WebKit-https.git
4 years agoExpose ValidityState on the global Window object
cdumez@apple.com [Thu, 28 Jan 2016 06:23:57 +0000 (06:23 +0000)]
Expose ValidityState on the global Window object
https://bugs.webkit.org/show_bug.cgi?id=153582

Reviewed by Antti Koivisto.

LayoutTests/imported/w3c:

Rebaseline W3C html test now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Expose ValidityState on the global Window object:
https://html.spec.whatwg.org/#validitystate

Firefox and Chrome match the specification.

No new tests, already covered by existing tests.

* html/ValidityState.idl:

LayoutTests:

Rebaseline test now that ValidityState is exposed on the global Window
object.

* js/dom/global-constructors-attributes-expected.txt:
* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195731 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Don't show hand cursor for edited attribute
nvasilyev@apple.com [Thu, 28 Jan 2016 06:00:37 +0000 (06:00 +0000)]
Web Inspector: Don't show hand cursor for edited attribute
https://bugs.webkit.org/show_bug.cgi?id=152211
<rdar://problem/23870523>

Reviewed by Joseph Pecoraro.

* UserInterface/Views/Editing.css:
(.editing, .editing *):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExpose ApplicationCache on the global Window object
cdumez@apple.com [Thu, 28 Jan 2016 05:33:22 +0000 (05:33 +0000)]
Expose ApplicationCache on the global Window object
https://bugs.webkit.org/show_bug.cgi?id=153578

Reviewed by Antti Koivisto.

LayoutTests/imported/w3c:

Rebaseline W3C HTML test now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Expose ApplicationCache on the global Window object as per:
https://html.spec.whatwg.org/#the-storage-interface

Chrome follows the spec.

No new tests, already covered by existing test.

* loader/appcache/DOMApplicationCache.idl:

LayoutTests:

Rebaseline test now that ApplicationCache is exposed on the global
Window object.

* js/dom/global-constructors-attributes-expected.txt:
* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195729 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoB3 IntRange analysis should know more about shifting
fpizlo@apple.com [Thu, 28 Jan 2016 05:21:57 +0000 (05:21 +0000)]
B3 IntRange analysis should know more about shifting
https://bugs.webkit.org/show_bug.cgi?id=153568

Reviewed by Benjamin Poulain.

This teaches the IntRange analysis that the result of a right shift is usually better than
the worst-case mask based on the shift amount. In fact, you can reach useful conclusions
from looking at the IntRange of the input. This helps because Octane/crypto does something
like:

    CheckMul((@x & $268435455) >> 14, @y >> 14, ...)

If you consider just the shifts, then this may overflow. But if you consider that @x is
first masked, then the IntRange coming out of the first shift is tight enough to prove that
the CheckMul cannot overflow.

* b3/B3ReduceStrength.cpp:
* b3/testb3.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r190430): Assertion failure in Text::~Text()
rniwa@webkit.org [Thu, 28 Jan 2016 04:42:36 +0000 (04:42 +0000)]
REGRESSION(r190430): Assertion failure in Text::~Text()
https://bugs.webkit.org/show_bug.cgi?id=153577

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by destroyRenderTreeIfNeeded exiting early on all HTMLSlotElement as it lacks a render object.
Fixed it by explicitly avoiding the early return when child is a HTMLSlotElement.

Test: fast/shadow-dom/slot-removal-crash-2.html

* dom/ContainerNode.cpp:
(WebCore::destroyRenderTreeIfNeeded):

LayoutTests:

Added a regression test. The test hits an assertion in debug build without the fix.

* fast/shadow-dom/slot-removal-crash-2-expected.txt: Added.
* fast/shadow-dom/slot-removal-crash-2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195727 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix build.
andersca@apple.com [Thu, 28 Jan 2016 03:33:27 +0000 (03:33 +0000)]
Fix build.

* Configurations/WebKit.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195726 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Remove unused accessibility related code
k.czech@samsung.com [Thu, 28 Jan 2016 02:28:03 +0000 (02:28 +0000)]
[EFL] Remove unused accessibility related code
https://bugs.webkit.org/show_bug.cgi?id=153543

Reviewed by Darin Adler.

Source/WebKit2:

Do not need to load external library to expose WebKit's
accessibility tree. There have been changes in EFL/Elementary
in terms of support of accessibility and we should follow those.

* WebProcess/efl/WebProcessMainEfl.cpp:
(eailLibraryPath): Deleted.
(eail): Deleted.

Tools:

Removed reference to EAIL library.
It not going to be support anymore. There have been changes in
EFL/Elementary in terms of the accessibility and we should
follow those.

* efl/jhbuild-optional.modules:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195725 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGarbage is displayed when root svg element has mix-blend-mode set
commit-queue@webkit.org [Thu, 28 Jan 2016 02:21:25 +0000 (02:21 +0000)]
Garbage is displayed when root svg element has mix-blend-mode set
https://bugs.webkit.org/show_bug.cgi?id=150556

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-01-27
Reviewed by Darin Adler.

Source/WebCore:

This bug happens when compositing on a CALayer and drawing on a transparent
layer, so it happens with WK2 with <svg style="mix-blend-mode...">. And it
can happen with WK1 also with <svg style="opacity=...;mix-blend-mode...">.
But in both cases, the SVG root renderer should be the root of the render
tree. So it happens only with the stand alone SVG documents.

SVGRenderContext::prepareToRenderSVGContent() ignores the opacity of
the SVG root but it creates a transparent layer for the blend-mode.

But RenderLayer::beginTransparencyLayers() creates a transparent layer
for opacity and it sets the blend-mode also.

The fix is to begin two transparent layers for the SVG root renderer: one
for the opacity and the second for the blend-mode. The opacity transparent
layer will be still managed by RenderLayer::beginTransparencyLayers(). While
the blend-mode transparent layer will be managed by SVGRenderContext
::prepareToRenderSVGContent().

Tests: svg/css/mix-blend-mode-background-root.svg
       svg/css/mix-blend-mode-opacity-root.svg

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::beginTransparencyLayers):

LayoutTests:

Ensure blending the SVG root renderer will be displayed correctly with
compositing when the SVG root renderer is the root of the render tree.

* svg/css/mix-blend-mode-background-root-expected.svg: Added.
* svg/css/mix-blend-mode-background-root.svg: Added.
* svg/css/mix-blend-mode-opacity-root-expected.svg: Added.
* svg/css/mix-blend-mode-opacity-root.svg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCodeMirror will strip out "\r" from files with "\r\n" as newlines causing our offsets...
sbarati@apple.com [Thu, 28 Jan 2016 02:14:34 +0000 (02:14 +0000)]
CodeMirror will strip out "\r" from files with "\r\n" as newlines causing our offsets into the file to be incorrect
https://bugs.webkit.org/show_bug.cgi?id=153529
<rdar://problem/24376799>

Reviewed by Timothy Hatcher.

This problem manifested in the type token annotator inserting
tokens in the wrong places. Because our offsets are computed
based on the resource we get from backend, CodeMirror changing
the source text will cause all of our offsets to be incorrect.

* UserInterface/Views/CodeMirrorEditor.js:
(WebInspector.CodeMirrorEditor.create):
(WebInspector.CodeMirrorEditor):
* UserInterface/Views/TextEditor.js:
(WebInspector.TextEditor.set string.update):
(WebInspector.TextEditor.prototype.set string):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCache results of data detection in the UI process when load completes.
enrica@apple.com [Thu, 28 Jan 2016 01:36:06 +0000 (01:36 +0000)]
Cache results of data detection in the UI process when load completes.
https://bugs.webkit.org/show_bug.cgi?id=153560

Reviewed by Tim Horton.

Source/WebCore:

Adding new FrameLoaderClient method to notify that data
detection is complete and provide the results.

* loader/EmptyClients.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
* loader/FrameLoaderClient.h:

Source/WebKit/mac:

Adding empty implementation for WK1.

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::dispatchDidFinishDataDetection):

Source/WebKit2:

This patch changes when the results of data detections are sent to the
UIProcess. Before this change, they were only provided as part of
InteractionInformationAtPosition, which is populated when long press
gesture is triggered.
We need to have the results available if the client wants to allow navigation
to a data detector link, in order to allow them to retrieve the full url.
With this change, we now send the results as soon as they are computed
and keep them in the WebPageProxy object so that they can be fetched when
necessary from a WKWebView private interface.

* Shared/Cocoa/DataDetectionResult.h: Added.
* Shared/Cocoa/DataDetectionResult.mm: Added.
(WebKit::DataDetectionResult::encode):
(WebKit::DataDetectionResult::decode):
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _snapshotLayerContentsForBackForwardListItem:]):
(-[WKWebView _dataDetectionResults]):
(-[WKWebView _didRelaunchProcess]):
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::setDataDetectionResult):
(WebKit::WebPageProxy::saveRecentSearches):
* UIProcess/WebPageProxy.h:
(WebKit::WebPageProxy::websiteDataStore):
(WebKit::WebPageProxy::dataDetectionResults):
(WebKit::WebPageProxy::scrollingCoordinatorProxy):
* UIProcess/WebPageProxy.messages.in:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView ensurePositionInformationIsUpToDate:]):
(-[WKContentView _dataDetectionResults]):
(-[WKContentView gestureRecognizerShouldBegin:]):
* WebKit2.xcodeproj/project.pbxproj:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDidReceiveContentLength):
(WebKit::WebFrameLoaderClient::dispatchDidFinishDataDetection):
(WebKit::WebFrameLoaderClient::dispatchDidFinishLoading):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
(WebKit::WebPage::setDataDetectionResults):
(WebKit::WebPage::willCommitLayerTree):
* WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::shouldExtendIncrementalRenderingSuppression):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInclude the right WebKitAdditions files
andersca@apple.com [Thu, 28 Jan 2016 01:14:15 +0000 (01:14 +0000)]
Include the right WebKitAdditions files
https://bugs.webkit.org/show_bug.cgi?id=153572

Reviewed by Tim Horton.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::reattachToWebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195712 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove ContentSecurityPolicy.{cpp, h} to its own directory
dbates@webkit.org [Thu, 28 Jan 2016 01:08:03 +0000 (01:08 +0000)]
Move ContentSecurityPolicy.{cpp, h} to its own directory
https://bugs.webkit.org/show_bug.cgi?id=153527
<rdar://problem/24359892>

Reviewed by Sam Weinig.

Source/WebCore:

Move ContentSecurityPolicy.{cpp, h} from Source/WebCore/page to Source/WebCore/page/csp.
This will facilitate separating out the policy support classes (e.g. CSPDirectiveList)
into their own files to improve the hackability of this code.

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* page/csp/ContentSecurityPolicy.cpp: Renamed from Source/WebCore/page/ContentSecurityPolicy.cpp.
* page/csp/ContentSecurityPolicy.h: Renamed from Source/WebCore/page/ContentSecurityPolicy.h.

Source/WebKit2:

Add ${WEBCORE_DIR}/page/csp to the list of WebKit2 include directories.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Incorrect handling of iterating cursors to their end.
beidson@apple.com [Thu, 28 Jan 2016 00:37:00 +0000 (00:37 +0000)]
Modern IDB: Incorrect handling of iterating cursors to their end.
https://bugs.webkit.org/show_bug.cgi?id=153569

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (3 tests now pass, others are closer to passing).

* Modules/indexeddb/server/SQLiteIDBCursor.cpp:
(WebCore::IDBServer::SQLiteIDBCursor::advance):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

LayoutTests:

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195709 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLayout Test fast/forms/auto-fill-button/input-contacts-auto-fill-button.html is failing.
ryanhaddad@apple.com [Thu, 28 Jan 2016 00:32:02 +0000 (00:32 +0000)]
Layout Test fast/forms/auto-fill-button/input-contacts-auto-fill-button.html is failing.
https://bugs.webkit.org/show_bug.cgi?id=153567.

Unreviewed test gardening.

Update expected test results for ios-simulator, win, and gtk.

Patch by Zhuo Li <zachli@apple.com> on 2016-01-27

* platform/gtk/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt: Added.
* platform/ios-simulator/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt: Added.
* platform/win/fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195708 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] adjustFrameAndStackInOSRExitCompilerThunk() can trash values in FTL
commit-queue@webkit.org [Thu, 28 Jan 2016 00:29:09 +0000 (00:29 +0000)]
[JSC] adjustFrameAndStackInOSRExitCompilerThunk() can trash values in FTL
https://bugs.webkit.org/show_bug.cgi?id=153536

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-01-27
Reviewed by Saam Barati.

Workaround to get B3 working on ARM.

* dfg/DFGOSRExitCompilerCommon.h:
(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
The code was using the scratch registers in a few places.

I initially tried to make is not use scratch registers anywhere
but that looked super fragile.

Instead, I just preserve the scratch registers. That's easy and
it should be relatively cheap compared to everything done on OSR Exits.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Regression (r195303) - Changes to TreeOutline break styling of lists...
commit-queue@webkit.org [Thu, 28 Jan 2016 00:18:37 +0000 (00:18 +0000)]
Web Inspector: Regression (r195303) - Changes to TreeOutline break styling of lists in Visual sidebar
https://bugs.webkit.org/show_bug.cgi?id=153563

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-01-27
Reviewed by Timothy Hatcher.

Removed duplicate properties and used new methods of TreeOutline to achieve
the desired styling effects.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item.visual-style-font-family-list-item > .visual-style-comma-separated-keyword-item-editor):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles): Deleted.

