WebKit-https.git
3 years agoUpdate Animometer plan
jonlee@apple.com [Thu, 14 Apr 2016 20:22:02 +0000 (20:22 +0000)]
Update Animometer plan
https://bugs.webkit.org/show_bug.cgi?id=156569

Reviewed by Alex Christensen.

* Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Update to r199328. Includes update to screen
resolution, starting with complexity of 1, and fixing SVG, multiply, and text tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CMake] Clean up CMake files
bfulgham@apple.com [Thu, 14 Apr 2016 19:02:04 +0000 (19:02 +0000)]
[CMake] Clean up CMake files
https://bugs.webkit.org/show_bug.cgi?id=156580

Reviewed by Alex Christensen.

Revise the various CMake input files to reduce the amount of duplicated file references in
the various ports.

* CMakeLists.txt:
* PlatformAppleWin.cmake:
* PlatformEfl.cmake:
* PlatformGTK.cmake:
* PlatformWin.cmake:
* PlatformWinCairo.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderMathMLOperator: Add helper function to retrieve italic correction
fred.wang@free.fr [Thu, 14 Apr 2016 18:27:51 +0000 (18:27 +0000)]
RenderMathMLOperator: Add helper function to retrieve italic correction
https://bugs.webkit.org/show_bug.cgi?id=156572

Reviewed by Darin Adler.

No new tests, the helper function will only be used in bug 153918.

* rendering/mathml/RenderMathMLOperator.cpp:
(WebCore::RenderMathMLOperator::italicCorrection): Return the italic correction from the MATH table if it's a large operator.
* rendering/mathml/RenderMathMLOperator.h: Declare italicCorrection.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199548 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderMathMLOperator: Move glyph measuring helper functions outside the class
fred.wang@free.fr [Thu, 14 Apr 2016 18:23:51 +0000 (18:23 +0000)]
RenderMathMLOperator: Move glyph measuring helper functions outside the class
https://bugs.webkit.org/show_bug.cgi?id=156571

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-14
Reviewed by Darin Adler.

No new tests, this is just a simple refactoring to prepare the patch
for bug 156542, without any behavior change.

* rendering/mathml/RenderMathMLOperator.cpp: MATHML_OPDICT_SIZE was removed in bug 152242, so no need to undef it.
(WebCore::boundsForGlyph): Static inline helper function moved from the RenderMathMLOperator class.
(WebCore::heightForGlyph): Ditto.
(WebCore::advanceWidthForGlyph): Ditto and renamed.
(WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Rename advanceForGlyph.
(WebCore::RenderMathMLOperator::findStretchyData): Ditto.
(WebCore::RenderMathMLOperator::updateStyle): Ditto.
(WebCore::RenderMathMLOperator::paintGlyph): Ditto.
(WebCore::RenderMathMLOperator::paint): Ditto.
(WebCore::RenderMathMLOperator::trailingSpaceError): Ditto.
(WebCore::RenderMathMLOperator::setOperatorProperties): Deleted.
(WebCore::RenderMathMLOperator::boundsForGlyph): Deleted.
(WebCore::RenderMathMLOperator::heightForGlyph): Deleted.
(WebCore::RenderMathMLOperator::advanceForGlyph): Deleted.
* rendering/mathml/RenderMathMLOperator.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199547 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSet some RenderMathMLOperator members as final
fred.wang@free.fr [Thu, 14 Apr 2016 18:21:15 +0000 (18:21 +0000)]
Set some RenderMathMLOperator members as final
https://bugs.webkit.org/show_bug.cgi?id=156574

Reviewed by Darin Adler.

No new tests, this is only a simple refactoring without behavior change.

* rendering/mathml/RenderMathMLOperator.h: Replace "override" with "final" for some members.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199546 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate treatment of invoking RegExp.prototype methods on RegExp.prototype.
mark.lam@apple.com [Thu, 14 Apr 2016 18:16:35 +0000 (18:16 +0000)]
Update treatment of invoking RegExp.prototype methods on RegExp.prototype.
https://bugs.webkit.org/show_bug.cgi?id=155922

Reviewed by Keith Miller.

Source/JavaScriptCore:

According to the TC39 committee, when invoking the following RegExp.prototype
methods on the RegExp.prototype:
1. RegExp.prototype.flags yields ""
2. RegExp.prototype.global yields undefined
3. RegExp.prototype.ignoreCase yields undefined
4. RegExp.prototype.multiline yields undefined
5. RegExp.prototype.unicode yields undefined
6. RegExp.prototype.source yields "(?:)"
7. RegExp.prototype.sticky yields undefined
8. RegExp.prototype.toString() yields "/(?:)/"

and RegExp.prototype is still NOT an instance of RegExp.  The above behavior
changes is a special dispensation applicable only to RegExp.prototype.  The ES6
spec of throwing errors still applies if those methods are applied to anything =
else that is not a RegExp object.

* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoGetterGlobal):
(JSC::regExpProtoGetterIgnoreCase):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):
(JSC::regExpProtoGetterFlags):
(JSC::regExpProtoGetterSource):
- Implemented new behavior.

* tests/es6/miscellaneous_built-in_prototypes_are_not_instances.js:
(test):
- Updated to match current kangax test.

LayoutTests:

* fast/regex/script-tests/toString.js:
* fast/regex/toString-expected.txt:
* ietestcenter/Javascript/15.10.7.1-1-expected.txt:
* ietestcenter/Javascript/TestCases/15.10.7.1-1.js:
(ES5Harness.registerTest.test):
* js/kde/RegExp-expected.txt:
* js/kde/script-tests/RegExp.js:
* js/pic/cached-named-property-getter.html:
* js/regexp-flags-expected.txt:
* js/script-tests/regexp-flags.js:
- updated test behaviors in some cases, and rebased results as needed.

* js/regress/regexp-prototype-is-not-instance-expected.txt: Added.
* js/regress/regexp-prototype-is-not-instance.html: Added.
* js/regress/script-tests/regexp-prototype-is-not-instance.js: Added.
- Tests new RegExp.prototype method behaviors.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEnsure that RenderMathMLOperator::stretchTo functions are called with stretchy operat...
fred.wang@free.fr [Thu, 14 Apr 2016 18:04:44 +0000 (18:04 +0000)]
Ensure that RenderMathMLOperator::stretchTo functions are called with stretchy operators that have the correct direction
https://bugs.webkit.org/show_bug.cgi?id=156542

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-14
Reviewed by Darin Adler.

Source/WebCore:

In the RenderMathMLUnderOver refactoring (r199293), we avoided doing a
horizontal stretchTo call for non-stretchy operators. Here we do the
same for RenderMathMLRow and avoid doing a vertical stretchTo call for
horizontal or non-stretchy operators. We also add appropriate ASSERT in
the RenderMathMLOperator::stretchTo functions. To avoid failing tests
with DOM/style update, we make our updates a bit stricter. Hopefully,
we could manage such things better in the future (bug 156536).

Tests: mathml/presentation/row-nonstretchy-or-horizontal.html
       mathml/presentation/underover-nonstretchy-or-vertical.html

* mathml/MathMLTextElement.cpp:
(WebCore::MathMLTextElement::parseAttribute): Replace setOperatorFlagAndScheduleLayoutIfNeeded with a stronger rendering update.
Also ensure that this is done when the lspace/rspace attributes change.
This avoids breaking mathml/presentation/mo-lspace-rspace-dynamic.html
* rendering/mathml/RenderMathMLOperator.cpp:
(WebCore::RenderMathMLOperator::stretchTo): Add ASSERT to ensure that it is only called with stretchy operators that have the correct direction.
(WebCore::RenderMathMLOperator::styleDidChange): Do a stronger rendering update when the style changes.
This avoids breaking mathml/presentation/style-changed.html
(WebCore::RenderMathMLOperator::setOperatorFlagAndScheduleLayoutIfNeeded): Deleted.
* rendering/mathml/RenderMathMLOperator.h: Make updateFromElement public so that it can be called from MathMLTextElement::parseAttribute
Remove setOperatorFlagAndScheduleLayoutIfNeeded and declare styleDidChange.
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::layoutRowItems): Only call stretchTo for vertical stretchy operators.

LayoutTests:

Add a test to ensure that nonstretchy or horizontal operators in a
RenderMathMLRow do not stretch. This is similar to the existing test
for munderover and we improve a bit that one too.
Besides the verification of the rendering, these two tests will also
check that the RenderMathMLOperator::stretchTo calls are not done in a
way that violates the ASSERT at the top of stretchTo.

* mathml/presentation/row-nonstretchy-or-horizontal.html: Added.
* mathml/presentation/row-nonstretchy-or-horizontal-expected.html: Added.
* mathml/presentation/underover-nonstretchy-horizontal.html: Removed.
* mathml/presentation/underover-nonstretchy-horizontal-expected.html: Removed.
* mathml/presentation/underover-nonstretchy-or-vertical.html: Renamed from LayoutTests/mathml/presentation/underover-nonstretchy-horizontal.html.
We now also test the case of vertical operators in munderover.
* mathml/presentation/underover-nonstretchy-or-vertical-expected.html: Renamed from LayoutTests/mathml/presentation/underover-nonstretchy-horizontal-expected.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199544 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSome imported ES6 tests are missing __createIterableObject
ggaren@apple.com [Thu, 14 Apr 2016 17:56:31 +0000 (17:56 +0000)]
Some imported ES6 tests are missing __createIterableObject
https://bugs.webkit.org/show_bug.cgi?id=156584

Reviewed by Keith Miller.

These tests were failing because I neglected to include __createIterableObject
when I first imported them. Now they pass.

* tests/es6.yaml:
* tests/es6/Array_static_methods_Array.from_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/Array_static_methods_Array.from_instances_of_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/Array_static_methods_Array.from_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/Array_static_methods_Array.from_map_function_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/Array_static_methods_Array.from_map_function_instances_of_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/Map_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/Promise_Promise.all_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test.asyncTestPassed):
* tests/es6/Promise_Promise.race_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test.asyncTestPassed):
* tests/es6/Set_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/WeakMap_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/WeakSet_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/destructuring_iterator_closing.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/destructuring_with_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/destructuring_with_instances_of_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/for..of_loops_iterator_closing_break.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/for..of_loops_iterator_closing_throw.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/for..of_loops_with_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/for..of_loops_with_instances_of_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/generators_yield_star_generic_iterables.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/generators_yield_star_iterator_closing_via_throw.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
* tests/es6/spread_..._operator_with_generic_iterables_in_arrays.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/spread_..._operator_with_generic_iterables_in_calls.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/spread_..._operator_with_instances_of_iterables_in_arrays.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):
* tests/es6/spread_..._operator_with_instances_of_iterables_in_calls.js:
(iterator.next):
(iterable.Symbol.iterator):
(__createIterableObject):
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199543 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION: Web Inspector: Remote inspector doesn't work
commit-queue@webkit.org [Thu, 14 Apr 2016 17:44:20 +0000 (17:44 +0000)]
REGRESSION: Web Inspector: Remote inspector doesn't work
https://bugs.webkit.org/show_bug.cgi?id=156543

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2016-04-14
Reviewed by Timothy Hatcher.

WebSocket connection is blocked by CSP, but needed by the remote web inspector to work, so allow connect to ws
URLs from the web inspector. Also add stubs for zoomFactor and setZoomFactor to InspectorFrontendHostStub,
required after r199396.

* UserInterface/Base/InspectorFrontendHostStub.js:
(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.setZoomFactor):
(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.zoomFactor):
* UserInterface/Main.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWhen FileInputType::setFiles is called with an empty file list, the last set icon...
andersca@apple.com [Thu, 14 Apr 2016 17:34:25 +0000 (17:34 +0000)]
When FileInputType::setFiles is called with an empty file list, the last set icon is not cleared
https://bugs.webkit.org/show_bug.cgi?id=156582

Reviewed by Beth Dakin.

* html/FileInputType.cpp:
(WebCore::FileInputType::requestIcon):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove UsePointersEvenForNonNullableObjectArguments from Internals
darin@apple.com [Thu, 14 Apr 2016 17:10:14 +0000 (17:10 +0000)]
Remove UsePointersEvenForNonNullableObjectArguments from Internals
https://bugs.webkit.org/show_bug.cgi?id=156539

Reviewed by Alex Christensen.

Source/WebCore:

* html/HTMLImageElement.idl: Exported this so it can be used as the type for
a function argument in Internals.idl.
* html/HTMLInputElement.idl: Ditto.
* html/HTMLLinkElement.idl: Ditto.
* html/HTMLSelectElement.idl: Ditto.

* testing/Internals.cpp:
(WebCore::InspectorStubFrontend::InspectorStubFrontend): Take a Page&.
(WebCore::Internals::create): Take a Document&.
(WebCore::Internals::resetToConsistentState): Take a Page&.
(WebCore::Internals::Internals): Take a Document&.
(WebCore::Internals::settings): Use nullptr instead of 0.
(WebCore::Internals::address): Take a Node&.
(WebCore::Internals::nodeNeedsStyleRecalc): Take a Node& and no ExceptionCode&.
(WebCore::Internals::styleChangeType): Ditto.
(WebCore::Internals::xhrResponseSource): Take an XMLHttpRequest&.
(WebCore::Internals::isSharingStyleSheetContents): Take two
HTMLLinkElement&.
(WebCore::Internals::isStyleSheetLoadingSubresources): Take an HTMLLinkElement&.
(WebCore::Internals::imageFrameIndex): Take an HTMLImageElement& and no
ExceptionCode&. Also return an unsigned rather than size_t, since the IDL expects
unsigned long, which means unsigned in C++ code.
(WebCore::Internals::treeScopeRootNode): Take a Node& and no ExceptionCode&.
(WebCore::Internals::parentTreeScope): Ditto.
(WebCore::Internals::pauseAnimationAtTimeOnElement): Take an Element&.
(WebCore::Internals::pauseAnimationAtTimeOnPseudoElement): Ditto.
(WebCore::Internals::pauseTransitionAtTimeOnElement): Ditto.
(WebCore::Internals::pauseTransitionAtTimeOnPseudoElement): Ditto.
(WebCore::Internals::attached): Deleted.
(WebCore::Internals::elementRenderTreeAsText): Take an Element&.
(WebCore::Internals::hasPausedImageAnimations): Take an Element& and no
ExceptionCode&.
(WebCore::Internals::computedStyleIncludingVisitedInfo): Take a Node& and no
ExceptionCode&.
(WebCore::Internals::ensureShadowRoot): Take an Element&.
(WebCore::Internals::ensureUserAgentShadowRoot): Take an Element& and no
ExceptionCode&.
(WebCore::Internals::createShadowRoot): Take an Element&.
(WebCore::Internals::shadowRoot): Take an Element& and no ExceptionCode&.
(WebCore::Internals::shadowRootType): Take a Node&.
(WebCore::Internals::includerFor): Deleted.
(WebCore::Internals::shadowPseudoId): Take an Element& and no ExceptionCode&.
(WebCore::Internals::setShadowPseudoId): Ditto.
(WebCore::Internals::visiblePlaceholder): Take an Element&.
(WebCore::Internals::selectColorInColorChooser): Take an HTMLInputElement&.
(WebCore::Internals::boundingBox): Take an Element& and no ExceptionCode&.
(WebCore::Internals::markerCountForNode): Take a Node&.
(WebCore::Internals::markerAt): Ditto.
(WebCore::Internals::markerRangeForNode): Ditto.
(WebCore::Internals::markerDescriptionForNode): Ditto.
(WebCore::Internals::addTextMatchMarker): Take a const Range&.
(WebCore::Internals::setScrollViewPosition): Take int instead of long; long in
IDL means int in C++ code.
(WebCore::Internals::wasLastChangeUserEdit): Take an Element&.
(WebCore::Internals::elementShouldAutoComplete): Take an HTMLInputElement&.
(WebCore::Internals::setEditingValue): Take an HTMLInputElement& and no
ExceptionCode&.
(WebCore::Internals::setAutofilled): Ditto.
(WebCore::Internals::setShowAutoFillButton): Ditto.
(WebCore::Internals::scrollElementToRect): Take an Element& and int instead of long.
(WebCore::Internals::autofillFieldName): Take an Element&.
(WebCore::Internals::rangeFromLocationAndLength): Take an Element& and no ExceptionCode&.
(WebCore::Internals::locationFromRange): Ditto.
(WebCore::Internals::lengthFromRange): Take an Element& and const Range& and no
ExceptionCode&.
(WebCore::Internals::rangeAsText): Take const Range& an no ExceptionCode&.
(WebCore::Internals::subrange): Take Range& an no ExceptionCode&.
(WebCore::Internals::nodesFromRect): Take a Document&.
(WebCore::Internals::openDummyInspectorFrontend): Ditto.
(WebCore::Internals::layerTreeAsText): Take an Element&.
(WebCore::Internals::setElementUsesDisplayListDrawing): Ditto.
(WebCore::Internals::setElementTracksDisplayListReplay): Ditto.
(WebCore::Internals::displayListForElement): Ditto.
(WebCore::Internals::replayDisplayListForElement): Ditto.
(WebCore::Internals::counterValue): Ditto.
(WebCore::Internals::pageNumber): Ditto.
(WebCore::Internals::webkitWillEnterFullScreenForElement): Ditto.
(WebCore::Internals::webkitDidEnterFullScreenForElement): Ditto.
(WebCore::Internals::webkitWillExitFullScreenForElement): Ditto.
(WebCore::Internals::webkitDidExitFullScreenForElement): Ditto.
(WebCore::Internals::layerFlushCount): Return unsigned instead of unsigned long.
IDL unsigned long means unsigned in C++ code.
(WebCore::Internals::styleRecalcCount): Ditto.
(WebCore::Internals::compositingUpdateCount): Ditto.
(WebCore::Internals::deserializeBuffer): Take an ArrayBuffer&.
(WebCore::Internals::markerTextForListItem): Take an Element& and no ExceptionCode&.
(WebCore::Internals::toolTipFromElement): Ditto.
(WebCore::Internals::getImageSourceURL): Ditto.
(WebCore::Internals::simulateAudioInterruption): Take an HTMLMediaElement&.
(WebCore::Internals::mediaElementHasCharacteristic): Ditto.
(WebCore::Internals::isSelectPopupVisible): Take an HTMLSelectElement&.
(WebCore::Internals::closestTimeToTimeRanges): Take a TimeRange&.
(WebCore::Internals::isPluginUnavailabilityIndicatorObscured): Take an Element&.
(WebCore::Internals::isPluginSnapshotted): Take an Element& and no ExceptionCode&.
(WebCore::Internals::bufferedSamplesForTrackID): Take a SourceBuffer&.
(WebCore::Internals::setShouldGenerateTimestamps): Ditto.
(WebCore::Internals::setMediaElementRestrictions): Take an HTMLMediaElement&.
(WebCore::Internals::elementIsBlockingDisplaySleep): Take an HTMLMediaElement&.
(WebCore::Internals::setAudioContextRestrictions): Take an AudioContext&.
(WebCore::Internals::scrollSnapOffsets): Take an Element&.
(WebCore::Internals::getCurrentMediaControlsStatusForElement): Take an HTMLMediaElement&.
(WebCore::Internals::userVisibleString): Take a const DOMURL&.
(WebCore::Internals::composedTreeAsText): Take a Node&.

