WebKit-https.git
5 years agoFix a relative path in accessibility/mac/removing-textarea-after-edit-crash.html
ap@apple.com [Sun, 20 Sep 2015 19:52:04 +0000 (19:52 +0000)]
Fix a relative path in accessibility/mac/removing-textarea-after-edit-crash.html
after moving the test.
https://bugs.webkit.org/show_bug.cgi?id=149217

Patch by Chris Fleizach <cfleizach@apple.com> on 2015-09-20
Reviewed by Alexey Proskuryakov.

* accessibility/mac/removing-textarea-after-edit-crash.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed, updated my email address.
sukolsak@gmail.com [Sun, 20 Sep 2015 19:20:57 +0000 (19:20 +0000)]
Unreviewed, updated my email address.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190032 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoGet rid of custom bindings for HTMLLinkElement.sizes setter
cdumez@apple.com [Sun, 20 Sep 2015 16:43:55 +0000 (16:43 +0000)]
Get rid of custom bindings for HTMLLinkElement.sizes setter
https://bugs.webkit.org/show_bug.cgi?id=149382

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

* web-platform-tests/html/dom/interfaces-expected.txt:
Rebaseline test. Our bindings generator does not move attributes that have
a custom setter from the instance to the prototype. Now that the 'sizes'
attribute no longer has a custom setter, it has moved to the prototype,
where it is expected to be.

Source/WebCore:

Get rid of custom bindings for HTMLLinkElement.sizes setter by leveraging
the new [PutForwards=xxx] Web IDL extended attribute, as per the HTML
specification:
- https://html.spec.whatwg.org/#htmllinkelement

Also add FIXME comments in our IDL for various attributes that should be
using [PutForwards=xxx] according to the HTML specification but are not
currently. Those were not updated in this patch because it will subtly
change their web-exposed behavior.

No new tests, no intended web-exposed behavior change. However, one side
effect of the change is that the attribtue has moved to the prototype.
Our bindings generator was keeping this attribute on the instance because
it has a custom setter.
Bindings tests coverage was extended.

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/JSHTMLLinkElementCustom.cpp: Removed.
Drop custom bindings for HTMLLinkElement.sizes setter.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
- Stop passing an extra isNull argument to getters of nullable attributes
  that have a wrapper type. These can return a null pointer so there is
  no need for an extra argument.
- When [PutForwards=xxx] is used, only do the null-check on the attribute
  getter if the attribute is marked as nullable. If the attribute is not
  marked as nullable, the implementation is expected to return a C++
  reference, otherwise a raw pointer. This was needed because
  HTMLLinkElement::sizes() returns a reference as it can never return
  null.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add bindings tests coverage for using [PutForwards=xxx] on a
nullable attribute.

* dom/Document.idl:
Mark Document.location as nullable as per the specification. The
implementation returns a raw pointer and can return null. The
bindings generator expects a raw pointer and will do a null check
on it.

* html/HTMLAnchorElement.idl:
* html/HTMLAreaElement.idl:
* html/HTMLElement.idl:
* html/HTMLIFrameElement.idl:
* html/HTMLOutputElement.idl:
* html/HTMLTableCellElement.idl:
Add FIXME comments for attributes that are supposed to use
[PutForwards=xxx] as per the HTML specification but currently don't.

* html/HTMLLinkElement.idl:
Use [PutForwards=value] for the 'sizes' attribute, as per the
specification and stop using a custom setter.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[CallWith=ScriptState] should pass ExecState to the implementation by reference
cdumez@apple.com [Sun, 20 Sep 2015 16:41:01 +0000 (16:41 +0000)]
[CallWith=ScriptState] should pass ExecState to the implementation by reference
https://bugs.webkit.org/show_bug.cgi?id=149378

Reviewed by Sam Weinig.

[CallWith=ScriptState] should pass ExecState to the implementation by
reference instead of pointer, as it is expected to be non-null.

Also rename the ExecState variables from 'exec' to 'state' in the
bindings as this is the preferred naming convention.

* Modules/indexeddb/IDBCursor.h:
* Modules/indexeddb/IDBObjectStore.h:
* Modules/indexeddb/legacy/LegacyCursor.cpp:
(WebCore::LegacyCursor::update):
* Modules/indexeddb/legacy/LegacyCursor.h:
* Modules/indexeddb/legacy/LegacyObjectStore.cpp:
(WebCore::LegacyObjectStore::add):
(WebCore::LegacyObjectStore::put):
* Modules/indexeddb/legacy/LegacyObjectStore.h:
* Modules/mediastream/CapabilityRange.cpp:
(WebCore::scriptValue):
(WebCore::CapabilityRange::min):
(WebCore::CapabilityRange::max):
* Modules/mediastream/CapabilityRange.h:
* Modules/streams/ReadableStreamController.h:
(WebCore::ReadableStreamController::error):
(WebCore::ReadableStreamController::enqueue):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateEventListenerCall):
(GenerateGetOwnPropertySlotBody):
(GenerateHeader):
(GenerateOverloadedFunction):
(GetIndexedGetterExpression):
(GenerateImplementation):
(GenerateFunctionCastedThis):
(GenerateCallWith):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateReturnParameters):
(GenerateCallbackHeader):
(GenerateCallbackImplementation):
(GenerateImplementationFunctionCall):
(JSValueToNative):
(NativeToJSValue):
(GenerateOverloadedConstructorDefinition):
(GenerateConstructorDefinition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190028 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[Mac, iOS] AccessibilityController doesn't uninstall global notification handler
ap@apple.com [Sun, 20 Sep 2015 15:30:09 +0000 (15:30 +0000)]
[Mac, iOS] AccessibilityController doesn't uninstall global notification handler
https://bugs.webkit.org/show_bug.cgi?id=149384

Reviewed by Chris Fleizach.

Tools:

* DumpRenderTree/ios/AccessibilityControllerIOS.mm:
(AccessibilityController::addNotificationListener): Fixed a leak, and cleaned up the code.
(AccessibilityController::platformResetToConsistentState): Actually remove the handler,
regardless of whether someone else holds a reference (we also call -stopListening in
-dealloc).

* DumpRenderTree/mac/AccessibilityControllerMac.mm:
(AccessibilityController::platformResetToConsistentState):
(AccessibilityController::addNotificationListener):
Ditto.

LayoutTests:

* accessibility/mac/loaded-notification.html: Cleaned up the test - js-test-pre is
incompatible with directly using waitUntilDone.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190026 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago.:
youenn.fablet@crf.canon.fr [Sun, 20 Sep 2015 10:30:05 +0000 (10:30 +0000)]
.:
Removing XHR_TIMEOUT guard

Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/OptionsMac.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:

Source/JavaScriptCore:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Covered by existing tests.

* Configurations/FeatureDefines.xcconfig:
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::XMLHttpRequest):
(WebCore::XMLHttpRequest::didFail):
(WebCore::XMLHttpRequest::didReachTimeout):
(WebCore::XMLHttpRequest::setTimeout):
(WebCore::XMLHttpRequest::setResponseType):
(WebCore::XMLHttpRequest::open):
(WebCore::XMLHttpRequest::createRequest):
(WebCore::XMLHttpRequest::internalAbort):
(WebCore::XMLHttpRequest::didFailRedirectCheck):
(WebCore::XMLHttpRequest::didSendData):
(WebCore::XMLHttpRequest::suspend):
* xml/XMLHttpRequest.h:
* xml/XMLHttpRequest.idl:

Source/WebKit/mac:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* wtf/FeatureDefines.h:

Tools:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAdd two missing files to the Xcode project
timothy_horton@apple.com [Sun, 20 Sep 2015 07:38:44 +0000 (07:38 +0000)]
Add two missing files to the Xcode project

* WebCore.xcodeproj/project.pbxproj:
These are imported by files that are built for Mac, but missing from the project.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190024 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[Web IDL] Add support for [PutForwards=XXX] IDL extended attribute
cdumez@apple.com [Sun, 20 Sep 2015 01:59:36 +0000 (01:59 +0000)]
[Web IDL] Add support for [PutForwards=XXX] IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=149376

Reviewed by Darin Adler.

[Web IDL] Add support for [PutForwards=XXX] IDL extended attribute:
https://heycam.github.io/webidl/#PutForwards

As an initial proof of concept, use it for Document.location as per the
HTML specification, instead of using custom bindings:
https://html.spec.whatwg.org/multipage/dom.html#the-document-object

More attributes can be ported later.

No new tests, no web-exposed behavior change intended. Bindings tests
coverage was added.

* bindings/js/JSDocumentCustom.cpp:
Drop custom bindings for the location attribute setter.

* bindings/scripts/CodeGenerator.pm:
(GetAttributeFromInterface):
Add convenience function that returned an attribute from another
interface. This is used by [PutForwards] to retrieve the forwarded
attribute.

* bindings/scripts/CodeGeneratorJS.pm:
(IsReadonly):
(GenerateImplementation):
* bindings/scripts/IDLAttributes.txt:
Add support for [PutForwards=XXX] IDL extended attribute.

* bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestNode.h:
* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestNode.h:
* bindings/scripts/test/ObjC/DOMTestNode.mm:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
Add binding tests coverage for [PutForwards=XXX] IDL extended
attribute.

* dom/Document.idl:
Use [PutForwards=href] for Document.location attribute, as per the HTML
specification and stop using custom bindings for the setter. Also mark
the attribute as readonly as all attributes using [PutForwards] must be
marked as readonly as per the Web IDL specification.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190023 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[GTK] Unreviewed, should check the result of fread
utatane.tea@gmail.com [Sun, 20 Sep 2015 01:09:05 +0000 (01:09 +0000)]
[GTK] Unreviewed, should check the result of fread
https://bugs.webkit.org/show_bug.cgi?id=148917

Suppress the build warning on GTK with GCC.

* jsc.cpp:
(fillBufferWithContentsOfFile):
(fetchModuleFromLocalFileSystem):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190022 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[WebIDL] Specify default parameter values where it is useful
cdumez@apple.com [Sun, 20 Sep 2015 00:45:26 +0000 (00:45 +0000)]
[WebIDL] Specify default parameter values where it is useful
https://bugs.webkit.org/show_bug.cgi?id=149331
<rdar://problem/22545600>

Reviewed by Darin Adler.

Source/WebCore:

Specify default parameter values where it is useful in our IDL, that is
to say where undefined would be converted to something else than the
default value otherwise. This patch focuses on the HTML API.

This patch also adds support for default values for optional parameters
of string enumeration type as this was needed by the
CanvasRenderingContext2D API.

Test: fast/html/undefined-parameter-default-value.html

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateParametersCheck):
Add support default values for optional parameters of string enumeration
type as this was needed by the CanvasRenderingContext2D API.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add bindings tests coverage for optional parameters of string enumeration
type and that have a default value.

* html/HTMLInputElement.idl:
Specify default parameter value for stepUp() / stepDown(). Without this,
stepUp(undefined) would be equivalent to calling stepUp(0) even though
it is supposed to be equivalent to calling stepUp(1).

* html/HTMLTableElement.idl:
* html/HTMLTableSectionElement.idl:
Specify default parameter value for insertRow(). Without this,
insertRow(undefined) would be equivalent to insertRow(0) instead of
insertRow(-1). This would prepend the row instead of appending it:
- https://html.spec.whatwg.org/#htmltableelement
- https://html.spec.whatwg.org/#htmltablesectionelement

* html/HTMLTableRowElement.idl:
Specify default parameter value for insertCell(). Without this,
insertCell(undefined) would be equivalent to insertCell(0) instead of
insertCell(-1). This would prepend the cell instead of appending it:
- https://html.spec.whatwg.org/#htmltablerowelement

* html/canvas/CanvasRenderingContext2D.idl:
Specify default value for CanvasWindingRule parameters so that calling
this with undefined will use the default enum value instead of using the
"undefined" string and then throwing because it is not a valid enum value:
- https://html.spec.whatwg.org/#canvasrenderingcontext2d

LayoutTests:

Add test to check the behavior of passing undefined for various optional
parameters that have a default value in the HTML specification.

* fast/html/undefined-parameter-default-value-expected.txt: Added.
* fast/html/undefined-parameter-default-value.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190021 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoCleanup code that finds and loads a media engine
eric.carlson@apple.com [Sun, 20 Sep 2015 00:43:08 +0000 (00:43 +0000)]
Cleanup code that finds and loads a media engine
https://bugs.webkit.org/show_bug.cgi?id=149371

Reviewed by Darin Adler.

No new tests, no functional change.

* Modules/mediastream/MediaStream.cpp:
(WebCore::MediaStream::setRegistry): New, set the registry.
(WebCore::MediaStream::lookup): New, lookup a url in the registry.
* Modules/mediastream/MediaStream.h:

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadResource): Restructure and simplify the code that tries the
  different types of media engine so the code is easier to understand and modify.
(WebCore::HTMLMediaElement::createMediaPlayer): Clear m_mediaStreamSrcObject.

* platform/graphics/MediaPlayer.cpp:
(WebCore::buildMediaEnginesVector): Add some whitespace to make it easier to read.
(WebCore::bestMediaEngineForSupportParameters): Also process mediastream and mediasource urls.
(WebCore::MediaPlayer::load): ASSERT if called when the reload timer is active.
(WebCore::MediaPlayer::loadWithNextMediaEngine): Also process mediastream and mediasource urls.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType): Don't test empty/null urls.

* platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
(WebCore::MockMediaPlayerMediaSource::supportsType): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190020 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[GTK] WebEditorClient::supportsGlobalSelection returns true under Wayland
mcatanzaro@igalia.com [Sun, 20 Sep 2015 00:17:27 +0000 (00:17 +0000)]
[GTK] WebEditorClient::supportsGlobalSelection returns true under Wayland
https://bugs.webkit.org/show_bug.cgi?id=149375

Reviewed by Darin Adler.

WebEditorClient::supportsGlobalSelection should return false when running under Wayland,
since Wayland does not have any equivalent for PRIMARY or the concept of a global selection.

* WebProcess/WebCoreSupport/WebEditorClient.cpp:
(WebKit::WebEditorClient::supportsGlobalSelection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190019 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAttempted build fix.
mitz@apple.com [Sat, 19 Sep 2015 22:07:58 +0000 (22:07 +0000)]
Attempted build fix.

* mac/postprocess-framework-headers.sh: Fixed an overzealous regular expression.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoGet rid of most custom bindings for Location.idl
cdumez@apple.com [Sat, 19 Sep 2015 21:37:09 +0000 (21:37 +0000)]
Get rid of most custom bindings for Location.idl
https://bugs.webkit.org/show_bug.cgi?id=149370

Reviewed by Darin Adler.

Get rid of most custom bindings for Location.idl by extending support
for the [CallWith=XXX] IDL extended attribute to support 2 additional
values: ActiveWindow and FirstWindow. Also introduce a
[SetterCallWith=XXX] alternative that passes the extra arguments to
the attribute setter only, as is needed by the Location attributes.

No new tests, no intended web-exposed behavior change.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add bindings tests coverage for [SetterCallWith=XXX].

* page/Location.idl:
Also drop [DoNotCheckSecurityOnSetter] on href attribute. It has
no effet as the interface does not have [CheckSecurity].

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAttempted build fix.
mitz@apple.com [Sat, 19 Sep 2015 21:05:47 +0000 (21:05 +0000)]
Attempted build fix.