* UserInterface/Views/VisualStyleSelectorSection.js:
(WebInspector.VisualStyleSelectorSection):

* UserInterface/Views/VisualStyleSelectorTreeItem.css:
(.item.visual-style-selector-item > .icon):
(.item.visual-style-selector-item > .titles):
(.item.visual-style-selector-item > .titles > .subtitle):
(.item.visual-style-selector-item.selected > .titles > .subtitle):
(.item.visual-style-selector-item > .titles > .subtitle::before): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Crash in AccessibilityTableColumn::headerObject
n_wang@apple.com [Thu, 28 Jan 2016 00:17:20 +0000 (00:17 +0000)]
AX: Crash in AccessibilityTableColumn::headerObject
https://bugs.webkit.org/show_bug.cgi?id=153553
<rdar://problem/23196278>

Reviewed by Chris Fleizach.

Webkit was crashing sometimes when we asked for column headers of a table.
The columns vector of the table was reset during the iteration when we
were asking for the headerObject of each column. The column's addChildren()
function calls elementRect() for each child cell and that sometimes causes
the parent table to reset its children.
Fixed it by caching the columns vector and moving out the elementRect() logic
from AccessibilityTalbeColumn::addChildren().

* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::columnHeaders):
(WebCore::AccessibilityTable::rowHeaders):
* accessibility/AccessibilityTableColumn.cpp:
(WebCore::AccessibilityTableColumn::elementRect):
(WebCore::AccessibilityTableColumn::headerObject):
(WebCore::AccessibilityTableColumn::addChildren):
* accessibility/AccessibilityTableColumn.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195705 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove WebKitSystemInterface for iOS SDK < 9
dbates@webkit.org [Thu, 28 Jan 2016 00:16:52 +0000 (00:16 +0000)]
Remove WebKitSystemInterface for iOS SDK < 9
https://bugs.webkit.org/show_bug.cgi?id=153570

Reviewed by Andy Estes.

Tools:

* Scripts/copy-webkitlibraries-to-product-directory:

WebKitLibraries:

We no longer support building for iOS < 9.

* libWebKitSystemInterfaceIOSDevice8.1.a: Removed.
* libWebKitSystemInterfaceIOSDevice8.2.a: Removed.
* libWebKitSystemInterfaceIOSDevice8.3.a: Removed.
* libWebKitSystemInterfaceIOSDevice8.4.a: Removed.
* libWebKitSystemInterfaceIOSSimulator8.1.a: Removed.
* libWebKitSystemInterfaceIOSSimulator8.2.a: Removed.
* libWebKitSystemInterfaceIOSSimulator8.3.a: Removed.
* libWebKitSystemInterfaceIOSSimulator8.4.a: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195704 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[mips] Use reinterpret_cast_ptr to suppress alignment warnings.
commit-queue@webkit.org [Wed, 27 Jan 2016 23:45:46 +0000 (23:45 +0000)]
[mips] Use reinterpret_cast_ptr to suppress alignment warnings.
https://bugs.webkit.org/show_bug.cgi?id=153424

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-01-27
Reviewed by Darin Adler.

* runtime/JSGenericTypedArrayView.h:
(JSC::JSGenericTypedArrayView::sortFloat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSettings a reflected DOMString attribute to null should set it to the "null" string...
cdumez@apple.com [Wed, 27 Jan 2016 23:42:46 +0000 (23:42 +0000)]
Settings a reflected DOMString attribute to null should set it to the "null" string rather than the empty string
https://bugs.webkit.org/show_bug.cgi?id=153504
<rdar://problem/24353072>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Settings a reflected DOMString attribute to null should set it to the "null"
string rather than the empty string:
- https://html.spec.whatwg.org/#reflecting-content-attributes-in-idl-attributes
- http://heycam.github.io/webidl/#es-DOMString
- http://people.mozilla.org/~jorendorff/es6-draft.html#sec-tostring

Firefox and Chrome match the specification here.

This is causing a lot of W3C HTML reflection tests to fail on WebKit, e.g.:
- http://w3c-test.org/html/dom/reflection-text.html

No new tests, already covered by existing tests.

* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
Call toString() instead of valueToStringWithNullCheck() for reflected
attributes. This way, null gets converted to the string "null", as
expected, instead of a null String object.

* html/HTMLInputElement.idl:
Dropping [TreatNullAs=NullString] IDL extended attribute for
input.defaultValue, as this is not present in the specification:
- https://html.spec.whatwg.org/#htmlinputelement

Without this change, assigning null to input.defaultValue would not
set to to the "null" string, as is expected.

* html/HTMLTextAreaElement.idl:
Dropping [TreatNullAs=NullString] IDL extended attribute for
textArea.defaultValue, as this is not present in the specification:
- https://html.spec.whatwg.org/#htmltextareaelement

Without this change, assigning null to textArea.defaultValue would not
set to to the "null" string, as is expected.

* html/HTMLTitleElement.idl:
Dropping [TreatNullAs=NullString] IDL extended attribute for
title.text, as this is not present in the specification:
- https://html.spec.whatwg.org/#htmltitleelement

Without this change, assigning null to title.text would not
set to to the "null" string, as is expected.

LayoutTests:

Update existing tests as a lot of them were expecting that setting
a reflected DOMString attribute to null would set it to the empty
string instead of the string "null".

* fast/dom/domstring-attribute-reflection-expected.txt:
* fast/dom/domstring-attribute-reflection.html:
* fast/dom/element-attribute-js-null-expected.txt:
* fast/dom/element-attribute-js-null.html:
* fast/dom/ping-attribute-dom-binding-expected.txt:
* fast/dom/ping-attribute-dom-binding.html:
* fast/forms/fieldset/fieldset-name-expected.txt:
* fast/forms/fieldset/fieldset-name.html:
* fast/forms/input-minmax-expected.txt:
* fast/forms/input-minmax.html:
* fast/forms/input-pattern-expected.txt:
* fast/forms/input-pattern.html:
* fast/forms/submit-form-attributes-expected.txt:
* fast/forms/submit-form-attributes.html:
* fast/shadow-dom/HTMLSlotElement-interface.html:
* fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html:
* fast/shadow-dom/shadow-layout-after-slot-changes.html:
* svg/dom/svg-element-attribute-js-null-expected.txt:
* svg/dom/svg-element-attribute-js-null.xhtml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSupport CSS3 Images values for the image-rendering property
simon.fraser@apple.com [Wed, 27 Jan 2016 23:31:38 +0000 (23:31 +0000)]
Support CSS3 Images values for the image-rendering property
https://bugs.webkit.org/show_bug.cgi?id=153556

Reviewed by Dean Jackson.

Source/WebCore:

CSS3 Images has the following values for image-rendering:
    auto, crisp-edges, pixelated

The old code supported:
    optimizeSpeed, optimizeQuality, -webkit-crisp-edges, -webkit-optimize-contrast

Add support for the new values without prefixes. Map -webkit-crisp-edges to crisp-edges,
and -webkit-optimize-contrast to crisp-edges. Support pixelated which behaves like
crisp-edges (a low quality scale).

The spec says that optimizeQuality should behave like 'auto', but that would be
a behavior change since ImageQualityController::shouldPaintAtLowQuality() currently
uses it as a trigger to avoid low quality scaling, so don't change that for now.

No new tests, covered by fast/css/script-tests/image-rendering-parsing.js

* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator EImageRendering):
* css/CSSValueKeywords.in:
* rendering/ImageQualityController.cpp:
(WebCore::ImageQualityController::shouldPaintAtLowQuality):
* rendering/RenderHTMLCanvas.cpp:
(WebCore::RenderHTMLCanvas::paintReplaced):
* rendering/style/RenderStyleConstants.h:
* rendering/style/StyleRareInheritedData.h: Need another bit.

Source/WebInspectorUI:

Add "crisp-edges", "pixelated" to the suggestions for image-rendering.

* UserInterface/Models/CSSKeywordCompletions.js:

LayoutTests:

Update for new values. Add a new SVG shape-rendering test which would have
detected a bug I caused with an earlier patch.

* fast/css/image-rendering-parsing-expected.txt:
* fast/css/script-tests/image-rendering-parsing.js:
* svg/css/script-tests/shape-rendering-parsing.js: Added.
* svg/css/shape-rendering-parsing.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195699 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd WebKitAdditions extension points to WebCore, WebKit and WebKitLegacy
andersca@apple.com [Wed, 27 Jan 2016 23:12:31 +0000 (23:12 +0000)]
Add WebKitAdditions extension points to WebCore, WebKit and WebKitLegacy
https://bugs.webkit.org/show_bug.cgi?id=153550

Reviewed by Sam Weinig.

Source/WebCore:

* DerivedSources.make:
Add the ability for WebKitAdditions to add events and event targets.

* WebCore.xcodeproj/project.pbxproj:
Add new files.

* bindings/scripts/InFilesCompiler.pm:
(initializeFromCommandLine):
(compile):
Handle multiple --input parameters.

* dom/EventNames.h:
Handle adding more event names.

* loader/EmptyClients.cpp:
(WebCore::fillWithEmptyClients):
* page/MainFrame.cpp:
(WebCore::MainFrame::MainFrame):
* page/MainFrame.h:
* page/PageConfiguration.h:
Add extension points.

* platform/cocoa/WebKitAdditions.mm: Added.
Import additions.

Source/WebKit:

* WebKit.xcodeproj/project.pbxproj:
Add new files.

Source/WebKit/mac:

* Configurations/WebKitLegacy.xcconfig:
Add WKA header search paths.

* WebKitAdditions.mm: Added.
Add addition files.

* WebView/WebView.mm:
(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):
Add extension points.

Source/WebKit2:

* DerivedSources.make:
Add the ability for WebKitAdditions to add new message receivers.

* Shared/Cocoa/WebKitAdditions.mm: Added.
Add addition files.

* Shared/WebCoreArgumentCoders.h:
Add extension points.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::reattachToWebProcess):
(WebKit::WebPageProxy::resetState):
Add extension points.

* UIProcess/WebPageProxy.h:
Add extension points.

* WebKit2.xcodeproj/project.pbxproj:
Add new files.

* WebProcess/WebPage/WebPage.cpp:
Add extension points.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195698 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Fix many Index tests.
beidson@apple.com [Wed, 27 Jan 2016 23:03:28 +0000 (23:03 +0000)]
Modern IDB: Fix many Index tests.
https://bugs.webkit.org/show_bug.cgi?id=153561

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Many failing tests now pass).

* Modules/indexeddb/server/MemoryIndex.cpp:
(WebCore::IDBServer::MemoryIndex::getResultForKeyRange):

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):

* Modules/indexeddb/server/SQLiteIDBCursor.h:
(WebCore::IDBServer::SQLiteIDBCursor::didComplete):

LayoutTests:

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195697 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Cursors are utterly broken in the SQLite backend.
beidson@apple.com [Wed, 27 Jan 2016 22:57:10 +0000 (22:57 +0000)]
Modern IDB: Cursors are utterly broken in the SQLite backend.
https://bugs.webkit.org/show_bug.cgi?id=153558

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (35 failures now pass, others improve).

- Fixes incorrect usage of Index cursors when ObjectStore cursors are intended.
- Improves the state of getting the cursor value vs. reaching the end of a cursor.

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::openCursor):
(WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):

* Modules/indexeddb/server/SQLiteIDBCursor.cpp:
(WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
(WebCore::IDBServer::SQLiteIDBCursor::currentData):
* Modules/indexeddb/server/SQLiteIDBCursor.h:

LayoutTests:

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195696 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGetting / Setting property on prototype object must throw TypeError
cdumez@apple.com [Wed, 27 Jan 2016 22:40:52 +0000 (22:40 +0000)]
Getting / Setting property on prototype object must throw TypeError
https://bugs.webkit.org/show_bug.cgi?id=153547
<rdar://problem/24370650>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

* web-platform-tests/XMLHttpRequest/interfaces-expected.txt:
* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Gettingi / Setting property on prototype object must throw TypeError as per
Web IDL specification:
http://heycam.github.io/webidl/#dfn-attribute-getter (Step 2.4.2)
http://heycam.github.io/webidl/#dfn-attribute-setter (Step 3.5)

Firefox and Chrome already throw a TypeError in this case, as per
the specification. However, WebKit was returning null and merely
logging a deprecation error message. This patch aligns our behavior
with other browsers and the specification.

This patch also adds support for the [LenientThis] IDL extended
attribute:
http://heycam.github.io/webidl/#LenientThis

For [LenientThis] attributes, we do not throw a TypeError if the
attribute getter / setter is called on an object which does not
implement the expected interface, as per:
http://heycam.github.io/webidl/#dfn-attribute-getter (Step 2.4.1)
http://heycam.github.io/webidl/#dfn-attribute-setter (Step 3.5)

No new tests, already covered by existing tests.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/IDLAttributes.txt:
Add support for [LenientThis]:
http://heycam.github.io/webidl/#LenientThis

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSattribute.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
Rebaseline bindings tests.

* bindings/scripts/test/TestObj.idl:
Add coverage for [LenientThis] attributes.

* dom/Document.idl:
Mark 'onreadystatechange' as [LenientThis] as per the HTML
specification:
https://html.spec.whatwg.org/#document

* dom/GlobalEventHandlers.idl:
Mark 'onmouseeneter' / 'onmouseleave' as [LenientThis] as per the
HTML specification:
https://html.spec.whatwg.org/#globaleventhandlers

LayoutTests:

Update a few layout tests that were expecting getting a property on
the prototype object to return undefined instead of throwing.

* js/dom/dom-as-prototype-assignment-exception-expected.txt:
* js/dom/dom-attributes-on-mismatch-type-expected.txt:
* js/dom/dom-attributes-on-mismatch-type.html:
* js/dom/script-tests/dom-as-prototype-assignment-exception.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195695 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agowindow.atob() should ignore spaces in input
cdumez@apple.com [Wed, 27 Jan 2016 22:37:48 +0000 (22:37 +0000)]
window.atob() should ignore spaces in input
https://bugs.webkit.org/show_bug.cgi?id=153522
<rdar://problem/24357822>

Reviewed by Benjamin Poulain.