* testing/Internals.h: Update for all the changes listed above.

* testing/Internals.idl: Removed UsePointersEvenForNonNullableObjectArguments. Removed
many unneeded [RaisesException]. Used more specific types for many arguments. Removed
unused, and unimplemented, attached and includedFor functions. Made the node argument to
updateLayoutIgnorePendingStylesheetsAndRunPostLayoutTasks nullable as well as optional.

* testing/Internals.mm:
(WebCore::Internals::userVisibleString): Take a const DOMURL&.

* testing/js/WebCoreTestSupport.cpp:
(WebCoreTestSupport::injectInternalsObject): Pass a Document& rather than a Document*.
(WebCoreTestSupport::resetInternalsObject): Pass a Page& rather than a Page*.

LayoutTests:

* fast/forms/color/input-color-onchange-event-expected.txt: Updated.
* fast/forms/color/input-color-onchange-event.html: Removed unneeded test of how the
internals object handles incorrect values passed to the test function. This wasn't testing
actual WebKit code at all, it was just a test of the internals object implementation.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Ignore report-only policy delivered via meta element
dbates@webkit.org [Thu, 14 Apr 2016 16:48:05 +0000 (16:48 +0000)]
CSP: Ignore report-only policy delivered via meta element
https://bugs.webkit.org/show_bug.cgi?id=156565
<rdar://problem/25718167>

Reviewed by Brent Fulgham.

Source/WebCore:

Only honor a report-only policy delivered via the HTTP header Content-Security-Policy-Report-Only
or X-WebKit-CSP-Report-Only as per section Content-Security-Policy-Report-Only Header Field of
the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015).

Currently we honor a report-only policy delivered via a meta element or an HTTP header. Instead
we should only honor such a policy when delivered via an HTTP header.

Tests: http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored2.html
       http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.php
       http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode.php
       http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php
       http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php
       http/tests/security/contentSecurityPolicy/report-only-report-uri-missing.php

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Do not process policy for HTTP equivalent header
Content-Security-Policy-Report-Only and X-WebKit-CSP-Report-Only.

LayoutTests:

Add new test LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored2.html
to ensure that we ignore X-WebKit-CSP-Report-Only when delivered via a meta element.

Rename test report-multiple-violations-0{1, 2}.html and eval-allowed-in-report-only-mode-and-sends-report.html
to report-multiple-violations-0{1, 2}.php and eval-allowed-in-report-only-mode-and-sends-report.php, respectively,
so that we can make use of PHP to deliver the report-only policy via an HTTP header instead of via a meta element
as the latter is no longer supported. Additionally, fix up code style in some tests to make them more
consistent with the code style we use for tests.

* TestExpectations: Update some entries due to renaming and mark tests reportonly-in-meta-ignored.html
and reportonly-in-meta-ignored2.html as PASS so that we run them.
* http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored.html:
* http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored2.html: Added.
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html.
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-expected.txt:
* http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode.html.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-01.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-01.html.
* http/tests/security/contentSecurityPolicy/report-multiple-violations-02.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-multiple-violations-02.html.
* http/tests/security/contentSecurityPolicy/report-only-report-uri-missing.html: Removed.
* http/tests/security/contentSecurityPolicy/report-only-report-uri-missing.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199538 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDashboard is spelled as Dashbard in several source files
commit-queue@webkit.org [Thu, 14 Apr 2016 14:08:33 +0000 (14:08 +0000)]
Dashboard is spelled as Dashbard in several source files
https://bugs.webkit.org/show_bug.cgi?id=156577

Patch by Antoine Quint <graouts@apple.com> on 2016-04-14
Reviewed by Eric Carlson.

* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::getContext):
* html/canvas/CanvasGradient.cpp:
(WebCore::CanvasGradient::CanvasGradient):
(WebCore::CanvasGradient::addColorStop):
* html/canvas/CanvasGradient.h:
(WebCore::CanvasGradient::setDashboardCompatibilityMode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199537 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebGL based canvases composite incorrectly after changing size
commit-queue@webkit.org [Thu, 14 Apr 2016 11:09:37 +0000 (11:09 +0000)]
WebGL based canvases composite incorrectly after changing size
https://bugs.webkit.org/show_bug.cgi?id=152556
<rdar://problem/24012678>

Patch by Antoine Quint <graouts@apple.com> on 2016-04-14
Reviewed by Dean Jackson.

Source/WebCore:

On iOS, we use the CAEAGLLayer's bounds to set the size of the backing store.
However, that layer's bounds is also used to size the layer during layout. If
the canvas backing store is resized after layout has been performed, the call
to setBounds loses the layout value and the <canvas> element is incorrectly
sized on screen.

To address this, when updating the backing store, we keep track of the previous
layer bounds so we can reset it after we sized the backing store.

Test: webgl/webgl-backing-store-size-update.html

* platform/graphics/GraphicsContext3D.h:
* platform/graphics/mac/GraphicsContext3DMac.mm:
(WebCore::GraphicsContext3D::setRenderbufferStorageFromDrawable):

LayoutTests:

Adding a new test that sets the size of the backing store to a different
size than the layout size after the layout size of the <canvas> element
has been applied to ensure that the implementation correctly retains the
layout size as the canvas backing store is resized.

* webgl/webgl-backing-store-size-update-expected.html: Added.
* webgl/webgl-backing-store-size-update.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix build without IndexedDB.
achristensen@apple.com [Thu, 14 Apr 2016 07:49:55 +0000 (07:49 +0000)]
Fix build without IndexedDB.

* DatabaseProcess/DatabaseProcess.cpp:
(WebKit::DatabaseProcess::deleteWebsiteDataForOrigins):
(WebKit::DatabaseProcess::grantSandboxExtensionsForBlobs):
(WebKit::DatabaseProcess::prepareForAccessToTemporaryFile):
* DatabaseProcess/DatabaseProcess.h:
* DatabaseProcess/DatabaseProcess.messages.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Fix GObject DOM bindings API break after r199392.
carlosgc@webkit.org [Thu, 14 Apr 2016 06:37:42 +0000 (06:37 +0000)]
Unreviewed. Fix GObject DOM bindings API break after r199392.

Since r199392 webkit_dom_attr_set_value() no longer raises exceptions, but we need to keep the GError parameter
to keep backwards compatibility.

* bindings/scripts/CodeGeneratorGObject.pm:
(FunctionUsedToRaiseException):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCMake MiniBrowser should be an app bundle
achristensen@apple.com [Thu, 14 Apr 2016 05:56:45 +0000 (05:56 +0000)]
CMake MiniBrowser should be an app bundle
https://bugs.webkit.org/show_bug.cgi?id=156521

Reviewed by Brent Fulgham.

Source/JavaScriptCore:

* PlatformMac.cmake:
Unreviewed build fix.  Define __STDC_WANT_LIB_EXT1__ so we can find memset_s.

Tools:

* MiniBrowser/mac/CMakeLists.txt:
Make an app bundle and compile nibs.
* MiniBrowser/mac/Info.plist:
CMake doesn't know what to do with :rfc1034identifier and there's no reason to keep it.  This is just MiniBrowser.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSContext Inspector: Improve Class instances and JSC API Exported Values view in...
commit-queue@webkit.org [Thu, 14 Apr 2016 04:59:49 +0000 (04:59 +0000)]
JSContext Inspector: Improve Class instances and JSC API Exported Values view in Console / ObjectTree
https://bugs.webkit.org/show_bug.cgi?id=156566
<rdar://problem/16392365>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-13
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

* inspector/InjectedScriptSource.js:
(InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
Treat non-basic object types as not lossless so they can be expanded.
Show non-enumerable native getters in Object previews.

LayoutTests:

* inspector/console/console-table-expected.txt:
* inspector/model/remote-object.html:
* platform/mac/inspector/model/remote-object-expected.txt:
More values are treated as not-lossless and therefore expandable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199529 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r199401): Internal builds of Safari hang on launch
dbates@webkit.org [Thu, 14 Apr 2016 03:21:29 +0000 (03:21 +0000)]
REGRESSION (r199401): Internal builds of Safari hang on launch
https://bugs.webkit.org/show_bug.cgi?id=156545
<rdar://problem/25697779>

As pointed out by Darin Adler, remove RELEASE_ASSERT() that I inadvertently left in
WebCore::secCodeForProcess() as part of r199504. For now, we handle
SecCodeCopyGuestWithAttributes() returning an error. In a subsequent commit we will
look to re-introduce the use of a RELEASE_ASSERT() to enforce the invariant that
SecCodeCopyGuestWithAttributes() returns a success status.

* Shared/mac/CodeSigning.mm:
(WebKit::secCodeForProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Nested browsing context created for <object> or <embed> should respect object...
dbates@webkit.org [Thu, 14 Apr 2016 02:39:58 +0000 (02:39 +0000)]
CSP: Nested browsing context created for <object> or <embed> should respect object-src directive
https://bugs.webkit.org/show_bug.cgi?id=156563
<rdar://problem/25715713>

Reviewed by Darin Adler.

Source/WebCore:

As per section object-src of the Content Security Policy Level 2 spec.,
<https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), a nested browsing
context created for an HTML object or HTML embed element should respect the object-src directive.

Currently a nested browsing context created for an HTML object or HTML embed element respects
the child-src directive or frame-src directive (in that order). Instead such nested browsing
contexts should respect the object-src directive.

Tests: http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src.html
       http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src.html
       http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src.html
       http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src.html
       http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src.html
       http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src.html
       http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src.html
       http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src.html

* loader/PolicyChecker.cpp:
(WebCore::isAllowedByContentSecurityPolicy): Added. Checks whether the specified URL is allowed by the
object-src or the child-src/frame-src directive for a plugin element and non-plugin element, respectively.
(WebCore::PolicyChecker::checkNavigationPolicy): Modified to call isAllowedByContentSecurityPolicy().

LayoutTests:

Add tests to ensure that nested browsing context created for <object> and <embed> respect
the object-src directive.

* http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-child-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-embed-blocked-by-frame-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-child-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-allows-object-blocked-by-frame-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-child-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-embed-allowed-by-frame-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-child-src.html: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/object-src-blocks-object-allowed-by-frame-src.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199527 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Remove duplicate test meta-outside-head.html
dbates@webkit.org [Thu, 14 Apr 2016 02:35:40 +0000 (02:35 +0000)]
CSP: Remove duplicate test meta-outside-head.html
https://bugs.webkit.org/show_bug.cgi?id=156556

Reviewed by Brent Fulgham.

It is unnecessary to keep the test http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html as
the functionality it exercises is covered by test http/tests/security/contentSecurityPolicy/meta-tag-ignored-if-not-in-head.html.
The output of the latter test better conveys the purpose of the test and how to interpret its result than
the former.

* http/tests/security/contentSecurityPolicy/1.1/meta-outside-head-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Remove experimental directive reflected-xss
dbates@webkit.org [Thu, 14 Apr 2016 02:29:55 +0000 (02:29 +0000)]
CSP: Remove experimental directive reflected-xss
https://bugs.webkit.org/show_bug.cgi?id=156554

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy directive reflected-xss was removed from the Content Security
Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015).
This directive was considered experimental and was guarded by a run-time flag that was never
enabled by default. We should remove support for this directive.

* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::XSSAuditor): Initialize m_xssProtection to XSSProtectionDisposition::Enabled.
(WebCore::XSSAuditor::init): Write logic in terms of enum class XSSProtectionDisposition.
(WebCore::XSSAuditor::filterToken): Ditto.
(WebCore::combineXSSProtectionHeaderAndCSP): Deleted.
* html/parser/XSSAuditor.h: Change data type of m_xssProtection from ContentSecurityPolicy::ReflectedXSSDisposition
to XSSProtectionDisposition.
* html/parser/XSSAuditorDelegate.cpp: Ditto.
(WebCore::buildConsoleError): Remove logic to emit a remarks in the console error when a XSS is
blocked because of the directive reflected-xss. Also substituted "because" for "as" in the remark
added to the error message when the XSS Auditor is enabled because the server did not send HTTP
header X-XSS-Protection.
* html/parser/XSSAuditorDelegate.h:
(WebCore::XSSInfo::XSSInfo): Removed argument didSendCSPHeader as we are removing support for the
directive reflected-xss.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reflectedXSSDisposition): Deleted.
(WebCore::ContentSecurityPolicy::reportInvalidReflectedXSS): Deleted.
* page/csp/ContentSecurityPolicy.h:
* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList): Remove initialization
of m_reflectedXSSDisposition as we are removing support for the directive reflected-xss.
(WebCore::ContentSecurityPolicyDirectiveList::parseReflectedXSS): Deleted.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Remove logic to parse directive reflected-xss.
* page/csp/ContentSecurityPolicyDirectiveList.h:
(WebCore::ContentSecurityPolicyDirectiveList::reflectedXSSDisposition): Deleted.
* page/csp/ContentSecurityPolicyDirectiveNames.cpp:
* page/csp/ContentSecurityPolicyDirectiveNames.h:
* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::isCSPDirectiveName):
(WebCore::isExperimentalDirectiveName): Deleted.
* platform/network/HTTPParsers.cpp:
(WebCore::parseXSSProtectionHeader): Write it terms of enum class XSSProtectionDisposition.
* platform/network/HTTPParsers.h: Define enum class XSSProtectionDisposition. Change return type
of parseXSSProtectionHeader() from ContentSecurityPolicy::ReflectedXSSDisposition to XSSProtectionDisposition
as we are removing the former.

