WebKit-https.git
3 years agoMinor refactoring. Rename Controller._estimator to Controller._frameLengthEstimator
jonlee@apple.com [Tue, 9 Feb 2016 03:30:49 +0000 (03:30 +0000)]
Minor refactoring. Rename Controller._estimator to Controller._frameLengthEstimator
and switch the parameters for start(), update(), and tune(), so that the timestamp
is first and stage is second.

* Animometer/tests/resources/main.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove ResultsTable functionality not needed for release tests out.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:47 +0000 (03:30 +0000)]
Move ResultsTable functionality not needed for release tests out.
Move reporting of score and mean to selection of the time-based graph.

* Animometer/developer.html: Rename graph-options to time-graph-options.
* Animometer/resources/debug-runner/animometer.js:
(DeveloperResultsTable): Moved from runner/animometer.js. Switch from mean
values to "average" objects which can hold stdev. Move graph button and
calculation of noisy measurements here. Sophisticated header processing
is not needed in release suite.
(populateTable): Use DeveloperResultsTable.
* Animometer/resources/debug-runner/graph.js: Pull time graph creation to
its own function, and add a new onGraphTypeChanged handler in preparation
of a complexity graph to be added later.
* Animometer/resources/runner/animometer.js:
(ResultsTable): Simplify to just handle test names and scores.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTests: reuse objects already made.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:44 +0000 (03:30 +0000)]
Tests: reuse objects already made.

Avoid thrash of object creation and removal by maintaining an index that
moves along the array as the adjust values change. If the tune value
requires more objects than the maximum size of the object array, then create
new objects. This means that the object array size never decreases.

* Animometer/tests/master/resources/canvas-stage.js: Maintain a separate
offsetIndex. For these tests, we want to avoid drawing the oldest objects,
so the scene will draw the object at offsetIndex to the end of the array.
(tune): Reverse the logic since "removal" of objects is much simpler and
involves simply changing the offsetIndex.
(animate): Update the for loop to draw from offsetIndex to the end.
(complexity): Update the definition.
* Animometer/tests/master/resources/canvas-tests.js: Maintain a separate
offsetIndex. For these tests, we want to avoid drawing the newest objects,
so the scene will draw the object at index 0 to the object at offsetIndex.
(SimpleCanvasStage.animate): Fly-by removal of local stage variable,
which is unneeded. Update the for loop to draw from offsetIndex to the end.
* Animometer/tests/simple/resources/simple-canvas-paths.js:
(SimpleCanvasStage.animate): Update the for loop to draw from 0 to
offsetIndex.
* Animometer/tests/simple/resources/simple-canvas.js:
(tune): Update logic. Here, offsetIndex represents the boundary of the last
index to render.
(animate): Update the for loop to draw from 0 to offsetIndex.
(complexity): Update the definition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTests: refactor and update styles.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:42 +0000 (03:30 +0000)]
Tests: refactor and update styles.

* Animometer/tests/resources/main.js: Add helper methods that return
a color that hue rotates based on the date, and a counter value that
increases based on the date. Fix randomInt() to not bias against the min and
max values.

* Animometer/tests/master/resources/canvas-tests.js: Use new helper methods.
* Animometer/tests/master/resources/dom-particles.js: Ditto.
* Animometer/tests/master/resources/particles.js: Ditto.
* Animometer/tests/simple/resources/simple-canvas-paths.js: Refactor to
use a rotating color instead of a random color. The fast switching of color
is too vivid to watch.

* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
(BouncingSvgParticlesStage.call.createGradient): Fix the gradient so
that the last stop is located at the end.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefactor tune() to not return the complexity of the scene.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:38 +0000 (03:30 +0000)]
Refactor tune() to not return the complexity of the scene.

We have stage.complexity() now, so returning the complexity through tune
is unnecessary.

* Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
* Animometer/tests/master/resources/canvas-stage.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/misc/resources/canvas-electrons.js:
* Animometer/tests/misc/resources/canvas-stars.js:
* Animometer/tests/resources/main.js:
* Animometer/tests/simple/resources/simple-canvas.js:
* Animometer/tests/simple/resources/tiled-canvas-image.js:
* Animometer/tests/template/resources/template-canvas.js:
* Animometer/tests/template/resources/template-css.js:
* Animometer/tests/template/resources/template-svg.js:
* Animometer/tests/text/resources/layering-text.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake the fixed controller a step controller instead. Halfway through the test
jonlee@apple.com [Tue, 9 Feb 2016 03:30:32 +0000 (03:30 +0000)]
Make the fixed controller a step controller instead. Halfway through the test
it will bump up the complexity 4-fold. Calculate the step timestamp using options
instead of a separate parameter to the Controller constructor.

* Animometer/developer.html: Change value to "step"
* Animometer/resources/debug-runner/animometer.js:
(window.suitesManager.updateEditsElementsState): Show number inputs when set to "step".
* Animometer/tests/resources/main.js:
(update): Provide a hook for subclasses to tune.
(StepController): Maintain a flag determining whether we've stepped, and the time
we should step.
(Benchmark): Use the new StepController.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdjust the FPS graph scale.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:29 +0000 (03:30 +0000)]
Adjust the FPS graph scale.

Instead of making the FPS graph linearly scale, scale it based on the frame length,
but show the data in terms of FPS. Because it is inversely proportional, and most
of the data never gets below 20, concentrate the axis from 20-60 FPS, since otherwise
over half of the available graph space ends up blank.

This means we should convert all of the FPS data to frame length data.

* Animometer/resources/debug-runner/graph.js: Update the domain to be based on
frame length in milliseconds instead of FPS. Update the cursor to consider all of the
values being shown, and then pick the min and max values to represent the length of the
cursor.
* Animometer/resources/runner/animometer.js:
* Animometer/resources/strings.js:
* Animometer/tests/resources/main.js:
(processSamples): Add the ability to only sample a range of the data instead of everything
after an offset index. Update sampler to record the frame lengths instead of the frame
rate.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd option to use different methods for retrieving a timestamp.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:26 +0000 (03:30 +0000)]
Add option to use different methods for retrieving a timestamp.

* Animometer/developer.html: Add performance.now and Date.now options.
* Animometer/resources/runner/animometer.js: Default to performance.now.
(window.benchmarkController.startBenchmark):
* Animometer/tests/resources/main.js: Tie the desired method to _getTimestamp.
(run): Use _getTimestamp.
(_animateLoop): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAllow adding any number of markers to the graph. The markers can be labeled
jonlee@apple.com [Tue, 9 Feb 2016 03:30:23 +0000 (03:30 +0000)]
Allow adding any number of markers to the graph. The markers can be labeled
and contain timestamp and sample index data. Make it a part of the controller
rather than keeping it in the sampler.

* Animometer/resources/debug-runner/animometer.css: Add styles for markers
* Animometer/resources/debug-runner/graph.js: Create the markers and add
text labels.
* Animometer/resources/runner/animometer.js: Assume the samplingTimeOffset
is just one of the marks provided.
* Animometer/resources/strings.js: Add Strings.json.marks.
* Animometer/tests/resources/main.js:
(Controller): Keep marks here. They are keyed by the marker name, so no two
markers should have the same name.
(recordFirstSample): Refactor to use mark.
(mark): Allows for arbitrary data if needed later. The timestamp maintained
is relative to the absolute start timestamp.
(containsMark): Checks whether a mark with a specific comment exists.
(processSamples): Removes the _startTimestamp offset from the marks before
setting it in results.
* Animometer/tests/resources/sampler.js: Remove marks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of options member variable in Benchmark.
jonlee@apple.com [Tue, 9 Feb 2016 03:30:18 +0000 (03:30 +0000)]
Get rid of options member variable in Benchmark.

Options are only needed when initializing the stage or benchmark, so there's no
need to also keep a reference to it.

* Animometer/tests/resources/main.js: Get rid of options variable in Benchmark.
Pass options to Controllers and Stages.
(Controller.Utilities.createClass):
(Benchmark.Utilities.createClass):
(get options): Deleted.

* Animometer/tests/bouncing-particles/resources/bouncing-canvas-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-canvas-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-canvas-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-css-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
* Animometer/tests/master/resources/canvas-stage.js:
* Animometer/tests/master/resources/canvas-tests.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/misc/resources/canvas-electrons.js:
* Animometer/tests/misc/resources/canvas-stars.js:
* Animometer/tests/misc/resources/compositing-transforms.js:
* Animometer/tests/simple/resources/simple-canvas-paths.js:
* Animometer/tests/simple/resources/tiled-canvas-image.js:
* Animometer/tests/template/resources/template-canvas.js:
* Animometer/tests/template/resources/template-css.js:
* Animometer/tests/template/resources/template-svg.js:
* Animometer/tests/text/resources/layering-text.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate how the benchmark is run
jonlee@apple.com [Tue, 9 Feb 2016 03:25:39 +0000 (03:25 +0000)]
Update how the benchmark is run
https://bugs.webkit.org/show_bug.cgi?id=153960

Provisionally reviewed by Said Abou-Hallawa.

Introduce the notion of a Controller. It is responsible for recording, updating,
and processing the statistics and complexity of the benchmark. This allows
plugging in different Controllers.

This strips most of the functionality from Animator and BenchmarkState, so fold
what's left into Benchmark. Now, Benchmarks only own a stage and a controller, but
are responsible for driving the animation loop.

Rewrite Animator._shouldRequestAnotherFrame into two different Controllers. One
maintains a fixed complexity, and the other adapts the complexity to meet a
fixed FPS.

Fix the Kalman estimator to be modeled on a scalar variable with no model.

* Animometer/tests/resources/main.js: Remove BenchmarkState and Animator, and
replace it with a Controller. Add a FixedController and refactor the previous controller
to an AdaptiveController.

(Controller): Controllers own the estimator and the sampler. When a new frame is
displayed, the animation loop calls update(). The estimator and sampler record
stats, then tune. Samplers can track multiple series of data. The basic controller
tracks timestamp, complexity, and estimated frame rate.
        The Kalman estimation is based on the frame length rather than the frame
rate. Because FPS is inverse proportional to frame length, in the case where the measured
frame length is very small, the FPS ends up being a wildly large number (in the order of
600-1000 "FPS"), and it pulls the estimator up drastically enough that it takes a while
for it to settle back down. Using frame length reduces the impact of these spikes.
        Converging the estimation takes enough time to avoid initializing it immediately
when the benchmark starts. Instead, the benchmark runs for a brief period of time (100ms)
before running it in earnest. Allow controllers an opportunity to set the complexity
before starting recording.
        When the benchmark is complete, the controller has an opportunity to process
the samples. The default implementation calculates the raw FPS based on the time
difference of the samples, and calculates the complexity score. This is moved from
Benchmark.processSamples.

(Controller): Initialize timestamps. These are at first relative to the start of the
benchmark, but are offset by the absolute start time during start(). By default maintain
3 data series, but subclasses can override.
(start): Calls recordFirstSample() for subclasses to override if needed.
(recordFirstSample): For basic controller, start sampling at the beginning.
(update): Update the frame length estimator and sample.
(shouldStop): Checks that the time is before _endTimestamp.
(results): Returns the processed samples.
(processSamples): Iterate through the sample data and collate them. Include scores.

(FixedComplexityController): Controller that tunes the stage to the desired complexity
prior to starting, and keeps it at that complexity.

(AdaptiveController): Have the estimator estimate the interval frame rate instead of the
raw frame rate.
        The previous version of this controller ignored the frame that came after the
adjustment. The raw FPS show that whatever noise the scene change adds is negligible
compared to the noise of the system overall. Stop ignoring that frame and include all
frames in the measurements.

(Benchmark): Remove dependency on animator, and instantiate a runner based on what is
selected. Most of the loop's functionality is in Controller, so remove here.
(Benchmark.run): Remove start() since it is only called from run(), and fold it in here.
(Benchmark._animateLoop): Fold in from Animator.animateLoop. Let the benchmark run for
a brief period before calling Controller.start().

* Animometer/tests/resources/math.js: Fix the Kalman estimator. The filter estimates
a scalar variable, and makes basic assumptions regarding the model. As a result
none of the linear algebra classes are needed, so remove Matrix, Vector3, and Matrix3.
(SimpleKalmanEstimator): Calculate the gain based on the provided process and
measurement errors.
(KalmanEstimator): Deleted.
(IdentityEstimator): Deleted.
(PIDController): Refactor to use the Utilities.createClass() helper.

The Kalman filter algorithm is explained here http://greg.czerniak.info/guides/kalman1/.
The state, represented by a scalar, is the estimated frame length. There is no user
transition of the state, and the state is the same as the measurement. With this model,
the estimation error converges, so calculate the gain ahead of time.

* Animometer/developer.html: Remove fixed-after-warmup since it is not useful.
Replace the option to toggle the estimator, and make it possible to customize the
estimator's error parameters. Show raw FPS by default, and remove interval FPS,
which will be shown instead of the filtered raw FPS.
* Animometer/resources/debug-runner/animometer.css: Put the header behind the graph.
Remove #intervalFPS rules; move the color to #filteredFPS.
* Animometer/resources/debug-runner/graph.js:
(updateGraphData): Update the hr style to force the layout to be calculated
correctly. Change the tick format to be in terms of seconds, since the timestamps
are in milliseconds. Remove interval data.
* Animometer/resources/runner/animometer.js:
(window.benchmarkController.startBenchmark): Set Kalman parameters.
* Animometer/resources/runner/benchmark-runner.js:
(_runBenchmarkAndRecordResults): When a benchmark completes, expect it to return
the final data, rather than passing a sampler from the controller. This avoids
needing to expose the sampler variable in the benchmark.
* Animometer/tests/resources/sampler.js:
(process): Move the setting of the target frame rate to AdaptiveController.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
n_wang@apple.com [Tue, 9 Feb 2016 03:04:20 +0000 (03:04 +0000)]
AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
https://bugs.webkit.org/show_bug.cgi?id=154018

Reviewed by Chris Fleizach.

Source/WebCore:

Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
object.