Source/WebCore:

window.atob() should ignore spaces in input as per:
- https://html.spec.whatwg.org/#dom-windowbase64-atob (Step 3)

Previously, WebKit would throw an exception and it was the only browser
to do so. Firefox and Chrome behavior according to the specification.

This was causing us to fail 10 checks in the following W3C HTML test:
http://w3c-test.org/html/webappapis/atob/base64.html

No new tests, updated existing test.

* page/DOMWindow.cpp:
(WebCore::DOMWindow::atob):
* page/Page.cpp:
(WebCore::Page::userStyleSheetLocationChanged):
* platform/network/DataURL.cpp:
(WebCore::handleDataURL):
* platform/network/DataURLDecoder.cpp:
(WebCore::DataURLDecoder::decodeBase64):

Source/WebKit/mac:

* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorFrontendClient::save):

Source/WebKit2:

* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::platformSave):

Source/WTF:

Turn Base64DecodePolicy enum into flags so that the caller can indicate
to both validate padding AND ignore spaces.

Also make sure that the output Vector size is properly shrunk when
spaces are ignored.

* wtf/text/Base64.cpp:
(WTF::base64DecodeInternal):
(WTF::base64Decode):
(WTF::base64URLDecode):
* wtf/text/Base64.h:

LayoutTests:

Update window.atob() test to cover cases with spaces in
input.

* fast/dom/Window/atob-btoa-expected.txt:
* fast/dom/Window/atob-btoa.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195694 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove some logic related to the presentation mode button from mediaControlsiOS.js...
adachan@apple.com [Wed, 27 Jan 2016 22:31:17 +0000 (22:31 +0000)]
Move some logic related to the presentation mode button from mediaControlsiOS.js to mediaControlsApple.js
https://bugs.webkit.org/show_bug.cgi?id=153476

Reviewed by Eric Carlson.

Also, add the necessary styles to support that control in mediaControlsApple.css.

* Modules/mediacontrols/mediaControlsApple.css:
(video::-webkit-media-controls-panel.picture-in-picture):
(audio::-webkit-media-controls-wireless-playback-status.picture-in-picture):
(audio::-webkit-media-controls-wireless-playback-text-top.picture-in-picture):
(audio::-webkit-media-controls-wireless-playback-text-bottom.picture-in-picture):
(video::-webkit-media-controls-panel .picture-in-picture-button):
Use the same mask image as iOS, but with a different size and a background color specified
(since there's another rule that makes buttons within the panel have a transparent
background color).
(video::-webkit-media-controls-panel .picture-in-picture-button.return-from-picture-in-picture):

* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.addVideoListeners):
(Controller.prototype.removeVideoListeners):
Listen for (and stop listening for) the webkitpresentationmodechanged event if presentation
mode is supported for this video element.
(Controller.prototype.createControls):
Add a class name to the pictureInPictureButton so we can query for it in the stylesheet.
(Controller.prototype.configureInlineControls):
Call updatePictureInPictureButton().
(Controller.prototype.presentationMode):
Moved from mediaControlsiOS.js.
(Controller.prototype.isFullScreen):
Ditto, with a bug fix to not call presentationMode(), since that method calls isFullScreen(),
resulting in infinite recursion.
(Controller.prototype.updatePictureInPictureButton):
Ditto.
(Controller.prototype.handlePresentationModeChange):
Ditto.
(Controller.prototype.handleFullscreenChange):
Call handlePresentationModeChanged() if presentation mode is supported for this video element.
(Controller.prototype.controlsAlwaysVisible):
Ditto.
(Controller.prototype.handlePictureInPictureButtonClicked):
Ditto.
* Modules/mediacontrols/mediaControlsiOS.js:
(ControllerIOS.prototype.handlePresentationModeChange):
Most logic has been moved to the same method in mediaControlsApple.js, except
updating the style of the panelContainer, which doesn't exist in the Mac controls.
(ControllerIOS.prototype.addVideoListeners): Deleted.
(ControllerIOS.prototype.removeVideoListeners): Deleted.
(ControllerIOS.prototype.presentationMode): Deleted.
(ControllerIOS.prototype.isFullScreen): Deleted.
(ControllerIOS.prototype.handlePictureInPictureButtonClicked): Deleted.
(ControllerIOS.prototype.updatePictureInPictureButton): Deleted.
(ControllerIOS.prototype.handleFullscreenChange): Deleted.
(ControllerIOS.prototype.controlsAlwaysVisible): Deleted.
Delete all code that's already handled in the Controller.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195693 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEnable API related to the video fullscreen layer in MediaPlayerPrivateMediaSourceAVFObjC
adachan@apple.com [Wed, 27 Jan 2016 22:23:36 +0000 (22:23 +0000)]
Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaSourceAVFObjC
also on Mac platform with video presentation mode support.
https://bugs.webkit.org/show_bug.cgi?id=153223

Reviewed by Jer Noble.

Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
layer and the inline layer depending on the current presentation mode.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC):
Create m_videoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::platformLayer):
Return the video inline layer from the VideoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer):
Call VideoFullscreenLayerManager::setVideoLayer() with the m_sampleBufferDisplayLayer.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer):
Call VideoFullscreenLayerManager::didDestroyVideoLayer().
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenFrame):
Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[FTL][Win64] Compile fix.
peavo@outlook.com [Wed, 27 Jan 2016 22:08:20 +0000 (22:08 +0000)]
[FTL][Win64] Compile fix.
https://bugs.webkit.org/show_bug.cgi?id=153555

Reviewed by Alex Christensen.

MSVC does not accept preprocessor conditionals in macros.

* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195691 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix bugs caused by incorrect usage of "branch" vs. "branchName". https://bugs.webkit...
jmarcell@apple.com [Wed, 27 Jan 2016 22:04:58 +0000 (22:04 +0000)]
Fix bugs caused by incorrect usage of "branch" vs. "branchName". https://bugs.webkit.org/show_bug.cgi?id=153330

Reviewed by Daniel Bates.

In an earlier patch we started using the name "branch" to indicate a branch object, whereas
"branchName" implies that the variable or property in question is simply a string. We fixed some
inconsistencies regarding this issue in 152982 but further bugs and inconsistencies were recently
spotted in BuildbotQueueView.js.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueueView.js:
(BuildbotQueueView.prototype._popoverLinesForCommitRange): Change branchName to branch in method signature.
Changed branchName to branch.name in call to commitsOnBranch.
(BuildbotQueueView.prototype._presentPopoverForPendingCommits): Change branch.name to branch in call to
_popoverLinesForCommitRange.
(BuildbotQueueView.prototype._presentPopoverForRevisionRange): Changed context.branchName to context.branch.name.
(BuildbotQueueView.prototype._revisionContentWithPopoverForIteration): Changed branch.name to branch.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js: Added tests to verify
fix.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195690 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: SQLite backend doesn't update index records as object records are added.
beidson@apple.com [Wed, 27 Jan 2016 21:57:22 +0000 (21:57 +0000)]
Modern IDB: SQLite backend doesn't update index records as object records are added.
https://bugs.webkit.org/show_bug.cgi?id=153548

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (4 more tests pass, others improve).

* Modules/indexeddb/server/IDBBackingStore.h:

* Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
(WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
* Modules/indexeddb/server/MemoryIDBBackingStore.h:

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::initializeVM):
(WebCore::IDBServer::SQLiteIDBBackingStore::vm):
(WebCore::IDBServer::SQLiteIDBBackingStore::globalObject):
(WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
(WebCore::IDBServer::SQLiteIDBBackingStore::updateIndexesForAddRecord):
(WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):

* Modules/indexeddb/shared/IDBObjectStoreInfo.h:

LayoutTests:

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195689 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLayoutTest fast/loader/stateobjects/replacestate-frequency-iframe.html is flaky on...
beidson@apple.com [Wed, 27 Jan 2016 20:47:44 +0000 (20:47 +0000)]
LayoutTest fast/loader/stateobjects/replacestate-frequency-iframe.html is flaky on El Cap, always times out on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=153551

Unreviewed.

The iframe file name is "replacestate-iframe.html", but the main frame src refers to "replaceState-iframe.html"

Notice the case difference on the 'S'.

Apparently some of our bots have case sensitive filesystems, and others do not.

* fast/loader/stateobjects/replacestate-frequency-iframe.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195688 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNoticed while exploring:
beidson@apple.com [Wed, 27 Jan 2016 20:37:18 +0000 (20:37 +0000)]
Noticed while exploring:
LayoutTest fast/loader/stateobjects/replacestate-frequency-iframe.html is flaky on El Cap, always times out on Yosemite.
https://bugs.webkit.org/show_bug.cgi?id=153551

Unreviewed gardening.

Probably won't fix anything, but hey, let's try.

* fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt:
* fast/loader/stateobjects/replacestate-frequency-iframe.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd API to access closed shadowRoot in InjectedBundle
rniwa@webkit.org [Wed, 27 Jan 2016 20:29:30 +0000 (20:29 +0000)]
Add API to access closed shadowRoot in InjectedBundle
https://bugs.webkit.org/show_bug.cgi?id=153533

Reviewed by Antti Koivisto.

Source/WebCore:

Always return the shadow root in Element.shadowRootForBindings when the DOM wrapper world has
shadowRootIsAlwaysOpen set to true. Also renamed bindingShadowRoot to shadowRootForBindings
to be consistent.

* bindings/js/DOMWrapperWorld.h:
(WebCore::DOMWrapperWorld::setShadowRootIsAlwaysOpen): Added.
(WebCore::DOMWrapperWorld::shadowRootIsAlwaysOpen): Added.
* dom/Element.cpp:
(WebCore::Element::shadowRootForBindings): Renamed from bindingShadowRoot.
* dom/Element.h:
* dom/Element.idl:

Source/WebKit2:

Added WKBundleScriptWorldMakeAllShadowRootsOpen to make all shadow roots open.
This is needed to keep supporting certain browser-level features such as autofill.

* WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.cpp:
(WKBundleScriptWorldMakeAllShadowRootsOpen): Added.
* WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.h:
* WebProcess/InjectedBundle/InjectedBundleScriptWorld.cpp:
(WebKit::InjectedBundleScriptWorld::makeAllShadowRootsOpen): Added.
* WebProcess/InjectedBundle/InjectedBundleScriptWorld.h:

Tools:

Added WebKit2 API test for WKBundleScriptWorldMakeAllShadowRootsOpen.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2/InjectedBundleMakeAllShadowRootsOpen.cpp: Added.
(TestWebKitAPI::runJavaScriptAlert):
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKit2/InjectedBundleMakrAllShadowRootOpen_Bundle.cpp: Added.
(TestWebKitAPI::InjectedBundleMakrAllShadowRootOpenTest::InjectedBundleMakrAllShadowRootOpenTest):
(TestWebKitAPI::InjectedBundleMakrAllShadowRootOpenTest::initialize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195686 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNeed ability to specify alternate image for AutoFill button in input fields.
commit-queue@webkit.org [Wed, 27 Jan 2016 20:24:37 +0000 (20:24 +0000)]
Need ability to specify alternate image for AutoFill button in input fields.
https://bugs.webkit.org/show_bug.cgi?id=153116.
rdar://problem/23384854.

Patch by Zhuo Li <zachli@apple.com> on 2016-01-27
Reviewed by Darin Adler.

Source/WebCore:

Add a new AutoFill button that can be shown in <input> elements.

Tests: fast/forms/auto-fill-button/input-contacts-auto-fill-button.html
       fast/forms/auto-fill-button/show-correct-auto-fill-button-when-auto-fill-button-type-changes.html

* css/html.css:
(input::-webkit-contacts-auto-fill-button):
(input::-webkit-contacts-auto-fill-button:hover):
(input::-webkit-contacts-auto-fill-button:active):
Add default style rules for the Contacts AutoFill button based on the ones used for
Manual AutoFill button.

* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setShowAutoFillButton):
* html/HTMLInputElement.h:
(WebCore::HTMLInputElement::autoFillButtonType):
- Replace the boolean parameter with a new parameter to specify the type of the AutoFill button.
- Declare a private variable to keep a record of the type of the current AutoFill
button.
(WebCore::HTMLInputElement::showAutoFillButton): Deleted.

* html/HTMLTextFormControlElement.h:
Declare enum for AutoFill button type.

* html/TextFieldInputType.cpp:
(WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
(WebCore::isAutoFillButtonTypeChanged):
(WebCore::TextFieldInputType::shouldDrawAutoFillButton): None means the AutoFill button is not
enabled.
(WebCore::TextFieldInputType::createAutoFillButton): Only create the AutoFill button
if the type is expected.
(WebCore::TextFieldInputType::updateAutoFillButton):
Handle the case where AutoFill button type changes in the text field.
* html/TextFieldInputType.h:

* testing/Internals.cpp:
(WebCore::stringToAutoFillButtonType): Convert the string to AutoFill button type.
(WebCore::Internals::setShowAutoFillButton): Add a new parameter to specify the type of the AutoFill button.
* testing/Internals.h: Ditto.
* testing/Internals.idl: Ditto.