* WebKitTestRunner/Configurations/WebKitTestRunnerApp.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190016 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoGet rid of custom bindings for Document.location getter
cdumez@apple.com [Sat, 19 Sep 2015 18:15:23 +0000 (18:15 +0000)]
Get rid of custom bindings for Document.location getter
https://bugs.webkit.org/show_bug.cgi?id=149369

Reviewed by Andreas Kling.

Get rid of custom bindings for Document.location getter by defining
a location getter on Document that calls the one on the document's
DOMWindow. The DOMWindow location getter already has an
isCurrentlyDisplayedInFrame() check so the document does not need
to do a null check on the frame.

No new tests, no web-exposed behavior change intended.

* bindings/js/JSDocumentCustom.cpp:
(WebCore::JSDocument::location): Deleted.
* dom/Document.cpp:
(WebCore::Document::location):
* dom/Document.h:
* dom/Document.idl:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::location):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190015 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoVariableEnvironmentNode should inherit from ParserArenaDeletable because VariableEnvi...
sbarati@apple.com [Sat, 19 Sep 2015 15:36:46 +0000 (15:36 +0000)]
VariableEnvironmentNode should inherit from ParserArenaDeletable because VariableEnvironment's must have their destructors run
https://bugs.webkit.org/show_bug.cgi?id=149359

Reviewed by Andreas Kling.

VariableEnvironment must have its destructor run.
Therefore, VariableEnvironmentNode should inherit from ParserArenaDeletable.
Also, anything that inherits from VariableEnvironmentNode must use
ParserArenaDeletable's operator new. Also, any other nodes that own
a VariableEnvironment must also have their destructors run.

* parser/Nodes.h:
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190014 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoNull dereference loading Blink layout test svg/filters/feImage-failed-load-crash...
dino@apple.com [Sat, 19 Sep 2015 09:59:47 +0000 (09:59 +0000)]
Null dereference loading Blink layout test svg/filters/feImage-failed-load-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149316
<rdar://problem/22749532>

Reviewed by Tim Horton.

Source/WebCore:

If an feImage triggered loading a resource, and then was removed from the document,
we'd still try to notify its parent when the resource arrived (or failed).

Merge Blink commit:
https://chromium.googlesource.com/chromium/blink/+/9cbcfd7866bbaff0c4b3c4c8508b7c97b46d6e6a

Test: svg/filters/feImage-failed-load-crash.html

* svg/SVGFEImageElement.cpp:
(WebCore::SVGFEImageElement::notifyFinished): Add a null check to the parent element
before sending the notification.

LayoutTests:

Merge Blink commit:
https://chromium.googlesource.com/chromium/blink/+/9cbcfd7866bbaff0c4b3c4c8508b7c97b46d6e6a

* svg/filters/feImage-failed-load-crash-expected.txt: Added.
* svg/filters/feImage-failed-load-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190013 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoNull dereference loading Blink layout test svg/custom/use-href-attr-removal-crash...
dino@apple.com [Sat, 19 Sep 2015 09:56:12 +0000 (09:56 +0000)]
Null dereference loading Blink layout test svg/custom/use-href-attr-removal-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149315
<rdar://problem/22749358>

Reviewed by Tim Horton.

Source/WebCore:

We were not checking if the corresponding element referenced from
the SVG <use> actually existed before trying to set attributes on it.
The original Blink change is a little more detailed:
https://chromium.googlesource.com/chromium/blink/+/e2f1087f32bb088160ab7d59a715a1403ef267c7
However, we've significantly diverged at this point.

Tests: svg/custom/use-href-attr-removal-crash.html
       svg/custom/use-href-attr-removal-crash2.svg
       svg/custom/use-href-change-local-to-invalid-remote.html

* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::transferSizeAttributesToTargetClone):

LayoutTests:

These tests, copied from Blink, should not crash.
The originals come from:
https://chromium.googlesource.com/chromium/blink/+/e2f1087f32bb088160ab7d59a715a1403ef267c7

* svg/custom/use-href-attr-removal-crash.html: Added.
* svg/custom/use-href-attr-removal-crash-expected.txt: Added.
* svg/custom/use-href-attr-removal-crash2.svg: Added.
* svg/custom/use-href-attr-removal-crash2-expected.txt: Added.
* svg/custom/use-href-change-local-to-invalid-remote.html: Added.
* svg/custom/use-href-change-local-to-invalid-remote-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190012 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoFix Windows tests after r189934.
achristensen@apple.com [Sat, 19 Sep 2015 08:57:33 +0000 (08:57 +0000)]
Fix Windows tests after r189934.

* CMakeLists.txt:
Include WebKit.rc to include resources like missingImage.png in WebKit.dll.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190011 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUpdate Mac expectations for http/tests/cache/iframe-304-crash.html.
ap@apple.com [Sat, 19 Sep 2015 05:00:16 +0000 (05:00 +0000)]
Update Mac expectations for http/tests/cache/iframe-304-crash.html.
This test is flaky everywhere, not just on Mavericks and Yosemite.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190010 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed, rolling out r189908.
commit-queue@webkit.org [Sat, 19 Sep 2015 04:48:54 +0000 (04:48 +0000)]
Unreviewed, rolling out r189908.
https://bugs.webkit.org/show_bug.cgi?id=149368

Broke run-webkit-tests --pixel (Requested by ap on #webkit).

Reverted changeset:

"printing does not use minimum page zoom factor"
https://bugs.webkit.org/show_bug.cgi?id=108507
http://trac.webkit.org/changeset/189908

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190009 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoInserting or removing slot elements can cause a crash
rniwa@webkit.org [Sat, 19 Sep 2015 04:18:27 +0000 (04:18 +0000)]
Inserting or removing slot elements can cause a crash
https://bugs.webkit.org/show_bug.cgi?id=149365

Reviewed by Antti Koivisto.

Source/WebCore:

HTMLSlotElement::insertedInto and removedFrom were doing completely non-sensical.

Since insertedInto and removedFrom are called on an element whenever it or its ancestor is inserted into
or removed from a container node, we can't always call addSlotElementByName removeSlotElementByName when
those functions are called. Instead, we need to check whether this slot has been inserted into or removed
from a container node that resides inside a shadow root.

Also reverted r189906 since the change was made upon a bogus assumption I had made.

Test: fast/shadow-dom/slot-removal-crash.html

* dom/Element.cpp:
(WebCore::Element::insertedInto): Added comments.
(WebCore::Element::removedFrom): Ditto.
(WebCore::Element::addShadowRoot): Reverted r189906.
(WebCore::Element::removeShadowRoot): Ditto.

* html/HTMLSlotElement.cpp:
(WebCore::HTMLSlotElement::insertedInto): When the insertion point's tree scope is different from ours,
the insertion happened to our shadow host or its ancestor. There is nothing to be done in that case since
the shadow tree was not modified (in particular, our relationship with our shadow root never changed).
We also don't do anything if we got inserted into a parent which is not inside a shadow tree.

(WebCore::HTMLSlotElement::removedFrom): Since Container::removeBetween sets the tree scope before this
function is getting called, we can't compare this element's treeScope with that of the "insertion" point.
They're always different regardless of whether the insertion point was in the same shadow tree to which
we belong or its shadow host's. However, since a node removed from a shadow tree is put into document's
tree scope before this function is called and InShadowTree flag is unset in Node::removedFrom at the end
of this function, this slot element is definitely being removed from its shadow root when isInShadowTree()
is true and the newly set tree scope is of the document. So call removeSlotElementByName if and only if
that condition holds.

(WebCore::HTMLSlotElement::getDistributedNodes): Explicitly check that we're inside a shadow root.

LayoutTests:

Added regression tests.

* fast/shadow-dom/slot-removal-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190008 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees
rniwa@webkit.org [Sat, 19 Sep 2015 02:53:54 +0000 (02:53 +0000)]
REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149364

Reviewed by Antti Koivisto.

Since the tree scope is set to that of Document's inside removeBetween when a node is removed from a shadow tree,
oldScope != &treeScope() was already true inside Element::removedFrom. This can introduce an inconsistency in
DocumentOrderedMap which could result in a crash. Fixed the bug by checking it against document(), which is the
behavior we had prior to r150187.

Also added a consistency check in DocumentOrderedMap to catch bugs like this.

No new tests. New assertions fail in existing tests without this fix.

* dom/DocumentOrderedMap.cpp:
(WebCore::DocumentOrderedMap::add):
(WebCore::DocumentOrderedMap::remove):
(WebCore::DocumentOrderedMap::get):
* dom/DocumentOrderedMap.h:
* dom/Element.cpp:
(WebCore::Element::removedFrom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190007 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoDon't create renderers for children of shadow host
antti@apple.com [Sat, 19 Sep 2015 02:31:01 +0000 (02:31 +0000)]
Don't create renderers for children of shadow host
https://bugs.webkit.org/show_bug.cgi?id=149363

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/css-scoping-shadow-root-hides-children.html

* dom/ShadowRoot.h:
* style/StyleResolveTree.cpp:
(WebCore::Style::attachRenderTree):
(WebCore::Style::resolveShadowTree):
(WebCore::Style::resolveChildren):
(WebCore::Style::resolveTree):

LayoutTests:

* fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-root-hides-children.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190006 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRemove duplicate code in the WebAssembly parser
commit-queue@webkit.org [Sat, 19 Sep 2015 02:18:56 +0000 (02:18 +0000)]
Remove duplicate code in the WebAssembly parser
https://bugs.webkit.org/show_bug.cgi?id=149361

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-18
Reviewed by Saam Barati.

Refactor the methods for parsing GetLocal and GetGlobal in WebAssembly
to remove duplicate code.

* wasm/WASMFunctionParser.cpp:
(JSC::nameOfType):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):
(JSC::WASMFunctionParser::parseGetLocalExpression):
(JSC::WASMFunctionParser::parseGetGlobalExpression):
(JSC::WASMFunctionParser::parseGetLocalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF64): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64): Deleted.
* wasm/WASMFunctionParser.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190005 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRefactor common code between GetCatchHandlerFunctor and UnwindFunctor
sbarati@apple.com [Sat, 19 Sep 2015 01:26:32 +0000 (01:26 +0000)]
Refactor common code between GetCatchHandlerFunctor and UnwindFunctor
https://bugs.webkit.org/show_bug.cgi?id=149276

Reviewed by Mark Lam.

There is currently code copy-pasted between these
two functors. Lets not do that. It's better to write
a function, even if the function is small.

I also did a bit of renaming to make the intent of the
unwindCallFrame function clear. The name of the function
didn't really indicate what it did. It decided if it was
okay to unwind further, and it also notified the debugger.
I've renamed the function to notifyDebuggerOfUnwinding.
And I've inlined the logic of deciding if it's okay
to unwind further into UnwindFunctor itself.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::isOpcode):
(JSC::getStackFrameCodeType):
(JSC::Interpreter::stackTraceAsString):
(JSC::findExceptionHandler):
(JSC::GetCatchHandlerFunctor::GetCatchHandlerFunctor):
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
(JSC::unwindCallFrame): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190004 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRefine and simplify some color-related code
darin@apple.com [Sat, 19 Sep 2015 01:25:35 +0000 (01:25 +0000)]
Refine and simplify some color-related code
https://bugs.webkit.org/show_bug.cgi?id=148961

Reviewed by Anders Carlsson.

Refactoring code that seems to be covered by existing tests.

* css/CSSParser.cpp:
(WebCore::CSSParser::parseColor): Handle the empty string efficiently so that
callers don't need to do that.

* platform/graphics/Color.h: Started adding comments about deprecation.
Added RGBA class for future use whenever we need an RGBA quadruplet rather than
a color with a color space. Added FIXME about future evoluation of the classes here.
Added OptionalColor so we can start removing the "invalid color" feature from Color.
Added roundAndClampColorChannel function.

* svg/ColorDistance.cpp: Removed.
* svg/ColorDistance.h: Removed.

* CMakeLists.txt: Removed ColorDistance.
* WebCore.vcxproj/WebCore.vcxproj: Ditto.
* WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* svg/SVGAllInOne.cpp: Ditto.

* svg/SVGAnimatedColor.cpp:
(WebCore::SVGAnimatedColorAnimator::SVGAnimatedColorAnimator): Changed to take
a reference instead of a pointer.
(WebCore::SVGAnimatedColorAnimator::constructFromString): Simplified since the
SVGColor::colorFromRGBColorString will handle the empty string.
(WebCore::SVGAnimatedColorAnimator::addAnimatedTypes): Moved the code to add the
RGB channels of two colors here from ColorDistance::addColors since this is the
only place it was used.
(WebCore::currentColor): Refactored adjustForCurrentColor function into this.
Helper for the code below.
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): Refactored to use
the new currentColor function and replaced the use of the ColorDistance::clampColor
function here with a bit of code here in the one place it was used.
(WebCore::SVGAnimatedColorAnimator::calculateDistance): Moved the distance algorithm
here from ColorDistance::distance.

* svg/SVGAnimatedColor.h: Removed unneeded forward declaration, changed constructor
to take references instead of pointers, and made all class member functions private.

* svg/SVGAnimatedType.cpp:
(WebCore::SVGAnimatedType::setValueAsString): Removed special case for empty string,
since SVGColor::colorFromRGBColorString does the same thing.

* svg/SVGAnimatorFactory.h:
(WebCore::SVGAnimatorFactory::create): Pass references rather tha pointers to the
SVGAnimatedColorAnimator constructor.

* svg/SVGColor.cpp:
(WebCore::SVGColor::colorFromRGBColorString): Added more FIXMEs about the future of
this function.
(WebCore::SVGColor::setRGBColor): Fixed confusing verb tense.
(WebCore::SVGColor::customCSSText): Use ASCII literal for an ASCII literal.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoImplement the arithmetic instructions for doubles in WebAssembly
commit-queue@webkit.org [Sat, 19 Sep 2015 00:31:04 +0000 (00:31 +0000)]
Implement the arithmetic instructions for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148945

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements the arithmetic instructions for doubles (float64)
in WebAssembly.

* tests/stress/wasm-arithmetic-float64.js:
* tests/stress/wasm/arithmetic-float64.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildUnaryF64):
(JSC::WASMFunctionCompiler::buildBinaryF64):
(JSC::WASMFunctionCompiler::callOperation):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildUnaryF64):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF32):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF64):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190002 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUserMediaClientMock leaks every test run
eric.carlson@apple.com [Fri, 18 Sep 2015 23:57:44 +0000 (23:57 +0000)]
UserMediaClientMock leaks every test run
https://bugs.webkit.org/show_bug.cgi?id=149358

Reviewed by Tim Horton.

* platform/mock/UserMediaClientMock.h: Implement pageDestroyed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190001 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago190,000!
achristensen@apple.com [Fri, 18 Sep 2015 23:51:53 +0000 (23:51 +0000)]
190,000!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190000 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[ES6] Tail call fast path should efficiently reuse the frame's stack space
msaboff@apple.com [Fri, 18 Sep 2015 23:51:41 +0000 (23:51 +0000)]
[ES6] Tail call fast path should efficiently reuse the frame's stack space
https://bugs.webkit.org/show_bug.cgi?id=148662

Patch by Basile Clement <basile_clement@apple.com> on 2015-09-18
Reviewed by Geoffrey Garen.

