bugs.webkit.org/show_bug.cgi?id=135327

Reviewed by Alexey Proskuryakov.

No change in functionality.

* WebCore.exp.in: Updated for functions moved in the class hierarchy.

* WebCore.xcodeproj/project.pbxproj: Added CredentialCocoa.{h,mm}.

* platform/network/Credential.h: For Cocoa, include CredentialCocoa.h instead of the generic
class.
(WebCore::Credential::Credential): Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED code.

* platform/network/CredentialBase.cpp:
(WebCore::CredentialBase::CredentialBase): Changed to use emptyString instead of "", removed
#if CERTIFICATE_CREDENTIALS_SUPPORTED code.
(WebCore::CredentialBase::isEmpty): Ditto.
(WebCore::CredentialBase::compare): Renamed operator== to this, removed
#if CERTIFICATE_CREDENTIALS_SUPPORTED code, but changed the end to call platformCompare.
(WebCore::CredentialBase::identity): Deleted.
(WebCore::CredentialBase::certificates): Deleted.
(WebCore::CredentialBase::type): Deleted.
* platform/network/CredentialBase.h: Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED members.
(WebCore::CredentialBase::platformCompare): Added a base implementation that returns true.
(WebCore::operator==): Changed to use CredentialBase::compare.

* platform/network/cocoa/CredentialCocoa.h: Added.
(WebCore::Credential::Credential):
* platform/network/cocoa/CredentialCocoa.mm: Added.
(WebCore::Credential::Credential): Moved the constructor that takes an identity and
certificates here.
(WebCore::Credential::isEmpty): Moved here.
(WebCore::Credential::identity): Ditto.
(WebCore::Credential::certificates): Ditto.
(WebCore::Credential::type): Ditto.
(WebCore::Credential::platformCompare): Moved the code that compares client-certificate
credentials here.

* platform/network/mac/AuthenticationMac.mm:
(WebCore::mac): Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED guards in this Cocoa-only
file.
(WebCore::core): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171747 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUse WTF::move() instead of std::move() to help ensure move semantics
dbates@webkit.org [Tue, 29 Jul 2014 15:47:39 +0000 (15:47 +0000)]
Use WTF::move() instead of std::move() to help ensure move semantics
https://bugs.webkit.org/show_bug.cgi?id=135351

Reviewed by Alexey Proskuryakov.

Source/JavaScriptCore:
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForStubInfo):
* bytecode/GetByIdVariant.cpp:
(JSC::GetByIdVariant::GetByIdVariant):

Source/WebCore:
* page/CaptionUserPreferences.cpp:
(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):

Source/WebKit2:
* UIProcess/API/Cocoa/_WKSessionState.mm:
(-[_WKSessionState _initWithSessionState:]):
* UIProcess/API/gtk/WebKitUserContent.cpp:
(toStringVector): Remove use of std::move(). It's unnecessary to call std::move() on an rvalue.
* WebProcess/WebPage/mac/ServicesOverlayController.mm:
(WebKit::ServicesOverlayController::mouseEvent):

Source/WTF:
* wtf/HashTable.h:
(WTF::KeyTraits>::HashTable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171746 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSSRegions] Assertion failure hit testing a region-based multicolumn in a region
mihnea@adobe.com [Tue, 29 Jul 2014 15:11:28 +0000 (15:11 +0000)]
[CSSRegions] Assertion failure hit testing a region-based multicolumn in a region
https://bugs.webkit.org/show_bug.cgi?id=135385

Reviewed by Andrei Bucur.

Source/WebCore:
When a region-based multicolumn element is displayed and hit tested in a region,
we have to disable the named flow region information not only for painting,
but also for hit-testing. This is a follow-up for https://bugs.webkit.org/show_bug.cgi?id=132121,
which provided the fix for painting.

Test: fast/regions/assert-hit-test-multicol-in-region.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestLayer):

LayoutTests:
* fast/regions/assert-hit-test-multicol-in-region-expected.txt: Added.
* fast/regions/assert-hit-test-multicol-in-region.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171745 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCleanup RenderSelectionInfoBase/RenderSelectionInfo/RenderBlockSelectionInfo.
zalan@apple.com [Tue, 29 Jul 2014 14:51:31 +0000 (14:51 +0000)]
Cleanup RenderSelectionInfoBase/RenderSelectionInfo/RenderBlockSelectionInfo.
https://bugs.webkit.org/show_bug.cgi?id=135326

Reviewed by Darin Adler.

1. Move implementation to RenderSelectInfo.cpp
2. RenderSelectionInfoBase/RenderSelectionInfo/RenderBlockSelectionInfo take Render* reference.
3. Remove unused functions.
4. Add RenderSelectionInfoBase::repaintRectangle()

No change in behavior.

* WebCore.xcodeproj/project.pbxproj:
* rendering/RenderSelectionInfo.cpp: Added.
(WebCore::RenderSelectionInfoBase::RenderSelectionInfoBase):
(WebCore::RenderSelectionInfoBase::repaintRectangle):
(WebCore::RenderSelectionInfo::RenderSelectionInfo):
(WebCore::RenderSelectionInfo::repaint):
(WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo):
(WebCore::RenderBlockSelectionInfo::repaint):
* rendering/RenderSelectionInfo.h:
(WebCore::RenderSelectionInfo::collectedSelectionRects):
(WebCore::RenderSelectionInfoBase::RenderSelectionInfoBase): Deleted.
(WebCore::RenderSelectionInfoBase::object): Deleted.
(WebCore::RenderSelectionInfo::RenderSelectionInfo): Deleted.
(WebCore::RenderSelectionInfo::repaint): Deleted.
(WebCore::RenderSelectionInfo::rects): Deleted.
(WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo): Deleted.
(WebCore::RenderBlockSelectionInfo::repaint): Deleted.
(WebCore::RenderBlockSelectionInfo::block): Deleted.
* rendering/RenderView.cpp:
(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171744 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGet SharedBuffer.h out of ResourceBuffer.h (and a few other places)
psolanki@apple.com [Tue, 29 Jul 2014 14:35:13 +0000 (14:35 +0000)]
Get SharedBuffer.h out of ResourceBuffer.h (and a few other places)
https://bugs.webkit.org/show_bug.cgi?id=131782

Original patch by Tim Horton.
Reviewed by Darin Adler.

Source/WebCore:
No new tests because no functional changes.

* Modules/indexeddb/IDBCallbacks.h:
* Modules/indexeddb/IDBCursorBackend.h:
* loader/ios/DiskImageCacheIOS.h:
Forward declare SharedBuffer in headers.

* Modules/indexeddb/IDBRequest.cpp:
* loader/cache/CachedImage.cpp:
* loader/icon/IconLoader.cpp:
* loader/ios/DiskImageCacheIOS.mm:
* loader/cache/MemoryCache.cpp:
* loader/mac/ResourceBuffer.mm:
Include SharedBuffer.h in implementation files.

* Modules/notifications/Notification.h:
* loader/appcache/ApplicationCacheGroup.h:
Remove unnecessary includes.

* loader/ResourceBuffer.cpp:
(WebCore::ResourceBuffer::adoptSharedBuffer):
* loader/ResourceBuffer.h:
Out-of-line adoptSharedBuffer so that the PassRefPtr doesn't require including SharedBuffer.h.

* platform/graphics/opentype/OpenTypeMathData.cpp:
* platform/graphics/opentype/OpenTypeMathData.h:
Out-of-line destructor to avoid requiring SharedBuffer.h for the RefPtr.
Forward-declare SharedBuffer in the header, include in implementation.

Source/WebKit2:
* NetworkProcess/NetworkResourceLoader.cpp:
* WebProcess/Network/NetworkProcessConnection.cpp:
Include SharedBuffer.h in implementation files.

* WebProcess/InjectedBundle/InjectedBundlePageEditorClient.h:
Un-indent namespace and remove SharedBuffer forward-declaration.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171743 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Remove WebKitWebViewGroup from WebKit2 GTK+ API
commit-queue@webkit.org [Tue, 29 Jul 2014 12:42:53 +0000 (12:42 +0000)]
[GTK] Remove WebKitWebViewGroup from WebKit2 GTK+ API
https://bugs.webkit.org/show_bug.cgi?id=133729

Patch by Adrian Perez de Castro <aperez@igalia.com> on 2014-07-29
Reviewed by Carlos Garcia Campos.

Removes WebKitWebViewGroup, effectively reverting the changes
introduced by r149117. The motivation for WebKitWebViewGroup
was using the user style sheet injection API, which has been
moved into WebKitUserContentManager, rendering it unneeded.

Source/WebKit2:
* PlatformGTK.cmake: Remove WebKitWebViewGroup source files
from the build.
* UIProcess/API/C/gtk/WKView.cpp:
(WKViewCreate): Accomodate for changes in the signature of
webkitWebViewBaseCreate().
* UIProcess/API/gtk/WebKitSettings.cpp: Update API documentation.
* UIProcess/API/gtk/WebKitWebContext.cpp: Remove the default web
view group from WebKitWebContext.
(webkitWebContextCreatePageForWebView): Allow passing a
WebPreferences object at construction.
(webkitWebContextGetDefaultWebViewGroup): Deleted.
* UIProcess/API/gtk/WebKitWebContextPrivate.h: Ditto.
* UIProcess/API/gtk/WebKitWebView.cpp:
(webkitWebViewUpdateSettings): Use WebPageProxy::setPreferences()
directly. Handle the case when webkit_web_view_set_settings()
is called on construction by doing an early-return.
(webkitWebViewConstructed): Call webkitWebViewUpdateSettings()
after creating the internal WebPageProxy object.
(webkitWebViewSetProperty): Removed "group" property, added
"settings" property.
(webkitWebViewGetProperty): Ditto.
(webkitWebViewDispose): Do not disconnect signal handler for
the (now unexistant) WebKitWebViewGroup.
(webkit_web_view_class_init): Removed "group" property, added
"settings" property.
(webkitWebViewHandleAuthenticationChallenge): Access the
WebKitWebSettings directly.
(webkit_web_view_new_with_related_view): Make new views share
settings with their related view.
(webkit_web_view_new_with_settings): Added.
(webkit_web_view_set_settings): Access the settings directly in
the WebKitWebView.
(webkit_web_view_get_settings): Ditto.
(webkit_web_view_set_zoom_level): Ditto.
(webkit_web_view_get_zoom_level): Ditto.
(webkitWebViewSettingsChanged): Deleted.
(webkitWebViewDisconnectSettingsChangedSignalHandler): Deleted.
(webkit_web_view_new_with_group): Deleted.
(webkit_web_view_get_group): Deleted.
* UIProcess/API/gtk/WebKitWebView.h: Removed API methods related
to WebKitWebViewGroup.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseCreate): Allow passing a WebPreferences object
for constructing the WebPageProxy.
(webkitWebViewBaseUpdatePreferences): Instead of going through
the page group, use WebPageProxy::preferences() directly.
(webkitWebViewBaseCreateWebPage): Allow passing a WebPreferences
object for constructing the WebPageProxy.
* UIProcess/API/gtk/WebKitWebViewBasePrivate.h: Update the
prototypes of the internal functions.
* UIProcess/API/gtk/WebKitWebViewGroup.cpp: Removed.
* UIProcess/API/gtk/WebKitWebViewGroup.h: Removed.
* UIProcess/API/gtk/WebKitWebViewGroupPrivate.h: Removed.
* UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Change public API
bits in the documentation.
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Ditto.
* UIProcess/API/gtk/docs/webkit2gtk.types: Ditto.
* UIProcess/API/gtk/webkit2.h: Removed WebKitWebViewGroup.h header.
* UIProcess/gtk/WebInspectorProxyGtk.cpp:
(WebKit::WebInspectorProxy::platformCreateInspectorPage):
Accomodate for changes in the signature of
webkitWebViewBaseCreate().

Tools:
* TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt: Remove tests
for WebKitWebViewGroup.
* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebView.cpp:
(testWebViewSettings):
Restore the assertions that check that settings objects are
released. Add test for webkit_web_view_new_with_settings().
* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebViewGroup.cpp: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171742 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EFL][GTK] Remove ACCELERATED_COMPOSITING compile flag
commit-queue@webkit.org [Tue, 29 Jul 2014 11:41:21 +0000 (11:41 +0000)]
[EFL][GTK] Remove ACCELERATED_COMPOSITING compile flag
https://bugs.webkit.org/show_bug.cgi?id=135376

Patch by Hunseop Jeong <hs85.jeong@samsung.com> on 2014-07-29
Reviewed by Gyuyoung Kim.

ACCELERATED_COMPOSITING was changed to the mandatory code after r163079.

* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171741 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoImplement webkit_web_view_load_string() in WebKit2
carlosgc@webkit.org [Tue, 29 Jul 2014 11:35:52 +0000 (11:35 +0000)]
Implement webkit_web_view_load_string() in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=134735

Reviewed by Sergio Villar Senin.

Source/WebKit2:
Add webkit_web_view_load_bytes() that receives a GBytes to load
random data in the web view using the given MIME-Type, encoding
and base URL.

* UIProcess/API/gtk/WebKitWebView.cpp:
(releaseGBytes):
(webkit_web_view_load_bytes):
* UIProcess/API/gtk/WebKitWebView.h:
* UIProcess/API/gtk/docs/webkit2gtk-docs.sgml:
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt:

Tools:
Add /webkit2/WebKitWebView/load-bytes test case and simplify
TestDOMXPathNSResolver by using webkit_web_view_load_bytes()
instead of a soup server just to sent the Content-type header.

* TestWebKitAPI/Tests/WebKit2Gtk/TestDOMXPathNSResolver.cpp:
(testWebKitDOMXPathNSResolverNative):
(testWebKitDOMXPathNSResolverCustom):
(beforeAll):
(afterAll):
(serverCallback): Deleted.
* TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:
(testLoadBytes):
(beforeAll):
* TestWebKitAPI/gtk/WebKit2Gtk/LoadTrackingTest.cpp:
(LoadTrackingTest::loadBytes):
* TestWebKitAPI/gtk/WebKit2Gtk/LoadTrackingTest.h:
* TestWebKitAPI/gtk/WebKit2Gtk/WebViewTest.cpp:
(WebViewTest::loadBytes):
* TestWebKitAPI/gtk/WebKit2Gtk/WebViewTest.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171740 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[TexMap] GraphicsLayerTextureMapper::addAnimation() box size parameter should be...
zandobersek@gmail.com [Tue, 29 Jul 2014 08:12:46 +0000 (08:12 +0000)]
[TexMap] GraphicsLayerTextureMapper::addAnimation() box size parameter should be FloatSize
https://bugs.webkit.org/show_bug.cgi?id=135237

Reviewed by Martin Robinson.

* platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
(WebCore::GraphicsLayerTextureMapper::addAnimation):
* platform/graphics/texmap/GraphicsLayerTextureMapper.h: The boxSize parameter of the
addAnimation() method must be of the same type as the parameter in the base class
declaration -- a const FloatSize reference. Only then is the base virtual method
actually overriden.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171725 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EFL] Alpha value of ewk_view_bg_color_set is not working
ryuan.choi@samsung.com [Tue, 29 Jul 2014 07:52:11 +0000 (07:52 +0000)]
[EFL] Alpha value of ewk_view_bg_color_set is not working
https://bugs.webkit.org/show_bug.cgi?id=135333

Reviewed by Gyuyoung Kim.

evas_object_image_alpha_set should be called for the transparent evas object.

* UIProcess/API/efl/EwkView.cpp:
(EwkView::handleEvasObjectColorSet):
(EwkView::setBackgroundColor): Checked the alpha value of object and called evas_object_image_alpha_set.
* UIProcess/API/efl/EwkView.h:
* UIProcess/API/efl/ewk_view.cpp:
(ewk_view_bg_color_set): Moved the logic to EwkView.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoiOS build fix.
mitz@apple.com [Tue, 29 Jul 2014 06:57:05 +0000 (06:57 +0000)]
iOS build fix.

