WebKit-https.git
3 years agoUnreviewed, rolling out r196251.
commit-queue@webkit.org [Wed, 10 Feb 2016 18:13:24 +0000 (18:13 +0000)]
Unreviewed, rolling out r196251.
https://bugs.webkit.org/show_bug.cgi?id=154078

Large regression on Dromaeo needs explanation (Requested by
kling on #webkit).

Reverted changeset:

"Visiting a WeakBlock should report bytes visited, since we
reported them allocated."
https://bugs.webkit.org/show_bug.cgi?id=153978
http://trac.webkit.org/changeset/196251

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r196331): It made ~180 JSC tests crash on ARMv7 Linux
ossy@webkit.org [Wed, 10 Feb 2016 17:50:07 +0000 (17:50 +0000)]
REGRESSION(r196331): It made ~180 JSC tests crash on ARMv7 Linux
https://bugs.webkit.org/show_bug.cgi?id=154064

Reviewed by Mark Lam.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate): Added EABI_32BIT_DUMMY_ARG where it is necessary.
* dfg/DFGSpeculativeJIT.h: Fixed the comment.
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState): Added.
* wasm/WASMFunctionCompiler.h: Fixed the comment.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
jer.noble@apple.com [Wed, 10 Feb 2016 17:23:22 +0000 (17:23 +0000)]
REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
https://bugs.webkit.org/show_bug.cgi?id=153727
<rdar://problem/24429886>

Reviewed by Darin Adler.

Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
affect the MemoryCache when allowsCaching() is false.

* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::removeClient):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
ossy@webkit.org [Wed, 10 Feb 2016 10:28:23 +0000 (10:28 +0000)]
Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
https://bugs.webkit.org/show_bug.cgi?id=154035

Reviewed by Antti Koivisto.

* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::Context::Context):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Toggle buttons are blurry with GTK+ 3.19
carlosgc@webkit.org [Wed, 10 Feb 2016 06:58:44 +0000 (06:58 +0000)]
[GTK] Toggle buttons are blurry with GTK+ 3.19
https://bugs.webkit.org/show_bug.cgi?id=154007

Reviewed by Michael Catanzaro.

Use min-width/min-height style properties when GTK+ >= 3.19.7 to
get the size of toggle buttons.

* rendering/RenderThemeGtk.cpp:
(WebCore::setToggleSize):
(WebCore::paintToggle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r196183): [GTK] Broke TestInspector
carlosgc@webkit.org [Wed, 10 Feb 2016 06:53:57 +0000 (06:53 +0000)]
REGRESSION(r196183): [GTK] Broke TestInspector
https://bugs.webkit.org/show_bug.cgi?id=153945

Reviewed by Michael Catanzaro.

When the inspector view is detached and not added to a window,
which happens when it's closed, the inspector view is destroyed
because it doesn't have a parent anymore. When the inspector view
is destroyed we notify the web process that the inspector was
closed. Before r196183 this was not a problem, because the call to
WebInspectorProxy::didClose() from platformDetach() returned early
because WebInspectorProxy::didClose() had already set
m_inspectorPage to nullptr. In r196183 m_inspectorPage is set to
nullptr after platformDetach(), so we end up trying to detach the
inpector view again. To prevent this cycle, we should disconnect
the destroyed signal handler from the inspector view when
platformDetach() is called from WebInspectorProxy::didClose().

* UIProcess/gtk/WebInspectorProxyGtk.cpp:
(WebKit::WebInspectorProxy::platformDetach):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196363 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRegression: Web Inspector: Sometimes in Elements panel two elements showed as selecte...
commit-queue@webkit.org [Wed, 10 Feb 2016 06:02:53 +0000 (06:02 +0000)]
Regression: Web Inspector: Sometimes in Elements panel two elements showed as selected at the same time
https://bugs.webkit.org/show_bug.cgi?id=149742
<rdar://problem/24492481>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-09
Reviewed by Timothy Hatcher.

* UserInterface/Views/DOMTreeElement.js:
(WebInspector.DOMTreeElement.prototype.moveChild):
Since removing and re-adding this tree element may forgot its
entire child tree, re-select the selected child that may have
just been lost in the shuffle.

* UserInterface/Views/TreeOutline.js:
(WebInspector.TreeOutline.prototype._forgetTreeElement):
When forgetting the selected tree element, also deselect the
forgotten tree element so it clears its selected state.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196362 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agocalling methods off super in a class constructor should check for TDZ
keith_miller@apple.com [Wed, 10 Feb 2016 06:01:28 +0000 (06:01 +0000)]
calling methods off super in a class constructor should check for TDZ
https://bugs.webkit.org/show_bug.cgi?id=154060

Reviewed by Ryosuke Niwa.

In a class constructor we need to check for TDZ when calling a method
off the super class. This is because, for super method calls, we use
the derived class's newly constructed object as the super method's
this value.

* bytecompiler/NodesCodegen.cpp:
(JSC::FunctionCallDotNode::emitBytecode):
* tests/stress/super-method-calls-check-tdz.js: Added.
(Base):
(Derived):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196361 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHeaders that use WEBCORE_EXPORT should include PlatformExportMacros.h
aakash_jain@apple.com [Wed, 10 Feb 2016 05:36:48 +0000 (05:36 +0000)]
Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
https://bugs.webkit.org/show_bug.cgi?id=146984

Reviewed by Alexey Proskuryakov.

* Modules/speech/SpeechSynthesis.h:
* contentextensions/ContentExtensionError.h:
* dom/DeviceOrientationClient.h:
* platform/graphics/Color.h:
* platform/ios/wak/WebCoreThread.h:
* platform/network/CacheValidation.h:
* platform/network/cf/CertificateInfo.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Implement word related text marker functions using TextIterator
n_wang@apple.com [Wed, 10 Feb 2016 02:33:04 +0000 (02:33 +0000)]
AX: Implement word related text marker functions using TextIterator
https://bugs.webkit.org/show_bug.cgi?id=153939
<rdar://problem/24269605>

Reviewed by Chris Fleizach.

Source/WebCore:

Using CharacterOffset to implement word related text marker calls. Reused
logic from previousBoundary and nextBoundary in VisibleUnits class.

Test: accessibility/mac/text-marker-word-nav.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::isReplacedNodeOrBR):
(WebCore::characterOffsetsInOrder):
(WebCore::resetNodeAndOffsetForReplacedNode):
(WebCore::setRangeStartOrEndWithCharacterOffset):
(WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
(WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
(WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
(WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
(WebCore::AXObjectCache::previousNode):
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
(WebCore::AXObjectCache::nextCharacterOffset):
(WebCore::AXObjectCache::previousCharacterOffset):
(WebCore::startWordBoundary):
(WebCore::endWordBoundary):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::endCharacterOffsetOfWord):
(WebCore::AXObjectCache::previousWordStartCharacterOffset):
(WebCore::AXObjectCache::nextWordEndCharacterOffset):
(WebCore::AXObjectCache::leftWordRange):
(WebCore::AXObjectCache::rightWordRange):
(WebCore::characterForCharacterOffset):
(WebCore::AXObjectCache::characterAfter):
(WebCore::AXObjectCache::characterBefore):
(WebCore::parentEditingBoundary):
(WebCore::AXObjectCache::nextWordBoundary):
(WebCore::AXObjectCache::previousWordBoundary):
(WebCore::AXObjectCache::rootAXEditableElement):
* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::removeNodeForUse):
(WebCore::AXObjectCache::isNodeInUse):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
(-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
(-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
(textMarkerForCharacterOffset):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
* editing/VisibleUnits.cpp:
(WebCore::rightWordPosition):
(WebCore::prepend):
(WebCore::appendRepeatedCharacter):
(WebCore::suffixLengthForRange):
(WebCore::prefixLengthForRange):
(WebCore::backwardSearchForBoundaryWithTextIterator):
(WebCore::forwardSearchForBoundaryWithTextIterator):
(WebCore::previousBoundary):
(WebCore::nextBoundary):
* editing/VisibleUnits.h:

Tools:

* DumpRenderTree/AccessibilityUIElement.cpp:
(endTextMarkerCallback):
(leftWordTextMarkerRangeForTextMarkerCallback):
(rightWordTextMarkerRangeForTextMarkerCallback):
(previousWordStartTextMarkerForTextMarkerCallback):
(nextWordEndTextMarkerForTextMarkerCallback):
(setSelectedVisibleTextRangeCallback):
(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(AccessibilityUIElement::getJSClass):
* DumpRenderTree/AccessibilityUIElement.h:
* DumpRenderTree/ios/AccessibilityUIElementIOS.mm:
(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
* DumpRenderTree/mac/AccessibilityUIElementMac.mm:
(AccessibilityUIElement::setSelectedVisibleTextRange):
(AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(AccessibilityUIElement::supportedActions):
* WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:
(WTR::AccessibilityUIElement::setBoolAttributeValue):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
* WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
* WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
* WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:
(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::mathPostscriptsDescription):
* WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:
(WTR::AccessibilityUIElement::endTextMarker):
(WTR::AccessibilityUIElement::leftWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::rightWordTextMarkerRangeForTextMarker):
(WTR::AccessibilityUIElement::previousWordStartTextMarkerForTextMarker):
(WTR::AccessibilityUIElement::nextWordEndTextMarkerForTextMarker):
(WTR::_convertMathMultiscriptPairsToString):

LayoutTests:

* accessibility/mac/text-marker-word-nav-expected.txt: Added.
* accessibility/mac/text-marker-word-nav.html: Added.
* accessibility/text-marker/text-marker-previous-next-expected.txt:
* accessibility/text-marker/text-marker-previous-next.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Extract helper classes into their own files
dbates@webkit.org [Wed, 10 Feb 2016 01:21:18 +0000 (01:21 +0000)]
CSP: Extract helper classes into their own files
https://bugs.webkit.org/show_bug.cgi?id=154040
<rdar://problem/24571189>

Reviewed by Brent Fulgham.

No functionality was changed. So, no new tests.

* CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
(WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
(WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
(WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
(WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
(WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
(WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
(WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
(WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
* page/csp/ContentSecurityPolicy.h:
* page/csp/ContentSecurityPolicyDirective.h: Added.
* page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
Updated code to make use of the functions defined in ParsingUtilities.h.
(WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isCSPDirectiveName): Ditto.
(WebCore::isDirectiveNameCharacter): Ditto.
(WebCore::isDirectiveValueCharacter): Ditto.
(WebCore::isNotASCIISpace): Ditto.
* page/csp/ContentSecurityPolicyDirectiveList.h: Added.
* page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
(WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isNotASCIISpace): Ditto.
* page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
* page/csp/ContentSecurityPolicySource.cpp: Added.
* page/csp/ContentSecurityPolicySource.h: Added.
* page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
(WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
(WebCore::isHostCharacter): Ditto.
(WebCore::isPathComponentCharacter): Ditto.
(WebCore::isSchemeContinuationCharacter): Ditto.
(WebCore::isNotColonOrSlash): Ditto.
(WebCore::isSourceListNone): Ditto.
* page/csp/ContentSecurityPolicySourceList.h: Added.
* page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
* page/csp/ContentSecurityPolicySourceListDirective.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: TransactionOperation objects leak.
beidson@apple.com [Wed, 10 Feb 2016 01:15:09 +0000 (01:15 +0000)]
Modern IDB: TransactionOperation objects leak.
https://bugs.webkit.org/show_bug.cgi?id=154054

Reviewed by Alex Christensen.

No new tests (Currently untestable).

* Modules/indexeddb/client/IDBTransactionImpl.cpp:
(WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
  the map, as this operation doesn't complete "normally" like most others.
(WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.

* Modules/indexeddb/client/TransactionOperation.h:
(WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
  as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
(WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196349 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Allow copying all headers in the request/response header tables
commit-queue@webkit.org [Wed, 10 Feb 2016 01:13:39 +0000 (01:13 +0000)]
Web Inspector: Allow copying all headers in the request/response header tables
https://bugs.webkit.org/show_bug.cgi?id=154048
<rdar://problem/24576302>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-09
Reviewed by Timothy Hatcher.

* Localizations/en.lproj/localizedStrings.js:
New "Copy Table" string.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype._contextMenuInHeader):
Add context menu support for table header cells, and give them a
"Copy Table" context menu if there is copyable data.

(WebInspector.DataGrid.prototype._contextMenuInDataTable):
Add "Copy Table" context menu for copyable rows.

(WebInspector.DataGrid.prototype._copyTextForDataGridNode):
(WebInspector.DataGrid.prototype._copyTextForDataGridHeaders):
(WebInspector.DataGrid.prototype._copyTable):
(WebInspector.DataGrid.prototype._hasCopyableData):
Helpers for determining copyability and copying tab separated data.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196348 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196341.
commit-queue@webkit.org [Wed, 10 Feb 2016 01:08:04 +0000 (01:08 +0000)]
Unreviewed, rolling out r196341.
https://bugs.webkit.org/show_bug.cgi?id=154056

This change broke existing API tests on Mac and iOS (Requested
by ryanhaddad on #webkit).