Source/WebKit2:

* WebProcess/InjectedBundle/API/c/WKBundleNodeHandle.cpp:
(toAutoFillButtonType): Convert the WebKit AutoFill button type enum to WebCore AutoFill button
type enum.
(WKBundleNodeHandleSetHTMLInputElementAutoFillButtonEnabledWithButtonType): Added to be able to specify
what the AutoFill button type is. None means the AutoFill button is not shown.
(WKBundleNodeHandleSetHTMLInputElementAutoFillButtonEnabled): Deprecate this method.
* WebProcess/InjectedBundle/API/c/WKBundleNodeHandlePrivate.h: Declare an AutoFill button type enum.
* WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp:
(WebKit::InjectedBundleNodeHandle::isHTMLInputElementAutoFillButtonEnabled): None means the AutoFill button is not enabled.
(WebKit::InjectedBundleNodeHandle::setHTMLInputElementAutoFillButtonEnabledWithButtonType): Use the new parameter to specify
what the AutoFill button type is.
* WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.h: Ditto.

LayoutTests:

* fast/forms/auto-fill-button/hide-auto-fill-button-when-input-becomes-disabled.html: The test API has
another parameter to specify what type the AutoFill button is.
* fast/forms/auto-fill-button/hide-auto-fill-button-when-input-becomes-readonly.html: Ditto.
* fast/forms/auto-fill-button/input-contacts-auto-fill-button-expected.txt: Added.
* fast/forms/auto-fill-button/input-contacts-auto-fill-button.html: Added.
* fast/forms/auto-fill-button/input-auto-fill-button.html: Ditto.
* fast/forms/auto-fill-button/input-disabled-auto-fill-button.html: Ditto.
* fast/forms/auto-fill-button/input-readonly-non-empty-auto-fill-button.html: Ditto.
* fast/forms/auto-fill-button/mouse-down-input-mouse-release-auto-fill-button.html: Ditto.
* fast/forms/auto-fill-button/show-correct-auto-fill-button-when-auto-fill-button-type-changes-expected.html: Added.
* fast/forms/auto-fill-button/show-correct-auto-fill-button-when-auto-fill-button-type-changes.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Clean build fix after r195680.
achristensen@apple.com [Wed, 27 Jan 2016 20:12:15 +0000 (20:12 +0000)]
[Win] Clean build fix after r195680.

* PlatformWin.cmake:
Use the post build command for the post build event.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195684 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAir::TmpWidth uses a stale pointer into its HashMap after it calls add()
fpizlo@apple.com [Wed, 27 Jan 2016 20:10:55 +0000 (20:10 +0000)]
Air::TmpWidth uses a stale pointer into its HashMap after it calls add()
https://bugs.webkit.org/show_bug.cgi?id=153546

Reviewed by Saam Barati.

* b3/air/AirTmpWidth.cpp:
(JSC::B3::Air::TmpWidth::recompute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195683 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd Node.treeRoot
rniwa@webkit.org [Wed, 27 Jan 2016 20:09:50 +0000 (20:09 +0000)]
Add Node.treeRoot
https://bugs.webkit.org/show_bug.cgi?id=153537

Reviewed by Antti Koivisto.

Source/WebCore:

Exposed highestAncestor as Node.prototype.treeRoot, which was added to shadow DOM spec in
https://github.com/w3c/webcomponents/commit/6864a40fe4efa8a737e78512e3c85319ddc5bf8b

See also:
http://w3c.github.io/webcomponents/spec/shadow/#extensions-to-node-interface

Test: fast/shadow-dom/Node-interface-treeRoot.html

* dom/Node.idl:

LayoutTests:

Added a testharness.js test for Node.treeRoot. Also rebaselined a test.

* js/dom/dom-static-property-for-in-iteration-expected.txt: Rebaselined.
* fast/shadow-dom/Node-interface-treeRoot-expected.txt: Added.
* fast/shadow-dom/Node-interface-treeRoot.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195682 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename HTMLSlotElement.getDistributedNodes to getAssignedNodes
rniwa@webkit.org [Wed, 27 Jan 2016 20:08:52 +0000 (20:08 +0000)]
Rename HTMLSlotElement.getDistributedNodes to getAssignedNodes
https://bugs.webkit.org/show_bug.cgi?id=153534

Reviewed by Antti Koivisto.

Source/WebCore:

Did the rename.

* html/HTMLSlotElement.idl:

LayoutTests:

Updated the tests to refect the rename. Also added test cases after r192763
to assert we don't assign comment and processing instruction nodes to a slot.

* fast/shadow-dom/HTMLSlotElement-interface-expected.txt:
* fast/shadow-dom/HTMLSlotElement-interface.html:
* fast/shadow-dom/NonDocumentTypeChildNode-interface-assignedSlot.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195681 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix Win EWS after r195545.
achristensen@apple.com [Wed, 27 Jan 2016 20:00:17 +0000 (20:00 +0000)]
Fix Win EWS after r195545.
https://bugs.webkit.org/show_bug.cgi?id=153434

* PlatformWin.cmake:
Copy WebKit.h after building WebKitGUID, because it doesn't exist before.
This should fix EWS problems like the one seen in bug 153522.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195680 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor logic for parsing Trac revisions into its own function and add logic for...
jmarcell@apple.com [Wed, 27 Jan 2016 19:54:10 +0000 (19:54 +0000)]
Refactor logic for parsing Trac revisions into its own function and add logic for parsing git hashes.
https://bugs.webkit.org/show_bug.cgi?id=153332

Reviewed by Alexey Proskuryakov.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Trac.js:
(Trac.prototype._xmlTimelineURL): Uses new function.
(Trac.prototype._parseRevisionFromURL): Added. Pulled out logic for parsing revisions from a URL. Also added
logic for parsing git hashes.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js: Added tests for
Trac._parseRevisionFromURL.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195679 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNeed to be able to specify MIME type for <attachment> without filename or handle
timothy_horton@apple.com [Wed, 27 Jan 2016 19:11:22 +0000 (19:11 +0000)]
Need to be able to specify MIME type for <attachment> without filename or handle
https://bugs.webkit.org/show_bug.cgi?id=153552
<rdar://problem/20145857>

Reviewed by Anders Carlsson.

Tests: fast/attachment/attachment-default-icon.html
       fast/attachment/attachment-type-attribute.html

* html/HTMLAttachmentElement.cpp:
(WebCore::HTMLAttachmentElement::parseAttribute):
Invalidate attachment when 'type' attribute changes.

(WebCore::HTMLAttachmentElement::attachmentType):
* html/HTMLAttachmentElement.h:
* platform/graphics/Icon.h:
* platform/graphics/mac/IconMac.mm:
(WebCore::Icon::createIconForUTI):
(WebCore::Icon::createIconForMIMEType):
Add Icon class methods to retrieve an icon given a UTI or MIME type.

* rendering/RenderThemeMac.mm:
(WebCore::paintAttachmentIcon):
Use the 'type' attribute (a MIME type) if we have one. Otherwise,
use the filename. Lastly fall back to a plain file icon (using the root
file UTI, public.data).

* fast/attachment/attachment-default-icon-expected.html: Added.
* fast/attachment/attachment-default-icon.html: Added.
* fast/attachment/attachment-type-attribute-expected.html: Added.
* fast/attachment/attachment-type-attribute.html: Added.
Add some tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195678 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMore trying to fix the build.
mitz@apple.com [Wed, 27 Jan 2016 18:38:22 +0000 (18:38 +0000)]
More trying to fix the build.

* Configurations/WebKit.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove Mavericks from the flakiness dashboard
ap@apple.com [Wed, 27 Jan 2016 18:34:44 +0000 (18:34 +0000)]
Remove Mavericks from the flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=153521

Reviewed by Dan Bernstein.

* TestResultServer/static-dashboards/builders.jsonp:
* TestResultServer/static-dashboards/flakiness_dashboard.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195676 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove ENABLE_CURRENTSRC
ap@apple.com [Wed, 27 Jan 2016 18:24:33 +0000 (18:24 +0000)]
Remove ENABLE_CURRENTSRC
https://bugs.webkit.org/show_bug.cgi?id=153545

Reviewed by Simon Fraser.

.:

* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/OptionsMac.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/tools/vsprops/FeatureDefines.props:
* Source/cmake/tools/vsprops/FeatureDefinesCairo.props:

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

* wtf/FeatureDefines.h:

Tools:

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195675 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTry to fix the build.
weinig@apple.com [Wed, 27 Jan 2016 18:23:03 +0000 (18:23 +0000)]
Try to fix the build.

* Configurations/WebKit.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195674 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStop echoing echo commands to stdout
andersca@apple.com [Wed, 27 Jan 2016 16:57:31 +0000 (16:57 +0000)]
Stop echoing echo commands to stdout
https://bugs.webkit.org/show_bug.cgi?id=153531

Reviewed by Csaba Osztrogon√°c.

* DerivedSources.make:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195673 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Problem running promises code in workers
youenn.fablet@crf.canon.fr [Wed, 27 Jan 2016 15:35:58 +0000 (15:35 +0000)]
[GTK] Problem running promises code in workers
https://bugs.webkit.org/show_bug.cgi?id=152340

Reviewed by Carlos Garcia Campos.

Test file that creates two testharness promise tests. Each test creates 10000 promises, pushes them into an
array and vends them in a timeout.

* js/promises-tests/promises-in-workers-expected.txt: Added.
* js/promises-tests/promises-in-workers.html: Added.
* js/promises-tests/promises-in-workers.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195672 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCalling video.controls=true during a scrub operation cancels scrub.
jer.noble@apple.com [Wed, 27 Jan 2016 15:20:03 +0000 (15:20 +0000)]
Calling video.controls=true during a scrub operation cancels scrub.
https://bugs.webkit.org/show_bug.cgi?id=153494

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/media-controls-drag-timeline-set-controls-property.html

Verify that the video.controls attribute actually changed before tearing down and
re-adding the media controls to the Shadow DOM.

* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.handleControlsChange):
(Controller.prototype.hasControls):

LayoutTests:

* media/media-controls-drag-timeline-set-controls-property-expected.txt: Added.
* media/media-controls-drag-timeline-set-controls-property.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195671 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK][EFL] Rename ScrollAnimationNone as ScrollAnimationSmooth
carlosgc@webkit.org [Wed, 27 Jan 2016 10:32:59 +0000 (10:32 +0000)]
[GTK][EFL] Rename ScrollAnimationNone as ScrollAnimationSmooth
https://bugs.webkit.org/show_bug.cgi?id=153481

Reviewed by Simon Fraser.

ScrollAnimationNone has always been used by EFL and GTK ports to
implement smooth scrolling. I think it should be possible for
other scroll animators to implement smooth scrolling or even
implement other kind of scroll animations. For example, in the
future I would like to have kinetic scrolling implemented for the
GTK+ port to match all other GTK+ application and decide at
runtime between different animations without having to use a
different scroll animator class. So, this patch also moves the
smooth scrolling animation implementation to its own class
ScrollAnimationSmooth that impements an interface ScrollAnimation
that could be used to implement other animations. This will allow
the GTK+ port to add its own scroll animator class and still
support smooth scrolling sharing the code with the
ScrollAnimationSmooth.

* PlatformEfl.cmake: Add new files to compilation and remove ScrollAnimationNone.
* PlatformGTK.cmake: Ditto.
* platform/ScrollAnimation.h: Added.
(WebCore::ScrollAnimation::serviceAnimation):
(WebCore::ScrollAnimation::ScrollAnimation):
* platform/ScrollAnimationSmooth.cpp: Added.
(WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
(WebCore::ScrollAnimationSmooth::scroll):
(WebCore::ScrollAnimationSmooth::stop):
(WebCore::ScrollAnimationSmooth::updateVisibleLengths):
(WebCore::ScrollAnimationSmooth::setCurrentPosition):
(WebCore::ScrollAnimationSmooth::serviceAnimation):
(WebCore::ScrollAnimationSmooth::~ScrollAnimationSmooth):
(WebCore::curveAt):
(WebCore::attackCurve):
(WebCore::releaseCurve):
(WebCore::coastCurve):
(WebCore::curveIntegralAt):
(WebCore::attackArea):
(WebCore::releaseArea):
(WebCore::getAnimationParametersForGranularity):
(WebCore::ScrollAnimationSmooth::updatePerAxisData):
(WebCore::ScrollAnimationSmooth::animateScroll):
(WebCore::ScrollAnimationSmooth::animationTimerFired):
(WebCore::ScrollAnimationSmooth::startNextTimer):
(WebCore::ScrollAnimationSmooth::animationTimerActive):
* platform/ScrollAnimationSmooth.h: Added.
* platform/ScrollAnimator.cpp:
(WebCore::ScrollAnimator::scroll):
(WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation):
(WebCore::ScrollAnimator::setCurrentPosition):
(WebCore::ScrollAnimator::updateActiveScrollSnapIndexForOffset):
(WebCore::ScrollAnimator::notifyPositionChanged):
(WebCore::ScrollAnimator::scrollOffsetOnAxis):
* platform/ScrollAnimator.h:
(WebCore::ScrollAnimator::ScrollAnimator::currentPosition):
* platform/ScrollAnimatorNone.cpp: Removed.
* platform/ScrollAnimatorNone.h: Removed.
* platform/ScrollAnimatorSmooth.cpp: Added.
(WebCore::ScrollAnimator::create):
(WebCore::ScrollAnimatorSmooth::ScrollAnimatorSmooth):
(WebCore::ScrollAnimatorSmooth::~ScrollAnimatorSmooth):
(WebCore::ScrollAnimatorSmooth::scroll):
(WebCore::ScrollAnimatorSmooth::scrollToOffsetWithoutAnimation):
(WebCore::ScrollAnimatorSmooth::cancelAnimations):
(WebCore::ScrollAnimatorSmooth::serviceScrollAnimations):
(WebCore::ScrollAnimatorSmooth::willEndLiveResize):
(WebCore::ScrollAnimatorSmooth::didAddVerticalScrollbar):
(WebCore::ScrollAnimatorSmooth::didAddHorizontalScrollbar):
* platform/ScrollAnimatorSmooth.h: Added.
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::immediateScrollToPosition):
(WebCore::ScrollAnimatorMac::immediateScrollBy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195661 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOverlay scrollbars should always use the whole contents
carlosgc@webkit.org [Wed, 27 Jan 2016 10:28:49 +0000 (10:28 +0000)]
Overlay scrollbars should always use the whole contents
https://bugs.webkit.org/show_bug.cgi?id=153352

Reviewed by Michael Catanzaro.