* WebCore.exp.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoIntroduced CredentialBase and made Credential derive from it
mitz@apple.com [Tue, 29 Jul 2014 04:22:14 +0000 (04:22 +0000)]
Introduced CredentialBase and made Credential derive from it
Work towards fixing https://bugs.webkit.org/show_bug.cgi?id=135327

Reviewed by Darin Adler.

No change in functionality.

* CMakeLists.txt: Updated for source file rename.

* WebCore.exp.in: Changed to export CredentialBase symbols.

* WebCore.vcxproj/WebCore.vcxproj: Updated for source file rename and new header.
* WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.

* WebCore.xcodeproj/project.pbxproj: Ditto.

* platform/network/Credential.cpp: Renamed to CredentialBase.cpp.

* platform/network/Credential.h: Defined Credential to derive from CredentialBase.

* platform/network/CredentialBase.cpp: Renamed Credential.cpp to this. Updated for the new
name.

* platform/network/CredentialBase.h: Copied from Credential.h, renamed the class to
CredentialBase, and made the constructors protected.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Incorrectly sized TimelineDataGrid event bubble
commit-queue@webkit.org [Tue, 29 Jul 2014 04:17:46 +0000 (04:17 +0000)]
Web Inspector: Incorrectly sized TimelineDataGrid event bubble
https://bugs.webkit.org/show_bug.cgi?id=135371

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

Previously the secondsPerPixel calculation was relying on an element
that may not be sized yet. This was resulting in a visibleWidth of 0
and resulted in secondsPerPixel being Infinity. Fortunately, the
graph data source already knows the secondsPerPixel so we can just
ask it. Getting the correct value and eliminating forced layouts.

* UserInterface/Views/OverviewTimelineView.js:
(WebInspector.OverviewTimelineView.prototype.get secondsPerPixel):
* UserInterface/Views/TimelineDataGridNode.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171721 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Reduce work creating the initial WebInspector.TimelineRecordBar
commit-queue@webkit.org [Tue, 29 Jul 2014 04:14:39 +0000 (04:14 +0000)]
Web Inspector: Reduce work creating the initial WebInspector.TimelineRecordBar
https://bugs.webkit.org/show_bug.cgi?id=135373

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

Eliminate a bit of extra work creating TimelineRecordBars. Previously
the constructor would setup an empty list of records, and then we would
immediately after replace them. Now just set them in the constructor.

* UserInterface/Views/LayoutTimelineOverviewGraph.js:
(WebInspector.LayoutTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.LayoutTimelineOverviewGraph.prototype.updateLayout):
* UserInterface/Views/NetworkTimelineOverviewGraph.js:
(WebInspector.NetworkTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.NetworkTimelineOverviewGraph.prototype.updateLayout):
* UserInterface/Views/ScriptTimelineOverviewGraph.js:
(WebInspector.ScriptTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.ScriptTimelineOverviewGraph.prototype.updateLayout):
* UserInterface/Views/TimelineDataGridNode.js:
(WebInspector.TimelineDataGridNode.prototype.refreshGraph.createBar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoBuildFix: JavaScriptCore/bytecode/StructureSet.h:262:77: warning.
tgergely.u-szeged@partner.samsung.com [Tue, 29 Jul 2014 02:11:46 +0000 (02:11 +0000)]
BuildFix: JavaScriptCore/bytecode/StructureSet.h:262:77: warning.
https://bugs.webkit.org/show_bug.cgi?id=135287

Reviewed by Darin Adler.

The set() method tries to use a part of the old value (the reservedFlag bit) which
was not defined when the constructor is called. Initialize m_pointer to 0 explicitely.

* bytecode/StructureSet.h:
(JSC::StructureSet::StructureSet):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171719 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION(r164133): Selection disappears after scrolling on nytimes.com
zalan@apple.com [Tue, 29 Jul 2014 01:45:54 +0000 (01:45 +0000)]
REGRESSION(r164133): Selection disappears after scrolling on nytimes.com
https://bugs.webkit.org/show_bug.cgi?id=135361

Reviewed by Ryosuke Niwa.

Ensure that when a RenderElement, part of the current selection is removed,
we recalculate and update the selection soon after layout.

Source/WebCore:
Test: fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed.html

* editing/FrameSelection.cpp:
(WebCore::FrameSelection::setNeedsSelectionUpdate):
(WebCore::FrameSelection::didLayout): didLayout name reflects its functionality better.
(WebCore::FrameSelection::layoutDidChange): Deleted.
* editing/FrameSelection.h: : move some functions to private.
* page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::willBeDestroyed):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::removeChildInternal):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::willBeDestroyed):

LayoutTests:
* fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed-expected.html: Added.
* fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171718 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Unexpected dark border on selected but window inactive timeline
timothy@apple.com [Tue, 29 Jul 2014 00:58:10 +0000 (00:58 +0000)]
Web Inspector: Unexpected dark border on selected but window inactive timeline
https://bugs.webkit.org/show_bug.cgi?id=135360

Update the border-top colors for the item adjacent to the selected item.

Reviewed by Joseph Pecoraro.

* UserInterface/Views/TimelineSidebarPanel.css:
(.sidebar > .panel.navigation.timeline > .timelines-content li.item.selected + li.item):
(.sidebar > .panel.navigation.timeline > .timelines-content :focus li.item.selected + li.item):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content li.item.selected + li.item):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content :focus li.item.selected + li.item):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171716 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb process crash causes UI process to die with an assertion failure in Connection...
mrowe@apple.com [Tue, 29 Jul 2014 00:56:18 +0000 (00:56 +0000)]
Web process crash causes UI process to die with an assertion failure in Connection::exceptionSourceEventHandler
https://bugs.webkit.org/show_bug.cgi?id=135366

Reviewed by Dan Bernstein.

* Platform/IPC/mac/ConnectionMac.mm:
(IPC::Connection::exceptionSourceEventHandler): Remove the assertion since it frequently fires during
normal development with debug builds.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171715 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Media iOS] Touching play button feels unresponsive
dino@apple.com [Mon, 28 Jul 2014 23:57:33 +0000 (23:57 +0000)]
[Media iOS] Touching play button feels unresponsive
https://bugs.webkit.org/show_bug.cgi?id=135370
<rdar://problem/17756281>

Reviewed by Simon Fraser.

Add an :active rule that shows a slightly darker button when touched.

* Modules/mediacontrols/mediaControlsiOS.css:
(audio::-webkit-media-controls-start-playback-button:active):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Disable Copy Row in Timelines DataGrids, it does not currently provide...
commit-queue@webkit.org [Mon, 28 Jul 2014 23:52:37 +0000 (23:52 +0000)]
Web Inspector: Disable Copy Row in Timelines DataGrids, it does not currently provide value
https://bugs.webkit.org/show_bug.cgi?id=135364

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGridNode):
(WebInspector.DataGridNode.prototype.get copyable):
(WebInspector.DataGridNode.prototype.set copyable):
* UserInterface/Views/TimelineDataGridNode.js:
(WebInspector.TimelineDataGridNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171710 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS WK2] WKWebView sometime tries to change the size of a null DrawingAreaProxy
benjamin@webkit.org [Mon, 28 Jul 2014 23:47:09 +0000 (23:47 +0000)]
[iOS WK2] WKWebView sometime tries to change the size of a null DrawingAreaProxy
https://bugs.webkit.org/show_bug.cgi?id=135368
<rdar://problem/16988887>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-28
Reviewed by Simon Fraser.

We should never assume DrawingAreaProxy exists in the API invoked by the clients
of WKWebView. There are at least two cases where the DrawingAreaProxy is null:
-In some path on initialization.
-After a crash.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _frameOrBoundsChanged]):
(-[WKWebView _beginAnimatedResizeWithUpdates:]):
We can safely null check and skip setting the size. If the call was skipped,
the size is set on DrawingAreaProxy initialization by querying the current
size through the page client.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171709 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
beidson@apple.com [Mon, 28 Jul 2014 23:14:04 +0000 (23:14 +0000)]
REGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
<rdar://problem/17768371> and https://bugs.webkit.org/show_bug.cgi?id=135363

Reviewed by Tim Horton.

Outlook isn’t prepared to handle the resource load callbacks when sent synchronously.

r168376 was an optimization that we no longer need, so the simplest fix is to roll it out.

* editing/mac/EditorMac.mm:
(WebCore::Editor::WebContentReader::readImage):

* loader/archive/ArchiveResource.cpp:
(WebCore::ArchiveResource::ArchiveResource):
* loader/archive/ArchiveResource.h:
(WebCore::ArchiveResource::setShouldLoadImmediately): Deleted.
(WebCore::ArchiveResource::shouldLoadImmediately): Deleted.

* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171708 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDisable tagged strings for the plugin process.
roger_fong@apple.com [Mon, 28 Jul 2014 22:32:06 +0000 (22:32 +0000)]
Disable tagged strings for the plugin process.
https://bugs.webkit.org/show_bug.cgi?id=135354
<rdar://problem/17295639>.

Patch by Alexey Proskuryakov and Roger Fong.

Reviewed by Anders Carlsson.

* PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist:
* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::connectToReExecService):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[JSC] JIT::assertStackPointerOffset() crashes on ARM64
benjamin@webkit.org [Mon, 28 Jul 2014 22:29:37 +0000 (22:29 +0000)]
[JSC] JIT::assertStackPointerOffset() crashes on ARM64
https://bugs.webkit.org/show_bug.cgi?id=135316

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-28
Reviewed by Geoffrey Garen.

JIT::assertStackPointerOffset() does a compare between an arbitrary register
and the stack pointer. This was not supported by the ARM64 assembler.

There are no variation that can take a stack pointer for Xd. There is one version of subs
that can take a stack pointer, but only for the Xn: the shift+extend one.
To solve the problem, I changed cmp to swap the registers if necessary, and I fixed
the implementation of sub.

* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::sub):
In the generic sub(reg, reg), I added assertions to catch the condition that cannot be generated
with either version of sub.

In sub(with shift), I remove the weird special case for SP. First, it was quite misleading because
the Rd case only works if "setflag == false". The other confusing part is going to addSubtractShiftedRegister()
gives you a reduce shift range, which could create subtle bug that only appear when SP is used.

Since I removed the weird case, I need to differentiate between the sub() that support SP, and the one that does
not elsewhere. That is why that branch has moved to the generic sub(reg, reg). Since at that point we know
the shift value must be zero, it is safe to call either variant.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::branch64):
With the changes described above, we can now use SP for the left register. What do we do if the rightmost
register is SP?

For the case of JIT::assertStackPointerOffset(), the comparison is Equal so the order really does not matter,
we just switch the registers before generating the instruction.

For the generic case, just move the value of SP to a GPR before doing the CMP.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171705 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoIDB transactions never reset if the Web Process ends before cleaning up
jpfau@apple.com [Mon, 28 Jul 2014 22:26:52 +0000 (22:26 +0000)]
IDB transactions never reset if the Web Process ends before cleaning up
https://bugs.webkit.org/show_bug.cgi?id=135218

Reviewed by Darin Adler.

* DatabaseProcess/DatabaseToWebProcessConnection.cpp:
(WebKit::DatabaseToWebProcessConnection::didClose):
* DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:
(WebKit::UniqueIDBDatabase::unregisterConnection):
(WebKit::UniqueIDBDatabase::didCompleteTransactionOperation):
(WebKit::UniqueIDBDatabase::openBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::resetBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::didEstablishTransaction):
(WebKit::UniqueIDBDatabase::didResetTransaction):
(WebKit::UniqueIDBDatabase::resetAllTransactions):
(WebKit::UniqueIDBDatabase::finalizeRollback):
(WebKit::UniqueIDBDatabase::absoluteDatabaseDirectory):
* DatabaseProcess/IndexedDB/UniqueIDBDatabase.h:
* DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:
(WebKit::UniqueIDBDatabaseBackingStoreSQLite::rollbackTransaction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171704 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
mhahnenberg@apple.com [Mon, 28 Jul 2014 22:19:11 +0000 (22:19 +0000)]
ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
https://bugs.webkit.org/show_bug.cgi?id=135352

Reviewed by Oliver Hunt.

* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): This should be taking a
JSLock like its sibling methods do (e.g. installReplacement).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171703 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago<embed> videos flashes constantly while playing inline on iPad, making it unwatchable
antti@apple.com [Mon, 28 Jul 2014 22:18:12 +0000 (22:18 +0000)]
<embed> videos flashes constantly while playing inline on iPad, making it unwatchable
https://bugs.webkit.org/show_bug.cgi?id=135356
<rdar://problem/16828238>

Reviewed by Simon Fraser.

The shadow tree for media controls is scheduling style recalc. The general silliness of
HTMLPlugInImageElement::willRecalcStyle/willDetachRenderers is turning those into render
tree reconstructions causing flicker.

* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::willRecalcStyle):

    Don't do the forced renderer reconstruction if there is no style change for the element
    or its ancestors. This way recalcs scheduled by the shadow tree don't trigger the widget
    update code path.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171702 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Mac, iOS] Paint-on closed captions get out-of-order in Safari
bfulgham@apple.com [Mon, 28 Jul 2014 21:58:42 +0000 (21:58 +0000)]
[Mac, iOS] Paint-on closed captions get out-of-order in Safari
https://bugs.webkit.org/show_bug.cgi?id=135332
<rdar://problem/15317278>

Reviewed by Jer Noble.

* html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTextTrackContainerElement::updateDisplay): If the
number of active cues is greater than the current set of CSS boxes representing
the cues, throw away the CSS boxes and re-layout all the cues.
* html/track/InbandGenericTextTrack.cpp:
(WebCore::InbandGenericTextTrack::addGenericCue): Add some logging.
(WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.
* html/track/TextTrackCueGeneric.cpp:
(WebCore::TextTrackCueGeneric::isOrderedBefore): Revise ordering rules so that we put
newer cues earlier in the layout order so they are drawn towards the bottom
of the screen. Only do this for Generic captions.
* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
(WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Adjust logging
messages.
(WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Add logging.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Mac, iOS] Paint-on closed captions get out-of-order in Safari
bfulgham@apple.com [Mon, 28 Jul 2014 21:58:18 +0000 (21:58 +0000)]
[Mac, iOS] Paint-on closed captions get out-of-order in Safari
https://bugs.webkit.org/show_bug.cgi?id=135332
<rdar://problem/15317278>

Reviewed by Brent Fulgham.

* html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTextTrackContainerElement::updateDisplay): If the
number of active cues is greater than the current set of CSS boxes representing
the cues, throw away the CSS boxes and re-layout all the cues.
* html/track/InbandGenericTextTrack.cpp:
(WebCore::InbandGenericTextTrack::addGenericCue): Add some logging.
(WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.
* html/track/TextTrackCueGeneric.cpp:
(WebCore::TextTrackCueGeneric::isOrderedBefore): Revise ordering rules so that we put
newer cues earlier in the layout order so they are drawn towards the bottom
of the screen. Only do this for Generic captions.
* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
(WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Adjust logging
messages.
(WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Add logging.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoShould not export symbols for base64Encode inline adapter methods
burg@cs.washington.edu [Mon, 28 Jul 2014 21:47:32 +0000 (21:47 +0000)]
Should not export symbols for base64Encode inline adapter methods
https://bugs.webkit.org/show_bug.cgi?id=135355

Unreviewed build fix.

Fixes the build break introduced by r171682, where a base64Encode
inline adapter method was used in another header, thus creating
multiple definitions of it (and problems with with weak symbols).