LayoutTests:

Remove tests for directive reflected-xss and update the expected results of existing XSS Auditor tests
to reflect the change made to the wording of the error message emitted when an XSS attack is blocked.

* fast/frames/xss-auditor-handles-file-urls-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-allow-unset.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-block-unset.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-filter-unset.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-invalid-unset.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-allow.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-and-xss-protection-unset-unset.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-block.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-empty.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-filter.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-invalid.html: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/1.1/reflected-xss-parsing.html: Removed.
* http/tests/security/contentSecurityPolicy/resources/reflected-xss-and-xss-protection.js: Removed.
* http/tests/security/xssAuditor/anchor-url-dom-write-location-expected.txt:
* http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-expected.txt:
* http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char-expected.txt:
* http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL-expected.txt:
* http/tests/security/xssAuditor/anchor-url-dom-write-location2-expected.txt:
* http/tests/security/xssAuditor/base-href-control-char-expected.txt:
* http/tests/security/xssAuditor/base-href-expected.txt:
* http/tests/security/xssAuditor/base-href-null-char-expected.txt:
* http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
* http/tests/security/xssAuditor/cookie-injection-expected.txt:
* http/tests/security/xssAuditor/dom-write-URL-expected.txt:
* http/tests/security/xssAuditor/dom-write-location-expected.txt:
* http/tests/security/xssAuditor/dom-write-location-inline-event-expected.txt:
* http/tests/security/xssAuditor/dom-write-location-javascript-URL-expected.txt:
* http/tests/security/xssAuditor/embed-tag-code-attribute-2-expected.txt:
* http/tests/security/xssAuditor/embed-tag-code-attribute-expected.txt:
* http/tests/security/xssAuditor/embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/embed-tag-expected.txt:
* http/tests/security/xssAuditor/embed-tag-in-path-unterminated-expected.txt:
* http/tests/security/xssAuditor/embed-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/form-action-expected.txt:
* http/tests/security/xssAuditor/formaction-on-button-expected.txt:
* http/tests/security/xssAuditor/formaction-on-input-expected.txt:
* http/tests/security/xssAuditor/frameset-injection-expected.txt:
* http/tests/security/xssAuditor/full-block-iframe-no-inherit-expected.txt:
* http/tests/security/xssAuditor/get-from-iframe-expected.txt:
* http/tests/security/xssAuditor/iframe-injection-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-more-encoding-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3-expected.txt:
* http/tests/security/xssAuditor/iframe-javascript-url-url-encoded-expected.txt:
* http/tests/security/xssAuditor/iframe-onload-GBK-char-expected.txt:
* http/tests/security/xssAuditor/iframe-onload-in-svg-tag-expected.txt:
* http/tests/security/xssAuditor/iframe-srcdoc-expected.txt:
* http/tests/security/xssAuditor/iframe-srcdoc-property-blocked-expected.txt:
* http/tests/security/xssAuditor/img-onerror-GBK-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-accented-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char-default-encoding-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-default-encoding-expected.txt:
* http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-expected.txt:
* http/tests/security/xssAuditor/img-tag-with-comma-expected.txt:
* http/tests/security/xssAuditor/inline-event-HTML-entities-expected.txt:
* http/tests/security/xssAuditor/javascript-link-HTML-entities-control-char-expected.txt:
* http/tests/security/xssAuditor/javascript-link-HTML-entities-expected.txt:
* http/tests/security/xssAuditor/javascript-link-HTML-entities-named-expected.txt:
* http/tests/security/xssAuditor/javascript-link-HTML-entities-null-char-expected.txt:
* http/tests/security/xssAuditor/javascript-link-ampersand-expected.txt:
* http/tests/security/xssAuditor/javascript-link-control-char-expected.txt:
* http/tests/security/xssAuditor/javascript-link-expected.txt:
* http/tests/security/xssAuditor/javascript-link-null-char-expected.txt:
* http/tests/security/xssAuditor/javascript-link-one-plus-one-expected.txt:
* http/tests/security/xssAuditor/javascript-link-url-encoded-expected.txt:
* http/tests/security/xssAuditor/link-onclick-ampersand-expected.txt:
* http/tests/security/xssAuditor/link-onclick-control-char-expected.txt:
* http/tests/security/xssAuditor/link-onclick-entities-expected.txt:
* http/tests/security/xssAuditor/link-onclick-expected.txt:
* http/tests/security/xssAuditor/link-onclick-null-char-expected.txt:
* http/tests/security/xssAuditor/link-opens-new-window-expected.txt:
* http/tests/security/xssAuditor/malformed-HTML-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-1-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-2-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-3-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-4-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-5-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-6-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-7-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-8-expected.txt:
* http/tests/security/xssAuditor/malformed-xss-protection-header-9-expected.txt:
* http/tests/security/xssAuditor/meta-tag-http-refresh-javascript-url-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-expected.txt:
* http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/object-tag-expected.txt:
* http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
* http/tests/security/xssAuditor/open-attribute-body-expected.txt:
* http/tests/security/xssAuditor/open-event-handler-iframe-expected.txt:
* http/tests/security/xssAuditor/open-iframe-src-01-expected.txt:
* http/tests/security/xssAuditor/open-iframe-src-02-expected.txt:
* http/tests/security/xssAuditor/open-iframe-src-03-expected.txt:
* http/tests/security/xssAuditor/open-script-src-01-expected.txt:
* http/tests/security/xssAuditor/open-script-src-02-expected.txt:
* http/tests/security/xssAuditor/open-script-src-03-expected.txt:
* http/tests/security/xssAuditor/open-script-src-04-expected.txt:
* http/tests/security/xssAuditor/post-from-iframe-expected.txt:
* http/tests/security/xssAuditor/property-escape-comment-01-expected.txt:
* http/tests/security/xssAuditor/property-escape-comment-02-expected.txt:
* http/tests/security/xssAuditor/property-escape-comment-03-expected.txt:
* http/tests/security/xssAuditor/property-escape-entity-01-expected.txt:
* http/tests/security/xssAuditor/property-escape-entity-02-expected.txt:
* http/tests/security/xssAuditor/property-escape-entity-03-expected.txt:
* http/tests/security/xssAuditor/property-escape-expected.txt:
* http/tests/security/xssAuditor/property-escape-long-expected.txt:
* http/tests/security/xssAuditor/property-escape-quote-01-expected.txt:
* http/tests/security/xssAuditor/property-escape-quote-02-expected.txt:
* http/tests/security/xssAuditor/property-escape-quote-03-expected.txt:
* http/tests/security/xssAuditor/reflection-in-path-expected.txt:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/script-tag-Big5-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-expected.txt:
* http/tests/security/xssAuditor/script-tag-Big5-char2-expected.txt:
* http/tests/security/xssAuditor/script-tag-addslashes-backslash-expected.txt:
* http/tests/security/xssAuditor/script-tag-addslashes-double-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-addslashes-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-addslashes-single-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-convoluted-expected.txt:
* http/tests/security/xssAuditor/script-tag-entities-expected.txt:
* http/tests/security/xssAuditor/script-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-expression-follows-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag2-expected.txt:
* http/tests/security/xssAuditor/script-tag-inside-svg-tag3-expected.txt:
* http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
* http/tests/security/xssAuditor/script-tag-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-expected.txt:
* http/tests/security/xssAuditor/script-tag-post-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode2-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode3-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode4-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-16bit-unicode5-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-actual-comma-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-callbacks-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-comma-01-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-comma-02-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-fancy-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-control-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url2-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-data-url3-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-double-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-entities-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-no-quote-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-null-char-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-relative-scheme-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-01-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-02-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-source-unterminated-03-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment2-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment3-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment4-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-comment5-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt:
* http/tests/security/xssAuditor/svg-animate-expected.txt:
* http/tests/security/xssAuditor/svg-script-tag-expected.txt:
* http/tests/security/xssAuditor/xss-filter-bypass-big5-expected.txt:
* http/tests/security/xssAuditor/xss-filter-bypass-long-string-expected.txt:
* http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB (Blob support): Support retrieving Blobs from IDB.
beidson@apple.com [Thu, 14 Apr 2016 00:54:10 +0000 (00:54 +0000)]
Modern IDB (Blob support): Support retrieving Blobs from IDB.
https://bugs.webkit.org/show_bug.cgi?id=156367

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No testable change in behavior yet, current tests pass).

This patch does the following:
- Pulls BlobURLs and stored filenames out of IDB whenever an IDB record is fetched.
- Adds those URLs and filenames to IDBValue.
- Uses IDBValue in more places instead of SharedBuffer/ThreadSafeBuffer.
- Teaches SerializedScriptValue, Blob, and File how to read the URLs and filenames when they exist.
- Teaches the Blob registry to register a new type of Blob that is not a "File" but is backed by one.

* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::setGetResult):

* Modules/indexeddb/IDBGetResult.h:
(WebCore::IDBGetResult::IDBGetResult):

* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::setResultToStructuredClone):
* Modules/indexeddb/IDBRequest.h:

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::didGetRecordOnServer):

* Modules/indexeddb/IDBValue.cpp:
(WebCore::IDBValue::IDBValue):
* Modules/indexeddb/IDBValue.h:

* Modules/indexeddb/server/MemoryIndexCursor.cpp:
(WebCore::IDBServer::MemoryIndexCursor::currentData):

* Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
(WebCore::IDBServer::MemoryObjectStoreCursor::currentData):

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::getBlobRecordsForObjectStoreRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

* Modules/indexeddb/server/SQLiteIDBCursor.cpp:
(WebCore::IDBServer::SQLiteIDBCursor::currentData):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
* Modules/indexeddb/server/SQLiteIDBCursor.h:
(WebCore::IDBServer::SQLiteIDBCursor::currentValue):
(WebCore::IDBServer::SQLiteIDBCursor::currentValueBuffer): Deleted.

* Modules/indexeddb/server/SQLiteIDBTransaction.h:
(WebCore::IDBServer::SQLiteIDBTransaction::backingStore):

* Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
(WebCore::WorkerThreadableWebSocketChannel::Bridge::send):

* bindings/js/IDBBindingUtilities.cpp:
(WebCore::deserializeIDBValueDataToJSValue):
(WebCore::deserializeIDBValueData):
(WebCore::deserializeIDBValue):
* bindings/js/IDBBindingUtilities.h:

* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::deserialize):
(WebCore::CloneDeserializer::CloneDeserializer):
(WebCore::CloneDeserializer::readFile):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::CloneDeserializer::blobFilePathForBlobURL):
(WebCore::SerializedScriptValue::deserialize):
* bindings/js/SerializedScriptValue.h:

* fileapi/Blob.cpp:
(WebCore::Blob::Blob):
* fileapi/Blob.h:
(WebCore::Blob::deserialize):

* fileapi/File.cpp:
(WebCore::File::File):

* fileapi/ThreadableBlobRegistry.cpp:
(WebCore::threadableQueue):
(WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked):
* fileapi/ThreadableBlobRegistry.h:

* platform/CrossThreadTask.h:
(WebCore::createCrossThreadTask):

* platform/network/BlobRegistry.h:

* platform/network/BlobRegistryImpl.cpp:
(WebCore::BlobRegistryImpl::registerBlobURL):
(WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):
* platform/network/BlobRegistryImpl.h:

Source/WebKit2:

* NetworkProcess/FileAPI/NetworkBlobRegistry.cpp:
(WebKit::NetworkBlobRegistry::registerBlobURLOptionallyFileBacked):
* NetworkProcess/FileAPI/NetworkBlobRegistry.h:

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::registerBlobURLOptionallyFileBacked):
* NetworkProcess/NetworkConnectionToWebProcess.h:
* NetworkProcess/NetworkConnectionToWebProcess.messages.in:

* WebProcess/FileAPI/BlobRegistryProxy.cpp:
(WebKit::BlobRegistryProxy::registerBlobURLOptionallyFileBacked):
* WebProcess/FileAPI/BlobRegistryProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSome tests fail with ES6 `u` (Unicode) flag for regular expressions
msaboff@apple.com [Thu, 14 Apr 2016 00:47:40 +0000 (00:47 +0000)]
Some tests fail with ES6 `u` (Unicode) flag for regular expressions
https://bugs.webkit.org/show_bug.cgi?id=151597

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Added two new tables to handle the anomolies of \w and \W CharacterClassEscapes
when specified in RegExp's with both the unicode and ignoreCase flags.  Given the
case folding rules described in the standard vie the meta function Canonicalize(),
which allow cross ASCII case folding when unicode is specified, the unicode characters
\u017f (small sharp s) and \u212a (kelvin symbol) are part of the \w (word) characterClassEscape.
This is true because they case fold to 's' and 'k' respectively.  Because they case fold
to lower case letters, the corresponding letters, 'k', 'K', 's' and 'S', are also matched with
\W with the unicode and ignoreCase flags.

* create_regex_tables:
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::atomBuiltInCharacterClass):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::YarrPattern::wordcharCharacterClass):
(JSC::Yarr::YarrPattern::wordUnicodeIgnoreCaseCharCharacterClass):
(JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
(JSC::Yarr::YarrPattern::nonwordUnicodeIgnoreCaseCharCharacterClass):

LayoutTests:

Updated tests.

* js/regexp-unicode-expected.txt:
* js/script-tests/regexp-unicode.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWe should not speculatively revalidate cached redirects
cdumez@apple.com [Thu, 14 Apr 2016 00:14:05 +0000 (00:14 +0000)]
We should not speculatively revalidate cached redirects
https://bugs.webkit.org/show_bug.cgi?id=156548
<rdar://problem/25583886>

Reviewed by Darin Adler.

Source/WebKit2:

Stop speculatively revalidating cached redirects. This matches matches
the behavior in NetworkCache's makeUseDecision() which reuses cached
redirects only if they do not need revalidation.

This was breaking fonts.css loading on stripe.com because the
SpeculativeLoadManager would wrongly speculatively revalidate the
redirect and then serve a 302 response the NetworkResourceLoader
when the actual request came in. This would cause us to not follow
the redirect.

* NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:
(WebKit::NetworkCache::SpeculativeLoad::willSendRedirectedRequest):
Abort the speculative load if it hits a redirect. This is the safe thing
to do in this case, as we are supposed to do a hand-shake with WebCore
in such case.

(WebKit::NetworkCache::SpeculativeLoad::didReceiveResponse):
Let successful validations fall through instead of calling didComplete()
early. This matches what is not in NetworkResourceLoader. This way,
didFinishLoading() ends up getting called for both successful and
unsuccessful (i.e. did not return a 302 status code) network validation.

(WebKit::NetworkCache::SpeculativeLoad::didFinishLoading):
- Stop dealing with redirects as we abort the load as soon as we hit a
  redirect now.
- Stop asserting that m_cacheEntryForValidation is null now that this
  is called for successful validations as well.

(WebKit::NetworkCache::SpeculativeLoad::abort):
New method that aborts the network loads, calls the completion handler
and clean up. It is called in the case we hit a redirect while
revalidating.

* NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:
Drop m_redirectChainCacheStatus member as we no longer deal with
redirects.

* NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
(WebKit::NetworkCache::SpeculativeLoadManager::retrieveEntryFromStorage):
If the resource needs revalidation AND is a cached redirect, then do not
use it. This matches what is done in NetworkCache's makeUseDecision().

Tools:

Re-enable speculative loading in the context of layout tests. This was
turned off by mistake when speculative loading was turned into a
setting recently.

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::generatePageConfiguration):

LayoutTests:

Add layout test to make sure that speculative loading does not break
redirects. This replicates the issue seen with fonts.css on stripe.com.

* http/tests/cache/disk-cache/speculative-validation/cacheable-redirect-expected.txt: Added.
* http/tests/cache/disk-cache/speculative-validation/cacheable-redirect.html: Added.
* http/tests/cache/disk-cache/speculative-validation/resources/cacheable-redirect-frame.php: Added.
* http/tests/cache/disk-cache/speculative-validation/resources/css-to-revalidate.php: Added.
* http/tests/cache/disk-cache/speculative-validation/resources/redirect-to-css.php: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFindWebP should not be misguided by pkg-config when cross-compiling.
commit-queue@webkit.org [Wed, 13 Apr 2016 22:58:29 +0000 (22:58 +0000)]
FindWebP should not be misguided by pkg-config when cross-compiling.
https://bugs.webkit.org/show_bug.cgi?id=156544

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-04-13
Reviewed by Michael Catanzaro.