Reverted changeset:

"Add SPI to remove individual user scripts or user style
sheets"
https://bugs.webkit.org/show_bug.cgi?id=154046
http://trac.webkit.org/changeset/196341

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark perf/adding-radio-buttons.html as flaky on ios-simulator
ryanhaddad@apple.com [Wed, 10 Feb 2016 00:27:30 +0000 (00:27 +0000)]
Mark perf/adding-radio-buttons.html as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=154055

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] Graphical corruption in videos when enabling custom loading path
jer.noble@apple.com [Wed, 10 Feb 2016 00:15:58 +0000 (00:15 +0000)]
[Mac] Graphical corruption in videos when enabling custom loading path
https://bugs.webkit.org/show_bug.cgi?id=154044

Reviewed by Alex Christensen.

The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
set to be a serial queue. So when adding dataReceived operations to that queue, there exists
the possibility that some operations are handled before others, and the client will receieve
data out of order.

A real NSURLSession object will only issue another operation when the first operation
completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
The internal queue will enqueue an operation to the resource loader's queue, and block until
that operation completes, thus ensuring ordering of the data (and other) operations.

* platform/network/cocoa/WebCoreNSURLSession.h:
* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
(-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
(-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
(-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
(-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
(-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.

Drive-by fix:
(-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
    queue, matching NSURLSessionDataTask's behavior.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196345 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline tests for ios-simulator after r196222
ryanhaddad@apple.com [Wed, 10 Feb 2016 00:14:20 +0000 (00:14 +0000)]
Rebaseline tests for ios-simulator after r196222
https://bugs.webkit.org/show_bug.cgi?id=154053

Reviewed by Zalan Bujtas.

* platform/ios-simulator-wk2/compositing/geometry/composited-in-columns-expected.txt:
* platform/ios-simulator-wk2/compositing/layer-creation/overlap-animation-container-expected.txt: Added.
* platform/ios-simulator-wk2/compositing/visibility/visibility-image-layers-dynamic-expected.txt:
* platform/ios-simulator-wk2/fast/inline/continuation-outlines-with-layers-expected.txt: Added.
* platform/ios-simulator-wk2/fast/layers/scroll-rect-to-visible-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline compositing/overflow/scrollbar-painting.html for ios-simulator after r196244
ryanhaddad@apple.com [Wed, 10 Feb 2016 00:02:07 +0000 (00:02 +0000)]
Rebaseline compositing/overflow/scrollbar-painting.html for ios-simulator after r196244

Unreviewed test gardening.

* platform/ios-simulator-wk2/compositing/overflow/scrollbar-painting-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196343 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: localStorage inspector very slow on big values
commit-queue@webkit.org [Tue, 9 Feb 2016 23:42:53 +0000 (23:42 +0000)]
Web Inspector: localStorage inspector very slow on big values
https://bugs.webkit.org/show_bug.cgi?id=123750
<rdar://problem/15384930>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-09
Reviewed by Timothy Hatcher.

It is not useful to show very large strings in the DOM Storage DataGrid.
This change truncates display strings to roughly 200 characters. If the
developer really wants the full value of the string they can just access
it through localStorage.

* UserInterface/Models/DOMStorageObject.js:
(WebInspector.DOMStorageObject.prototype.getEntries.innerCallback):
(WebInspector.DOMStorageObject.prototype.getEntries):
(WebInspector.DOMStorageObject.prototype.itemUpdated):
Modernize.

* UserInterface/Views/DOMStorageContentView.js:
(WebInspector.DOMStorageContentView):
(WebInspector.DOMStorageContentView.prototype.itemRemoved):
Modernize.

(WebInspector.DOMStorageContentView.prototype.itemAdded):
(WebInspector.DOMStorageContentView.prototype.itemUpdated):
(WebInspector.DOMStorageContentView.prototype._truncateValue):
(WebInspector.DOMStorageContentView.prototype._populate):
Whenever we get a value that we will display, truncate it to
just 200 characters.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196342 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd SPI to remove individual user scripts or user style sheets
andersca@apple.com [Tue, 9 Feb 2016 23:04:27 +0000 (23:04 +0000)]
Add SPI to remove individual user scripts or user style sheets
https://bugs.webkit.org/show_bug.cgi?id=154046
rdar://problem/23596352

Reviewed by Sam Weinig.

* UIProcess/API/Cocoa/WKUserContentController.mm:
(-[WKUserContentController _removeUserScript:]):
(-[WKUserContentController _userStyleSheets]):
(-[WKUserContentController _addUserStyleSheet:]):
(-[WKUserContentController _removeUserStyleSheet:]):
* UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
* UIProcess/UserContent/WebUserContentControllerProxy.cpp:
(WebKit::WebUserContentControllerProxy::WebUserContentControllerProxy):
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):
* UIProcess/UserContent/WebUserContentControllerProxy.h:
(WebKit::WebUserContentControllerProxy::userStyleSheets):
* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeUserStyleSheet):
* WebProcess/UserContent/WebUserContentController.h:
* WebProcess/UserContent/WebUserContentController.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196341 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator...
ryanhaddad@apple.com [Tue, 9 Feb 2016 23:00:09 +0000 (23:00 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196303

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196340 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html...
n_wang@apple.com [Tue, 9 Feb 2016 22:58:18 +0000 (22:58 +0000)]
[iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
https://bugs.webkit.org/show_bug.cgi?id=154039

Reviewed by Chris Fleizach.

We are accessing the derefed node in the CharacterOffset object, we should create an empty
CharacterOffset object if the node is not in use.

It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.

* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityTextMarker characterOffset]):
(-[WebAccessibilityTextMarker isIgnored]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196339 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline more tests for ios-simulator after r196244
ryanhaddad@apple.com [Tue, 9 Feb 2016 22:54:17 +0000 (22:54 +0000)]
Rebaseline more tests for ios-simulator after r196244

Unreviewed test gardening.

* platform/ios-simulator-wk2/compositing/overflow/overflow-scroll-expected.txt:
* platform/ios-simulator-wk2/css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt:
* platform/ios-simulator-wk2/css2.1/20110323/abspos-replaced-width-margin-000-expected.txt:
* platform/ios-simulator-wk2/fast/block/float/overhanging-tall-block-expected.txt:
* platform/ios-simulator-wk2/fast/clip/014-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/overflow-unsplittable-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-bt-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-lr-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-rl-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/BottomToTop-tb-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-bt-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-lr-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-rl-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/pagination/RightToLeft-tb-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/vertical-rl/column-rules-expected.txt:
* platform/ios-simulator-wk2/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
* platform/ios-simulator-wk2/fast/overflow/float-in-relpositioned-expected.txt:
* platform/ios-simulator-wk2/fast/overflow/overflow-auto-position-absolute-expected.txt:
* platform/ios-simulator-wk2/fast/overflow/paged-x-div-expected.txt:
* platform/ios-simulator-wk2/fast/overflow/paged-x-div-with-column-gap-expected.txt:
* platform/ios-simulator-wk2/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196338 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't crash if we fail to parse a builtin
fpizlo@apple.com [Tue, 9 Feb 2016 22:42:02 +0000 (22:42 +0000)]
Don't crash if we fail to parse a builtin
https://bugs.webkit.org/show_bug.cgi?id=154047
rdar://problem/24300617

Reviewed by Mark Lam.

Crashing probably seemed like a good idea at the time, but we could get here in case of a
near stack overflow, so that the parser bails because of recursion.

* parser/Parser.h:
(JSC::parse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196337 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Expiration column in Storage tab can't be sorted
commit-queue@webkit.org [Tue, 9 Feb 2016 22:16:14 +0000 (22:16 +0000)]
Web Inspector: Expiration column in Storage tab can't be sorted
https://bugs.webkit.org/show_bug.cgi?id=154043
<rdar://problem/24572272>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-09
Reviewed by Brian Burg.

* UserInterface/Views/CookieStorageContentView.js:
(WebInspector.CookieStorageContentView.prototype._sortDataGrid.expiresCompare):
Sort Session as the shortest time, not the longest time. Use the
cookie.expires date when sorting, not the locale string.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196336 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed build fix after r196322
mmaxfield@apple.com [Tue, 9 Feb 2016 22:09:44 +0000 (22:09 +0000)]
Unreviewed build fix after r196322

Unreviewed.

* css/CSSFontFace.cpp:
(WebCore::CSSFontFace::font):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOutline corners do not align properly for multiline inlines.
zalan@apple.com [Tue, 9 Feb 2016 22:01:24 +0000 (22:01 +0000)]
Outline corners do not align properly for multiline inlines.
https://bugs.webkit.org/show_bug.cgi?id=154025

Reviewed by David Hyatt.

Adjust border position when outline-offset > 0. This patch also
removes integral pixelsnapping (drawLineForBoxSide takes care of
device pixelsnapping).

Source/WebCore:

Test: fast/inline/outline-corners-with-offset.html

* rendering/RenderInline.cpp:
(WebCore::RenderInline::paintOutlineForLine):

LayoutTests:

* fast/inline/outline-corners-with-offset-expected.html: Added.
* fast/inline/outline-corners-with-offset.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196334 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAnalysis task page on v3 show progression as regressions
rniwa@webkit.org [Tue, 9 Feb 2016 21:49:03 +0000 (21:49 +0000)]
Analysis task page on v3 show progression as regressions
https://bugs.webkit.org/show_bug.cgi?id=154045

Reviewed by Chris Dumez.

The bug was caused by TestGroup.compareTestResults referring to undefined _smallerIsBetter.
Retrieve it from the associated metric object via the owner analysis task.

* public/v3/models/test-group.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196333 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] Adopt NSURLSession properties in AVAssetResourceLoader
jer.noble@apple.com [Tue, 9 Feb 2016 21:30:25 +0000 (21:30 +0000)]
[Mac] Adopt NSURLSession properties in AVAssetResourceLoader

Rubber-stamped by Eric Carlson;

Set the correct global variable from setAVFoundationNSURLSessionEnabled().

* page/Settings.cpp:
(WebCore::Settings::setAVFoundationNSURLSessionEnabled):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196332 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGetValueFunc/PutValueFunc should not take both slotBase and thisValue
barraclough@apple.com [Tue, 9 Feb 2016 21:19:59 +0000 (21:19 +0000)]
GetValueFunc/PutValueFunc should not take both slotBase and thisValue
https://bugs.webkit.org/show_bug.cgi?id=154009

Reviewed by Geoff Garen.

In JavaScript there are two types of properties - regular value properties, and accessor properties.
One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
what object they operate on in the case of a prototype access. If you access a value property of a
prototype object it return a value pertinent to the prototype, but in the case of a prototype object
returning an accessor, then the accessor function is applied to the base object of the access.

JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.

Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.

Source/JavaScriptCore:

* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::getStaticValue):
(JSC::JSCallbackObject<Parent>::staticFunctionGetter):
(JSC::JSCallbackObject<Parent>::callbackGetter):
    - Merged slotBase & thisValue to custom property callbacks.
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate):
    - Modified the call being JIT generated - GetValueFunc/PutValueFunc now only take 3,
      rather than 4 arguments. Selects which one to keep/drop based on access type.
(WTF::printInternal):
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::isGetter):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::tryCachePutByID):
    - Split the CustomGetter/Setter access types into Value/Accessor variants.
* jsc.cpp:
(WTF::CustomGetter::getOwnPropertySlot):
(WTF::CustomGetter::customGetter):
(WTF::RuntimeArray::RuntimeArray):
(WTF::RuntimeArray::lengthGetter):
    - Merged slotBase & thisValue to custom property callbacks.
* runtime/CustomGetterSetter.cpp:
(JSC::callCustomSetter):
    - Pass 3 arguments when calling PutValueFunc.
* runtime/CustomGetterSetter.h:
* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::JSBoundSlotBaseFunction):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitive):
    - callCustomSetter currently takes a flag to distinguish value/accessor calls.
* runtime/JSFunction.cpp:
(JSC::retrieveArguments):
(JSC::JSFunction::argumentsGetter):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::lengthGetter):
(JSC::JSFunction::nameGetter):
* runtime/JSFunction.h:
* runtime/JSModuleNamespaceObject.cpp:
(JSC::JSModuleNamespaceObject::visitChildren):
(JSC::callbackGetter):
    - Merged slotBase & thisValue to custom property callbacks.
* runtime/JSObject.cpp:
(JSC::JSObject::putInlineSlow):
    - callCustomSetter currently takes a flag to distinguish value/accessor calls.
* runtime/Lookup.h:
(JSC::putEntry):
    - split PutPropertySlot setCustom into Value/Accessor variants.
* runtime/PropertySlot.cpp:
(JSC::PropertySlot::functionGetter):
(JSC::PropertySlot::customGetter):
* runtime/PropertySlot.h:
(JSC::PropertySlot::PropertySlot):
(JSC::PropertySlot::getValue):
    - added customGetter helper to call GetValueFunc.
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::setNewProperty):
(JSC::PutPropertySlot::setCustomValue):
(JSC::PutPropertySlot::setCustomAccessor):
(JSC::PutPropertySlot::setThisValue):
(JSC::PutPropertySlot::customSetter):
(JSC::PutPropertySlot::context):
(JSC::PutPropertySlot::isStrictMode):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableSetter):
(JSC::PutPropertySlot::isCacheableCustom):
(JSC::PutPropertySlot::isCustomAccessor):
(JSC::PutPropertySlot::isInitialization):
(JSC::PutPropertySlot::cachedOffset):
(JSC::PutPropertySlot::setCustomProperty): Deleted.
    - split PutPropertySlot setCustom into Value/Accessor variants.
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getOwnPropertySlot):
(JSC::regExpConstructorDollar1):
(JSC::regExpConstructorDollar2):
(JSC::regExpConstructorDollar3):
(JSC::regExpConstructorDollar4):
(JSC::regExpConstructorDollar5):
(JSC::regExpConstructorDollar6):
(JSC::regExpConstructorDollar7):
(JSC::regExpConstructorDollar8):
(JSC::regExpConstructorDollar9):
(JSC::regExpConstructorInput):
(JSC::regExpConstructorMultiline):
(JSC::regExpConstructorLastMatch):
(JSC::regExpConstructorLastParen):
(JSC::regExpConstructorLeftContext):
(JSC::regExpConstructorRightContext):
(JSC::setRegExpConstructorInput):
(JSC::setRegExpConstructorMultiline):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::defineOwnProperty):
(JSC::regExpObjectSetLastIndexStrict):
(JSC::regExpObjectSetLastIndexNonStrict):
(JSC::RegExpObject::put):
    - Merged slotBase & thisValue to custom property callbacks.