* wtf/text/Base64.h: Remove WTF_EXPORT_PRIVATE for inlined methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171696 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix after r171682.
burg@cs.washington.edu [Mon, 28 Jul 2014 21:07:42 +0000 (21:07 +0000)]
Unreviewed build fix after r171682.

* replay/EncodedValue.h: Don't mark the inlined Vector<char> specialization
as an exported symbol.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171694 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAdd support for running the Clang static analyzer when building WebKit and JSC
dbates@webkit.org [Mon, 28 Jul 2014 20:48:50 +0000 (20:48 +0000)]
Add support for running the Clang static analyzer when building WebKit and JSC
https://bugs.webkit.org/show_bug.cgi?id=134955

Reviewed by Brent Fulgham.

* Scripts/build-jsc: Added command line options -[no]-analyze (disabled by default).
* Scripts/build-webkit: Add --analyze command line option to build-webkit to enable
running the Clang static analyzer.
* Scripts/webkitdirs.pm:
(XcodeStaticAnalyzerOption): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171693 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION (r160806): CSS zoom property doesn't work on anything inside anchors.
akling@apple.com [Mon, 28 Jul 2014 20:44:50 +0000 (20:44 +0000)]
REGRESSION (r160806): CSS zoom property doesn't work on anything inside anchors.
<https://webkit.org/b/135344>
<rdar://problem/17759577>

Source/WebCore:
When DeprecatedStyleBuilder applies the CSS zoom property (ApplyPropertyZoom)
it first resets the "effective zoom" by calling RenderStyle::setEffectiveZoom().

This mechanism was not resistent to being called multiple times, due to the
optimization in RenderStyle::setZoom() to avoid copy-on-writing the shared data
when setting some property to the already-set value.

The bug would happen in this sequence:

ApplyPropertyZoom:
    - setEffectiveZoom(1);
    - setZoom(2); // this updates the effective zoom
ApplyPropertyZoom:
    - setEffectiveZoom(1);
    - setZoom(2); // this doesn't update the effective zoom

When we run the second setZoom(2); call, the RenderStyle's zoom value is 2
already and we'll early return without updating the effective zoom.

This change moves the updating of the effective zoom in setZoom() to take place
before the early return due to overwriting with the same value.

Note: the fact that we're apply the zoom property twice is an inefficiency that
we should figure out a way to avoid in the future.

Reviewed by Simon Fraser.

Test: fast/css/zoom-inside-link.html

* rendering/style/RenderStyle.h:
(WebCore::RenderStyle::setZoom):

LayoutTests:
Reviewed by Simon Fraser.

* fast/css/zoom-inside-link-expected.html: Added.
* fast/css/zoom-inside-link.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION: JSObjectSetPrototype() does not work on result of JSGetGlobalObject()
mhahnenberg@apple.com [Mon, 28 Jul 2014 20:43:57 +0000 (20:43 +0000)]
REGRESSION: JSObjectSetPrototype() does not work on result of JSGetGlobalObject()
https://bugs.webkit.org/show_bug.cgi?id=135322

Reviewed by Oliver Hunt.

The prototype chain of the JSProxy object should match that of the JSGlobalObject.

This is a separate but related issue with JSObjectSetPrototype which doesn't correctly
account for JSProxies. I also audited the rest of the C API to check that we correctly
handle JSProxies in all other situations where we expect a JSCallbackObject of some sort
and found some SPI calls (JSObject*PrivateProperty) that didn't behave correctly when
passed a JSProxy.

I also added some new tests for these cases.

* API/JSObjectRef.cpp:
(JSObjectSetPrototype):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
* API/JSWeakObjectMapRefPrivate.cpp:
* API/tests/CustomGlobalObjectClassTest.c:
(globalObjectSetPrototypeTest):
(globalObjectPrivatePropertyTest):
* API/tests/CustomGlobalObjectClassTest.h:
* API/tests/testapi.c:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171691 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSS Font Loading] Update Font Loading Code
betravis@adobe.com [Mon, 28 Jul 2014 20:41:16 +0000 (20:41 +0000)]
[CSS Font Loading] Update Font Loading Code
https://bugs.webkit.org/show_bug.cgi?id=135340

Reviewed by Antti Koivisto.

Update the Font Loading code to build again, as trunk has evolved
since the feature was originally written. Mostly, this requires
updating the code to work with the new Font representation.

The original tests were enabled only for the Chromium port.
They will need to be updated when the feature is enabled by default.

* WebCore.xcodeproj/project.pbxproj: Add missing files.
* css/FontLoader.cpp: Update to new Font representation.
(WebCore::LoadFontCallback::createFromParams):
(WebCore::LoadFontCallback::~LoadFontCallback):
(WebCore::FontLoader::loadFont):
(WebCore::FontLoader::checkFont):
(WebCore::applyPropertyToCurrentStyle):
(WebCore::FontLoader::resolveFontStyle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171690 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMake sure that we don't use non-speculative BooleanToNumber for a speculative Branch
fpizlo@apple.com [Mon, 28 Jul 2014 20:41:09 +0000 (20:41 +0000)]
Make sure that we don't use non-speculative BooleanToNumber for a speculative Branch
https://bugs.webkit.org/show_bug.cgi?id=135350
<rdar://problem/17509889>

Reviewed by Mark Hahnenberg and Oliver Hunt.

If we have an exiting node that uses a conversion node, then that exiting node
needs to have a Phantom after it for the the original node. But we can't do that
for Branch because https://bugs.webkit.org/show_bug.cgi?id=126778.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):
* tests/stress/branch-check-int32-on-boolean-to-number-untyped.js: Added.
(foo):
(test):
* tests/stress/branch-check-number-on-boolean-to-number-untyped.js: Added.
(foo):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171689 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoJSContext Inspector: crash when using step-into
commit-queue@webkit.org [Mon, 28 Jul 2014 20:38:32 +0000 (20:38 +0000)]
JSContext Inspector: crash when using step-into
https://bugs.webkit.org/show_bug.cgi?id=135345

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::stepInto):
Null check m_listener since it may not be set.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171688 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAllow for multiple DumpRenderTree and WebKitTestRunner instances in the iOS Simulator
dfarler@apple.com [Mon, 28 Jul 2014 20:03:45 +0000 (20:03 +0000)]
Allow for multiple DumpRenderTree and WebKitTestRunner instances in the iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=135272

Reviewed by Simon Fraser.

* DumpRenderTree/mac/DumpRenderTree.mm:
(dumpRenderTree): Remove hard-coding of FIFO paths.
(-[DumpRenderTree applicationDidEnterBackground:]): Create background task.
(DumpRenderTreeMain): Set DumpRenderTree as UIApplication delegate.
* DumpRenderTree/mac/DumpRenderTreeMac.h: bgTask ivar.
* Scripts/old-run-webkit-tests: Update FIFO paths for ORWT.
* WebKitTestRunner/TestController.cpp: Remove hard-coding of FIFO paths.
* WebKitTestRunner/ios/TestControllerIOS.mm: Move dup2 calls to platformInitialize
* WebKitTestRunner/ios/mainIOS.mm: bgTask ivar.
(-[WebKitTestRunnerApp applicationDidEnterBackground:]): Create background task.
(main): Set WebKitTestRunnerApp as UIApplication delegate.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoImageDiff builds for the simulator when running iOS layout tests
dfarler@apple.com [Mon, 28 Jul 2014 19:59:43 +0000 (19:59 +0000)]
ImageDiff builds for the simulator when running iOS layout tests
https://bugs.webkit.org/show_bug.cgi?id=135270

Reviewed by Simon Fraser.

* Scripts/build-imagediff: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171686 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoLet WheelEvent wrap a PlatformWheelEvent
commit-queue@webkit.org [Mon, 28 Jul 2014 19:35:48 +0000 (19:35 +0000)]
Let WheelEvent wrap a PlatformWheelEvent
https://bugs.webkit.org/show_bug.cgi?id=135244

WheelEvent now wraps a PlatformWheelEvent. m_directionInvertedFromDevice, as well as m_phase and m_momentumPhase
have been removed, since the information is redundant in PlatformWheelEvent. Note that deltaX and deltaY have
NOT been replaced, since we need double precision instead of float precision.

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-07-28
Reviewed by Beth Dakin.

No new tests, since behavior should not have changed.

* dom/WheelEvent.cpp:
(WebCore::WheelEvent::WheelEvent):
(WebCore::WheelEvent::initWheelEvent):
* dom/WheelEvent.h:
(WebCore::WheelEvent::wheelEvent): Returns a non-null pointer to the PlatformWheelEvent iff WheelEvent was initialized by PlatformWheelEvent.
(WebCore::WheelEvent::webkitDirectionInvertedFromDevice): Updated to use PlatformWheelEvent.
(WebCore::WheelEvent::phase): Updated to use PlatformWheelEvent.
(WebCore::WheelEvent::momentumPhase): Updated to use PlatformWheelEvent.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Replay: auto-decoding of parameterized vector's elements is incorrect
burg@cs.washington.edu [Mon, 28 Jul 2014 19:31:03 +0000 (19:31 +0000)]
Web Replay: auto-decoding of parameterized vector's elements is incorrect
https://bugs.webkit.org/show_bug.cgi?id=135343

Reviewed by Timothy Hatcher.

Fix an incorrect type argument in EncodingTraits<Vector<T>>::encodeValue
that was using the element's decoded type as the type parameter to
EncodedValue::append<T>. It should instead be the raw type T. This
causes problems when encoding Vector<RefPtr<T>>, as it later tries to
use encoding traits for RefPtr<T> rather than for T.

Fix incorrect generated encoding traits argument for vectors of
RefCounted objects. Updated test to cover this scenario.

* replay/scripts/CodeGeneratorReplayInputs.py:
(Type.encoding_type_argument):
(VectorType.type_name):
(VectorType):
(VectorType.encoding_type_argument):
(Generator.generate_input_encode_implementation):
(Generator.generate_input_decode_implementation):
* replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.cpp:
* replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
* replay/scripts/tests/generate-input-with-vector-members.json: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171684 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Replay: incorrect serialization code generated for enum classes inside class...
burg@cs.washington.edu [Mon, 28 Jul 2014 19:22:43 +0000 (19:22 +0000)]
Web Replay: incorrect serialization code generated for enum classes inside class scope
https://bugs.webkit.org/show_bug.cgi?id=135342

Reviewed by Timothy Hatcher.

If an enum class is defined inside of a class scope, then the enum class
cannot be forward-declared and the relevant header should be included.
Some generated code used incorrectly-scoped enum values in this situation.

* replay/scripts/CodeGeneratorReplayInputs.py:
(Generator.generate_includes.declaration.is):
(Generator.generate_enum_trait_implementation.is):
(Generator.generate_enum_trait_implementation):

Tests:

* replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp: Rebaselined.
* replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h: Rebaselined.
* replay/scripts/tests/generate-enums-with-same-base-name.json: Add enum
class types to this test case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171683 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Replay: vectors of characters should be base64-encoded
burg@cs.washington.edu [Mon, 28 Jul 2014 19:21:15 +0000 (19:21 +0000)]
Web Replay: vectors of characters should be base64-encoded
https://bugs.webkit.org/show_bug.cgi?id=135341

Reviewed by Timothy Hatcher.

Without this specialization, encode/decode methods try to create an
array of single characters in JSON, rather than treating the
vector as a binary blob.

* replay/EncodedValue.cpp:
(JSC::EncodingTraits<Vector<char>>::encodeValue): Added.
(JSC::EncodingTraits<Vector<char>>::decodeValue): Added.
* replay/EncodedValue.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171682 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSS3-Text] Update text-expectations after r171677
zoltan@webkit.org [Mon, 28 Jul 2014 19:02:20 +0000 (19:02 +0000)]
[CSS3-Text] Update text-expectations after r171677

Unreviewed.

* fast/css3-text/css3-text-justify/getComputedStyle/getComputedStyle-text-justify-expected.txt:
* fast/css3-text/css3-text-justify/getComputedStyle/getComputedStyle-text-justify-inherited-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171681 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Win] Unreviewed build fix.
bfulgham@apple.com [Mon, 28 Jul 2014 17:40:46 +0000 (17:40 +0000)]
[Win] Unreviewed build fix.

* JavaScriptCore.vcxproj/JavaScriptCore.proj: Switch from the 'Rebuild' target for MSBuild
builds to the 'Build' target to avoid a spurious 'clean' in between build steps.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171680 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed 'merge' fix.
bfulgham@apple.com [Mon, 28 Jul 2014 16:02:03 +0000 (16:02 +0000)]
Unreviewed 'merge' fix.

* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
Correct line endings to allow EWS merges again.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171678 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSS3-Text] Adjust text-justify implementation to the latest spec
zoltan@webkit.org [Mon, 28 Jul 2014 15:05:14 +0000 (15:05 +0000)]
[CSS3-Text] Adjust text-justify implementation to the latest spec
https://bugs.webkit.org/show_bug.cgi?id=135317

Reviewed by Darin Adler.

Source/WebCore:
Text-justify no longer accepts the following values: Inter-ideograph, inter-
cluster, and kashida. This patch removes them and updates the tests as well.

[1] http://dev.w3.org/csswg/css-text-3/#propdef-text-justify

Updated existing tests.

* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator TextJustify):
* css/CSSValueKeywords.in:
* rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::changeRequiresLayout):
* rendering/style/RenderStyleConstants.h:
* rendering/style/StyleRareInheritedData.h:

LayoutTests:
* fast/css3-text/css3-text-justify/getComputedStyle/script-tests/getComputedStyle-text-justify-inherited.js:
* fast/css3-text/css3-text-justify/getComputedStyle/script-tests/getComputedStyle-text-justify.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION (r169105): Crash in selection
abucur@adobe.com [Mon, 28 Jul 2014 13:19:22 +0000 (13:19 +0000)]
REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Patch by Radu Stavila <stavila@adobe.com> on 2014-07-28
Reviewed by Mihnea Ovidenie.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Test: fast/regions/selection/crash-deselect.html

* WebCore.xcodeproj/project.pbxproj:
* rendering/RenderSelectionInfo.h:
* rendering/RenderView.cpp:
(WebCore::RenderView::setSelection):
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::setSubtreeSelection): Deleted.
* rendering/RenderView.h:
* rendering/SelectionSubtreeRoot.cpp:
(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):
* rendering/SelectionSubtreeRoot.h:
(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

Reviewed by NOBODY (OOPS!).

* fast/regions/selection/crash-deselect-expected.txt: Added.
* fast/regions/selection/crash-deselect.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171676 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCSS: Fix :visited behavior for SubSelectors
utatane.tea@gmail.com [Mon, 28 Jul 2014 09:48:44 +0000 (09:48 +0000)]
CSS: Fix :visited behavior for SubSelectors
https://bugs.webkit.org/show_bug.cgi?id=135324

Reviewed by Benjamin Poulain.

Disable :visited match for the selectors that has SubSelectors.

Source/WebCore:

Tests: fast/history/nested-visited-test-complex.html
       fast/history/sibling-visited-test-complex.html

* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::matchRecursively):

LayoutTests:
This `isSubSelector` (`context.firstSelectorOfTheFragment == context.selector`) is intended to
check `relation != CSSSelector::SubSelector`.
But since this value belongs to the previous selector and it is tested inside the branch that checks
the next selector isn't SubSelector `relation != CSSSelector::SubSelector`,
this only matches when the previous selector doesn't has SubSelectors.

* fast/history/nested-visited-test-complex-expected.txt: Added.
* fast/history/nested-visited-test-complex.html: Added.
* fast/history/sibling-visited-test-complex-expected.txt: Added.
* fast/history/sibling-visited-test-complex.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171675 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFollowup fix after r171594
ossy@webkit.org [Mon, 28 Jul 2014 08:41:17 +0000 (08:41 +0000)]
Followup fix after r171594
https://bugs.webkit.org/show_bug.cgi?id=135048

Patch by Renato Nagy <nagy.renato@stud.u-szeged.hu> on 2014-07-28
Reviewed by Csaba Osztrogonác.