In case of having both horizontal and vertical scrollbars, the
scrollbars respect the scroll corner. That looks good for legacy
scrollbars that show the track, but with the overlay indicators
it looks weird that the indicator stops so early before the end of
the contents, giving the impression that there's something else to
scroll. This happens because the scroll corner is transparent, so
it's not obvious that's the scroll corner. It also happens with
the text areas having a resizer. Legacy scrollbars take into
account the resizer, which is good, but I expect overlay
scrollbars to be rendered also over the resizer. The resizer takes
precedence so you can still click and drag to resize the text area.
In the case of main frame scrollbars we are indeed returning an
empty rectangle from ScrollView::scrollCornerRect() when using
overlay scrollbars, but when calculating the size of the
scrollbars we are using the actual width/height instead of the
occupied with/height. For other scrollbars
RenderLayer::scrollCornerRect() is not checking whether scrollbars
are overlay or not and we are always returning a scroll corner
rectangle when scrollbars are present.

* platform/ScrollView.cpp:
(WebCore::ScrollView::updateScrollbars): Use the occupied
width/height when calculating the space the one scrollbar
should leave for the other.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollCornerRect): Return an empty
rectangle when using overlay scrollbars.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195660 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoScrollAnimator is not notified when mouse entered, moved or exited a RenderListBox
carlosgc@webkit.org [Wed, 27 Jan 2016 10:24:57 +0000 (10:24 +0000)]
ScrollAnimator is not notified when mouse entered, moved or exited a RenderListBox
https://bugs.webkit.org/show_bug.cgi?id=153398

Reviewed by Michael Catanzaro.

EvenHandler is checking whether the enclosing layer of a node is
registered as scrollable area of its frame view. That doesn't work
for list boxes, because they are the scrollable area
themselves. Also when entering a list box the node under mouse is
not usually the list box itself, but any of its children, a
HTMLOptionElement or a HTMLOptGroupElement. Instead of comparing
layers, we should find the enclosing scrollable area of the target
elements and compare them to decide whether the mouse has entered,
left or moved a scrollable area.

* page/EventHandler.cpp:
(WebCore::enclosingScrollableArea): Return the enclosing
scrollable area of the given node. If the node doesn't have a
renderer, it traverses its parents. If the renderer is a
RenderListBox it is returned, otherwhise the enclosing layer is
returned.
(WebCore::EventHandler::mouseMoved): Use enclosingScrollableArea.
(WebCore::EventHandler::updateMouseEventTargetNode): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195659 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSort incoming commits via date instead of revision number.
jmarcell@apple.com [Wed, 27 Jan 2016 07:43:50 +0000 (07:43 +0000)]
Sort incoming commits via date instead of revision number.
https://bugs.webkit.org/show_bug.cgi?id=153467

Reviewed by Alexey Proskuryakov.

Future Trac instances may use Git or other revision control systems where we cannnot rely on the revision number
for sorting revisions. Instead we use the commit date to sort revisions chronologically.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Trac.js:
(Trac.prototype._loaded): Sort via date instead of revision number.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/MockTrac.js:
(MockTrac): Fix up the mock data to look more like real-world data.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/test-fixture-trac-rss.xml: Added.
Fake RSS feed that adds three more commits.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/tests.js: Added unit tests to test
Trac._loaded().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195658 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to force a rebuild.
weinig@apple.com [Wed, 27 Jan 2016 07:13:31 +0000 (07:13 +0000)]
Attempt to force a rebuild.

* DerivedSources.make:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195657 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTry touching DerivedSources.make to force rebuilding.
weinig@apple.com [Wed, 27 Jan 2016 06:39:25 +0000 (06:39 +0000)]
Try touching DerivedSources.make to force rebuilding.

* DerivedSources.make:
* page/DOMWindow.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195656 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTry to force a rebuild.
weinig@apple.com [Wed, 27 Jan 2016 06:27:03 +0000 (06:27 +0000)]
Try to force a rebuild.

* page/DOMWindow.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195655 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] When lowering B3 to Air, preferRightForResult() should prefer values from the...
benjamin@webkit.org [Wed, 27 Jan 2016 06:10:15 +0000 (06:10 +0000)]
[JSC] When lowering B3 to Air, preferRightForResult() should prefer values from the same block
https://bugs.webkit.org/show_bug.cgi?id=153477

Reviewed by Filip Pizlo.

In cases like this:

Block #0
    @1 = something
    @2 = Jump #1
Block #1
    @3 = something else
    @4 = Add(@3, @1)
    ...
    @42 = Branch(@x, #1, #2)

B3LowerToAir would pick @1 for the argument copied
for what goes into the UseDef side of Add.

This created a bunch of moves that could never be coalesced.
In Kraken's imaging-desaturate, there were enough Moves to slow
down the hot loop.

Ideally, we should not use UseCount for lowering. We should use
the real liveness for preferRightForResult(), and a loop-weighted
use-count for effective addresses. The problem is keeping the cost
low for those simple helpers.

In this patch, I went with a simple heuristic: prioritize the value
defined in the same block for UseDef.

There is one other way that would be cheap but a bit invasive:
-Get rid of UseDef.
-Make every ops, 3 operands.
-Tell the register allocator to attempt aliasing of the 2 uses
 with the def.
-If the allocator fails, just add a move as needed.

For now, the simple heuristic seems okay for the cases have.

* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::preferRightForResult):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195654 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTail duplication should break critical edges first
fpizlo@apple.com [Wed, 27 Jan 2016 03:49:35 +0000 (03:49 +0000)]
Tail duplication should break critical edges first
https://bugs.webkit.org/show_bug.cgi?id=153530

Reviewed by Benjamin Poulain.

This speeds up Octane/boyer.

* b3/B3DuplicateTails.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195653 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/history/page-cache-webdatabase-no-transaction-db.html flakily crashes
cdumez@apple.com [Wed, 27 Jan 2016 03:45:09 +0000 (03:45 +0000)]
fast/history/page-cache-webdatabase-no-transaction-db.html flakily crashes
https://bugs.webkit.org/show_bug.cgi?id=153525

Reviewed by Andreas Kling.

Source/WebCore:

The test was crashing because DatabaseThread::hasPendingDatabaseActivity()
was accessing m_openDatabaseSet from the main thread without any locking
mechanism. This is an issue because m_openDatabaseSet is altered by the
database thread.

No new tests, already covered by fast/history/page-cache-webdatabase-no-transaction-db.html.

* Modules/webdatabase/DatabaseThread.cpp:
(WebCore::DatabaseThread::databaseThread):
(WebCore::DatabaseThread::recordDatabaseOpen):
(WebCore::DatabaseThread::recordDatabaseClosed):
(WebCore::DatabaseThread::hasPendingDatabaseActivity):
* Modules/webdatabase/DatabaseThread.h:

LayoutTests:

Unskip fast/history/page-cache-webdatabase-no-transaction-db.html now
that it no longer crashes.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195652 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r194557): Keyboard shortcuts stop working after the WKWebView is unparent...
timothy_horton@apple.com [Wed, 27 Jan 2016 03:16:06 +0000 (03:16 +0000)]
REGRESSION (r194557): Keyboard shortcuts stop working after the WKWebView is unparented and reparented
https://bugs.webkit.org/show_bug.cgi?id=153492
<rdar://problem/24138989>

Reviewed by Dan Bernstein.

* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView canBecomeFirstResponder]):
(-[WKContentView becomeFirstResponder]):
(-[WKContentView resignFirstResponder]):
When WKWebView is unparented, WKContentView will attempt to resignFirstResponder upwards,
first asking WKWebView. After r194557, WKWebView will accept first responder and forward
it on to the WKContentView, which will happily accept it again, despite being the view
that's trying to resign. This will cause us to completely lose first responder,
where it was actually supposed to propagate up above WKWebView to the client.

Keep track of when WKContentView is resigning first responder, and don't
let it become first responder while it is doing so, breaking the cycle.

* UIProcess/ios/WKContentView.h:
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView canBecomeFirstResponder]):
If the WKContentView is currently in the process of resigning first responder status,
we shouldn't accept it, because clients expect to receive it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195651 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebKit2:
commit-queue@webkit.org [Wed, 27 Jan 2016 03:05:49 +0000 (03:05 +0000)]
Source/WebKit2:
Implement wildcard matching for plug-in policy host.
https://bugs.webkit.org/show_bug.cgi?id=153090

Patch by I-Ting Liu <iting_liu@apple.com> on 2016-01-26
Reviewed by Darin Adler.

WebPlatformStrategies decides the plug-in load policy for a host by looking
for a matched hostname in the list of plug-in policies sent by Safari. This
patch adds support for wildcard matching -- if there's a policy with hostname
"*.example.com," the policy for "foo.example.com" would be replaced with that
of "*.example.com" if there's no policy for this hostname. If there is more
than one wildcard hostname, the host with the longest wildcard hostname will
be used.

This patch adds a helper function in StringUtilites that matches a string to
another string, which may contain wildcard ('*') characters.

* Platform/mac/StringUtilities.h:
- Add WebKit::stringMatchesWildcardString.
- Remove #if ENABLE(TELEPHONE_NUMBER_DETECTION) && PLATFORM(MAC) flag so that
the compiler allows exposing StringUtilities.h.
- Add #if __OBJC__ to allow the file to be included in WebPltformStrategies.cpp

* Platform/mac/StringUtilities.mm:
(WebKit::stringMatchesWildcardString):
Return true if the entire first given String matches the second. The second string
may contain wildcard characters.
(WebKit::wildcardRegexPatternString):
Return the regex expression from a wildcard string by replacing the wildcard
character ('*') with (".*") and escaping regular expression metacharacters.
(WebKit::formattedPhoneNumberString):
To expose StringUtilities.h for tests, we removed #if ENABLE(TELEPHONE_NUMBER_DETECTION)
&& PLATFORM(MAC) flag in the header. Add a function that returns nil for
#if !(ENABLE(TELEPHONE_NUMBER_DETECTION) && PLATFORM(MAC)) to fix the removal
of the flag in the header file.

* WebKit2.xcodeproj/project.pbxproj:
Change the file attribute of StringUtilities.h from Project to Private for
testing in TestWebKitAPI.

* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::longestMatchedWildcardHostForHost):
Return the wildcard hostname whose matched substring with the host is the longest.
(WebKit::WebPlatformStrategies::replaceHostWithMatchedWildcardHost):
Replace the look-up host with a matched wildcard host if there is a match and that
the matched wildcard host's plug-in identifier is the same as that of the host.
(WebKit::WebPlatformStrategies::pluginLoadClientPolicyForHost):
Try to replace the look-up host with the wildcard host if there's no policy for
the host. Restructure the function to reduce hashmap lookup.

* WebProcess/WebCoreSupport/WebPlatformStrategies.h:
Declare the methods.

Source/WTF:
Implement wildcard matching for plug-in policy host.
https://bugs.webkit.org/show_bug.cgi?id=153090

Patch by I-Ting Liu <iting_liu@apple.com> on 2016-01-26
Reviewed by Darin Adler.

* wtf/text/AtomicString.h:
(WTF::AtomicString::AtomicString):
Add __bridge to allow compilation.

Tools:
Add a test for WebKit::stringMatchesWildcardString.
https://bugs.webkit.org/show_bug.cgi?id=153090

Patch by I-Ting Liu <iting_liu@apple.com> on 2016-01-26
Reviewed by Darin Adler.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
Add the file to the project.

* TestWebKitAPI/Tests/WebKit2/mac/StringUtilities.mm: Added.
(TestWebKitAPI::TEST):
Test that a string matches another string that may contain wildcard characters.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195650 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed CMake build fix after r195644.
joepeck@webkit.org [Wed, 27 Jan 2016 02:41:55 +0000 (02:41 +0000)]
Unreviewed CMake build fix after r195644.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195649 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Key generator support for SQLite backend.
beidson@apple.com [Wed, 27 Jan 2016 02:25:58 +0000 (02:25 +0000)]
Modern IDB: Key generator support for SQLite backend.
https://bugs.webkit.org/show_bug.cgi?id=153427

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Existing failing tests now pass, others improved).

* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetKeyGeneratorValue):
(WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedSetKeyGeneratorValue):
(WebCore::IDBServer::SQLiteIDBBackingStore::generateKeyNumber):
(WebCore::IDBServer::SQLiteIDBBackingStore::revertGeneratedKeyNumber):
(WebCore::IDBServer::SQLiteIDBBackingStore::maybeUpdateKeyGeneratorNumber):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

LayoutTests:

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195648 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove -d flag from make invocation.
andersca@apple.com [Wed, 27 Jan 2016 02:16:57 +0000 (02:16 +0000)]
Remove -d flag from make invocation.

* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195647 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAllow canvas to use display-list drawing for testing
simon.fraser@apple.com [Wed, 27 Jan 2016 01:53:18 +0000 (01:53 +0000)]
Allow canvas to use display-list drawing for testing
https://bugs.webkit.org/show_bug.cgi?id=153475

Reviewed by Dean Jackson.

Source/WebCore:

Optionally have 2D <canvas> use display-list drawing, which is only enabled
via Internals for now.

Support displayListAsText() and replayDisplayListAsText() on canvas, so we can
use it to test playback optimizations. [Note that displayListAsText() always
returns an empty string currently, because the display list is cleared when the
canvas is painted to the page.]

