WebKit-https.git
4 years agoHTMLScriptElement.crossOrigin / HTMLImageElement.crossOrigin should only return known...
cdumez@apple.com [Mon, 22 Feb 2016 06:28:42 +0000 (06:28 +0000)]
HTMLScriptElement.crossOrigin / HTMLImageElement.crossOrigin should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154502

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/reflection-embedded-expected.txt:
* web-platform-tests/html/dom/reflection-misc-expected.txt:

Source/WebCore:

HTMLScriptElement.crossOrigin / HTMLImageElement.crossOrigin should only
return known values and should be nullable as per the specification:
- https://html.spec.whatwg.org/multipage/scripting.html#attr-script-crossorigin
- https://html.spec.whatwg.org/multipage/embedded-content.html#attr-img-crossorigin
- https://html.spec.whatwg.org/multipage/infrastructure.html#cors-settings-attribute

This aligns our behavior with the HTML specification and Firefox.

No new tests, already covered by existing tests.

* bindings/scripts/CodeGeneratorJS.pm:
Add support for nullable DOMString attributes. If such attribute is
marked as nullable:
- A null string is passed to the implementation if the setter is called
  with null/undefined.
- null is returned to the Javascript if the getter implementation
  returns a null string.

* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
* bindings/scripts/test/GObject/WebKitDOMTestObj.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/ObjC/DOMTestObj.h:
* bindings/scripts/test/ObjC/DOMTestObj.mm:
* bindings/scripts/test/TestObj.idl:
Add test coverage for nullable DOMString attributes
and rebaseline bindings tests.

* html/HTMLImageElement.cpp:
* html/HTMLImageElement.h:
* html/HTMLImageElement.idl:
* html/HTMLScriptElement.cpp:
* html/HTMLScriptElement.h:
* html/HTMLScriptElement.idl:
* html/parser/HTMLParserIdioms.cpp:
* html/parser/HTMLParserIdioms.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake HTMLSelectElement.size behave as per the specification
cdumez@apple.com [Mon, 22 Feb 2016 05:52:07 +0000 (05:52 +0000)]
Make HTMLSelectElement.size behave as per the specification
https://bugs.webkit.org/show_bug.cgi?id=154504

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:
* web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Make HTMLSelectElement.size behave as per the specification:
- https://html.spec.whatwg.org/#htmlselectelement
- https://html.spec.whatwg.org/#dom-select-size
- https://html.spec.whatwg.org/#reflecting-content-attributes-in-idl-attributes:idl-unsigned-long

In particular, it should be unsigned and be in the range [0; 2147483647].

Also update several unsigned long attributes in our HTML implementation to use
parseHTMLNonNegativeInteger() to parse unsigned integers as per the HTML
specification, instead of calling String::toUint().

No new tests, already covered by existing tests.

* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::parseAttribute):
(WebCore::HTMLInputElement::size):
(WebCore::HTMLInputElement::setSize):
* html/HTMLInputElement.h:
* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::parseAttribute):
(WebCore::HTMLSelectElement::setSize):
(WebCore::HTMLSelectElement::namedItem): Deleted.
(WebCore::HTMLSelectElement::item): Deleted.
* html/HTMLSelectElement.h:
(WebCore::HTMLSelectElement::size):
* html/HTMLSelectElement.idl:
* html/HTMLTableColElement.cpp:
(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::setSpan):
* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::parseAttribute):
(WebCore::HTMLTextAreaElement::setCols):
(WebCore::HTMLTextAreaElement::setRows):
* html/parser/HTMLParserIdioms.h:
(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):

LayoutTests:

Update test that was covering the case of an HTMLSelectElement with an
invalid size attribute. The test was expecting the bad "size" attribute
value to get corrected so that the select element looks like a menu list.
This workaround was added back in 2007 to workaround a bug on
www.chainreaction.com (rdar://problem/4697438). This patch drops the
workaround in HTMLSelectElement::parseAttribute() because:
1. This is not standard behavior as per the HTML specification
2. This behavior does not match Firefox either
3. The workaround is no longer needed for www.chainreaction.com.

* fast/forms/select-size-expected.html: Added.
* fast/forms/select-size.html:
* platform/efl/fast/forms/select-size-expected.txt: Removed.
* platform/gtk/fast/forms/select-size-expected.txt: Removed.
* platform/ios-simulator/fast/forms/select-size-expected.txt: Removed.
* platform/mac/fast/forms/select-size-expected.png: Removed.
* platform/mac/fast/forms/select-size-expected.txt: Removed.
* platform/win/fast/forms/select-size-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: Enable form-action directive by default
dbates@webkit.org [Mon, 22 Feb 2016 05:26:17 +0000 (05:26 +0000)]
CSP: Enable form-action directive by default
https://bugs.webkit.org/show_bug.cgi?id=154520
<rdar://problem/24762029>

Reviewed by Sam Weinig.