* Scripts/sort-export-file: Removed extra newlines from help.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171674 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove unused preference keys
psolanki@apple.com [Mon, 28 Jul 2014 06:50:21 +0000 (06:50 +0000)]
Remove unused preference keys
https://bugs.webkit.org/show_bug.cgi?id=135280

Reviewed by Darin Adler.

Source/WebKit/mac:
* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences _setPageCacheSize:]): Deleted.
(-[WebPreferences _pageCacheSize]): Deleted.
(-[WebPreferences _setObjectCacheSize:]): Deleted.
(-[WebPreferences _objectCacheSize]): Deleted.
* WebView/WebPreferencesPrivate.h:

Source/WebKit/win:
* WebPreferenceKeysPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171673 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove GraphicsSurfaceGLX.cpp
ryuan.choi@samsung.com [Mon, 28 Jul 2014 06:47:28 +0000 (06:47 +0000)]
Remove GraphicsSurfaceGLX.cpp
https://bugs.webkit.org/show_bug.cgi?id=135279

Reviewed by Darin Adler.

GraphicsSurfaceGLX.cpp is not used since Qt dropped and Efl port changed at r146458

* platform/graphics/surfaces/glx/GraphicsSurfaceGLX.cpp: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171672 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSupport for :enabled selector on Anchor & Area elements
bruno.d@partner.samsung.com [Mon, 28 Jul 2014 02:28:00 +0000 (02:28 +0000)]
Support for :enabled selector on Anchor & Area elements
https://bugs.webkit.org/show_bug.cgi?id=134826

Reviewed by Darin Adler.

Source/WebCore:
Updates the PseudoClassEnabled selector checker to check for Anchor & Area
elements with a 'href' attribute.

Spec: http://html.spec.whatwg.org/#selector-enabled

Test: fast/css/css-selector-enabled-links.html

* css/SelectorCheckerTestFunctions.h:
(WebCore::isEnabled): Added check for anchor & area elements.

LayoutTests:
Added tests for :enabled CSS selector on Anchor & Area elements.

* fast/css/css-selector-enabled-links-expected.txt: Added.
* fast/css/css-selector-enabled-links.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171671 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Keep non-DATABASE_PROCESS build
ryuan.choi@samsung.com [Mon, 28 Jul 2014 02:08:24 +0000 (02:08 +0000)]
[GTK] Keep non-DATABASE_PROCESS build
https://bugs.webkit.org/show_bug.cgi?id=135321

Patch by Yusuke Suzuki <utatane.tea@gmail.com> on 2014-07-27
Reviewed by Gyuyoung Kim.

This is the patch for r171622 in non-DATABASE_PROCESS builds.
Change sendToDatabaseProcessRelaunchingIfNecessary to support non-DATABASE_PROCESS implementation.

* CMakeLists.txt:
* UIProcess/WebContext.h:
(WebKit::WebContext::sendToDatabaseProcessRelaunchingIfNecessary):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171667 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix on the EFL port
ryuan.choi@samsung.com [Mon, 28 Jul 2014 02:02:43 +0000 (02:02 +0000)]
Unreviewed build fix on the EFL port

Build break because of -Werror=return-type

* bytecode/PutByIdVariant.cpp:
(JSC::PutByIdVariant::oldStructureForTransition):
* dfg/DFGValueStrength.h:
(JSC::DFG::merge):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171666 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDon't rely on reading applicationState from within DidEnterBackground/WillEnterForeground
barraclough@apple.com [Sun, 27 Jul 2014 23:36:23 +0000 (23:36 +0000)]
Don't rely on reading applicationState from within DidEnterBackground/WillEnterForeground
https://bugs.webkit.org/show_bug.cgi?id=135329
rdar://problem/17818308

Reviewed by Sam Weinig.

API may not be stable.

* UIProcess/ios/PageClientImplIOS.mm:
(WebKit::PageClientImpl::isViewVisible):
    - changed to use -[WKContentView isBackground]
* UIProcess/ios/ProcessAssertionIOS.mm:
(-[WKProcessAssertionBackgroundTaskManager init]):
    - split notification handlers
(-[WKProcessAssertionBackgroundTaskManager _applicationWillEnterForeground:]):
(-[WKProcessAssertionBackgroundTaskManager _applicationDidEnterBackground:]):
(-[WKProcessAssertionBackgroundTaskManager _applicationDidEnterBackgroundOrWillEnterForeground:]): Deleted.
    - Assume application is background is after DidEnterBackground, and not after WillEnterForeground
* UIProcess/ios/WKContentView.h:
    - added isBackground.
* UIProcess/ios/WKContentView.mm:
(-[WKContentView initWithFrame:context:configuration:webView:]):
    - check applicationState at init.
(-[WKContentView isBackground]):
    - accessor
(-[WKContentView _applicationDidEnterBackground:]):
(-[WKContentView _applicationWillEnterForeground:]):
    - update isBackground

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171663 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[REGRESSION][ftlopt merge][32-bit] stress/prune-multi-put-by-offset-replace-or-transi...
fpizlo@apple.com [Sun, 27 Jul 2014 23:35:32 +0000 (23:35 +0000)]
[REGRESSION][ftlopt merge][32-bit] stress/prune-multi-put-by-offset-replace-or-transition-variant.js.dfg-eager hits an assertion in SpeculativeJIT::silentSavePlanForGPR
https://bugs.webkit.org/show_bug.cgi?id=135323

Reviewed by Oliver Hunt.

SpeculativeJIT::silentSavePlanForGPR likes to believe that if a node is a constant,
then it's a constant that can be represented using that node's current DataFormat.
This doesn't work if the constant had been filled as a JSValue, and then one of the
fillSpeculateBlah() methods had speculated that it's of some type that the constant
isn't. Unless fillSpeculateBlah() specifically defends against this case, we'll have
a constant that claims to have a contradictory data format.

This patch fixes such a bug in the 32-bit fillSpeculateCell(). The 64-bit
fillSpeculateCell() appears to not have this bug, but I added a similar defense
mechanism anyway just in case, since this is one of those mistakes that keeps
reappearing.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171662 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[WK2] Crash when accessing window.localStorage after calling window.close()
dbates@webkit.org [Sun, 27 Jul 2014 23:33:10 +0000 (23:33 +0000)]
[WK2] Crash when accessing window.localStorage after calling window.close()
https://bugs.webkit.org/show_bug.cgi?id=135328
<rdar://problem/17315237>

Reviewed by Sam Weinig.

Source/WebCore:
Fixes an issue where accessing local storage for the first time after calling window.close()
causes a crash.

For now, we should disallow accessing local storage after calling window.close() regardless of
whether it's the first access to local storage as this seems like a bad idiom to support. Note,
this represents a change in behavior from WebKit1. If such usage of window.localStorage turns
out to be reasonable then we can visit this decision again in <https://bugs.webkit.org/show_bug.cgi?id=135330>.

Tests: storage/domstorage/localstorage/access-storage-after-window-close.html
       storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close.html
       storage/domstorage/localstorage/set-value-in-storage-after-window-close.html

* page/DOMWindow.cpp:
(WebCore::DOMWindow::localStorage): Modified to only return the cached local storage or
create a new local storage so long as the page isn't being closed. Also, substitute nullptr
for 0.
(WebCore::DOMWindow::close): Call Page::setIsClosing() to mark that the page is closing.
* page/Page.cpp:
(WebCore::Page::Page): Initialize m_isClosing to false.
* page/Page.h:
(WebCore::Page::setIsClosing): Added.
(WebCore::Page::isClosing): Added.

LayoutTests:
Added test by Andy Estes, LayoutTests/storage/domstorage/localstorage/access-storage-after-window-close.html,
to ensure that we don't crash when accessing local storage for the first time after calling window.close().

Additionally added tests that ensure that updates to local storage are ignored after calling
window.close() regardless of whether local storage was accessed before the call to window.close().

* storage/domstorage/localstorage/access-storage-after-window-close-expected.txt: Added.
* storage/domstorage/localstorage/access-storage-after-window-close.html: Added.
* storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close-expected.txt: Added.
* storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close.html: Added.
* storage/domstorage/localstorage/resources/access-storage-close-window-and-set-value-in-storage.html: Added.
* storage/domstorage/localstorage/resources/close-window-and-access-storage.html: Added.
* storage/domstorage/localstorage/resources/close-window-and-set-value-in-storage.html: Added.
* storage/domstorage/localstorage/set-value-in-storage-after-window-close-expected.txt: Added.
* storage/domstorage/localstorage/set-value-in-storage-after-window-close.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171661 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMerge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376...
fpizlo@apple.com [Sun, 27 Jul 2014 23:14:40 +0000 (23:14 +0000)]
Merge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376, r170382, r170383, r170399, r170436, r170489, r170490, r170556 from ftlopt.

Source/JavaScriptCore:

This fixes the previous mismerge and adds test coverage for the thing that went wrong.

Additional changes listed here:

* jsc.cpp:
(functionHasCustomProperties): Expose a way of checking hasCustomProperties(), which the DOM relies on. The regression I previously introduced was because this didn't work right. Now we can test it!
* runtime/Structure.cpp:
(JSC::Structure::Structure): This was supposed to be setDidTransition(true); the last merge had it set to false.
* tests/stress/has-custom-properties.js: Added. This test failed with the mismerge.

    2014-06-27  Michael Saboff  <msaboff@apple.com>

    Unreviewed build fix after r169795.

    Fixed ASSERT for 32 bit build.

    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):

    2014-06-24  Saam Barati  <sbarati@apple.com>

    Web Inspector: debugger should be able to show variable types
    https://bugs.webkit.org/show_bug.cgi?id=133395

    Reviewed by Filip Pizlo.

    Increase the amount of type information the VM gathers when directed
    to do so. This initial commit is working towards the goal of
    capturing, and then showing (via the Web Inspector) type information for all
    assignment and load operations. This patch doesn't have the feature fully
    implemented, but it ensures the VM has no performance regressions
    unless the feature is specifically turned on.

    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/BytecodeList.json:
    * bytecode/BytecodeUseDef.h:
    (JSC::computeUsesForBytecodeOffset):
    (JSC::computeDefsForBytecodeOffset):
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::finalizeUnconditionally):
    * bytecode/CodeBlock.h:
    * bytecode/Instruction.h:
    * bytecode/TypeLocation.h: Added.
    (JSC::TypeLocation::TypeLocation):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitMove):
    (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
    (JSC::BytecodeGenerator::emitPutToScope):
    (JSC::BytecodeGenerator::emitPutById):
    (JSC::BytecodeGenerator::emitPutByVal):
    * bytecompiler/BytecodeGenerator.h:
    (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity):
    * bytecompiler/NodesCodegen.cpp:
    (JSC::PostfixNode::emitResolve):
    (JSC::PrefixNode::emitResolve):
    (JSC::ReadModifyResolveNode::emitBytecode):
    (JSC::AssignResolveNode::emitBytecode):
    (JSC::ConstDeclNode::emitCodeSingle):
    (JSC::ForInNode::emitBytecode):
    * heap/Heap.cpp:
    (JSC::Heap::collect):
    * inspector/agents/InspectorRuntimeAgent.cpp:
    (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange):
    * inspector/agents/InspectorRuntimeAgent.h:
    * inspector/protocol/Runtime.json:
    * jsc.cpp:
    (GlobalObject::finishCreation):
    (functionDumpTypesForAllVariables):
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    (JSC::LLInt::putToScopeCommon):
    * llint/LLIntSlowPaths.h:
    * llint/LowLevelInterpreter.asm:
    * runtime/HighFidelityLog.cpp: Added.
    (JSC::HighFidelityLog::initializeHighFidelityLog):
    (JSC::HighFidelityLog::~HighFidelityLog):
    (JSC::HighFidelityLog::recordTypeInformationForLocation):
    (JSC::HighFidelityLog::processHighFidelityLog):
    (JSC::HighFidelityLog::actuallyProcessLogThreadFunction):
    * runtime/HighFidelityLog.h: Added.
    (JSC::HighFidelityLog::HighFidelityLog):
    * runtime/HighFidelityTypeProfiler.cpp: Added.
    (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::insertNewLocation):
    (JSC::HighFidelityTypeProfiler::getLocationBasedHash):
    * runtime/HighFidelityTypeProfiler.h: Added.
    * runtime/Options.h:
    * runtime/Structure.cpp:
    (JSC::Structure::toStructureShape):
    * runtime/Structure.h:
    * runtime/SymbolTable.cpp:
    (JSC::SymbolTable::SymbolTable):
    (JSC::SymbolTable::cloneCapturedNames):
    (JSC::SymbolTable::uniqueIDForVariable):
    (JSC::SymbolTable::uniqueIDForRegister):
    (JSC::SymbolTable::globalTypeSetForRegister):
    (JSC::SymbolTable::globalTypeSetForVariable):
    * runtime/SymbolTable.h:
    (JSC::SymbolTable::add):
    (JSC::SymbolTable::set):
    * runtime/TypeSet.cpp: Added.
    (JSC::TypeSet::TypeSet):
    (JSC::TypeSet::getRuntimeTypeForValue):
    (JSC::TypeSet::addTypeForValue):
    (JSC::TypeSet::removeDuplicatesInStructureHistory):
    (JSC::TypeSet::seenTypes):
    (JSC::TypeSet::dumpSeenTypes):
    (JSC::StructureShape::StructureShape):
    (JSC::StructureShape::markAsFinal):
    (JSC::StructureShape::addProperty):
    (JSC::StructureShape::propertyHash):
    (JSC::StructureShape::leastUpperBound):
    (JSC::StructureShape::stringRepresentation):
    * runtime/TypeSet.h: Added.
    (JSC::StructureShape::create):
    (JSC::TypeSet::create):
    * runtime/VM.cpp:
    (JSC::VM::VM):
    (JSC::VM::getTypesForVariableInRange):
    (JSC::VM::updateHighFidelityTypeProfileState):
    (JSC::VM::dumpHighFidelityProfilingTypes):
    * runtime/VM.h:
    (JSC::VM::isProfilingTypesWithHighFidelity):
    (JSC::VM::highFidelityLog):
    (JSC::VM::highFidelityTypeProfiler):
    (JSC::VM::nextLocation):
    (JSC::VM::getNextUniqueVariableID):

    2014-06-26  Mark Lam  <mark.lam@apple.com>

    Remove unused instantiation of the WithScope structure.
    <https://webkit.org/b/134331>

    Reviewed by Oliver Hunt.

    The WithScope structure instance is the VM is unused, and is now removed.

    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>

    Structure bit fields should have a consistent format
    https://bugs.webkit.org/show_bug.cgi?id=134307

    Reviewed by Filip Pizlo.

    Currently we use C-style bit fields for a number of member variables in Structure to save space.
    This makes it difficult to load these fields in the JIT. We should instead use our own bitfield
    format to make it easy to load and test these variables in JIT code.