We should use pkg-config output only as a hint, like other modules do.

* Source/cmake/FindWebP.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: NetworkProcessConnection::didClose needs to have a self ref.
beidson@apple.com [Wed, 13 Apr 2016 22:45:21 +0000 (22:45 +0000)]
Modern IDB: NetworkProcessConnection::didClose needs to have a self ref.
<rdar://problem/25700864> and https://bugs.webkit.org/show_bug.cgi?id=156559

Reviewed by Alex Christensen.

* WebProcess/Network/NetworkProcessConnection.cpp:
(WebKit::NetworkProcessConnection::didClose): Self ref to protect this.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoText on compositing layer with negative letter-spacing is truncated.
zalan@apple.com [Wed, 13 Apr 2016 22:11:46 +0000 (22:11 +0000)]
Text on compositing layer with negative letter-spacing is truncated.
https://bugs.webkit.org/show_bug.cgi?id=156550
<rdar://problem/24212140>

Reviewed by Antti Koivisto.

Negative letter-spacing affects the right edge of content's visual overflow (for both RTL and LTR).
This is similar to how normal line layout adjusts it at InlineFlowBox::addTextBoxVisualOverflow().

Source/WebCore:

Test: fast/text/negative-letter-spacing-visual-overflow.html

* rendering/SimpleLineLayoutFunctions.cpp:
(WebCore::SimpleLineLayout::computeOverflow):
(WebCore::SimpleLineLayout::paintFlow):
(WebCore::SimpleLineLayout::collectFlowOverflow):

LayoutTests:

* fast/text/negative-letter-spacing-visual-overflow-expected.html: Added.
* fast/text/negative-letter-spacing-visual-overflow.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199516 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] remote command should be considered user events
eric.carlson@apple.com [Wed, 13 Apr 2016 22:09:43 +0000 (22:09 +0000)]
[iOS] remote command should be considered user events
https://bugs.webkit.org/show_bug.cgi?id=156546
<rdar://problem/25560877>

Reviewed by Jer Noble.

Source/WebCore:

Test: media/remote-control-command-is-user-gesture.html

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::didReceiveRemoteControlCommand): Increment/decrement
  m_processingRemoteControlCommand around calling remote command method.
(WebCore::HTMLMediaElement::processingUserGesture): Return true if called while handling
  a remote control command.
* html/HTMLMediaElement.h:

LayoutTests:

* media/remote-control-command-is-user-gesture-expected.txt: Added.
* media/remote-control-command-is-user-gesture.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199502 and r199511.
commit-queue@webkit.org [Wed, 13 Apr 2016 22:02:27 +0000 (22:02 +0000)]
Unreviewed, rolling out r199502 and r199511.
https://bugs.webkit.org/show_bug.cgi?id=156557

Appears to have in-browser perf regression (Requested by mlam
on #webkit).

Reverted changesets:

"ES6: Implement String.prototype.split and
RegExp.prototype[@@split]."
https://bugs.webkit.org/show_bug.cgi?id=156013
http://trac.webkit.org/changeset/199502

"ES6: Implement RegExp.prototype[@@search]."
https://bugs.webkit.org/show_bug.cgi?id=156331
http://trac.webkit.org/changeset/199511

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoisJSArray should use ArrayType rather than the ClassInfo
keith_miller@apple.com [Wed, 13 Apr 2016 20:49:57 +0000 (20:49 +0000)]
isJSArray should use ArrayType rather than the ClassInfo
https://bugs.webkit.org/show_bug.cgi?id=156551

Reviewed by Filip Pizlo.

Using the JSType rather than the ClassInfo should be slightly faster
since the type is inline on the cell whereas the ClassInfo is only
on the structure.

* runtime/JSArray.h:
(JSC::isJSArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNon-resizable text field looks resizable
tonikitoo@webkit.org [Wed, 13 Apr 2016 20:40:07 +0000 (20:40 +0000)]
Non-resizable text field looks resizable
https://bugs.webkit.org/show_bug.cgi?id=152271

Reviewed by Darin Adler.

Source/WebCore:

The 'resizability' of an HTML element is controlled by its 'resize' CSS property value.
By default it is 'none', but certain HTML elements, including <textarea>, have it
set to 'both' by default (defined in html.css). These values mean no resize at all, and
resizable in both vertical and horizontal axis, respectively.
Additionally, 'vertical' and 'horizontal' values are also valid.

Problem here is that the way WebKit handles the 'resize' property on single line
input elements (e.g. <input>) is different than other engines (read Gecko, Blink and Presto):

- Match: WebKit, Firefox, Presto and Blink all force single line input elements to be non-resizable,
regardless of either the 'resize' properly is set or not.

- Mismatch: WebKit is the only engine that actually paints the resize control on single line
input elements, even it having no effect.

On WebKit, this happens because the 'resize' property is wrongly implemented as 'inheritable',
differently from other engines. In the way WebKit contructs its RenderTree, 'resize' property
ends up spilling out of <input> and entering its shadow representation, carrying the 'resize'
property on.

Patch fixes this by making the 'resize' properly be non-inherited, matching other vendors
and the spec [1].

[1] https://drafts.csswg.org/css-ui/#resize

Tests: fast/css/resize-not-inherited.html
       fast/css/resize-single-line-input-no-paint.html

* rendering/style/RenderStyle.h:
* rendering/style/StyleRareInheritedData.cpp:
(WebCore::StyleRareInheritedData::StyleRareInheritedData):
(WebCore::StyleRareInheritedData::operator==):
* rendering/style/StyleRareInheritedData.h:
* rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):
* rendering/style/StyleRareNonInheritedData.h:

LayoutTests:

* fast/css/resize-not-inherited-expected.html: Added.
* fast/css/resize-not-inherited.html: Added.
* fast/css/resize-single-line-input-no-paint-expected.html: Added.
* fast/css/resize-single-line-input-no-paint.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199512 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoES6: Implement RegExp.prototype[@@search].
mark.lam@apple.com [Wed, 13 Apr 2016 20:00:31 +0000 (20:00 +0000)]
ES6: Implement RegExp.prototype[@@search].
https://bugs.webkit.org/show_bug.cgi?id=156331

Reviewed by Keith Miller.

Source/JavaScriptCore:

What changed?
1. Implemented search builtin in RegExpPrototype.js.
   The native path is now used as a fast path.
2. Added DFG support for an IsRegExpObjectIntrinsic (modelled after the
   IsJSArrayIntrinsic).
3. Renamed @isRegExp to @isRegExpObject to match the new IsRegExpObjectIntrinsic.
4. Change the esSpecIsRegExpObject() implementation to check if the object's
   JSType is RegExpObjectType instead of walking the classinfo chain.

* builtins/RegExpPrototype.js:
(search):
* builtins/StringPrototype.js:
(search):
- fixed some indentation.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileIsRegExpObject):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileIsRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::isExoticForTypeof):
(JSC::FTL::DFG::LowerDFGToB3::isRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::isType):
* runtime/Intrinsic.h:
- Added IsRegExpObjectIntrinsic.

* runtime/CommonIdentifiers.h:

* runtime/ECMAScriptSpecInternalFunctions.cpp:
(JSC::esSpecIsConstructor):
- Changed to use uncheckedArgument since this is only called from internal code.
(JSC::esSpecIsRegExpObject):
(JSC::esSpecIsRegExp): Deleted.
* runtime/ECMAScriptSpecInternalFunctions.h:
- Changed to check the object for a JSType of RegExpObjectType.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
- Added split fast path.

* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncSearchFast):
(JSC::regExpProtoFuncSearch): Deleted.
* runtime/RegExpPrototype.h:

* tests/es6.yaml:
* tests/stress/regexp-search.js:
- Rebased test.

LayoutTests:

* js/regress/regexp-prototype-search-observable-side-effects-expected.txt: Added.
* js/regress/regexp-prototype-search-observable-side-effects.html: Added.
* js/regress/regexp-prototype-search-observable-side-effects2-expected.txt: Added.
* js/regress/regexp-prototype-search-observable-side-effects2.html: Added.

* js/regress/script-tests/regexp-prototype-search-observable-side-effects.js: Added.
* js/regress/script-tests/regexp-prototype-search-observable-side-effects2.js: Added.

* js/regress/script-tests/string-prototype-search-observable-side-effects.js: Added.
* js/regress/script-tests/string-prototype-search-observable-side-effects2.js: Added.
* js/regress/script-tests/string-prototype-search-observable-side-effects3.js: Added.
* js/regress/script-tests/string-prototype-search-observable-side-effects4.js: Added.

* js/regress/string-prototype-search-observable-side-effects-expected.txt: Added.
* js/regress/string-prototype-search-observable-side-effects.html: Added.
* js/regress/string-prototype-search-observable-side-effects2-expected.txt: Added.
* js/regress/string-prototype-search-observable-side-effects2.html: Added.
* js/regress/string-prototype-search-observable-side-effects3-expected.txt: Added.
* js/regress/string-prototype-search-observable-side-effects3.html: Added.
* js/regress/string-prototype-search-observable-side-effects4-expected.txt: Added.
* js/regress/string-prototype-search-observable-side-effects4.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark fast/canvas/webgl/gl-teximage.html as flaky on Macs
jiewen_tan@apple.com [Wed, 13 Apr 2016 19:35:40 +0000 (19:35 +0000)]
Mark fast/canvas/webgl/gl-teximage.html as flaky on Macs
https://bugs.webkit.org/show_bug.cgi?id=58766

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199510 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPolymorphicAccess::regenerate() shouldn't have to clone non-generated AccessCases
fpizlo@apple.com [Wed, 13 Apr 2016 19:04:32 +0000 (19:04 +0000)]
PolymorphicAccess::regenerate() shouldn't have to clone non-generated AccessCases
https://bugs.webkit.org/show_bug.cgi?id=156493

Reviewed by Geoffrey Garen.

Cloning AccessCases is only necessary if they hold some artifacts that are used by code that
they already generated. So, if the state is not Generated, we don't have to bother with
cloning them.

This should speed up PolymorphicAccess regeneration a bit more.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::commit):
(JSC::PolymorphicAccess::regenerate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199508 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark imported/w3c/web-platform-tests/streams/readable-streams/general.https.html...
jiewen_tan@apple.com [Wed, 13 Apr 2016 18:52:48 +0000 (18:52 +0000)]
Mark imported/w3c/web-platform-tests/streams/readable-streams/general.https.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=155760

Unreviewed test gardening.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark media/track/track-in-band-duplicate-tracks-when-source-changes.html as flaky...
jiewen_tan@apple.com [Wed, 13 Apr 2016 18:17:20 +0000 (18:17 +0000)]
Mark media/track/track-in-band-duplicate-tracks-when-source-changes.html as flaky on Yosemite
https://bugs.webkit.org/show_bug.cgi?id=124222

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
bshafiei@apple.com [Wed, 13 Apr 2016 17:51:58 +0000 (17:51 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r199401): Internal builds of Safari hang on launch
dbates@webkit.org [Wed, 13 Apr 2016 17:51:37 +0000 (17:51 +0000)]
REGRESSION (r199401): Internal builds of Safari hang on launch
https://bugs.webkit.org/show_bug.cgi?id=156545
<rdar://problem/25697779>

Reviewed by Anders Carlsson.

For some reason SecCodeCopyGuestWithAttributes() is failing with an error in Apple Internal
Safari builds. For now, temporarily allow the failure while I investigate the cause in
<rdar://problem/25706517>.

* Shared/mac/CodeSigning.mm:
(WebKit::secCodeForProcess): Log the failure with OSStatus code and return nullptr;
(WebKit::codeSigningIdentifierForProcess): Return a null string if secCodeForProcess() returns a nullptr.
This will cause us to treat affected Apple Internal Safari builds the same as we would treat
an unsigned or third-party signed app.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoES6: Implement String.prototype.split and RegExp.prototype[@@split].
mark.lam@apple.com [Wed, 13 Apr 2016 17:44:16 +0000 (17:44 +0000)]
ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Reviewed by Keith Miller.

Re-landing r199393 now that the shadow chicken crash has been fixed.

Source/JavaScriptCore:

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/GlobalObject.js:
(speciesConstructor):
* builtins/PromisePrototype.js:
- refactored to use the @speciesConstructor internal function.

* builtins/RegExpPrototype.js:
(advanceStringIndex):
- refactored from @advanceStringIndexUnicode() to be match the spec.
  Benchmarks show that there's no advantage in doing the unicode check outside
  of the advanceStringIndexUnicode part.  So, I simplified the code to match the
  spec (especially since @@split needs to call advanceStringIndex from more than
  1 location).
(match):
- Removed an unnecessary call to @Object because it was already proven above.
- Changed to use advanceStringIndex instead of advanceStringIndexUnicode.
  Again, there's no perf regression for this.
(regExpExec):
(hasObservableSideEffectsForRegExpSplit):
(split):
(advanceStringIndexUnicode): Deleted.

* builtins/StringPrototype.js:
(split):
- Modified to use RegExp.prototype[@@split].

* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):
* bytecode/BytecodeIntrinsicRegistry.h:
- Added the @@split symbol.

* runtime/CommonIdentifiers.h:
* runtime/ECMAScriptSpecInternalFunctions.cpp: Added.
(JSC::esSpecIsConstructor):
(JSC::esSpecIsRegExp):
* runtime/ECMAScriptSpecInternalFunctions.h: Added.

* runtime/JSGlobalObject.cpp:
(JSC::getGetterById):
(JSC::JSGlobalObject::init):

* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setDescriptor):
- Removed an assert that is no longer valid.

* runtime/RegExpObject.h:
- Made advanceStringUnicode() public so that it can be re-used by the regexp split
  fast path.

* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex):
(JSC::regExpProtoFuncSplitFast):
* runtime/RegExpPrototype.h:

* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
- Hoisted some utility functions from StringPrototype.cpp so that they can be
  reused by the regexp split fast path.

* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::builtinStringSubstrInternal):
(JSC::stringProtoFuncSubstring):
(JSC::stringIncludesImpl):
(JSC::stringProtoFuncIncludes):
(JSC::builtinStringIncludesInternal):
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
(JSC::stringProtoFuncSplit): Deleted.
* runtime/StringPrototype.h:

* tests/es6.yaml:

LayoutTests:

* js/Object-getOwnPropertyNames-expected.txt:
* js/dom/string-prototype-properties-expected.txt:

* js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects2.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-global.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects4.html: Added.

* js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Added.

* js/regress/script-tests/string-prototype-split-observable-side-effects.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Added.

* js/regress/string-prototype-split-observable-side-effects-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects.html: Added.
* js/regress/string-prototype-split-observable-side-effects2-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects2.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-flags.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-global.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-multiline.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-sticky.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-unicode.html: Added.
* js/regress/string-prototype-split-observable-side-effects4-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects4.html: Added.

* js/script-tests/Object-getOwnPropertyNames.js:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199502 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix client certificate authentication with NetworkSession
commit-queue@webkit.org [Wed, 13 Apr 2016 17:37:51 +0000 (17:37 +0000)]
Fix client certificate authentication with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=156527
<rdar://problem/25489156>

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-13
Reviewed by Darin Adler.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
We only want to use serverTrustCredential for ServerTrustEvaluation authentication challenges, not
* Shared/Authentication/AuthenticationManager.cpp:
(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
(WebKit::AuthenticationManager::useCredentialForSingleChallenge):
* Shared/Authentication/AuthenticationManager.h:
* Shared/Authentication/mac/AuthenticationManager.mac.mm:
(WebKit::AuthenticationManager::tryUseCertificateInfoForChallenge):
Don't use challenge.sender with NSURLSession, which requires callbacks instead.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199501 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove UsePointersEvenForNonNullableObjectArguments from DataTransfer
darin@apple.com [Wed, 13 Apr 2016 17:13:13 +0000 (17:13 +0000)]
Remove UsePointersEvenForNonNullableObjectArguments from DataTransfer
https://bugs.webkit.org/show_bug.cgi?id=156495

Reviewed by Chris Dumez.

* dom/DataTransfer.idl: Removed UsePointersEvenForNonNullableObjectArguments
and marked the element argument to setDragImage as nullable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB (Blob support): Support deleting stored blob files.
beidson@apple.com [Wed, 13 Apr 2016 16:28:40 +0000 (16:28 +0000)]
Modern IDB (Blob support): Support deleting stored blob files.
https://bugs.webkit.org/show_bug.cgi?id=156523

Reviewed by Alex Christensen.