This introduces a new class (CallFrameShuffler) that is responsible for
efficiently building the new frames when performing a tail call. In
order for Repatch to know about the position of arguments on the
stack/registers (e.g. for polymorphic call inline caches), we store a
CallFrameShuffleData in the CallLinkInfo. Otherwise, the JIT and DFG
compiler are now using CallFrameShuffler instead of
CCallHelpers::prepareForTailCallSlow() to build the frame for a tail
call.

When taking a slow path, we still build the frame as if doing a regular
call, because we could throw an exception and need the caller's frame
at that point. This means that for virtual calls, we don't benefit from
the efficient frame move for now.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::firstRegister):
(JSC::ARMv7Assembler::lastRegister):
(JSC::ARMv7Assembler::firstFPRegister):
(JSC::ARMv7Assembler::lastFPRegister):
* assembler/AbortReason.h:
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::setFrameShuffleData):
(JSC::CallLinkInfo::frameShuffleData):
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::inRegister):
* dfg/DFGGenerationInfo.h:
(JSC::DFG::GenerationInfo::recovery):
* jit/CachedRecovery.cpp: Added.
(JSC::CachedRecovery::loadsIntoFPR):
(JSC::CachedRecovery::loadsIntoGPR):
* jit/CachedRecovery.h: Added.
(JSC::CachedRecovery::CachedRecovery):
(JSC::CachedRecovery::targets):
(JSC::CachedRecovery::addTarget):
(JSC::CachedRecovery::removeTarget):
(JSC::CachedRecovery::clearTargets):
(JSC::CachedRecovery::setWantedJSValueRegs):
(JSC::CachedRecovery::setWantedFPR):
(JSC::CachedRecovery::boxingRequiresGPR):
(JSC::CachedRecovery::boxingRequiresFPR):
(JSC::CachedRecovery::recovery):
(JSC::CachedRecovery::setRecovery):
(JSC::CachedRecovery::wantedJSValueRegs):
(JSC::CachedRecovery::wantedFPR):
* jit/CallFrameShuffleData.cpp: Added.
(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):
* jit/CallFrameShuffleData.h: Added.
* jit/CallFrameShuffler.cpp: Added.
(JSC::CallFrameShuffler::CallFrameShuffler):
(JSC::CallFrameShuffler::dump):
(JSC::CallFrameShuffler::getCachedRecovery):
(JSC::CallFrameShuffler::setCachedRecovery):
(JSC::CallFrameShuffler::spill):
(JSC::CallFrameShuffler::emitDeltaCheck):
(JSC::CallFrameShuffler::prepareForSlowPath):
(JSC::CallFrameShuffler::prepareForTailCall):
(JSC::CallFrameShuffler::tryWrites):
(JSC::CallFrameShuffler::performSafeWrites):
(JSC::CallFrameShuffler::prepareAny):
* jit/CallFrameShuffler.h: Added.
(JSC::CallFrameShuffler::lockGPR):
(JSC::CallFrameShuffler::acquireGPR):
(JSC::CallFrameShuffler::releaseGPR):
(JSC::CallFrameShuffler::snapshot):
(JSC::CallFrameShuffler::setCalleeJSValueRegs):
(JSC::CallFrameShuffler::assumeCalleeIsCell):
(JSC::CallFrameShuffler::canBox):
(JSC::CallFrameShuffler::ensureBox):
(JSC::CallFrameShuffler::ensureLoad):
(JSC::CallFrameShuffler::canLoadAndBox):
(JSC::CallFrameShuffler::updateRecovery):
(JSC::CallFrameShuffler::clearCachedRecovery):
(JSC::CallFrameShuffler::addCachedRecovery):
(JSC::CallFrameShuffler::numLocals):
(JSC::CallFrameShuffler::getOld):
(JSC::CallFrameShuffler::setOld):
(JSC::CallFrameShuffler::firstOld):
(JSC::CallFrameShuffler::lastOld):
(JSC::CallFrameShuffler::isValidOld):
(JSC::CallFrameShuffler::argCount):
(JSC::CallFrameShuffler::getNew):
(JSC::CallFrameShuffler::setNew):
(JSC::CallFrameShuffler::addNew):
(JSC::CallFrameShuffler::firstNew):
(JSC::CallFrameShuffler::lastNew):
(JSC::CallFrameShuffler::isValidNew):
(JSC::CallFrameShuffler::newAsOld):
(JSC::CallFrameShuffler::getFreeRegister):
(JSC::CallFrameShuffler::getFreeGPR):
(JSC::CallFrameShuffler::getFreeFPR):
(JSC::CallFrameShuffler::hasFreeRegister):
(JSC::CallFrameShuffler::ensureRegister):
(JSC::CallFrameShuffler::ensureGPR):
(JSC::CallFrameShuffler::ensureFPR):
(JSC::CallFrameShuffler::addressForOld):
(JSC::CallFrameShuffler::isUndecided):
(JSC::CallFrameShuffler::isSlowPath):
(JSC::CallFrameShuffler::addressForNew):
(JSC::CallFrameShuffler::dangerFrontier):
(JSC::CallFrameShuffler::isDangerNew):
(JSC::CallFrameShuffler::updateDangerFrontier):
(JSC::CallFrameShuffler::hasOnlySafeWrites):
* jit/CallFrameShuffler32_64.cpp: Added.
(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):
* jit/CallFrameShuffler64.cpp: Added.
(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* jit/RegisterMap.cpp:
(JSC::RegisterMap::RegisterMap):
(JSC::GPRMap::GPRMap):
(JSC::FPRMap::FPRMap):
* jit/Repatch.cpp:
(JSC::linkPolymorphicCall):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189999 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAdds more flaky tests to TestExpecations for iOS and WK2
jacob_nielsen@apple.com [Fri, 18 Sep 2015 23:46:14 +0000 (23:46 +0000)]
Adds more flaky tests to TestExpecations for iOS and WK2

* platform/ios-simulator/TestExpectations:
* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189998 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[iOS] did{Start,Finish}LoadForQuickLookDocumentInMainFrame is never called on WKNavig...
aestes@apple.com [Fri, 18 Sep 2015 23:45:26 +0000 (23:45 +0000)]
[iOS] did{Start,Finish}LoadForQuickLookDocumentInMainFrame is never called on WKNavigationDelegate
https://bugs.webkit.org/show_bug.cgi?id=149360

Reviewed by Tim Horton.

Source/WebKit2:

* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::didStartLoadForQuickLookDocumentInMainFrame): Called on m_navigationDelegate if non-null.
(WebKit::WebPageProxy::didFinishLoadForQuickLookDocumentInMainFrame): Ditto.

Tools:

Added an API test.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/QuickLook.mm: Added.
(-[QuickLookNavigationDelegate _webView:didStartLoadForQuickLookDocumentInMainFrameWithFileName:uti:]):
(-[QuickLookNavigationDelegate _webView:didFinishLoadForQuickLookDocumentInMainFrame:]):
(-[QuickLookNavigationDelegate webView:didFinishNavigation:]):
(TEST):
* TestWebKitAPI/ios/pages.pages: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189997 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoadd a regress test for richards with try/catch.
sbarati@apple.com [Fri, 18 Sep 2015 23:43:15 +0000 (23:43 +0000)]
add a regress test for richards with try/catch.
https://bugs.webkit.org/show_bug.cgi?id=149301

Reviewed by Filip Pizlo.

This adds two variants of Octane/richards benchmark using
try/catch. One try/catch variant that actually throws.
Another that never throws. I've included try/catch inside
every function and every loop.

* js/regress/richards-empty-try-catch-expected.txt: Added.
* js/regress/richards-empty-try-catch.html: Added.
* js/regress/richards-try-catch-expected.txt: Added.
* js/regress/richards-try-catch.html: Added.
* js/regress/script-tests/richards-empty-try-catch.js: Added.
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):
* js/regress/script-tests/richards-try-catch.js: Added.
(randomException):
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189996 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoImplement try/catch in the DFG.
sbarati@apple.com [Fri, 18 Sep 2015 23:37:42 +0000 (23:37 +0000)]
Implement try/catch in the DFG.
https://bugs.webkit.org/show_bug.cgi?id=147374

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements try/catch inside the DFG JIT.
It also prevents tier up to the FTL for any functions
that have an op_catch in them that are DFG compiled.

This patch accomplishes implementing try/catch inside
the DFG by OSR exiting to op_catch when an exception is thrown.
We can OSR exit from an exception inside the DFG in two ways:
1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2) We have an exception when returing from a callOperation

In the case of (1), we get to the OSR exit from genericUnwind because
the exception was thrown in a child call frame. This means these
OSR exits must act as defacto op_catches (even though we will still OSR
exit to a baseline op_catch). That means they must restore the stack pointer
and call frame.

In the case of (2), we can skip genericUnwind because we know the exception
check will take us to a particular OSR exit. Instead, we link these
exception checks as jumps to a particular OSR exit.

Both types of OSR exits will exit into op_catch inside the baseline JIT.
Because they exit to op_catch, these OSR exits must set callFrameForCatch
to the proper call frame pointer.

We "handle" all exceptions inside the machine frame of the DFG code
block. This means the machine code block is responsible for "catching"
exceptions of any inlined frames' try/catch. OSR exit will then exit to
the proper baseline CodeBlock after reifying the inlined frames
(DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to).
Also, genericUnwind will never consult an inlined call frame's CodeBlock to
see if they can catch the exception because they can't. We always unwind to the
next machine code block frame. The DFG CodeBlock changes how the exception
handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks.

So, when consulting call sites that throw, we keep track of the CallSiteIndex,
and the HandlerInfo for the corresponding baseline exception handler for
that particular CallSiteIndex (if an exception at that call site will be caught).
Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
(The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
at from genericUnwind).

Also, each OSR exit will know if it acting as an exception handler, and
whether or not it will be arrived at from genericUnwind. When we know we
will arrive at an OSR exit from genericUnwind, we set the corresponding
HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.

This patch also introduces a new Phase inside the DFG that ensures
that DFG CodeBlocks that handle exceptions take the necessary
steps to keep live variables at "op_catch" live according the
OSR exit value recovery machinery. We accomplish this by flushing
all live op_catch variables to the stack when inside a "try" block.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::handlerForBytecodeOffset):
(JSC::CodeBlock::handlerForIndex):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearExceptionHandlers):
(JSC::CodeBlock::appendExceptionHandler):
* bytecode/PreciseJumpTargets.cpp:
(JSC::computePreciseJumpTargets):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::lastCallSite):
(JSC::DFG::CommonData::shrinkToFit):
* dfg/DFGCommonData.h:
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
(JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
(JSC::DFG::JITCompiler::blockHeads):
(JSC::DFG::JITCompiler::exceptionCheck): Deleted.
* dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
(JSC::DFG::performLiveCatchVariablePreservationPhase):
* dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::setPatchableCodeOffset):
* dfg/DFGOSRExit.h:
(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):
* dfg/DFGOSRExitCompilerCommon.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGSlowPathGenerator.h:
(JSC::DFG::SlowPathGenerator::SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::generate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* interpreter/Interpreter.cpp:
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::UnwindFunctor::operator()):
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):
(JSC::StackVisitor::readFrame):
* interpreter/StackVisitor.h:
(JSC::StackVisitor::operator*):
(JSC::StackVisitor::operator->):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitCount):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_catch):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_catch):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::addressOfCallFrameForCatch):
(JSC::VM::exception):
(JSC::VM::addressOfException):
* tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.
(f):
(bar):
(Foo):
* tests/stress/es6-for-of-loop-exception.js: Added.
(assert):
(shouldThrowInvalidConstAssignment):
(baz):
(foo):
* tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.
(assert):
(o.valueOf):
(o.toString):
(read):
(bar):
(foo):
* tests/stress/exception-dfg-not-strict-equal.js: Added.
(foo):
(o.valueOf):
(o.toString):
(assert):
(shouldDoSomethingInFinally):
(catch):
* tests/stress/exception-dfg-operation-read-value.js: Added.
(assert):
(o.valueOf):
(o.toString):
(read):
(foo):
* tests/stress/exception-dfg-throw-from-catch-block.js: Added.
(assert):
(baz):
(bar):
(foo):

LayoutTests:

* js/regress/raytrace-with-empty-try-catch-expected.txt: Added.
* js/regress/raytrace-with-empty-try-catch.html: Added.
* js/regress/raytrace-with-try-catch-expected.txt: Added.
* js/regress/raytrace-with-try-catch.html: Added.
* js/regress/script-tests/raytrace-with-empty-try-catch.js: Added.
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):
* js/regress/script-tests/raytrace-with-try-catch.js: Added.
(randomException):
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):
* js/regress/script-tests/v8-raytrace-with-empty-try-catch.js: Added.
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):
* js/regress/script-tests/v8-raytrace-with-try-catch.js: Added.
(randomException):
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):
* js/regress/v8-raytrace-with-empty-try-catch-expected.txt: Added.
* js/regress/v8-raytrace-with-empty-try-catch.html: Added.
* js/regress/v8-raytrace-with-try-catch-expected.txt: Added.
* js/regress/v8-raytrace-with-try-catch.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189995 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAX: Implement ARIA 1.1 @aria-current on iOS
n_wang@apple.com [Fri, 18 Sep 2015 23:19:46 +0000 (23:19 +0000)]
AX: Implement ARIA 1.1 @aria-current on iOS
https://bugs.webkit.org/show_bug.cgi?id=149297

Reviewed by Chris Fleizach.

Source/WebCore:

Added support for iOS to query for aria-current status.
Also, enabled aria-current.html test on iOS.

* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper accessibilityInvalidStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIACurrentStatus]):
(-[WebAccessibilityObjectWrapper accessibilityMathRootIndexObject]):

Tools:

Added support to test aria-current on iOS.

* DumpRenderTree/ios/AccessibilityUIElementIOS.mm:
(AccessibilityUIElement::stringAttributeValue):
* WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:
(WTR::AccessibilityUIElement::stringAttributeValue):

LayoutTests:

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189994 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoImplement linear memory instructions in WebAssembly
commit-queue@webkit.org [Fri, 18 Sep 2015 23:06:47 +0000 (23:06 +0000)]
Implement linear memory instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149326

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements linear memory instructions in WebAssembly.[1] To
use the linear memory, an ArrayBuffer must be passed to loadWebAssembly().