    * runtime/JSObject.cpp:
    (JSC::JSObject::putDirectNonIndexAccessor):
    (JSC::JSObject::reifyStaticFunctionsForDelete):
    * runtime/Structure.cpp:
    (JSC::StructureTransitionTable::contains):
    (JSC::StructureTransitionTable::get):
    (JSC::StructureTransitionTable::add):
    (JSC::Structure::Structure):
    (JSC::Structure::materializePropertyMap):
    (JSC::Structure::addPropertyTransition):
    (JSC::Structure::despecifyFunctionTransition):
    (JSC::Structure::toDictionaryTransition):
    (JSC::Structure::freezeTransition):
    (JSC::Structure::preventExtensionsTransition):
    (JSC::Structure::takePropertyTableOrCloneIfPinned):
    (JSC::Structure::nonPropertyTransition):
    (JSC::Structure::flattenDictionaryStructure):
    (JSC::Structure::addPropertyWithoutTransition):
    (JSC::Structure::pin):
    (JSC::Structure::allocateRareData):
    (JSC::Structure::cloneRareDataFrom):
    (JSC::Structure::getConcurrently):
    (JSC::Structure::putSpecificValue):
    (JSC::Structure::getPropertyNamesFromStructure):
    (JSC::Structure::visitChildren):
    (JSC::Structure::checkConsistency):
    * runtime/Structure.h:
    (JSC::Structure::isExtensible):
    (JSC::Structure::isDictionary):
    (JSC::Structure::isUncacheableDictionary):
    (JSC::Structure::propertyAccessesAreCacheable):
    (JSC::Structure::previousID):
    (JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck):
    (JSC::Structure::setContainsReadOnlyProperties):
    (JSC::Structure::disableSpecificFunctionTracking):
    (JSC::Structure::objectToStringValue):
    (JSC::Structure::setObjectToStringValue):
    (JSC::Structure::setPreviousID):
    (JSC::Structure::clearPreviousID):
    (JSC::Structure::previous):
    (JSC::Structure::rareData):
    (JSC::Structure::didTransition): Deleted.
    (JSC::Structure::hasGetterSetterProperties): Deleted.
    (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): Deleted.
    (JSC::Structure::setHasGetterSetterProperties): Deleted.
    (JSC::Structure::hasNonEnumerableProperties): Deleted.
    (JSC::Structure::staticFunctionsReified): Deleted.
    (JSC::Structure::setStaticFunctionsReified): Deleted.
    * runtime/StructureInlines.h:
    (JSC::Structure::setEnumerationCache):
    (JSC::Structure::enumerationCache):
    (JSC::Structure::checkOffsetConsistency):

    2014-06-24  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * debugger/DebuggerActivation.cpp: Removed.
    * debugger/DebuggerActivation.h: Removed.
    * debugger/DebuggerScope.cpp: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.cpp.
    (JSC::DebuggerScope::DebuggerScope):
    (JSC::DebuggerScope::finishCreation):
    (JSC::DebuggerScope::visitChildren):
    (JSC::DebuggerScope::className):
    (JSC::DebuggerScope::getOwnPropertySlot):
    (JSC::DebuggerScope::put):
    (JSC::DebuggerScope::deleteProperty):
    (JSC::DebuggerScope::getOwnPropertyNames):
    (JSC::DebuggerScope::defineOwnProperty):
    (JSC::DebuggerActivation::DebuggerActivation): Deleted.
    (JSC::DebuggerActivation::finishCreation): Deleted.
    (JSC::DebuggerActivation::visitChildren): Deleted.
    (JSC::DebuggerActivation::className): Deleted.
    (JSC::DebuggerActivation::getOwnPropertySlot): Deleted.
    (JSC::DebuggerActivation::put): Deleted.
    (JSC::DebuggerActivation::deleteProperty): Deleted.
    (JSC::DebuggerActivation::getOwnPropertyNames): Deleted.
    (JSC::DebuggerActivation::defineOwnProperty): Deleted.
    * debugger/DebuggerScope.h: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.h.
    (JSC::DebuggerScope::create):
    (JSC::DebuggerActivation::create): Deleted.
    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] PutByIdFlush can also be converted to a PutByOffset so don't assert otherwise
    https://bugs.webkit.org/show_bug.cgi?id=134265

    Reviewed by Geoffrey Garen.

    More assertion fallout from the PutById folding work.

    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToPutByOffset):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] GC should notify us if it resets to_this
    https://bugs.webkit.org/show_bug.cgi?id=128231

    Reviewed by Geoffrey Garen.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/BytecodeList.json:
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::finalizeUnconditionally):
    * bytecode/Instruction.h:
    * bytecode/ToThisStatus.cpp: Added.
    (JSC::merge):
    (WTF::printInternal):
    * bytecode/ToThisStatus.h: Added.
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::BytecodeGenerator):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * llint/LowLevelInterpreter32_64.asm:
    * llint/LowLevelInterpreter64.asm:
    * runtime/CommonSlowPaths.cpp:
    (JSC::SLOW_PATH_DECL):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] StructureAbstractValue::onlyStructure() should return nullptr if isClobbered()
    https://bugs.webkit.org/show_bug.cgi?id=134256

    Reviewed by Michael Saboff.

    This isn't testable right now (i.e. it's benign) but we should get it right anyway. The
    point is to be able to precisely model what goes on in the snippets of code between a
    side-effect and an InvalidationPoint.

    This patch also cleans up onlyStructure() by delegating more work to
    StructureSet::onlyStructure().

    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::onlyStructure):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt][REGRESSION] PutById AI is introducing watchable structures without watching them
    https://bugs.webkit.org/show_bug.cgi?id=134260

    Reviewed by Geoffrey Garen.

    This was causing loads of assertion failures in debug builds.

    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

    2014-06-21  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
    https://bugs.webkit.org/show_bug.cgi?id=134090

    Reviewed by Oliver Hunt.

    This pretty much finishes off the work to eliminate the special-casing of singleton
    structure sets by making it possible to fold GetById and PutById to various polymorphic
    forms of the ByOffset nodes.

    * bytecode/GetByIdStatus.cpp:
    (JSC::GetByIdStatus::computeForStubInfo):
    (JSC::GetByIdStatus::computeFor):
    * bytecode/GetByIdStatus.h:
    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::computeFor):
    * bytecode/PutByIdStatus.h:
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::constantChecks):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    (JSC::DFG::ConstantFoldingPhase::addChecks):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToMultiGetByOffset):
    (JSC::DFG::Node::convertToMultiPutByOffset):
    * dfg/DFGSpeculativeJIT64.cpp: Also convert all release assertions to DFG assertions in this file, because I was hitting some of them while debugging.
    (JSC::DFG::SpeculativeJIT::fillJSValue):
    (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
    (JSC::DFG::SpeculativeJIT::emitCall):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
    (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
    (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
    (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
    (JSC::DFG::SpeculativeJIT::compileLogicalNot):
    (JSC::DFG::SpeculativeJIT::emitBranch):
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::set):

    2014-06-19  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] StructureSet::onlyStructure() should return nullptr if it's not a singleton (instead of asserting)
    https://bugs.webkit.org/show_bug.cgi?id=134077

    Reviewed by Sam Weinig.

    This makes StructureSet and StructureAbstractValue more consistent and fixes a debug assert
    in the abstract interpreter.

    * bytecode/StructureSet.h:
    (JSC::StructureSet::onlyStructure):

    2014-06-18  Filip Pizlo  <fpizlo@apple.com>

    DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
    https://bugs.webkit.org/show_bug.cgi?id=133918

    Reviewed by Mark Hahnenberg.

    This also adds pruning of PutStructure, since I basically had no choice but
    to implement such logic within MultiPutByOffset.

    Also adds a bunch of PutById cache status dumping to bytecode dumping.

    * bytecode/GetByIdVariant.cpp:
    (JSC::GetByIdVariant::dumpInContext):
    * bytecode/GetByIdVariant.h:
    (JSC::GetByIdVariant::structureSet):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::oldStructure):
    * bytecode/StructureSet.cpp:
    (JSC::StructureSet::filter):
    (JSC::StructureSet::filterArrayModes):
    * bytecode/StructureSet.h:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGAbstractValue.cpp:
    (JSC::DFG::AbstractValue::changeStructure):
    (JSC::DFG::AbstractValue::contains):
    * dfg/DFGAbstractValue.h:
    (JSC::DFG::AbstractValue::couldBeType):
    (JSC::DFG::AbstractValue::isType):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::freezeStrong):
    * dfg/DFGGraph.h:
    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::operator=):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
    * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):
    * tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):
    * tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):

    2014-06-18  Mark Hahnenberg  <mhahnenberg@apple.com>

    Remove CompoundType and LeafType
    https://bugs.webkit.org/show_bug.cgi?id=134037

    Reviewed by Filip Pizlo.

    We don't use them for anything. We'll replace them with a generic CellType type for all
    the objects that are JSCells, aren't JSObjects, and for which we generally don't care about
    their JSType at runtime.

    * llint/LLIntData.cpp:
    (JSC::LLInt::Data::performAssertions):
    * runtime/ArrayBufferNeuteringWatchpoint.cpp:
    (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
    * runtime/Executable.h:
    (JSC::ExecutableBase::createStructure):
    (JSC::NativeExecutable::createStructure):
    * runtime/JSPromiseDeferred.h:
    (JSC::JSPromiseDeferred::createStructure):
    * runtime/JSPromiseReaction.h:
    (JSC::JSPromiseReaction::createStructure):
    * runtime/JSPropertyNameIterator.h:
    (JSC::JSPropertyNameIterator::createStructure):
    * runtime/JSType.h:
    * runtime/JSTypeInfo.h:
    (JSC::TypeInfo::TypeInfo):
    * runtime/MapData.h:
    (JSC::MapData::createStructure):
    * runtime/PropertyMapHashTable.h:
    (JSC::PropertyTable::createStructure):
    * runtime/RegExp.h:
    (JSC::RegExp::createStructure):
    * runtime/SparseArrayValueMap.cpp:
    (JSC::SparseArrayValueMap::createStructure):
    * runtime/Structure.cpp:
    (JSC::Structure::Structure):
    * runtime/StructureChain.h:
    (JSC::StructureChain::createStructure):
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::createStructure):
    * runtime/SymbolTable.h:
    (JSC::SymbolTable::createStructure):
    * runtime/WeakMapData.h:
    (JSC::WeakMapData::createStructure):

    2014-06-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] PutStructure and PhantomPutStructure shouldn't leave the world in a clobbered state
    https://bugs.webkit.org/show_bug.cgi?id=134002

    Reviewed by Mark Hahnenberg.

    The effect of this bug was that if we had a PutStructure or PhantomPutStructure then any
    JSConstants would be in a Clobbered state, so we wouldn't take advantage of our knowledge
    of the structure if that structure was watchable.

    Also kill PhantomPutStructure.

    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGDoesGC.cpp:
    (JSC::DFG::doesGC):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::visitChildren):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasTransition):
    * dfg/DFGNodeType.h:
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureAbstractValue.cpp:
    (JSC::DFG::StructureAbstractValue::observeTransition):
    (JSC::DFG::StructureAbstractValue::observeTransitions):
    * dfg/DFGValidate.cpp:
    (JSC::DFG::Validate::validate):
    * dfg/DFGWatchableStructureWatchingPhase.cpp:
    (JSC::DFG::WatchableStructureWatchingPhase::run):
    * ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileNode):
    (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure): Deleted.

    2014-06-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
    https://bugs.webkit.org/show_bug.cgi?id=133964

    Reviewed by Mark Hahnenberg.

    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::appendVariant):
    (JSC::PutByIdStatus::computeForStubInfo):
    * bytecode/PutByIdVariant.cpp:
    (JSC::PutByIdVariant::oldStructureForTransition):
    (JSC::PutByIdVariant::writesStructures):
    (JSC::PutByIdVariant::reallocatesStorage):
    (JSC::PutByIdVariant::attemptToMerge):
    (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
    (JSC::PutByIdVariant::dumpInContext):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::PutByIdVariant):
    (JSC::PutByIdVariant::replace):
    (JSC::PutByIdVariant::transition):
    (JSC::PutByIdVariant::structure):
    (JSC::PutByIdVariant::oldStructure):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handlePutById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::visitChildren):
    * dfg/DFGNode.cpp:
    (JSC::DFG::MultiPutByOffsetData::writesStructures):
    (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
    * ftl/FTLAbbreviations.h:
    (JSC::FTL::getLinkage):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
    (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):

Source/WebCore:

This fixes the previous mismerge and adds test coverage for the thing that went wrong.
Also, this adds some helpers for making it easier to inspect JavaScript values.

* testing/Internals.cpp:
(WebCore::Internals::description):
* testing/Internals.h:
* testing/Internals.idl:

    2014-07-25  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    No new tests.

    * ForwardingHeaders/debugger/DebuggerActivation.h: Removed.
    - Removed because this is not used.

Source/WebKit/mac:

    2014-07-25  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    * WebView/WebScriptDebugDelegate.mm:
    - Removed unneeded #include.

Source/WTF:

* wtf/text/WTFString.h:

LayoutTests:

* js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Added.
* js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Added.
* js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Added.
* js/regress/fold-get-by-id-to-multi-get-by-offset.html: Added.
* js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Added.
* js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Added.
* js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Added.
* js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Added.
* js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Added.
* js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Added.
* js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Added.
* js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Added.
* js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Added.
* js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Added.
* js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Added.
* js/regress/fold-put-by-id-to-multi-put-by-offset.html: Added.
* js/regress/fold-put-structure-expected.txt: Added.
* js/regress/fold-put-structure.html: Added.
* js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Added.
* js/regress/hoist-poly-check-structure-effectful-loop.html: Added.
* js/regress/hoist-poly-check-structure-expected.txt: Added.
* js/regress/hoist-poly-check-structure.html: Added.
* js/regress/put-by-id-replace-and-transition-expected.txt: Added.
* js/regress/put-by-id-replace-and-transition.html: Added.
* js/regress/put-by-id-slightly-polymorphic-expected.txt: Added.
* js/regress/put-by-id-slightly-polymorphic.html: Added.
* js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Added.
(foo):
(fu):
(bar):
(.bar):
(Number):
* js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
(Number):
* js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/fold-put-structure.js: Added.
(foo):
(fu):
(bar):
(.bar):
* js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Added.
(foo):
(test):
* js/regress/script-tests/hoist-poly-check-structure.js: Added.
(foo):
(test):
* js/regress/script-tests/put-by-id-replace-and-transition.js: Added.
* js/regress/script-tests/put-by-id-slightly-polymorphic.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171660 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[WebKit2 iOS]Add support for caret movement for the 3rd party keyboard protocol.
enrica@apple.com [Sun, 27 Jul 2014 17:25:15 +0000 (17:25 +0000)]
[WebKit2 iOS]Add support for caret movement for the 3rd party keyboard protocol.
https://bugs.webkit.org/show_bug.cgi?id=135325
<rdar://problem/17682120>

Reviewed by Sam Weinig.

WKContentView now implements moveByOffset to support the
protocol for 3rd party keyboards.

* UIProcess/WebPageProxy.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView moveByOffset:]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::moveSelectionByOffset):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::moveSelectionByOffset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171651 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Replay: log and enforce session/segment state machine transitions
burg@cs.washington.edu [Sat, 26 Jul 2014 19:48:49 +0000 (19:48 +0000)]
Web Replay: log and enforce session/segment state machine transitions
https://bugs.webkit.org/show_bug.cgi?id=135224

Reviewed by Timothy Hatcher.

For debugging purposes, log session and segment state transitions.
Assert that segment state transitions are valid.

No new tests. No behavior was changed.

* replay/ReplayController.cpp:
(WebCore::logDispatchedDOMEvent):
(WebCore::sessionStateToString):
(WebCore::segmentStateToString):
(WebCore::ReplayController::setSessionState):
(WebCore::ReplayController::setSegmentState):
(WebCore::ReplayController::createSegment):
(WebCore::ReplayController::completeSegment): Remove a wrong state transition.
(WebCore::ReplayController::loadSegmentAtIndex):
(WebCore::ReplayController::unloadSegment): Fix a now-erroneous assertion.
(WebCore::ReplayController::startPlayback):
(WebCore::ReplayController::pausePlayback):
(WebCore::ReplayController::willDispatchEvent):
(WebCore::ReplayController::cancelPlayback):
* replay/ReplayController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171650 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: ReplayManager uses undefined events and inconsistent event data
burg@cs.washington.edu [Sat, 26 Jul 2014 19:43:23 +0000 (19:43 +0000)]
Web Inspector: ReplayManager uses undefined events and inconsistent event data
https://bugs.webkit.org/show_bug.cgi?id=135222

Reviewed by Timothy Hatcher.