Display list rendering is implemented by giving CanvasRenderingContext2D an
optional DisplayListDrawingContext, which packages up a display list, recorder
and recording context. The existing paintRenderingResultsToCanvas() is overridden
to replay the recorded display list into the primary canvas context.

Tracked replay display lists are stored in a static map, keyed by the CanvasRenderingContext2D.

Test: displaylists/canvas-display-list.html

* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::HTMLCanvasElement):
(WebCore::HTMLCanvasElement::getContext):
(WebCore::HTMLCanvasElement::paint):
(WebCore::HTMLCanvasElement::setUsesDisplayListDrawing):
(WebCore::HTMLCanvasElement::setTracksDisplayListReplay):
(WebCore::HTMLCanvasElement::displayListAsText):
(WebCore::HTMLCanvasElement::replayDisplayListAsText):
* html/HTMLCanvasElement.h:
* html/canvas/CanvasRenderingContext.h:
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::DisplayListDrawingContext::DisplayListDrawingContext):
(WebCore::contextDisplayListMap):
(WebCore::CanvasRenderingContext2D::~CanvasRenderingContext2D):
(WebCore::CanvasRenderingContext2D::setTracksDisplayListReplay):
(WebCore::CanvasRenderingContext2D::displayListAsText):
(WebCore::CanvasRenderingContext2D::replayDisplayListAsText):
(WebCore::CanvasRenderingContext2D::paintRenderingResultsToCanvas):
(WebCore::CanvasRenderingContext2D::drawingContext):
(WebCore::CanvasRenderingContext2D::CanvasRenderingContext2D): Deleted.
* html/canvas/CanvasRenderingContext2D.h:
* testing/Internals.cpp:
(WebCore::Internals::setElementUsesDisplayListDrawing):
(WebCore::Internals::setElementTracksDisplayListReplay):
(WebCore::Internals::displayListForElement):
(WebCore::Internals::replayDisplayListForElement):

LayoutTests:

Simple canvas-based display list test.

* displaylists/canvas-display-list-expected.txt: Added.
* displaylists/canvas-display-list.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195646 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused FramesLarge.png variants, only the smaller Frames icon...
commit-queue@webkit.org [Wed, 27 Jan 2016 01:31:36 +0000 (01:31 +0000)]
Web Inspector: Remove unused FramesLarge.png variants, only the smaller Frames icon is used for the Rendering Frames timeline
https://bugs.webkit.org/show_bug.cgi?id=153523

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-01-26
Reviewed by Timothy Hatcher.

* UserInterface/Images/FramesLarge.png: Removed.
* UserInterface/Images/FramesLarge@2x.png: Removed.
* UserInterface/Images/gtk/FramesLarge.png: Removed.
* UserInterface/Images/gtk/FramesLarge@2x.png: Removed.
* UserInterface/Views/TimelineIcons.css:
(.rendering-frame-icon.large .icon): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195645 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGeneralize ResourceUsageData gathering to be used outside of ResourceUsageOverlay
joepeck@webkit.org [Wed, 27 Jan 2016 01:29:25 +0000 (01:29 +0000)]
Generalize ResourceUsageData gathering to be used outside of ResourceUsageOverlay
https://bugs.webkit.org/show_bug.cgi?id=153509
<rdar://problem/24354291>

Reviewed by Andreas Kling.

Source/JavaScriptCore:

* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::Heap::didAllocateBlock):
(JSC::Heap::didFreeBlock):
Rename the ENABLE flag.

Source/WebCore:

* CMakeLists.txt:
* PlatformMac.cmake:
* WebCore.xcodeproj/project.pbxproj:
* page/Page.cpp:
* page/Page.h:
* page/Settings.cpp:
* page/Settings.h:
* page/ResourceUsageOverlay.cpp:
* page/ResourceUsageOverlay.h:
Add new files to the build and updated ENABLE flag name.

* page/ResourceUsageData.cpp: Added.
(WebCore::ResourceUsageData::ResourceUsageData):
* page/ResourceUsageData.h: Added.
(WebCore::MemoryCategoryInfo::MemoryCategoryInfo):
Platform agnostic resource data that may be used by multiple clients,
such as the ResourceUsageOverlay and later the Inspector.

* page/ResourceUsageThread.h: Added.
* page/ResourceUsageThread.cpp: Added.
(WebCore::ResourceUsageThread::ResourceUsageThread):
(WebCore::ResourceUsageThread::singleton):
(WebCore::ResourceUsageThread::addObserver):
(WebCore::ResourceUsageThread::removeObserver):
(WebCore::ResourceUsageThread::waitUntilObservers):
(WebCore::ResourceUsageThread::notifyObservers):
(WebCore::ResourceUsageThread::createThreadIfNeeded):
(WebCore::ResourceUsageThread::threadCallback):
(WebCore::ResourceUsageThread::threadBody):
Platform agnostic resource usage thread that can be used to gather data
into a ResourceUsageData struct on a background thread and notify observers
on the main thread. Platforms need only implement ResourceUsageThread::platformThreadBody
to populate the ResourceUsageData struct with data.

* page/cocoa/ResourceUsageOverlayCocoa.mm:
(WebCore::HistoricMemoryCategoryInfo::HistoricMemoryCategoryInfo):
(WebCore::HistoricResourceUsageData::HistoricResourceUsageData):
(WebCore::historicUsageData):
(WebCore::appendDataToHistory):
(WebCore::ResourceUsageOverlay::platformInitialize):
(WebCore::ResourceUsageOverlay::platformDestroy):
(WebCore::drawMemHistory):
(WebCore::drawMemoryPie):
(WebCore::ResourceUsageOverlay::platformDraw):
Move CPU and memory resource usage calculations to ResourceUsageThread.
The overlay adds itself as an observer, and builds its RingBuffer list
of data from notifications from the ResourceUsageThread. Renamed
some of the fields.

* page/cocoa/ResourceUsageThreadCocoa.mm: Added.
(WebCore::vmPageSize):
(WebCore::TagInfo::TagInfo):
(WebCore::pagesPerVMTag):
(WebCore::cpuUsage):
(WebCore::categoryForVMTag):
(WebCore::ResourceUsageThread::platformThreadBody):
Extracted from ResourceUsageOverlayCocoa.

* page/scrolling/ScrollingThread.cpp:
(WebCore::ScrollingThread::dispatch):
Drive-by, don't call singleton again, we already have the result.

Source/WebKit2:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
Rename the ENABLE flag.

Source/WTF:

* wtf/Platform.h:
Rename the ENABLE flag.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195644 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse initializers in HTMLCanvasElement
simon.fraser@apple.com [Wed, 27 Jan 2016 01:22:44 +0000 (01:22 +0000)]
Use initializers in HTMLCanvasElement
https://bugs.webkit.org/show_bug.cgi?id=153472

Reviewed by Michael Catanzaro.

Use initializers, and re-order member variables for better packing.

* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::HTMLCanvasElement):
* html/HTMLCanvasElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195643 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSetting HTMLInputElement.value to null to set its value to the empty string
cdumez@apple.com [Wed, 27 Jan 2016 01:16:16 +0000 (01:16 +0000)]
Setting HTMLInputElement.value to null to set its value to the empty string
https://bugs.webkit.org/show_bug.cgi?id=153519

Reviewed by Ryosuke Niwa.

Source/WebCore:

Setting HTMLInputElement.value to null to set its value to the empty string:
- https://html.spec.whatwg.org/#htmlinputelement
- http://heycam.github.io/webidl/#TreatNullAs

WebKit would previously unset the value attribute instead, which caused
it to fallback to input.defaultValue if set.

Firefox and Chrome behave correctly.

Test: fast/dom/HTMLInputElement/input-value-set-null.html

* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::setValue):

LayoutTests:

Add a layout test to make sure that setting HTMLInputElement.value to null
actually sets its value to the empty string.

* fast/dom/HTMLInputElement/input-value-set-null-expected.txt: Added.
* fast/dom/HTMLInputElement/input-value-set-null.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195642 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r195602.
commit-queue@webkit.org [Wed, 27 Jan 2016 01:11:53 +0000 (01:11 +0000)]
Unreviewed, rolling out r195602.
https://bugs.webkit.org/show_bug.cgi?id=153526

broke more than it fixed (Requested by thorton on #webkit).

Reverted changeset:

"REGRESSION (r194557): Keyboard shortcuts stop working after
the WKWebView is unparented and reparented"
https://bugs.webkit.org/show_bug.cgi?id=153492
http://trac.webkit.org/changeset/195602

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195641 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[B3] Fix control reaches end of non-void function GCC warning after r195139
ossy@webkit.org [Wed, 27 Jan 2016 01:10:58 +0000 (01:10 +0000)]
[B3] Fix control reaches end of non-void function GCC warning after r195139
https://bugs.webkit.org/show_bug.cgi?id=153426

Reviewed by Michael Catanzaro.

* b3/air/AirArg.h:
(JSC::B3::Air::Arg::cooled):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195640 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agotestb3 and testAir should be compiled under -O0
sbarati@apple.com [Wed, 27 Jan 2016 00:57:06 +0000 (00:57 +0000)]
testb3 and testAir should be compiled under -O0
https://bugs.webkit.org/show_bug.cgi?id=153520

Reviewed by Benjamin Poulain.

* JavaScriptCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195639 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, temporarily skip fast/history/page-cache-webdatabase-no-transaction-db...
cdumez@apple.com [Wed, 27 Jan 2016 00:52:32 +0000 (00:52 +0000)]
Unreviewed, temporarily skip fast/history/page-cache-webdatabase-no-transaction-db.html
https://bugs.webkit.org/show_bug.cgi?id=153525

The test flakily crashes, skip it until I can fix it.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195638 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoB3's integer range analysis should know that Mul'ing two sufficiently small numbers...
fpizlo@apple.com [Wed, 27 Jan 2016 00:49:03 +0000 (00:49 +0000)]
B3's integer range analysis should know that Mul'ing two sufficiently small numbers will yield a number that still has a meaningful range
https://bugs.webkit.org/show_bug.cgi?id=153518

Reviewed by Benjamin Poulain.

Octane/encrypt had an addition overflow check that can be proved away by being sufficiently
sneaky about the analysis of adds, multiplies, and shifts.

I almost added these optimizations to the DFG integer range optimization phase. That phase is
very complicated. B3's integer range analysis is trivial. So I added it to B3. Eventually
we'll want this same machinery in the DFG also.

8% speed-up on Octane/encrypt.

* b3/B3ReduceStrength.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::dump): Dumping a constant value's name now dumps its value. This makes a huge difference for reading IR.
(JSC::B3::Value::cloneImpl):
(JSC::B3::Value::deepDump):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195637 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/semantics/interfaces.html for ios...
ryanhaddad@apple.com [Wed, 27 Jan 2016 00:33:33 +0000 (00:33 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/semantics/interfaces.html for ios-simulator after support
for HTMLDataElement was added in r195627, removing ios-simulator-wk2 specific result.
https://bugs.webkit.org/show_bug.cgi?id=153459

Unreviewed test gardening.

* platform/ios-simulator-wk2/imported/w3c/web-platform-tests/html/semantics/interfaces-expected.txt: Removed.
* platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/interfaces-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195636 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebKitAdditions should be able to modify derived source rules
andersca@apple.com [Wed, 27 Jan 2016 00:29:42 +0000 (00:29 +0000)]
WebKitAdditions should be able to modify derived source rules
https://bugs.webkit.org/show_bug.cgi?id=153514

Reviewed by Tim Horton.

Source/WebCore:

* DerivedSources.make:
Include WebCoreDerivedSourcesAdditions.make.

* WebCore.xcodeproj/project.pbxproj:
Pass our WebKitAdditions paths as include paths to make.

Source/WebKit2:

* Configurations/BaseTarget.xcconfig:
* Configurations/WebKit.xcconfig:
Set WEBKITADDITIONS_HEADER_SEARCH_PATHS.

* DerivedSources.make:
Move the path computation earlier and include WebKitDerivedSourcesAdditions.make.

* WebKit2.xcodeproj/project.pbxproj:
Pass our WebKitAdditions paths as include paths to make.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195635 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkipping tests added with r195625 that are unsupported on ios-simulator
ryanhaddad@apple.com [Wed, 27 Jan 2016 00:08:12 +0000 (00:08 +0000)]
Skipping tests added with r195625 that are unsupported on ios-simulator

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195634 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake HashTable iterators STL iterators compatible
achristensen@apple.com [Tue, 26 Jan 2016 23:46:28 +0000 (23:46 +0000)]
Make HashTable iterators STL iterators compatible
https://bugs.webkit.org/show_bug.cgi?id=153512

Patch by Yusuke Suzuki <utatane.tea@gmail.com> on 2016-01-26
Reviewed by Alex Christensen.

While r178581 makes many hash table iterators STL compatible, still several iterators are not.
This patch fixes that; inheriting std::iterator correctly to meet STL iterator requirements (like iterator_category etc.)
It could recover Windows build failure.

* wtf/HashTable.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195629 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agodocument.open() / write() should be prevented in beforeunload event handlers
cdumez@apple.com [Tue, 26 Jan 2016 23:22:18 +0000 (23:22 +0000)]
document.open() / write() should be prevented in beforeunload event handlers
https://bugs.webkit.org/show_bug.cgi?id=153432

Reviewed by Ryosuke Niwa.

Source/WebCore:

document.open() / write() should be prevented in beforeunload event handlers:
- https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
- https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
- https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
- https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document

Test: fast/frames/page-beforeunload-document-open.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::dispatchBeforeUnloadEvent):

LayoutTests:

Add a layout test to check that document.open() / write() is indeed
prevented inside 'beforeunload' event handlers.