Source/WebCore:

* bindings/js/JSDOMBinding.cpp:
(WebCore::printErrorMessageForFrame):
(WebCore::objectToStringFunctionGetter):
* bindings/js/JSDOMBinding.h:
(WebCore::propertyNameToString):
(WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
(WebCore::nonCachingStaticFunctionGetter):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::visitAdditionalChildren):
(WebCore::childFrameGetter):
(WebCore::namedItemGetter):
(WebCore::jsDOMWindowWebKit):
(WebCore::jsDOMWindowIndexedDB):
    - add missing null check, in case indexDB acessor is applied to non-window object.
* bindings/js/JSPluginElementFunctions.cpp:
(WebCore::pluginScriptObject):
(WebCore::pluginElementPropertyGetter):
* bindings/js/JSPluginElementFunctions.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::destroy):
(JSC::RuntimeArray::lengthGetter):
* bridge/runtime_array.h:
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::finishCreation):
(JSC::RuntimeMethod::lengthGetter):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::invalidate):
(JSC::Bindings::RuntimeObject::fallbackObjectGetter):
(JSC::Bindings::RuntimeObject::fieldGetter):
(JSC::Bindings::RuntimeObject::methodGetter):
* bridge/runtime_object.h:
    - Merged slotBase & thisValue to custom property callbacks.

Source/WebKit2:

* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):
(WebKit::JSNPObject::methodGetter):
* WebProcess/Plugins/Netscape/JSNPObject.h:
    - Merged slotBase & thisValue to custom property callbacks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196331 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBuild-fix; add Nullibility macros around previously un-macro'd class definitions.
jer.noble@apple.com [Tue, 9 Feb 2016 21:17:03 +0000 (21:17 +0000)]
Build-fix; add Nullibility macros around previously un-macro'd class definitions.

* platform/spi/mac/AVFoundationSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] Exiting fullscreen through the placeholder action leaves window in empty state
jer.noble@apple.com [Tue, 9 Feb 2016 21:03:20 +0000 (21:03 +0000)]
[Mac] Exiting fullscreen through the placeholder action leaves window in empty state
https://bugs.webkit.org/show_bug.cgi?id=152979
<rdar://problem/24132309>

Reviewed by Brent Fulgham.

In r194593, we relaxed the _fullScreenState requirement in -finishedExitFullScreenAnimation: to handle
the case where the request to exit fullscreen came from outside the process. However, in so doing, we
allowed -finishedExitFullScreenAnimation: to be called twice, and in so doing, leave the original window
empty of its WebView.  Tighten up the restriction of _fullScreenState to allow only the "InFullScreen"
state (to take care of the external exit command) and the "ExitingFullScreen" state, to handle the
normal teardown path.

* UIProcess/mac/WKFullScreenWindowController.mm:
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] Adopt NSURLSession properties in AVAssetResourceLoader
jer.noble@apple.com [Tue, 9 Feb 2016 20:56:48 +0000 (20:56 +0000)]
[Mac] Adopt NSURLSession properties in AVAssetResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=153873

Reviewed by Eric Carlson.

Source/WebCore:

Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
use for media loading, and control the use of this property with a new Setting.

* page/Settings.cpp:
(WebCore::Settings::setAVFoundationNSURLSessionEnabled):
* page/Settings.h:
(WebCore::Settings::isAVFoundationNSURLSessionEnabled):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
* platform/spi/mac/AVFoundationSPI.h:

Source/WebKit/mac:

Add a WebKit preference to control the WebCore isAVFoundationNSURLSessionEnabled()
setting.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences setAVFoundationNSURLSessionEnabled:]):
(-[WebPreferences isAVFoundationNSURLSessionEnabled]):
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):

Source/WebKit2:

Add a WebKit2 preference to control the WebCore isAVFoundationNSURLSessionEnabled()
setting.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetAVFoundationNSURLSessionEnabled):
(WKPreferencesGetAVFoundationNSURLSessionEnabled):
* UIProcess/API/C/WKPreferencesRef.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Limit max and min zoom factor of Inspector
commit-queue@webkit.org [Tue, 9 Feb 2016 20:52:41 +0000 (20:52 +0000)]
Web Inspector: Limit max and min zoom factor of Inspector
https://bugs.webkit.org/show_bug.cgi?id=154041
<rdar://problem/24571326>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-09
Reviewed by Brian Burg.

Chose reasonable zoom levels that looked good to my eye and
roughly matched Safari's page zoom levels.

* UserInterface/Base/Main.js:
(WebInspector.contentLoaded):
Do not implicitly prevent default for zoom in/out keyboard shortcuts to
allow for a system beep if we do not do anything.

(WebInspector._increaseZoom):
(WebInspector._decreaseZoom):
Do not go beyond a max or min zoom level. Prevent default in the case
where we actually zoom, but don't prevent default where we do not
actually zoom to cause a system beep. Allow for a slight drift of
the floating point value as it increases / decreases by 0.2 at the
different zoom factors.

(WebInspector._resetZoom):
(WebInspector._showTabAtIndex):
Remove redundant prevent default calls, since it would happen
implicitly for these keyboard shortcuts.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSpread expressions are not fair game for direct binding
fpizlo@apple.com [Tue, 9 Feb 2016 20:18:31 +0000 (20:18 +0000)]
Spread expressions are not fair game for direct binding
https://bugs.webkit.org/show_bug.cgi?id=154042
rdar://problem/24291413

Reviewed by Saam Barati.

Prior to this change we crashed on this:

    var [x] = [...y];

Because NodesCodegen thinks that this is a direct binding.  It's not, because we cannot
directly generate bytecode for "...y".  This is a unique property of spread expressions, so
its sufficient to just bail out of direct binding if we see a spread expression. That's what
this patch does.

* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayPatternNode::emitDirectBinding):
* tests/stress/spread-in-tail.js: Added.
(foo):
(catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196323 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDecouple font creation from font loading
mmaxfield@apple.com [Tue, 9 Feb 2016 19:50:05 +0000 (19:50 +0000)]
Decouple font creation from font loading
https://bugs.webkit.org/show_bug.cgi?id=153414

Reviewed by Darin Adler.

Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
that the function which triggers the download also has the goal of returning a font to use. However,
the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
creation overhead.

In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
this:
                    => Success
                  //
Pending => Loading
                  \\
                    => Failure

Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
CSSFontFaceSources may be in.

No new tests because there is no behavior change.

* css/CSSFontFace.cpp:
(WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
(WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
(WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
(WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
(WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
(WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
(WebCore::CSSFontFace::isValid): Deleted.
(WebCore::CSSFontFace::addSource): Deleted.
(WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
(WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
* css/CSSFontFace.h:
(WebCore::CSSFontFace::create): Remove old dead code.
(WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
(WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
* css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
(WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
(WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
(WebCore::CSSFontFaceSource::load): Pulled out code from font().
(WebCore::CSSFontFaceSource::font): Moved code into load().
(WebCore::CSSFontFaceSource::isValid): Deleted.
(WebCore::CSSFontFaceSource::isDecodeError): Deleted.
(WebCore::CSSFontFaceSource::ensureFontData): Deleted.
* css/CSSFontFaceSource.h: Much cleaner API.
* css/CSSFontSelector.cpp:
(WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
reorganization.
(WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
(WebCore::CSSFontSelector::addFontFaceRule): Ditto.
(WebCore::CSSFontSelector::getFontFace): Ditto.
* css/CSSSegmentedFontFace.cpp:
(WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
(WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
(WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
(WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
(WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
(WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
(WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
(WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
(WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
* css/CSSSegmentedFontFace.h:
(WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
(WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
(WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
* loader/cache/CachedFont.cpp:
(WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
(WebCore::CachedFont::checkNotify): Ditto.
* loader/cache/CachedFontClient.h:
(WebCore::CachedFontClient::fontLoaded): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196322 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAll 32-bit plug-ins should use the XPC service
andersca@apple.com [Tue, 9 Feb 2016 18:57:05 +0000 (18:57 +0000)]
All 32-bit plug-ins should use the XPC service
https://bugs.webkit.org/show_bug.cgi?id=154036
rdar://problem/16059483

Reviewed by Dan Bernstein.

Silverlight expects malloced memory from the tiny zone to be executable. It also expects
the data segment from its coreclr image to be executable.

Make this possible by:

1. Shimming mach_vm_map, making sure to add the VM_PROT_EXECUTABLE bit to any memory in the tiny zone.
2. Go through the address space, looking for any existing ranges from the tiny zone and mach_vm_protect them
   to be executable.
3. Register with dyld so we'll get callbacks whenever a library is bound, look for the coreclr image, and
   mach_vm_protect its __DATA segment to be executable.

* Platform/spi/Cocoa/DyldSPI.h: Copied from Source/WebKit2/PluginProcess/mac/PluginProcessShim.h.
* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::isMallocMemoryTag):
(WebKit::shouldMapMemoryExecutable):
(WebKit::initializeShim):
(WebKit::PluginProcess::platformInitializeProcess):
* PluginProcess/mac/PluginProcessShim.h:
* PluginProcess/mac/PluginProcessShim.mm:
(WebKit::shimMachVMMap):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::platformGetLaunchOptions):
(WebKit::shouldUseXPC): Deleted.
* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196321 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK][EFL] Fix several build configuration related to SamplingProfiler after r196245
ossy@webkit.org [Tue, 9 Feb 2016 18:25:36 +0000 (18:25 +0000)]
[GTK][EFL] Fix several build configuration related to SamplingProfiler after r196245
https://bugs.webkit.org/show_bug.cgi?id=154033

Reviewed by Michael Catanzaro.

.:

* Source/cmake/WebKitFeatures.cmake:

Source/WTF:

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Rebaseline after r196244.
zalan@apple.com [Tue, 9 Feb 2016 18:16:47 +0000 (18:16 +0000)]
[Win] Rebaseline after r196244.

Unreviewed test gardening.