* UserInterface/Controllers/ReplayManager.js:
(WebInspector.ReplayManager.prototype.sessionCreated.this):
(WebInspector.ReplayManager.prototype.sessionCreated):
(WebInspector.ReplayManager.prototype.segmentLoaded):
(WebInspector.ReplayManager.prototype.segmentUnloaded):
(WebInspector.ReplayManager.prototype.stopCapturing):
(WebInspector.ReplayManager.prototype.replayToMarkIndex):
(WebInspector.ReplayManager.prototype.segmentCompleted.set catch):
(WebInspector.ReplayManager.prototype.segmentCompleted):
(WebInspector.ReplayManager.prototype.startCapturing):
(WebInspector.ReplayManager.prototype._changeSessionState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171649 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, roll out r171641-r171644. It broke some tests; will investigate and
fpizlo@apple.com [Sat, 26 Jul 2014 19:06:44 +0000 (19:06 +0000)]
Unreviewed, roll out r171641-r171644. It broke some tests; will investigate and
reland later.

Source/JavaScriptCore:
* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::printPutByIdCacheStatus): Deleted.
* bytecode/CodeBlock.h:
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForStubInfo):
(JSC::GetByIdStatus::computeFor):
* bytecode/GetByIdStatus.h:
* bytecode/GetByIdVariant.cpp:
(JSC::GetByIdVariant::dumpInContext):
* bytecode/GetByIdVariant.h:
(JSC::GetByIdVariant::structureSet):
* bytecode/Instruction.h:
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::appendVariant):
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::computeFor):
* bytecode/PutByIdStatus.h:
* bytecode/PutByIdVariant.cpp:
(JSC::PutByIdVariant::dumpInContext):
(JSC::PutByIdVariant::oldStructureForTransition): Deleted.
(JSC::PutByIdVariant::writesStructures): Deleted.
(JSC::PutByIdVariant::reallocatesStorage): Deleted.
(JSC::PutByIdVariant::attemptToMerge): Deleted.
(JSC::PutByIdVariant::attemptToMergeTransitionWithReplace): Deleted.
* bytecode/PutByIdVariant.h:
(JSC::PutByIdVariant::PutByIdVariant):
(JSC::PutByIdVariant::replace):
(JSC::PutByIdVariant::transition):
(JSC::PutByIdVariant::structure):
(JSC::PutByIdVariant::oldStructure):
(JSC::PutByIdVariant::newStructure):
(JSC::PutByIdVariant::constantChecks):
* bytecode/StructureSet.cpp:
(JSC::StructureSet::filter): Deleted.
(JSC::StructureSet::filterArrayModes): Deleted.
* bytecode/StructureSet.h:
(JSC::StructureSet::onlyStructure):
* bytecode/ToThisStatus.cpp: Removed.
* bytecode/ToThisStatus.h: Removed.
* bytecode/TypeLocation.h: Removed.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitPutByVal):
(JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): Deleted.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity): Deleted.
* bytecompiler/NodesCodegen.cpp:
(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode):
* debugger/DebuggerActivation.cpp: Added.
(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::finishCreation):
(JSC::DebuggerActivation::visitChildren):
(JSC::DebuggerActivation::className):
(JSC::DebuggerActivation::getOwnPropertySlot):
(JSC::DebuggerActivation::put):
(JSC::DebuggerActivation::deleteProperty):
(JSC::DebuggerActivation::getOwnPropertyNames):
(JSC::DebuggerActivation::defineOwnProperty):
* debugger/DebuggerActivation.h: Added.
(JSC::DebuggerActivation::create):
(JSC::DebuggerActivation::createStructure):
* debugger/DebuggerScope.cpp: Removed.
* debugger/DebuggerScope.h: Removed.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::changeStructure): Deleted.
(JSC::DFG::AbstractValue::contains): Deleted.
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::couldBeType):
(JSC::DFG::AbstractValue::isType):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
(JSC::DFG::ConstantFoldingPhase::addBaseCheck): Deleted.
(JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::visitChildren):
(JSC::DFG::Graph::freezeStrong):
* dfg/DFGGraph.h:
* dfg/DFGNode.cpp:
(JSC::DFG::MultiPutByOffsetData::writesStructures):
(JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToPutByOffset):
(JSC::DFG::Node::hasTransition):
(JSC::DFG::Node::convertToMultiGetByOffset): Deleted.
(JSC::DFG::Node::convertToMultiPutByOffset): Deleted.
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStructureAbstractValue.cpp:
(JSC::DFG::StructureAbstractValue::observeTransition):
(JSC::DFG::StructureAbstractValue::observeTransitions):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::onlyStructure):
(JSC::DFG::StructureAbstractValue::operator=): Deleted.
(JSC::DFG::StructureAbstractValue::set): Deleted.
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
* dfg/DFGWatchableStructureWatchingPhase.cpp:
(JSC::DFG::WatchableStructureWatchingPhase::run):
* ftl/FTLAbbreviations.h:
(JSC::FTL::getLinkage): Deleted.
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
(JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
(JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):
* heap/Heap.cpp:
(JSC::Heap::collect):
* inspector/agents/InspectorRuntimeAgent.cpp:
(Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange): Deleted.
* inspector/agents/InspectorRuntimeAgent.h:
* inspector/protocol/Runtime.json:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionDumpTypesForAllVariables): Deleted.
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::putToScopeCommon): Deleted.
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ArrayBufferNeuteringWatchpoint.cpp:
(JSC::ArrayBufferNeuteringWatchpoint::createStructure):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/Executable.h:
(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):
* runtime/HighFidelityLog.cpp: Removed.
* runtime/HighFidelityLog.h: Removed.
* runtime/HighFidelityTypeProfiler.cpp: Removed.
* runtime/HighFidelityTypeProfiler.h: Removed.
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::reifyStaticFunctionsForDelete):
* runtime/JSPromiseDeferred.h:
(JSC::JSPromiseDeferred::createStructure):
* runtime/JSPromiseReaction.h:
(JSC::JSPromiseReaction::createStructure):
* runtime/JSPropertyNameIterator.h:
(JSC::JSPropertyNameIterator::createStructure):
* runtime/JSType.h:
* runtime/JSTypeInfo.h:
(JSC::TypeInfo::TypeInfo):
* runtime/MapData.h:
(JSC::MapData::createStructure):
* runtime/Options.h:
* runtime/PropertyMapHashTable.h:
(JSC::PropertyTable::createStructure):
* runtime/RegExp.h:
(JSC::RegExp::createStructure):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::createStructure):
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::contains):
(JSC::StructureTransitionTable::get):
(JSC::StructureTransitionTable::add):
(JSC::Structure::Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::pin):
(JSC::Structure::allocateRareData):
(JSC::Structure::cloneRareDataFrom):
(JSC::Structure::getConcurrently):
(JSC::Structure::putSpecificValue):
(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::visitChildren):
(JSC::Structure::checkConsistency):
(JSC::Structure::toStructureShape): Deleted.
* runtime/Structure.h:
(JSC::Structure::isExtensible):
(JSC::Structure::didTransition):
(JSC::Structure::isDictionary):
(JSC::Structure::isUncacheableDictionary):
(JSC::Structure::hasBeenFlattenedBefore):
(JSC::Structure::propertyAccessesAreCacheable):
(JSC::Structure::previousID):
(JSC::Structure::hasGetterSetterProperties):
(JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
(JSC::Structure::setHasGetterSetterProperties):
(JSC::Structure::hasCustomGetterSetterProperties):
(JSC::Structure::setHasCustomGetterSetterProperties):
(JSC::Structure::setContainsReadOnlyProperties):
(JSC::Structure::hasNonEnumerableProperties):
(JSC::Structure::disableSpecificFunctionTracking):
(JSC::Structure::objectToStringValue):
(JSC::Structure::setObjectToStringValue):
(JSC::Structure::staticFunctionsReified):
(JSC::Structure::setStaticFunctionsReified):
(JSC::Structure::transitionWatchpointSet):
(JSC::Structure::setPreviousID):
(JSC::Structure::clearPreviousID):
(JSC::Structure::previous):
(JSC::Structure::rareData):
(JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck): Deleted.
(JSC::Structure::setHasCustomGetterSetterPropertiesWithProtoCheck): Deleted.
* runtime/StructureChain.h:
(JSC::StructureChain::createStructure):
* runtime/StructureInlines.h:
(JSC::Structure::setEnumerationCache):
(JSC::Structure::enumerationCache):
(JSC::Structure::checkOffsetConsistency):
* runtime/StructureRareData.cpp:
(JSC::StructureRareData::createStructure):
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneCapturedNames):
(JSC::SymbolTable::uniqueIDForVariable): Deleted.
(JSC::SymbolTable::uniqueIDForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForVariable): Deleted.
* runtime/SymbolTable.h:
(JSC::SymbolTable::createStructure):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):
* runtime/TypeSet.cpp: Removed.
* runtime/TypeSet.h: Removed.
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::getTypesForVariableInRange): Deleted.
(JSC::VM::updateHighFidelityTypeProfileState): Deleted.
(JSC::VM::dumpHighFidelityProfilingTypes): Deleted.
* runtime/VM.h:
(JSC::VM::isProfilingTypesWithHighFidelity): Deleted.
(JSC::VM::highFidelityLog): Deleted.
(JSC::VM::highFidelityTypeProfiler): Deleted.
(JSC::VM::nextLocation): Deleted.
(JSC::VM::getNextUniqueVariableID): Deleted.
* runtime/WeakMapData.h:
(JSC::WeakMapData::createStructure):
* tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Removed.
* tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Removed.
* tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Removed.

Source/WebCore:
* ForwardingHeaders/debugger/DebuggerActivation.h: Added.

Source/WebKit/mac:
* WebView/WebScriptDebugDelegate.mm:

Source/WTF:
* wtf/text/WTFString.h:

LayoutTests:
* js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Removed.
* js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Removed.
* js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Removed.
* js/regress/fold-get-by-id-to-multi-get-by-offset.html: Removed.
* js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Removed.
* js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Removed.
* js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Removed.
* js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Removed.
* js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Removed.
* js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Removed.
* js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Removed.
* js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Removed.
* js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Removed.
* js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Removed.
* js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Removed.
* js/regress/fold-put-by-id-to-multi-put-by-offset.html: Removed.
* js/regress/fold-put-structure-expected.txt: Removed.
* js/regress/fold-put-structure.html: Removed.
* js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Removed.
* js/regress/hoist-poly-check-structure-effectful-loop.html: Removed.
* js/regress/hoist-poly-check-structure-expected.txt: Removed.
* js/regress/hoist-poly-check-structure.html: Removed.
* js/regress/put-by-id-replace-and-transition-expected.txt: Removed.
* js/regress/put-by-id-replace-and-transition.html: Removed.
* js/regress/put-by-id-slightly-polymorphic-expected.txt: Removed.
* js/regress/put-by-id-slightly-polymorphic.html: Removed.
* js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Removed.
* js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Removed.
* js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Removed.
* js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Removed.
* js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Removed.
* js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Removed.
* js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Removed.
* js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Removed.
* js/regress/script-tests/fold-put-structure.js: Removed.
* js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Removed.
* js/regress/script-tests/hoist-poly-check-structure.js: Removed.
* js/regress/script-tests/put-by-id-replace-and-transition.js: Removed.
* js/regress/script-tests/put-by-id-slightly-polymorphic.js: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171648 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCrash in Web Content Process under ~PDFDocument under clearTouchEventListeners at...
timothy_horton@apple.com [Sat, 26 Jul 2014 18:45:04 +0000 (18:45 +0000)]
Crash in Web Content Process under ~PDFDocument under clearTouchEventListeners at topDocument()
https://bugs.webkit.org/show_bug.cgi?id=135319
<rdar://problem/17315168>

Reviewed by Darin Adler and Antti Koivisto.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::committedLoad):
Allow data through to WebCore for frames with custom content providers;
the only custom content provider currently implemented is main frame PDF
on iOS, which will end up creating a PDFDocument in WebCore, which drops all
data on the floor immediately, so this won't result in WebCore doing anything
with the data, but makes sure that more of the normal document lifecycle is maintained.

In the future, we might want to consider ensuring that all custom content providers
end up creating a SinkDocument or something similarly generic to ensure that
WebCore doesn't try to do anything with their data, but for now, the only client is covered.

* dom/Document.h:
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::prepareForDestruction):
Add a flag on Document, m_hasPreparedForDestruction, which ensures
that each Document only goes through prepareForDestruction() once.
prepareForDestruction() can be called a number of times during teardown,
but it's only necessary to actually execute it once.

This was previously achieved by virtue of all callers of prepareForDestruction()
first checking hasLivingRenderTree, and prepareForDestruction() tearing down
the render tree, but that meant that prepareForDestruction() was not called
for Documents who never had a render tree in the first place.

The only part of prepareForDestruction() that is now predicated on hasLivingRenderTree()
is the call to destroyRenderTree(); the rest of the function has the potential to be relevant
for non-rendered placeholder documents and can safely deal with them in other ways.

It is important to call prepareForDestruction() on non-rendered placeholder documents
because some of the cleanup (like disconnectFromFrame()) is critical to safe destruction.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::clear):
Call prepareForDestruction() even if we don't have a living render tree.
For the sake of minimizing change, removeFocusedNodeOfSubtree still
depends on having a living render tree before calling prepareForDestruction().

* page/Frame.cpp:
(WebCore::Frame::setView):
(WebCore::Frame::setDocument):
Call prepareForDestruction() even if we don't have a living render tree.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171647 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove accidental debugging console.log
commit-queue@webkit.org [Sat, 26 Jul 2014 16:44:19 +0000 (16:44 +0000)]
Remove accidental debugging console.log
https://bugs.webkit.org/show_bug.cgi?id=135315

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-26
Reviewed by Alexey Proskuryakov.

* UserInterface/Views/ApplicationCacheFrameContentView.js:
(WebInspector.ApplicationCacheFrameContentView.prototype._sortDataGrid):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171646 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Timelines performance is very slow, has many forced layouts
commit-queue@webkit.org [Sat, 26 Jul 2014 16:42:55 +0000 (16:42 +0000)]
Web Inspector: Timelines performance is very slow, has many forced layouts
https://bugs.webkit.org/show_bug.cgi?id=135313

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-26
Reviewed by Timothy Hatcher.

* UserInterface/Views/NavigationItem.js:
(WebInspector.NavigationItem):
(WebInspector.NavigationItem.prototype.get hidden):
(WebInspector.NavigationItem.prototype.set hidden):
Don't have the parent navigation bar update layout if the hidden state did not change.
This greatly reduces the number of forced layouts as timeline nodes are added.

* UserInterface/Views/NavigationSidebarPanel.js:
(WebInspector.NavigationSidebarPanel.prototype.showEmptyContentPlaceholder):
(WebInspector.NavigationSidebarPanel.prototype.hideEmptyContentPlaceholder):
Don't do any work if this is not changing the view.

(WebInspector.NavigationSidebarPanel.prototype._updateContentOverflowShadowVisibilitySoon):
(WebInspector.NavigationSidebarPanel.prototype._updateContentOverflowShadowVisibility):
(WebInspector.NavigationSidebarPanel.prototype._treeElementAddedOrChanged):
When first selecting a specific timeline (Layout / Scripts) we would have a very long hang
updating the content. Most of this was time spent updating the overflow shadow visibility
because every single tree element addition was causing a layout invalidation and forced layout.
Coalesce all of the tree element adds into a single update at the end.