* fast/frames/page-beforeunload-document-open-expected.txt: Added.
* fast/frames/page-beforeunload-document-open.html: Added.
* fast/frames/resources/page-beforeunload-document-open-frame.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195628 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd support for HTMLDataElement
cdumez@apple.com [Tue, 26 Jan 2016 23:21:30 +0000 (23:21 +0000)]
Add support for HTMLDataElement
https://bugs.webkit.org/show_bug.cgi?id=153459

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline existing W3C tests now that more checks are passing.

* web-platform-tests/dom/nodes/Node-cloneNode-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:
* web-platform-tests/html/semantics/interfaces-expected.txt:

Source/WebCore:

Add support for HTMLDataElement:
https://html.spec.whatwg.org/multipage/semantics.html#the-data-element

Firefox already supports it.

No new tests, already covered by existing tests.

* CMakeLists.txt:
* DerivedSources.cpp:
* DerivedSources.make:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/HTMLDataElement.cpp: Added.
(WebCore::HTMLDataElement::create):
(WebCore::HTMLDataElement::HTMLDataElement):
* html/HTMLDataElement.h: Added.
* html/HTMLDataElement.idl: Added.
* html/HTMLElementsAllInOne.cpp:
* html/HTMLTagNames.in:

LayoutTests:

Rebaseline existing test now that HTMLDataElement is exposed on the
global Window object.

* platform/efl/js/dom/global-constructors-attributes-expected.txt:
* platform/gtk/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
* platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
* platform/mac/js/dom/global-constructors-attributes-expected.txt:
* platform/win/js/dom/global-constructors-attributes-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r195610.
ryanhaddad@apple.com [Tue, 26 Jan 2016 23:14:55 +0000 (23:14 +0000)]
Unreviewed, rolling out r195610.
https://bugs.webkit.org/show_bug.cgi?id=153513

The test added with this change is timing out on almost every
run (Requested by ryanhaddad on #webkit).

Reverted changeset:

"Calling video.controls=true during a scrub operation cancels
scrub."
https://bugs.webkit.org/show_bug.cgi?id=153494
http://trac.webkit.org/changeset/195610

Patch by Commit Queue <commit-queue@webkit.org> on 2016-01-26

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195626 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHistory.pushState causes intense memory pressure.
beidson@apple.com [Tue, 26 Jan 2016 22:48:15 +0000 (22:48 +0000)]
History.pushState causes intense memory pressure.
https://bugs.webkit.org/show_bug.cgi?id=153435

Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen.

Source/WebCore:

Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html
       fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html
       fast/loader/stateobjects/pushstate-frequency.html
       fast/loader/stateobjects/replacestate-frequency-iframe.html
       fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html
       fast/loader/stateobjects/replacestate-frequency.html
       loader/stateobjects/pushstate-size-iframe.html
       loader/stateobjects/pushstate-size.html
       loader/stateobjects/replacestate-size-iframe.html
       loader/stateobjects/replacestate-size.html

Add restrictions on how frequently push/replaceState can be called,
as well as how much of a cumulative payload they can deliver.

* bindings/js/JSHistoryCustom.cpp:
(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):

* page/History.cpp:
(WebCore::History::stateObjectAdded):
* page/History.h:

LayoutTests:

* TestExpectations: Mark some of the new tests as slow.

* fast/loader/stateobjects/pushstate-frequency-expected.txt: Added.
* fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt: Added.
* fast/loader/stateobjects/pushstate-frequency-iframe.html: Added.
* fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt: Added.
* fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html: Added.
* fast/loader/stateobjects/pushstate-frequency.html: Added.
* fast/loader/stateobjects/replacestate-frequency-expected.txt: Added.
* fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt: Added.
* fast/loader/stateobjects/replacestate-frequency-iframe.html: Added.
* fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt: Added.
* fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html: Added.
* fast/loader/stateobjects/replacestate-frequency.html: Added.
* fast/loader/stateobjects/resources/pushstate-iframe.html: Added.
* fast/loader/stateobjects/resources/replacestate-iframe.html: Added.
* loader/stateobjects/pushstate-size-expected.txt: Added.
* loader/stateobjects/pushstate-size-iframe-expected.txt: Added.
* loader/stateobjects/pushstate-size-iframe.html: Added.
* loader/stateobjects/pushstate-size.html: Added.
* loader/stateobjects/replacestate-size-expected.txt: Added.
* loader/stateobjects/replacestate-size-iframe-expected.txt: Added.
* loader/stateobjects/replacestate-size-iframe.html: Added.
* loader/stateobjects/replacestate-size.html: Added.
* loader/stateobjects/resources/pushstate-iframe.html: Added.
* loader/stateobjects/resources/replacestate-iframe.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195625 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaselining cssom/subpixel-offsetleft-top-width-height-values.html for ios-simulator
ryanhaddad@apple.com [Tue, 26 Jan 2016 22:22:25 +0000 (22:22 +0000)]
Rebaselining cssom/subpixel-offsetleft-top-width-height-values.html for ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=152308

Unreviewed test gardening.

* platform/ios-simulator/cssom/subpixel-offsetleft-top-width-height-values-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195624 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a private WKUIDelegate method for getting a presenting view controller for a...
andersca@apple.com [Tue, 26 Jan 2016 22:22:14 +0000 (22:22 +0000)]
Add a private WKUIDelegate method for getting a presenting view controller for a WKWebView on iOS
https://bugs.webkit.org/show_bug.cgi?id=153510

Reviewed by Dan Bernstein.

* UIProcess/API/APIUIClient.h:
(API::UIClient::presentingViewController):
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/Cocoa/UIDelegate.h:
* UIProcess/Cocoa/UIDelegate.mm:
(WebKit::UIDelegate::setDelegate):
(WebKit::UIDelegate::UIClient::presentingViewController):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195623 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIt should be possible to disable FTL for a range like we disable DFG for a range
fpizlo@apple.com [Tue, 26 Jan 2016 22:20:10 +0000 (22:20 +0000)]
It should be possible to disable FTL for a range like we disable DFG for a range
https://bugs.webkit.org/show_bug.cgi?id=153511

Reviewed by Geoffrey Garen.

* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195622 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoShifts by an amount computed using BitAnd with a mask that subsumes the shift's own...
fpizlo@apple.com [Tue, 26 Jan 2016 22:07:28 +0000 (22:07 +0000)]
Shifts by an amount computed using BitAnd with a mask that subsumes the shift's own mask should be rewired around the BitAnd
https://bugs.webkit.org/show_bug.cgi?id=153505

Reviewed by Saam Barati.

Turn this: Shl(@x, BitAnd(@y, 63))
Into this: Shl(@x, @y)

It matters for Octane/crypto.

We should also stop FTL from generating such code, but even if we did that, we'd still want
this optimization in case user code did the BitAnd.

Also we can't stop the FTL from generating such code yet, because when targetting LLVM, you
must mask your shifts this way.

* b3/B3ReduceStrength.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195621 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThe thing that B3 uses to describe a stack slot should not be a Value
fpizlo@apple.com [Tue, 26 Jan 2016 22:05:28 +0000 (22:05 +0000)]
The thing that B3 uses to describe a stack slot should not be a Value
https://bugs.webkit.org/show_bug.cgi?id=153491
rdar://problem/24349446

Reviewed by Geoffrey Garen and Saam Barati.

Prior to this change, B3 represented stack slots by having a StackSlotValue that carried
two meanings:

- It represented a stack slot.

- It was a kind of Value for getting the base of the stack slot.

This seems like a good idea until you consider the following issues.

1) A Value can be killed if it is on an unreachable path, or if it has no effects and
   nobody refers to it. But the FTL uses StackSlotValue to allocate space on the stack.
   When it does this, it doesn't want it to be killed. It will dereference the object, so
   killing it is a bug.

2) A premise of B3 is that it should be always legal to perform the following
   transformation on a value:

   value->replaceWithIdentity(insertionSet.insertValue(index, proc.clone(value)));

   This inserts a new value just before the old one. The new value is a clone of the old
   one. Then the old one is essentially deleted (anything that becomes an identity dies
   shortly thereafter). Problem (1) prevents this from being legal, which breaks a major
   premise of B3 IR.

3) A premise of B3 is that it should be always legal to perform the following
   transformation on a value:

   Before:
           @42 = Thing(...)

   After:
           Branch(@doesntMatter, #yes, #no)
       BB#yes:
           @42_one = Thing(...)
           Upsilon(@42_one, ^42)
           Jump(#done)
       BB#no:
           @42_two = Thing(...)
           Upsilon(@42_two, ^42)
           Jump(#done)
       BB#done:
           @42 = Phi()

   But prior to this change, such a transformation makes absolutely no sense for
   StackSlot. It will "work" in the sense that the compiler will proceed undaunted, but
   it will disable SSA fix-up for the cloned stack slot and we will end up allocating two
   stack slots instead of one, and then we will assume that they both escape, which will
   disable efficient stack allocation. Note that the moral equivalent of this
   transformation could already happen due to tail duplication, and the only reason why
   it's not a bug right now is that we happen to hoist stack slots to the root block. But
   the whole point of our stack slots was supposed to be that they do not have to be
   hoisted.

This change fixes this issue by splitting StackSlotValue into two things: SlotBaseValue,
which is a pure operation for getting the base address of a StackSlot, and StackSlot,
which is a representation of the actual stack slot. StackSlot cannot get duplicated and
can only be killed if it's anonymous. SlotBaseValue can be killed, moved, cloned,
hoisted, etc. Since it has no effects and it has a ValueKey, it's one of the most
permissive Values in the IR, just as one would hope (after all, there is actually zero
code that needs to execute to evaluate SlotBaseValue).

This fixes a crash that we saw with GuardMalloc and ASan. It also makes the IR a lot more
easy to reason about.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* b3/B3EliminateCommonSubexpressions.cpp:
* b3/B3FixSSA.cpp:
(JSC::B3::demoteValues):
(JSC::B3::fixSSA):
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::run):
(JSC::B3::Air::LowerToAir::effectiveAddr):
(JSC::B3::Air::LowerToAir::lower):
* b3/B3Opcode.cpp:
(WTF::printInternal):
* b3/B3Opcode.h:
* b3/B3Procedure.cpp:
(JSC::B3::Procedure::setBlockOrderImpl):
(JSC::B3::Procedure::addStackSlot):
(JSC::B3::Procedure::addAnonymousStackSlot):
(JSC::B3::Procedure::clone):
(JSC::B3::Procedure::dump):
(JSC::B3::Procedure::blocksInPostOrder):
(JSC::B3::Procedure::deleteStackSlot):
(JSC::B3::Procedure::deleteValue):
(JSC::B3::Procedure::calleeSaveRegisters):
(JSC::B3::Procedure::addStackSlotIndex):
(JSC::B3::Procedure::addValueIndex):
* b3/B3Procedure.h:
(JSC::B3::Procedure::setBlockOrder):
(JSC::B3::Procedure::StackSlotsCollection::StackSlotsCollection):
(JSC::B3::Procedure::StackSlotsCollection::size):
(JSC::B3::Procedure::StackSlotsCollection::at):
(JSC::B3::Procedure::StackSlotsCollection::operator[]):
(JSC::B3::Procedure::StackSlotsCollection::iterator::iterator):
(JSC::B3::Procedure::StackSlotsCollection::iterator::operator*):
(JSC::B3::Procedure::StackSlotsCollection::iterator::operator++):
(JSC::B3::Procedure::StackSlotsCollection::iterator::operator==):
(JSC::B3::Procedure::StackSlotsCollection::iterator::operator!=):
(JSC::B3::Procedure::StackSlotsCollection::iterator::findNext):
(JSC::B3::Procedure::StackSlotsCollection::begin):
(JSC::B3::Procedure::StackSlotsCollection::end):
(JSC::B3::Procedure::stackSlots):
(JSC::B3::Procedure::ValuesCollection::ValuesCollection):
* b3/B3ReduceStrength.cpp:
* b3/B3SlotBaseValue.cpp: Copied from Source/JavaScriptCore/b3/B3StackSlotValue.cpp.
(JSC::B3::SlotBaseValue::~SlotBaseValue):
(JSC::B3::SlotBaseValue::dumpMeta):
(JSC::B3::SlotBaseValue::cloneImpl):
(JSC::B3::StackSlotValue::~StackSlotValue): Deleted.
(JSC::B3::StackSlotValue::dumpMeta): Deleted.
(JSC::B3::StackSlotValue::cloneImpl): Deleted.
* b3/B3SlotBaseValue.h: Copied from Source/JavaScriptCore/b3/B3StackSlotValue.h.
* b3/B3StackSlot.cpp: Added.
(JSC::B3::StackSlot::~StackSlot):
(JSC::B3::StackSlot::dump):
(JSC::B3::StackSlot::deepDump):
(JSC::B3::StackSlot::StackSlot):
* b3/B3StackSlot.h: Added.
(JSC::B3::StackSlot::byteSize):
(JSC::B3::StackSlot::kind):
(JSC::B3::StackSlot::isLocked):
(JSC::B3::StackSlot::index):
(JSC::B3::StackSlot::offsetFromFP):
(JSC::B3::StackSlot::setOffsetFromFP):
(JSC::B3::DeepStackSlotDump::DeepStackSlotDump):
(JSC::B3::DeepStackSlotDump::dump):
(JSC::B3::deepDump):
* b3/B3StackSlotValue.cpp: Removed.
* b3/B3StackSlotValue.h: Removed.
* b3/B3Validate.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::checkOpcode):
* b3/B3ValueKey.cpp:
(JSC::B3::ValueKey::materialize):
* b3/air/AirCode.cpp:
(JSC::B3::Air::Code::addBlock):
(JSC::B3::Air::Code::addStackSlot):
(JSC::B3::Air::Code::addSpecial):
* b3/air/AirCode.h:
* b3/air/AirStackSlot.cpp:
(JSC::B3::Air::StackSlot::setOffsetFromFP):
(JSC::B3::Air::StackSlot::dump):
(JSC::B3::Air::StackSlot::deepDump):
(JSC::B3::Air::StackSlot::StackSlot):
* b3/air/AirStackSlot.h:
(JSC::B3::Air::StackSlot::alignment):
(JSC::B3::Air::StackSlot::b3Slot):
(JSC::B3::Air::StackSlot::offsetFromFP):
(WTF::printInternal):
(JSC::B3::Air::StackSlot::value): Deleted.
* b3/testb3.cpp:
(JSC::B3::testStackSlot):
(JSC::B3::testStoreLoadStackSlot):
* ftl/FTLB3Compile.cpp:
* ftl/FTLB3Output.cpp:
(JSC::FTL::Output::appendTo):
(JSC::FTL::Output::lockedStackSlot):
(JSC::FTL::Output::neg):
* ftl/FTLB3Output.h:
(JSC::FTL::Output::framePointer):
(JSC::FTL::Output::constBool):
(JSC::FTL::Output::constInt32):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::DFG::LowerDFGToLLVM::lower):
* ftl/FTLState.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195620 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[webkitdirs] Removed check for bison, gperf, and flex.
commit-queue@webkit.org [Tue, 26 Jan 2016 21:38:21 +0000 (21:38 +0000)]
[webkitdirs] Removed check for bison, gperf, and flex.
https://bugs.webkit.org/show_bug.cgi?id=153496

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-01-26
Reviewed by Alex Christensen.