No new tests (No testable change in behavior yet, current tests pass).

There's 3 points in time when we need to delete blob files (and records of them):
1 - When deleting a specific object store record.
2 - When deleting an entire object store.
3 - When deleting a whole database.

This patch does those three things.

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

* Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
(WebCore::IDBServer::SQLiteIDBTransaction::commit):
(WebCore::IDBServer::SQLiteIDBTransaction::deleteBlobFilesIfNecessary):
(WebCore::IDBServer::SQLiteIDBTransaction::addRemovedBlobFile):
* Modules/indexeddb/server/SQLiteIDBTransaction.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r199444): Perf dashboard always fetches all measurement sets
rniwa@webkit.org [Wed, 13 Apr 2016 16:25:13 +0000 (16:25 +0000)]
REGRESSION(r199444): Perf dashboard always fetches all measurement sets
https://bugs.webkit.org/show_bug.cgi?id=156534

Reviewed by Darin Adler.

The bug was cased by SummaryPage's constructor fetching all measurement sets. Since each page is always
constructed in main(), this resulted in all measurement sets being fetched on all pages.

* public/v3/pages/summary-page.js:
(SummaryPage):
(SummaryPage.prototype.open): Fetch measurement set JSONs here.
(SummaryPage.prototype._createConfigurationGroup): Renamed from _createConfigurationGroupAndStartFetchingData.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix two coding mistakes in MathMLInlineContainerElement::childrenChanged
fred.wang@free.fr [Wed, 13 Apr 2016 16:16:13 +0000 (16:16 +0000)]
Fix two coding mistakes in MathMLInlineContainerElement::childrenChanged
https://bugs.webkit.org/show_bug.cgi?id=156538

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-13
Reviewed by Darin Adler.

We fix the call to updateOperatorProperties inside MathMLInlineContainerElement::childrenChanged
for the <math> and <msqrt> tags.

The <math> tag is already a RenderMathMLRow so the hasTagName(mathTag)
conditional is never executed. The tag does not create any anonymous
wrapper so we do not need a special case for it anyway.

The <msqrt> tag is not a RenderMathMLRow (yet). However, the anonymous
wrapper behaving as a RenderMathMLRow is actually the last child, not
the first one.

No new tests, this is already covered by mathml/presentation/mo-form-dynamic.html
Note that for some reason the coding error for <msqrt> only shows up
after the refactoring of bug 152244.

* mathml/MathMLInlineContainerElement.cpp:
(WebCore::MathMLInlineContainerElement::childrenChanged): Fix the two mistakes and add some FIXME comments.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoShadowChicken::visitChildren() should not visit tailMarkers and throwMarkers.
mark.lam@apple.com [Wed, 13 Apr 2016 16:10:13 +0000 (16:10 +0000)]
ShadowChicken::visitChildren() should not visit tailMarkers and throwMarkers.
https://bugs.webkit.org/show_bug.cgi?id=156532

Reviewed by Saam Barati and Filip Pizlo.

ShadowChicken can store tailMarkers and throwMarkers in its log, specifically in
the callee field of a log packet.  However, ShadowChicken::visitChildren()
unconditionally visits the callee field of each packet as if they are real
objects.  If visitChildren() encounters one of these markers in the log, we get a
crash.

This crash was observed in the v8-v6/v8-regexp.js stress test running with shadow
chicken when r199393 landed.  r199393 introduced tail calls to a RegExp split
fast path, and the v8-regexp.js test exercised this fast path a lot.  Throw in
some timely GCs, and we get a crash party.

The fix is to have ShadowChicken::visitChildren() filter out the tailMarker and
throwMarker.

Alternatively, if perf is an issue, we can allocate 2 dedicated objects for
these markers so that ShadowChicken can continue to visit them.  For now, I'm
going with the filter.

* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::visitChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove database quote escapes from pushed tweets.
jond@apple.com [Wed, 13 Apr 2016 15:42:30 +0000 (15:42 +0000)]
Remove database quote escapes from pushed tweets.

Reviewed by Timothy Hatcher.

* wp-content/plugins/tweet-listener.php:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove database quote escapes.
jond@apple.com [Wed, 13 Apr 2016 15:42:24 +0000 (15:42 +0000)]
Remove database quote escapes.

Reviewed by Timothy Hatcher.

* wp-content/plugins/tweet-listener.php:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdded background color for Safari Technology Preview posts.
jond@apple.com [Wed, 13 Apr 2016 15:06:08 +0000 (15:06 +0000)]
Added background color for Safari Technology Preview posts.

Reviewed by Timothy Hatcher.

* wp-content/themes/webkit/style.css:
(.tile.category-safari-technology-preview .background-image):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Add @@toStringTag to GeneratorFunction
utatane.tea@gmail.com [Wed, 13 Apr 2016 11:16:24 +0000 (11:16 +0000)]
[ES6] Add @@toStringTag to GeneratorFunction
https://bugs.webkit.org/show_bug.cgi?id=156499

Reviewed by Mark Lam.

GeneratorFunction.prototype has @@toStringTag property, "GeneratorFunction".
https://tc39.github.io/ecma262/#sec-generatorfunction.prototype-@@tostringtag

* runtime/GeneratorFunctionPrototype.cpp:
(JSC::GeneratorFunctionPrototype::finishCreation):
* tests/es6.yaml:
* tests/es6/well-known_symbols_Symbol.toStringTag_new_built-ins.js: Added.
(test):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199459 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix build in glibc-based BSD systems
berto@igalia.com [Wed, 13 Apr 2016 10:50:50 +0000 (10:50 +0000)]
Fix build in glibc-based BSD systems
https://bugs.webkit.org/show_bug.cgi?id=156533

Reviewed by Carlos Garcia Campos.

Change the order of the #elif conditionals so glibc-based BSD
systems (e.g. Debian GNU/kFreeBSD) use the code inside the
OS(FREEBSD) blocks.

* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::Registers::framePointer):
(JSC::MachineThreads::Thread::Registers::instructionPointer):
(JSC::MachineThreads::Thread::Registers::llintPC):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a summary page to v3 UI
rniwa@webkit.org [Wed, 13 Apr 2016 09:26:28 +0000 (09:26 +0000)]
Add a summary page to v3 UI
https://bugs.webkit.org/show_bug.cgi?id=156531

Reviewed by Stephanie Lewis.

Add new "Summary" page, which shows the average difference (better or worse) from the baseline across
multiple platforms and tests by a single number.

* public/include/manifest.php:
(ManifestGenerator::generate): Include "summary" in manifest.json.
* public/shared/statistics.js:
(Statistics.mean): Added.
(Statistics.median): Added.
* public/v3/components/ratio-bar-graph.js: Added.
(RatioBarGraph): Shows a horizontal bar graph that visualizes the relative difference (e.g. 3% better).
(RatioBarGraph.prototype.update):
(RatioBarGraph.prototype.render):
(RatioBarGraph.cssTemplate):
(RatioBarGraph.htmlTemplate):
* public/v3/index.html:
* public/v3/main.js:
(main): Instantiate SummaryPage and add it to the navigation bar and the router.
* public/v3/models/manifest.js:
(Manifest._didFetchManifest): Let "summary" pass through from manifest.json to main().
* public/v3/models/measurement-set.js:
(MeasurementSet.prototype._failedToFetchJSON): Invoke the callback with an error or true in order for
the callback can detect a failure.
(MeasurementSet.prototype._invokeCallbacks): Ditto.
* public/v3/pages/charts-page.js:
(ChartsPage.createStateForConfigurationList): Added to add a hyperlink from summary page to charts page.
* public/v3/pages/summary-page.js: Added.
(SummaryPage): Added.
(SummaryPage.prototype.routeName): Added.
(SummaryPage.prototype.open): Added.
(SummaryPage.prototype.render): Added.
(SummaryPage.prototype._createConfigurationGroupAndStartFetchingData): Added.
(SummaryPage.prototype._constructTable): Added.
(SummaryPage.prototype._constructRatioGraph): Added.
(SummaryPage.htmlTemplate): Added.
(SummaryPage.cssTemplate): Added.
(SummaryPageConfigurationGroup): Added. Represents a set of platforms and tests shown in a single cell.
(SummaryPageConfigurationGroup.prototype.ratio): Added.
(SummaryPageConfigurationGroup.prototype.label): Added.
(SummaryPageConfigurationGroup.prototype.changeType): Added.
(SummaryPageConfigurationGroup.prototype.configurationList): Added.
(SummaryPageConfigurationGroup.prototype.fetchAndComputeSummary): Added.
(SummaryPageConfigurationGroup.prototype._computeSummary): Added.
(SummaryPageConfigurationGroup.prototype._fetchAndComputeRatio): Added. Invoked for each time series in
the set, and stores the computed ratio of the current values to the baseline in this._setToRatio.
The results are aggregated by _computeSummary as a single number later.
(SummaryPageConfigurationGroup._medianForTimeRange): Added.
(SummaryPageConfigurationGroup._fetchData): A thin wrapper to make MeasurementSet.fetchBetween promise
friendly since MeasurementSet doesn't support Promise at the moment (but it should!).
* server-tests/api-manifest.js: Updated a test case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash at com.apple.JavaScriptCore: bool WTF::startsWith<WTF::StringImpl, WTF::StringI...
antti@apple.com [Wed, 13 Apr 2016 08:37:54 +0000 (08:37 +0000)]
Crash at com.apple.JavaScriptCore: bool WTF::startsWith<WTF::StringImpl, WTF::StringImpl> + 8
https://bugs.webkit.org/show_bug.cgi?id=156512
rdar://problem/24220567

Reviewed by Benjamin Poulain.

Land a test that verifies that setting attr to null does not crash with attribute selectors.
This was fixed by http://trac.webkit.org/changeset/199392.

* fast/css/attribute-selector-null-crash-expected.html: Added.
* fast/css/attribute-selector-null-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPython test webkitpy.common.system.executive_unittest.ExecutiveTest.serial_test_kill_...
ap@apple.com [Wed, 13 Apr 2016 03:57:36 +0000 (03:57 +0000)]
Python test webkitpy.common.system.executive_unittest.ExecutiveTest.serial_test_kill_process is flaky
https://bugs.webkit.org/show_bug.cgi?id=155367

Reviewed by Darin Adler.

* Scripts/webkitpy/common/system/executive.py: (Executive.kill_process):
Don't flakily consume the return code with waitpid, callers need to do waitpid on
their own. Not sure if this line of code was even intentional.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed undo change from ArrayClass to ArrayWithUndecided, which
keith_miller@apple.com [Wed, 13 Apr 2016 03:14:14 +0000 (03:14 +0000)]
Unreviewed undo change from ArrayClass to ArrayWithUndecided, which
was not intedend to land with r199397.

* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r198933): Unable to login to Google account from Internet Accounts prefer...
dbates@webkit.org [Wed, 13 Apr 2016 02:29:23 +0000 (02:29 +0000)]
REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Darin Adler.

Reverts the workaround landed in r199301 and teaches ProcessLauncherMac to use the code
signing identifier of the UI process as the client-identifier if it is signed. Otherwise,
we fall back to using the main bundle identifier or _NSGetProgname() depending on whether
the UI process has an associated app bundle.

* PlatformMac.cmake: Add file Shared/mac/CodeSigning.mm.
* Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::initializeSandbox):
(WebKit::codeSigningIdentifierForProcess): Deleted; moved from here to file Shared/mac/CodeSigning.mm.
* Shared/mac/CodeSigning.h: Added.
* Shared/mac/CodeSigning.mm: Added.
(WebKit::secCodeForCurrentProcess): Added.
(WebKit::secCodeForProcess): Added.
(WebKit::secCodeSigningInformation): Added.
(WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Added.
(WebKit::secCodeSigningIdentifier): Added.
(WebKit::codeSigningIdentifier): Returns the code signing identifier for the current process.
(WebKit::codeSigningIdentifierForProcess): Moved from file Shared/mac/ChildProcessMac.mm. Extracted logic
into various helper functions (above) so that it can be shared with WebKit::codeSigningIdentifier() as
well as to improve the readability of the code. Removed the OSStatus out argument that was used by callers
for logging purposes and moved such logging responsibility into WebKit::secCodeSigningIdentifier() as
a release assertion message since we always want to log this error when code signing validation fails. We
use a release assertion to cause a noticeable crash because we such failures should not occur and if they
do then we want to see crash reports so that we can handle such failures. Using a release assertion for
validation failures also simplifies the possible return values of this function as such failures represented
the only case where this function would return an empty string. We now return either a null string or a non-
empty string. We return a null string when the specified process is either unsigned or signed by a third-party;
otherwise, we return a non-empty string that represents the code signing identifier.
* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::connectToService): Use the code signing identifier for the client-identifier if we have one (e.g.
we are signed app). If we do not have a code signing identifier then take client-identifier to be the
bundle identifier of our main bundle. Failing that we take client-identifier to be _NSGetProgname().
* WebKit2.xcodeproj/project.pbxproj: Add files Shared/mac/CodeSigning.{h, mm}.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRollout: ES6: Implement String.prototype.split and RegExp.prototype[@@split].
mark.lam@apple.com [Wed, 13 Apr 2016 01:31:52 +0000 (01:31 +0000)]
Rollout: ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Speculative rollout to fix 32-bit shadow-chicken.yaml/tests/v8-v6/v8-regexp.js.shadow-chicken test failure.

Not reviewed.

Source/JavaScriptCore:

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/GlobalObject.js:
(speciesGetter):
(speciesConstructor): Deleted.
* builtins/PromisePrototype.js:
* builtins/RegExpPrototype.js:
(advanceStringIndexUnicode):
(match):
(advanceStringIndex): Deleted.
(regExpExec): Deleted.
(hasObservableSideEffectsForRegExpSplit): Deleted.
(split): Deleted.
* builtins/StringPrototype.js:
(repeat):
(split): Deleted.
* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):
* bytecode/BytecodeIntrinsicRegistry.h:
* runtime/CommonIdentifiers.h:
* runtime/ECMAScriptSpecInternalFunctions.cpp: Removed.
* runtime/ECMAScriptSpecInternalFunctions.h: Removed.
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::setGlobalThis):
(JSC::JSGlobalObject::init):
(JSC::getGetterById): Deleted.
* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setDescriptor):
* runtime/RegExpObject.h:
(JSC::RegExpObject::offsetOfLastIndexIsWritable):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex): Deleted.
(JSC::regExpProtoFuncSplitFast): Deleted.
* runtime/RegExpPrototype.h:
* runtime/StringObject.h:
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
(JSC::substituteBackreferencesSlow):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncEndsWith):
(JSC::stringProtoFuncIncludes):
(JSC::stringProtoFuncIterator):
(JSC::stringProtoFuncSplitFast): Deleted.
(JSC::builtinStringSubstrInternal): Deleted.
(JSC::stringIncludesImpl): Deleted.
(JSC::builtinStringIncludesInternal): Deleted.
* runtime/StringPrototype.h:
* tests/es6.yaml:

LayoutTests:

* js/Object-getOwnPropertyNames-expected.txt:
* js/dom/string-prototype-properties-expected.txt:
* js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects2.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-global.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Removed.
* js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Removed.
* js/regress/regexp-prototype-split-observable-side-effects4.html: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Removed.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Removed.
* js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Removed.
* js/regress/string-prototype-split-observable-side-effects-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects.html: Removed.
* js/regress/string-prototype-split-observable-side-effects2-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects2.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-flags.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-global.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-multiline.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-sticky.html: Removed.
* js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects3-unicode.html: Removed.
* js/regress/string-prototype-split-observable-side-effects4-expected.txt: Removed.
* js/regress/string-prototype-split-observable-side-effects4.html: Removed.
* js/script-tests/Object-getOwnPropertyNames.js:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoShould retrieve text surrounding the selection when performing lookup.
enrica@apple.com [Wed, 13 Apr 2016 01:07:26 +0000 (01:07 +0000)]
Should retrieve text surrounding the selection when performing lookup.
https://bugs.webkit.org/show_bug.cgi?id=156525
rdar://problem/25043678

Reviewed by Tim Horton.

The lookup functionality requires the surrounding text to improve
the quality of the results. This patch changes the implementation of
_lookup to retrieve the text before and the text after the selection.
It also renames DictationContextCallback to SelectionContextCallback so
that it can be used for both dictation and lookup, since they both need
the surrounding text.