* UserInterface/Views/TimelineOverview.js:
(WebInspector.TimelineOverview.prototype.updateLayout):
Calculating the visible duration checks offsetLeft. Calculate this once, outside
of a loop down below, to prevent or reduce possible forced layouts.

* UserInterface/Views/TreeOutline.js:
(TreeElement.prototype.revealed):
Prevent doing any work for timeline tree elements outside of the selected time range.
Previously they were considered revealed if a parent was expanded, even though that
parent was hidden. This greatly reduces the amount of work during a recording, since
previously we were potentially doing a forced layout for hidden nodes.

* UserInterface/Views/TimelineSidebarPanel.js:
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.looselyCompareRepresentedObjects):
Ignore ProfileNode, which may happen here in the Script timeline.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171645 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix Windows.
fpizlo@apple.com [Sat, 26 Jul 2014 05:59:42 +0000 (05:59 +0000)]
Attempt to fix Windows.

* wtf/text/WTFString.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171644 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix non-Xcode platforms.
fpizlo@apple.com [Sat, 26 Jul 2014 05:44:32 +0000 (05:44 +0000)]
Attempt to fix non-Xcode platforms.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171643 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix cloop.
fpizlo@apple.com [Sat, 26 Jul 2014 05:37:13 +0000 (05:37 +0000)]
Fix cloop.

* bytecode/CodeBlock.cpp:
(JSC::dumpChain):
(JSC::CodeBlock::printPutByIdCacheStatus):
* bytecode/StructureSet.cpp:
* bytecode/StructureSet.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171642 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMerge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376...
fpizlo@apple.com [Sat, 26 Jul 2014 05:18:16 +0000 (05:18 +0000)]
Merge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376, r170382, r170383, r170399, r170436, r170489, r170490, r170556 from ftlopt.

Source/JavaScriptCore:
    2014-06-27  Michael Saboff  <msaboff@apple.com>

    Unreviewed build fix after r169795.

    Fixed ASSERT for 32 bit build.

    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):

    2014-06-24  Saam Barati  <sbarati@apple.com>

    Web Inspector: debugger should be able to show variable types
    https://bugs.webkit.org/show_bug.cgi?id=133395

    Reviewed by Filip Pizlo.

    Increase the amount of type information the VM gathers when directed
    to do so. This initial commit is working towards the goal of
    capturing, and then showing (via the Web Inspector) type information for all
    assignment and load operations. This patch doesn't have the feature fully
    implemented, but it ensures the VM has no performance regressions
    unless the feature is specifically turned on.

    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/BytecodeList.json:
    * bytecode/BytecodeUseDef.h:
    (JSC::computeUsesForBytecodeOffset):
    (JSC::computeDefsForBytecodeOffset):
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::finalizeUnconditionally):
    * bytecode/CodeBlock.h:
    * bytecode/Instruction.h:
    * bytecode/TypeLocation.h: Added.
    (JSC::TypeLocation::TypeLocation):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitMove):
    (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
    (JSC::BytecodeGenerator::emitPutToScope):
    (JSC::BytecodeGenerator::emitPutById):
    (JSC::BytecodeGenerator::emitPutByVal):
    * bytecompiler/BytecodeGenerator.h:
    (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity):
    * bytecompiler/NodesCodegen.cpp:
    (JSC::PostfixNode::emitResolve):
    (JSC::PrefixNode::emitResolve):
    (JSC::ReadModifyResolveNode::emitBytecode):
    (JSC::AssignResolveNode::emitBytecode):
    (JSC::ConstDeclNode::emitCodeSingle):
    (JSC::ForInNode::emitBytecode):
    * heap/Heap.cpp:
    (JSC::Heap::collect):
    * inspector/agents/InspectorRuntimeAgent.cpp:
    (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange):
    * inspector/agents/InspectorRuntimeAgent.h:
    * inspector/protocol/Runtime.json:
    * jsc.cpp:
    (GlobalObject::finishCreation):
    (functionDumpTypesForAllVariables):
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    (JSC::LLInt::putToScopeCommon):
    * llint/LLIntSlowPaths.h:
    * llint/LowLevelInterpreter.asm:
    * runtime/HighFidelityLog.cpp: Added.
    (JSC::HighFidelityLog::initializeHighFidelityLog):
    (JSC::HighFidelityLog::~HighFidelityLog):
    (JSC::HighFidelityLog::recordTypeInformationForLocation):
    (JSC::HighFidelityLog::processHighFidelityLog):
    (JSC::HighFidelityLog::actuallyProcessLogThreadFunction):
    * runtime/HighFidelityLog.h: Added.
    (JSC::HighFidelityLog::HighFidelityLog):
    * runtime/HighFidelityTypeProfiler.cpp: Added.
    (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange):
    (JSC::HighFidelityTypeProfiler::insertNewLocation):
    (JSC::HighFidelityTypeProfiler::getLocationBasedHash):
    * runtime/HighFidelityTypeProfiler.h: Added.
    * runtime/Options.h:
    * runtime/Structure.cpp:
    (JSC::Structure::toStructureShape):
    * runtime/Structure.h:
    * runtime/SymbolTable.cpp:
    (JSC::SymbolTable::SymbolTable):
    (JSC::SymbolTable::cloneCapturedNames):
    (JSC::SymbolTable::uniqueIDForVariable):
    (JSC::SymbolTable::uniqueIDForRegister):
    (JSC::SymbolTable::globalTypeSetForRegister):
    (JSC::SymbolTable::globalTypeSetForVariable):
    * runtime/SymbolTable.h:
    (JSC::SymbolTable::add):
    (JSC::SymbolTable::set):
    * runtime/TypeSet.cpp: Added.
    (JSC::TypeSet::TypeSet):
    (JSC::TypeSet::getRuntimeTypeForValue):
    (JSC::TypeSet::addTypeForValue):
    (JSC::TypeSet::removeDuplicatesInStructureHistory):
    (JSC::TypeSet::seenTypes):
    (JSC::TypeSet::dumpSeenTypes):
    (JSC::StructureShape::StructureShape):
    (JSC::StructureShape::markAsFinal):
    (JSC::StructureShape::addProperty):
    (JSC::StructureShape::propertyHash):
    (JSC::StructureShape::leastUpperBound):
    (JSC::StructureShape::stringRepresentation):
    * runtime/TypeSet.h: Added.
    (JSC::StructureShape::create):
    (JSC::TypeSet::create):
    * runtime/VM.cpp:
    (JSC::VM::VM):
    (JSC::VM::getTypesForVariableInRange):
    (JSC::VM::updateHighFidelityTypeProfileState):
    (JSC::VM::dumpHighFidelityProfilingTypes):
    * runtime/VM.h:
    (JSC::VM::isProfilingTypesWithHighFidelity):
    (JSC::VM::highFidelityLog):
    (JSC::VM::highFidelityTypeProfiler):
    (JSC::VM::nextLocation):
    (JSC::VM::getNextUniqueVariableID):

    2014-06-26  Mark Lam  <mark.lam@apple.com>

    Remove unused instantiation of the WithScope structure.
    <https://webkit.org/b/134331>

    Reviewed by Oliver Hunt.

    The WithScope structure instance is the VM is unused, and is now removed.

    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-06-25  Mark Hahnenberg  <mhahnenberg@apple.com>

    Structure bit fields should have a consistent format
    https://bugs.webkit.org/show_bug.cgi?id=134307

    Reviewed by Filip Pizlo.

    Currently we use C-style bit fields for a number of member variables in Structure to save space.
    This makes it difficult to load these fields in the JIT. We should instead use our own bitfield
    format to make it easy to load and test these variables in JIT code.

    * runtime/JSObject.cpp:
    (JSC::JSObject::putDirectNonIndexAccessor):
    (JSC::JSObject::reifyStaticFunctionsForDelete):
    * runtime/Structure.cpp:
    (JSC::StructureTransitionTable::contains):
    (JSC::StructureTransitionTable::get):
    (JSC::StructureTransitionTable::add):
    (JSC::Structure::Structure):
    (JSC::Structure::materializePropertyMap):
    (JSC::Structure::addPropertyTransition):
    (JSC::Structure::despecifyFunctionTransition):
    (JSC::Structure::toDictionaryTransition):
    (JSC::Structure::freezeTransition):
    (JSC::Structure::preventExtensionsTransition):
    (JSC::Structure::takePropertyTableOrCloneIfPinned):
    (JSC::Structure::nonPropertyTransition):
    (JSC::Structure::flattenDictionaryStructure):
    (JSC::Structure::addPropertyWithoutTransition):
    (JSC::Structure::pin):
    (JSC::Structure::allocateRareData):
    (JSC::Structure::cloneRareDataFrom):
    (JSC::Structure::getConcurrently):
    (JSC::Structure::putSpecificValue):
    (JSC::Structure::getPropertyNamesFromStructure):
    (JSC::Structure::visitChildren):
    (JSC::Structure::checkConsistency):
    * runtime/Structure.h:
    (JSC::Structure::isExtensible):
    (JSC::Structure::isDictionary):
    (JSC::Structure::isUncacheableDictionary):
    (JSC::Structure::propertyAccessesAreCacheable):
    (JSC::Structure::previousID):
    (JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck):
    (JSC::Structure::setContainsReadOnlyProperties):
    (JSC::Structure::disableSpecificFunctionTracking):
    (JSC::Structure::objectToStringValue):
    (JSC::Structure::setObjectToStringValue):
    (JSC::Structure::setPreviousID):
    (JSC::Structure::clearPreviousID):
    (JSC::Structure::previous):
    (JSC::Structure::rareData):
    (JSC::Structure::didTransition): Deleted.
    (JSC::Structure::hasGetterSetterProperties): Deleted.
    (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): Deleted.
    (JSC::Structure::setHasGetterSetterProperties): Deleted.
    (JSC::Structure::hasNonEnumerableProperties): Deleted.
    (JSC::Structure::staticFunctionsReified): Deleted.
    (JSC::Structure::setStaticFunctionsReified): Deleted.
    * runtime/StructureInlines.h:
    (JSC::Structure::setEnumerationCache):
    (JSC::Structure::enumerationCache):
    (JSC::Structure::checkOffsetConsistency):

    2014-06-24  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * debugger/DebuggerActivation.cpp: Removed.
    * debugger/DebuggerActivation.h: Removed.
    * debugger/DebuggerScope.cpp: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.cpp.
    (JSC::DebuggerScope::DebuggerScope):
    (JSC::DebuggerScope::finishCreation):
    (JSC::DebuggerScope::visitChildren):
    (JSC::DebuggerScope::className):
    (JSC::DebuggerScope::getOwnPropertySlot):
    (JSC::DebuggerScope::put):
    (JSC::DebuggerScope::deleteProperty):
    (JSC::DebuggerScope::getOwnPropertyNames):
    (JSC::DebuggerScope::defineOwnProperty):
    (JSC::DebuggerActivation::DebuggerActivation): Deleted.
    (JSC::DebuggerActivation::finishCreation): Deleted.
    (JSC::DebuggerActivation::visitChildren): Deleted.
    (JSC::DebuggerActivation::className): Deleted.
    (JSC::DebuggerActivation::getOwnPropertySlot): Deleted.
    (JSC::DebuggerActivation::put): Deleted.
    (JSC::DebuggerActivation::deleteProperty): Deleted.
    (JSC::DebuggerActivation::getOwnPropertyNames): Deleted.
    (JSC::DebuggerActivation::defineOwnProperty): Deleted.
    * debugger/DebuggerScope.h: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.h.
    (JSC::DebuggerScope::create):
    (JSC::DebuggerActivation::create): Deleted.
    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] PutByIdFlush can also be converted to a PutByOffset so don't assert otherwise
    https://bugs.webkit.org/show_bug.cgi?id=134265

    Reviewed by Geoffrey Garen.

    More assertion fallout from the PutById folding work.

    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToPutByOffset):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] GC should notify us if it resets to_this
    https://bugs.webkit.org/show_bug.cgi?id=128231

    Reviewed by Geoffrey Garen.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/BytecodeList.json:
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::finalizeUnconditionally):
    * bytecode/Instruction.h:
    * bytecode/ToThisStatus.cpp: Added.
    (JSC::merge):
    (WTF::printInternal):
    * bytecode/ToThisStatus.h: Added.
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::BytecodeGenerator):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * llint/LowLevelInterpreter32_64.asm:
    * llint/LowLevelInterpreter64.asm:
    * runtime/CommonSlowPaths.cpp:
    (JSC::SLOW_PATH_DECL):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] StructureAbstractValue::onlyStructure() should return nullptr if isClobbered()
    https://bugs.webkit.org/show_bug.cgi?id=134256

    Reviewed by Michael Saboff.

    This isn't testable right now (i.e. it's benign) but we should get it right anyway. The
    point is to be able to precisely model what goes on in the snippets of code between a
    side-effect and an InvalidationPoint.

    This patch also cleans up onlyStructure() by delegating more work to
    StructureSet::onlyStructure().

    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::onlyStructure):

    2014-06-24  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt][REGRESSION] PutById AI is introducing watchable structures without watching them
    https://bugs.webkit.org/show_bug.cgi?id=134260

    Reviewed by Geoffrey Garen.

    This was causing loads of assertion failures in debug builds.

    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

    2014-06-21  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
    https://bugs.webkit.org/show_bug.cgi?id=134090

    Reviewed by Oliver Hunt.

    This pretty much finishes off the work to eliminate the special-casing of singleton
    structure sets by making it possible to fold GetById and PutById to various polymorphic
    forms of the ByOffset nodes.

    * bytecode/GetByIdStatus.cpp:
    (JSC::GetByIdStatus::computeForStubInfo):
    (JSC::GetByIdStatus::computeFor):
    * bytecode/GetByIdStatus.h:
    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::computeFor):
    * bytecode/PutByIdStatus.h:
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::constantChecks):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    (JSC::DFG::ConstantFoldingPhase::addChecks):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToMultiGetByOffset):
    (JSC::DFG::Node::convertToMultiPutByOffset):
    * dfg/DFGSpeculativeJIT64.cpp: Also convert all release assertions to DFG assertions in this file, because I was hitting some of them while debugging.
    (JSC::DFG::SpeculativeJIT::fillJSValue):
    (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
    (JSC::DFG::SpeculativeJIT::emitCall):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
    (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
    (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
    (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
    (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
    (JSC::DFG::SpeculativeJIT::compileLogicalNot):
    (JSC::DFG::SpeculativeJIT::emitBranch):
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::set):

    2014-06-19  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] StructureSet::onlyStructure() should return nullptr if it's not a singleton (instead of asserting)
    https://bugs.webkit.org/show_bug.cgi?id=134077

    Reviewed by Sam Weinig.

    This makes StructureSet and StructureAbstractValue more consistent and fixes a debug assert
    in the abstract interpreter.

    * bytecode/StructureSet.h:
    (JSC::StructureSet::onlyStructure):

    2014-06-18  Filip Pizlo  <fpizlo@apple.com>

    DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
    https://bugs.webkit.org/show_bug.cgi?id=133918

    Reviewed by Mark Hahnenberg.

    This also adds pruning of PutStructure, since I basically had no choice but
    to implement such logic within MultiPutByOffset.

    Also adds a bunch of PutById cache status dumping to bytecode dumping.