Source/WebCore:

* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the form-action
directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.
(WebCore::isExperimentalDirectiveName): Remove form-action from the directives considered
experimental.

LayoutTests:

Mark form-action tests as Pass so that we run them.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196892 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: add 'Automation' protocol domain and generate its backend classes...
bburg@apple.com [Mon, 22 Feb 2016 04:49:29 +0000 (04:49 +0000)]
Web Inspector: add 'Automation' protocol domain and generate its backend classes separately in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=154509
<rdar://problem/24759098>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Add a new 'WebKit' framework, which is used to generate protocol code
in WebKit2.

Add --backend and --frontend flags to the main generator script.
These allow a framework to trigger two different sets of generators
so they can be separately generated and compiled.

* inspector/scripts/codegen/models.py:
(Framework.fromString):
(Frameworks): Add new framework.

* inspector/scripts/generate-inspector-protocol-bindings.py:
If neither --backend or --frontend is specified, assume both are wanted.
This matches the behavior for JavaScriptCore and WebInspector frameworks.

(generate_from_specification):
Generate C++ files for the backend and Objective-C files for the frontend.

Source/WebKit2:

Add a new 'Automation' domain which presents an RPC interface
for sending automation commands to an active WebAutomationSession
in the UIProcess via RemoteInspector. This is similar to how the
Inspector backend communicates bidirectionally with a remote
Inspector frontend.

Add build system logic to generate JSON-RPC protocol bindings
for the 'Automation' domain using the inspector code generators.

Move automation-related files that are not API or SPI into their
own directory.

* Configurations/BaseTarget.xcconfig: Tell where JavaScriptCore's
private headers are, since that's where the code generators live.

* CMakeLists.txt: Look in UIProcess/Automation directory.
* PlatformMac.cmake:
* DerivedSources.make: Generate protocol bindings for a single domain.
The names of the generated files will be improved in a follow-up patch
so that they do not clash with generated files in JavaScriptCore.

* UIProcess/Automation/Automation.json: Added.
* UIProcess/Automation/WebAutomationSession.cpp: Renamed from Source/WebKit2/UIProcess/WebAutomationSession.cpp.
(WebKit::WebAutomationSession::WebAutomationSession):
(WebKit::WebAutomationSession::~WebAutomationSession):
Set up a backend dispatcher and frontend router. They will be used later.

(WebKit::WebAutomationSession::dispatchMessageFromRemote):
Forward messages from the remote to the backend dispatcher. When
an agent / command handler is registered, it will receive the message.

(WebKit::WebAutomationSession::connect):
(WebKit::WebAutomationSession::disconnect):
Connenct and disconnect the frontend router to the remote channel.

* UIProcess/Automation/WebAutomationSession.h: Renamed from Source/WebKit2/UIProcess/WebAutomationSession.h.
* WebKit2.xcodeproj/project.pbxproj: Add and move files.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196891 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd username / password attributes to HTMLAnchorElement / HTMLAreaElement
cdumez@apple.com [Mon, 22 Feb 2016 03:28:55 +0000 (03:28 +0000)]
Add username / password attributes to HTMLAnchorElement / HTMLAreaElement
https://bugs.webkit.org/show_bug.cgi?id=154519

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Add username / password attributes to HTMLAnchorElement / HTMLAreaElement as per:
https://html.spec.whatwg.org/#htmlhyperlinkelementutils

Firefox and Chrome already implement these.

Also stop treating null as the empty string for the HTMLHyperlinkElementUtils
attributes. This behavior does not match the specification or other browsers
(tested Firefox and Chrome).

Test: fast/dom/HTMLAnchorElement/set-href-attribute-user-pass.html

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::username):
(WebCore::HTMLAnchorElement::setUsername):
(WebCore::HTMLAnchorElement::password):
(WebCore::HTMLAnchorElement::setPassword):
* html/HTMLAnchorElement.h:
* html/HTMLAnchorElement.idl:
* html/HTMLAreaElement.idl:
* html/HTMLHyperlinkElementUtils.idl: Added.