Test: accessibility/text-marker/text-marker-range-stale-node-crash.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionForTextMarkerData):
(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):
* accessibility/AXObjectCache.h:
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
(characterOffsetForTextMarker):
(-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
(textMarkerForVisiblePosition):

LayoutTests:

* accessibility/text-marker/text-marker-range-stale-node-crash-expected.txt: Added.
* accessibility/text-marker/text-marker-range-stale-node-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Throw away some unlinked code when navigating to a new page.
akling@apple.com [Tue, 9 Feb 2016 02:22:27 +0000 (02:22 +0000)]
[iOS] Throw away some unlinked code when navigating to a new page.
<https://webkit.org/b/154014>

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

* runtime/VM.cpp:
(JSC::VM::deleteAllCodeExceptCaches):
(JSC::VM::deleteAllLinkedCode): Deleted.
* runtime/VM.h:

Source/WebCore:

Extended the mechanism introduced earlier to also throw away unlinked code
that's only relevant to the page that we're navigating away from.

The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
like, deleting unlinked and linked code but leaving code caches alone.

This means that if the page we're navigating to wants to parse some of the
same JS that the page we're leaving had on it, it might still be found in the
JSC::CodeCache.

Doing a back navigation to a PageCache'd page may now incur some reparsing,
just like leaving the app or tab would.

* bindings/js/GCController.cpp:
(WebCore::GCController::deleteAllCodeExceptCaches):
(WebCore::GCController::deleteAllLinkedCode): Deleted.
* bindings/js/GCController.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196286 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Search doesn't seem to find text that is present in multiple places
commit-queue@webkit.org [Tue, 9 Feb 2016 01:55:48 +0000 (01:55 +0000)]
Web Inspector: Search doesn't seem to find text that is present in multiple places
https://bugs.webkit.org/show_bug.cgi?id=154016
<rdar://problem/23391307>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.get searchableScripts):
* UserInterface/Views/SearchSidebarPanel.js:
(WebInspector.SearchSidebarPanel.prototype.performSearch):
Only search scripts with a URL. Don't search the potentially
large number of anonymous scripts.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Zooming in on the timeline graph does not increase its time resolution...
commit-queue@webkit.org [Tue, 9 Feb 2016 01:50:08 +0000 (01:50 +0000)]
Web Inspector: Zooming in on the timeline graph does not increase its time resolution from minutes
https://bugs.webkit.org/show_bug.cgi?id=154013
<rdar://problem/23844527>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

Source/WebInspectorUI:

* UserInterface/Base/Utilities.js:
(Number.secondsToString):
Simplify logic and ensure that when under high resolution we
don't go above seconds for our units.

(Number.bytesToString):
Simplify logic.

* UserInterface/Views/LinearTimelineOverview.js:
(WebInspector.LinearTimelineOverview):
Reduce the rather large maximum seconds per pixel from 60 seconds
per pixel to 2 seconds per pixel. This means when the user zooms
out of a timeline they don't see such large time values.

LayoutTests:

* inspector/unit-tests/number-utilities-expected.txt: Added.
* inspector/unit-tests/number-utilities.html: Added.
Basic tests for our Number utilities methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP connect-src directive should block redirects
dbates@webkit.org [Tue, 9 Feb 2016 01:26:56 +0000 (01:26 +0000)]
CSP connect-src directive should block redirects
https://bugs.webkit.org/show_bug.cgi?id=69359
<rdar://problem/24383025>

Reviewed by Brent Fulgham.

Source/WebCore:

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?revision=150246&view=revision>

Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
<https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).

Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
then we do not try to load URLs j >= i.

Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
       http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
       http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
       http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
       http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
       http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
       http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html

* fileapi/FileReaderLoader.cpp:
(WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
* inspector/InspectorNetworkAgent.cpp:
(WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
with the Web Inspector.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
and pass it through to DocumentThreadableLoader::create().
(WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
to DocumentThreadableLoader::DocumentThreadableLoader().
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
that is not allowed by the CSP. The caller should not create a loader for such a request.
(WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
then notify the client that the redirect check failed.
(WebCore::DocumentThreadableLoader::loadRequest): Ditto.
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
by the enforced CSP directive.
(WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
* loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
* loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
(WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
* loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
to the DocumentThreadableLoader.
* loader/WorkerThreadableLoader.h:
* page/EventSource.cpp:
(WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
* workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
instead of querying for it directly.
* workers/AbstractWorker.h:
* workers/Worker.cpp:
(WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
of the worker's script URL.
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
(WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
* workers/WorkerScriptLoader.h:
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
an isolated world.

LayoutTests:

Add more tests, update erroneous expected results, and remove some entries from TestExpectations for tests
that now pass.

* TestExpectations: Remove entries for tests that now pass. The failure of test http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html
was erroneously attributed to <https://bugs.webkit.org/show_bug.cgi?id=153562>.
* http/tests/security/contentSecurityPolicy/resources/determine-content-security-policy-header.php: Added.
* http/tests/security/contentSecurityPolicy/resources/script-set-value.js: Use global variable self instead of window so as to
make this script work both from a Document and a Web Worker. In a document, self refers to the Window object and in a worker
it refers to the WorkerGlobalScope object.
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.php: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt: Remove Blink-specific messages so that the test passes.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked-expected.txt: Substitute Blink-specific error text with the analogous WebKit error text.
* http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html: Ditto.
* http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScripts-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScript-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html: Added.
* http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTry to fix Yosemite build.
antti@apple.com [Tue, 9 Feb 2016 01:25:35 +0000 (01:25 +0000)]
Try to fix Yosemite build.

* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196282 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
antti@apple.com [Tue, 9 Feb 2016 01:15:52 +0000 (01:15 +0000)]
Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
https://bugs.webkit.org/show_bug.cgi?id=154003

Reviewed by Darin Adler.

Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
It can also return nodes other than Element and Text which should not be part of the composed tree.

This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
ComposedTreeIterator is then implemented using this new iterator.

When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
local iterator becomes active.

* WebCore.xcodeproj/project.pbxproj:
* dom/ComposedTreeIterator.cpp:
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::pushContext):
(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::ComposedTreeIterator::traverseNextLeavingContext):
(WebCore::ComposedTreeIterator::advanceInSlot):
(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
(WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
(WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
(WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::operator*):
(WebCore::ComposedTreeIterator::operator->):
(WebCore::ComposedTreeIterator::operator==):
(WebCore::ComposedTreeIterator::operator!=):
(WebCore::ComposedTreeIterator::operator++):
(WebCore::ComposedTreeIterator::Context::Context):
(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::ComposedTreeIterator):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
(WebCore::ComposedTreeIterator::traverseNextSibling):
(WebCore::ComposedTreeIterator::traversePreviousSibling):
(WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
(WebCore::ComposedTreeDescendantAdapter::begin):
(WebCore::ComposedTreeDescendantAdapter::end):
(WebCore::ComposedTreeDescendantAdapter::at):
(WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
(WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
(WebCore::ComposedTreeChildAdapter::begin):
(WebCore::ComposedTreeChildAdapter::end):
(WebCore::ComposedTreeChildAdapter::at):
(WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
(WebCore::ComposedTreeIterator::traverseParent): Deleted.
* dom/ElementAndTextDescendantIterator.h: Added.

    New iterator type that traverses Element and Text nodes (that is renderable nodes only).
    It also tracks depth for future use.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoB3::foldPathConstants() needs to execute its insertion set
fpizlo@apple.com [Tue, 9 Feb 2016 01:06:23 +0000 (01:06 +0000)]
B3::foldPathConstants() needs to execute its insertion set
https://bugs.webkit.org/show_bug.cgi?id=154020

Reviewed by Saam Barati.

* b3/B3FoldPathConstants.cpp:
* b3/testb3.cpp:
(JSC::B3::testFoldPathEqual): Added this. It used to crash in validation.
(JSC::B3::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Introduce @isObject bytecode intrinsic and use it instead of JS implemented one
utatane.tea@gmail.com [Mon, 8 Feb 2016 23:14:47 +0000 (23:14 +0000)]
[JSC] Introduce @isObject bytecode intrinsic and use it instead of JS implemented one
https://bugs.webkit.org/show_bug.cgi?id=153976

Reviewed by Darin Adler.

Use bytecode op_is_object directly.

* builtins/GlobalObject.js:
(isObject): Deleted.
* bytecode/BytecodeIntrinsicRegistry.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_toString):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_isObject):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Extract a few common unicode characters into global variables
commit-queue@webkit.org [Mon, 8 Feb 2016 23:13:11 +0000 (23:13 +0000)]
Web Inspector: Extract a few common unicode characters into global variables
https://bugs.webkit.org/show_bug.cgi?id=154008

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Timothy Hatcher.

* UserInterface/Base/Utilities.js:
Create global variables for `emDash` and `ellipsis` to use all over the tools.

* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._formatParameterAsTable): Deleted.
* UserInterface/Views/DefaultDashboardView.js:
(WebInspector.DefaultDashboardView.prototype._updateDisplay):
* UserInterface/Views/HierarchicalPathComponent.js:
(WebInspector.HierarchicalPathComponent.prototype._updateElementTitleAndText):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement.createOption):
(WebInspector.HierarchicalPathComponent.prototype._updateSelectElement):
* UserInterface/Views/HierarchicalPathNavigationItem.js:
(WebInspector.HierarchicalPathNavigationItem.prototype.updateLayout):
* UserInterface/Views/LayerTreeDataGridNode.js:
(WebInspector.LayerTreeDataGridNode.prototype.set layer):
* UserInterface/Views/LayoutTimelineDataGridNode.js:
(WebInspector.LayoutTimelineDataGridNode.prototype.createCellContent):
(WebInspector.LayoutTimelineDataGridNode):
* UserInterface/Views/MemoryCategoryView.js:
(WebInspector.MemoryCategoryView.prototype._updateDetails): Deleted.
(WebInspector.MemoryCategoryView): Deleted.
* UserInterface/Views/MemoryTimelineView.js:
(WebInspector.MemoryTimelineView.prototype._clearUsageLegend):
(WebInspector.MemoryTimelineView.prototype._updateUsageLegend):
(WebInspector.MemoryTimelineView.prototype._clearMaxComparisonLegend):
(WebInspector.MemoryTimelineView.prototype._updateMaxComparisonLegend):
* UserInterface/Views/MultipleScopeBarItem.js:
(WebInspector.MultipleScopeBarItem.set scopeBarItems.createOption):
(WebInspector.MultipleScopeBarItem.prototype.set scopeBarItems):
* UserInterface/Views/ObjectPreviewView.js:
(WebInspector.ObjectPreviewView.prototype._appendEntryPreviews):
(WebInspector.ObjectPreviewView.prototype._appendPropertyPreviews):
* UserInterface/Views/ProfileNodeDataGridNode.js:
(WebInspector.ProfileNodeDataGridNode.prototype.createCellContent):
(WebInspector.ProfileNodeDataGridNode):
* UserInterface/Views/RenderingFrameTimelineDataGridNode.js:
(WebInspector.RenderingFrameTimelineDataGridNode.prototype.createCellContent):
(WebInspector.RenderingFrameTimelineDataGridNode):
* UserInterface/Views/ResourceDetailsSidebarPanel.js:
(WebInspector.ResourceDetailsSidebarPanel.prototype._refreshRequestAndResponse): Deleted.
(WebInspector.ResourceDetailsSidebarPanel.prototype._valueForSize): Deleted.
* UserInterface/Views/ResourceTimelineDataGridNode.js:
(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):
* UserInterface/Views/ScriptTimelineDataGridNode.js:
(WebInspector.ScriptTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ScriptTimelineDataGridNode):
* UserInterface/Views/SearchResultTreeElement.js:
(WebInspector.SearchResultTreeElement.truncateAndHighlightTitle):
* UserInterface/Views/TimelineDataGridNode.js:
(WebInspector.TimelineDataGridNode.prototype.createCellContent):
* UserInterface/Views/TypeTreeElement.js:
(WebInspector.TypeTreeElement.prototype.onpopulate):
* UserInterface/Views/TypeTreeView.js:
(WebInspector.TypeTreeView.prototype._populate):
(WebInspector.TypeTreeView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago{Map,Set}.prototype.forEach should be visible as own properties
utatane.tea@gmail.com [Mon, 8 Feb 2016 23:12:11 +0000 (23:12 +0000)]
{Map,Set}.prototype.forEach should be visible as own properties
https://bugs.webkit.org/show_bug.cgi?id=153974

Reviewed by Darin Adler.

Source/JavaScriptCore:

Now, Map and Set uses builtin tables. We should inlude it in class info.

* runtime/MapPrototype.cpp:
* runtime/SetPrototype.cpp:

LayoutTests:

* js/Object-getOwnPropertyNames-expected.txt:
* js/script-tests/Object-getOwnPropertyNames.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBaseline JIT should not require its input to be constant-propagated
fpizlo@apple.com [Mon, 8 Feb 2016 23:00:23 +0000 (23:00 +0000)]
Baseline JIT should not require its input to be constant-propagated
https://bugs.webkit.org/show_bug.cgi?id=154011
rdar://problem/24290933

Reviewed by Mark Lam.

* jit/JITArithmetic.cpp:
(JSC::JIT::emitBitBinaryOpFastPath):
(JSC::JIT::emitRightShiftFastPath):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCodeCache should give up on evals if there are variables under TDZ
fpizlo@apple.com [Mon, 8 Feb 2016 22:31:52 +0000 (22:31 +0000)]
CodeCache should give up on evals if there are variables under TDZ
https://bugs.webkit.org/show_bug.cgi?id=154002
rdar://problem/24300998

Reviewed by Mark Lam.

Disable the code cache optimization because our approach to TDZ for scoped variables - using
a separate check_tdz opcode when logically it's the get_from_scope's job to do it - makes
caching code impossible if there are any variables in TDZ.

We should do the right thing in the future, and fold the TDZ check into the get_from_scope.
This is better not only because it will restore caching, but because our bytecode for heap
accesses is usually at the highest practically doable level of abstraction, so that ICs,
compilers and caches can see the intended meaning of the bytecode more easily.