* platform/win/css3/unicode-bidi-isolate-basic-expected.txt:
* platform/win/fast/block/float/overhanging-tall-block-expected.txt:
* platform/win/fast/block/positioning/auto/vertical-rl/007-expected.txt:
* platform/win/fast/borders/border-antialiasing-expected.txt:
* platform/win/fast/clip/001-expected.txt:
* platform/win/fast/clip/013-expected.txt:
* platform/win/fast/clip/014-expected.txt:
* platform/win/fast/clip/outline-overflowClip-expected.txt:
* platform/win/fast/css/clip-zooming-expected.txt:
* platform/win/fast/frames/flattening/iframe-flattening-offscreen-expected.txt: Added.
* platform/win/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
* platform/win/fast/line-grid/line-grid-inside-columns-expected.txt:
* platform/win/fast/line-grid/line-grid-into-columns-expected.txt:
* platform/win/fast/lists/scrolled-marker-paint-expected.txt:
* platform/win/fast/multicol/client-rects-expected.txt:
* platform/win/fast/multicol/column-break-with-balancing-expected.txt:
* platform/win/fast/multicol/column-rules-expected.txt:
* platform/win/fast/multicol/column-rules-stacking-expected.txt:
* platform/win/fast/multicol/columns-shorthand-parsing-expected.txt:
* platform/win/fast/multicol/float-paginate-complex-expected.txt:
* platform/win/fast/multicol/float-paginate-empty-lines-expected.txt:
* platform/win/fast/multicol/float-paginate-expected.txt:
* platform/win/fast/multicol/layers-in-multicol-expected.txt:
* platform/win/fast/multicol/layers-split-across-columns-expected.txt:
* platform/win/fast/multicol/max-height-columns-block-expected.txt:
* platform/win/fast/multicol/nested-columns-expected.txt:
* platform/win/fast/multicol/newmulticol/client-rects-expected.txt:
* platform/win/fast/multicol/overflow-across-columns-expected.txt:
* platform/win/fast/multicol/overflow-across-columns-percent-height-expected.txt:
* platform/win/fast/multicol/overflow-unsplittable-expected.txt:
* platform/win/fast/multicol/paginate-block-replaced-expected.txt:
* platform/win/fast/multicol/pagination/BottomToTop-bt-expected.txt:
* platform/win/fast/multicol/pagination/BottomToTop-lr-expected.txt:
* platform/win/fast/multicol/pagination/BottomToTop-rl-expected.txt:
* platform/win/fast/multicol/pagination/BottomToTop-tb-expected.txt:
* platform/win/fast/multicol/pagination/LeftToRight-bt-expected.txt:
* platform/win/fast/multicol/pagination/LeftToRight-rl-expected.txt:
* platform/win/fast/multicol/pagination/LeftToRight-tb-expected.txt:
* platform/win/fast/multicol/pagination/LeftToRight-tb-hittest-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-bt-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-lr-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-rl-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-rl-hittest-expected.txt:
* platform/win/fast/multicol/pagination/RightToLeft-tb-expected.txt:
* platform/win/fast/multicol/pagination/TopToBottom-bt-expected.txt:
* platform/win/fast/multicol/pagination/TopToBottom-lr-expected.txt:
* platform/win/fast/multicol/pagination/TopToBottom-rl-expected.txt:
* platform/win/fast/multicol/positive-leading-expected.txt:
* platform/win/fast/multicol/scrolling-column-rules-expected.txt:
* platform/win/fast/multicol/scrolling-overflow-expected.txt:
* platform/win/fast/multicol/span/anonymous-style-inheritance-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
* platform/win/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
* platform/win/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
* platform/win/fast/multicol/span/span-as-nested-columns-child-expected.txt:
* platform/win/fast/multicol/span/span-margin-collapsing-expected.txt:
* platform/win/fast/multicol/table-vertical-align-expected.txt:
* platform/win/fast/multicol/tall-image-behavior-expected.txt:
* platform/win/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
* platform/win/fast/multicol/vertical-lr/column-rules-expected.txt:
* platform/win/fast/multicol/vertical-lr/float-multicol-expected.txt:
* platform/win/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
* platform/win/fast/multicol/vertical-lr/float-paginate-expected.txt:
* platform/win/fast/multicol/vertical-lr/nested-columns-expected.txt:
* platform/win/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
* platform/win/fast/multicol/vertical-rl/column-rules-expected.txt:
* platform/win/fast/multicol/vertical-rl/float-multicol-expected.txt:
* platform/win/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
* platform/win/fast/multicol/vertical-rl/float-paginate-expected.txt:
* platform/win/fast/multicol/vertical-rl/nested-columns-expected.txt:
* platform/win/fast/overflow/clip-rects-fixed-ancestor-expected.txt:
* platform/win/fast/overflow/float-in-relpositioned-expected.txt:
* platform/win/fast/overflow/overflow-auto-position-absolute-expected.txt:
* platform/win/fast/overflow/overflow-rtl-expected.txt:
* platform/win/fast/overflow/paged-x-div-expected.txt:
* platform/win/fast/overflow/paged-x-div-with-column-gap-expected.txt:
* platform/win/fast/overflow/paged-x-on-root-expected.txt:
* platform/win/fast/overflow/paged-x-with-column-gap-expected.txt:
* platform/win/fast/overflow/paged-y-div-expected.txt:
* platform/win/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
* platform/win/fast/repaint/box-shadow-h-expected.txt:
* platform/win/fast/repaint/box-shadow-v-expected.txt:
* platform/win/fast/repaint/layer-outline-expected.txt:
* platform/win/fast/repaint/layer-outline-horizontal-expected.txt:
* platform/win/fast/table/edge-offsets-expected.txt:
* platform/win/fast/transforms/overflow-with-transform-expected.txt:
* platform/win/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
* platform/win/scrollbars/scrollbars-on-positioned-content-expected.txt:
* platform/win/svg/custom/getscreenctm-in-scrollable-div-area-nested-expected.txt:
* platform/win/svg/custom/image-rescale-clip-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196314 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: IDBOpenDBRequests leak.
beidson@apple.com [Tue, 9 Feb 2016 17:40:43 +0000 (17:40 +0000)]
Modern IDB: IDBOpenDBRequests leak.
https://bugs.webkit.org/show_bug.cgi?id=154032

Reviewed by Alex Christensen.

No new tests (Currently untestable).

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:

Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
drop the last ref to the request after its last event fires or is otherwise destroyed:
* Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
(WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
* Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
(WebCore::IDBRequestCompletionEvent::create):

* Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
(WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
(WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
(WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
(WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.

* Modules/indexeddb/client/IDBTransactionImpl.cpp:
(WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's
  completion event to fire, clear the back-ref to the request.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196313 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[EFL] Remove eail related cruft after r195725
ossy@webkit.org [Tue, 9 Feb 2016 17:38:43 +0000 (17:38 +0000)]
[EFL] Remove eail related cruft after r195725
https://bugs.webkit.org/show_bug.cgi?id=154030

Reviewed by Alex Christensen.

* efl/jhbuildrc:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[EFL] Remove LLVM related cruft after r196077
ossy@webkit.org [Tue, 9 Feb 2016 17:35:58 +0000 (17:35 +0000)]
[EFL] Remove LLVM related cruft after r196077
https://bugs.webkit.org/show_bug.cgi?id=154031

Reviewed by Alex Christensen.

* efl/jhbuild.modules:
* efl/patches/llvm-elf-add-stackmaps-arm64.patch: Removed.
* efl/patches/llvm-elf-allow-fde-references-outside-the-2gb-range-arm64.patch: Removed.
* efl/patches/llvm-version-arm64.patch: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agocheckValidity() sometimes asserts in WebUserMediaClient::pageDestroyed
eric.carlson@apple.com [Tue, 9 Feb 2016 17:13:27 +0000 (17:13 +0000)]
checkValidity() sometimes asserts in WebUserMediaClient::pageDestroyed
https://bugs.webkit.org/show_bug.cgi?id=154029
<rdar://problem/24065022>

Reviewed by Alex Christensen.

* WebCoreSupport/WebUserMediaClient.mm:
(WebUserMediaClient::pageDestroyed): Copy map keys to a vector and clear the map before
  enumerating the vector and canceling the requests. ASSERT that the map is not modified
  during cleanup. Clean up the permission check map.
(WebUserMediaClient::requestUserMediaAccess): Add the request to the map before calling the
  UI delegate in case it works synchronously (as it does in DRT).
(WebUserMediaClient::checkUserMediaPermission): Ditto.
(WebUserMediaClient::cancelUserMediaPermissionCheck): White-space cleanup.
(-[WebUserMediaPolicyListener allow]): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196310 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Rebaseline after r196244.
zalan@apple.com [Tue, 9 Feb 2016 17:09:08 +0000 (17:09 +0000)]
[iOS] Rebaseline after r196244.

Unreviewed test gardening.

* platform/ios-simulator/compositing/geometry/clipping-foreground-expected.txt:
* platform/ios-simulator/compositing/geometry/root-layer-update-expected.txt:
* platform/ios-simulator/compositing/overflow/overflow-scroll-expected.txt:
* platform/ios-simulator/compositing/overflow/parent-overflow-expected.txt:
* platform/ios-simulator/compositing/overflow/scrollbar-painting-expected.txt:
* platform/ios-simulator/compositing/sibling-positioning-expected.txt:
* platform/ios-simulator/css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt: Added.
* platform/ios-simulator/css2.1/20110323/abspos-replaced-width-margin-000-expected.txt: Added.
* platform/ios-simulator/css3/blending/blend-mode-overflow-expected.txt:
* platform/ios-simulator/css3/unicode-bidi-isolate-basic-expected.txt:
* platform/ios-simulator/fast/block/float/overhanging-tall-block-expected.txt:
* platform/ios-simulator/fast/borders/border-antialiasing-expected.txt:
* platform/ios-simulator/fast/clip/001-expected.txt:
* platform/ios-simulator/fast/clip/013-expected.txt:
* platform/ios-simulator/fast/clip/014-expected.txt:
* platform/ios-simulator/fast/clip/016-expected.txt:
* platform/ios-simulator/fast/clip/outline-overflowClip-expected.txt:
* platform/ios-simulator/fast/css/clip-zooming-expected.txt:
* platform/ios-simulator/fast/frames/flattening/iframe-flattening-offscreen-expected.txt:
* platform/ios-simulator/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
* platform/ios-simulator/fast/line-grid/line-grid-inside-columns-expected.txt:
* platform/ios-simulator/fast/line-grid/line-grid-into-columns-expected.txt:
* platform/ios-simulator/fast/lists/scrolled-marker-paint-expected.txt:
* platform/ios-simulator/fast/multicol/client-rects-expected.txt:
* platform/ios-simulator/fast/multicol/column-break-with-balancing-expected.txt:
* platform/ios-simulator/fast/multicol/column-rules-expected.txt:
* platform/ios-simulator/fast/multicol/column-rules-stacking-expected.txt:
* platform/ios-simulator/fast/multicol/columns-shorthand-parsing-expected.txt:
* platform/ios-simulator/fast/multicol/float-paginate-complex-expected.txt:
* platform/ios-simulator/fast/multicol/float-paginate-empty-lines-expected.txt:
* platform/ios-simulator/fast/multicol/float-paginate-expected.txt:
* platform/ios-simulator/fast/multicol/layers-in-multicol-expected.txt:
* platform/ios-simulator/fast/multicol/layers-split-across-columns-expected.txt:
* platform/ios-simulator/fast/multicol/max-height-columns-block-expected.txt:
* platform/ios-simulator/fast/multicol/nested-columns-expected.txt:
* platform/ios-simulator/fast/multicol/newmulticol/client-rects-expected.txt:
* platform/ios-simulator/fast/multicol/overflow-across-columns-expected.txt:
* platform/ios-simulator/fast/multicol/overflow-across-columns-percent-height-expected.txt:
* platform/ios-simulator/fast/multicol/overflow-unsplittable-expected.txt:
* platform/ios-simulator/fast/multicol/paginate-block-replaced-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/BottomToTop-bt-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/BottomToTop-lr-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-lr-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/BottomToTop-rl-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-rl-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/BottomToTop-tb-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/LeftToRight-bt-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/RightToLeft-bt-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/RightToLeft-lr-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/RightToLeft-rl-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-rl-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/RightToLeft-tb-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/pagination/LeftToRight-tb-expected.txt.
* platform/ios-simulator/fast/multicol/pagination/TopToBottom-bt-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/TopToBottom-lr-expected.txt:
* platform/ios-simulator/fast/multicol/pagination/TopToBottom-rl-expected.txt:
* platform/ios-simulator/fast/multicol/positive-leading-expected.txt:
* platform/ios-simulator/fast/multicol/scrolling-column-rules-expected.txt:
* platform/ios-simulator/fast/multicol/scrolling-overflow-expected.txt:
* platform/ios-simulator/fast/multicol/span/anonymous-style-inheritance-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-as-nested-columns-child-expected.txt:
* platform/ios-simulator/fast/multicol/span/span-margin-collapsing-expected.txt:
* platform/ios-simulator/fast/multicol/table-vertical-align-expected.txt:
* platform/ios-simulator/fast/multicol/tall-image-behavior-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/column-rules-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/float-multicol-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-lr/nested-columns-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt.
* platform/ios-simulator/fast/multicol/vertical-rl/column-rules-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/column-rules-expected.txt.
* platform/ios-simulator/fast/multicol/vertical-rl/float-multicol-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-rl/float-paginate-complex-expected.txt: Copied from LayoutTests/platform/ios-simulator/fast/multicol/vertical-lr/float-paginate-complex-expected.txt.
* platform/ios-simulator/fast/multicol/vertical-rl/float-paginate-expected.txt:
* platform/ios-simulator/fast/multicol/vertical-rl/nested-columns-expected.txt:
* platform/ios-simulator/fast/overflow/float-in-relpositioned-expected.txt:
* platform/ios-simulator/fast/overflow/overflow-auto-position-absolute-expected.txt:
* platform/ios-simulator/fast/overflow/overflow-rtl-expected.txt:
* platform/ios-simulator/fast/overflow/paged-x-div-expected.txt:
* platform/ios-simulator/fast/overflow/paged-x-div-with-column-gap-expected.txt:
* platform/ios-simulator/fast/overflow/paged-x-on-root-expected.txt:
* platform/ios-simulator/fast/overflow/paged-x-with-column-gap-expected.txt:
* platform/ios-simulator/fast/overflow/paged-y-div-expected.txt:
* platform/ios-simulator/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
* platform/ios-simulator/fast/regions/repaint/region-painting-via-layout-expected.txt:
* platform/ios-simulator/fast/table/edge-offsets-expected.txt:
* platform/ios-simulator/fast/transforms/overflow-with-transform-expected.txt:
* platform/ios-simulator/svg/custom/image-rescale-clip-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196309 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196286.
commit-queue@webkit.org [Tue, 9 Feb 2016 12:38:02 +0000 (12:38 +0000)]
Unreviewed, rolling out r196286.
https://bugs.webkit.org/show_bug.cgi?id=154026

Looks like 5% iOS PLT regression (Requested by kling on
#webkit).