Notes:
- We limit the ArrayBuffer's byte length to 2^31 - 1. This enables us to
  use only one comparison (unsigned greater than) to check for
  out-of-bounds access.
- There is no consensus yet on what should happen when an out-of-bounds
  access occurs.[2] For now, we throw an error when that happens.
- In asm.js, a heap access looks like this: int32Array[i >> 2]. Note
  that ">> 2" is part of the syntax and is required. pack-asmjs will
  produce bytecodes that look something like "LoadI32, i" (not
  "LoadI32, ShiftRightI32, i, 2"). The requirement of the shift operator
  prevents unaligned accesses in asm.js. (There is a proposal to support
  unaligned accesses in the future version of asm.js using DataView.[3])
  The WebAssembly spec allows unaligned accesses.[4] But since we use
  asm.js for testing, we follow asm.js's behaviors for now.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#linear-memory
[2]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#out-of-bounds
[3]: https://wiki.mozilla.org/Javascript:SpiderMonkey:OdinMonkey#Possible_asm.js_extensions_that_don.27t_require_new_JS_features
[4]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#alignment

* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionLoadWebAssembly):
* tests/stress/wasm-linear-memory.js: Added.
(shouldBe):
(shouldThrow):
* tests/stress/wasm/linear-memory.wasm: Added.
* wasm/JSWASMModule.cpp:
(JSC::JSWASMModule::JSWASMModule):
(JSC::JSWASMModule::visitChildren):
* wasm/JSWASMModule.h:
(JSC::JSWASMModule::create):
(JSC::JSWASMModule::arrayBuffer):
(JSC::JSWASMModule::JSWASMModule): Deleted.
* wasm/WASMConstants.h:
* wasm/WASMFunctionCompiler.h:
(JSC::sizeOfMemoryType):
(JSC::WASMFunctionCompiler::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildLoad):
(JSC::WASMFunctionCompiler::buildStore):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseMemoryAddress):
(JSC::WASMFunctionParser::parseLoad):
(JSC::WASMFunctionParser::parseStore):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionSyntaxChecker::buildLoad):
(JSC::WASMFunctionSyntaxChecker::buildStore):
* wasm/WASMModuleParser.cpp:
(JSC::WASMModuleParser::WASMModuleParser):
(JSC::WASMModuleParser::parseModule):
(JSC::parseWebAssembly):
(JSC::WASMModuleParser::parse): Deleted.
* wasm/WASMModuleParser.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189993 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRemove last required use of WEBKIT_LIBRARIES environment variable on Windows
achristensen@apple.com [Fri, 18 Sep 2015 23:05:19 +0000 (23:05 +0000)]
Remove last required use of WEBKIT_LIBRARIES environment variable on Windows
https://bugs.webkit.org/show_bug.cgi?id=149355

Reviewed by Brent Fulgham.

* win/tools/scripts/auto-version.pl:
Use the directory of $0 (the currently executed perl script) to find the perl script instead of an environment variable.
This makes it possible to build WebKit on Windows without environment variables.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189992 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoFix Windows tests after switch to CMake.
achristensen@apple.com [Fri, 18 Sep 2015 23:03:23 +0000 (23:03 +0000)]
Fix Windows tests after switch to CMake.

* testing/js/WebCoreTestSupportPrefix.h:
Include cmakeconfig.h before wtf/Platform.h like we do in all the other precompiled headers
to have consistent features defined.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189991 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION (r189526): Nightlies don't work on Mavericks
ap@apple.com [Fri, 18 Sep 2015 22:36:53 +0000 (22:36 +0000)]
REGRESSION (r189526): Nightlies don't work on Mavericks
https://bugs.webkit.org/show_bug.cgi?id=149215

Reviewed by Daniel Bates.

* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::SQLiteDatabase): Fixed the check to work when cross-compiling
for 10.9 with 10.10 SDK.
(WebCore::SQLiteDatabase::disableThreadingChecks): Removed an obsolete version check -
WebCore has an #error elsewhere making sure that the version is higher than that.
(WebCore::SQLiteDatabase::authorizerFunction): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189990 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION: http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.html...
jacob_nielsen@apple.com [Fri, 18 Sep 2015 22:30:07 +0000 (22:30 +0000)]
REGRESSION: http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=132388

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189989 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoCMake clean build fix after r189971.
achristensen@apple.com [Fri, 18 Sep 2015 22:26:17 +0000 (22:26 +0000)]
CMake clean build fix after r189971.

* CMakeLists.txt:
Remove Entity.idl.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189988 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSupport style isolation in shadow trees
antti@apple.com [Fri, 18 Sep 2015 22:25:08 +0000 (22:25 +0000)]
Support style isolation in shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149353

Reviewed by Ryosuke Niwa.

Allow ShadowRoots to have their own StyleResolvers.

This patch just adds the mechanism, all shadow roots still use the document resolver.

* css/StyleResolver.h:
(WebCore::StyleResolverParentPusher::push):
(WebCore::StyleResolverParentPusher::~StyleResolverParentPusher):
* dom/Element.cpp:
(WebCore::Element::absoluteLinkURL):
(WebCore::Element::styleResolver):

    Helper function for getting the right StyleResolver for the element.

(WebCore::Element::resolveStyle):

    Helper function for resolving element style.

* dom/Element.h:
* dom/ShadowRoot.cpp:
(WebCore::ShadowRoot::~ShadowRoot):
(WebCore::ShadowRoot::styleResolver):
(WebCore::ShadowRoot::cloneNode):
* dom/ShadowRoot.h:
(WebCore::ShadowRoot::resetStyleInheritance):
* editing/EditingStyle.cpp:
(WebCore::styleFromMatchedRulesForElement):
* html/HTMLTitleElement.cpp:
(WebCore::HTMLTitleElement::computedTextWithDirection):
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::CanvasRenderingContext2D::setFont):
* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::getMatchedStylesForNode):
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::KeyframeAnimation):
* rendering/RenderElement.cpp:
(WebCore::RenderElement::getUncachedPseudoStyle):
(WebCore::RenderElement::containingBlockForFixedPosition):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::checkRegionStyle):
(WebCore::RenderNamedFlowFragment::computeStyleInRegion):
* style/StyleResolveTree.cpp:
(WebCore::Style::styleForElement):
* svg/SVGElement.cpp:
(WebCore::SVGElement::customStyleForRenderer):
(WebCore::SVGElement::animatedSMILStyleProperties):
* svg/SVGElementRareData.h:
(WebCore::SVGElementRareData::overrideComputedStyle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189987 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSnapshots broken on iOS
bdakin@apple.com [Fri, 18 Sep 2015 21:37:17 +0000 (21:37 +0000)]
Snapshots broken on iOS
https://bugs.webkit.org/show_bug.cgi?id=149354

Reviewed by Tim Horton.

We need to send the IOSurface to ViewSnapshot::create() for this to work.
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _takeViewSnapshot]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189986 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[Win] Fix bindings tests after r189934.
achristensen@apple.com [Fri, 18 Sep 2015 21:30:28 +0000 (21:30 +0000)]
[Win] Fix bindings tests after r189934.

Reviewed by Brent Fulgham.

* bindings/scripts/preprocessor.pm:
(applyPreprocessor):
Bindings tests use /usr/bin/gcc from cygwin, which requires different flags.
If we're using gcc to preprocess, use it like we did before r189934.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189985 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoImplement type conversion instructions in WebAssembly
commit-queue@webkit.org [Fri, 18 Sep 2015 21:29:54 +0000 (21:29 +0000)]
Implement type conversion instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149340

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-18
Reviewed by Mark Lam.

This patch implements some type conversion instructions in WebAssembly.
The WebAssembly spec has a lot more type conversion instructions than
what are available in asm.js.[1] We only implement the ones that are in
asm.js for now because we can only test those.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md

* tests/stress/wasm-type-conversion.js:
* tests/stress/wasm/type-conversion.wasm:
* wasm/WASMConstants.h:
* wasm/WASMFunctionCompiler.h:
(JSC::operationConvertUnsignedInt32ToDouble):
(JSC::WASMFunctionCompiler::buildConvertType):
(JSC::WASMFunctionCompiler::callOperation):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseConvertType):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildConvertType):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189984 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoline-break-language-sensitive tests should be marked as flaky
jacob_nielsen@apple.com [Fri, 18 Sep 2015 21:08:02 +0000 (21:08 +0000)]
line-break-language-sensitive tests should be marked as flaky
https://bugs.webkit.org/show_bug.cgi?id=149349

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189983 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[MediaStream] Finish implementing MediaDevices.enumerateDevices
eric.carlson@apple.com [Fri, 18 Sep 2015 21:05:37 +0000 (21:05 +0000)]
[MediaStream] Finish implementing MediaDevices.enumerateDevices
https://bugs.webkit.org/show_bug.cgi?id=149322
<rdar://problem/22750866>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: fast/mediastream/MediaDevices-enumerateDevices.html

* CMakeLists.txt: Add MediaDevicesRequest.cpp

* Modules/mediastream/MediaDeviceInfo.h: Add MediaDeviceInfoVector typedef.

* Modules/mediastream/MediaDevices.cpp:
(WebCore::MediaDevices::enumerateDevices): Use MediaDevicesRequest.
* Modules/mediastream/MediaDevices.h: EnumerateDevicePromise -> EnumerateDevicesPromise.
* Modules/mediastream/MediaDevices.idl:

* Modules/mediastream/MediaDevicesRequest.cpp: Added.
(WebCore::MediaDevicesRequest::create):
(WebCore::MediaDevicesRequest::MediaDevicesRequest):
(WebCore::MediaDevicesRequest::~MediaDevicesRequest):
(WebCore::MediaDevicesRequest::securityOrigin):
(WebCore::MediaDevicesRequest::contextDestroyed):
(WebCore::MediaDevicesRequest::start):
(WebCore::MediaDevicesRequest::didCompleteRequest):
(WebCore::MediaDevicesRequest::requestOrigin):
* Modules/mediastream/MediaDevicesRequest.h: Added.

* Modules/mediastream/MediaStreamTrackSourcesRequest.cpp:
(WebCore::MediaStreamTrackSourcesRequest::MediaStreamTrackSourcesRequest):
(WebCore::MediaStreamTrackSourcesRequest::didCompleteRequest):
* Modules/mediastream/MediaStreamTrackSourcesRequest.h:

* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::UserMediaRequest::enumerateDevices): Deleted.
* Modules/mediastream/UserMediaRequest.h:

* WebCore.xcodeproj/project.pbxproj: Add MediaDevicesRequest.cpp

* platform/mediastream/MediaDevicesPrivate.cpp: Removed.
* platform/mediastream/MediaDevicesPrivate.h: Removed.

* platform/mediastream/MediaStreamCreationClient.h:
* platform/mediastream/MediaStreamTrackSourcesRequestClient.h:
(WebCore::MediaStreamTrackSourcesRequestClient::~MediaStreamTrackSourcesRequestClient):

* platform/mediastream/mac/AVCaptureDeviceManager.h:
* platform/mediastream/mac/AVCaptureDeviceManager.mm:
(WebCore::AVCaptureDeviceManager::verifyConstraintsForMediaType): Optionally take an
  AVCaptureSession instead of always allocating one.
(WebCore::AVCaptureDeviceManager::bestSourcesForTypeAndConstraints): Pass the AVCaptureSession
  to verifyConstraintsForMediaType.

* platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):

* platform/mock/MockRealtimeMediaSourceCenter.cpp:
(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):

LayoutTests:

* fast/mediastream/MediaDevices-enumerateDevices-expected.txt: Added.
* fast/mediastream/MediaDevices-enumerateDevices.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189982 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoiOS WebKitTestRunner frequently crashes in WKContextGetIconDatabase
ap@apple.com [Fri, 18 Sep 2015 20:57:31 +0000 (20:57 +0000)]
iOS WebKitTestRunner frequently crashes in WKContextGetIconDatabase
https://bugs.webkit.org/show_bug.cgi?id=149352

Reviewed by Simon Fraser.

* WebKitTestRunner/TestController.cpp: (WTR::TestController::~TestController):
m_context can be null. This may indicate a bug in webkitpy too, but
WebKitTestRunner should handle this situation nicely, there is nothing intrinsically
wrong with opening and immediately closing it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189981 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUpdates to include change to iOS test expectations after bug 149187
jacob_nielsen@apple.com [Fri, 18 Sep 2015 20:55:17 +0000 (20:55 +0000)]
Updates to include change to iOS test expectations after bug 149187

* platform/ios-simulator/js/dom/constructor-length-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189980 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoWebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with...
cdumez@apple.com [Fri, 18 Sep 2015 20:37:41 +0000 (20:37 +0000)]
WebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with GuardMalloc when preparing to suspend
https://bugs.webkit.org/show_bug.cgi?id=149350

Reviewed by Antti Koivisto.

in MemoryPressureHandler::releaseCriticalMemory(), iterate over a copy of
Document::allDocuments() instead of iterating over allDocuments() directly.
Also make sure the Documents are ref'd inside the copy.

This is needed because clearing the StyleResolver of a Document may cause
Documents to be unref'd and removed from the allDocument() HashSet.

No new tests, already covered by existing tests.

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::releaseCriticalMemory):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189979 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[Win] Unreviewed build fix.
bfulgham@apple.com [Fri, 18 Sep 2015 20:31:43 +0000 (20:31 +0000)]
[Win] Unreviewed build fix.

Non-cmake build does not include quotes in the file path, so a search
operation always failed.

* bindings/scripts/preprocessor.pm:
(applyPreprocessor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189978 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoisGitSVNDirectory() returns true when Git is not installed
dbates@webkit.org [Fri, 18 Sep 2015 20:00:49 +0000 (20:00 +0000)]
isGitSVNDirectory() returns true when Git is not installed
https://bugs.webkit.org/show_bug.cgi?id=149351

Reviewed by Alexey Proskuryakov.

Fixes an issue where VCSUtils::isGitSVNDirectory() returns true for any arbitrary directory if
Git is not installed on the machine.

* Scripts/VCSUtils.pm:
(isGitSVNDirectory): Ensure that `git config --get svn-remote.svn.fetch 2>& 1` exits with
status code 0 (success).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189977 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and...
cdumez@apple.com [Fri, 18 Sep 2015 19:31:45 +0000 (19:31 +0000)]
REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them
https://bugs.webkit.org/show_bug.cgi?id=149317
<rdar://problem/22521514>

Reviewed by Tim Horton.

Source/WebCore:

Disable on Mavericks a PageCache optimization from r182449 which lets
into PageCache pages that only have certain types of pending loads
(images and XHR). This is because it has been determined via bisection
that this change is the one that introduced the bug on Mavericks.

* loader/DocumentLoader.cpp:
(WebCore::areAllLoadersPageCacheAcceptable):

LayoutTests:

Skip a couple of PageCache layout tests on Mavericks now that a PageCache
optimization has been disabled.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189976 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed iOS gardening.
zalan@apple.com [Fri, 18 Sep 2015 18:35:45 +0000 (18:35 +0000)]
Unreviewed iOS gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189975 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[Win] Use tiled drawing for main background layer
bfulgham@apple.com [Fri, 18 Sep 2015 18:23:29 +0000 (18:23 +0000)]
[Win] Use tiled drawing for main background layer
https://bugs.webkit.org/show_bug.cgi?id=149347
<rdar://problem/22759632>

Reviewed by Alex Christensen.

Source/WebCore:

Turn on tiled drawing for the root layer when using
accelerated compositing on Windows.

* page/Frame.h: Export the 'isMainFrame' method so that
it can be used by WebKit.dll.
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::getDebugBorderInfo): Use a full
pixel width on Windows, since it doesn't support High DPI (yet).
* platform/graphics/ca/win/PlatformCALayerWin.cpp:
(PlatformCALayerWin::create): Use nullptr.
(toCACFFilterType): Ditto.
(layerTreeHostForLayer): Ditto.
(PlatformCALayer::platformCALayer): Ditto.
 (PlatformCALayerWin::PlatformCALayerWin): Use the correct contents scaling
factor for new layers.
(PlatformCALayerWin::animationForKey): Use nullptr.
* platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:
(WebTiledBackingLayerWin::displayCallback): Update assertion to
recognize LayerTypePageTiledBackingLayer as a valid layer to be used
in this display routine.

Source/WebKit/win:

Instruct WebCore to use tiled drawing for the root layer
of the display.