This doesn't appear to slow anything down, but that's just because we don't have enough ES6
benchmarks. I've filed: https://bugs.webkit.org/show_bug.cgi?id=154010

* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196272 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: ⇧⌘→ when editing text in the Elements tree shouldn't switch inspector tab
commit-queue@webkit.org [Mon, 8 Feb 2016 22:07:49 +0000 (22:07 +0000)]
Web Inspector: ⇧⌘→ when editing text in the Elements tree shouldn't switch inspector tab
https://bugs.webkit.org/show_bug.cgi?id=154006
<rdar://problem/22892489>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Timothy Hatcher.

* UserInterface/Views/EditingSupport.js:
(WebInspector.isEventTargetAnEditableField):
Check the WebInspector's custom __editing state.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196271 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
commit-queue@webkit.org [Mon, 8 Feb 2016 21:50:27 +0000 (21:50 +0000)]
Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
https://bugs.webkit.org/show_bug.cgi?id=148605

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-08
Reviewed by Brian Burg.

Source/WebCore:

Test: inspector/console/command-line-api-copy.html

* inspector/CommandLineAPIModuleSource.js:
(CommandLineAPIImpl.prototype.copy):
Support copying different types. This is meant to be more
convenient then just JSON.stringify, so it handles types
like Node, Symbol, RegExp, and Function a bit better.

LayoutTests:

* inspector/console/command-line-api-copy-expected.txt: Added.
* inspector/console/command-line-api-copy.html: Added.
* http/tests/inspector/console/cross-domain-inspected-node-access-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark fast/text/crash-complex-text-surrogate.html as flaky on mac-wk2
ryanhaddad@apple.com [Mon, 8 Feb 2016 21:47:32 +0000 (21:47 +0000)]
Mark fast/text/crash-complex-text-surrogate.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=154005

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r181345): SVG polyline and polygon leak page
commit-queue@webkit.org [Mon, 8 Feb 2016 20:54:05 +0000 (20:54 +0000)]
REGRESSION(r181345): SVG polyline and polygon leak page
https://bugs.webkit.org/show_bug.cgi?id=152759

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Source/WebCore:

The leak happens because of cyclic reference between SVGListPropertyTearOff
and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
There is also cyclic reference between SVGAnimatedProperty and SVGElement
and this causes the whole document to be leaked. So if the JS requests, for
example, an instance of SVGPolylineElement.points, the whole document will be
leaked.

The fix depends on having the cyclic reference as is since the owning and the
owned classes have to live together if any of them is referenced. But the owning
class caches a raw 'ref-counted' pointer of the owned class. If it is requested
for an instance of the owned class it returned a RefPtr<> of it. Once the owned
class is not used, it can delete itself. The only thing needed here is to notify
the owner class of the deletion so it cleans its caches and be able to create a
new pointer if it is requested for an instance of the owned class later.

Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
to break the cyclic reference between SVGElement and SVGAnimatedProperty.

Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
animVal() to break cyclic reference between SVGListPropertyTearOff and
SVGAnimatedListPropertyTearOff.

Test: svg/animations/smil-leak-list-property-instances.svg

* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue): The SVG non-string list tear-off properties became of
type RefPtr<>. So we need to use get() with the casting expressions.

* svg/SVGMarkerElement.cpp:
(WebCore::SVGMarkerElement::orientType):
Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::pathByteStream):
(WebCore::SVGPathElement::lookupOrCreateDWrapper):
Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPathElement::pathSegList):
(WebCore::SVGPathElement::normalizedPathSegList):
(WebCore::SVGPathElement::animatedPathSegList):
(WebCore::SVGPathElement::animatedNormalizedPathSegList):
* svg/SVGPathElement.h:
Change the return value from raw pointer to RefPtr<>.

* svg/SVGPathSegWithContext.h:
(WebCore::SVGPathSegWithContext::animatedProperty):
Change the return type to be RefPtr<> to preserve the value from being deleted.

* svg/SVGPolyElement.cpp:
(WebCore::SVGPolyElement::parseAttribute):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGPolyElement::points):
(WebCore::SVGPolyElement::animatedPoints):
* svg/SVGPolyElement.h:
Change the return value from raw pointer to RefPtr<>.

* svg/SVGViewSpec.cpp:
(WebCore::SVGViewSpec::setTransformString):
Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to
use get() for the casting expressions.

(WebCore::SVGViewSpec::transform):
* svg/SVGViewSpec.h:
Change the return value from raw pointer to RefPtr<>.

* svg/properties/SVGAnimatedListPropertyTearOff.h:
(WebCore::SVGAnimatedListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedListPropertyTearOff::animVal):
Change the return value from raw pointer to RefPtr<> and change the cached
value from RefPtr<> to raw pointer. If the property is null, it will be
created, its raw pointer will be cached and the only ref-counted RefPtr<>
will be returned. This will guarantee, the RefPtr<> will be deleted once
it is not used anymore.

(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
actual pointer. This function will be called from the destructor of
SVGListPropertyTearOff.

(WebCore::SVGAnimatedListPropertyTearOff::findItem):
(WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
We have to ensure the baseVal() is created before using it.

(WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
to the animVal(). This will prevent deleting m_animVal while animation.

* svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
(WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

(WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
(WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
Same as what is done in SVGAnimatedListPropertyTearOff.

* svg/properties/SVGAnimatedProperty.h:
(WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
Change the return value from raw reference to Ref<> and change the
cached value from Ref<> to raw pointer. This reverts the change of
r181345 in this function.

(WebCore::SVGAnimatedProperty::lookupWrapper):
Change the return value from raw pointer to RefPtr<>.

* svg/properties/SVGAnimatedPropertyMacros.h:
Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

* svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
(WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
(WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
Same as what is done in SVGAnimatedListPropertyTearOff.

* svg/properties/SVGListPropertyTearOff.h:
(WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
its raw pointers when the RefPtr<> deletes itself.

LayoutTests:

* TestExpectations: Remove flaky tests from test expectation.

* svg/animations/smil-leak-list-property-instances-expected.txt: Added.
* svg/animations/smil-leak-list-property-instances.svg: Added.
Ensure if SVGPolylineElement.points is requested from JS, the document will
not leak.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrash when trying to chain to the old -[NSView setNeedsDisplayInRect:]
andersca@apple.com [Mon, 8 Feb 2016 20:53:21 +0000 (20:53 +0000)]
Crash when trying to chain to the old -[NSView setNeedsDisplayInRect:]
https://bugs.webkit.org/show_bug.cgi?id=154001
rdar://problem/24519975

Reviewed by Dan Bernstein.

If our replaced -[NSView setNeedsDisplayInRect:] is called before the old IMP has been initialized,
we can end up trying to call a null pointer.

Fix this by using method_exchangeImplementations instead of method_setImplementation, since the former is done
atomically.

* WebView/WebHTMLView.mm:
(-[NSView _web_setNeedsDisplayInRect:]):
(+[WebHTMLViewPrivate initialize]):
(setNeedsDisplayInRect): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Long values for comma separated CSS properties overflow the Visual...
commit-queue@webkit.org [Mon, 8 Feb 2016 19:49:52 +0000 (19:49 +0000)]
Web Inspector: Long values for comma separated CSS properties overflow the Visual sidebar area
https://bugs.webkit.org/show_bug.cgi?id=153890
<rdar://problem/24510216>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-08
Reviewed by Timothy Hatcher.

For especially long values in comma-separated CSS properties (such as
background-image), the text will not be clipped as expected due to the
way in which the width is calculated for the element (the value, inside
the title element, is the only child with a specified width other than
100%). This overflowing causes the width of the section containing that
property to expand, pushing content outside of the inspector window. To
remedy this, a specified width is set on the relevant properties based
on the width of the sidebar to ensure proper text clipping.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item.visual-style-font-family-list-item > .visual-style-comma-separated-keyword-item-editor):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list): Deleted.
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item): Deleted.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth):
Calculates the necessary subtractions from the given width value based on
the margins and size of sibling elements.

* UserInterface/Views/VisualStyleDetailsPanel.js:
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateFontSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBackgroundStyleSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateBoxShadowSection):
(WebInspector.VisualStyleDetailsPanel.prototype._populateTransitionSection):
Added another list to each group which, if set, will pass the current
sidebar width to all contained property editors.

* UserInterface/Views/VisualStylePropertyEditor.js:
(WebInspector.VisualStylePropertyEditor.prototype.update):
Somewhat unrelated (r196146), but added another check to ensure that the
CSS property exists before checking to see if it has an invalid value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] WebKitWebView should send crossing events to the WebProcess
carlosgc@webkit.org [Mon, 8 Feb 2016 19:42:42 +0000 (19:42 +0000)]
[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

* Shared/gtk/WebEventFactory.cpp:
(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoInfinite loop when processing mouse events synchronously
carlosgc@webkit.org [Mon, 8 Feb 2016 19:41:09 +0000 (19:41 +0000)]
Infinite loop when processing mouse events synchronously
https://bugs.webkit.org/show_bug.cgi?id=153995

Reviewed by Darin Adler.

This happened with WTR in the GTK+ port after landing patch in bug
#153740. The thing is that WTR forces events handling IPC messages
to be synchronous. When a drag and drop operation is in progress,
the web process ignores mouse move events and replies with
DidReceiveEvent signal. The DidReceiveEvent message handler in
WebPageProxy checks if we have a m_nextMouseMoveEvent and handles
it, but when all this happens synchronously the
m_nextMouseMoveEvent is the current one because we haven't
returned yet from handleMouseEvent(). We need to invalidate the
m_nextMouseMoveEvent before calling handleMouseEvent().

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didReceiveEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPiP and external playback are mutually exclusive.
commit-queue@webkit.org [Mon, 8 Feb 2016 19:33:50 +0000 (19:33 +0000)]
PiP and external playback are mutually exclusive.
https://bugs.webkit.org/show_bug.cgi?id=153988
rdar://problem/24108661

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to
turn-off external playback when entering picture-in-picture.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerController isPlayingOnExternalScreen]):
(+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIndexedDB: No test covers cursor.delete() setting the source of the request to the...
beidson@apple.com [Mon, 8 Feb 2016 19:31:48 +0000 (19:31 +0000)]
IndexedDB: No test covers cursor.delete() setting the source of the request to the cursor.
https://bugs.webkit.org/show_bug.cgi?id=153992

Reviewed by Jer Noble.

* storage/indexeddb/cursor-delete-expected.txt:
* storage/indexeddb/cursor-delete-private-expected.txt:
* storage/indexeddb/resources/cursor-delete.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196262 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Arrow function syntax. Using 'super' in arrow function that declared out of...
commit-queue@webkit.org [Mon, 8 Feb 2016 19:29:24 +0000 (19:29 +0000)]
[ES6] Arrow function syntax. Using 'super' in arrow function that declared out of the class should lead to Syntax error
https://bugs.webkit.org/show_bug.cgi?id=150893

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-08
Reviewed by Saam Barati.
Source/JavaScriptCore:

'super' and 'super()' inside of the arrow function should lead to syntax error if they are used
out of the class context or they wrapped by ordinary function. Now JSC returns ReferenceError but
should return SyntaxError according to the following specs:
http://www.ecma-international.org/ecma-262/6.0/#sec-function-definitions-static-semantics-early-errors
and http://www.ecma-international.org/ecma-262/6.0/#sec-arrow-function-definitions-runtime-semantics-evaluation
Curren patch implemented only one case when super/super() are used inside of the arrow function
Case when super/super() are used within the eval:
   class A {}
   class B extends A {
       costructor() { eval("super()");}
   }
is not part of this patch and will be implemented in this issue https://bugs.webkit.org/show_bug.cgi?id=153864.
The same for case when eval with super/super() is invoked in arrow function will be
implemented in issue https://bugs.webkit.org/show_bug.cgi?id=153977.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFunctionInfo):
* parser/Parser.h:
(JSC::Scope::Scope):
(JSC::Scope::setExpectedSuperBinding):
(JSC::Scope::expectedSuperBinding):
(JSC::Scope::setConstructorKind):
(JSC::Scope::constructorKind):
(JSC::Parser::closestParentNonArrowFunctionNonLexicalScope):
* tests/stress/arrowfunction-lexical-bind-supercall-4.js:
* tests/stress/arrowfunction-lexical-bind-superproperty.js:

LayoutTests:

Adding tests for using of the 'super' inside of the arrow function

* js/arrowfunction-superproperty-expected.txt:
* js/arrowfunction-syntax-errors-expected.txt:
* js/script-tests/arrowfunction-superproperty.js:
* js/script-tests/arrowfunction-syntax-errors.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove __weak from WKAirPlayRoutePicker.mm to fix build warning.
commit-queue@webkit.org [Mon, 8 Feb 2016 19:27:01 +0000 (19:27 +0000)]
Remove __weak from WKAirPlayRoutePicker.mm to fix build warning.
https://bugs.webkit.org/show_bug.cgi?id=153985
rdar://problem/24485348

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Darin Adler.

Remove __weak since it is only available when using ARC.

* UIProcess/ios/forms/WKAirPlayRoutePicker.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196260 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake sure that locking code that relies on module boundaries for compiler fences...
fpizlo@apple.com [Mon, 8 Feb 2016 18:58:12 +0000 (18:58 +0000)]
Make sure that locking code that relies on module boundaries for compiler fences uses NEVER_INLINE
https://bugs.webkit.org/show_bug.cgi?id=153972

Reviewed by Andreas Kling.

When this code was written, we assumed that module boundaries were compiler fences. That might
not be the case if we ever do LTO.

* wtf/Lock.cpp:
(WTF::LockBase::lockSlow):
(WTF::LockBase::unlockSlow):
* wtf/ParkingLot.cpp:
(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkAll):
(WTF::ParkingLot::forEach):
* wtf/WordLock.cpp:
(WTF::WordLock::lockSlow):
(WTF::WordLock::unlockSlow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196259 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoParser should detect error before calls to parseAssignmentExpression()
fpizlo@apple.com [Mon, 8 Feb 2016 18:52:57 +0000 (18:52 +0000)]
Parser should detect error before calls to parseAssignmentExpression()
https://bugs.webkit.org/show_bug.cgi?id=153975
rdar://problem/24291231

Reviewed by Saam Barati.