Reverted changeset:

"[iOS] Throw away some unlinked code when navigating to a new
page."
https://bugs.webkit.org/show_bug.cgi?id=154014
http://trac.webkit.org/changeset/196286

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agopossible buffer overrun in Connection::processMessage of Source/WebKit2/Platform...
carlosgc@webkit.org [Tue, 9 Feb 2016 08:23:08 +0000 (08:23 +0000)]
possible buffer overrun in Connection::processMessage of Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp
https://bugs.webkit.org/show_bug.cgi?id=153637

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-02-09
Reviewed by Carlos Garcia Campos.

* Platform/IPC/unix/ConnectionUnix.cpp:
(IPC::Connection::processMessage): Fix invalid arguments of memmove.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Update OptionsGTK.cmake and NEWS for 2.11.5 release.
carlosgc@webkit.org [Tue, 9 Feb 2016 08:07:33 +0000 (08:07 +0000)]
Unreviewed. Update OptionsGTK.cmake and NEWS for 2.11.5 release.

.:

* Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

* gtk/NEWS: Add release notes for 2.11.5.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAddress Said's comments on the benchmark, and do some clean up.
jonlee@apple.com [Tue, 9 Feb 2016 05:26:20 +0000 (05:26 +0000)]
Address Said's comments on the benchmark, and do some clean up.

* Animometer/developer.html:
* Animometer/resources/debug-runner/animometer.css: Add styles for averages.
* Animometer/resources/debug-runner/animometer.js: Use the right
Strings constants.
* Animometer/resources/debug-runner/graph.js:
(_addRegressionLine): Add missing code to draw the line and standard
deviation highlight.
(onGraphTypeChanged): Remove unneeded variables
(onTimeGraphOptionsChanged):
* Animometer/resources/runner/benchmark-runner.js:
(_runBenchmarkAndRecordResults): Rename samplers to suiteResults and
_suitesSamplers to _suitesResults.
* Animometer/tests/resources/main.js:
(results): Call processSamples().
(update): Change sampling timestamp comparison.
(_animateLoop): Move shouldStop call to before the update.
* Animometer/tests/resources/sampler.js:
(process): Rename to processSamples().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttribute getters should not require an explicit 'this' value for Window properties
cdumez@apple.com [Tue, 9 Feb 2016 05:15:06 +0000 (05:15 +0000)]
Attribute getters should not require an explicit 'this' value for Window properties
https://bugs.webkit.org/show_bug.cgi?id=153968

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C test now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Attribute getters should not require an explicit 'this' value for
Window properties. This is because the Window interface is marked
as [ImplicitThis]:
- http://heycam.github.io/webidl/#ImplicitThis
- https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421

This matches the behavior of Firefox and the expectations of the W3C
web-platform-tests.

No new tests, already covered by existing tests.

* bindings/scripts/CodeGeneratorJS.pm:
In attribute getters of an interface marked as [ImplicitThis],
if 'thisValue' is undefined or null, fall back to using the
global object as 'thisValue'.

* bindings/scripts/IDLAttributes.txt:
Add support for [ImplicitThis]:
http://heycam.github.io/webidl/#ImplicitThis

* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSattribute.cpp:
Rebaseline bindings tests.

* page/DOMWindow.idl:
Mark Window as [ImplicitThis]:
http://heycam.github.io/webidl/#ImplicitThis

LayoutTests:

Rebaseline existing tests now that more checks are passing.

* fast/dom/Window/getOwnPropertyDescriptor-other-window-expected.txt:
* fast/dom/Window/getOwnPropertyDescriptor-other-window.html:
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoError construction for inlined operations should not use the inliner's CodeBlock
keith_miller@apple.com [Tue, 9 Feb 2016 03:46:37 +0000 (03:46 +0000)]
Error construction for inlined operations should not use the inliner's CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154021

Reviewed by Mark Lam.

Previously, if one function, A, was inlined into another function, B, in the DFG/FTL
we would use B's DFG/FTL CodeBlock to construct source information about the Error.
We would correctly compute the bytecodeOffset in A for the an expression but we would
not use one of A's CodeBlocks when looking up source. This caused crashes during
operationIn as we expected to be able to find the text "in" in the source.

* runtime/ErrorInstance.cpp:
(JSC::appendSourceToError):
* tests/stress/inlined-error-gets-correct-codeblock-for-bytecodeoffset.js: Added.
(map):
(n):
(one):
(catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Uncaught exception merging script profiler records
commit-queue@webkit.org [Tue, 9 Feb 2016 03:33:17 +0000 (03:33 +0000)]
Web Inspector: Uncaught exception merging script profiler records
https://bugs.webkit.org/show_bug.cgi?id=154004

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

* UserInterface/Controllers/TimelineManager.js:
(WebInspector.TimelineManager.prototype._mergeScriptProfileRecords):
Stop if we've merged all script profiler records.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoruntimeTypeForValue should protect against seeing TDZ value
sbarati@apple.com [Tue, 9 Feb 2016 03:31:11 +0000 (03:31 +0000)]
runtimeTypeForValue should protect against seeing TDZ value
https://bugs.webkit.org/show_bug.cgi?id=154023

Reviewed by Michael Saboff.

There are a few back traces I've seen from crashes that bottom out
inside runtimeTypeForValue. I haven't been able to reproduce
any such crash, but it's likely that we're encountering the
empty JSValue. It's better to just have this function protect
against seeing the empty value instead of dereferencing a null
pointer when it thinks the value is a cell.

* runtime/RuntimeType.cpp:
(JSC::runtimeTypeForValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTeach Controller to measure intervals, and turn off the frame length estimator.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:52 +0000 (03:30 +0000)]
Teach Controller to measure intervals, and turn off the frame length estimator.

* Animometer/tests/resources/main.js: Default interval length is 100 ms.
(start): Set the first interval.
(_measureAndResetInterval): Reports the average frame length of the interval that just
completed, and sets up the next interval.
(update): If there is no length, then just use the estimator per frame, otherwise the
estimator measures per interval. Add a didFinishInterval for subclasses to process
prior to recording the sample. Update tune() to include whether an interval had
finished.
(StepController): Step controllers don't measure on an interval basis.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMinor refactoring. Rename Controller._estimator to Controller._frameLengthEstimator
jonlee@apple.com [Tue, 9 Feb 2016 03:30:49 +0000 (03:30 +0000)]
Minor refactoring. Rename Controller._estimator to Controller._frameLengthEstimator
and switch the parameters for start(), update(), and tune(), so that the timestamp
is first and stage is second.

* Animometer/tests/resources/main.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove ResultsTable functionality not needed for release tests out.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:47 +0000 (03:30 +0000)]
Move ResultsTable functionality not needed for release tests out.
Move reporting of score and mean to selection of the time-based graph.

* Animometer/developer.html: Rename graph-options to time-graph-options.
* Animometer/resources/debug-runner/animometer.js:
(DeveloperResultsTable): Moved from runner/animometer.js. Switch from mean
values to "average" objects which can hold stdev. Move graph button and
calculation of noisy measurements here. Sophisticated header processing
is not needed in release suite.
(populateTable): Use DeveloperResultsTable.
* Animometer/resources/debug-runner/graph.js: Pull time graph creation to
its own function, and add a new onGraphTypeChanged handler in preparation
of a complexity graph to be added later.
* Animometer/resources/runner/animometer.js:
(ResultsTable): Simplify to just handle test names and scores.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTests: reuse objects already made.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:44 +0000 (03:30 +0000)]
Tests: reuse objects already made.

Avoid thrash of object creation and removal by maintaining an index that
moves along the array as the adjust values change. If the tune value
requires more objects than the maximum size of the object array, then create
new objects. This means that the object array size never decreases.

* Animometer/tests/master/resources/canvas-stage.js: Maintain a separate
offsetIndex. For these tests, we want to avoid drawing the oldest objects,
so the scene will draw the object at offsetIndex to the end of the array.
(tune): Reverse the logic since "removal" of objects is much simpler and
involves simply changing the offsetIndex.
(animate): Update the for loop to draw from offsetIndex to the end.
(complexity): Update the definition.
* Animometer/tests/master/resources/canvas-tests.js: Maintain a separate
offsetIndex. For these tests, we want to avoid drawing the newest objects,
so the scene will draw the object at index 0 to the object at offsetIndex.
(SimpleCanvasStage.animate): Fly-by removal of local stage variable,
which is unneeded. Update the for loop to draw from offsetIndex to the end.
* Animometer/tests/simple/resources/simple-canvas-paths.js:
(SimpleCanvasStage.animate): Update the for loop to draw from 0 to
offsetIndex.
* Animometer/tests/simple/resources/simple-canvas.js:
(tune): Update logic. Here, offsetIndex represents the boundary of the last
index to render.
(animate): Update the for loop to draw from 0 to offsetIndex.
(complexity): Update the definition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTests: refactor and update styles.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:42 +0000 (03:30 +0000)]
Tests: refactor and update styles.

* Animometer/tests/resources/main.js: Add helper methods that return
a color that hue rotates based on the date, and a counter value that
increases based on the date. Fix randomInt() to not bias against the min and
max values.

* Animometer/tests/master/resources/canvas-tests.js: Use new helper methods.
* Animometer/tests/master/resources/dom-particles.js: Ditto.
* Animometer/tests/master/resources/particles.js: Ditto.
* Animometer/tests/simple/resources/simple-canvas-paths.js: Refactor to
use a rotating color instead of a random color. The fast switching of color
is too vivid to watch.

* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
(BouncingSvgParticlesStage.call.createGradient): Fix the gradient so
that the last stop is located at the end.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefactor tune() to not return the complexity of the scene.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:38 +0000 (03:30 +0000)]
Refactor tune() to not return the complexity of the scene.

We have stage.complexity() now, so returning the complexity through tune
is unnecessary.

* Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
* Animometer/tests/master/resources/canvas-stage.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/misc/resources/canvas-electrons.js:
* Animometer/tests/misc/resources/canvas-stars.js:
* Animometer/tests/resources/main.js:
* Animometer/tests/simple/resources/simple-canvas.js:
* Animometer/tests/simple/resources/tiled-canvas-image.js:
* Animometer/tests/template/resources/template-canvas.js:
* Animometer/tests/template/resources/template-css.js:
* Animometer/tests/template/resources/template-svg.js:
* Animometer/tests/text/resources/layering-text.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake the fixed controller a step controller instead. Halfway through the test
jonlee@apple.com [Tue, 9 Feb 2016 03:30:32 +0000 (03:30 +0000)]
Make the fixed controller a step controller instead. Halfway through the test
it will bump up the complexity 4-fold. Calculate the step timestamp using options
instead of a separate parameter to the Controller constructor.

* Animometer/developer.html: Change value to "step"
* Animometer/resources/debug-runner/animometer.js:
(window.suitesManager.updateEditsElementsState): Show number inputs when set to "step".
* Animometer/tests/resources/main.js:
(update): Provide a hook for subclasses to tune.
(StepController): Maintain a flag determining whether we've stepped, and the time
we should step.
(Benchmark): Use the new StepController.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdjust the FPS graph scale.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:29 +0000 (03:30 +0000)]
Adjust the FPS graph scale.

Instead of making the FPS graph linearly scale, scale it based on the frame length,
but show the data in terms of FPS. Because it is inversely proportional, and most
of the data never gets below 20, concentrate the axis from 20-60 FPS, since otherwise
over half of the available graph space ends up blank.

This means we should convert all of the FPS data to frame length data.

* Animometer/resources/debug-runner/graph.js: Update the domain to be based on
frame length in milliseconds instead of FPS. Update the cursor to consider all of the
values being shown, and then pick the min and max values to represent the length of the
cursor.
* Animometer/resources/runner/animometer.js:
* Animometer/resources/strings.js:
* Animometer/tests/resources/main.js:
(processSamples): Add the ability to only sample a range of the data instead of everything
after an offset index. Update sampler to record the frame lengths instead of the frame
rate.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd option to use different methods for retrieving a timestamp.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:26 +0000 (03:30 +0000)]
Add option to use different methods for retrieving a timestamp.

* Animometer/developer.html: Add performance.now and Date.now options.
* Animometer/resources/runner/animometer.js: Default to performance.now.
(window.benchmarkController.startBenchmark):
* Animometer/tests/resources/main.js: Tie the desired method to _getTimestamp.
(run): Use _getTimestamp.
(_animateLoop): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAllow adding any number of markers to the graph. The markers can be labeled
jonlee@apple.com [Tue, 9 Feb 2016 03:30:23 +0000 (03:30 +0000)]
Allow adding any number of markers to the graph. The markers can be labeled
and contain timestamp and sample index data. Make it a part of the controller
rather than keeping it in the sampler.

* Animometer/resources/debug-runner/animometer.css: Add styles for markers
* Animometer/resources/debug-runner/graph.js: Create the markers and add
text labels.
* Animometer/resources/runner/animometer.js: Assume the samplingTimeOffset
is just one of the marks provided.
* Animometer/resources/strings.js: Add Strings.json.marks.
* Animometer/tests/resources/main.js:
(Controller): Keep marks here. They are keyed by the marker name, so no two
markers should have the same name.
(recordFirstSample): Refactor to use mark.
(mark): Allows for arbitrary data if needed later. The timestamp maintained
is relative to the absolute start timestamp.
(containsMark): Checks whether a mark with a specific comment exists.
(processSamples): Removes the _startTimestamp offset from the marks before
setting it in results.
* Animometer/tests/resources/sampler.js: Remove marks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of options member variable in Benchmark.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:18 +0000 (03:30 +0000)]
Get rid of options member variable in Benchmark.