LayoutTests:

* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hash.js:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-host.js:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-hostname.js:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-pathname.js:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-protocol.js:
* fast/dom/HTMLAnchorElement/script-tests/set-href-attribute-search.js:
* fast/dom/HTMLAnchorElement/set-href-attribute-hash-expected.txt:
* fast/dom/HTMLAnchorElement/set-href-attribute-host-expected.txt:
* fast/dom/HTMLAnchorElement/set-href-attribute-hostname-expected.txt:
* fast/dom/HTMLAnchorElement/set-href-attribute-pathname-expected.txt:
* fast/dom/HTMLAnchorElement/set-href-attribute-protocol-expected.txt:
* fast/dom/HTMLAnchorElement/set-href-attribute-search-expected.txt:
Update / rebaseline tests now that we no longer treat null as the empty string.

* fast/dom/HTMLAnchorElement/set-href-attribute-user-pass-expected.txt: Added.
* fast/dom/HTMLAnchorElement/set-href-attribute-user-pass.html: Added.
Add test coverage for setting the username / password attributes.

* js/dom/dom-static-property-for-in-iteration-expected.txt:
Rebaseline now that HTMLAnchorElement / HTMLAreaElement have 2 additional
attributes: username and password.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196890 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoiframe/frame/object.contentDocument should be on the prototype
cdumez@apple.com [Mon, 22 Feb 2016 03:27:44 +0000 (03:27 +0000)]
iframe/frame/object.contentDocument should be on the prototype
https://bugs.webkit.org/show_bug.cgi?id=154409

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Move iframe/frame/object.contentDocument to the prototype. They used
to be on the instance due to the [CheckSecurityForNode] IDL extended
attribute. This patch updates the bindings generator so that such
attributes are now on the prototype. While they are now on the
prototype, the security checks are still generated in the
corresponding getters and setters so cross origin access is still
prevented.

Test: http/tests/security/cross-origin-iframe-contentDocument.html

* bindings/scripts/CodeGeneratorJS.pm:
(AttributeShouldBeOnInstance): Deleted.

LayoutTests:

Add test coverage for trying to access iframe.contentDocument cross origin
to make sure it still fails and logs a security error.

* http/tests/security/cross-origin-iframe-contentDocument-expected.txt: Added.
* http/tests/security/cross-origin-iframe-contentDocument.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196889 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor LazyEventListener creation to separate Element and Document cases
darin@apple.com [Mon, 22 Feb 2016 02:33:29 +0000 (02:33 +0000)]
Refactor LazyEventListener creation to separate Element and Document cases
https://bugs.webkit.org/show_bug.cgi?id=154231

Reviewed by Andreas Kling.

Source/WebCore:

* bindings/js/JSLazyEventListener.cpp:
(WebCore::JSLazyEventListener::create): Added. Newly factored to separate
Element, Document, and DOMWindow with overloading.
(WebCore::JSLazyEventListener::createForNode): Deleted.
(WebCore::JSLazyEventListener::createForDOMWindow): Deleted.

* bindings/js/JSLazyEventListener.h: Replaced the separate createForNode
and createForDOMWindow functions with a single overloaded function create,
which takes an Element, Document, or DOMWindow. Also changed indentation
to match the style guide.

* dom/Attr.h: Added newly needed forward class declaration.

* dom/ContainerNode.cpp:
(WebCore::ContainerNode::setAttributeEventListener): Deleted.
* dom/ContainerNode.h: Deleted setAttributeEventListener override; it's now
done separately by Element and Document.

* dom/Document.cpp:
(WebCore::Document::setAttributeEventListener): Added. Makes the lazy event
listener and calls through to the base class's setAttributeEventListener.
(WebCore::Document::setWindowAttributeEventListener): Updated to call just
create instead of createForDOMWindow.

* dom/Document.h: Removed some unneeded forward declarations. Added the
overload for setAttributeEventListener. Removed a no longer useful comment.

* dom/Element.cpp:
(WebCore::Element::setAttributeEventListener): Added. Makes the lazy event
listener and calls through to the base class's setAttributeEventListener.

* dom/Element.h: Removed some unneeded forward declarations. Added the
overload for setAttributeEventListener.

* dom/Node.h: Removed many unneeded forward declarations.

* dom/NodeRareData.h: Added one forward declaration.

* editing/Editor.h: Added one forward declaration.

Source/WebKit/win:

* WebView.h: Forward declare KeyboardEvent.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196888 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImprovements to Intl code
sukolsak@gmail.com [Mon, 22 Feb 2016 01:55:41 +0000 (01:55 +0000)]
Improvements to Intl code
https://bugs.webkit.org/show_bug.cgi?id=154486

Reviewed by Darin Adler.