Fixes a very hard-to-create situation that an internal test picked up.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::parseAssignmentExpression):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Fix crash when creating webview with g_object_new
commit-queue@webkit.org [Mon, 8 Feb 2016 18:43:18 +0000 (18:43 +0000)]
[GTK] Fix crash when creating webview with g_object_new
https://bugs.webkit.org/show_bug.cgi?id=153989

Patch by Danilo Cesar Lemes de Paula <danilo.cesar@collabora.co.uk> on 2016-02-08
Reviewed by Carlos Garcia Campos.

g_object_new(WEBKIT_TYPE_WEB_VIEW, NULL) crashes webkit
as _WebKitWebViewBasePrivate constructor requires a mainloop, but
webkit is only initialized when a context is created (which
doesn't happen with a direct call to g_object_new).

* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkit_web_view_base_class_init):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196257 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196253.
commit-queue@webkit.org [Mon, 8 Feb 2016 18:28:39 +0000 (18:28 +0000)]
Unreviewed, rolling out r196253.
https://bugs.webkit.org/show_bug.cgi?id=153990

Caused several crashes in GTK+ bots (Requested by KaL on
#webkit).

Reverted changeset:

"[GTK] WebKitWebView should send crossing events to the
WebProcess"
https://bugs.webkit.org/show_bug.cgi?id=153740
http://trac.webkit.org/changeset/196253

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: WebInspector.Setting should have a "reset" method
mattbaker@apple.com [Mon, 8 Feb 2016 18:23:08 +0000 (18:23 +0000)]
Web Inspector: WebInspector.Setting should have a "reset" method
https://bugs.webkit.org/show_bug.cgi?id=153971
<rdar://problem/24544101>

Reviewed by Brian Burg.

Currently UI needing to restore a setting to its default must retain a copy
of the default value. This should be a basic operation of WebInspector.Setting.

* UserInterface/Base/Setting.js:
(WebInspector.Setting):
(WebInspector.Setting.prototype.reset):
Sets value to a copy of the default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebAVPlayerController should implement currentTimeWithinEndTimes.
commit-queue@webkit.org [Mon, 8 Feb 2016 17:06:34 +0000 (17:06 +0000)]
WebAVPlayerController should implement currentTimeWithinEndTimes.
https://bugs.webkit.org/show_bug.cgi?id=153983
rdar://problem/22864621

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
implementation becuase AVPlayer start and end times aren't used.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerController currentTimeWithinEndTimes]):
(-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
(+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] WebKitWebView should send crossing events to the WebProcess
carlosgc@webkit.org [Mon, 8 Feb 2016 16:59:39 +0000 (16:59 +0000)]
[GTK] WebKitWebView should send crossing events to the WebProcess
https://bugs.webkit.org/show_bug.cgi?id=153740

Reviewed by Michael Catanzaro.

Source/WebCore:

Update the target element under the mouse also when only updating
scrollbars, so that if the mouse enters the page when the window
is not active, the scroll animator is notified that the mouse
entered the scrollable area.

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMouseMoveEvent): Call
updateMouseEventTargetNode() before early returning in case of
only updating scrollbars.

Source/WebKit2:

We don't currently handle crossing events in the web view
(enter/leave). That's why if you hover a scrollbar and leave the
window, the scrollbar is still rendered as hovered.

* Shared/gtk/WebEventFactory.cpp:
(WebKit::buttonForEvent): Handle the case of GDK_ENTER_NOTIFY and
GDK_LEAVE_NOTIFY events.
(WebKit::WebEventFactory::createWebMouseEvent): Ditto.
* UIProcess/API/gtk/WebKitWebViewBase.cpp:
(webkitWebViewBaseRealize): Add GDK_ENTER_NOTIFY_MASK and
GDK_LEAVE_NOTIFY_MASK flags to the web view event mask.
(webkitWebViewBaseCrossingNotifyEvent): Handle enter/leave notify
events by generating a mouse move event, ensuring the double to
int conversion will not cause any problem.
(webkit_web_view_base_class_init): Add an implementation for
enter_notify_event and leave_notify_event.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebVideoFullscreenInterface should handle video resizing.
commit-queue@webkit.org [Mon, 8 Feb 2016 16:46:12 +0000 (16:46 +0000)]
WebVideoFullscreenInterface should handle video resizing.
https://bugs.webkit.org/show_bug.cgi?id=153982
rdar://problem/22031249

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-02-08
Reviewed by Eric Carlson.

Video fullscreen can be initiated before video dimension are available.
Protect against an initial width or height of zero and observe resize events
to update once video dimensions become available or change.

* platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
(WebVideoFullscreenModelVideoElement::updateForEventName):
(WebVideoFullscreenModelVideoElement::observedEventNames):
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer layoutSublayers]):
(-[WebAVPlayerLayer videoRect]):
(WebVideoFullscreenInterfaceAVKit::setVideoDimensions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVisiting a WeakBlock should report bytes visited, since we reported them allocated.
akling@apple.com [Mon, 8 Feb 2016 16:25:22 +0000 (16:25 +0000)]
Visiting a WeakBlock should report bytes visited, since we reported them allocated.
<https://webkit.org/b/153978>

Reviewed by Darin Adler.

When creating a WeakBlock, we tell Heap that we've allocated 1 KB (WeakBlock::blockSize)
of memory. Consequently, when visiting a WeakBlock, we should also report 1 KB of memory
visited. Otherwise Heap will think that those 1 KB already went away.

This was causing us to underestimate heap size, which affects collection scheduling.

* heap/SlotVisitor.h:
(JSC::SlotVisitor::reportMemoryVisited):
* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTimeouts in tests because of non implemented UIScriptController::singleTapAtPoint()
commit-queue@webkit.org [Mon, 8 Feb 2016 13:43:11 +0000 (13:43 +0000)]
Timeouts in tests because of non implemented UIScriptController::singleTapAtPoint()
https://bugs.webkit.org/show_bug.cgi?id=153833

Unreviewed.

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196250 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIndent inline box test fails due to assertion in VisibleSelection::selectionFromConte...
commit-queue@webkit.org [Mon, 8 Feb 2016 13:41:47 +0000 (13:41 +0000)]
Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
https://bugs.webkit.org/show_bug.cgi?id=153824

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-08
Reviewed by Michael Catanzaro.

* editing/markup.cpp:
(WebCore::highestAncestorToWrapMarkup):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196249 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove unused enum ScrollbarOverlayState.
weinig@apple.com [Mon, 8 Feb 2016 03:22:52 +0000 (03:22 +0000)]
Remove unused enum ScrollbarOverlayState.

Rubber-stamped by Dan Bernstein.

* platform/ScrollTypes.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196248 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove unnecessary respondsToSelector checks for methods that exist on all supported...
weinig@apple.com [Mon, 8 Feb 2016 03:20:17 +0000 (03:20 +0000)]
Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
https://bugs.webkit.org/show_bug.cgi?id=153970

Reviewed by Dan Bernstein.

-[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
-[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
are now available on all supported OS's. No need to check for them.

* platform/mac/ScrollAnimatorMac.mm:
(macScrollbarTheme):
(-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
(WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
(WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
(WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
(supportsUIStateTransitionProgress): Deleted.
(supportsExpansionTransitionProgress): Deleted.
(supportsContentAreaScrolledInDirection): Deleted.
* platform/mac/ScrollbarThemeMac.mm:
(+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
(+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
(WebCore::ScrollbarThemeMac::scrollbarThickness):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196247 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUse modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
weinig@apple.com [Mon, 8 Feb 2016 03:01:07 +0000 (03:01 +0000)]
Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
https://bugs.webkit.org/show_bug.cgi?id=153969

Reviewed by Dan Bernstein.

* WebCore.xcodeproj/project.pbxproj:
Add new file NSScrollerImpSPI.h

* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
Use new include of NSScrollerImpSPI.h.

* platform/ScrollbarThemeComposite.h:
Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.

* platform/mac/NSScrollerImpDetails.h:
Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h

* platform/mac/NSScrollerImpDetails.mm:
(WebCore::recommendedScrollerStyle):
Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].

* platform/mac/ScrollAnimatorMac.mm:
(supportsUIStateTransitionProgress):
(supportsExpansionTransitionProgress):
(supportsContentAreaScrolledInDirection):
Stop using NSClassFromString now that we can reference the classes explicitly.

(-[WebScrollbarPainterControllerDelegate invalidate]):
(-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
(-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
(-[WebScrollbarPainterDelegate layer]):
(-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
(-[WebScrollbarPainterDelegate convertRectToLayer:]):
(-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
(-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
(WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
(WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
(WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
(WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
(WebCore::ScrollAnimatorMac::updateScrollerStyle):
Add proper conforming to protocols and replace ids with proper types.

* platform/mac/ScrollbarThemeMac.mm:
(WebCore::supportsExpandedScrollbars):
(WebCore::ScrollbarThemeMac::registerScrollbar):
(WebCore::ScrollbarThemeMac::scrollbarThickness):
(WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
Stop using NSClassFromString now that we can reference the classes explicitly.

* platform/spi/mac/NSScrollerImpSPI.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK][EFL] Enable SamplingProfiler
utatane.tea@gmail.com [Mon, 8 Feb 2016 01:34:07 +0000 (01:34 +0000)]
[GTK][EFL] Enable SamplingProfiler
https://bugs.webkit.org/show_bug.cgi?id=153638

Reviewed by Michael Catanzaro.

.:

Enable SamplingProfiler in GTK and EFL.
And added option to CMake to switch this from the build command.

* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/WebKitFeatures.cmake:

Source/WTF:

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196245 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOutline does not clip when ancestor has overflow: hidden and requires layer.
zalan@apple.com [Mon, 8 Feb 2016 00:33:40 +0000 (00:33 +0000)]
Outline does not clip when ancestor has overflow: hidden and requires layer.
https://bugs.webkit.org/show_bug.cgi?id=153901

Now that outline is part of visual overflow, we no longer need the special outline cliprect.
PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc).

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/outline-with-overflow-hidden-ancestor.html

* rendering/LayerFragment.h:
(WebCore::LayerFragment::setRects):
(WebCore::LayerFragment::moveBy): Deleted.
(WebCore::LayerFragment::intersect): Deleted.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::collectFragments):
(WebCore::RenderLayer::paintOutlineForFragments):
(WebCore::RenderLayer::calculateClipRects):
(WebCore::RenderLayer::paintForegroundForFragments): Deleted.
* rendering/RenderLayer.h:
* rendering/RenderTreeAsText.cpp:
(WebCore::write):
(WebCore::writeLayers):

LayoutTests:

* compositing/geometry/limit-layer-bounds-overflow-repaint-expected.txt:
* compositing/masks/mask-of-clipped-layer-expected.txt:
* css2.1/20110323/abspos-non-replaced-width-margin-000-expected.txt:
* css2.1/20110323/abspos-replaced-width-margin-000-expected.txt:
* css3/blending/blend-mode-isolation-turn-off-self-painting-layer2-expected.txt:
* css3/blending/blend-mode-isolation-turn-on-self-painting-layer-expected.txt:
* fast/block/positioning/negative-rel-position-expected.txt:
* fast/dynamic/staticY-expected.txt:
* fast/inline/absolute-positioned-block-in-centred-block-expected.txt:
* fast/multicol/flipped-blocks-border-after-expected.txt:
* fast/multicol/pagination-h-horizontal-bt-expected.txt:
* fast/multicol/pagination-h-horizontal-tb-expected.txt:
* fast/multicol/pagination-h-vertical-rl-expected.txt:
* fast/multicol/pagination-v-horizontal-bt-expected.txt:
* fast/multicol/pagination-v-vertical-lr-expected.txt:
* fast/multicol/pagination-v-vertical-rl-expected.txt:
* fast/multicol/pagination/LeftToRight-tb-hittest-expected.txt:
* fast/multicol/pagination/RightToLeft-rl-hittest-expected.txt:
* fast/multicol/progression-reverse-expected.txt:
* fast/multicol/vertical-rl/rules-with-border-before-expected.txt:
* fast/overflow/overflow-update-transform-expected.txt:
* fast/overflow/position-relative-expected.txt:
* fast/repaint/focus-ring-expected.txt:
* fast/repaint/focus-ring-repaint.html:
* fast/repaint/outline-with-overflow-hidden-ancestor-expected.html: Added.
* fast/repaint/outline-with-overflow-hidden-ancestor.html: Added.
* fast/table/overflow-table-collapsed-borders-cell-painting-expected.txt:
* fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer-expected.txt:
* fast/table/overflow-table-collapsed-borders-section-layer-painting-expected.txt:
* fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer-expected.txt:
* fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting-expected.txt:
* fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer-expected.txt:
* platform/mac/compositing/geometry/clipping-foreground-expected.txt:
* platform/mac/compositing/geometry/root-layer-update-expected.txt:
* platform/mac/compositing/overflow/ancestor-overflow-expected.txt:
* platform/mac/compositing/overflow/nested-scrolling-expected.txt:
* platform/mac/compositing/overflow/overflow-scroll-expected.txt:
* platform/mac/compositing/overflow/parent-overflow-expected.txt:
* platform/mac/compositing/overflow/scrollbar-painting-expected.txt:
* platform/mac/compositing/reflections/nested-reflection-on-overflow-expected.txt:
* platform/mac/compositing/sibling-positioning-expected.txt:
* platform/mac/css3/blending/blend-mode-overflow-expected.txt:
* platform/mac/css3/unicode-bidi-isolate-basic-expected.txt:
* platform/mac/fast/block/float/overhanging-tall-block-expected.txt:
* platform/mac/fast/block/positioning/auto/vertical-rl/007-expected.txt:
* platform/mac/fast/block/positioning/vertical-rl/fixed-positioning-expected.txt:
* platform/mac/fast/borders/border-antialiasing-expected.txt:
* platform/mac/fast/clip/001-expected.txt:
* platform/mac/fast/clip/013-expected.txt:
* platform/mac/fast/clip/014-expected.txt:
* platform/mac/fast/clip/016-expected.txt:
* platform/mac/fast/clip/outline-overflowClip-expected.txt:
* platform/mac/fast/css/clip-zooming-expected.txt:
* platform/mac/fast/forms/validation-message-appearance-expected.txt:
* platform/mac/fast/inline/left-right-center-inline-alignment-in-ltr-and-rtl-blocks-expected.txt:
* platform/mac/fast/line-grid/line-grid-inside-columns-expected.txt:
* platform/mac/fast/line-grid/line-grid-into-columns-expected.txt:
* platform/mac/fast/lists/scrolled-marker-paint-expected.txt:
* platform/mac/fast/multicol/client-rects-expected.txt:
* platform/mac/fast/multicol/column-break-with-balancing-expected.txt:
* platform/mac/fast/multicol/column-rules-expected.txt:
* platform/mac/fast/multicol/column-rules-stacking-expected.txt:
* platform/mac/fast/multicol/columns-shorthand-parsing-expected.txt:
* platform/mac/fast/multicol/float-paginate-complex-expected.txt:
* platform/mac/fast/multicol/float-paginate-empty-lines-expected.txt:
* platform/mac/fast/multicol/float-paginate-expected.txt:
* platform/mac/fast/multicol/layers-in-multicol-expected.txt:
* platform/mac/fast/multicol/layers-split-across-columns-expected.txt:
* platform/mac/fast/multicol/max-height-columns-block-expected.txt:
* platform/mac/fast/multicol/nested-columns-expected.txt:
* platform/mac/fast/multicol/newmulticol/client-rects-expected.txt:
* platform/mac/fast/multicol/overflow-across-columns-expected.txt:
* platform/mac/fast/multicol/overflow-across-columns-percent-height-expected.txt:
* platform/mac/fast/multicol/overflow-unsplittable-expected.txt:
* platform/mac/fast/multicol/paginate-block-replaced-expected.txt:
* platform/mac/fast/multicol/pagination/BottomToTop-bt-expected.txt:
* platform/mac/fast/multicol/pagination/BottomToTop-lr-expected.txt:
* platform/mac/fast/multicol/pagination/BottomToTop-rl-expected.txt:
* platform/mac/fast/multicol/pagination/BottomToTop-tb-expected.txt:
* platform/mac/fast/multicol/pagination/LeftToRight-bt-expected.txt:
* platform/mac/fast/multicol/pagination/LeftToRight-rl-expected.txt:
* platform/mac/fast/multicol/pagination/LeftToRight-tb-expected.txt:
* platform/mac/fast/multicol/pagination/RightToLeft-bt-expected.txt:
* platform/mac/fast/multicol/pagination/RightToLeft-lr-expected.txt:
* platform/mac/fast/multicol/pagination/RightToLeft-rl-dynamic-expected.txt:
* platform/mac/fast/multicol/pagination/RightToLeft-rl-expected.txt:
* platform/mac/fast/multicol/pagination/RightToLeft-tb-expected.txt:
* platform/mac/fast/multicol/pagination/TopToBottom-bt-expected.txt:
* platform/mac/fast/multicol/pagination/TopToBottom-lr-expected.txt:
* platform/mac/fast/multicol/pagination/TopToBottom-rl-expected.txt:
* platform/mac/fast/multicol/positive-leading-expected.txt:
* platform/mac/fast/multicol/scrolling-column-rules-expected.txt:
* platform/mac/fast/multicol/scrolling-overflow-expected.txt:
* platform/mac/fast/multicol/span/anonymous-style-inheritance-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-child-complex-splitting-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-child-generated-content-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-child-property-removal-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-columns-child-dynamic-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-columns-child-expected.txt:
* platform/mac/fast/multicol/span/span-as-immediate-columns-child-removal-expected.txt:
* platform/mac/fast/multicol/span/span-as-nested-columns-child-dynamic-expected.txt:
* platform/mac/fast/multicol/span/span-as-nested-columns-child-expected.txt:
* platform/mac/fast/multicol/span/span-margin-collapsing-expected.txt:
* platform/mac/fast/multicol/table-vertical-align-expected.txt:
* platform/mac/fast/multicol/tall-image-behavior-expected.txt:
* platform/mac/fast/multicol/vertical-lr/column-break-with-balancing-expected.txt:
* platform/mac/fast/multicol/vertical-lr/column-rules-expected.txt:
* platform/mac/fast/multicol/vertical-lr/float-multicol-expected.txt:
* platform/mac/fast/multicol/vertical-lr/float-paginate-complex-expected.txt:
* platform/mac/fast/multicol/vertical-lr/float-paginate-expected.txt:
* platform/mac/fast/multicol/vertical-lr/nested-columns-expected.txt:
* platform/mac/fast/multicol/vertical-rl/column-break-with-balancing-expected.txt:
* platform/mac/fast/multicol/vertical-rl/column-rules-expected.txt:
* platform/mac/fast/multicol/vertical-rl/float-multicol-expected.txt:
* platform/mac/fast/multicol/vertical-rl/float-paginate-complex-expected.txt:
* platform/mac/fast/multicol/vertical-rl/float-paginate-expected.txt:
* platform/mac/fast/multicol/vertical-rl/nested-columns-expected.txt:
* platform/mac/fast/overflow/clip-rects-fixed-ancestor-expected.txt:
* platform/mac/fast/overflow/float-in-relpositioned-expected.txt:
* platform/mac/fast/overflow/overflow-auto-position-absolute-expected.txt:
* platform/mac/fast/overflow/overflow-rtl-expected.txt:
* platform/mac/fast/overflow/paged-x-div-expected.txt:
* platform/mac/fast/overflow/paged-x-div-with-column-gap-expected.txt:
* platform/mac/fast/overflow/paged-x-on-root-expected.txt:
* platform/mac/fast/overflow/paged-x-with-column-gap-expected.txt:
* platform/mac/fast/overflow/paged-y-div-expected.txt:
* platform/mac/fast/overflow/scroll-nested-positioned-layer-in-overflow-expected.txt:
* platform/mac/fast/regions/repaint/region-painting-via-layout-expected.txt:
* platform/mac/fast/repaint/box-shadow-h-expected.txt:
* platform/mac/fast/repaint/box-shadow-v-expected.txt:
* platform/mac/fast/repaint/layer-outline-expected.txt:
* platform/mac/fast/repaint/layer-outline-horizontal-expected.txt:
* platform/mac/fast/table/edge-offsets-expected.txt:
* platform/mac/fast/transforms/overflow-with-transform-expected.txt:
* platform/mac/fast/transforms/rotated-transform-affects-scrolling-1-expected.txt:
* platform/mac/fast/transforms/rotated-transform-affects-scrolling-2-expected.txt:
* platform/mac/fast/writing-mode/Kusa-Makura-background-canvas-expected.txt:
* platform/mac/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
* platform/mac/scrollbars/scrollbars-on-positioned-content-expected.txt:
* platform/mac/svg/custom/getscreenctm-in-scrollable-div-area-nested-expected.txt:
* platform/mac/svg/custom/image-rescale-clip-expected.txt:
* svg/overflow/overflow-on-foreignObject-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/JavaScriptCore:
sbarati@apple.com [Sun, 7 Feb 2016 23:16:20 +0000 (23:16 +0000)]
Source/JavaScriptCore:
Follow up patch to: [ES6] bound functions .name property should be "bound " + the target function's name
https://bugs.webkit.org/show_bug.cgi?id=153796

Reviewed by Darin Adler.

This follow-up patch addresses some comments/suggestions by
Ryosuke, Darin, and Joe. It simplifies JSBoundFunction::toStringName
and adds some tests for bound names.

* runtime/JSBoundFunction.cpp:
(JSC::hasInstanceBoundFunction):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::toStringName):

LayoutTests:
[ES6] bound functions .name property should be "bound " + the target function's name
https://bugs.webkit.org/show_bug.cgi?id=153796

Reviewed by Darin Adler.

* js/bound-function-name-expected.txt: Added.
* js/bound-function-name.html: Added.
* js/script-tests/bound-function-name.js: Added.
(assert):
(assert.foo):
(bar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Allow Web Workers initiated from an isolated world to bypass the main world...
dbates@webkit.org [Sun, 7 Feb 2016 22:26:46 +0000 (22:26 +0000)]
CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
https://bugs.webkit.org/show_bug.cgi?id=153622
<rdar://problem/24400023>

Source/WebCore:

Reviewed by Gavin Barraclough.

Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
would be subject to the Content Security Policy of the page.

Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
the page.

Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
       http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
* bindings/js/ScriptController.h:
* dom/Document.cpp:
(WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
* dom/Document.h:
* dom/ScriptExecutionContext.h:
(WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
do not bypass the main world Content Security Policy.
* page/EventSource.cpp:
(WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
* page/csp/ContentSecurityPolicy.h:
* workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
* workers/DedicatedWorkerGlobalScope.cpp:
(WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy and only apply the Content Security
Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
(WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.
* workers/DedicatedWorkerGlobalScope.h:
* workers/DedicatedWorkerThread.cpp:
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
(WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
* workers/DedicatedWorkerThread.h:
* workers/Worker.cpp:
(WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
because it is dependent on the current JavaScript program stack at the time this function is invoked.
(WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
* workers/Worker.h:
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
main world Content Security Policy and store it in a member field. Also, always instantiate a Content
Security Policy object as our current code assumes that one is always created.
* workers/WorkerGlobalScope.h:
* workers/WorkerGlobalScopeProxy.h:
* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.
* workers/WorkerMessagingProxy.h:
* workers/WorkerThread.cpp:
(WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
whether to bypass the main world Content Security Policy and store it in a member field.
(WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
as to whether to bypass the main world Content Security Policy.
(WebCore::WorkerThread::workerThread): Ditto.
* workers/WorkerThread.h:
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
main world Content Security Policy now that script execution context knows this information.

LayoutTests:

Reviewed by Gavin Barraclough and Andy Estes.

Add tests to ensure that a Web Worker initiated from an isolated world can bypass the main world
Content Security Policy.

* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker-expected.txt: Added.
* http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196242 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[cmake] Move LLVM detection for LLVMDisassembler to OptionsCommon.cmake
commit-queue@webkit.org [Sun, 7 Feb 2016 19:25:31 +0000 (19:25 +0000)]
[cmake] Move LLVM detection for LLVMDisassembler to OptionsCommon.cmake
https://bugs.webkit.org/show_bug.cgi?id=153961

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-07
Reviewed by Michael Catanzaro.

* Source/cmake/OptionsCommon.cmake:
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoString.match should defend against matches that would crash the VM
fpizlo@apple.com [Sun, 7 Feb 2016 19:03:29 +0000 (19:03 +0000)]
String.match should defend against matches that would crash the VM
https://bugs.webkit.org/show_bug.cgi?id=153964
rdar://problem/24301119

Reviewed by Saam Barati.

This fixes a crash in an internal test case.

* runtime/ArgList.cpp:
(JSC::MarkedArgumentBuffer::slowAppend): Use best practices to ensure that the size we
    compute makes sense. Crash if it stops making sense, since most users of this API assume
    that they are creating something small enough to fit on the stack.
* runtime/ArgList.h:
(JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
(JSC::MarkedArgumentBuffer::size):
(JSC::MarkedArgumentBuffer::operator new): Deleted. These were ineffective. According to the
    debugger, we were still calling system malloc. So, I changed the code to use fastMalloc()
    directly.
(JSC::MarkedArgumentBuffer::operator delete): Deleted.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch): Explicitly defend against absurd sizes. Of course, it's still
    possible to crash the VM on OOME. That's sort of always been the philosophy of JSC - we
    don't guarantee that you'll get a nice-looking error whenever you run out of memory,
    since in a GC'd environment you can't really guarantee those things. But, if you have a
    match that obvious won't fit in memory, then reporting an error is useful in case this is
    a developer experimenting with a buggy regexp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers...
mitz@apple.com [Sun, 7 Feb 2016 18:44:25 +0000 (18:44 +0000)]
[Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
https://bugs.webkit.org/show_bug.cgi?id=153963

Reviewed by Sam Weinig.

Source/JavaScriptCore:

* inspector/remote/RemoteInspectorXPCConnection.mm:

Source/WebCore:

* accessibility/mac/AXObjectCacheMac.mm:
* crypto/CommonCryptoUtilities.cpp:
* crypto/CommonCryptoUtilities.h:
* editing/mac/TextUndoInsertionMarkupMac.h:
* editing/mac/TextUndoInsertionMarkupMac.mm:
* platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
* platform/graphics/cg/ImageSourceCG.cpp:
* platform/graphics/mac/PDFDocumentImageMac.mm:
* platform/network/ios/NetworkStateNotifierIOS.mm:
* platform/network/mac/BlobDataFileReferenceMac.mm:
* platform/network/mac/ResourceHandleMac.mm:
* rendering/RenderThemeMac.mm:

Source/WebKit/mac:

* WebView/WebPDFView.mm:

Source/WTF:

* wtf/SystemTracing.h:
* wtf/WTFThreadData.h:
* wtf/spi/darwin/CommonCryptoSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
carlosgc@webkit.org [Sun, 7 Feb 2016 10:09:31 +0000 (10:09 +0000)]
REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
https://bugs.webkit.org/show_bug.cgi?id=153695

Reviewed by Michael Catanzaro.

Source/WebCore:

The problem is that ScrollAnimation objects are not destroyed by
the ScrollAnimator destructor, because I forgot to add a virtual
destructor for ScrollAnimation in r195661.

* platform/ScrollAnimation.h:
(WebCore::ScrollAnimation::~ScrollAnimation):

LayoutTests:

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196238 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, update several layout tests for WK1 after r196227.
cdumez@apple.com [Sun, 7 Feb 2016 06:34:11 +0000 (06:34 +0000)]
Unreviewed, update several layout tests for WK1 after r196227.