* UIProcess/AutoCorrectionCallback.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _lookup:]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::autocorrectionDataCallback):
(WebKit::WebPageProxy::selectionContextCallback):
(WebKit::WebPageProxy::getAutocorrectionContext):
(WebKit::WebPageProxy::getSelectionContext):
(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):
(WebKit::WebPageProxy::dictationContextCallback): Deleted.
(WebKit::WebPageProxy::getLookupContextAtPoint): Deleted.
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::performDefaultBehaviorForKeyEvent):
(WebKit::WebPage::getSelectionContext):
(WebKit::WebPage::accessibilityObjectForMainFramePlugin):
(WebKit::WebPage::requestDictationContext):
(WebKit::WebPage::replaceSelectedText):
(WebKit::WebPage::getLookupContextAtPoint): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove 2 unused JSC options.
mark.lam@apple.com [Wed, 13 Apr 2016 00:48:50 +0000 (00:48 +0000)]
Remove 2 unused JSC options.
https://bugs.webkit.org/show_bug.cgi?id=156526

Reviewed by Benjamin Poulain.

The options JSC_assertICSizing and JSC_dumpFailedICSizing are no longer in use
now that we have B3.

* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Add support for Symbol.isConcatSpreadable.
keith_miller@apple.com [Wed, 13 Apr 2016 00:37:52 +0000 (00:37 +0000)]
[ES6] Add support for Symbol.isConcatSpreadable.
https://bugs.webkit.org/show_bug.cgi?id=155351

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to do so it was necessary to move the
Array.prototype.concat function to JS. A number of different optimizations were needed to make such the move to
a builtin performant. First, four new DFG intrinsics were added.

1) IsArrayObject (I would have called it IsArray but we use the same name for an IndexingType): an intrinsic of
   the Array.isArray function.
2) IsJSArray: checks the first child is a JSArray object.
3) IsArrayConstructor: checks the first child is an instance of ArrayConstructor.
4) CallObjectConstructor: an intrinsic of the Object constructor.

IsActualObject, IsJSArray, and CallObjectConstructor can all be converted into constants in the abstract interpreter if
we are able to prove that the first child is an Array or for ToObject an Object.

In order to further improve the perfomance we also now cover more indexing types in our fast path memcpy
code. Before we would only memcpy Arrays if they had the same indexing type and did not have Array storage and
were not undecided. Now the memcpy code covers the following additional two cases: One array is undecided and
the other is a non-array storage and the case where one array is Int32 and the other is contiguous (we map this
into a contiguous array).

This patch also adds a new fast path for concat with more than one array argument by using memcpy to append
values onto the result array. This works roughly the same as the two array fast path using the same methodology
to decide if we can memcpy the other butterfly into the result butterfly.

Two new debugging tools are also added to the jsc cli. One is a version of the print function with a private
name so it can be used for debugging builtins. The other is dumpDataLog, which takes a JSValue and runs our
dataLog function on it.

Finally, this patch add a new constructor to JSValueRegsTemporary that allows it to reuse the the registers of a
JSValueOperand if the operand's use count is one.

* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/ArrayPrototype.js:
(concatSlowPath):
(concat):
* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
* bytecode/BytecodeIntrinsicRegistry.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileIsArrayObject):
(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayConstructor):
(JSC::FTL::DFG::LowerDFGToB3::isArray):
* jit/JITOperations.h:
* jsc.cpp:
(GlobalObject::finishCreation):
(functionDataLogValue):
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):
* runtime/ArrayConstructor.h:
(JSC::isArrayConstructor):
* runtime/ArrayPrototype.cpp:
(JSC::ArrayPrototype::finishCreation):
(JSC::arrayProtoPrivateFuncIsJSArray):
(JSC::moveElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
(JSC::arrayProtoPrivateFuncAppendMemcpy):
(JSC::arrayProtoFuncConcat): Deleted.
* runtime/ArrayPrototype.h:
(JSC::ArrayPrototype::createStructure):
* runtime/CommonIdentifiers.h:
* runtime/Intrinsic.h:
* runtime/JSArray.cpp:
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.
* runtime/JSArray.h:
(JSC::JSArray::createStructure):
(JSC::JSArray::fastConcatType): Deleted.
* runtime/JSArrayInlines.h: Added.
(JSC::JSArray::memCopyWithIndexingType):
(JSC::JSArray::canFastCopy):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSType.h:
* runtime/ObjectConstructor.h:
(JSC::constructObject):
* tests/es6.yaml:
* tests/stress/array-concat-spread-object.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy-exception-check.js: Added.
(arrayEq):
* tests/stress/array-concat-spread-proxy.js: Added.
(arrayEq):
* tests/stress/array-concat-with-slow-indexingtypes.js: Added.
(arrayEq):
* tests/stress/array-species-config-array-constructor.js:

LayoutTests:

Fix tests for Symbol.isConcatSpreadable on the Symbol object.

* js/Object-getOwnPropertyNames-expected.txt:
* js/dom/array-prototype-properties-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199397 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: save inspector's zoom factor as a persistent setting across sessions
bburg@apple.com [Tue, 12 Apr 2016 23:57:35 +0000 (23:57 +0000)]
Web Inspector: save inspector's zoom factor as a persistent setting across sessions
https://bugs.webkit.org/show_bug.cgi?id=156522
<rdar://problem/25635774>

Reviewed by Timothy Hatcher.

* UserInterface/Base/Main.js:
(WebInspector.loaded):
Initialize the setting and immediately set the zoom before the frontend page loads.

(WebInspector._increaseZoom):
(WebInspector._decreaseZoom):
(WebInspector._resetZoom):
Use the internal get/set method which updates the WebInspector.Setting.

(WebInspector._setZoomFactor):
Added. Round-trip through the frontend host method in case it further clamps the value.

(WebInspector._zoomFactor):
Added. Just return the setting, since there's no other way for zoom to have changed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Dock controls are not available in toolbar if Web Inspector window...
commit-queue@webkit.org [Tue, 12 Apr 2016 22:48:43 +0000 (22:48 +0000)]
Web Inspector: Dock controls are not available in toolbar if Web Inspector window leaves fullscreen
https://bugs.webkit.org/show_bug.cgi?id=156520
<rdar://problem/22101106>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-12
Reviewed by Timothy Hatcher.

* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::platformCanAttach):
Be more explicit about the attachment view check. Its intent
was to prevent allowing a 2nd level inspector from attaching
to a 1st level inspector. We can use a stronger check. Also,
remove deprecated pragmas by switching to new value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLets not iterate over the constant pool twice every time we link a code block
sbarati@apple.com [Tue, 12 Apr 2016 22:42:06 +0000 (22:42 +0000)]
Lets not iterate over the constant pool twice every time we link a code block
https://bugs.webkit.org/show_bug.cgi?id=156517

Reviewed by Mark Lam.

I introduced a second iteration over the constant pool when I implemented
block scoping. I did this because we must clone all the symbol tables when
we link a CodeBlock. We can just do this cloning when setting the constant
registers for the first time. There is no need to iterate over the constant
pool a second time.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::setAlternative):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::replaceConstant):
(JSC::CodeBlock::setConstantRegisters): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoES6: Implement String.prototype.split and RegExp.prototype[@@split].
mark.lam@apple.com [Tue, 12 Apr 2016 22:40:25 +0000 (22:40 +0000)]
ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Reviewed by Keith Miller.

Source/JavaScriptCore:

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/GlobalObject.js:
(speciesConstructor):
* builtins/PromisePrototype.js:
- refactored to use the @speciesConstructor internal function.

* builtins/RegExpPrototype.js:
(advanceStringIndex):
- refactored from @advanceStringIndexUnicode() to be match the spec.
  Benchmarks show that there's no advantage in doing the unicode check outside
  of the advanceStringIndexUnicode part.  So, I simplified the code to match the
  spec (especially since @@split needs to call advanceStringIndex from more than
  1 location).
(match):
- Removed an unnecessary call to @Object because it was already proven above.
- Changed to use advanceStringIndex instead of advanceStringIndexUnicode.
  Again, there's no perf regression for this.
(regExpExec):
(hasObservableSideEffectsForRegExpSplit):
(split):
(advanceStringIndexUnicode): Deleted.

* builtins/StringPrototype.js:
(split):
- Modified to use RegExp.prototype[@@split].

* bytecode/BytecodeIntrinsicRegistry.cpp:
(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):
* bytecode/BytecodeIntrinsicRegistry.h:
- Added the @@split symbol.

* runtime/CommonIdentifiers.h:
* runtime/ECMAScriptSpecInternalFunctions.cpp: Added.
(JSC::esSpecIsConstructor):
(JSC::esSpecIsRegExp):
* runtime/ECMAScriptSpecInternalFunctions.h: Added.

* runtime/JSGlobalObject.cpp:
(JSC::getGetterById):
(JSC::JSGlobalObject::init):

* runtime/PropertyDescriptor.cpp:
(JSC::PropertyDescriptor::setDescriptor):
- Removed an assert that is no longer valid.

* runtime/RegExpObject.h:
- Made advanceStringUnicode() public so that it can be re-used by the regexp split
  fast path.

* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex):
(JSC::regExpProtoFuncSplitFast):
* runtime/RegExpPrototype.h:

* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
- Hoisted some utility functions from StringPrototype.cpp so that they can be
  reused by the regexp split fast path.

* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::builtinStringSubstrInternal):
(JSC::stringProtoFuncSubstring):
(JSC::stringIncludesImpl):
(JSC::stringProtoFuncIncludes):
(JSC::builtinStringIncludesInternal):
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
(JSC::stringProtoFuncSplit): Deleted.
* runtime/StringPrototype.h:

* tests/es6.yaml:

LayoutTests:

* js/Object-getOwnPropertyNames-expected.txt:
* js/dom/string-prototype-properties-expected.txt:

* js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects2.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-global.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Added.
* js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Added.
* js/regress/regexp-prototype-split-observable-side-effects4.html: Added.

* js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Added.
* js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Added.

* js/regress/script-tests/string-prototype-split-observable-side-effects.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Added.
* js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Added.

* js/regress/string-prototype-split-observable-side-effects-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects.html: Added.
* js/regress/string-prototype-split-observable-side-effects2-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects2.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-flags.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-global.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-multiline.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-sticky.html: Added.
* js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects3-unicode.html: Added.
* js/regress/string-prototype-split-observable-side-effects4-expected.txt: Added.
* js/regress/string-prototype-split-observable-side-effects4.html: Added.

* js/script-tests/Object-getOwnPropertyNames.js:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttr.value should not be nullable
cdumez@apple.com [Tue, 12 Apr 2016 22:38:35 +0000 (22:38 +0000)]
Attr.value should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=156515

Reviewed by Benjamin Poulain.

Source/WebCore:

Update Attr.value so that it is no longer nullable, as per:
https://dom.spec.whatwg.org/#interface-attr

This aligns our behavior with Firefox and Chrome as well.

Test: fast/dom/Attr/value-not-nullable.html

* dom/Attr.cpp:
(WebCore::Attr::setValueForBindings):
(WebCore::Attr::setNodeValue):
(WebCore::Attr::setValue):
* dom/Attr.h:
* dom/Attr.idl:

LayoutTests:

Add layout test and rebaseline existing one now that Attr.value is no
longer nullable.

* fast/dom/Attr/value-not-nullable-expected.txt: Added.
* fast/dom/Attr/value-not-nullable.html: Added.
* fast/dom/coreDOM-element-attribute-js-null-expected.txt:
* fast/dom/coreDOM-element-attribute-js-null.xhtml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAbstractValue should use the result type to filter structures
keith_miller@apple.com [Tue, 12 Apr 2016 21:52:08 +0000 (21:52 +0000)]
AbstractValue should use the result type to filter structures
https://bugs.webkit.org/show_bug.cgi?id=156516

Reviewed by Geoffrey Garen.

When filtering an AbstractValue with a SpeculatedType we would not use the merged type when
filtering out the valid structures (despite what the comment directly above said). This
would cause us to crash if our structure-set was Top and the two speculated types were
different kinds of cells.

* dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::filter):
* tests/stress/ai-consistency-filter-cells.js: Added.
(get value):
(attribute.value.get record):
(attribute.attrs.get this):
(get foo):
(let.thisValue.return.serialize):
(let.thisValue.transformFor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Show the normal Native icon for all Internal objects in Heap Snapshots
commit-queue@webkit.org [Tue, 12 Apr 2016 21:35:33 +0000 (21:35 +0000)]
Web Inspector: Show the normal Native icon for all Internal objects in Heap Snapshots
https://bugs.webkit.org/show_bug.cgi?id=156513

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-04-12
Reviewed by Timothy Hatcher.

* UserInterface/Views/HeapSnapshotClusterContentView.js:
(WebInspector.HeapSnapshotClusterContentView.iconStyleClassNameForClassName):
Show the native icon for internal objects.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, remove FIXME for https://bugs.webkit.org/show_bug.cgi?id=156457 and repla...
fpizlo@apple.com [Tue, 12 Apr 2016 21:10:27 +0000 (21:10 +0000)]
Unreviewed, remove FIXME for https://bugs.webkit.org/show_bug.cgi?id=156457 and replace it
with a comment that describes what we do now.

* bytecode/PolymorphicAccess.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake sync-buildbot.js fault safe
rniwa@webkit.org [Tue, 12 Apr 2016 21:04:09 +0000 (21:04 +0000)]
Make sync-buildbot.js fault safe
https://bugs.webkit.org/show_bug.cgi?id=156498

Reviewed by Chris Dumez.

Fixed a bug that sync-buildbot.js will continue to schedule build requests from multiple test groups
if multiple test groups are simultaneously in-progress on the same builder. Also fixed a bug that if
a build request had failed without leaving a trace (i.e. no entry on any of the builders we know of),
sync-buildbot.js throws an exception.

* server-tests/tools-buildbot-triggerable-tests.js: Added test cases.
* tools/js/buildbot-syncer.js:
(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Renamed. Optionally takes the slave name.
When this parameter is specified, schedule the request only if the specified slave is available.
* tools/js/buildbot-triggerable.js:
(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Always use
scheduleRequestInGroupIfAvailable to schedule a new build request. Using scheduleRequest for non-first
build requests was problematic when there were multiple test groups with pending requests because then
we would schedule those pending requests without checking whether there is already a pending job or if
we have previously scheduled a job. Also fallback to use any syncer / builder when groupInfo.syncer is
not set even if the next request was not the first one in the test group since we can't determine on
which builder preceding requests are processed in such cases.
* unit-tests/buildbot-syncer-tests.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: inspector/heap/getRemoteObject.html is flakey
ddkilzer@apple.com [Tue, 12 Apr 2016 21:03:52 +0000 (21:03 +0000)]
Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156077>

Unreviewed test expectations update.

* platform/mac-wk2/TestExpectations:
(inspector/heap/getRemoteObject.html): Update bug number.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: inspector/heap/getRemoteObject.html is flakey
ddkilzer@apple.com [Tue, 12 Apr 2016 20:56:10 +0000 (20:56 +0000)]
Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156514>

Unreviewed test expectations update.

* platform/mac-wk2/TestExpectations:
(inspector/heap/getRemoteObject.html): Mark as flakey.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFixed uninitialization of Node::DataUnion with GCC 4.8.
commit-queue@webkit.org [Tue, 12 Apr 2016 20:47:42 +0000 (20:47 +0000)]
Fixed uninitialization of Node::DataUnion with GCC 4.8.
https://bugs.webkit.org/show_bug.cgi?id=156507

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-04-12
Reviewed by Michael Catanzaro.

This change fixes run time crashes caused by access to uninitialized
memory in Node::renderer().

No new tests needed.

* dom/Node.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoisLocked() assertion broke builds because ConcurrentJITLock isn't always a real lock.
sbarati@apple.com [Tue, 12 Apr 2016 20:47:24 +0000 (20:47 +0000)]
isLocked() assertion broke builds because ConcurrentJITLock isn't always a real lock.

Rubber-stamped by Filip Pizlo.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] do not exit AirPlay when the screen locks
eric.carlson@apple.com [Tue, 12 Apr 2016 20:40:41 +0000 (20:40 +0000)]
[iOS] do not exit AirPlay when the screen locks
https://bugs.webkit.org/show_bug.cgi?id=156502
<rdar://problem/24616592>

Reviewed by Jer Noble.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction): Add logging.
(WebCore::HTMLMediaElement::purgeBufferedDataIfPossible): Don't tell the media engine to purge
  data if it is playing to a wireless target because that will drop the connection.