* WebCoreSupport/WebChromeClient.cpp:
(WebChromeClient::shouldUseTiledBackingForFrameView): Added.
* WebCoreSupport/WebChromeClient.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189974 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoPrevent build-webkit from building four times on Windows
achristensen@apple.com [Fri, 18 Sep 2015 18:00:32 +0000 (18:00 +0000)]
Prevent build-webkit from building four times on Windows
https://bugs.webkit.org/show_bug.cgi?id=149336

Reviewed by Brent Fulgham.

* Scripts/build-webkit:
Move the Windows code out of the for loop iterating over each subdirectory to be build.
They're built all at once.
* Scripts/webkitdirs.pm:
(buildVisualStudioProject):
(cmakeGeneratedBuildfile):
Don't generate the Visual Studio solution if it already exists.
It will run CMake again if necessary.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189973 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoFix tests on Windows after switching to CMake.
achristensen@apple.com [Fri, 18 Sep 2015 18:00:16 +0000 (18:00 +0000)]
Fix tests on Windows after switching to CMake.
https://bugs.webkit.org/show_bug.cgi?id=149339

Reviewed by Brent Fulgham.

.:

* Source/PlatformWin.cmake: Added to copy WebInspectorUI.

Source/JavaScriptCore:

* shell/PlatformWin.cmake:
Build testapi and testRegExp (which doesn't seem to be used any more).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189972 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoDrop support for Entity Node type
cdumez@apple.com [Fri, 18 Sep 2015 17:23:17 +0000 (17:23 +0000)]
Drop support for Entity Node type
https://bugs.webkit.org/show_bug.cgi?id=149239

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that a new check is passing.

* web-platform-tests/dom/historical-expected.txt:

Source/WebCore:

Drop support for Entity DOM type. This legacy type has been dropped in
DOM4:
- https://dom.spec.whatwg.org/#dom-core-changes

Chrome [1] and Firefox [2] already dropped it. There is currently no
way to construct an Entity Node in WebKit.

[1] https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/k3tZGP2EANc
[2] https://developer.mozilla.org/en-US/docs/Web/API/Entity

No new tests, already covered by existing W3C test.

* DerivedSources.cpp:
* WebCore.xcodeproj/project.pbxproj:
* bindings/gobject/WebKitDOMPrivate.cpp:
(WebKit::wrap): Deleted.
* bindings/js/JSNodeCustom.cpp:
(WebCore::createWrapperInline): Deleted.
* bindings/objc/DOM.mm:
(kitClass): Deleted.
* dom/Document.cpp:
(WebCore::Document::importNode): Deleted.
(WebCore::Document::adoptNode): Deleted.
(WebCore::Document::childTypeAllowed): Deleted.
(WebCore::Document::canAcceptChild): Deleted.
* dom/Entity.h:
* dom/Entity.idl:
* dom/Node.cpp:
(WebCore::Node::isDefaultNamespace): Deleted.
(WebCore::Node::lookupPrefix): Deleted.
(WebCore::Node::lookupNamespaceURI): Deleted.
(WebCore::appendTextContent): Deleted.
(WebCore::Node::setTextContent): Deleted.
* dom/Node.h:
* dom/Range.cpp:
(WebCore::lengthOfContentsInNode): Deleted.
(WebCore::Range::processContentsBetweenOffsets): Deleted.
(WebCore::Range::insertNode): Deleted.
(WebCore::Range::checkNodeWOffset): Deleted.
(WebCore::Range::checkNodeBA): Deleted.
(WebCore::Range::selectNode): Deleted.
(WebCore::Range::selectNodeContents): Deleted.
(WebCore::Range::surroundContents): Deleted.
* editing/MarkupAccumulator.cpp:
(WebCore::MarkupAccumulator::appendStartMarkup): Deleted.
* xml/XPathUtil.cpp:
(WebCore::XPath::isValidContextNode): Deleted.

Source/WebKit2:

Stop handling the Entity node type.

* WebProcess/InjectedBundle/API/mac/WKDOMInternals.mm:

LayoutTests:

Rebaseline / update layout tests now that we no longer expose the
Entity type to the Web.

* fast/dom/Window/get-set-properties-expected.txt:
* fast/dom/Window/get-set-properties.html:
* fast/dom/Window/resources/window-properties.js:
* fast/dom/Window/window-lookup-precedence-expected.txt:
* fast/dom/dom-constructors-expected.txt:
* fast/dom/dom-constructors.html:
* platform/gtk/fast/dom/Window/window-lookup-precedence-expected.txt:
* platform/mac/fast/dom/Window/window-lookup-precedence-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189971 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoASSERT(!m_frontendRouter->hasLocalFrontend()) when running Web Inspector tests
bburg@apple.com [Fri, 18 Sep 2015 17:16:24 +0000 (17:16 +0000)]
ASSERT(!m_frontendRouter->hasLocalFrontend()) when running Web Inspector tests
https://bugs.webkit.org/show_bug.cgi?id=149006
Source/JavaScriptCore:

Reviewed by Joseph Pecoraro.

Prior to disconnecting, we need to know how many frontends remain connected.

* inspector/InspectorFrontendRouter.h: Add frontendCount().

Source/WebCore:

Reviewed by Joseph Pecoraro.

The patch fixes two defects:

    (1) the stub inspector frontend is not closed reliably when a test times out
    (2) frontend clients and channels are sometimes connected to the wrong controllers

When an inspector test times out, the test runner requests (via the inspected page's controller)
that the inspector close. But, the stub frontend works independently of InspectorClient,
so the inspected page's InspectorController cannot close the stub frontend. The assertion
failed because the stub frontend's channel was still connected to the inspected page's controller.

The fix is to route requests for the inspector window to close through the FrontendClient's
closeWindow() method rather than InspectorClient, so that the stub frontend can react.
The other code paths (i.e., through close() and closeLocalFrontend()) have been removed.

Now that the stub frontend eagerly closes its channel before the Page gets GC'd, several
methods invoked during test teardown must be reordered to avoid using dangling pointers.

The stub frontend in Internals has been rewritten to properly disconnect itself
from both the frontend and inspected page's inspector controllers.

While fixing this bug, I noticed that we are inconsistent about which inspector controller
(the inspected page's or the frontend page's) receives the FrontendClient and which takes
FrontendChannels. It is now the case for all configurations that the FrontendClient is
connected to the frontend page's inspector controller, and FrontendChannels are connected
to the inspected page's inspector controller. In the WK2 case, the Inspector Process
has an attached frontend client, and its inspected Web Process has frontend channels.

No new tests, covered by existing tests.

* inspector/InspectorClient.h:
* inspector/InspectorController.cpp:
(WebCore::InspectorController::~InspectorController):
(WebCore::InspectorController::inspectedPageDestroyed):

    This method is called from Page::~Page, so we should disconnect all frontends now
    before subframes are detached from the page, making InspectorController inaccessible.

(WebCore::InspectorController::disconnectFrontend):

    The teardown branch was never being run before, because we never disconnected the
    frontend's channel correctly. Some agents use the overlay during teardown, so notify
    agents before releasing the overlay page.

(WebCore::InspectorController::disconnectAllFrontends):

    The actions from close() are inlined and rearranged here, similar to disconnectFrontend.
    We have to notify agents before removing InspectorClient as some agents make use of it.

(WebCore::InspectorController::close): Deleted.
(WebCore::InspectorController::show): This assertion is vacuously true now.
* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::inspectedPage): Added. Used by stub frontend.
* inspector/InspectorFrontendClientLocal.h:
(WebCore::InspectorFrontendClientLocal::frontendPage): Added.
* loader/EmptyClients.h:
* page/Page.cpp:
(WebCore::Page::~Page):

    Notify inspector before detaching frames, otherwise it will not be possible to
    cleanly disconnect the stub frontend's channel.

* testing/Internals.cpp:

    Rewrite the stub frontend to better encapsulate its setup and teardown logic.

(WebCore::InspectorStubFrontend::frontendPage): Added.
(WebCore::InspectorStubFrontend::InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::~InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::closeWindow): Added.
(WebCore::InspectorStubFrontend::sendMessageToFrontend): Added.
(WebCore::Internals::openDummyInspectorFrontend):
(WebCore::Internals::closeDummyInspectorFrontend):
(WebCore::InspectorFrontendClientDummy::~InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendClientDummy::InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::~InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::sendMessageToFrontend): Deleted.
* testing/Internals.h:

Source/WebKit/ios:

Reviewed by Joseph Pecoraro.

* WebCoreSupport/WebInspectorClientIOS.mm:
(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.

Source/WebKit/mac:

Reviewed by Joseph Pecoraro.

WK1 WebInspectorClient was connecting to the wrong controllers. Fix this, and
remove extra code paths for closing the frontend.

* WebCoreSupport/WebInspectorClient.h:
* WebCoreSupport/WebInspectorClient.mm:
(-[WebInspectorWindowController destroyInspectorView]):

    Disconnect the FrontendClient from the frontend page's inspector controller.
    Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.
* WebInspector/WebInspector.mm:
(-[WebInspector inspectedWebViewClosed]):

    Make sure to close ourself if the inspected page closes.

(-[WebInspector close:]):

    Go through the frontend instead of InspectorController.

* WebInspector/WebInspectorFrontend.h:
* WebInspector/WebInspectorFrontend.mm:
(-[WebInspectorFrontend close]):

Source/WebKit/win:

Reviewed by Joseph Pecoraro.

* WebCoreSupport/WebInspectorClient.cpp:
(WebInspectorFrontendClient::destroyInspectorView):

    Disconnect the FrontendClient from the frontend page's inspector controller.
    Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorFrontendClient::onClose):
(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.
* WebCoreSupport/WebInspectorClient.h: Drive-by cleanup for class declarations.
* WebInspector.cpp:
(WebInspector::close):

    Go through the frontend instead of InspectorController.

Source/WebKit2:

<rdar://problem/22654257>
<rdar://problem/22631369>

Reviewed by Joseph Pecoraro.

Stop using InspectorController to close the frontend page. Go through
the FrontendClient instead. Reduce redundant code paths.

This change seems to fix some recent crashes that were seen when
closing Safari with Web Inspector open. These were caused by the frontend
channel not being disconnected at the right time.

* WebProcess/WebCoreSupport/WebInspectorClient.cpp:
(WebKit::WebInspectorClient::inspectedPageDestroyed):
(WebKit::WebInspectorClient::closeLocalFrontend): Deleted.
* WebProcess/WebCoreSupport/WebInspectorClient.h:
* WebProcess/WebPage/WebInspector.cpp:
(WebKit::WebInspector::close):
* WebProcess/WebPage/WebInspectorUI.cpp:
(WebKit::WebInspectorUI::establishConnection):

    Save a pointer to the frontend's InspectorController since we may
    need to use it while the page is being destructed and its getter
    is no longer accessible.

(WebKit::WebInspectorUI::closeWindow):

    Explicitly remove the frontend client when closing the frontend.

* WebProcess/WebPage/WebInspectorUI.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::inspector):

    Allow clients to specify whether an inspector should be eagerly created.
    Without this, we may accidentally create an instance during teardown.

* WebProcess/WebPage/WebPage.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189970 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoclassList.toggle(name, force) treats undefined `force` argument as false
cdumez@apple.com [Fri, 18 Sep 2015 16:53:10 +0000 (16:53 +0000)]
classList.toggle(name, force) treats undefined `force` argument as false
https://bugs.webkit.org/show_bug.cgi?id=148582
<rdar://problem/22545600>

Reviewed by Ryosuke Niwa.

Source/WebCore:

classList.toggle(name, force) treats undefined `force` argument as false.
However, according to the Web IDL specification, we should treat undefined
as if the value was missing for optional parameters that do not have a
default value:
https://heycam.github.io/webidl/#dfn-overload-resolution-algorithm (Step 14.4).

For optional parameters that have a default value, undefined should be
converted into the default value. This is supported as of r189957.

In this patch, we use custom bindings to provide a spec-compliant version
of DOMTokenList.toggle(). Unfortunately, adding such support in the
bindings generator would be a non-trivial task (I guess, we would have to
generalize using WTF::Optional<> type for all optional parameters in our
implementation. Also we cannot use the default value support added in
r189957 because the toggle() implementation needs to be able to
distinguish all 3 states for the 'force' parameter: true, false or
missing.

The new behavior matches the behavior of Firefox and the specification.

Test: fast/dom/Element/class-list-toggle.html

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/JSDOMTokenListCustom.cpp: Added.
(WebCore::JSDOMTokenList::toggle):
* html/DOMTokenList.h:
* html/DOMTokenList.idl:

LayoutTests:

Add decent test coverage for DOMTokenList.toggle() via Element.classList.

* fast/dom/Element/class-list-toggle-expected.txt: Added.
* fast/dom/Element/class-list-toggle.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189969 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoExplicitly specify builtin JS files dependency
utatane.tea@gmail.com [Fri, 18 Sep 2015 16:38:09 +0000 (16:38 +0000)]
Explicitly specify builtin JS files dependency
https://bugs.webkit.org/show_bug.cgi?id=149323

Reviewed by Alex Christensen.

JSCBuiltins.{h,cpp} in CMakeLists.txt and DerivedSources.make just depend on the builtins directory.
As a result, even if we modify builtins/*.js code, regenerating JSCBuiltins.{h,cpp} does not occur.
As the same to the cpp sources, let's list up the JS files explicitly.

* CMakeLists.txt:
* DerivedSources.make:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189968 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRemove register preservation and restoration stub code
msaboff@apple.com [Fri, 18 Sep 2015 16:21:08 +0000 (16:21 +0000)]
Remove register preservation and restoration stub code
https://bugs.webkit.org/show_bug.cgi?id=149335

Reviewed by Mark Lam.

Delete the register preservation and restoration thunks and related plumbing.

Much of this change is removing the unneeded RegisterPreservationMode parameter
from various functions.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::isLinked):
(JSC::CallLinkInfo::setUpCallFromFTL):
(JSC::CallLinkInfo::registerPreservationMode): Deleted.
* ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::initializeAddressForCall):
(JSC::FTL::JITCode::addressForCall):
* ftl/FTLJITCode.h:
* ftl/FTLOSREntry.cpp:
(JSC::FTL::prepareOSREntry):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* jit/JITCode.cpp:
(JSC::JITCode::execute):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::addressForCall):
(JSC::NativeJITCode::initializeCodeRef):
(JSC::NativeJITCode::addressForCall):
(JSC::DirectJITCode::ensureWrappers): Deleted.
* jit/JITCode.h:
(JSC::JITCode::jitTypeFor):
(JSC::JITCode::executableAddress):
* jit/JITOperations.cpp:
* jit/RegisterPreservationWrapperGenerator.cpp: Removed.
* jit/RegisterPreservationWrapperGenerator.h: Removed.
* jit/Repatch.cpp:
(JSC::linkPolymorphicCall):
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
* jit/ThunkGenerators.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::entryOSR):
(JSC::LLInt::setUpCall):
* runtime/Executable.cpp:
(JSC::ExecutableBase::clearCode):
(JSC::ScriptExecutable::installCode):
(JSC::WebAssemblyExecutable::prepareForExecution):
* runtime/Executable.h:
(JSC::ExecutableBase::generatedJITCodeFor):
(JSC::ExecutableBase::entrypointFor):
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):
* runtime/RegisterPreservationMode.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189967 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoFix build with --no-indexed-database after r189831
commit-queue@webkit.org [Fri, 18 Sep 2015 13:27:52 +0000 (13:27 +0000)]
Fix build with --no-indexed-database after r189831
https://bugs.webkit.org/show_bug.cgi?id=149342

Patch by Emanuele Aina <emanuele.aina@collabora.com> on 2015-09-18
Reviewed by Csaba Osztrogon√°c.