Options are only needed when initializing the stage or benchmark, so there's no
need to also keep a reference to it.

* Animometer/tests/resources/main.js: Get rid of options variable in Benchmark.
Pass options to Controllers and Stages.
(Controller.Utilities.createClass):
(Benchmark.Utilities.createClass):
(get options): Deleted.

* Animometer/tests/bouncing-particles/resources/bouncing-canvas-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-canvas-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-canvas-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-css-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
* Animometer/tests/master/resources/canvas-stage.js:
* Animometer/tests/master/resources/canvas-tests.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/misc/resources/canvas-electrons.js:
* Animometer/tests/misc/resources/canvas-stars.js:
* Animometer/tests/misc/resources/compositing-transforms.js:
* Animometer/tests/simple/resources/simple-canvas-paths.js:
* Animometer/tests/simple/resources/tiled-canvas-image.js:
* Animometer/tests/template/resources/template-canvas.js:
* Animometer/tests/template/resources/template-css.js:
* Animometer/tests/template/resources/template-svg.js:
* Animometer/tests/text/resources/layering-text.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate how the benchmark is run
jonlee@apple.com [Tue, 9 Feb 2016 03:25:39 +0000 (03:25 +0000)]
Update how the benchmark is run
https://bugs.webkit.org/show_bug.cgi?id=153960

Provisionally reviewed by Said Abou-Hallawa.

Introduce the notion of a Controller. It is responsible for recording, updating,
and processing the statistics and complexity of the benchmark. This allows
plugging in different Controllers.

This strips most of the functionality from Animator and BenchmarkState, so fold
what's left into Benchmark. Now, Benchmarks only own a stage and a controller, but
are responsible for driving the animation loop.

Rewrite Animator._shouldRequestAnotherFrame into two different Controllers. One
maintains a fixed complexity, and the other adapts the complexity to meet a
fixed FPS.

Fix the Kalman estimator to be modeled on a scalar variable with no model.

* Animometer/tests/resources/main.js: Remove BenchmarkState and Animator, and
replace it with a Controller. Add a FixedController and refactor the previous controller
to an AdaptiveController.

(Controller): Controllers own the estimator and the sampler. When a new frame is
displayed, the animation loop calls update(). The estimator and sampler record
stats, then tune. Samplers can track multiple series of data. The basic controller
tracks timestamp, complexity, and estimated frame rate.
        The Kalman estimation is based on the frame length rather than the frame
rate. Because FPS is inverse proportional to frame length, in the case where the measured
frame length is very small, the FPS ends up being a wildly large number (in the order of
600-1000 "FPS"), and it pulls the estimator up drastically enough that it takes a while
for it to settle back down. Using frame length reduces the impact of these spikes.
        Converging the estimation takes enough time to avoid initializing it immediately
when the benchmark starts. Instead, the benchmark runs for a brief period of time (100ms)
before running it in earnest. Allow controllers an opportunity to set the complexity
before starting recording.
        When the benchmark is complete, the controller has an opportunity to process
the samples. The default implementation calculates the raw FPS based on the time
difference of the samples, and calculates the complexity score. This is moved from
Benchmark.processSamples.

(Controller): Initialize timestamps. These are at first relative to the start of the
benchmark, but are offset by the absolute start time during start(). By default maintain
3 data series, but subclasses can override.
(start): Calls recordFirstSample() for subclasses to override if needed.
(recordFirstSample): For basic controller, start sampling at the beginning.
(update): Update the frame length estimator and sample.
(shouldStop): Checks that the time is before _endTimestamp.
(results): Returns the processed samples.
(processSamples): Iterate through the sample data and collate them. Include scores.

(FixedComplexityController): Controller that tunes the stage to the desired complexity
prior to starting, and keeps it at that complexity.

(AdaptiveController): Have the estimator estimate the interval frame rate instead of the
raw frame rate.
        The previous version of this controller ignored the frame that came after the
adjustment. The raw FPS show that whatever noise the scene change adds is negligible
compared to the noise of the system overall. Stop ignoring that frame and include all
frames in the measurements.

(Benchmark): Remove dependency on animator, and instantiate a runner based on what is
selected. Most of the loop's functionality is in Controller, so remove here.
(Benchmark.run): Remove start() since it is only called from run(), and fold it in here.
(Benchmark._animateLoop): Fold in from Animator.animateLoop. Let the benchmark run for
a brief period before calling Controller.start().

* Animometer/tests/resources/math.js: Fix the Kalman estimator. The filter estimates
a scalar variable, and makes basic assumptions regarding the model. As a result
none of the linear algebra classes are needed, so remove Matrix, Vector3, and Matrix3.
(SimpleKalmanEstimator): Calculate the gain based on the provided process and
measurement errors.
(KalmanEstimator): Deleted.
(IdentityEstimator): Deleted.
(PIDController): Refactor to use the Utilities.createClass() helper.

The Kalman filter algorithm is explained here http://greg.czerniak.info/guides/kalman1/.
The state, represented by a scalar, is the estimated frame length. There is no user
transition of the state, and the state is the same as the measurement. With this model,
the estimation error converges, so calculate the gain ahead of time.

* Animometer/developer.html: Remove fixed-after-warmup since it is not useful.
Replace the option to toggle the estimator, and make it possible to customize the
estimator's error parameters. Show raw FPS by default, and remove interval FPS,
which will be shown instead of the filtered raw FPS.
* Animometer/resources/debug-runner/animometer.css: Put the header behind the graph.
Remove #intervalFPS rules; move the color to #filteredFPS.
* Animometer/resources/debug-runner/graph.js:
(updateGraphData): Update the hr style to force the layout to be calculated
correctly. Change the tick format to be in terms of seconds, since the timestamps
are in milliseconds. Remove interval data.
* Animometer/resources/runner/animometer.js:
(window.benchmarkController.startBenchmark): Set Kalman parameters.
* Animometer/resources/runner/benchmark-runner.js:
(_runBenchmarkAndRecordResults): When a benchmark completes, expect it to return
the final data, rather than passing a sampler from the controller. This avoids
needing to expose the sampler variable in the benchmark.
* Animometer/tests/resources/sampler.js:
(process): Move the setting of the target frame rate to AdaptiveController.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
n_wang@apple.com [Tue, 9 Feb 2016 03:04:20 +0000 (03:04 +0000)]
AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
https://bugs.webkit.org/show_bug.cgi?id=154018

Reviewed by Chris Fleizach.

Source/WebCore:

Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
object.

Test: accessibility/text-marker/text-marker-range-stale-node-crash.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):
* accessibility/AXObjectCache.h:
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
(characterOffsetForTextMarker):
(-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
(textMarkerForVisiblePosition):

LayoutTests:

* accessibility/text-marker/text-marker-range-stale-node-crash-expected.txt: Added.
* accessibility/text-marker/text-marker-range-stale-node-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Throw away some unlinked code when navigating to a new page.
akling@apple.com [Tue, 9 Feb 2016 02:22:27 +0000 (02:22 +0000)]
[iOS] Throw away some unlinked code when navigating to a new page.
<https://webkit.org/b/154014>

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

* runtime/VM.cpp:
(JSC::VM::deleteAllCodeExceptCaches):
(JSC::VM::deleteAllLinkedCode): Deleted.
* runtime/VM.h:

Source/WebCore:

Extended the mechanism introduced earlier to also throw away unlinked code
that's only relevant to the page that we're navigating away from.

The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
like, deleting unlinked and linked code but leaving code caches alone.

This means that if the page we're navigating to wants to parse some of the
same JS that the page we're leaving had on it, it might still be found in the
JSC::CodeCache.

Doing a back navigation to a PageCache'd page may now incur some reparsing,
just like leaving the app or tab would.

* bindings/js/GCController.cpp:
(WebCore::GCController::deleteAllCodeExceptCaches):
(WebCore::GCController::deleteAllLinkedCode): Deleted.
* bindings/js/GCController.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196286 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Search doesn't seem to find text that is present in multiple places
commit-queue@webkit.org [Tue, 9 Feb 2016 01:55:48 +0000 (01:55 +0000)]
Web Inspector: Search doesn't seem to find text that is present in multiple places
https://bugs.webkit.org/show_bug.cgi?id=154016
<rdar://problem/23391307>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.get searchableScripts):
* UserInterface/Views/SearchSidebarPanel.js:
(WebInspector.SearchSidebarPanel.prototype.performSearch):
Only search scripts with a URL. Don't search the potentially
large number of anonymous scripts.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Zooming in on the timeline graph does not increase its time resolution...
commit-queue@webkit.org [Tue, 9 Feb 2016 01:50:08 +0000 (01:50 +0000)]
Web Inspector: Zooming in on the timeline graph does not increase its time resolution from minutes
https://bugs.webkit.org/show_bug.cgi?id=154013
<rdar://problem/23844527>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

Source/WebInspectorUI:

* UserInterface/Base/Utilities.js:
(Number.secondsToString):
Simplify logic and ensure that when under high resolution we
don't go above seconds for our units.

(Number.bytesToString):
Simplify logic.

* UserInterface/Views/LinearTimelineOverview.js:
(WebInspector.LinearTimelineOverview):
Reduce the rather large maximum seconds per pixel from 60 seconds
per pixel to 2 seconds per pixel. This means when the user zooms
out of a timeline they don't see such large time values.

LayoutTests:

* inspector/unit-tests/number-utilities-expected.txt: Added.
* inspector/unit-tests/number-utilities.html: Added.
Basic tests for our Number utilities methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP connect-src directive should block redirects
dbates@webkit.org [Tue, 9 Feb 2016 01:26:56 +0000 (01:26 +0000)]
CSP connect-src directive should block redirects
https://bugs.webkit.org/show_bug.cgi?id=69359
<rdar://problem/24383025>

Reviewed by Brent Fulgham.

Source/WebCore:

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?revision=150246&view=revision>

Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
<https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).

Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
then we do not try to load URLs j >= i.

Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
       http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
       http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
       http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
       http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
       http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html

* fileapi/FileReaderLoader.cpp:
(WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
* inspector/InspectorNetworkAgent.cpp:
(WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
with the Web Inspector.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
and pass it through to DocumentThreadableLoader::create().
(WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
to DocumentThreadableLoader::DocumentThreadableLoader().
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
that is not allowed by the CSP. The caller should not create a loader for such a request.
(WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
then notify the client that the redirect check failed.
(WebCore::DocumentThreadableLoader::loadRequest): Ditto.
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
by the enforced CSP directive.
(WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
* loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
* loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
(WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
* loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
to the DocumentThreadableLoader.
* loader/WorkerThreadableLoader.h:
* page/EventSource.cpp:
(WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
* workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
instead of querying for it directly.
* workers/AbstractWorker.h:
* workers/Worker.cpp:
(WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
of the worker's script URL.
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
(WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
* workers/WorkerScriptLoader.h:
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
an isolated world.

LayoutTests:

Add more tests, update erroneous expected results, and remove some entries from TestExpectations for tests
that now pass.

* TestExpectations: Remove entries for tests that now pass. The failure of test http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html
was erroneously attributed to <https://bugs.webkit.org/show_bug.cgi?id=153562>.
* http/tests/security/contentSecurityPolicy/resources/determine-content-security-policy-header.php: Added.
* http/tests/security/contentSecurityPolicy/resources/script-set-value.js: Use global variable self instead of window so as to
make this script work both from a Document and a Web Worker. In a document, self refers to the Window object and in a worker
it refers to the WorkerGlobalScope object.
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt: Remove Blink-specific messages so that the test passes.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt: Substitute Blink-specific error text with the analogous WebKit error text.
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html: Ditto.
* http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScripts-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScript-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTry to fix Yosemite build.
antti@apple.com [Tue, 9 Feb 2016 01:25:35 +0000 (01:25 +0000)]
Try to fix Yosemite build.

* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196282 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
antti@apple.com [Tue, 9 Feb 2016 01:15:52 +0000 (01:15 +0000)]
Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
https://bugs.webkit.org/show_bug.cgi?id=154003

Reviewed by Darin Adler.

Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
It can also return nodes other than Element and Text which should not be part of the composed tree.

This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
ComposedTreeIterator is then implemented using this new iterator.

When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
local iterator becomes active.