This patch does several things:
- Use std::unique_ptr to store ICU objects.
- Pass Vector::size() to ICU functions that take a buffer size instead
  of Vector::capacity().
- If U_SUCCESS(status) is true, it means there is no error, but there
  could be warnings. ICU functions ignore warnings. So, there is no need
  to reset status to U_ZERO_ERROR.
- Remove the initialization of the String instance variables of
  IntlDateTimeFormat. These values are never read and cause unnecessary
  memory allocation.
- Fix coding style.
- Some small optimization.

* runtime/IntlCollator.cpp:
(JSC::IntlCollator::UCollatorDeleter::operator()):
(JSC::IntlCollator::createCollator):
(JSC::IntlCollator::compareStrings):
(JSC::IntlCollator::~IntlCollator): Deleted.
* runtime/IntlCollator.h:
* runtime/IntlDateTimeFormat.cpp:
(JSC::IntlDateTimeFormat::UDateFormatDeleter::operator()):
(JSC::defaultTimeZone):
(JSC::canonicalizeTimeZoneName):
(JSC::toDateTimeOptionsAnyDate):
(JSC::IntlDateTimeFormat::initializeDateTimeFormat):
(JSC::IntlDateTimeFormat::weekdayString):
(JSC::IntlDateTimeFormat::format):
(JSC::IntlDateTimeFormat::~IntlDateTimeFormat): Deleted.
(JSC::localeData): Deleted.
* runtime/IntlDateTimeFormat.h:
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlObject.cpp:
(JSC::numberingSystemsForLocale):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196887 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove arrowfunction test cases that rely on arguments variable in jsc
commit-queue@webkit.org [Mon, 22 Feb 2016 01:45:45 +0000 (01:45 +0000)]
Remove arrowfunction test cases that rely on arguments variable in jsc
https://bugs.webkit.org/show_bug.cgi?id=154517

Patch by Skachkov Oleksandr <gskachkov@gmail.com> on 2016-02-21
Reviewed by Yusuke Suzuki.

Allow to jsc has the same behavior in javascript as browser has

* tests/stress/arrowfunction-lexical-bind-arguments-non-strict-1.js:
* tests/stress/arrowfunction-lexical-bind-arguments-strict.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196886 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: sandbox directive should be ignored when contained in a policy defined via a...
dbates@webkit.org [Mon, 22 Feb 2016 01:30:43 +0000 (01:30 +0000)]
CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154299
<rdar://problem/24680433>

Add iOS Simulator-specific expected result for test http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.html.

* platform/ios-simulator/http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196885 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdding ios-simulator baseline for js/number-toLocaleString.html
ryanhaddad@apple.com [Mon, 22 Feb 2016 01:29:43 +0000 (01:29 +0000)]
Adding ios-simulator baseline for js/number-toLocaleString.html
https://bugs.webkit.org/show_bug.cgi?id=154524

Unreviewed test gardening.

* platform/ios-simulator/js/number-toLocaleString-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196884 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRe-sync W3C HTML/DOM web-platform-tests
cdumez@apple.com [Mon, 22 Feb 2016 01:27:43 +0000 (01:27 +0000)]
Re-sync W3C HTML/DOM web-platform-tests
https://bugs.webkit.org/show_bug.cgi?id=154513

Reviewed by Darin Adler.

Re-sync W3C HTML/DOM web-platform-tests after:
- https://github.com/w3c/web-platform-tests/pull/2597
- https://github.com/w3c/web-platform-tests/pull/2598
- https://github.com/w3c/web-platform-tests/pull/2599

* web-platform-tests/html/dom/elements-embedded.js:
* web-platform-tests/html/dom/elements-misc.js:
* web-platform-tests/html/dom/interfaces.html:
* web-platform-tests/html/dom/reflection-embedded-expected.txt:
* web-platform-tests/html/dom/reflection-misc-expected.txt:
* web-platform-tests/html/dom/reflection.js:
(ReflectionTests.doReflects):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196883 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html for ios...
ryanhaddad@apple.com [Mon, 22 Feb 2016 01:23:07 +0000 (01:23 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html for ios-simulator after r196846

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196882 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: it should be possible to omit generated code guarded by INSPECTOR_ALTE...
bburg@apple.com [Mon, 22 Feb 2016 00:08:37 +0000 (00:08 +0000)]
Web Inspector: it should be possible to omit generated code guarded by INSPECTOR_ALTERNATE_DISPATCHERS
https://bugs.webkit.org/show_bug.cgi?id=154508
<rdar://problem/24759077>

Reviewed by Timothy Hatcher.