* WebProcess/Databases/WebDatabaseProvider.h:
Add ENABLE(INDEXED_DATABASE) guard around supportsModernIDB().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189966 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoWeb Inspector: Simplify some functional callbacks
commit-queue@webkit.org [Fri, 18 Sep 2015 06:04:41 +0000 (06:04 +0000)]
Web Inspector: Simplify some functional callbacks
https://bugs.webkit.org/show_bug.cgi?id=149333

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-17
Reviewed by Brian Burg.

* UserInterface/Controllers/LogManager.js:
(WebInspector.LogManager.prototype.messageWasAdded):
* UserInterface/Models/Color.js:
(WebInspector.Color):
* UserInterface/Models/Geometry.js:
(WebInspector.CubicBezier.fromCoordinates):
* UserInterface/Models/ObjectPreview.js:
(WebInspector.ObjectPreview.fromPayload):
* UserInterface/Models/TypeDescription.js:
(WebInspector.TypeDescription.fromPayload):
* UserInterface/Protocol/RemoteObject.js:
(WebInspector.RemoteObject.prototype.getCollectionEntries):
(WebInspector.RemoteObject.prototype.getCollectionEntries.): Deleted.
* UserInterface/Views/TextEditor.js:
(WebInspector.TextEditor.prototype.get markers):
(WebInspector.TextEditor.prototype.markersAtPosition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189965 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoWeb Inspector: Remove unused canClearBrowserCookies / canClearBrowserCache protocol...
commit-queue@webkit.org [Fri, 18 Sep 2015 05:06:20 +0000 (05:06 +0000)]
Web Inspector: Remove unused canClearBrowserCookies / canClearBrowserCache protocol methods
https://bugs.webkit.org/show_bug.cgi?id=149307

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-17
Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/protocol/Network.json:
Remove unused protocol methods.

Source/WebCore:

* inspector/InspectorClient.h:
(WebCore::InspectorClient::canClearBrowserCache): Deleted.
(WebCore::InspectorClient::clearBrowserCache): Deleted.
(WebCore::InspectorClient::canClearBrowserCookies): Deleted.
(WebCore::InspectorClient::clearBrowserCookies): Deleted.
These were unimplemented by any ports.

* inspector/CommandLineAPIHost.cpp:
* inspector/InspectorController.cpp:
(WebCore::InspectorController::InspectorController):
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::InspectorResourceAgent):
(WebCore::InspectorResourceAgent::canClearBrowserCache): Deleted.
(WebCore::InspectorResourceAgent::clearBrowserCache): Deleted.
(WebCore::InspectorResourceAgent::canClearBrowserCookies): Deleted.
(WebCore::InspectorResourceAgent::clearBrowserCookies): Deleted.
* inspector/InspectorResourceAgent.h:
* inspector/InspectorTimelineAgent.cpp:
(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
* inspector/InspectorTimelineAgent.h:
* inspector/WorkerInspectorController.cpp:
(WebCore::WorkerInspectorController::WorkerInspectorController):
Remove uses of InspectorClient where it is no longer needed.

Source/WebInspectorUI:

* UserInterface/Protocol/Legacy/7.0/InspectorBackendCommands.js:
* UserInterface/Protocol/Legacy/8.0/InspectorBackendCommands.js:
* UserInterface/Protocol/Legacy/9.0/InspectorBackendCommands.js:
* Versions/Inspector-iOS-7.0.json:
* Versions/Inspector-iOS-8.0.json:
* Versions/Inspector-iOS-9.0.json:
Retroactively remove the protocol methods as they were unused
in these earlier versions as well.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189964 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed, rolling out r189962.
commit-queue@webkit.org [Fri, 18 Sep 2015 04:48:19 +0000 (04:48 +0000)]
Unreviewed, rolling out r189962.
https://bugs.webkit.org/show_bug.cgi?id=149334

These new tests uncovered a crash (Requested by ap on
#webkit).

Reverted changeset:

"Add some tests for shadow DOM rendering"
https://bugs.webkit.org/show_bug.cgi?id=149330
http://trac.webkit.org/changeset/189962

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189963 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAdd some tests for shadow DOM rendering
rniwa@webkit.org [Fri, 18 Sep 2015 03:08:09 +0000 (03:08 +0000)]
Add some tests for shadow DOM rendering
https://bugs.webkit.org/show_bug.cgi?id=149330

Reviewed by Antti Koivisto.

Added some ref tests for new shadow DOM API rendering with failing expectations everywhere.

* fast/shadow-dom/css-scoping-shadow-invisible-slot-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-invisible-slot.html: Added.
* fast/shadow-dom/css-scoping-shadow-rendering-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-rendering.html: Added.
* fast/shadow-dom/css-scoping-shadow-slot-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-slot.html: Added.
* fast/shadow-dom/css-scoping-shadow-with-rules-expected.html: Added.
* fast/shadow-dom/css-scoping-shadow-with-rules.html: Added.
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189962 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed, rolling out r189938, r189952, and r189956.
commit-queue@webkit.org [Fri, 18 Sep 2015 02:56:29 +0000 (02:56 +0000)]
Unreviewed, rolling out r189938, r189952, and r189956.
https://bugs.webkit.org/show_bug.cgi?id=149329

Broke Web Workers (Requested by ap on #webkit).

Reverted changesets:

"Implement try/catch in the DFG."
https://bugs.webkit.org/show_bug.cgi?id=147374
http://trac.webkit.org/changeset/189938

"CLoop build fix after r189938."
http://trac.webkit.org/changeset/189952

"add a regress test for richards with try/catch."
https://bugs.webkit.org/show_bug.cgi?id=149301
http://trac.webkit.org/changeset/189956

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189961 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUpdate features.json for Shadow DOM and Web Components
rniwa@webkit.org [Fri, 18 Sep 2015 02:55:45 +0000 (02:55 +0000)]
Update features.json for Shadow DOM and Web Components
https://bugs.webkit.org/show_bug.cgi?id=149249

Reviewed by Antti Koivisto.

Updated the status of Shadow DOM and made myself the point of contact for shadow DOM and web components.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189960 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[iOS WK2] WTR fails to set the key window in the UIKit sense
simon.fraser@apple.com [Fri, 18 Sep 2015 01:58:40 +0000 (01:58 +0000)]
[iOS WK2] WTR fails to set the key window in the UIKit sense
https://bugs.webkit.org/show_bug.cgi?id=149325

Reviewed by Tim Horton.

-[WebKitTestRunnerWindow isKeyWindow] just returned _platformWebView->windowIsKey().
This causes UIKit to bypass code that actually sets the key window, resulting in
[UIAppliation sharedApplication].keyWindow always being nil.

Fix by PlatformWebView::setWindowIsKey() actually call -makeKeyWindow, and having
-[WebKitTestRunnerWindow isKeyWindow] call super.

* WebKitTestRunner/PlatformWebView.h:
(WTR::PlatformWebView::setWindowIsKey): Deleted.
* WebKitTestRunner/efl/PlatformWebViewEfl.cpp:
(WTR::PlatformWebView::setWindowIsKey):
* WebKitTestRunner/gtk/PlatformWebViewGtk.cpp:
(WTR::PlatformWebView::setWindowIsKey):
* WebKitTestRunner/ios/PlatformWebViewIOS.mm:
(-[WebKitTestRunnerWindow isKeyWindow]):
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::~PlatformWebView):
(WTR::PlatformWebView::setWindowIsKey):
* WebKitTestRunner/mac/PlatformWebViewMac.mm:
(WTR::PlatformWebView::setWindowIsKey):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189959 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[iOS WK2] When loading viewport tests, use the normal web page viewport configuration
simon.fraser@apple.com [Fri, 18 Sep 2015 01:58:37 +0000 (01:58 +0000)]
[iOS WK2] When loading viewport tests, use the normal web page viewport configuration
https://bugs.webkit.org/show_bug.cgi?id=149321

Reviewed by Tim Horton.

InjectedBundlePage::platformDidStartProvisionalLoadForFrame() unconditionally
enabled the "testing" viewport configuration, which disables page scaling.

If we're running viewport tests, we want the normal web page configuration.
Do that by passing a flag in the dictionary sent to InjectedBundle::beginTesting(),
based on whether the test is in a "viewport" directory.

* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::beginTesting):
* WebKitTestRunner/InjectedBundle/cocoa/InjectedBundlePageCocoa.mm:
(WTR::InjectedBundlePage::platformDidStartProvisionalLoadForFrame): Deleted.
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::shouldLogFrameLoadDelegates):
(WTR::TestInvocation::shouldLogHistoryClientCallbacks):
(WTR::TestInvocation::shouldMakeViewportFlexible):
(WTR::TestInvocation::invoke):
* WebKitTestRunner/TestInvocation.h:
* WebKitTestRunner/ios/TestControllerIOS.mm:
(WTR::TestController::platformConfigureViewForTest):
(WTR::shouldMakeViewportFlexible): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189958 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[WebIDL] Add support for default parameter values
cdumez@apple.com [Fri, 18 Sep 2015 01:48:17 +0000 (01:48 +0000)]
[WebIDL] Add support for default parameter values
https://bugs.webkit.org/show_bug.cgi?id=149263
<rdar://problem/22545600>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more NodeIterator / TreeWalker
checks are passing.

* web-platform-tests/dom/traversal/NodeIterator-expected.txt:
* web-platform-tests/dom/traversal/TreeWalker-basic-expected.txt:

Source/WebCore:

Add support for default parameter values to our Web IDL parser and JS
bindings generator. This allows the bindings to convert undefined to
the parameter's default value for optional parameters:
https://heycam.github.io/webidl/#dfn-optional-argument-default-value

Previously, our bindings generator would just convert undefined to
0 / false / "undefined" for optional parameters, depending on the
parameter type.

This patch uses the new default parameter support to fix a bug in
document.createNodeIterator() / document.createTreeWalker()'s handling
of the whatToShow parameter:
https://dom.spec.whatwg.org/#document

WebKit currently was undefined to 0 in this case, even though it should
use the parameter's default value: OxFFFFFFFF.

I am planning to go through other optional parameters in a follow-up
patch and add default values where needed.

No new tests, already covered by existing layout tests and
added bindings tests coverage.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateParametersCheck):
* bindings/scripts/IDLParser.pm:
(parseOptionalOrRequiredArgument):
* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
(webkit_dom_test_obj_method_with_optional_arg_and_default_value):
(webkit_dom_test_obj_method_with_optional_string_and_default_value):
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArgAndDefaultValue):
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringAndDefaultValue):
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
(-[DOMTestObj methodWithOptionalArgAndDefaultValue:]):
(-[DOMTestObj methodWithOptionalStringAndDefaultValue:]):
* bindings/scripts/test/TestObj.idl:
* dom/Document.idl:

LayoutTests:

Rebaseline several NodeIterator / TreeWalker tests now that more checks
are passing.

* fast/dom/createNodeIterator-parameters-expected.txt:
* fast/dom/createTreeWalker-parameters-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189957 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoadd a regress test for richards with try/catch.
sbarati@apple.com [Fri, 18 Sep 2015 01:34:58 +0000 (01:34 +0000)]
add a regress test for richards with try/catch.
https://bugs.webkit.org/show_bug.cgi?id=149301

Reviewed by Filip Pizlo.

This adds two variants of Octane/richards benchmark using
try/catch. One try/catch variant that actually throws.
Another that never throws. I've included try/catch inside
every function and every loop.

* js/regress/richards-empty-try-catch-expected.txt: Added.
* js/regress/richards-empty-try-catch.html: Added.
* js/regress/richards-try-catch-expected.txt: Added.
* js/regress/richards-try-catch.html: Added.
* js/regress/script-tests/richards-empty-try-catch.js: Added.
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):
* js/regress/script-tests/richards-try-catch.js: Added.
(randomException):
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189956 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSpell Jon's name correctly. I expect payback for this mistake.
dino@apple.com [Fri, 18 Sep 2015 01:12:43 +0000 (01:12 +0000)]
Spell Jon's name correctly. I expect payback for this mistake.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189955 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoMulti-hop reference cycles not detected.
dino@apple.com [Fri, 18 Sep 2015 01:09:57 +0000 (01:09 +0000)]
Multi-hop reference cycles not detected.
https://bugs.webkit.org/show_bug.cgi?id=149181

Reviewed by John Honeycutt.

Source/WebCore:

SVG's cycle detection was not picking up a
case where an element was drawing a pattern, that
referenced another pattern, that referenced another
pattern, that referenced the original pattern.

The issue was that we were forgetting to check the
children of the renderer itself, rather than just
the children of the referenced renderers.

Found by running a test from Blink.

I also took the opportunity to clean up the debugging
code that logs cycle detection.

Test: svg/custom/pattern-3-step-cycle.html

* platform/Logging.h: Add a new SVG channel. I can't believe we
didn't already have one!
* rendering/svg/SVGResourcesCycleSolver.cpp:
(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): Check the referenced
resources for cycles.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Logging update.

LayoutTests:

Test comes from:
https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/svg/custom/pattern-3-step-cycle.html

* svg/custom/pattern-3-step-cycle-expected.txt: Added.
* svg/custom/pattern-3-step-cycle.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189954 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoCyclic resources were not detected if the reference had deep containers
dino@apple.com [Fri, 18 Sep 2015 01:09:23 +0000 (01:09 +0000)]
Cyclic resources were not detected if the reference had deep containers
https://bugs.webkit.org/show_bug.cgi?id=149182

Reviewed by John Honeycutt.

Source/WebCore:

During our examination of the SVG rendering tree looking for cycles,
if a resource pointed to something that had a nested structure, and
one of the parent nodes in that structure was a container object
without resources itself, we were not looking into the children.

Test: svg/custom/pattern-content-cycle-w-resourceless-container.html

* rendering/svg/SVGResourcesCycleSolver.cpp:
(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): We should still
check all children resources, but not exit early if there are none. Instead
we should recurse into any children.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Changes to some debug
code that no longer compiled (it's still off by default, but at least
it will work now).

LayoutTests:

This test was ported from Blink. I believe it originally
came from:
https://code.google.com/p/chromium/issues/detail?id=351713

* svg/custom/pattern-content-cycle-w-resourceless-container-expected.txt: Added.
* svg/custom/pattern-content-cycle-w-resourceless-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189953 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoCLoop build fix after r189938.
rniwa@webkit.org [Fri, 18 Sep 2015 00:55:41 +0000 (00:55 +0000)]
CLoop build fix after r189938.

* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189952 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION(r188871): 50% regression in page load time of Wikipedia home page
mmaxfield@apple.com [Fri, 18 Sep 2015 00:50:05 +0000 (00:50 +0000)]
REGRESSION(r188871): 50% regression in page load time of Wikipedia home page
https://bugs.webkit.org/show_bug.cgi?id=149320

Reviewed by Daniel Bates.

This is due to <rdar://problem/22144016> about how language-specific
font fallback is an order of magnitude slower than regular non-language-
specific font-fallback. This performance problem has been fixed, but not
for iOS 9.

No new tests because there is no correctness change.