* WebCore.xcodeproj/project.pbxproj:
* dom/ComposedTreeIterator.cpp:
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::pushContext):
(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::ComposedTreeIterator::traverseNextLeavingContext):
(WebCore::ComposedTreeIterator::advanceInSlot):
(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
(WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
(WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
(WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::operator*):
(WebCore::ComposedTreeIterator::operator->):
(WebCore::ComposedTreeIterator::operator==):
(WebCore::ComposedTreeIterator::operator!=):
(WebCore::ComposedTreeIterator::operator++):
(WebCore::ComposedTreeIterator::Context::Context):
(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
(WebCore::ComposedTreeIterator::traverseNextSibling):
(WebCore::ComposedTreeIterator::traversePreviousSibling):
(WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
(WebCore::ComposedTreeDescendantAdapter::begin):
(WebCore::ComposedTreeDescendantAdapter::end):
(WebCore::ComposedTreeDescendantAdapter::at):
(WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
(WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
(WebCore::ComposedTreeChildAdapter::begin):
(WebCore::ComposedTreeChildAdapter::end):
(WebCore::ComposedTreeChildAdapter::at):
(WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
(WebCore::ComposedTreeIterator::traverseParent): Deleted.
* dom/ElementAndTextDescendantIterator.h: Added.

    New iterator type that traverses Element and Text nodes (that is renderable nodes only).
    It also tracks depth for future use.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoB3::foldPathConstants() needs to execute its insertion set
fpizlo@apple.com [Tue, 9 Feb 2016 01:06:23 +0000 (01:06 +0000)]
B3::foldPathConstants() needs to execute its insertion set
https://bugs.webkit.org/show_bug.cgi?id=154020

Reviewed by Saam Barati.

* b3/B3FoldPathConstants.cpp:
* b3/testb3.cpp:
(JSC::B3::testFoldPathEqual): Added this. It used to crash in validation.
(JSC::B3::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Introduce @isObject bytecode intrinsic and use it instead of JS implemented one
utatane.tea@gmail.com [Mon, 8 Feb 2016 23:14:47 +0000 (23:14 +0000)]
[JSC] Introduce @isObject bytecode intrinsic and use it instead of JS implemented one
https://bugs.webkit.org/show_bug.cgi?id=153976

Reviewed by Darin Adler.

Use bytecode op_is_object directly.

* builtins/GlobalObject.js:
(isObject): Deleted.
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_isObject):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Extract a few common unicode characters into global variables
commit-queue@webkit.org [Mon, 8 Feb 2016 23:13:11 +0000 (23:13 +0000)]
Web Inspector: Extract a few common unicode characters into global variables
https://bugs.webkit.org/show_bug.cgi?id=154008

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Timothy Hatcher.

* UserInterface/Base/Utilities.js:
Create global variables for `emDash` and `ellipsis` to use all over the tools.

* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._formatParameterAsTable): Deleted.
* UserInterface/Views/DefaultDashboardView.js:
(WebInspector.DefaultDashboardView.prototype._updateDisplay):
* UserInterface/Views/HierarchicalPathComponent.js:
(WebInspector.HierarchicalPathComponent.prototype._updateElementTitleAndText):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement.createOption):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement):
* UserInterface/Views/HierarchicalPathNavigationItem.js:
(WebInspector.HierarchicalPathNavigationItem.prototype.updateLayout):
* UserInterface/Views/LayerTreeDataGridNode.js:
(WebInspector.LayerTreeDataGridNode.prototype.set layer):
* UserInterface/Views/LayoutTimelineDataGridNode.js:
(WebInspector.LayoutTimelineDataGridNode.prototype.createCellContent):
(WebInspector.LayoutTimelineDataGridNode):
* UserInterface/Views/MemoryCategoryView.js:
(WebInspector.MemoryCategoryView.prototype._updateDetails): Deleted.
(WebInspector.MemoryCategoryView): Deleted.
* UserInterface/Views/MemoryTimelineView.js:
(WebInspector.MemoryTimelineView.prototype._clearUsageLegend):
(WebInspector.MemoryTimelineView.prototype._updateUsageLegend):
(WebInspector.MemoryTimelineView.prototype._clearMaxComparisonLegend):
(WebInspector.MemoryTimelineView.prototype._updateMaxComparisonLegend):
* UserInterface/Views/MultipleScopeBarItem.js:
(WebInspector.MultipleScopeBarItem.set scopeBarItems.createOption):
(WebInspector.MultipleScopeBarItem.prototype.set scopeBarItems):
* UserInterface/Views/ObjectPreviewView.js:
(WebInspector.ObjectPreviewView.prototype._appendEntryPreviews):
(WebInspector.ObjectPreviewView.prototype._appendPropertyPreviews):
* UserInterface/Views/ProfileNodeDataGridNode.js:
(WebInspector.ProfileNodeDataGridNode.prototype.createCellContent):
(WebInspector.ProfileNodeDataGridNode):
* UserInterface/Views/RenderingFrameTimelineDataGridNode.js:
(WebInspector.RenderingFrameTimelineDataGridNode.prototype.createCellContent):
(WebInspector.RenderingFrameTimelineDataGridNode):
* UserInterface/Views/ResourceDetailsSidebarPanel.js:
(WebInspector.ResourceDetailsSidebarPanel.prototype._refreshRequestAndResponse): Deleted.
(WebInspector.ResourceDetailsSidebarPanel.prototype._valueForSize): Deleted.
* UserInterface/Views/ResourceTimelineDataGridNode.js:
(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):
* UserInterface/Views/ScriptTimelineDataGridNode.js:
(WebInspector.ScriptTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ScriptTimelineDataGridNode):
* UserInterface/Views/SearchResultTreeElement.js:
(WebInspector.SearchResultTreeElement.truncateAndHighlightTitle):
* UserInterface/Views/TimelineDataGridNode.js:
(WebInspector.TimelineDataGridNode.prototype.createCellContent):
* UserInterface/Views/TypeTreeElement.js:
(WebInspector.TypeTreeElement.prototype.onpopulate):
* UserInterface/Views/TypeTreeView.js:
(WebInspector.TypeTreeView.prototype._populate):
(WebInspector.TypeTreeView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago{Map,Set}.prototype.forEach should be visible as own properties
utatane.tea@gmail.com [Mon, 8 Feb 2016 23:12:11 +0000 (23:12 +0000)]
{Map,Set}.prototype.forEach should be visible as own properties
https://bugs.webkit.org/show_bug.cgi?id=153974

Reviewed by Darin Adler.

Source/JavaScriptCore:

Now, Map and Set uses builtin tables. We should inlude it in class info.

* runtime/MapPrototype.cpp:
* runtime/SetPrototype.cpp:

LayoutTests:

* js/Object-getOwnPropertyNames-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBaseline JIT should not require its input to be constant-propagated
fpizlo@apple.com [Mon, 8 Feb 2016 23:00:23 +0000 (23:00 +0000)]
Baseline JIT should not require its input to be constant-propagated
https://bugs.webkit.org/show_bug.cgi?id=154011
rdar://problem/24290933

Reviewed by Mark Lam.

* jit/JITArithmetic.cpp:
(JSC::JIT::emitBitBinaryOpFastPath):
(JSC::JIT::emitRightShiftFastPath):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCodeCache should give up on evals if there are variables under TDZ
fpizlo@apple.com [Mon, 8 Feb 2016 22:31:52 +0000 (22:31 +0000)]
CodeCache should give up on evals if there are variables under TDZ
https://bugs.webkit.org/show_bug.cgi?id=154002
rdar://problem/24300998

Reviewed by Mark Lam.

Disable the code cache optimization because our approach to TDZ for scoped variables - using
a separate check_tdz opcode when logically it's the get_from_scope's job to do it - makes
caching code impossible if there are any variables in TDZ.

We should do the right thing in the future, and fold the TDZ check into the get_from_scope.
This is better not only because it will restore caching, but because our bytecode for heap
accesses is usually at the highest practically doable level of abstraction, so that ICs,
compilers and caches can see the intended meaning of the bytecode more easily.

This doesn't appear to slow anything down, but that's just because we don't have enough ES6
benchmarks. I've filed: https://bugs.webkit.org/show_bug.cgi?id=154010

* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196272 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: ⇧⌘→ when editing text in the Elements tree shouldn't switch inspector tab
commit-queue@webkit.org [Mon, 8 Feb 2016 22:07:49 +0000 (22:07 +0000)]
Web Inspector: ⇧⌘→ when editing text in the Elements tree shouldn't switch inspector tab
https://bugs.webkit.org/show_bug.cgi?id=154006
<rdar://problem/22892489>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Timothy Hatcher.

* UserInterface/Views/EditingSupport.js:
(WebInspector.isEventTargetAnEditableField):
Check the WebInspector's custom __editing state.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196271 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
commit-queue@webkit.org [Mon, 8 Feb 2016 21:50:27 +0000 (21:50 +0000)]
Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
https://bugs.webkit.org/show_bug.cgi?id=148605

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

Source/WebCore:

Test: inspector/console/command-line-api-copy.html

* inspector/CommandLineAPIModuleSource.js:
(CommandLineAPIImpl.prototype.copy):
Support copying different types. This is meant to be more
convenient then just JSON.stringify, so it handles types
like Node, Symbol, RegExp, and Function a bit better.

LayoutTests:

* inspector/console/command-line-api-copy-expected.txt: Added.
* inspector/console/command-line-api-copy.html: Added.
* http/tests/inspector/console/cross-domain-inspected-node-access-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark fast/text/crash-complex-text-surrogate.html as flaky on mac-wk2
ryanhaddad@apple.com [Mon, 8 Feb 2016 21:47:32 +0000 (21:47 +0000)]
Mark fast/text/crash-complex-text-surrogate.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=154005

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r181345): SVG polyline and polygon leak page
commit-queue@webkit.org [Mon, 8 Feb 2016 20:54:05 +0000 (20:54 +0000)]
REGRESSION(r181345): SVG polyline and polygon leak page
https://bugs.webkit.org/show_bug.cgi?id=152759

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Source/WebCore:

The leak happens because of cyclic reference between SVGListPropertyTearOff
and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
There is also cyclic reference between SVGAnimatedProperty and SVGElement
and this causes the whole document to be leaked. So if the JS requests, for
example, an instance of SVGPolylineElement.points, the whole document will be
leaked.

The fix depends on having the cyclic reference as is since the owning and the
owned classes have to live together if any of them is referenced. But the owning
class caches a raw 'ref-counted' pointer of the owned class. If it is requested
for an instance of the owned class it returned a RefPtr<> of it. Once the owned
class is not used, it can delete itself. The only thing needed here is to notify
the owner class of the deletion so it cleans its caches and be able to create a
new pointer if it is requested for an instance of the owned class later.

Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
to break the cyclic reference between SVGElement and SVGAnimatedProperty.

Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
animVal() to break cyclic reference between SVGListPropertyTearOff and
SVGAnimatedListPropertyTearOff.

Test: svg/animations/smil-leak-list-property-instances.svg

* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue): The SVG non-string list tear-off properties became of
type RefPtr<>. So we need to use get() with the casting expressions.

* svg/SVGMarkerElement.cpp:
(WebCore::SVGMarkerElement::orientType):
Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::pathByteStream):
(WebCore::SVGPathElement::lookupOrCreateDWrapper):
Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPathElement::pathSegList):
(WebCore::SVGPathElement::normalizedPathSegList):
(WebCore::SVGPathElement::animatedPathSegList):
(WebCore::SVGPathElement::animatedNormalizedPathSegList):
* svg/SVGPathElement.h:
Change the return value from raw pointer to RefPtr<>.

* svg/SVGPathSegWithContext.h:
(WebCore::SVGPathSegWithContext::animatedProperty):
Change the return type to be RefPtr<> to preserve the value from being deleted.

* svg/SVGPolyElement.cpp:
(WebCore::SVGPolyElement::parseAttribute):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPolyElement::points):
(WebCore::SVGPolyElement::animatedPoints):
* svg/SVGPolyElement.h:
Change the return value from raw pointer to RefPtr<>.

* svg/SVGViewSpec.cpp:
(WebCore::SVGViewSpec::setTransformString):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGViewSpec::transform):
* svg/SVGViewSpec.h:
Change the return value from raw pointer to RefPtr<>.

* svg/properties/SVGAnimatedListPropertyTearOff.h:
(WebCore::SVGAnimatedListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedListPropertyTearOff::animVal):
Change the return value from raw pointer to RefPtr<> and change the cached
value from RefPtr<> to raw pointer. If the property is null, it will be
created, its raw pointer will be cached and the only ref-counted RefPtr<>
will be returned. This will guarantee, the RefPtr<> will be deleted once
it is not used anymore.

(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
actual pointer. This function will be called from the destructor of
SVGListPropertyTearOff.

(WebCore::SVGAnimatedListPropertyTearOff::findItem):
(WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
We have to ensure the baseVal() is created before using it.

(WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
to the animVal(). This will prevent deleting m_animVal while animation.

* svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
(WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

(WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
Same as what is done in SVGAnimatedListPropertyTearOff.

* svg/properties/SVGAnimatedProperty.h:
(WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
Change the return value from raw reference to Ref<> and change the
cached value from Ref<> to raw pointer. This reverts the change of
r181345 in this function.

(WebCore::SVGAnimatedProperty::lookupWrapper):
Change the return value from raw pointer to RefPtr<>.

* svg/properties/SVGAnimatedPropertyMacros.h:
Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

* svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
(WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

* svg/properties/SVGListPropertyTearOff.h:
(WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
its raw pointers when the RefPtr<> deletes itself.

LayoutTests:

* TestExpectations: Remove flaky tests from test expectation.