* http/tests/security/cross-frame-access-enumeration-expected.txt:
* http/tests/security/cross-frame-access-enumeration.html:
* http/tests/security/cross-frame-access-get-expected.txt:
* http/tests/security/cross-frame-access-get.html:
* http/tests/security/cross-frame-access-history-get-expected.txt:
* http/tests/security/cross-frame-access-history-get-override-expected.txt:
* http/tests/security/cross-frame-access-history-get-override.html:
* http/tests/security/cross-frame-access-history-get.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196237 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r195432): Web Inspector: bottom right section of the styles sidebar is...
nvasilyev@apple.com [Sun, 7 Feb 2016 05:55:12 +0000 (05:55 +0000)]
REGRESSION (r195432): Web Inspector: bottom right section of the styles sidebar is 1px taller than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=153959
<rdar://problem/24541053>

Reviewed by Timothy Hatcher.

* UserInterface/Views/CSSStyleDetailsSidebarPanel.css:
(.sidebar > .panel.details.css-style > .content ~ .options-container):
(.sidebar > .panel.details.css-style > .content ~ .class-list-container)::
Revert the height to what it used to be prior r195432.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196236 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Rebaseline some tests and update expectations after r196222
mcatanzaro@igalia.com [Sun, 7 Feb 2016 02:17:41 +0000 (02:17 +0000)]
[GTK] Rebaseline some tests and update expectations after r196222

Unreviewed test gardening.

* platform/gtk/TestExpectations:
* platform/gtk/fast/clip/outline-overflowClip-expected.txt:
* platform/gtk/fast/repaint/layer-outline-expected.txt:
* platform/gtk/fast/repaint/layer-outline-horizontal-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196235 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCall CFRelease() on SecRequirementRef when no longer needed
dbates@webkit.org [Sun, 7 Feb 2016 02:03:22 +0000 (02:03 +0000)]
Call CFRelease() on SecRequirementRef when no longer needed
https://bugs.webkit.org/show_bug.cgi?id=153954
<rdar://problem/24540259>

Reviewed by Dan Bernstein.

* Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::initializeSandbox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196234 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] imported/blink/compositing/squashing/abspos-under-abspos-overflow-scroll.html...
mcatanzaro@igalia.com [Sun, 7 Feb 2016 01:52:27 +0000 (01:52 +0000)]
[GTK] imported/blink/compositing/squashing/abspos-under-abspos-overflow-scroll.html is flaky

Unreviewed test gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196233 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFTL must store the call site index before runtime calls, even if it's the tail call...
fpizlo@apple.com [Sun, 7 Feb 2016 01:51:00 +0000 (01:51 +0000)]
FTL must store the call site index before runtime calls, even if it's the tail call slow path
https://bugs.webkit.org/show_bug.cgi?id=153955
rdar://problem/24290970

Reviewed by Saam Barati.

This is necessary because you could throw an exception in a host call on the tail call's slow
path. That'll route us to lookupExceptionHandler(), which unwinds starting with the call site
index of our frame. Bad things happen if it's not set. Prior to this patch it was possible
for the call site index field to be uninitialized, which meant that the throwing machinery
was making a wild guess about where we are.

* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::DFG::LowerDFGToLLVM::compileTailCall):
* tests/stress/tail-call-host-call-throw.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196232 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCode clean up: Move Rotater function closer to Stage static methods.
jonlee@apple.com [Sun, 7 Feb 2016 00:45:43 +0000 (00:45 +0000)]
Code clean up: Move Rotater function closer to Stage static methods.
The Rotater is used together with those methods; keep them close.

* Animometer/tests/resources/main.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate the JS includes due to ResultsTable move.
jonlee@apple.com [Sun, 7 Feb 2016 00:39:20 +0000 (00:39 +0000)]
Update the JS includes due to ResultsTable move.

* Animometer/developer.html:
* Animometer/index.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove createElement and createSVGElement to Utilities.
jonlee@apple.com [Sun, 7 Feb 2016 00:34:31 +0000 (00:34 +0000)]
Move createElement and createSVGElement to Utilities.

* Animometer/resources/extensions.js:
(Utilities.createElement): Added.
(Utilities.createSVGElement): Added.
(DocumentExtension.createElement): Deleted.
(DocumentExtension.createSvgElement): Deleted.

* Animometer/resources/debug-runner/animometer.js:
* Animometer/resources/runner/animometer.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-images.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196229 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a convenience function for creating a class.
jonlee@apple.com [Sun, 7 Feb 2016 00:27:12 +0000 (00:27 +0000)]
Add a convenience function for creating a class.

The pattern for creating a class is common enough to add as a Utilities
helper function. It also makes it easy to collapse class definitions when
editing.

* Animometer/resources/debug-runner/animometer.js: Move ProgressBar definition,
since it is only used here.
* Animometer/resources/runner/animometer.js: Move ResultsDashboard and
ResultsTable definition, since it is only used here.
* Animometer/resources/extensions.js: Move Utilities definition to the top. Convert
Point, Insets, SimplePromise.
(ProgressBar): Moved to animometer.js.
(ResultsDashboard): Moved to animometer.js.
(ResultsTable): Moved to animometer.js.
* Animometer/resources/runner/benchmark-runner.js: Convert BenchmarkRunnerState,
BenchmarkRunner.
* Animometer/tests/resources/main.js: Convert Rotater, Stage, Animator, Benchmark.
* Animometer/tests/resources/sampler.js: Convert Experiment, Sampler.

Convert test primitives.
* Animometer/tests/master/resources/canvas-tests.js: Convert CanvasLineSegment,
CanvasArc, CanvasLinePoint.
* Animometer/tests/simple/resources/simple-canvas-paths.js: Convert CanvasLineSegment,
CanvasLinePoint, CanvasQuadraticSegment, CanvasQuadraticPoint, CanvasBezierSegment,
CanvasBezierPoint, CanvasArcToSegment, CanvasArcToSegmentFill, CanvasArcSegment,
CanvasArcSegmentFill, CanvasRect, CanvasRectFill.
* Animometer/tests/simple/resources/tiled-canvas-image.js: Convert CanvasImageTile.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196228 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPrevent cross-origin access to window.history
cdumez@apple.com [Sun, 7 Feb 2016 00:18:40 +0000 (00:18 +0000)]
Prevent cross-origin access to window.history
https://bugs.webkit.org/show_bug.cgi?id=153931

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to window.history to match the specification [1]
and the behavior of other browsers (tested Firefox and Chrome).

[1] https://html.spec.whatwg.org/multipage/browsers.html#security-window

No new tests, already covered by existing tests that
were updated in this patch.

* bindings/js/JSHistoryCustom.cpp:
(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):
(WebCore::JSHistory::state): Deleted.
* page/DOMWindow.idl:
* page/History.idl:

LayoutTests:

Update / rebaseline several layout tests now that cross-origin access to
window.history is prevented.

* fast/frames/sandboxed-iframe-history-denied-expected.txt:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/security/cross-frame-access-call-expected.txt:
* http/tests/security/cross-frame-access-call.html:
* http/tests/security/cross-frame-access-delete-expected.txt:
* http/tests/security/cross-frame-access-delete.html:
* http/tests/security/cross-frame-access-history-prototype-expected.txt:
* http/tests/security/cross-frame-access-history-put.html: Removed.
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf.html:
* http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-setPrototypeOf.html:
* http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196227 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoScrollbarPainters needs to be deallocated on the main thread
bdakin@apple.com [Sat, 6 Feb 2016 23:41:28 +0000 (23:41 +0000)]
ScrollbarPainters needs to be deallocated on the main thread
https://bugs.webkit.org/show_bug.cgi?id=153932
-and corresponding-
rdar://problem/24015483

Reviewed by Dan Bernstein.

Darin pointed out that this was still race-y. There was still a race
condition between the destruction of the two local variables and the
destruction of the lambda on the main thread. This should fix that.
* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
(WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196226 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMinor improvements to debug harness.
jonlee@apple.com [Sat, 6 Feb 2016 23:36:27 +0000 (23:36 +0000)]
Minor improvements to debug harness.

* Animometer/developer.html:
* Animometer/resources/debug-runner/animometer.css:
(#suites): Put the complexity text boxes closer to the test names.
(#options):
(#rawFPS circle): Make the interval FPS appear as a separate data series, with a line.
(#intervalFPS path):
(#intervalFPS circle):
* Animometer/resources/debug-runner/animometer.js:
(window.optionsManager.updateLocalStorageFromUI): Convert number inputs from text.
(window.suitesManager._onChangeTestCheckbox): Refactor to take a checkbox.
(window.suitesManager._createTestElement): Enhance such that typing into the complexity
input will automatically select that test for running.
(window.suitesManager.updateLocalStorageFromJSON): Make the harness work for private
browsing.
* Animometer/resources/debug-runner/graph.js: Separate the intervalFPS data, and show
more accuracy in timestamps.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196225 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefactor helper methods for getting random values for a stage.
jonlee@apple.com [Sat, 6 Feb 2016 23:31:51 +0000 (23:31 +0000)]
Refactor helper methods for getting random values for a stage.

Instead of requiring a Stage instance, just attach it to the Stage object.

* Animometer/tests/bouncing-particles/resources/bouncing-canvas-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-css-shapes.js:
* Animometer/tests/bouncing-particles/resources/bouncing-particles.js:
* Animometer/tests/bouncing-particles/resources/bouncing-svg-shapes.js:
* Animometer/tests/master/resources/canvas-tests.js:
* Animometer/tests/master/resources/particles.js:
* Animometer/tests/misc/resources/canvas-electrons.js:
* Animometer/tests/misc/resources/canvas-stars.js:
* Animometer/tests/misc/resources/compositing-transforms.js:
* Animometer/tests/resources/main.js:
* Animometer/tests/simple/resources/simple-canvas-paths.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196224 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFinish auditing call sites of upper() and lower(), eliminate many, and rename the...
darin@apple.com [Sat, 6 Feb 2016 23:18:47 +0000 (23:18 +0000)]
Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
https://bugs.webkit.org/show_bug.cgi?id=153905

Reviewed by Sam Weinig.

Source/JavaScriptCore:

* runtime/IntlObject.cpp:
(JSC::canonicalLangTag): Use converToASCIIUppercase on the language tag.

* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncToLowerCase): Tweak style and update for name change.
(JSC::stringProtoFuncToUpperCase): Ditto.

Source/WebCore:

* Modules/mediasource/MediaSource.cpp:
(WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
tweaked style a tiny bit and used u_toupper rather than converting an entire
string to uppercase.

* dom/Document.cpp:
(WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
of case folding rather than lowercasing.
(WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
(WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
* dom/Document.h: Ditto.
* dom/DocumentOrderedMap.cpp:
(WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
(WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
* dom/DocumentOrderedMap.h: Ditto.

* dom/TreeScope.cpp:
(WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
Simplified logic for cases where the URL does not have a "#" character in it.
Use case folding instead of lowercase.

* editing/cocoa/HTMLConverter.mm:
(HTMLConverter::_processText): Removed unneded special case for the empty string.
Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
functions by their new names.

* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
lowerasing for the usemap attribute.
(WebCore::HTMLImageElement::insertedInto): Ditto.
(WebCore::HTMLImageElement::removedFrom): Ditto.
(WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
* html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.

* html/HTMLMapElement.cpp:
(WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
for usemap.
(WebCore::HTMLMapElement::parseAttribute): Ditto.

* platform/Language.cpp:
(WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
(WebCore::indexOfBestMatchingLanguageInList): Ditto.

* platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
(WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.

* platform/network/HTTPParsers.cpp:
(WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
of lowercasing to check for a specific header value.

* platform/network/MIMEHeader.cpp:
(WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
(WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
instead of lowercasing.

* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
(WebCore::clientCertificates): Ditto.
(WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
set is now ASCII case-insensitive.
(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
(WebCore::ResourceHandle::setClientCertificate): Ditto.

* platform/network/curl/CookieJarCurl.cpp:
(WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
lowercasing.

* platform/network/curl/MultipartHandle.cpp:
(WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
make a MIME type lowercase.

* platform/network/curl/ResourceHandleCurl.cpp:
(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
conversion to lowercase now that the set is ASCII case-insensitive.
(WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
that is then never used for anything.

* platform/network/curl/ResourceHandleManager.cpp:
(WebCore::headerCallback): Use convertToASCIILowercase for MIME type.

* platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
ASCII case-insensitive.
(WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
is now ASCII case insensitve.
(WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
don't have to write out the map type.
(WebCore::sslIgnoreHTTPSCertificate): Ditto.
(WebCore::certVerifyCallback): Ditto.

* platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
ASCII case-insensitive.
(WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
(WebCore::handleUnignoredTLSErrors): Ditto.
(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
(WebCore::ResourceHandle::setClientCertificate): Ditto.

* platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
(WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
unnecessary lowercasing of the script name before looking at the map.
(WebCore::localeToScriptCodeForFontSelection): Ditto.

* platform/text/win/LocaleWin.cpp:
(WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
unneeded lowercasing.

* platform/win/PasteboardWin.cpp:
(WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
of lowercasing.

* rendering/RenderText.cpp:
(WebCore::applyTextTransform): Use new names for the upper and lower functions.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
DOMImplementation now has ASCII case-insensitive handling of MIME types.

Source/WebKit/mac:

* Plugins/WebBasePluginPackage.mm:
(-[WebBasePluginPackage getPluginInfoFromPLists]): Use modern for loops.
(-[WebBasePluginPackage supportsExtension:]): Use convertToASCIILowercase for extension assert.
Also use modern for loop.
(-[WebBasePluginPackage supportsMIMEType:]): Ditto.
(-[WebBasePluginPackage MIMETypeForExtension:]): Ditto.

Source/WebKit/win:

* Plugins/PluginDatabase.cpp:
(WebCore::PluginDatabase::pluginForMIMEType): Use ASCII case-insensitive map rather
than lowercasing the MIME type.
(WebCore::PluginDatabase::setPreferredPluginForMIMEType): Ditto.