* platform/graphics/ios/FontCacheIOS.mm:
(WebCore::platformLookupFallbackFont):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189951 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSource/WebCore:
rniwa@webkit.org [Fri, 18 Sep 2015 00:47:09 +0000 (00:47 +0000)]
Source/WebCore:
Add HTMLSlotElement, Element.slot, and NonDocumentTypeChildNode.assignedSlot
https://bugs.webkit.org/show_bug.cgi?id=149241

Reviewed by Antti Koivisto.

Implement the slotting algorithm and related features: slot element, slot attribute, and assignedSlot
as specified by https://w3c.github.io/webcomponents/spec/shadow/#slotting-algorithm
as of 8bf56e8ea5521a7a911efd1cabeb2be0d5c3ca74.

The slotting algorithm is implemented by the newly introduced SlotAssignment class which is created on
demand by ShadowRoot when a HTMLSlotElement is inserted into the shadow root. SlotAssignment contains
a HashMap of a slot name to SlotInfo structure, which holds the number of slot elements of the said name,
the first element if it's known, and an ordered list of the assigned nodes.

When there is exactly one slot element of a given name, "element" returns the slot element in O(1).
When another slot of the same name is inserted into the same shadow tree, we increment "elementCount" and
set "element" to nullptr since we don't know which slot element comes first in the tree order without O(n)
tree traversal, which is lazily done in resolveAllSlotElements.

Observe that SlotInfo's "element" can be nullptr in two occasions: (1) when there is no slot element of
the given name (SlotAssignment::assignSlots may insert such an entry), and (2) when there are more than
one slot elements of the same name and we haven't run resolveAllSlotElements.

Resolving assigned nodes, on the other hand, is always O(n) unless all assignments are up to date, and
lazily computed by assignSlots. This is because inserting or removing a node doesn't tell us the relative
ordering of the node with respect to other nodes assigned to the same slot. For example, let's say we have
child nodes (A, B, C, D) and (A, D) are assigned to slot Alpha and (B, C) are assigned to slot Beta. If we
insert a new node E between nodes B and C and this node is assigned to slot Alpha, then we must create an
ordered list (A, E, D) for slot Alpha. Unfortunately, determining where to insert E in this list can cost
O(n) child traversal in the worst case.

Tests: fast/shadow-dom/HTMLSlotElement-interface.html
       fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html

* CMakeLists.txt:
* DerivedSources.cpp:
* DerivedSources.make:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* dom/Element.cpp:
(WebCore::Element::attributeChanged): Invalidate the slot assignments when slot attribute is changed.
(WebCore::Element::childrenChanged): Ditto for when a child node is inserted or removed. We can avoid it
when there is no default slot and only text nodes are removed or added in the future.
* dom/Element.idl: Added slot attribute on Element.
* dom/Node.cpp:
(WebCore::Node::assignedSlot): Added. Returns the assigned slot if the slot is in an open shadow tree.
* dom/Node.h:
* dom/NonDocumentTypeChildNode.idl: Added assignedSlot. Only expose in JS for now to avoid generating
the binding code for HTMLSlotElement in other languages.
* dom/ShadowRoot.cpp:
(WebCore::ShadowRoot::findAssignedSlot): Added. Forwards it to the implementation in SlotAssignment.
(WebCore::ShadowRoot::addSlotElementByName): Ditto.
(WebCore::ShadowRoot::removeSlotElementByName): Ditto.
(WebCore::ShadowRoot::invalidateSlotAssignments): Ditto.
(WebCore::ShadowRoot::assignedNodesForSlot): Ditto.
* dom/ShadowRoot.h:
(WebCore::ShadowRoot): Added m_slotAssignments as a member.
* dom/SlotAssignment.cpp: Added.
(WebCore::treatNullAsEmpty): Added. See https://w3c.github.io/webcomponents/spec/shadow/#dfn-default-slot
(WebCore::SlotAssignment::findAssignedSlot): Find the slot element to which a given node is assigned.
Since there could be multiple slot elements of the same name (or lack thereof), call findFirstSlotElement
to find the first slot element.
(WebCore::SlotAssignment::addSlotElementByName): Added. Called when a new slot element is inserted into
the associated shadow tree. When a slot element's name is changed, removeSlotElementByName is called on
with the old name before addSlotElementByName is called with the new name.
(WebCore::SlotAssignment::removeSlotElementByName): Ditto for removal.
(WebCore::SlotAssignment::assignedNodesForSlot): Added. Finds the ordered list of assigned nodes for
a given slot element. When there are multiple slot elements of the same name, we return the list only if
SlotInfo::element matches the argument.
(WebCore::SlotAssignment::findFirstSlotElement): Added. Resolves SlotInfo::element if needed.
(WebCore::SlotAssignment::resolveAllSlotElements): Finds SlotInfo::element for all slots. We resolve all
slots simultaneously to avoid doing O(number of nodes) tree traversal for O(number of slots) to avoid
the worst case O(n^2) behavior when all nodes in the shadow tree are slot elements of the same name.
(WebCore::SlotAssignment::assignSlots): Added. Computes the slot assignments by traversing each child
of the shadow host and adding to the appropriate SlotInfo::assignedNodes, creating a new entry if needed.
* dom/SlotAssignment.h: Added.
(WebCore::SlotAssignment::SlotAssignment):
(WebCore::SlotAssignment::invalidate):
(WebCore::SlotAssignment::SlotInfo::SlotInfo):
(WebCore::SlotAssignment::SlotInfo::hasSlotElements):
(WebCore::SlotAssignment::SlotInfo::hasDuplicatedSlotElements):
(WebCore::SlotAssignment::SlotInfo::shouldResolveSlotElement):
* html/HTMLAttributeNames.in: Added slot attribute.
* html/HTMLSlotElement.cpp: Added.
(WebCore::HTMLSlotElement::create):
(WebCore::HTMLSlotElement::HTMLSlotElement):
(WebCore::HTMLSlotElement::insertedInto): Calls addSlotElementByName.
(WebCore::HTMLSlotElement::removedFrom): Calls removeSlotElementByName. Because the element had already
been removed from the shadow tree, we can't use containingShadowRoot() to find the ShadowRoot here.
(WebCore::HTMLSlotElement::attributeChanged): Calls removeSlotElementByName and addSlotElementByName.
(WebCore::HTMLSlotElement::getDistributedNodes): Returns an ordered list of the assigned nodes.
* html/HTMLSlotElement.h: Added.
* html/HTMLSlotElement.idl: Added.
* html/HTMLTagNames.in: Added slot element.

LayoutTests:
Add HTMLSlotElement and NonDocumentTypeChildNode.assignedSlot
https://bugs.webkit.org/show_bug.cgi?id=149241

Reviewed by Antti Koivisto.

Added new conformance tests and rebaselined tests as needed.

In particular, inspector/model/remote-object.html was rebaselined since "assignedSlot" now appears as one of the first five
properties on Comment node that this test outputs.

* fast/shadow-dom/HTMLSlotElement-interface-expected.txt: Added.
* fast/shadow-dom/HTMLSlotElement-interface.html: Added.
* fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot-expected.txt: Added.
* fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html: Added.
* js/dom/dom-static-property-for-in-iteration-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/inspector/model: Added.
* platform/mac/inspector/model/remote-object-expected.txt: Copied from LayoutTests/inspector/model/remote-object-expected.txt.
* platform/mac/js/dom/global-constructors-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189950 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRegression(r189881): release assertion hit in toJS(ExecState*, JSDOMGlobalObject...
cdumez@apple.com [Fri, 18 Sep 2015 00:46:12 +0000 (00:46 +0000)]
Regression(r189881): release assertion hit in toJS(ExecState*, JSDOMGlobalObject*, DocumentFragment*)
https://bugs.webkit.org/show_bug.cgi?id=149281

Reviewed by Ryosuke Niwa.

After r189881, we started generating a toJS() function for DocumentFragment
as an optimization. DocumentFragment has a subclass (ShadowRoot) but the
default toJS() implementation should have still been acceptable given that
the subclass is not web-exposed and therefore does not have a JS wrapper.

However, the ShadowRoot interface was introduced shortly after in r189841
and to toJS() implementation for DocumentFragment is now invalid. This
patch introduces a ShadowRoot-aware custom implementation of toJS() for
DocumentFragment to address the problem.

No new tests, already covered by:
plugins/snapshotting/snapshot-plugin-not-quite-blocked-by-image.html

* bindings/js/JSDocumentFragmentCustom.cpp:
(WebCore::createNewDocumentFragmentWrapper):
(WebCore::toJSNewlyCreated):
(WebCore::toJS):
Provide a ShadowRoot-aware custom implementation of toJS() /
toJSNewlyCreated() for DocumentFragment.

* bindings/js/JSNodeCustom.cpp:
(WebCore::createWrapperInline):
Fix bug in toJS() implementation for Node as it was not handling
ShadowRoots properly either.

* dom/DocumentFragment.idl:
Use [CustomToJSObject] so we can provide our own custom implementation
of toJS().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189949 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoGive iOS WebKitTestRunner a launch storyboard
simon.fraser@apple.com [Fri, 18 Sep 2015 00:44:56 +0000 (00:44 +0000)]
Give iOS WebKitTestRunner a launch storyboard
https://bugs.webkit.org/show_bug.cgi?id=149314

Reviewed by Dan Bates.

Add a launch storyboard to iOS WebKitTestRunner so that Springboard recognizes
that it's been built for specific device configurations, and puts the window
at the top of the screen. This simplifies coordinate conversions in a future patch.

* WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
* WebKitTestRunner/WebKitTestRunnerApp/WebKitTestRunnerApp-Info.plist:
* WebKitTestRunner/ios/Launch.storyboard: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189948 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoCSS WG multicol-1 tests failures with 1px differences due to baseline difference.
zalan@apple.com [Fri, 18 Sep 2015 00:16:09 +0000 (00:16 +0000)]
CSS WG multicol-1 tests failures with 1px differences due to baseline difference.
https://bugs.webkit.org/show_bug.cgi?id=149245

Reviewed by Ryosuke Niwa.

Turn off font-aliasing for multicol tests where the reference tests' inline content
end up on a different baseline (fractional difference). (It's not considered a bug, they don't
necessarily match.)

LayoutTests/imported/w3c:

* css/css-multicol-1/multicol-basic-001-expected.html:
* css/css-multicol-1/multicol-basic-001.html:
* css/css-multicol-1/multicol-basic-002-expected.html:
* css/css-multicol-1/multicol-basic-002.html:
* css/css-multicol-1/multicol-basic-003-expected.html:
* css/css-multicol-1/multicol-basic-003.html:
* css/css-multicol-1/multicol-basic-004-expected.html:
* css/css-multicol-1/multicol-basic-004.html:
* css/css-multicol-1/multicol-rule-002-expected.xht:
* css/css-multicol-1/multicol-rule-002.xht:
* css/css-multicol-1/multicol-rule-px-001-expected.xht:
* css/css-multicol-1/multicol-rule-px-001.xht:
* css/css-multicol-1/multicol-rule-stacking-001-expected.xht:
* css/css-multicol-1/multicol-rule-stacking-001.xht:
* css/css-multicol-1/multicol-shorthand-001-expected.xht:
* css/css-multicol-1/multicol-shorthand-001.xht:
* css/css-multicol-1/multicol-span-all-block-sibling-003-expected.xht:
* css/css-multicol-1/multicol-span-all-block-sibling-003.xht:
* css/css-multicol-1/multicol-span-all-margin-nested-firstchild-001-expected.xht:
* css/css-multicol-1/multicol-span-all-margin-nested-firstchild-001.xht:

LayoutTests:

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189947 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoConvert return values from JavaScript functions to the expected types in WebAssembly
commit-queue@webkit.org [Fri, 18 Sep 2015 00:03:49 +0000 (00:03 +0000)]
Convert return values from JavaScript functions to the expected types in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149200

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-17
Reviewed by Mark Lam.

When a WebAssembly function calls a JavaScript function, there is no
guarantee that the JavaScript function will always return values of the
type we expect. This patch converts the return values to the expected
types.

(The reverse is also true: When a WebAssembly function is called from a
JavaScript function, there is no guarantee that the arguments to the
WebAssembly function will always be of the types we expect. We have
fixed this in Bug 149033.)

We don't need to type check the return values if the callee is a
WebAssembly function. We don't need to type check the arguments if the
caller is a WebAssembly function. This optimization will be
implemented in the future. See https://bugs.webkit.org/show_bug.cgi?id=149310

* tests/stress/wasm-type-conversion.js:
* tests/stress/wasm/type-conversion.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
(JSC::WASMFunctionCompiler::convertValueToInt32):
(JSC::WASMFunctionCompiler::convertValueToDouble):
(JSC::WASMFunctionCompiler::convertDoubleToValue):
(JSC::WASMFunctionCompiler::loadValueAndConvertToInt32): Deleted.
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble): Deleted.
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseCallInternalExpressionI32): Deleted.
* wasm/WASMFunctionParser.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189946 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoDe-template ContainerNodeAlgorithms
antti@apple.com [Thu, 17 Sep 2015 23:53:58 +0000 (23:53 +0000)]
De-template ContainerNodeAlgorithms
https://bugs.webkit.org/show_bug.cgi?id=149286

Reviewed by Andreas Kling.

These are always used with ContainerNode/Node.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::removeDetachedChildren):
(WebCore::destroyRenderTreeIfNeeded):
(WebCore::ContainerNode::takeAllChildrenFrom):
(WebCore::ContainerNode::insertBeforeCommon):
(WebCore::ContainerNode::appendChildCommon):

    Make append a member for consistency with insert.

(WebCore::ContainerNode::notifyChildInserted):
(WebCore::ContainerNode::notifyChildRemoved):
(WebCore::ContainerNode::parserInsertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::appendChild):
(WebCore::ContainerNode::parserAppendChild):

    Also make rest of these ownership-taking functions take Ref<>&&.

* dom/ContainerNode.h:
(WebCore::NoEventDispatchAssertion::NoEventDispatchAssertion):
(WebCore::ContainerNode::setFirstChild):
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::notifyChildNodeRemoved):
(WebCore::addChildNodesToDeletionQueue):
(WebCore::removeDetachedChildrenInContainer):
(WebCore::collectFrameOwners):
(WebCore::assertConnectedSubrameCountIsConsistent):
(WebCore::disconnectSubframes):
* dom/ContainerNodeAlgorithms.h:
(WebCore::removeDetachedChildrenInContainer): Deleted.
(WebCore::appendChildToContainer): Deleted.
(WebCore::Private::NodeRemovalDispatcher::dispatch): Deleted.
(WebCore::Private::addChildNodesToDeletionQueue): Deleted.
* html/parser/HTMLConstructionSite.cpp:
(WebCore::insert):
(WebCore::executeInsertTask):
(WebCore::executeReparentTask):
(WebCore::executeInsertAlreadyParsedChildTask):
* html/track/WebVTTParser.cpp:
(WebCore::WebVTTTreeBuilder::constructTreeFromToken):
* xml/XMLErrors.cpp:
(WebCore::XMLErrors::appendErrorMessage):
(WebCore::createXHTMLParserErrorHeader):
(WebCore::XMLErrors::insertErrorMessageBlock):
* xml/parser/XMLDocumentParser.cpp:
(WebCore::XMLDocumentParser::enterText):
(WebCore::toString):
* xml/parser/XMLDocumentParserLibxml2.cpp:
(WebCore::XMLDocumentParser::startElementNs):
(WebCore::XMLDocumentParser::processingInstruction):
(WebCore::XMLDocumentParser::cdataBlock):
(WebCore::XMLDocumentParser::comment):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189945 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoHeavy taps on links are sometimes interpreted as the preview gesture
bdakin@apple.com [Thu, 17 Sep 2015 23:30:19 +0000 (23:30 +0000)]
Heavy taps on links are sometimes interpreted as the preview gesture
https://bugs.webkit.org/show_bug.cgi?id=149304
-and corresponding-
rdar://problem/22689258

Reviewed by Tim Horton.