* html/MediaElementSession.cpp:
(WebCore::MediaElementSession::playbackPermitted): Add logging.
(WebCore::MediaElementSession::canPlayToWirelessPlaybackTarget): Drive by fix: iOS doesn't
  have an explicit playbackTarget, don't test for it.
(WebCore::MediaElementSession::isPlayingToWirelessPlaybackTarget): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPolymorphicAccess should buffer AccessCases before regenerating
fpizlo@apple.com [Tue, 12 Apr 2016 20:06:26 +0000 (20:06 +0000)]
PolymorphicAccess should buffer AccessCases before regenerating
https://bugs.webkit.org/show_bug.cgi?id=156457

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Prior to this change, whenever we added an AccessCase to a PolymorphicAccess, we would
regenerate the whole stub. That meant that we'd do O(N^2) work for N access cases.

One way to fix this is to have each AccessCase generate a stub just for itself, which
cascades down to the already-generated cases. But that removes the binary switch
optimization, which makes the IC perform great even when there are many cases.

This change fixes the issue by buffering access cases. When we take slow path and try to add
a new case, the StructureStubInfo will usually just buffer the new case without generating
new code. We simply guarantee that after we buffer a case, we will take at most
Options::repatchBufferingCountdown() slow path calls before generating code for it. That
option is currently 7. Taking 7 more slow paths means that we have 7 more opportunities to
gather more access cases, or to realize that this IC is too crazy to bother with.

This change ensures that the DFG still gets the same kind of profiling. This is because the
buffered AccessCases are still part of PolymorphicAccess and so are still scanned by
GetByIdStatus and PutByIdStatus. The fact that the AccessCases hadn't been generated and so
hadn't executed doesn't change much. Mainly, it increases the likelihood that the DFG will
see an access case that !couldStillSucceed(). The DFG's existing profile parsing logic can
handle this just fine.

There are a bunch of algorithmic changes here. StructureStubInfo now caches the set of
structures that it has seen as a guard to prevent adding lots of redundant cases, in case
we see the same 7 cases after buffering the first one. This cache means we won't wastefully
allocate 7 identical AccessCase instances. PolymorphicAccess is now restructured around
having separate addCase() and regenerate() calls. That means a bit more moving data around.
So far that seems OK for performance, probably since it's O(N) work rather than O(N^2) work.
There is room for improvement for future patches, to be sure.

This is benchmarking as slightly positive or neutral on JS benchmarks. It's meant to reduce
pathologies I saw in page loads.

* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
* bytecode/PolymorphicAccess.cpp:
(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::addCases):
(JSC::PolymorphicAccess::addCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::commit):
(JSC::PolymorphicAccess::regenerate):
(JSC::PolymorphicAccess::aboutToDie):
(WTF::printInternal):
(JSC::PolymorphicAccess::regenerateWithCases): Deleted.
(JSC::PolymorphicAccess::regenerateWithCase): Deleted.
* bytecode/PolymorphicAccess.h:
(JSC::AccessCase::isGetter):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessGenerationResult::AccessGenerationResult):
(JSC::AccessGenerationResult::madeNoChanges):
(JSC::AccessGenerationResult::gaveUp):
(JSC::AccessGenerationResult::buffered):
(JSC::AccessGenerationResult::generatedNewCode):
(JSC::AccessGenerationResult::generatedFinalCode):
(JSC::AccessGenerationResult::shouldGiveUpNow):
(JSC::AccessGenerationResult::generatedSomeCode):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::considerCaching):
(JSC::StructureStubInfo::willRepatch): Deleted.
(JSC::StructureStubInfo::willCoolDown): Deleted.
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::putByIndex):
(JSC::JSValue::structureOrNull):
(JSC::JSValue::structureOrUndefined):
* runtime/Options.h:

Source/WTF:

* wtf/TinyPtrSet.h:
(WTF::TinyPtrSet::add): Add a helpful comment because I had forgotten what the bool return meant.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebKit should adopt journal_mode=wal for all SQLite databases.
barraclough@apple.com [Tue, 12 Apr 2016 19:37:37 +0000 (19:37 +0000)]
WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Rubber stamped by Chris Dumez.

Temporarily disable on iOS - this broke a test.
(storage/websql/alter-to-info-table.html)

* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::open):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector...
joepeck@webkit.org [Tue, 12 Apr 2016 19:35:22 +0000 (19:35 +0000)]
Web Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector is open.
https://bugs.webkit.org/show_bug.cgi?id=111193
<rdar://problem/13325889>

Reviewed by Timothy Hatcher.

Source/WebCore:

* inspector/InspectorClient.h:
(WebCore::InspectorClient::elementSelectionChanged):
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::setSearchingForNode):
Inform the client when element selection changes.

Source/WebInspectorUI:

* UserInterface/Controllers/DOMTreeManager.js:
(WebInspector.DOMTreeManager.prototype.set inspectModeEnabled):
(WebInspector.DOMTreeManager.set inspectModeEnabled.callback):
* UserInterface/Protocol/InspectorFrontendAPI.js:
(InspectorFrontendAPI.setElementSelectionEnabled):
Frontend API to enable element selection.

Source/WebKit2:

* UIProcess/API/C/WKInspector.cpp:
(WKInspectorIsElementSelectionActive):
(WKInspectorToggleElementSelection):
* UIProcess/API/C/WKInspector.h:
API for WebKit clients to toggle element selection.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::toggleElementSelection):
(WebKit::WebInspectorProxy::elementSelectionChanged):
* UIProcess/WebInspectorProxy.h:
(WebKit::WebInspectorProxy::isElementSelectionActive):
* UIProcess/WebInspectorProxy.messages.in:
UIProcess update according to the state of the page
and action to tell the page to toggle.
When starting, pre-connect the inspector. When the
state changes, if we were stopping and nothing was
selected, then disconnect. Otherwise, we will bring
the inspector to the front.

* WebProcess/WebCoreSupport/WebInspectorClient.cpp:
(WebKit::WebInspectorClient::elementSelectionChanged):
* WebProcess/WebCoreSupport/WebInspectorClient.h:
Let the UIProcess update its cached state of whether or
not element selection is enabled or disabled.

* WebProcess/WebPage/WebInspector.cpp:
(WebKit::WebInspector::startElementSelection):
(WebKit::WebInspector::stopElementSelection):
(WebKit::WebInspector::elementSelectionChanged):
* WebProcess/WebPage/WebInspector.h:
* WebProcess/WebPage/WebInspector.messages.in:
Messages in both directions.
UIProcess -> InspectorProcess enable/disable.
WebProcess -> UIProcess updated element selection state.

* WebProcess/WebPage/WebInspectorUI.cpp:
(WebKit::WebInspectorUI::startElementSelection):
(WebKit::WebInspectorUI::stopElementSelection):
* WebProcess/WebPage/WebInspectorUI.h:
* WebProcess/WebPage/WebInspectorUI.messages.in:
Open the inspector and enable element selection.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Should be able to expand Objects in Heap Allocations View to see exact...
joepeck@webkit.org [Tue, 12 Apr 2016 19:35:12 +0000 (19:35 +0000)]
Web Inspector: Should be able to expand Objects in Heap Allocations View to see exactly what it retains
https://bugs.webkit.org/show_bug.cgi?id=156419
<rdar://problem/25633863>

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

* Localizations/en.lproj/localizedStrings.js:
* UserInterface/Main.html:
Remove strings, and fix sort.

* UserInterface/Models/HeapSnapshotRootPath.js:
(WebInspector.HeapSnapshotRootPath.pathComponentForIndividualEdge):
(WebInspector.HeapSnapshotRootPath.canPropertyNameBeDotAccess):
(WebInspector.HeapSnapshotRootPath.prototype.appendPropertyName):
(WebInspector.HeapSnapshotRootPath.prototype._canPropertyNameBeDotAccess):
Provide a helper to get an path component string for an individual edge.

* UserInterface/Models/PropertyPreview.js:
(WebInspector.PropertyPreview):
Fix an assert that may have errantly fired for an empty string name.

* UserInterface/Proxies/HeapSnapshotNodeProxy.js:
(WebInspector.HeapSnapshotNodeProxy):
(WebInspector.HeapSnapshotNodeProxy.deserialize):
Include "hasChildren" property in the original proxy message.

(WebInspector.HeapSnapshotNodeProxy.prototype.retainedNodes):
The method now also returns a list of edges for each of the retained nodes.

* UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:
(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.sort):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._populate):
An instance DataGrid node can now show children. It can expand to show
its retained node graph.

* UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:
(HeapSnapshot.instancesWithClassName):
(HeapSnapshot.prototype.dominatedNodes):
(HeapSnapshot.prototype.retainers):
(HeapSnapshot.prototype.serializeNode):
Remove unnecessary calls to bind in favor of using the `thisObject` argument.

(HeapSnapshot.prototype.retainedNodes):
Return a parallel list of edges for each of the nodes.

* UserInterface/Views/HeapSnapshotClassDataGridNode.js:
(WebInspector.HeapSnapshotClassDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):
* UserInterface/Views/HeapSnapshotClusterContentView.js:
(WebInspector.HeapSnapshotClusterContentView.prototype.get summaryContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get instancesContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.shown):
(WebInspector.HeapSnapshotClusterContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get navigationItems): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._contentViewExtraArguments): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._toggleShowInternalObjectsSetting): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateViewsForShowInternalObjectsSettingValue): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateShowInternalObjectsButtonNavigationItem): Deleted.
* UserInterface/Views/HeapSnapshotInstancesContentView.js:
(WebInspector.HeapSnapshotInstancesContentView):
(WebInspector.HeapSnapshotInstancesContentView.prototype.get showInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesContentView.prototype.set showInternalObjects): Deleted.
* UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype._populateTopLevel):
(WebInspector.HeapSnapshotInstancesDataGridTree):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get includeInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set includeInternalObjects): Deleted.
* UserInterface/Views/HeapSnapshotSummaryContentView.js:
Remove the show/hide internal objects button. In the Instances view we will
only show non-Internal objects at the top level, and show internal objects
when those instances are expanded.

LayoutTests:

* inspector/unit-tests/heap-snapshot-expected.txt:
* inspector/unit-tests/heap-snapshot.html:
Add a quick test that retainedNodes returns a list of edges.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRegression(r199360): assertion hit in Element::fastGetAttribute()
cdumez@apple.com [Tue, 12 Apr 2016 18:44:54 +0000 (18:44 +0000)]
Regression(r199360): assertion hit in Element::fastGetAttribute()
https://bugs.webkit.org/show_bug.cgi?id=156509

Reviewed by Ryosuke Niwa.

Stop using fastGetAttribute() / setAttributeWithoutSynchronization()
given that DOMTokenList is used for the class attribute and we need
to synchronize in this case.

No new tests, already covered by existing tests.

* html/DOMTokenList.cpp:
(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[RTL Scrollbars] Overlay scrollbars push contents inwards
mmaxfield@apple.com [Tue, 12 Apr 2016 18:40:19 +0000 (18:40 +0000)]
[RTL Scrollbars] Overlay scrollbars push contents inwards
https://bugs.webkit.org/show_bug.cgi?id=156225
<rdar://problem/25137040>

Reviewed by Darin Adler.

Source/WebCore:

The contents should be pushed in by the occupied width of the
scrollbar, which is 0 for overlay scrollbars.

Test: fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::computeScrollDimensions):

LayoutTests:

* fast/scrolling/rtl-scrollbars-overlay-no-push-contents-expected.html: Added.
* fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThere is a race with the compiler thread and the main thread with result profiles
sbarati@apple.com [Tue, 12 Apr 2016 18:38:16 +0000 (18:38 +0000)]
There is a race with the compiler thread and the main thread with result profiles
https://bugs.webkit.org/show_bug.cgi?id=156503

Reviewed by Filip Pizlo.

The compiler thread should not be asking for a result
profile while the execution thread is creating one.
We must guard against such races with a lock.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):
(JSC::CodeBlock::capabilityLevel):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::numberOfResultProfiles):
(JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[OS X] Flakey crash after ScrollAnimatorMac destruction
mmaxfield@apple.com [Tue, 12 Apr 2016 18:33:56 +0000 (18:33 +0000)]
[OS X] Flakey crash after ScrollAnimatorMac destruction
https://bugs.webkit.org/show_bug.cgi?id=156372

Reviewed by Darin Adler.

Source/WebCore:

Previously, we were disabling the mock scrollbars using JavaScript after
the WebView was created. However, enabling these mock scrollbars can be
triggered with a bit of state inside the WebPreferences object, which
means WebKit clients can change it at any point. DumpRenderTree is doing
this during the document's lifetime.

This means that the creation of the Scrollbar objects saw a non-mock
ScrollbarTheme, but the destruction of the Scrollbar objects saw a mock
ScrollbarTheme. Therefore, the non-mock ScrollbarTheme doesn't get
cleaned up correctly (ScrollAnimatorMac::willRemoveVerticalScrollbar()
returns early because it sees that there is nothing to deregister
due to the ScrollbarTheme being mocked).

This cleanup is necessary because it sets the NSScrollerImp's delegate
to nil before the NSScrollerImpDelegate gets destroyed. Because the
cleanup wasn't happening, the delegate pointer wasn't getting set to
nil, so the pointer was dangling, and AppKit was following it and
crashing.

Because the clients of this bit of state can change it at any time,
it is incorrect to change it in JavaScript. Instead, the client must
manage this bit of state (so the client and the web process are always
in sync). Therefore, the correct way to set this bit of state must be
done in the test runner rather than Javascript internals. The mechanism
we have to do that is the <!-- webkit-test-runner --> comment at the
beginning of the test. This patch migrates to this mechanism and removes
the old internals method.

Test: fast/scrolling/rtl-scrollbars-animation-property.html

* page/Settings.cpp:
* testing/Internals.cpp:
(WebCore::Internals::setMockScrollbarsEnabled): Deleted.
* testing/Internals.h:
* testing/Internals.idl:

Tools:

Implement the new <!-- webkit-test-runner --> flag.

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::TestController::resetStateToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):
* WebKitTestRunner/TestController.h:
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::invoke):
* WebKitTestRunner/TestOptions.h:
* WebKitTestRunner/mac/PlatformWebViewMac.mm:
(WKR::PlatformWebView::viewSupportsOptions):

LayoutTests:

Migrate to the new mechanism for disabling mock scrollbars in tests.

* fast/scrolling/rtl-scrollbars-animation-property.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: clearing the console should exit all console groups
mattbaker@apple.com [Tue, 12 Apr 2016 17:55:44 +0000 (17:55 +0000)]
Web Inspector: clearing the console should exit all console groups
https://bugs.webkit.org/show_bug.cgi?id=156496
<rdar://problem/25676416>

Reviewed by Timothy Hatcher.

* UserInterface/Views/LogContentView.js:
(WebInspector.LogContentView.prototype._logCleared):
Reset nesting level to zero.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r199339.
commit-queue@webkit.org [Tue, 12 Apr 2016 17:40:27 +0000 (17:40 +0000)]
Unreviewed, rolling out r199339.
https://bugs.webkit.org/show_bug.cgi?id=156505

memset_s is indeed necessary (Requested by alexchristensen_ on
#webkit).

Reverted changeset:

"Build fix after r199299."
https://bugs.webkit.org/show_bug.cgi?id=155508
http://trac.webkit.org/changeset/199339

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMIPS: add MacroAssemblerMIPS::store8(TrustedImm32,ImplicitAddress)
commit-queue@webkit.org [Tue, 12 Apr 2016 17:27:07 +0000 (17:27 +0000)]
MIPS: add MacroAssemblerMIPS::store8(TrustedImm32,ImplicitAddress)
https://bugs.webkit.org/show_bug.cgi?id=156481

This method with this signature is used by r199075, and therefore
WebKit doesn't build on MIPS since then.

Patch by Guillaume Emont <guijemont@igalia.com> on 2016-04-12
Reviewed by Mark Lam.

* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::store8):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove UsePointersEvenForNonNullableObjectArguments from SVG lists
darin@apple.com [Tue, 12 Apr 2016 17:08:31 +0000 (17:08 +0000)]
Remove UsePointersEvenForNonNullableObjectArguments from SVG lists
https://bugs.webkit.org/show_bug.cgi?id=156494

Reviewed by Chris Dumez.