In preparation for being able to generate protocol files for WebKit2,
make it possible to not emit generated code that's guarded by
ENABLE(INSPECTOR_ALTERNATE_DISPATCHERS). This code is not needed by
backend dispatchers generated outside of JavaScriptCore. We can't just
define it to 0 for WebKit2, since it's defined to 1 in <wtf/Platform.h>
in the configurations where the code is actually used.

Add a new opt-in Framework configuration option that turns on generating
this code. Adjust how the code is generated so that it can be easily excluded.

* inspector/scripts/codegen/cpp_generator_templates.py:
Make a separate template for the declarations that are guarded.
Add an initializer expression so the order of initalizers doesn't matter.

* inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
(CppBackendDispatcherHeaderGenerator.generate_output): Add a setting check.
(CppBackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
If the declarations are needed, they will be appended to the end of the
declarations list.

* inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
(CppBackendDispatcherImplementationGenerator.generate_output): Add a setting check.
(CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command): Add a setting check.

* inspector/scripts/codegen/models.py: Set the 'alternate_dispatchers' setting
to True for Framework.JavaScriptCore only. It's not needed elsewhere.

Rebaseline affected tests.

* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/expected/enum-values.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196881 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: clean up generator selection in generate-inspector-protocol-bindings.py
bburg@apple.com [Mon, 22 Feb 2016 00:05:07 +0000 (00:05 +0000)]
Web Inspector: clean up generator selection in generate-inspector-protocol-bindings.py
https://bugs.webkit.org/show_bug.cgi?id=154505
<rdar://problem/24758042>

Reviewed by Timothy Hatcher.

It should be possible to generate code for a framework using some generators
that other frameworks also use. Right now the generator selection code assumes
that use of a generator is mutually exclusive among non-test frameworks.

Make this code explicitly switch on the framework. Reorder generators
alpabetically within each case.

* inspector/scripts/generate-inspector-protocol-bindings.py:
(generate_from_specification):

Rebaseline tests that are affected by generator reorderings.

* inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
* inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
* inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
* inspector/scripts/tests/expected/enum-values.json-result:
* inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
* inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
* inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
* inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
* inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
* inspector/scripts/tests/expected/type-declaration-array-type.json-result:
* inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196880 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnother attempt to fix the Content Extension test failures following <https://trac...
dbates@webkit.org [Sun, 21 Feb 2016 23:02:37 +0000 (23:02 +0000)]
Another attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Rename Content Extension JSON files so that they are associated with tests http/tests/contentextensions/block-cookies-in-csp-report.php
http/tests/contentextensions/block-csp-report.php and http/tests/contentextensions/hide-on-csp-report.php. These
files were formerly named block-cookies-in-csp-report.html, block-csp-report.html, and hide-on-csp-report.html,
respectively, prior to <https://trac.webkit.org/changeset/196878>. Also, update expected result for test block-csp-report.html
following <https://trac.webkit.org/changeset/196878>.

* http/tests/contentextensions/block-cookies-in-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.json.
* http/tests/contentextensions/block-csp-report-expected.txt:
* http/tests/contentextensions/block-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.json.
* http/tests/contentextensions/hide-on-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.json.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix the Content Extension test failures following <https://trac.webkit...
dbates@webkit.org [Sun, 21 Feb 2016 21:37:42 +0000 (21:37 +0000)]
Attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Convert Content Extension tests that use the Content Security Policy directive report-uri from HTML files
to PHP scripts and modified them to define the content security policy for the page via the Content-Security-Policy
HTTP header instead of via a meta element so that the report-uri directive is honored. Following
<https://trac.webkit.org/changeset/196875> the directive report-uri is only honored when contained in a
policy that is delivered via an HTTP header. That is, it is no longer honored when delivered in a meta element.

* http/tests/contentextensions/block-cookies-in-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.
* http/tests/contentextensions/block-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.
* http/tests/contentextensions/hide-on-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: Violation report should include column number
dbates@webkit.org [Sun, 21 Feb 2016 19:51:43 +0000 (19:51 +0000)]
CSP: Violation report should include column number
https://bugs.webkit.org/show_bug.cgi?id=154418
<rdar://problem/24729525>

Reviewed by Brent Fulgham.

Source/WebCore:

Include column-number in the Content Security Policy violation report for the column number
in the source script where the violation occurred (for a script violation) as per section
Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

When a CSP report is created for a script violation the source file and line number of the
source code line where the violation occurred are included in the report. We now include
the column number in the source file where the violation occurred so as to help narrow
down the operation that triggered the violation in a complicated source code line.