If the preview gesture starts and stop and less than 250 milliseconds have
passed, then call _attemptClickAtLocation to treat it as a normal tap.
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _interactionShouldBeginFromPreviewItemController:forPosition:]):
(-[WKContentView _interactionStartedFromPreviewItemController:]):
(-[WKContentView _interactionStoppedFromPreviewItemController:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189944 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUpdate licence in r189890
mmaxfield@apple.com [Thu, 17 Sep 2015 23:28:20 +0000 (23:28 +0000)]
Update licence in r189890
https://bugs.webkit.org/show_bug.cgi?id=149306

Reviewed by Dean Jackson.

* FontWithFeatures/FontWithFeatures/FontCreator.cpp:
* FontWithFeatures/FontWithFeatures/FontCreator.h:
* FontWithFeatures/FontWithFeatures/main.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189943 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoBlock Objective-C exceptions in DictionaryLookup
timothy_horton@apple.com [Thu, 17 Sep 2015 23:22:52 +0000 (23:22 +0000)]
Block Objective-C exceptions in DictionaryLookup
https://bugs.webkit.org/show_bug.cgi?id=149256

Reviewed by Anders Carlsson.

* editing/mac/DictionaryLookup.mm:
(WebCore::DictionaryLookup::rangeForSelection):
(WebCore::DictionaryLookup::rangeAtHitTestResult):
(WebCore::expandSelectionByCharacters):
(WebCore::DictionaryLookup::stringForPDFSelection):
(WebCore::showPopupOrCreateAnimationController):
(WebCore::DictionaryLookup::hidePopup):
It is possible for Lookup to throw an exception if one of its
related services dies for some reason. This shouldn't take down
our UI process, so block the exceptions.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189942 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago[ES6] Add more fine-grained APIs and additional hooks to control module loader from...
utatane.tea@gmail.com [Thu, 17 Sep 2015 22:26:18 +0000 (22:26 +0000)]
[ES6] Add more fine-grained APIs and additional hooks to control module loader from WebCore
https://bugs.webkit.org/show_bug.cgi?id=149129

Reviewed by Saam Barati.

No behavior change.

Source/JavaScriptCore:

Module tag `<script type="module>` will be executed asynchronously.
But we would like to fetch the resources before when the postTask-ed task is performed.
So instead of 1 API that fetch, instantiate and execute the module,
we need 2 fine-grained APIs.

1. Fetch and initialize a module, but not execute it yet.
2. Link and execute a module specified by the key (this will be invoked asynchronously).

And to instrument the script execution (like reporting the execution time of the module to
the inspector), we need a hook to inject code around an execution of a module body.

* builtins/ModuleLoaderObject.js:
(moduleEvaluation):
(loadAndEvaluateModule):
(loadModule):
(linkAndEvaluateModule):
* jsc.cpp:
(functionLoadModule):
(runWithScripts):
* runtime/Completion.cpp:
(JSC::identifierToJSValue):
(JSC::createSymbolForEntryPointModule):
(JSC::rejectPromise):
(JSC::loadAndEvaluateModule):
(JSC::loadModule):
(JSC::linkAndEvaluateModule):
(JSC::evaluateModule): Deleted.
* runtime/Completion.h:
* runtime/JSGlobalObject.cpp:
* runtime/JSGlobalObject.h:
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::evaluate):
(JSC::JSModuleRecord::execute): Deleted.
* runtime/JSModuleRecord.h:
* runtime/ModuleLoaderObject.cpp:
(JSC::ModuleLoaderObject::loadAndEvaluateModule):
(JSC::ModuleLoaderObject::linkAndEvaluateModule):
(JSC::ModuleLoaderObject::evaluate):
(JSC::moduleLoaderObjectEvaluate):
* runtime/ModuleLoaderObject.h:

Source/WebCore:

* bindings/js/JSDOMWindowBase.cpp:
* bindings/js/JSWorkerGlobalScopeBase.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189941 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoImplement try/catch in the DFG.
sbarati@apple.com [Thu, 17 Sep 2015 22:02:54 +0000 (22:02 +0000)]
Implement try/catch in the DFG.
https://bugs.webkit.org/show_bug.cgi?id=147374

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements try/catch inside the DFG JIT.
It also prevents tier up to the FTL for any functions
that have an op_catch in them that are DFG compiled.

This patch accomplishes implementing try/catch inside
the DFG by OSR exiting to op_catch when an exception is thrown.
We can OSR exit from an exception inside the DFG in two ways:
1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2) We have an exception when returing from a callOperation

In the case of (1), we get to the OSR exit from genericUnwind because
the exception was thrown in a child call frame. This means these
OSR exits must act as defacto op_catches (even though we will still OSR
exit to a baseline op_catch). That means they must restore the stack pointer
and call frame.

In the case of (2), we can skip genericUnwind because we know the exception
check will take us to a particular OSR exit. Instead, we link these
exception checks as jumps to a particular OSR exit.

Both types of OSR exits will exit into op_catch inside the baseline JIT.
Because they exit to op_catch, these OSR exits must set callFrameForCatch
to the proper call frame pointer.

We "handle" all exceptions inside the machine frame of the DFG code
block. This means the machine code block is responsible for "catching"
exceptions of any inlined frames' try/catch. OSR exit will then exit to
the proper baseline CodeBlock after reifying the inlined frames
(DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to).
Also, genericUnwind will never consult an inlined call frame's CodeBlock to
see if they can catch the exception because they can't. We always unwind to the
next machine code block frame. The DFG CodeBlock changes how the exception
handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks.

So, when consulting call sites that throw, we keep track of the CallSiteIndex,
and the HandlerInfo for the corresponding baseline exception handler for
that particular CallSiteIndex (if an exception at that call site will be caught).
Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
(The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
at from genericUnwind).

Also, each OSR exit will know if it acting as an exception handler, and
whether or not it will be arrived at from genericUnwind. When we know we
will arrive at an OSR exit from genericUnwind, we set the corresponding
HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.

This patch also introduces a new Phase inside the DFG that ensures
that DFG CodeBlocks that handle exceptions take the necessary
steps to keep live variables at "op_catch" live according the
OSR exit value recovery machinery. We accomplish this by flushing
all live op_catch variables to the stack when inside a "try" block.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::handlerForBytecodeOffset):
(JSC::CodeBlock::handlerForIndex):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearExceptionHandlers):
(JSC::CodeBlock::appendExceptionHandler):
* bytecode/PreciseJumpTargets.cpp:
(JSC::computePreciseJumpTargets):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::lastCallSite):
(JSC::DFG::CommonData::shrinkToFit):
* dfg/DFGCommonData.h:
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
(JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
(JSC::DFG::JITCompiler::blockHeads):
(JSC::DFG::JITCompiler::exceptionCheck): Deleted.
* dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
(JSC::DFG::performLiveCatchVariablePreservationPhase):
* dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::setPatchableCodeOffset):
* dfg/DFGOSRExit.h:
(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):
* dfg/DFGOSRExitCompilerCommon.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGSlowPathGenerator.h:
(JSC::DFG::SlowPathGenerator::SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::generate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* interpreter/Interpreter.cpp:
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::UnwindFunctor::operator()):
* interpreter/StackVisitor.cpp:
(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):
(JSC::StackVisitor::readFrame):
* interpreter/StackVisitor.h:
(JSC::StackVisitor::operator*):
(JSC::StackVisitor::operator->):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitCount):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_catch):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_catch):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/VM.h:
(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::addressOfCallFrameForCatch):
(JSC::VM::exception):
(JSC::VM::addressOfException):
* tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.
(f):
(bar):
(Foo):
* tests/stress/es6-for-of-loop-exception.js: Added.
(assert):
(shouldThrowInvalidConstAssignment):
(baz):
(foo):
* tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.
(assert):
(o.valueOf):
(o.toString):
(read):
(bar):
(foo):
* tests/stress/exception-dfg-not-strict-equal.js: Added.
(foo):
(o.valueOf):
(o.toString):
(assert):
(shouldDoSomethingInFinally):
(catch):
* tests/stress/exception-dfg-operation-read-value.js: Added.
(assert):
(o.valueOf):
(o.toString):
(read):
(foo):
* tests/stress/exception-dfg-throw-from-catch-block.js: Added.
(assert):
(baz):
(bar):
(foo):

LayoutTests:

* js/regress/raytrace-with-empty-try-catch-expected.txt: Added.
* js/regress/raytrace-with-empty-try-catch.html: Added.
* js/regress/raytrace-with-try-catch-expected.txt: Added.
* js/regress/raytrace-with-try-catch.html: Added.
* js/regress/script-tests/raytrace-with-empty-try-catch.js: Added.
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):
* js/regress/script-tests/raytrace-with-try-catch.js: Added.
(randomException):
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):
* js/regress/script-tests/v8-raytrace-with-empty-try-catch.js: Added.
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):
* js/regress/script-tests/v8-raytrace-with-try-catch.js: Added.
(randomException):
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):
* js/regress/v8-raytrace-with-empty-try-catch-expected.txt: Added.
* js/regress/v8-raytrace-with-empty-try-catch.html: Added.
* js/regress/v8-raytrace-with-try-catch-expected.txt: Added.
* js/regress/v8-raytrace-with-try-catch.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189938 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAdd the ability to skip JIT stress tests in run-javascriptcore-tests.
mark.lam@apple.com [Thu, 17 Sep 2015 22:02:49 +0000 (22:02 +0000)]
Add the ability to skip JIT stress tests in run-javascriptcore-tests.
https://bugs.webkit.org/show_bug.cgi?id=149285

Reviewed by Saam Barati.

Just need to add an option to pass --no-jit to run-jsc-stress-test.

* Scripts/run-javascriptcore-tests:
(runJSCStressTests):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189937 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoFix Windows EWS build after r189934.
achristensen@apple.com [Thu, 17 Sep 2015 21:48:55 +0000 (21:48 +0000)]
Fix Windows EWS build after r189934.

* Source/cmake/OptionsWin.cmake:
Use WEBKIT_LIBRARIES environment variable if it exists.
We have the WebKitLibraries directory separate from the repository copy on the EWS bots.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoUnreviewed, revert unintended change.
fpizlo@apple.com [Thu, 17 Sep 2015 21:27:04 +0000 (21:27 +0000)]
Unreviewed, revert unintended change.

* benchmarks/LockSpeedTest.cpp:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSwitch AppleWin build to use CMake
commit-queue@webkit.org [Thu, 17 Sep 2015 21:26:49 +0000 (21:26 +0000)]
Switch AppleWin build to use CMake
https://bugs.webkit.org/show_bug.cgi?id=149163

Patch by Alex Christensen <achristensen@webkit.org> on 2015-09-17
Reviewed by Brent Fulgham.

Source/WebCore:

* bindings/scripts/preprocess-idls.pl:
(CygwinPathIfNeeded):
(WriteFileIfChanged):
* bindings/scripts/preprocessor.pm:
(applyPreprocessor):
Fix new cygwin quirks.  Cygwin is now using some paths from CMake.

Tools:

* Scripts/build-webkit:
* Scripts/run-api-tests:
(runTest):
(listAllTests):
(prepareEnvironmentForRunningTestTool):
(testToolPaths):
(testToolPath): Deleted.
Run the API tests as separate executables on Windows.
It used to be TestWebKitAPI.exe, and it is now TestWTF.exe, TestWebCore.exe, and TestWebKit.exe.
* Scripts/webkitdirs.pm:
(checkRequiredSystemConfig):
(jhbuildWrapperPrefixIfNeeded):
(generateBuildSystemFromCMakeProject):
Fix configuration quirks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoREGRESSION: Web Inspector: Double clicking on an attribute second time doesn't work
commit-queue@webkit.org [Thu, 17 Sep 2015 21:26:33 +0000 (21:26 +0000)]
REGRESSION: Web Inspector: Double clicking on an attribute second time doesn't work
https://bugs.webkit.org/show_bug.cgi?id=149259

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-17
Reviewed by Timothy Hatcher.

* UserInterface/Views/DOMTreeElement.js:
Be sure to clear the editing state when committed, even if the value did not change.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoAfter restoring tabs, swipes back to fast loading pages hang for 3 seconds
timothy_horton@apple.com [Thu, 17 Sep 2015 21:23:06 +0000 (21:23 +0000)]
After restoring tabs, swipes back to fast loading pages hang for 3 seconds
https://bugs.webkit.org/show_bug.cgi?id=148764
<rdar://problem/22568860>

Reviewed by Beth Dakin.

* UIProcess/mac/ViewGestureControllerMac.mm:
(WebKit::ViewGestureController::endSwipeGesture):
Don't wait for the render tree size threshold if we don't have one.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189932 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoRemove integral snapping functions from InlineBox class.
zalan@apple.com [Thu, 17 Sep 2015 21:22:05 +0000 (21:22 +0000)]
Remove integral snapping functions from InlineBox class.
https://bugs.webkit.org/show_bug.cgi?id=136419

Reviewed by Simon Fraser.

We should not integral snap inlines during layout time.

Covered by existing tests.

* rendering/InlineBox.h:
(WebCore::InlineBox::pixelSnappedLogicalLeft): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalRight): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalTop): Deleted.
(WebCore::InlineBox::pixelSnappedLogicalBottom): Deleted.
* rendering/InlineFlowBox.cpp:
(WebCore::InlineFlowBox::placeBoxesInBlockDirection):
(WebCore::InlineFlowBox::addBoxShadowVisualOverflow):
(WebCore::InlineFlowBox::addBorderOutsetVisualOverflow):
(WebCore::InlineFlowBox::addTextBoxVisualOverflow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189931 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years agoSkip a media test that fails when an AppleTV is around.
ap@apple.com [Thu, 17 Sep 2015 21:15:00 +0000 (21:15 +0000)]
Skip a media test that fails when an AppleTV is around.

This will be fixed soon by https://bugs.webkit.org/show_bug.cgi?id=148912

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189930 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5 years ago0.0 should really be 0.0
fpizlo@apple.com [Thu, 17 Sep 2015 20:39:31 +0000 (20:39 +0000)]
0.0 should really be 0.0
https://bugs.webkit.org/show_bug.cgi?id=149283

Reviewed by Mark Lam.

A while ago (http://trac.webkit.org/changeset/180813) we introduced the idea that if the
user wrote a number with a decimal point (like "0.0") then we should treat that number as
a double. That's probably a pretty good idea. But, we ended up doing it inconsistently.
The DFG would indeed treat such a number as a double by consulting the
SourceCodeRepresentation, but the other execution engines would still see Int32:0.

This patch makes it consistent.

This is necessary for property type inference to perform well. Otherwise, a store of a
constant would change type from the baseline engine to the DFG, which would then cause
a storm of property type invalidations and recompilations.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addConstantValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189929 268f45cc-cd09-0410-ab3c-d52691b4dbfc