* Plugins/PluginDatabase.h: Make m_preferredPlugins use an ASCII case-insensitive hash.

* Plugins/PluginPackage.h: Use ASCII case-insensitive hash for maps keyed by MIME type.

* Plugins/PluginPackageWin.cpp:
(WebCore::PluginPackage::fetchInfo): Use convertToASCIILowercase to lowercase a MIME type.

Source/WebKit2:

* NetworkProcess/CustomProtocols/CustomProtocolManager.h: Use ASCII case-insensitive hash
for set of registered schemes.

* Shared/Plugins/Netscape/mac/NetscapePluginModuleMac.mm:
(WebKit::getPluginInfoFromPropertyLists): Use convertToASCIILowercase for MIME type and
for file extensions.

* Shared/Plugins/Netscape/x11/NetscapePluginModuleX11.cpp:
(WebKit::NetscapePluginModule::parseMIMEDescription): Use convertToASCIILowercase for
MIME description.

* UIProcess/API/efl/ewk_context.cpp:
(ewk_context_preferred_languages_set): Use convertToASCIILowercase for language.

* UIProcess/API/gtk/WebKitWebContext.cpp:
(webkit_web_context_set_preferred_languages): Use convertToASCIILowercase for language.

* UIProcess/Plugins/PluginInfoStore.cpp:
(WebKit::PluginInfoStore::findPluginForExtension): Use Vector::contains instead of
writing it out using std::find.
(WebKit::pathExtension): Lowercase the result with convertToASCIILowercase instead of
leaving that to the caller.
(WebKit::PluginInfoStore::findPlugin): Removed call to lower since pathExtension
handles that now.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::findPlugin): Use convertToASCIILowercase for MIME type.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::globalURLSchemesWithCustomProtocolHandlers): Use
an ASCII case-insensitive hash.
(WebKit::WebProcessPool::registerGlobalURLSchemeAsHavingCustomProtocolHandlers):
Remove lowercasing, since the hash is now ASCII case-insensitive.
(WebKit::WebProcessPool::unregisterGlobalURLSchemeAsHavingCustomProtocolHandlers):
Ditto.

* UIProcess/WebProcessPool.h: Use an ASCII case-insensitive hash.

* WebProcess/Plugins/Netscape/NetscapePlugin.cpp:
(WebKit::NetscapePlugin::initialize): Use convertToASCIILowercase on parameter names
and values.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::pluginSupportsExtension): Use convertToASCIILowercase for extension assertion.
Also use a modern for loop.
(WebKit::WebFrameLoaderClient::objectContentType): Make the checks for empty MIME types
a little less redundant. Reordered logic to avoid checking the list of supported MIME
types extra times, and to eliminate the need for a boolean. Use convertToASCIILowercase
on the extension.

Source/WTF:

* wtf/text/AtomicString.cpp:
(WTF::AtomicString::lower): Deleted.
* wtf/text/AtomicString.h: Deleted the lower function.

* wtf/text/StringImpl.cpp:
(WTF::StringImpl::convertToLowercaseWithoutLocale): Renamed from lower.
(WTF::StringImpl::convertToUppercaseWithoutLocale): Renamed from upper.
(WTF::StringImpl::convertToLowercaseWithLocale): Renamed from lower.
(WTF::StringImpl::convertToUppercaseWithLocale): Renamed from upper.
(WTF::StringImpl::foldCase): Added fast cases for ASCII since this is
now used in some more-performance-critical code.
* wtf/text/StringImpl.h: Renamed lower and upper.

* wtf/text/WTFString.cpp:
(WTF::String::convertToLowercaseWithoutLocale): Renamed from lower.
(WTF::String::convertToUppercaseWithoutLocale): Renamed from upper.
(WTF::String::convertToLowercaseWithLocale): Renamed from lower.
(WTF::String::convertToUppercaseWithLocale): Renamed from upper.
* wtf/text/WTFString.h: Renamed lower and upper. Removed unneeded comment.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOutline should contribute to visual overflow.
zalan@apple.com [Sat, 6 Feb 2016 23:07:54 +0000 (23:07 +0000)]
Outline should contribute to visual overflow.
https://bugs.webkit.org/show_bug.cgi?id=153299

This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
outline borders.
This patch fixes several focusring related repaint issues. However when both the outline: auto
and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
(Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.

Reviewed by David Hyatt.

Source/WebCore:

Test: fast/repaint/focus-ring-repaint.html
      fast/repaint/focus-ring-repaint-with-negative-offset.html

* css/html.css: resetting to old behavior.
(:focus):
(input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
* rendering/InlineFlowBox.cpp:
(WebCore::InlineFlowBox::addToLine):
(WebCore::InlineFlowBox::addOutlineVisualOverflow):
(WebCore::InlineFlowBox::computeOverflow):
(WebCore::InlineFlowBox::paint): Deleted.
* rendering/InlineFlowBox.h:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::computeOverflow):
(WebCore::RenderBlock::outlineStyleForRepaint):
(WebCore::RenderBlock::paint): Deleted.
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::layoutBlock): Deleted.
(WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::addVisualEffectOverflow):
(WebCore::RenderBox::applyVisualEffectOverflow):
(WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
* rendering/RenderBoxModelObject.h:
* rendering/RenderDetailsMarker.cpp:
(WebCore::RenderDetailsMarker::paint): Deleted.
* rendering/RenderElement.cpp:
(WebCore::RenderElement::insertChildInternal):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::repaintAfterLayoutIfNeeded):
(WebCore::RenderElement::issueRepaintForOutlineAuto):
(WebCore::RenderElement::updateOutlineAutoAncestor):
(WebCore::RenderElement::computeMaxOutlineSize): Deleted.
(WebCore::RenderElement::styleWillChange): Deleted.
* rendering/RenderElement.h:
(WebCore::RenderElement::hasContinuation):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::paintOutlineForLine): Deleted.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::anyLineIntersectsRect):
(WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
(WebCore::RenderLineBoxList::paint):
(WebCore::isOutlinePhase): Deleted.
* rendering/RenderLineBoxList.h:
* rendering/RenderListBox.cpp:
(WebCore::RenderListBox::computePreferredLogicalWidths):
* rendering/RenderListMarker.cpp:
(WebCore::RenderListMarker::paint): Deleted.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
issue the repaint on the ancestor if we crossed repaint container.

(WebCore::RenderObject::repaintUsingContainer):
(WebCore::RenderObject::adjustRectForOutlineAndShadow):
(WebCore::RenderObject::setHasOutlineAutoAncestor):
(WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.

* rendering/RenderObject.h: We mark the descendants of outline: auto so that
when a child renderer changes we can propagate the repaint to the ancestor with outline.

(WebCore::RenderObject::hasOutlineAutoAncestor):
(WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
* rendering/RenderRegion.cpp:
(WebCore::RenderRegion::overflowRectForFlowThreadPortion):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::shouldPaint): Deleted.
(WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
* rendering/RenderTable.cpp:
(WebCore::RenderTable::paint): Deleted.
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
(WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
* rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::layout):
(WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::layoutRows):
(WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
(WebCore::RenderTableSection::paintObject): Deleted.
* rendering/RenderTheme.h:
(WebCore::RenderTheme::platformFocusRingWidth):
* rendering/RenderView.cpp:
(WebCore::RenderView::setMaximalOutlineSize): Deleted.
* rendering/RenderView.h:
* rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::changeAffectsVisualOverflow):
(WebCore::RenderStyle::outlineWidth):
* rendering/style/RenderStyle.h:

LayoutTests:

* fast/repaint/focus-ring-repaint-expected.txt: Added.
* fast/repaint/focus-ring-repaint.html: Added.
* fast/repaint/focus-ring-repaint-expected-with-negative-offset.txt: Added.
* fast/repaint/focus-ring-repaint-with-negative-offset.html: Added.
* TestExpectations:
* platform/mac/TestExpectations:
* platform/mac/compositing/geometry/ancestor-overflow-change-expected.txt:
* platform/mac/compositing/geometry/composited-in-columns-expected.txt:
* platform/mac/compositing/layer-creation/overlap-animation-container-expected.txt:
* platform/mac/compositing/layer-creation/stacking-context-overlap-nested-expected.txt:
* platform/mac/compositing/visibility/visibility-image-layers-dynamic-expected.txt:
* platform/mac/fast/clip/outline-overflowClip-expected.txt:
* platform/mac/fast/inline/continuation-outlines-with-layers-expected.txt:
* platform/mac/fast/repaint/4776765-expected.txt: Added.
* platform/mac/fast/repaint/focus-ring-expected.txt: Added.
* platform/mac/fast/repaint/layer-outline-expected.txt:
* platform/mac/fast/repaint/layer-outline-horizontal-expected.txt:
* platform/mac/svg/custom/focus-ring-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196222 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Various tests are flaky
mcatanzaro@igalia.com [Sat, 6 Feb 2016 18:14:51 +0000 (18:14 +0000)]
[GTK] Various tests are flaky

More unreviewed test gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoObject.getOwnPropertyDescriptor() does not work on sub-frame's window
cdumez@apple.com [Sat, 6 Feb 2016 18:12:18 +0000 (18:12 +0000)]
Object.getOwnPropertyDescriptor() does not work on sub-frame's window
https://bugs.webkit.org/show_bug.cgi?id=153925

Reviewed by Darin Adler.

Source/JavaScriptCore:

Calling Object.getOwnPropertyDescriptor() on a sub-frame's window was
returning undefined for that window's own properties. The reason was
that the check getOwnPropertySlot() is using to make sure the
PropertySlot is not for a property coming from the prototype was wrong.

The check was checking that 'this != slotBase' which works fine unless
this is a JSProxy (e.g. JSDOMWindowShell). To handle proxies, the code
was also checking that 'slotBase.toThis() != this', attempting to
get the slotBase/Window's proxy. However, due to the implementation of
toThis(), we were getting the lexical global object's proxy instead of
slotBase's proxy. To avoid this issue, the new code explicitly checks
if 'this' is a JSProxy and makes sure 'JSProxy::target() != slotBase',
instead of using toThis().

* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertyDescriptor):

LayoutTests:

* fast/dom/Window/getOwnPropertyDescriptor-other-window-expected.txt: Added.
* fast/dom/Window/getOwnPropertyDescriptor-other-window.html: Added.
Add test case to test calling Object.getOwnPropertyDescriptor() on a
sub-frame's window.

* http/tests/security/cross-origin-window-property-access-expected.txt:
* http/tests/security/cross-origin-window-property-access.html:
- Update test use use an iframe instead of opening a Window for convenience.
- Use an actual cross-origin URL. The previous URL was same-origin and therefore
  the test would have failed if window.location was a proper getter/setter
  instead of a 'value' descriptor.
- Add more tests to cover other Window properties (such as 'name') which are
  actual getter / setters to make sure using the current window's getter on
  a cross origin window does not bypass the security origin checks.

* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
- Drop checks for properties for which cross-origin access via
getOwnPropertyDescriptor() now works. They used to not work because of the bug
this patch fixes, and not due to security checks.
- Most of these properties are part of the properties that the specification
states can be accessed cross-origin:
  https://html.spec.whatwg.org/multipage/browsers.html#security-window
- ALL of these properties could already be accessed cross origin via regular
property getters (e.g. crossOriginWindow.blur) in Safari 9 so there should not
be any reason for getOwnPropertyDescriptor() not to work.
- I have also verified that Firefox allows cross-origin access for all these
  properties (via regular getters or getOwnPropertyDescriptor), except for
  the 'history' property. We may want to align our behavior here and prevent
  cross-origin access to 'window.history' but this is not a regression in this
  patch. You could already access crossOriginWindow.history in Safari 9.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Various tests are flaky
mcatanzaro@igalia.com [Sat, 6 Feb 2016 17:26:55 +0000 (17:26 +0000)]
[GTK] Various tests are flaky

Unreviewed test gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Gardening for unexpected passes
mcatanzaro@igalia.com [Sat, 6 Feb 2016 17:01:31 +0000 (17:01 +0000)]
[GTK] Gardening for unexpected passes

Unreviewed test gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Throw away linked code when navigating to a new page.
akling@apple.com [Sat, 6 Feb 2016 17:00:30 +0000 (17:00 +0000)]
[iOS] Throw away linked code when navigating to a new page.
<https://webkit.org/b/153851>

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

Add a VM API for throwing away linked code only.

* runtime/VM.cpp:
(JSC::VM::deleteAllLinkedCode):
* runtime/VM.h:

Source/WebCore:

When navigating to a new page, tell JSC to throw out any linked code it has lying around.
Linked code is tied to a specific global object, and as we're creating a new one for the
new page, none of it is useful to us here.

In the event that the user navigates back, the cost of relinking some code will be far
lower than the memory cost of keeping all of it around.

This landed previously but was rolled out due to a Speedometer regression. I've made one
minor but important change here: only throw away code if we're navigating away from an
existing history item. Or in other words, don't throw away code for "force peeks" or any
other navigations that are not traditional top-level main frame navigations.

* bindings/js/GCController.cpp:
(WebCore::GCController::deleteAllLinkedCode):
* bindings/js/GCController.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196217 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdded implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
commit-queue@webkit.org [Sat, 6 Feb 2016 13:44:34 +0000 (13:44 +0000)]
Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
https://bugs.webkit.org/show_bug.cgi?id=153924

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-06
Reviewed by Andreas Kling.

No new tests needed.

* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
(WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
(WebCore::AXObjectCache::rangeForNodeContents): Ditto.
(WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
(WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
(WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
(WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUse scope stack instead of nested TreeResolvers for shadow trees
antti@apple.com [Sat, 6 Feb 2016 12:51:06 +0000 (12:51 +0000)]
Use scope stack instead of nested TreeResolvers for shadow trees
https://bugs.webkit.org/show_bug.cgi?id=153893

Reviewed by Andreas Kling.

Make TreeResolver per-document. This is a step towards iterative style resolve.

This is done replacing use of nested TreeResolvers with a scope stack that maintains
the style resolver and the selector filter for the current tree scope.