This prerequisites are checked in WebKitCommon.cmake and don't
have to be in $PATH.

* Scripts/webkitdirs.pm:
(checkRequiredSystemConfig):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195617 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd a Dictionary overload that returns an Optional result
andersca@apple.com [Tue, 26 Jan 2016 21:22:16 +0000 (21:22 +0000)]
Add a Dictionary overload that returns an Optional result
https://bugs.webkit.org/show_bug.cgi?id=153507

Reviewed by Tim Horton.

* bindings/js/Dictionary.h:
(WebCore::Dictionary::get):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195616 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLet SVG images not taint canvases except when containing foreignObjects
commit-queue@webkit.org [Tue, 26 Jan 2016 21:19:12 +0000 (21:19 +0000)]
Let SVG images not taint canvases except when containing foreignObjects
https://bugs.webkit.org/show_bug.cgi?id=119639

Patch by Philip Rogers <pdr@chromium.org> on 2016-01-26
Reviewed by Brent Fulgham.

Source/WebCore:

r153876 caused SVG images to not taint canvases but the patch allowed
for subimage resources. This can be a problem if a subimage (e.g., data
uri image) contains a foreignObject which can violate security (e.g.,
visited links).

This patch updates SVGImage::hasSingleSecurityOrigin to check if the
image contains any foreignObjects or images that themselves contain
foreignObjects. SVG images without foreignObjects are allowed to not
taint canvases.

Canvas patterns are problematic because an animated SVG image can switch
between tainting and not tainting the canvas. A FIXME has been added to
solve this, and in the meantime we cause SVG images to taint patterns.

Tests: svg/as-image/svg-canvas-pattern-with-link-tainted.html
       svg/as-image/svg-canvas-svg-with-feimage-with-link-tainted.html
       svg/as-image/svg-canvas-svg-with-image-with-link-tainted.html

* html/canvas/CanvasPattern.cpp:
(WebCore::CanvasPattern::CanvasPattern):
(WebCore::CanvasPattern::~CanvasPattern):
* svg/SVGFEImageElement.cpp:
(WebCore::SVGFEImageElement::~SVGFEImageElement):
(WebCore::SVGFEImageElement::hasSingleSecurityOrigin):
(WebCore::SVGFEImageElement::clearResourceReferences):
* svg/SVGFEImageElement.h:
* svg/SVGImageElement.cpp:
(WebCore::SVGImageElement::create):
(WebCore::SVGImageElement::hasSingleSecurityOrigin):
(WebCore::SVGImageElement::isSupportedAttribute):
* svg/SVGImageElement.h:
* svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::hasSingleSecurityOrigin):

LayoutTests:

* svg/as-image/resources/svg-with-feimage-with-link.svg: Added.
* svg/as-image/resources/svg-with-image-with-link.svg: Added.
* svg/as-image/svg-canvas-pattern-with-link-tainted-expected.txt: Added.
* svg/as-image/svg-canvas-pattern-with-link-tainted.html: Added.
* svg/as-image/svg-canvas-svg-with-feimage-with-link-tainted-expected.txt: Added.
* svg/as-image/svg-canvas-svg-with-feimage-with-link-tainted.html: Added.
* svg/as-image/svg-canvas-svg-with-image-with-link-tainted-expected.txt: Added.
* svg/as-image/svg-canvas-svg-with-image-with-link-tainted.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195614 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[webkitdirs] isCMakeBuild should be true by default
commit-queue@webkit.org [Tue, 26 Jan 2016 21:14:33 +0000 (21:14 +0000)]
[webkitdirs] isCMakeBuild should be true by default
https://bugs.webkit.org/show_bug.cgi?id=153497

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-01-26
Reviewed by Michael Catanzaro.

* Scripts/webkitdirs.pm:
(isCMakeBuild):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195613 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSSGrammar.y:1742.31-34: warning: unused value: $3
mcatanzaro@igalia.com [Tue, 26 Jan 2016 21:12:31 +0000 (21:12 +0000)]
CSSGrammar.y:1742.31-34: warning: unused value: $3
https://bugs.webkit.org/show_bug.cgi?id=153462

Reviewed by Alex Christensen.

This warning indicates that we have a memory leak. From the bison manual:

"Right-hand side symbols of a rule that explicitly triggers a syntax error via YYERROR are
not discarded automatically. As a rule of thumb, destructors are invoked only when user
actions cannot manage the memory."

Arguably a design error, but that's how it is.

* css/CSSGrammar.y.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195612 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBlockPtr needs boolean operators
andersca@apple.com [Tue, 26 Jan 2016 21:09:24 +0000 (21:09 +0000)]
BlockPtr needs boolean operators
https://bugs.webkit.org/show_bug.cgi?id=153506

Reviewed by Tim Horton.

* wtf/BlockPtr.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195611 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCalling video.controls=true during a scrub operation cancels scrub.
jer.noble@apple.com [Tue, 26 Jan 2016 20:58:31 +0000 (20:58 +0000)]
Calling video.controls=true during a scrub operation cancels scrub.
https://bugs.webkit.org/show_bug.cgi?id=153494

Reviewed by Eric Carlson.

Source/WebCore:

Test: media/media-controls-drag-timeline-set-controls-property.html

Verify that the video.controls attribute actually changed before tearing down and
re-adding the media controls to the Shadow DOM.

* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.handleControlsChange):
(Controller.prototype.hasControls):

LayoutTests:

* media/media-controls-drag-timeline-set-controls-property-expected.txt: Added.
* media/media-controls-drag-timeline-set-controls-property.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195610 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EME][Mac] Crash in [AVStreamSession addStreamDataParser:]; uncaught exception
jer.noble@apple.com [Tue, 26 Jan 2016 20:45:58 +0000 (20:45 +0000)]
[EME][Mac] Crash in [AVStreamSession addStreamDataParser:]; uncaught exception
https://bugs.webkit.org/show_bug.cgi?id=153495

Reviewed by Eric Carlson.

When AVContentKeySession is not available, fall back to pre-AVContentKeySession behavior;
namely, immediately create an AVStreamSession object in
willProvideContentKeyRequestInitializationData, rather than waiting for didProvide.

* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195609 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking svg/dom/SVGScriptElement/script-change-externalResourcesRequired-while-loadin...
ryanhaddad@apple.com [Tue, 26 Jan 2016 20:30:48 +0000 (20:30 +0000)]
Marking svg/dom/SVGScriptElement/script-change-externalResourcesRequired-while-loading.svg as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153498

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195608 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Documents without an explicit width should not get fast tapping
dino@apple.com [Tue, 26 Jan 2016 20:09:27 +0000 (20:09 +0000)]
[iOS] Documents without an explicit width should not get fast tapping
https://bugs.webkit.org/show_bug.cgi?id=153465
Source/WebCore:

<rdar://problem/23962529>

Reviewed by Simon Fraser (and Wenson Hseih).

As the title says, documents that do not set a viewport should
not get the fast click behaviour. There were complaints that we broke
double-tap to scroll in ImageDocuments where the image was narrow and long.

The fix is to just keep a flag that tells the UI process if the
width was explicit. However, it turns out that those ImageDocuments
are given an explicit device-width, which is fine for scaling but
really should behave as auto for fast tapping. So we also need
to tell the UIProcess if the viewport arguments came from an
ImageDocument.

Test: fast/events/ios/viewport-no-width-value-allows-double-tap.html

* dom/ViewportArguments.cpp:
(WebCore::findSizeValue): Add a parameter that toggles a flag
if the size was explicitly set.
(WebCore::setViewportFeature): Remember if the width was
explicit.
* dom/ViewportArguments.h: Add a widthWasExplicit flag.
(WebCore::ViewportArguments::operator==):

Source/WebKit2:

<rdar://problem/23962529>

Reviewed by Simon Fraser (and Wenson Hseih).

As the title says, documents that do not set a viewport should
not get the fast click behaviour. There were complaints that we broke
double-tap to scroll in ImageDocuments where the image was narrow and long.

The fix is to just keep a flag that tells the UI process if the
width was explicit. However, it turns out that those ImageDocuments
are given an explicit device-width, which is fine for scaling but
really should behave as auto for fast tapping. So we also need
to tell the UIProcess if the viewport arguments came from an
ImageDocument.

* Shared/mac/RemoteLayerTreeTransaction.h: Add two new flags into
the transaction.
(WebKit::RemoteLayerTreeTransaction::viewportMetaTagWidthWasExplicit):
(WebKit::RemoteLayerTreeTransaction::setViewportMetaTagWidthWasExplicit):
(WebKit::RemoteLayerTreeTransaction::viewportMetaTagCameFromImageDocument):
(WebKit::RemoteLayerTreeTransaction::setViewportMetaTagCameFromImageDocument):
* Shared/mac/RemoteLayerTreeTransaction.mm:
(WebKit::RemoteLayerTreeTransaction::encode):
(WebKit::RemoteLayerTreeTransaction::decode):
(WebKit::RemoteLayerTreeTransaction::description):

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _didCommitLayerTree:]): Notice whether or not the viewport
width was explicit.
(-[WKWebView _allowsDoubleTapGestures]): Return yes if the width
was not explicit, or if the viewport came from an ImageDocument.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::willCommitLayerTree):

LayoutTests:

Reviewed by Simon Fraser (and Wenson Hseih).

* fast/events/ios/thin-gradient.jpg: Added.
* fast/events/ios/viewport-no-width-value-allows-double-tap-expected.txt: Added.
* fast/events/ios/viewport-no-width-value-allows-double-tap.html: Added.
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195607 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSpeculative fixes for crashing in viewportChangeAffectedPicture
hyatt@apple.com [Tue, 26 Jan 2016 20:07:07 +0000 (20:07 +0000)]
Speculative fixes for crashing in viewportChangeAffectedPicture
https://bugs.webkit.org/show_bug.cgi?id=153450

Reviewed by Dean Jackson.

Don't attach any conditions to the removal of a picture element from
the document's HashSet. This ensures that if the condition is ever
wrong for any reason, we'll still remove the picture element on
destruction.

Fix the media query evaluation to match the other evaluations (used by
the preload scanner and HTMLImageElement). This includes using the
document element's computed style instead of our own and also null
checking the document element first. This is the likely cause of the
crashes.

* html/HTMLPictureElement.cpp:
(WebCore::HTMLPictureElement::~HTMLPictureElement):
(WebCore::HTMLPictureElement::didMoveToNewDocument):
(WebCore::HTMLPictureElement::viewportChangeAffectedPicture):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195606 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake sure a page is still PageCache-able after firing the 'pagehide' events
cdumez@apple.com [Tue, 26 Jan 2016 19:57:49 +0000 (19:57 +0000)]
Make sure a page is still PageCache-able after firing the 'pagehide' events
https://bugs.webkit.org/show_bug.cgi?id=153449

Reviewed by Andreas Kling.

Make sure a page is still PageCache-able after firing the 'pagehide'
events and abort if it isn't. This should improve robustness and it is
easy for pagehide event handlers to do things that would make a Page no
longer PageCache-able and this leads to bugs that are difficult to
investigate.

To achieve this, the 'pagehide' event firing logic was moved out of the
CachedFrame constructor. It now happens earlier in
PageCache::addIfCacheable() after checking if the page is cacheable and
before constructing the CachedPage / CachedFrames. After firing the
'pagehide' event in PageCache::addIfCacheable(), we check again that
the page is still cacheable and we abort early if it is not.

* history/CachedFrame.cpp:
(WebCore::CachedFrame::CachedFrame):
* history/PageCache.cpp:
(WebCore::setInPageCache):
(WebCore::firePageHideEventRecursively):
(WebCore::PageCache::addIfCacheable):
* history/PageCache.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195605 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove a useless #include
benjamin@webkit.org [Tue, 26 Jan 2016 19:33:38 +0000 (19:33 +0000)]
Remove a useless #include
https://bugs.webkit.org/show_bug.cgi?id=153474

Reviewed by Alexey Proskuryakov.

* b3/B3ReduceStrength.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195604 268f45cc-cd09-0410-ab3c-d52691b4dbfc