* bindings/scripts/CodeGenerator.pm:
(ShouldPassWrapperByReference): For now, don't do this for any tear-off classes.
This includes the items stored in most SVG list classes.

* svg/SVGLengthList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
* svg/SVGNumberList.idl: Ditto.
* svg/SVGPointList.idl: Ditto.
* svg/SVGTransformList.idl: Ditto.

* svg/SVGPathSegList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
Marked the arguments nullable, and added FIXMEs about returning later since they
don't really need to be nullable. But fixing this requires some reworking of the
SVG list template and it's not urgent at this time. Preserves behavior where we
get an exception when passing null, it's just an SVG exception instead of TypeError.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoS390X and PPC64 architectures detection is wrong
commit-queue@webkit.org [Tue, 12 Apr 2016 16:44:36 +0000 (16:44 +0000)]
S390X and PPC64 architectures detection is wrong
https://bugs.webkit.org/show_bug.cgi?id=156337

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Carlos Garcia Campos.

After the http://trac.webkit.org/changeset/198919 was committed
it showed that the PPC64 detection is wrong as the CPU(PPC) path was
activated even for PPC64. The thing is that GCC defines __ppc__
even on PPC64 and not just on PPC(32). The same applies for S390X.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLazily update tokens in DOMTokenList when the associated attribute value changes
cdumez@apple.com [Tue, 12 Apr 2016 16:21:50 +0000 (16:21 +0000)]
Lazily update tokens in DOMTokenList when the associated attribute value changes
https://bugs.webkit.org/show_bug.cgi?id=156474

Reviewed by Ryosuke Niwa.

Lazily update tokens in DOMTokenList when the associated attribute value
changes for performance. Constructing the sanitized vector of tokens
every time the associated Element attribute changes is too expensive.
Instead, we mark the vector as dirty whenever the attribute changes, and
we only construct the sanitized vector when it is actually required.

Also do some renaming for clarity.

There is no web-exposed behavior change.

* dom/Element.cpp:
(WebCore::Element::classAttributeChanged):
* html/DOMTokenList.cpp:
(WebCore::DOMTokenList::contains):
(WebCore::DOMTokenList::addInternal):
(WebCore::DOMTokenList::removeInternal):
(WebCore::DOMTokenList::toggle):
(WebCore::DOMTokenList::value):
(WebCore::DOMTokenList::setValue):
(WebCore::DOMTokenList::updateTokensFromAttributeValue):
(WebCore::DOMTokenList::associatedAttributeValueChanged):
(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::DOMTokenList): Deleted.
* html/DOMTokenList.h:
(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::length):
(WebCore::DOMTokenList::item):
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::parseAttribute):
* html/HTMLIFrameElement.cpp:
(WebCore::HTMLIFrameElement::parseAttribute):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::parseAttribute):
* html/HTMLOutputElement.cpp:
(WebCore::HTMLOutputElement::parseAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
darin@apple.com [Tue, 12 Apr 2016 16:11:01 +0000 (16:11 +0000)]
Remove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
https://bugs.webkit.org/show_bug.cgi?id=156492

Reviewed by Chris Dumez.

* html/HTMLMediaElement.idl: Removed UsePointersEvenForNonNullableObjectArguments,
sorted remaining class attributes, simplified #if around canPlayType a bit,
removed comment that is not all that useful, made the argument to
webkitSetMediaKeys nullable since the implementation supports that.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199357 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWe incorrectly parse arrow function expressions
sbarati@apple.com [Tue, 12 Apr 2016 15:21:51 +0000 (15:21 +0000)]
We incorrectly parse arrow function expressions
https://bugs.webkit.org/show_bug.cgi?id=156373

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch removes the notion of "isEndOfArrowFunction".
This was a very weird function and it was incorrect.
It checked that the arrow functions with concise body
grammar production "had a valid ending". "had a valid
ending" is in quotes because concise body arrow functions
have a valid ending as long as their body has a valid
assignment expression. I've removed all notion of this
function because it was wrong and was causing us
to throw syntax errors on valid programs.

* parser/Lexer.cpp:
(JSC::Lexer<T>::nextTokenIsColon):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::setTokenPosition): Deleted.
* parser/Lexer.h:
(JSC::Lexer::setIsReparsingFunction):
(JSC::Lexer::isReparsingFunction):
(JSC::Lexer::lineNumber):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBodySourceElements):
(JSC::Parser<LexerType>::parseFunctionInfo):
* parser/Parser.h:
(JSC::Parser::matchIdentifierOrKeyword):
(JSC::Parser::tokenStart):
(JSC::Parser::autoSemiColon):
(JSC::Parser::canRecurse):
(JSC::Parser::isEndOfArrowFunction): Deleted.
(JSC::Parser::setEndOfStatement): Deleted.
* tests/stress/arrowfunction-others.js:
(testCase):
(simpleArrowFunction):
(truthy):
(falsey):

LayoutTests:

* js/parser-syntax-check-expected.txt:
* js/script-tests/parser-syntax-check.js:
(catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] media title sometimes remain in Control Center after tab is closed
eric.carlson@apple.com [Tue, 12 Apr 2016 15:19:31 +0000 (15:19 +0000)]
[iOS] media title sometimes remain in Control Center after tab is closed
https://bugs.webkit.org/show_bug.cgi?id=156243
<rdar://problem/20167445>

Reviewed by Darin Adler.

* Modules/webaudio/AudioContext.h: Implement characteristics.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaLoadingFailed): Call mediaSession->clientCharacteristicsChanged.
(WebCore::HTMLMediaElement::setReadyState): Ditto.
(WebCore::HTMLMediaElement::clearMediaPlayer): Ditto.
(WebCore::HTMLMediaElement::stop): Call mediaSession->stopSession.
(WebCore::HTMLMediaElement::characteristics): New, return current characteristics.
* html/HTMLMediaElement.h:

* platform/audio/PlatformMediaSession.cpp:
(WebCore::PlatformMediaSession::stopSession): Suspend playback, and remove the session
  from the manager, it will never play again.
(WebCore::PlatformMediaSession::characteristics): Return client characteristics.
(WebCore::PlatformMediaSession::clientCharacteristicsChanged):
* platform/audio/PlatformMediaSession.h:

* platform/audio/PlatformMediaSessionManager.cpp:
(WebCore::PlatformMediaSessionManager::stopAllMediaPlaybackForProcess): Call stopSession
  instead of pauseSession to signal that playback will never start again.
* platform/audio/PlatformMediaSessionManager.h:

* platform/audio/ios/MediaSessionManagerIOS.h:
* platform/audio/ios/MediaSessionManagerIOS.mm:
(WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Add logging.
(WebCore::MediaSessionManageriOS::removeSession): Update NowPlaying.
(WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Add logging.
(WebCore::MediaSessionManageriOS::clientCharacteristicsChanged): Update NowPlaying.
(WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): New, return the first session
  that is an audio or video element with playable audio. WebAudio is not currently controllable
  so it isn't appropriate to show it in the NowPlaying info center.
(WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Remember the last state passed to
  NowPlaying so we can call it only when something has changed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModify the CXXFLAGS in webkitdirs.pm just on architectures where the flags are supported
commit-queue@webkit.org [Tue, 12 Apr 2016 14:56:10 +0000 (14:56 +0000)]
Modify the CXXFLAGS in webkitdirs.pm just on architectures where the flags are supported
https://bugs.webkit.org/show_bug.cgi?id=156338

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Michael Catanzaro.

Add the "-march=pentium4 -msse2 -mfpmath=sse " into the CXXFLAGS just
for the i686 where it is supported and not for other architectures
(such as s390(x) and ppc(64)) where the build will fail with these
CXXFLAGS.

* Scripts/webkitdirs.pm:
(generateBuildSystemFromCMakeProject):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Rework scrollbars theming code for GTK+ 3.20
carlosgc@webkit.org [Tue, 12 Apr 2016 12:42:57 +0000 (12:42 +0000)]
[GTK] Rework scrollbars theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156462

Reviewed by Michael Catanzaro.

In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
GtkStyleContext cache.

* platform/gtk/RenderThemeGadget.cpp:
(WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
(WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
be able to get non-CSS style properties.
(WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
(WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
steppers used by the theme.
* platform/gtk/RenderThemeGadget.h:
* platform/gtk/ScrollbarThemeGtk.cpp:
(WebCore::themeChangedCallback):
(WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
(WebCore::createStyleContext):
(WebCore::createChildStyleContext):
(WebCore::ScrollbarThemeGtk::themeChanged):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::scrollbarPartStateFlags):
(WebCore::scrollbarGadgetForLayout):
(WebCore::contentsGadgetForLayout):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::hasThumb):
(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::paintStepper):
(WebCore::adjustRectAccordingToMargin):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):
* platform/gtk/ScrollbarThemeGtk.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Add parsing support for <auto-repeat> syntax
svillar@igalia.com [Tue, 12 Apr 2016 12:21:57 +0000 (12:21 +0000)]
[css-grid] Add parsing support for <auto-repeat> syntax
https://bugs.webkit.org/show_bug.cgi?id=155583

Reviewed by Antti Koivisto.

Source/WebCore:

The repeat() notation allows now to specify auto-fill or auto-fit instead of
a fixed number of repetitions meaning that it will be automatically computed
depending on the available space.

This patch just adds the parsing support, the expansion of the repeat notation
will be implemented in a follow up patch because it cannot be done at
parsing level (since it requires knowledge about the available space).

Test: fast/css-grid-layout/grid-element-auto-repeat-get-set.html

* CMakeLists.txt:
* css/CSSGridAutoRepeatValue.cpp: Added.
(WebCore::CSSGridAutoRepeatValue::customCSSText):
* css/CSSGridAutoRepeatValue.h: Added.
(WebCore::CSSGridAutoRepeatValue::create):
(WebCore::CSSGridAutoRepeatValue::autoRepeatID):
(WebCore::CSSGridAutoRepeatValue::CSSGridAutoRepeatValue):
* css/CSSParser.cpp:
(WebCore::allTracksAreFixedSized):
(WebCore::CSSParser::parseGridTrackList):
(WebCore::CSSParser::parseGridTrackRepeatFunction):
(WebCore::CSSParser::parseGridTrackSize):
(WebCore::CSSParser::parseGridBreadth):
* css/CSSParser.h:
* css/CSSValue.cpp:
(WebCore::CSSValue::equals):
(WebCore::CSSValue::cssText):
(WebCore::CSSValue::destroy):
* css/CSSValue.h:
(WebCore::CSSValue::isGridAutoRepeatValue):
* css/CSSValueKeywords.in:

LayoutTests:

* fast/css-grid-layout/grid-element-auto-repeat-get-set-expected.txt: Added.
* fast/css-grid-layout/grid-element-auto-repeat-get-set.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199343 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant...
utatane.tea@gmail.com [Tue, 12 Apr 2016 08:25:48 +0000 (08:25 +0000)]
[JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant folding in DFG
https://bugs.webkit.org/show_bug.cgi?id=155110

Reviewed by Saam Barati.

Source/JavaScriptCore:

`addStaticGlobals` does not emit SymbolTableEntry watchpoints for the added entries.
So, all the global variable lookups pointing to these static globals are not converted
into constants in DFGBytecodeGenerator: this fact leaves these lookups as GetGlobalVar.
Such thing avoids constant folding chance and emits CheckCell for @privateFunction inlining.
This operation is pure overhead.

Static globals are not configurable, and they are typically non-writable.
So they are constants in almost all the cases.

This patch initializes watchpoints for these static globals.
These watchpoints allow DFG to convert these nodes into constants in DFG BytecodeParser.
These watchpoints includes many builtin operations and `undefined`.

The microbenchmark, many-foreach-calls shows 5 - 7% improvement since it removes unnecessary CheckCell.

* bytecode/VariableWriteFireDetail.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addStaticGlobals):
* runtime/JSSymbolTableObject.h:
(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet): Deleted.
* runtime/SymbolTable.h:
(JSC::SymbolTableEntry::SymbolTableEntry):
(JSC::SymbolTableEntry::operator=):
(JSC::SymbolTableEntry::swap):

Source/WebCore:

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::updateDocument):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199342 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
svillar@igalia.com [Tue, 12 Apr 2016 08:24:38 +0000 (08:24 +0000)]
[css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
https://bugs.webkit.org/show_bug.cgi?id=156466

Reviewed by Darin Adler.

Several methods used to compute the items' size contribution to the tracks they span in, get
as an argument a vector with the sizes of the column tracks.

In order to support grids with orthogonal flows (among other things) it's much better to
pass the GridSizingData struct and let those methods decide whether to use the columns or
the rows.

No new tests as this is just a minor refactoring with no change in behavior.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::logicalContentHeightForChild):
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
* rendering/RenderGrid.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199341 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove failing assertion in ANGLE
commit-queue@webkit.org [Tue, 12 Apr 2016 07:38:31 +0000 (07:38 +0000)]
Remove failing assertion in ANGLE
https://bugs.webkit.org/show_bug.cgi?id=156485

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-12
Reviewed by Dean Jackson.

Source/ThirdParty/ANGLE:

* src/compiler/translator/glslang.l:
* src/compiler/translator/glslang_lex.cpp:

LayoutTests:

* fast/canvas/webgl/fragment-shader-assertion-expected.txt: Added.
* fast/canvas/webgl/fragment-shader-assertion.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199340 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBuild fix after r199299.
achristensen@apple.com [Tue, 12 Apr 2016 07:29:35 +0000 (07:29 +0000)]
Build fix after r199299.
https://bugs.webkit.org/show_bug.cgi?id=155508

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
memset_s is not defined.  __STDC_WANT_LIB_EXT1__ is not defined anywhere.
Since the return value is unused and set_constraint_handler_s is never called
I'm chaning it to memset.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199339 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBuild MiniBrowser with CMake on Mac
achristensen@apple.com [Tue, 12 Apr 2016 06:53:54 +0000 (06:53 +0000)]
Build MiniBrowser with CMake on Mac
https://bugs.webkit.org/show_bug.cgi?id=156471

Reviewed by Daniel Bates.

Source/WebKit2:

* DatabaseProcess/DatabaseProcess.messages.in:

Tools:

* CMakeLists.txt:
* DumpRenderTree/CMakeLists.txt:
* DumpRenderTree/PlatformWin.cmake:
* MiniBrowser/mac/CMakeLists.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199338 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] B3 can use undefined bits or not defined required bits when spilling
commit-queue@webkit.org [Tue, 12 Apr 2016 06:16:21 +0000 (06:16 +0000)]
[JSC] B3 can use undefined bits or not defined required bits when spilling
https://bugs.webkit.org/show_bug.cgi?id=156486

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-11
Reviewed by Filip Pizlo.

Spilling had issues when replacing arguments in place.

The problems are:
1) If we have a 32bit stackslot, a x86 instruction could still try to load 64bits from it.
2) If we have a 64bit stackslot, Move32 would only set half the bits.
3) We were reducing Move to Move32 even if the top bits are read from the stack slot.

The case 1 appear with something like this:
    Move32 %tmp0, %tmp1
    Op64 %tmp1, %tmp2, %tmp3
When we spill %tmp1, the stack slot is 32bit, Move32 sets 32bits
but Op64 supports addressing for %tmp1. When we substitute %tmp1 in Op64,
we are creating a 64bit read for a 32bit stack slot.

The case 2 is an other common one. If we have:
    BB#1
        Move32 %tmp0, %tmp1
        Jump #3
    BB#2
        Op64 %tmp0, %tmp1
        Jump #3
    BB#3
        Use64 %tmp1

We have a stack slot of 64bits. When spilling %tmp1 in #1, we are
effectively doing a 32bit store on the stack slot, leaving the top bits undefined.

Case 3 is pretty much the same as 2 but we create the Move32 ourself
because the source is a 32bit with ZDef.

Case (1) is solved by requiring that the stack slot is at least as large as the largest
use/def of that tmp.

Case (2) and (3) are solved by not replacing a Tmp by an Address if the Def
is smaller than the stack slot.

* b3/air/AirIteratedRegisterCoalescing.cpp:
* b3/testb3.cpp:
(JSC::B3::testSpillDefSmallerThanUse):
(JSC::B3::testSpillUseLargerThanDef):
(JSC::B3::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199337 268f45cc-cd09-0410-ab3c-d52691b4dbfc