* style/StyleTreeResolver.cpp:
(WebCore::Style::ensurePlaceholderStyle):
(WebCore::Style::TreeResolver::Scope::Scope):
(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::shouldCreateRenderer):
(WebCore::Style::TreeResolver::styleForElement):
(WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
(WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
(WebCore::Style::TreeResolver::createRenderTreeRecursively):
(WebCore::Style::TreeResolver::resolveLocally):
(WebCore::Style::TreeResolver::resolveShadowTree):
(WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
(WebCore::Style::TreeResolver::resolveChildren):
(WebCore::Style::TreeResolver::resolveSlotAssignees):
(WebCore::Style::TreeResolver::resolveRecursively):
(WebCore::Style::TreeResolver::resolve):
(WebCore::Style::detachRenderTree):
* style/StyleTreeResolver.h:
(WebCore::Style::TreeResolver::scope):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::TreeResolver::pushEnclosingScope):
(WebCore::Style::TreeResolver::popScope):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed. Fix more incorrect ASSERT introduced in r196053.
carlosgc@webkit.org [Sat, 6 Feb 2016 11:29:44 +0000 (11:29 +0000)]
Unreviewed. Fix more incorrect ASSERT introduced in r196053.

* WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:
(WebKit::NetscapePluginX11::handleMouseEvent):
(WebKit::NetscapePluginX11::handleWheelEvent):
(WebKit::NetscapePluginX11::setFocus):
(WebKit::NetscapePluginX11::handleMouseEnterEvent):
(WebKit::NetscapePluginX11::handleMouseLeaveEvent):
(WebKit::NetscapePluginX11::handleKeyboardEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196214 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196104.
commit-queue@webkit.org [Sat, 6 Feb 2016 10:12:30 +0000 (10:12 +0000)]
Unreviewed, rolling out r196104.
https://bugs.webkit.org/show_bug.cgi?id=153940

Regressed Speedometer on iOS (Requested by kling on #webkit).

Reverted changeset:

"[iOS] Throw away linked code when navigating to a new page."
https://bugs.webkit.org/show_bug.cgi?id=153851
http://trac.webkit.org/changeset/196104

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agotests fail if display sleeps while run-webkit-tests is running
aakash_jain@apple.com [Sat, 6 Feb 2016 07:00:56 +0000 (07:00 +0000)]
tests fail if display sleeps while run-webkit-tests is running
https://bugs.webkit.org/show_bug.cgi?id=153919

Reviewed by Alexey Proskuryakov.

* DumpRenderTree/mac/LayoutTestHelper.m:
(addDisplaySleepAssertion): Add the assertion so that the display doesn't turn off.
(releaseDisplaySleepAssertion): Release the DisplaySleep Assertion.
(simpleSignalHandler): Release the DisplaySleepAssertion in case of any iterrupt.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196212 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a new graphics test for CanvasRenderingContext2D functions: getImageData and...
commit-queue@webkit.org [Sat, 6 Feb 2016 06:21:37 +0000 (06:21 +0000)]
Add a new graphics test for CanvasRenderingContext2D functions: getImageData and putImageData
https://bugs.webkit.org/show_bug.cgi?id=151716

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-05
Reviewed by Darin Adler.

The purpose of this test is to measure the performance of getImageData
and putImageData functions. This test draws a background on the canvas
and then gets some random tiles from this background and draw them in
destinations different from their original sources.

* Animometer/resources/debug-runner/tests.js: Adding the new test to the canvas simple tests suite.

* Animometer/resources/extensions.js:
(Array.prototype.shuffle): Shuffles the elements of an array.

(Point.zero): Returns a new Point object whose x and y are equal zero.
(Point.prototype.str): Used for debugging the Point object.

* Animometer/tests/simple/resources/tiled-canvas-image.js: Added.
(CanvasImageTile):
(CanvasImageTile.prototype.getImageData):
(CanvasImageTile.prototype.putImageData):
(Stage.call.initialize):
(Stage.call._createTiles):
(Stage.call._nextTilePosition):
(Stage.call.tune):
(Stage.call._drawBackground):
(Stage.call.animate):
(Stage.call.complexity):
(Stage.call):
* Animometer/tests/simple/tiled-canvas-image.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196211 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Unreviewed test expectations gardening.
mcatanzaro@igalia.com [Sat, 6 Feb 2016 04:53:22 +0000 (04:53 +0000)]
[GTK] Unreviewed test expectations gardening.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoScrollbarPainters needs to be deallocated on the main thread
bdakin@apple.com [Sat, 6 Feb 2016 01:24:32 +0000 (01:24 +0000)]
ScrollbarPainters needs to be deallocated on the main thread
https://bugs.webkit.org/show_bug.cgi?id=153932
-and corresponding-
rdar://problem/24015483

Reviewed by Geoff Garen.

Follow-up fix since the first one was still race-y.
* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Visual Styles sidebar should be more forgiving to long labels
commit-queue@webkit.org [Sat, 6 Feb 2016 01:15:13 +0000 (01:15 +0000)]
Web Inspector: Visual Styles sidebar should be more forgiving to long labels
https://bugs.webkit.org/show_bug.cgi?id=153927
<rdar://problem/24343897>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-05
Reviewed by Timothy Hatcher.

If a label is too long for it's container, it overflows and is visible
above the rest of the elements nearby.

* UserInterface/Views/VisualStylePropertyEditor.css:
(.visual-style-property-container > .visual-style-property-title):
Adds text overflow to properties that extend beyond the container's width.

* UserInterface/Views/VisualStylePropertyEditor.js:
(WebInspector.VisualStylePropertyEditor):
Now also adds the label value as a title attribute to the element, just in
case the content overflows.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196207 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoScrollbarPainters needs to be deallocated on the main thread
bdakin@apple.com [Sat, 6 Feb 2016 01:08:43 +0000 (01:08 +0000)]
ScrollbarPainters needs to be deallocated on the main thread
https://bugs.webkit.org/show_bug.cgi?id=153932
-and corresponding-
rdar://problem/24015483

Reviewed by Tim Horton.

Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the
assignments done in this class are not responsible for deallocating the
ScrollbarPainter.
* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark css3/filters/multiple-filters-invalidation.html as flaky on ios-simulator
ryanhaddad@apple.com [Sat, 6 Feb 2016 01:08:25 +0000 (01:08 +0000)]
Mark css3/filters/multiple-filters-invalidation.html  as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking pageoverlay/overlay-small-frame-paints.html as flaky on ios-simulator
ryanhaddad@apple.com [Sat, 6 Feb 2016 00:49:40 +0000 (00:49 +0000)]
Marking pageoverlay/overlay-small-frame-paints.html as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153898

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196204 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking css3-text-decoration/text-underline-position/underline-visual-overflow-with...
ryanhaddad@apple.com [Sat, 6 Feb 2016 00:20:02 +0000 (00:20 +0000)]
Marking css3-text-decoration/text-underline-position/underline-visual-overflow-with-subpixel-position.html as failing on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153315

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196202 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoInstance property getters / setters cannot be called on another instance of the same...
cdumez@apple.com [Sat, 6 Feb 2016 00:18:41 +0000 (00:18 +0000)]
Instance property getters / setters cannot be called on another instance of the same type
https://bugs.webkit.org/show_bug.cgi?id=153895

Reviewed by Gavin Barraclough.

Source/WebCore:

It should be possible to call instance property getters / setters on
other instances of the same type, as per the WEB IDL specification:
- http://heycam.github.io/webidl/#dfn-attribute-getter
- http://heycam.github.io/webidl/#dfn-attribute-setter

This matches the behavior of Firefox.

The issue without our bindings was that the getters / setters were
using |slotBase| instead of |thisValue| and therefore ended up using
the instance the getter was taken from instead of the actual target
object.

Test:
js/instance-property-getter-other-instance.html
js/instance-property-setter-other-instance.html

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
- Have instance getters / setters use thisValue instead of slotBase.
- In the case of interfaces that have attributes on the instance for
  compatibility reasons, try the prototype object if |thisValue| does
  does have the right type, instead of using slotBase like previously.
  I believe this maintains the original compatibility intention while
  also behaving correctly when called on another instance.

* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSattribute.cpp:
Rebaseline bindings tests.

LayoutTests:

* js/dom/script-tests/shadow-navigator-geolocation-in-strict-mode-does-not-throw.js:
* js/dom/shadow-navigator-geolocation-in-strict-mode-does-not-throw-expected.txt:
Extend this layout test coverage to cover the getter case in addition to the
setter case. This test covers the compatibility mode where we don't throw.
I made sure to maintain this behavior when refactoring the bindings to avoid
breakage.

* js/instance-property-getter-other-instance-expected.txt:
Rebaseline now that this test passes.

* js/instance-property-setter-other-instance-expected.txt: Added.
* js/instance-property-setter-other-instance.html: Added.
Add test to cover the setter case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196200 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark http/tests/security/cross-frame-access-custom.html as flaky on ios-simulator-wk2
ryanhaddad@apple.com [Sat, 6 Feb 2016 00:13:21 +0000 (00:13 +0000)]
Mark http/tests/security/cross-frame-access-custom.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=153050

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix internal Windows build
achristensen@apple.com [Sat, 6 Feb 2016 00:07:26 +0000 (00:07 +0000)]
Fix internal Windows build
https://bugs.webkit.org/show_bug.cgi?id=153930
<rdar://problem/24534864>

Reviewed by Mark Lam.

* JavaScriptCore.vcxproj/JavaScriptCore.proj:
I made a typo in r196144.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196197 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkipping js/basic-set.html on Mac since it is already runs as a part of run-jsc-stres...
ryanhaddad@apple.com [Sat, 6 Feb 2016 00:06:17 +0000 (00:06 +0000)]
Skipping js/basic-set.html on Mac since it is already runs as a part of run-jsc-stress-tests
https://bugs.webkit.org/show_bug.cgi?id=153879

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTesting with remote server cache is unusably slow
rniwa@webkit.org [Fri, 5 Feb 2016 23:55:58 +0000 (23:55 +0000)]
Testing with remote server cache is unusably slow
https://bugs.webkit.org/show_bug.cgi?id=153928

Reviewed by Chris Dumez.

Don't use the single process mode of httpd as it's way too slow even for testing.
Also we'll hit a null pointer crash (http://svn.apache.org/viewvc?view=revision&revision=1711479)

Since httpd exits immediately when launched in multi-process mode, remote-cache-server.py (renamed from
run-with-remote-server.py) now has "start" and "stop" commands to start/stop the Apache. Also added
"reset" command to reset the cache for convenience.

* Install.md: Updated the instruction.
* config.json: Fixed a typo: httpdErro*r*Log.
* tools/remote-cache-server.py: Copied from Websites/perf.webkit.org/tools/run-with-remote-server.py.
Now takes one of the following commands: "start", "stop", and "reset".
(main):
(start_httpd): Extracted from main.
(stop_httpd): Added.
* tools/remote-server-relay.conf: Removed redundant (duplicate) LoadModule's.
* tools/run-with-remote-server.py: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196195 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking imported/w3c/web-platform-tests/html/semantics/document-metadata/styling...
ryanhaddad@apple.com [Fri, 5 Feb 2016 23:32:54 +0000 (23:32 +0000)]
Marking imported/w3c/web-platform-tests/html/semantics/document-metadata/styling/LinkStyle.html as flaky on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153929

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196194 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Include SamplingProfiler's expression-level data for stack frames...
sbarati@apple.com [Fri, 5 Feb 2016 23:25:23 +0000 (23:25 +0000)]
Web Inspector: Include SamplingProfiler's expression-level data for stack frames in the protocol
https://bugs.webkit.org/show_bug.cgi?id=153455
<rdar://problem/24335884>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

We now send the sampling profiler's expression-level
line/column info in the inspector protocol.

* inspector/agents/InspectorScriptProfilerAgent.cpp:
(Inspector::buildSamples):
* inspector/protocol/ScriptProfiler.json:
* runtime/SamplingProfiler.h:
(JSC::SamplingProfiler::StackFrame::hasExpressionInfo):

Source/WebInspectorUI:

JSC has been collecting expression-level data in the sampling
profiler, and with this patch, we now get that information
in the inspector. With this information, we probably have
all the data we need to make real heat maps.

* UserInterface/Models/CallingContextTree.js:
(WebInspector.CallingContextTree.prototype.updateTreeWithStackTrace):
(WebInspector.CCTNode):
(WebInspector.CCTNode.prototype.findOrMakeChild):
(WebInspector.CCTNode.prototype.addTimestampAndExpressionLocation):
(WebInspector.CCTNode.prototype.addTimestamp): Deleted.

LayoutTests:

* inspector/sampling-profiler/expression-location-info-expected.txt: Added.
* inspector/sampling-profiler/expression-location-info.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196193 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoModern IDB: UniqueIDBDatabase's m_databaseInfo is unsafely used from multiple threads.
beidson@apple.com [Fri, 5 Feb 2016 22:30:04 +0000 (22:30 +0000)]
Modern IDB: UniqueIDBDatabase's m_databaseInfo is unsafely used from multiple threads.
https://bugs.webkit.org/show_bug.cgi?id=153912

Reviewed by Alex Christensen.

No new tests (Anything testable about this patch is already covered by existing tests).

* Modules/indexeddb/server/IDBBackingStore.h:

* Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
(WebCore::IDBServer::MemoryIDBBackingStore::infoForObjectStore):
* Modules/indexeddb/server/MemoryIDBBackingStore.h:

Teach the SQLiteIDBBackingStore to actually keep its m_databaseInfo up to date as it changes,
and to revert it when version change transactions abort:
* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
(WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
(WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
(WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
(WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
(WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
(WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore):
* Modules/indexeddb/server/SQLiteIDBBackingStore.h:

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): Use the IDBBackingStore's copy of the
  IDBObjectStoreInfo, meant only for the database thread, instead of the UniqueIDBDatabase's copy,
  which is meant only for the main thread.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196191 268f45cc-cd09-0410-ab3c-d52691b4dbfc