    * bytecode/GetByIdVariant.cpp:
    (JSC::GetByIdVariant::dumpInContext):
    * bytecode/GetByIdVariant.h:
    (JSC::GetByIdVariant::structureSet):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::oldStructure):
    * bytecode/StructureSet.cpp:
    (JSC::StructureSet::filter):
    (JSC::StructureSet::filterArrayModes):
    * bytecode/StructureSet.h:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGAbstractValue.cpp:
    (JSC::DFG::AbstractValue::changeStructure):
    (JSC::DFG::AbstractValue::contains):
    * dfg/DFGAbstractValue.h:
    (JSC::DFG::AbstractValue::couldBeType):
    (JSC::DFG::AbstractValue::isType):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::freezeStrong):
    * dfg/DFGGraph.h:
    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::operator=):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
    * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):
    * tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):
    * tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Added.
    (foo):
    (fu):
    (bar):
    (baz):
    (.bar):
    (.baz):

    2014-06-18  Mark Hahnenberg  <mhahnenberg@apple.com>

    Remove CompoundType and LeafType
    https://bugs.webkit.org/show_bug.cgi?id=134037

    Reviewed by Filip Pizlo.

    We don't use them for anything. We'll replace them with a generic CellType type for all
    the objects that are JSCells, aren't JSObjects, and for which we generally don't care about
    their JSType at runtime.

    * llint/LLIntData.cpp:
    (JSC::LLInt::Data::performAssertions):
    * runtime/ArrayBufferNeuteringWatchpoint.cpp:
    (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
    * runtime/Executable.h:
    (JSC::ExecutableBase::createStructure):
    (JSC::NativeExecutable::createStructure):
    * runtime/JSPromiseDeferred.h:
    (JSC::JSPromiseDeferred::createStructure):
    * runtime/JSPromiseReaction.h:
    (JSC::JSPromiseReaction::createStructure):
    * runtime/JSPropertyNameIterator.h:
    (JSC::JSPropertyNameIterator::createStructure):
    * runtime/JSType.h:
    * runtime/JSTypeInfo.h:
    (JSC::TypeInfo::TypeInfo):
    * runtime/MapData.h:
    (JSC::MapData::createStructure):
    * runtime/PropertyMapHashTable.h:
    (JSC::PropertyTable::createStructure):
    * runtime/RegExp.h:
    (JSC::RegExp::createStructure):
    * runtime/SparseArrayValueMap.cpp:
    (JSC::SparseArrayValueMap::createStructure):
    * runtime/Structure.cpp:
    (JSC::Structure::Structure):
    * runtime/StructureChain.h:
    (JSC::StructureChain::createStructure):
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::createStructure):
    * runtime/SymbolTable.h:
    (JSC::SymbolTable::createStructure):
    * runtime/WeakMapData.h:
    (JSC::WeakMapData::createStructure):

    2014-06-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] PutStructure and PhantomPutStructure shouldn't leave the world in a clobbered state
    https://bugs.webkit.org/show_bug.cgi?id=134002

    Reviewed by Mark Hahnenberg.

    The effect of this bug was that if we had a PutStructure or PhantomPutStructure then any
    JSConstants would be in a Clobbered state, so we wouldn't take advantage of our knowledge
    of the structure if that structure was watchable.

    Also kill PhantomPutStructure.

    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGDoesGC.cpp:
    (JSC::DFG::doesGC):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::visitChildren):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasTransition):
    * dfg/DFGNodeType.h:
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureAbstractValue.cpp:
    (JSC::DFG::StructureAbstractValue::observeTransition):
    (JSC::DFG::StructureAbstractValue::observeTransitions):
    * dfg/DFGValidate.cpp:
    (JSC::DFG::Validate::validate):
    * dfg/DFGWatchableStructureWatchingPhase.cpp:
    (JSC::DFG::WatchableStructureWatchingPhase::run):
    * ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileNode):
    (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure): Deleted.

    2014-06-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
    https://bugs.webkit.org/show_bug.cgi?id=133964

    Reviewed by Mark Hahnenberg.

    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::appendVariant):
    (JSC::PutByIdStatus::computeForStubInfo):
    * bytecode/PutByIdVariant.cpp:
    (JSC::PutByIdVariant::oldStructureForTransition):
    (JSC::PutByIdVariant::writesStructures):
    (JSC::PutByIdVariant::reallocatesStorage):
    (JSC::PutByIdVariant::attemptToMerge):
    (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
    (JSC::PutByIdVariant::dumpInContext):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::PutByIdVariant):
    (JSC::PutByIdVariant::replace):
    (JSC::PutByIdVariant::transition):
    (JSC::PutByIdVariant::structure):
    (JSC::PutByIdVariant::oldStructure):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handlePutById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::visitChildren):
    * dfg/DFGNode.cpp:
    (JSC::DFG::MultiPutByOffsetData::writesStructures):
    (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
    * ftl/FTLAbbreviations.h:
    (JSC::FTL::getLinkage):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
    (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):

Source/WebCore:
    2014-07-25  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    No new tests.

    * ForwardingHeaders/debugger/DebuggerActivation.h: Removed.
    - Removed because this is not used.

Source/WebKit/mac:
    2014-07-25  Mark Lam  <mark.lam@apple.com>

    [ftlopt] Renamed DebuggerActivation to DebuggerScope.
    <https://webkit.org/b/134273>

    Reviewed by Michael Saboff.

    * WebView/WebScriptDebugDelegate.mm:
    - Removed unneeded #include.

LayoutTests:
    2014-07-25  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
    https://bugs.webkit.org/show_bug.cgi?id=134090

    Reviewed by Oliver Hunt.

    * js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Added.
    * js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Added.
    * js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Added.
    * js/regress/fold-get-by-id-to-multi-get-by-offset.html: Added.
    * js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Added.
    * js/regress/fold-put-by-id-to-multi-put-by-offset.html: Added.
    * js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    (Number):
    * js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    (Number):
    * js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):

    2014-06-19  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] LICM should be able to hoist CheckStructure even if the loop clobbers structures so long as the structures being checked are watchable
    https://bugs.webkit.org/show_bug.cgi?id=134056

    Unreviewed, just landing the test cases for this attempted optimization. The test cases
    will still be valid once we find a smart way of doing this optimization.

    * js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Added.
    * js/regress/hoist-poly-check-structure-effectful-loop.html: Added.
    * js/regress/hoist-poly-check-structure-expected.txt: Added.
    * js/regress/hoist-poly-check-structure.html: Added.
    * js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Added.
    (foo):
    (test):
    * js/regress/script-tests/hoist-poly-check-structure.js: Added.
    (foo):
    (test):

    2014-06-18  Filip Pizlo  <fpizlo@apple.com>

    DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
    https://bugs.webkit.org/show_bug.cgi?id=133918

    Reviewed by Mark Hahnenberg.

    * js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Added.
    * js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Added.
    * js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Added.
    * js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Added.
    * js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Added.
    * js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Added.
    * js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Added.
    * js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Added.
    * js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Added.
    * js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Added.
    * js/regress/fold-put-structure-expected.txt: Added.
    * js/regress/fold-put-structure.html: Added.
    * js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    * js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    * js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    * js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    * js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):
    * js/regress/script-tests/fold-put-structure.js: Added.
    (foo):
    (fu):
    (bar):
    (.bar):

    2014-06-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
    https://bugs.webkit.org/show_bug.cgi?id=133964

    Reviewed by Mark Hahnenberg.

    * js/regress/put-by-id-replace-and-transition-expected.txt: Added.
    * js/regress/put-by-id-replace-and-transition.html: Added.
    * js/regress/put-by-id-slightly-polymorphic-expected.txt: Added.
    * js/regress/put-by-id-slightly-polymorphic.html: Added.
    * js/regress/script-tests/put-by-id-replace-and-transition.js: Added.
    * js/regress/script-tests/put-by-id-slightly-polymorphic.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171641 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSubpixel rendering: Rounded rect gets non-renderable at certain subpixel size.
zalan@apple.com [Sat, 26 Jul 2014 04:37:31 +0000 (04:37 +0000)]
Subpixel rendering: Rounded rect gets non-renderable at certain subpixel size.
https://bugs.webkit.org/show_bug.cgi?id=135314
<rdar://problem/17812921>

Reviewed by Tim Horton.

While calculating the rounded rect for painting, the radius is adjusted to compensate
for the pixel snapped size. However while scaling the radius, certain values overflow
(float) mantissa and it produces a non-renderable rounded rect where the radius becomes bigger
than the rectangle dimensions. In such cases, we need to shrink the radius to make it
renderable again.

Source/WebCore:
Test: transitions/rounded-rect-becomes-non-renderable-while-transitioning.html

* platform/graphics/RoundedRect.cpp:
(WebCore::RoundedRect::pixelSnappedRoundedRectForPainting): shrink the radius by
one device pixel. It is as good as any other small value.

LayoutTests:
* transitions/rounded-rect-becomes-non-renderable-while-transitioning-expected.txt: Added.
* transitions/rounded-rect-becomes-non-renderable-while-transitioning.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171640 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnmessup the JavaScriptCore ChangeLog
fpizlo@apple.com [Sat, 26 Jul 2014 01:31:25 +0000 (01:31 +0000)]
Unmessup the JavaScriptCore ChangeLog

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171639 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoParent fullscreen from window instead of view
commit-queue@webkit.org [Sat, 26 Jul 2014 00:43:13 +0000 (00:43 +0000)]
Parent fullscreen from window instead of view
https://bugs.webkit.org/show_bug.cgi?id=135310

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-07-25
Reviewed by Jer Noble.

Parenting in the view causes an incorrect animation to fullscreen, and can cause
fullscreen to only expand to the size of the view instead of the whole window.

Source/WebKit/mac:
* WebView/WebView.mm:
(-[WebView _enterFullscreenForNode:]): Pass window instead of view.

Source/WebKit2:
* UIProcess/ios/WebVideoFullscreenManagerProxy.mm:
(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID): pass view's window.
* WebProcess/ios/WebVideoFullscreenManager.mm: screenRect instead of clientRect
(WebKit::screenRectForNode): was clientRectForNode
(WebKit::WebVideoFullscreenManager::enterFullscreenForNode): use screenRectForNode
(WebKit::WebVideoFullscreenManager::exitFullscreenForNode): ditto
(WebKit::clientRectForNode): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171635 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[EME][Mac] CDM error messages not piped through to MediaKeySession correctly; clients...
jer.noble@apple.com [Fri, 25 Jul 2014 23:37:38 +0000 (23:37 +0000)]
[EME][Mac] CDM error messages not piped through to MediaKeySession correctly; clients don't receive error events
https://bugs.webkit.org/show_bug.cgi?id=135312
<rdar://problem/17817223>

Reviewed by Brent Fulgham.

Set (and clear) the client interface so that errors can be piped from the CDMSession up to the MediaKeySession.

* Modules/encryptedmedia/MediaKeySession.cpp:
(WebCore::MediaKeySession::MediaKeySession):
(WebCore::MediaKeySession::close):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171632 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCreating incorrect sandbox extension for hsts plist due to missing /
oliver@apple.com [Fri, 25 Jul 2014 23:17:09 +0000 (23:17 +0000)]
Creating incorrect sandbox extension for hsts plist due to missing /
https://bugs.webkit.org/show_bug.cgi?id=135309

Reviewed by Sam Weinig.

So it turns out that you do actually need /'s in paths...
Now we actually create the correct extension.

* UIProcess/mac/WebContextMac.mm:
(WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAdd an option to disable native call inlining. Disable it for now to see how it
fpizlo@apple.com [Fri, 25 Jul 2014 22:57:34 +0000 (22:57 +0000)]
Add an option to disable native call inlining. Disable it for now to see how it
affects the bots.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWKNavigation's properties are either always nil or don't behave as documented
andersca@apple.com [Fri, 25 Jul 2014 22:52:11 +0000 (22:52 +0000)]
WKNavigation's properties are either always nil or don't behave as documented
https://bugs.webkit.org/show_bug.cgi?id=135267
<rdar://problem/17730536>

Reviewed by Andreas Kling.

Source/WebKit2:
Remove the properties from WKNavigation and introduce -[WKNavigation _request] as SPI for now.

* Shared/API/Cocoa/WebKitPrivate.h:
* UIProcess/API/Cocoa/WKNavigation.h:
* UIProcess/API/Cocoa/WKNavigation.mm:
(-[WKNavigation _request]):
(-[WKNavigation initialRequest]): Deleted.
(-[WKNavigation request]): Deleted.
(-[WKNavigation setRequest:]): Deleted.
(-[WKNavigation response]): Deleted.
(-[WKNavigation error]): Deleted.
* UIProcess/API/Cocoa/WKNavigationInternal.h:
* UIProcess/API/Cocoa/WKNavigationPrivate.h: Copied from Source/WebKit2/UIProcess/API/Cocoa/WKNavigationInternal.h.
* UIProcess/Cocoa/NavigationState.mm:
(WebKit::NavigationState::createLoadRequestNavigation):
* WebKit2.xcodeproj/project.pbxproj:

Tools:
* TestWebKitAPI/Tests/WebKit2Cocoa/Navigation.mm:
(-[NavigationDelegate webView:didStartProvisionalNavigation:]):
(TEST):
(-[DidFailProvisionalNavigationDelegate webView:didStartProvisionalNavigation:]):
(-[DidFailProvisionalNavigationDelegate webView:didFailProvisionalNavigation:withError:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix cloop.
fpizlo@apple.com [Fri, 25 Jul 2014 22:43:19 +0000 (22:43 +0000)]
Fix cloop.

* dfg/DFGMayExit.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171625 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[MSE] Playback stalls & readyState drops to HAVE_CURRENT_DATA at end of stream with...
jer.noble@apple.com [Fri, 25 Jul 2014 22:39:06 +0000 (22:39 +0000)]
[MSE] Playback stalls & readyState drops to HAVE_CURRENT_DATA at end of stream with unbalanced buffered SourceBuffers
https://bugs.webkit.org/show_bug.cgi?id=135291
<rdar://problem/17715503>

Reviewed by Sam Weinig.

Source/WebCore:
Test: media/media-source/media-source-end-of-stream-buffered.html

When determining the correct ReadyState for the MediaSource in monitorSourceBuffers(), use the same
definition of "buffered" as is used in the calculation of HTMLMediaElement.buffered and in the
Stream Ended algorithm. Namely, when the stream has ended, treat each SourceBuffer as if its last
buffered range extends to the duration of the stream. This allows playback to continue through to
the duration without stalling due to monitorSourceBuffers().

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::bufferedAccountingForEndOfStream): Added; extends the last range in buffered
    to MediaSource::duration() if the MediaSource is ended.
(WebCore::SourceBuffer::hasCurrentTime): Uses bufferedAccountingForEndOfStream().
(WebCore::SourceBuffer::hasFutureTime): Ditto.
(WebCore::SourceBuffer::canPlayThrough): Ditto.
* Modules/mediasource/SourceBuffer.h:

Add a convenience method for determining whether the MediaSource has ended:
* Modules/mediasource/MediaSource.cpp:
(WebCore::MediaSource::isEnded):
* Modules/mediasource/MediaSource.h:

Add start() and end() methods that don't take a (usually ignored) isValid inout parameter. Add duration()
and maximumBufferedTime() convenience methods:
* platform/graphics/PlatformTimeRanges.cpp:
(WebCore::PlatformTimeRanges::start):
(WebCore::PlatformTimeRanges::end):
(WebCore::PlatformTimeRanges::duration):
(WebCore::PlatformTimeRanges::maximumBufferedTime):
* platform/graphics/PlatformTimeRanges.h:

LayoutTests:
* media/media-source/media-source-end-of-stream-buffered-expected.txt: Added.
* media/media-source/media-source-end-of-stream-buffered.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171624 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] install-dependencies needs to install perl-CGI on Fedora
commit-queue@webkit.org [Fri, 25 Jul 2014 22:38:37 +0000 (22:38 +0000)]
[GTK] install-dependencies needs to install perl-CGI on Fedora
https://bugs.webkit.org/show_bug.cgi?id=135302

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-07-25
Reviewed by Martin Robinson.

* gtk/install-dependencies:
Add perl-CGI to yum dependencies needed for tests

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171623 268f45cc-cd09-0410-ab3c-d52691b4dbfc