* svg/animations/smil-leak-list-property-instances-expected.txt: Added.
* svg/animations/smil-leak-list-property-instances.svg: Added.
Ensure if SVGPolylineElement.points is requested from JS, the document will
not leak.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash when trying to chain to the old -[NSView setNeedsDisplayInRect:]
andersca@apple.com [Mon, 8 Feb 2016 20:53:21 +0000 (20:53 +0000)]
Crash when trying to chain to the old -[NSView setNeedsDisplayInRect:]
https://bugs.webkit.org/show_bug.cgi?id=154001
rdar://problem/24519975

Reviewed by Dan Bernstein.

If our replaced -[NSView setNeedsDisplayInRect:] is called before the old IMP has been initialized,
we can end up trying to call a null pointer.

Fix this by using method_exchangeImplementations instead of method_setImplementation, since the former is done
atomically.

* WebView/WebHTMLView.mm:
(-[NSView _web_setNeedsDisplayInRect:]):
(+[WebHTMLViewPrivate initialize]):
(setNeedsDisplayInRect): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Long values for comma separated CSS properties overflow the Visual...
commit-queue@webkit.org [Mon, 8 Feb 2016 19:49:52 +0000 (19:49 +0000)]
Web Inspector: Long values for comma separated CSS properties overflow the Visual sidebar area
https://bugs.webkit.org/show_bug.cgi?id=153890
<rdar://problem/24510216>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-08
Reviewed by Timothy Hatcher.

For especially long values in comma-separated CSS properties (such as
background-image), the text will not be clipped as expected due to the
way in which the width is calculated for the element (the value, inside
the title element, is the only child with a specified width other than
100%). This overflowing causes the width of the section containing that
property to expand, pushing content outside of the inspector window. To
remedy this, a specified width is set on the relevant properties based
on the width of the sidebar to ensure proper text clipping.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item.visual-style-font-family-list-item > .visual-style-comma-separated-keyword-item-editor):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item): Deleted.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth):
Calculates the necessary subtractions from the given width value based on
the margins and size of sibling elements.

* UserInterface/Views/VisualStyleDetailsPanel.js:
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateFontSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBackgroundStyleSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBoxShadowSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateTransitionSection):
Added another list to each group which, if set, will pass the current
sidebar width to all contained property editors.

* UserInterface/Views/VisualStylePropertyEditor.js:
(WebInspector.VisualStylePropertyEditor.prototype.update):
Somewhat unrelated (r196146), but added another check to ensure that the
CSS property exists before checking to see if it has an invalid value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] WebKitWebView should send crossing events to the WebProcess
carlosgc@webkit.org [Mon, 8 Feb 2016 19:42:42 +0000 (19:42 +0000)]
[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

* Shared/gtk/WebEventFactory.cpp:
(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoInfinite loop when processing mouse events synchronously
carlosgc@webkit.org [Mon, 8 Feb 2016 19:41:09 +0000 (19:41 +0000)]
Infinite loop when processing mouse events synchronously
https://bugs.webkit.org/show_bug.cgi?id=153995

Reviewed by Darin Adler.

This happened with WTR in the GTK+ port after landing patch in bug
#153740. The thing is that WTR forces events handling IPC messages
to be synchronous. When a drag and drop operation is in progress,
the web process ignores mouse move events and replies with
DidReceiveEvent signal. The DidReceiveEvent message handler in
WebPageProxy checks if we have a m_nextMouseMoveEvent and handles
it, but when all this happens synchronously the
m_nextMouseMoveEvent is the current one because we haven't
returned yet from handleMouseEvent(). We need to invalidate the
m_nextMouseMoveEvent before calling handleMouseEvent().

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didReceiveEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPiP and external playback are mutually exclusive.
commit-queue@webkit.org [Mon, 8 Feb 2016 19:33:50 +0000 (19:33 +0000)]
PiP and external playback are mutually exclusive.
https://bugs.webkit.org/show_bug.cgi?id=153988
rdar://problem/24108661

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to
turn-off external playback when entering picture-in-picture.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerController isPlayingOnExternalScreen]):
(+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIndexedDB: No test covers cursor.delete() setting the source of the request to the...
beidson@apple.com [Mon, 8 Feb 2016 19:31:48 +0000 (19:31 +0000)]
IndexedDB: No test covers cursor.delete() setting the source of the request to the cursor.
https://bugs.webkit.org/show_bug.cgi?id=153992

Reviewed by Jer Noble.

* storage/indexeddb/cursor-delete-expected.txt:
* storage/indexeddb/cursor-delete-private-expected.txt:
* storage/indexeddb/resources/cursor-delete.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Arrow function syntax. Using 'super' in arrow function that declared out of...
commit-queue@webkit.org [Mon, 8 Feb 2016 19:29:24 +0000 (19:29 +0000)]
[ES6] Arrow function syntax. Using 'super' in arrow function that declared out of the class should lead to Syntax error
https://bugs.webkit.org/show_bug.cgi?id=150893

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-08
Reviewed by Saam Barati.
Source/JavaScriptCore:

'super' and 'super()' inside of the arrow function should lead to syntax error if they are used
out of the class context or they wrapped by ordinary function. Now JSC returns ReferenceError but
should return SyntaxError according to the following specs:
http://www.ecma-international.org/ecma-262/6.0/#sec-function-definitions-static-semantics-early-errors
and http://www.ecma-international.org/ecma-262/6.0/#sec-arrow-function-definitions-runtime-semantics-evaluation
Curren patch implemented only one case when super/super() are used inside of the arrow function
Case when super/super() are used within the eval:
   class A {}
   class B extends A {
       costructor() { eval("super()");}
   }
is not part of this patch and will be implemented in this issue https://bugs.webkit.org/show_bug.cgi?id=153864.
The same for case when eval with super/super() is invoked in arrow function will be
implemented in issue https://bugs.webkit.org/show_bug.cgi?id=153977.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFunctionInfo):
* parser/Parser.h:
(JSC::Scope::Scope):
(JSC::Scope::setExpectedSuperBinding):
(JSC::Scope::expectedSuperBinding):
(JSC::Scope::setConstructorKind):
(JSC::Scope::constructorKind):
(JSC::Parser::closestParentNonArrowFunctionNonLexicalScope):
* tests/stress/arrowfunction-lexical-bind-supercall-4.js:
* tests/stress/arrowfunction-lexical-bind-superproperty.js:

LayoutTests:

Adding tests for using of the 'super' inside of the arrow function

* js/arrowfunction-superproperty-expected.txt:
* js/arrowfunction-syntax-errors-expected.txt:
* js/script-tests/arrowfunction-superproperty.js:
* js/script-tests/arrowfunction-syntax-errors.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove __weak from WKAirPlayRoutePicker.mm to fix build warning.
commit-queue@webkit.org [Mon, 8 Feb 2016 19:27:01 +0000 (19:27 +0000)]
Remove __weak from WKAirPlayRoutePicker.mm to fix build warning.
https://bugs.webkit.org/show_bug.cgi?id=153985
rdar://problem/24485348

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Remove __weak since it is only available when using ARC.

* UIProcess/ios/forms/WKAirPlayRoutePicker.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake sure that locking code that relies on module boundaries for compiler fences...
fpizlo@apple.com [Mon, 8 Feb 2016 18:58:12 +0000 (18:58 +0000)]
Make sure that locking code that relies on module boundaries for compiler fences uses NEVER_INLINE
https://bugs.webkit.org/show_bug.cgi?id=153972

Reviewed by Andreas Kling.

When this code was written, we assumed that module boundaries were compiler fences. That might
not be the case if we ever do LTO.

* wtf/Lock.cpp:
(WTF::LockBase::lockSlow):
(WTF::LockBase::unlockSlow):
* wtf/ParkingLot.cpp:
(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkAll):
(WTF::ParkingLot::forEach):
* wtf/WordLock.cpp:
(WTF::WordLock::lockSlow):
(WTF::WordLock::unlockSlow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoParser should detect error before calls to parseAssignmentExpression()
fpizlo@apple.com [Mon, 8 Feb 2016 18:52:57 +0000 (18:52 +0000)]
Parser should detect error before calls to parseAssignmentExpression()
https://bugs.webkit.org/show_bug.cgi?id=153975
rdar://problem/24291231

Reviewed by Saam Barati.

Fixes a very hard-to-create situation that an internal test picked up.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::parseAssignmentExpression):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Fix crash when creating webview with g_object_new
commit-queue@webkit.org [Mon, 8 Feb 2016 18:43:18 +0000 (18:43 +0000)]
[GTK] Fix crash when creating webview with g_object_new
https://bugs.webkit.org/show_bug.cgi?id=153989

Patch by Danilo Cesar Lemes de Paula <danilo.cesar@collabora.co.uk> on 2016-02-08
Reviewed by Carlos Garcia Campos.

g_object_new(WEBKIT_TYPE_WEB_VIEW, NULL) crashes webkit
as _WebKitWebViewBasePrivate constructor requires a mainloop, but
webkit is only initialized when a context is created (which
doesn't happen with a direct call to g_object_new).

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkit_web_view_base_class_init):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196257 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196253.
commit-queue@webkit.org [Mon, 8 Feb 2016 18:28:39 +0000 (18:28 +0000)]
Unreviewed, rolling out r196253.
https://bugs.webkit.org/show_bug.cgi?id=153990

Caused several crashes in GTK+ bots (Requested by KaL on
#webkit).

Reverted changeset:

"[GTK] WebKitWebView should send crossing events to the
WebProcess"
https://bugs.webkit.org/show_bug.cgi?id=153740
http://trac.webkit.org/changeset/196253

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: WebInspector.Setting should have a "reset" method
mattbaker@apple.com [Mon, 8 Feb 2016 18:23:08 +0000 (18:23 +0000)]
Web Inspector: WebInspector.Setting should have a "reset" method
https://bugs.webkit.org/show_bug.cgi?id=153971
<rdar://problem/24544101>

Reviewed by Brian Burg.

Currently UI needing to restore a setting to its default must retain a copy
of the default value. This should be a basic operation of WebInspector.Setting.

* UserInterface/Base/Setting.js:
(WebInspector.Setting):
(WebInspector.Setting.prototype.reset):
Sets value to a copy of the default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebAVPlayerController should implement currentTimeWithinEndTimes.
commit-queue@webkit.org [Mon, 8 Feb 2016 17:06:34 +0000 (17:06 +0000)]
WebAVPlayerController should implement currentTimeWithinEndTimes.
https://bugs.webkit.org/show_bug.cgi?id=153983
rdar://problem/22864621

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
implementation becuase AVPlayer start and end times aren't used.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerController currentTimeWithinEndTimes]):
(-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
(+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] WebKitWebView should send crossing events to the WebProcess
carlosgc@webkit.org [Mon, 8 Feb 2016 16:59:39 +0000 (16:59 +0000)]
[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

* Shared/gtk/WebEventFactory.cpp:
(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebVideoFullscreenInterface should handle video resizing.
commit-queue@webkit.org [Mon, 8 Feb 2016 16:46:12 +0000 (16:46 +0000)]
WebVideoFullscreenInterface should handle video resizing.
https://bugs.webkit.org/show_bug.cgi?id=153982
rdar://problem/22031249

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Video fullscreen can be initiated before video dimension are available.
Protect against an initial width or height of zero and observe resize events
to update once video dimensions become available or change.

* platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
(WebVideoFullscreenModelVideoElement::updateForEventName):
(WebVideoFullscreenModelVideoElement::observedEventNames):
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer layoutSublayers]):
(-[WebAVPlayerLayer videoRect]):
(WebVideoFullscreenInterfaceAVKit::setVideoDimensions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVisiting a WeakBlock should report bytes visited, since we reported them allocated.
akling@apple.com [Mon, 8 Feb 2016 16:25:22 +0000 (16:25 +0000)]
Visiting a WeakBlock should report bytes visited, since we reported them allocated.
<https://webkit.org/b/153978>

Reviewed by Darin Adler.

When creating a WeakBlock, we tell Heap that we've allocated 1 KB (WeakBlock::blockSize)
of memory. Consequently, when visiting a WeakBlock, we should also report 1 KB of memory
visited. Otherwise Heap will think that those 1 KB already went away.

This was causing us to underestimate heap size, which affects collection scheduling.

* heap/SlotVisitor.h:
(JSC::SlotVisitor::reportMemoryVisited):
* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTimeouts in tests because of non implemented UIScriptController::singleTapAtPoint()
commit-queue@webkit.org [Mon, 8 Feb 2016 13:43:11 +0000 (13:43 +0000)]
Timeouts in tests because of non implemented UIScriptController::singleTapAtPoint()
https://bugs.webkit.org/show_bug.cgi?id=153833

Unreviewed.

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196250 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIndent inline box test fails due to assertion in VisibleSelection::selectionFromConte...
commit-queue@webkit.org [Mon, 8 Feb 2016 13:41:47 +0000 (13:41 +0000)]
Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
https://bugs.webkit.org/show_bug.cgi?id=153824

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08
Reviewed by Michael Catanzaro.

* editing/markup.cpp:
(WebCore::highestAncestorToWrapMarkup):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196249 268f45cc-cd09-0410-ab3c-d52691b4dbfc