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation):

LayoutTests:

Update expected results to include source file column information where the violation occurred.

* http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196877 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: Violation report should include HTTP status code and effective-directive of...
dbates@webkit.org [Sun, 21 Feb 2016 19:45:47 +0000 (19:45 +0000)]
CSP: Violation report should include HTTP status code and effective-directive of protected resource
https://bugs.webkit.org/show_bug.cgi?id=154288
<rdar://problem/24674982>
And
https://bugs.webkit.org/show_bug.cgi?id=115707
<rdar://problem/24383128>

Reviewed by Brent Fulgham.

Source/WebCore:

Include status-code and effective-directive in the Content Security Policy violation report for
the HTTP status code of the protected resource and name of the policy directive that was violated,
respectively, as per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Test: http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::reportViolation): Add key status-code to the report with value
equal to the HTTP response code for the document or 0 depending on whether the document was
delivered over HTTP or not. Additionally, remove ENABLE(CSP_NEXT)-guard/experimentalFeaturesEnabled()-condition
around code to include the effective-directive property in the report.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html to ensure
that the CSP report property status-code is 0 when the protected document is delivered over HTTPS. Fix a
correctness issue in the result for test http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html
and update the expected results for the following tests now that the CSP violation report includes properties
status-code and effective-directive:
    http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php
    http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
    http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php
    http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php

The rest of the changes to the expected results are cosmetic and reflect the difference in wording for inline
script violations between WebKit and Blink. We will consider adopting wording similar to Blink in
<https://bugs.webkit.org/show_bug.cgi?id=153242>.

* TestExpectations: Remove entries for tests that now pass. Add test http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php.
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
* http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.html. The report-uri
directive is only honored when defined in a policy delivered via an HTTP header. We convert this
HTML file to a PHP script to be able to deliver a Content-Security-Policy HTTP header.
* http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt: Update expected result now
that the report includes properties status-code and effective-directive.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-only-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt: Update expected result now
that the report includes properties status-code and effective-directive.
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt: Update expected result now
that the report includes properties status-code and effective-directive.
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html: Added.
* http/tests/security/contentSecurityPolicy/report-uri-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html: Fix ill-formed markup; substitute </iframe> for </script>.
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt: Cosmetic change.
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt: Ditto.
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196876 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: report-url directive should be ignored when contained in a policy defined via...
dbates@webkit.org [Sun, 21 Feb 2016 19:04:15 +0000 (19:04 +0000)]
CSP: report-url directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154307
<rdar://problem/24684817>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy report-uri directive should only be honored when defined via an HTTP header
as per section report-uri of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the report-uri directive when enforcing or monitoring a policy defined either via
an HTML meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Test: http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html

* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive report-uri when
the Content Security Policy came from an HTML meta element.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html and rename and modify
existing tests to make them PHP scripts that emit a Content Security Policy HTTP header.

In addition, remove file http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html that
is no longer meaningful now that we do not honor the report-uri directive defined in a policy via a meta
element. Moreover, we have not made use of this file since <http://trac.webkit.org/changeset/176413>.

* TestExpectations: Update entries for renames.
* http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
* http/tests/security/contentSecurityPolicy/report-and-enforce.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html.
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-data-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html.
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-file-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-blocked-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html.
* http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html.
* http/tests/security/contentSecurityPolicy/report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/report-only.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html.
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html.
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html.
* http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html.
* http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.html.
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-from-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript.html.
* http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html: Added.
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.html: Removed.
* http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.php: Added.
* http/tests/security/contentSecurityPolicy/report-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html: Removed. For completeness, we have
not made use of this file since <http://trac.webkit.org/changeset/176413>.
* http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php:
* http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html.
* platform/wk2/TestExpectations: Update entries for renames.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: sandbox directive should be ignored when contained in a policy defined via a...
dbates@webkit.org [Sun, 21 Feb 2016 18:52:51 +0000 (18:52 +0000)]
CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154299
<rdar://problem/24680433>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy sandbox directive should only be honored when enforcing a policy
defined via an HTTP header as per section sandbox of the Content Security Policy 2.0 spec.,
<https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the sandbox directive when enforcing a policy defined either via an HTML
meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php
       http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php
       http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php
       http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Substitute ContentSecurityPolicy::processHTTPEquiv() for
ContentSecurityPolicy::didReceiveHeader() as the latter was made private.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::copyStateFrom): Updated as needed based on ContentSecurityPolicy::didReceiveHeader() change below.
(WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
(WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
and pass it through to ContentSecurityPolicyDirectiveList::create().
(WebCore::ContentSecurityPolicy::reportInvalidDirectiveInHTTPEquivMeta): Logs a message to the Web Inspector console
that the specified directive was ignored because it was delivered via an HTML meta element.
* page/csp/ContentSecurityPolicy.h: Made member function ContentSecurityPolicy::didReceiveHeader() private. Defined
enum class PolicyFrom to represent the source of the Content Security Policy: HTTP equiv meta element, HTTP header, or
inherited from another ContentSecurityPolicy object (this value is only used by ContentSecurityPolicy::copyStateFrom()).
(WebCore::ContentSecurityPolicy::processHTTPEquiv): Added; turns around and calls ContentSecurityPolicy::didReceiveHeader().
The name of this function better describes its purpose - to handle the processing of a Content Security Policy
delivered via <meta http-equiv="Content-Security-Policy" content="...">.
* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::create): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
as pass it through to ContentSecurityPolicyDirectiveList::parse().
(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive sandbox when the Content Security
Policy came from an HTML meta element.
* page/csp/ContentSecurityPolicyDirectiveList.h:

LayoutTests:

Add test http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html to ensure that we ignore
the sandbox directive when delivered via an HTML meta element and log a message to the Web Inspector console.

Remove tests http/tests/security/contentSecurityPolicy/sandbox-{allow-scripts-subframe, empty, empty-subframe}.html
that are no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element and
create analogous tests for when the sandbox directive is delivered via an HTTP header.

* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2-expected.txt: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-expected.txt.
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html.

* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html: Removed.
This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
An analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy//sandbox-allow-scripts-in-http-header.html.

* http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html.

* http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty.html.

* http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html: Removed.
This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
The analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php.

* http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt: Removed.
* http/tests/security/contentSecurityPolicy/sandbox-empty.html: Removed.
This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
The analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php.

* http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: Don't use a whole page for metadata
ggaren@apple.com [Sun, 21 Feb 2016 18:43:22 +0000 (18:43 +0000)]
bmalloc: Don't use a whole page for metadata
https://bugs.webkit.org/show_bug.cgi?id=154510

Reviewed by Andreas Kling.

(1) Don't round up metadata to a page boundary. This saves 1.5% dirty
memory on iOS and 0.2% on Mac. It also enables a future patch to allocate
smaller chunks without wasting memory.

(2) Initialize metadata lazily. This saves dirty memory when the program
allocates primarily small or large objects (but not both), leaving some
metadata uninitialized.

* bmalloc.xcodeproj/project.pbxproj: Medium objects are gone now.

* bmalloc/BumpAllocator.h:
(bmalloc::BumpAllocator::refill): Added an ASSERT to help debug a bug
I cause while working on this patch.

* bmalloc/Heap.cpp:
(bmalloc::Heap::allocateSmallBumpRanges): Ditto.

(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::allocateLarge): Updated for interface change.

* bmalloc/LargeChunk.h: Changed the boundaryTagCount calculation to
a static_assert.

Don't round up to page boundary. (See above.)

(bmalloc::LargeChunk::LargeChunk): Moved code here from LargeChunk::init.
A constructor is a more natural / automatic way to do this initialization.

* bmalloc/LargeObject.h:
(bmalloc::LargeObject::init): Deleted. Moved to LargeChunk.

* bmalloc/Sizes.h: Chagned largeChunkMetadataSize to a simpler constant
because metadata size no longer varies by page size.

* bmalloc/SmallChunk.h:
(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages): Use std::array to make begin/end
calculations easier.

(bmalloc::SmallChunk::SmallChunk): Treat our metadata like a series
of allocated objects. We used to avoid trampling our metadata by
starting object memory at the next page. Now we share the first page
between metadata and objects, and we account for metadata explicitly.

* bmalloc/SuperChunk.h:
(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::create): Deleted. Don't eagerly run the SmallChunk
and LargeChunk constructors. We'll run them lazily as needed.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateSmallChunk):
(bmalloc::VMHeap::allocateLargeChunk):
(bmalloc::VMHeap::allocateSuperChunk):
(bmalloc::VMHeap::grow): Deleted. Track small and large chunks explicitly
so we can initialize them lazily.

* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateLargeObject): Specify whether we're allocating
a small or large chunk since we don't allocate both at once anymore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196873 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r196866.
commit-queue@webkit.org [Sun, 21 Feb 2016 18:18:32 +0000 (18:18 +0000)]
Unreviewed, rolling out r196866.
https://bugs.webkit.org/show_bug.cgi?id=154515

still crashy on EFL/GTK (Requested by smfr on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196866

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196872 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse of inlined asm statements causes problems for -std=c99 builds.
mark.lam@apple.com [Sun, 21 Feb 2016 06:14:38 +0000 (06:14 +0000)]
Use of inlined asm statements causes problems for -std=c99 builds.
https://bugs.webkit.org/show_bug.cgi?id=154507

Reviewed by Dan Bernstein.

Source/bmalloc:

* bmalloc/BAssert.h:

Source/WTF:

WTF's Assertions.h may inadvertantly get included by other projects that are built
with -std=c99.  The use of the inlined asm statements with the keyword "asm" is
not recognized when the -std compiler flag is used.

https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html says "When writing code that
can be compiled with -ansi and the various -std options, use __asm__ instead of
asm (see Alternate Keywords)."

So, to be a good citizen, we can change the use of "asm" in CRASH() to "__asm__"
so that we don't break the build of such other projects.

* wtf/Assertions.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196871 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd the support for universal slave password
rniwa@webkit.org [Sun, 21 Feb 2016 01:54:08 +0000 (01:54 +0000)]
Add the support for universal slave password
https://bugs.webkit.org/show_bug.cgi?id=154476

Reviewed by David Kilzer.

Added the support for universalSlavePassword.

* config.json:
* public/include/report-processor.php:
(ReportProcessor::process):
(ReportProcessor::authenticate_and_construct_build_data): Extracted from process().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Opacity slider thumb sometimes goes past the bar in Visual Styles...
commit-queue@webkit.org [Sun, 21 Feb 2016 00:17:01 +0000 (00:17 +0000)]
Web Inspector: Opacity slider thumb sometimes goes past the bar in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154497

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-20
Reviewed by Timothy Hatcher.

Since WebInspector.Slider uses CSS transforms to move the slider knob
along the track, if the width of the track changes then the position
of the knob would stay the same since it was translated instead of
adjusting its position relative to the new width.

* UserInterface/Views/Slider.js:
(WebInspector.Slider.prototype.recalculateKnobX):
Resets the maxX value to 0 to ensure that a new maxX is calculated with
the current width.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth): Deleted.
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.recalculateWidth):

* UserInterface/Views/VisualStyleDetailsPanel.js:
(WebInspector.VisualStyleDetailsPanel.prototype.widthDidChange):
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateDisplaySection):

* UserInterface/Views/VisualStyleUnitSlider.js:
(WebInspector.VisualStyleUnitSlider.prototype.recalculateWidth):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement Proxy.[[Construct]]
sbarati@apple.com [Sat, 20 Feb 2016 23:51:33 +0000 (23:51 +0000)]
[ES6] Implement Proxy.[[Construct]]
https://bugs.webkit.org/show_bug.cgi?id=154440

Reviewed by Oliver Hunt.

This patch is mostly an implementation of
Proxy.[[Construct]] with respect to section 9.5.13
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-construct-argumentslist-newtarget

This patch also changes op_create_this to accept new.target's
that aren't JSFunctions. This is necessary implementing Proxy.[[Construct]]
because we might construct a JSFunction with a new.target being
a Proxy. This will also be needed when we implement Reflect.construct.

* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::finishCreation):
(JSC::ProxyObject::visitChildren):
(JSC::performProxyConstruct):
(JSC::ProxyObject::getConstructData):
* runtime/ProxyObject.h:
* tests/es6.yaml:
* tests/stress/proxy-construct.js: Added.
(assert):
(throw.new.Error.let.target):
(throw.new.Error):
(assert.let.target):
(assert.let.handler.get construct):
(let.target):
(let.handler.construct):
(i.catch):
(assert.let.handler.construct):
(assert.let.construct):
(assert.else.assert.let.target):
(assert.else.assert.let.construct):
(assert.else.assert):
(new.proxy.let.target):
(new.proxy.let.construct):
(new.proxy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196868 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Visual Styles: Modifying background expands Font section
commit-queue@webkit.org [Sat, 20 Feb 2016 22:47:51 +0000 (22:47 +0000)]
Web Inspector: Visual Styles: Modifying background expands Font section
https://bugs.webkit.org/show_bug.cgi?id=154491
<rdar://problem/24755440>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-20
Reviewed by Timothy Hatcher.

When the user selects a new style, the Visual sidebar examines the property
editors in each subsection to see if any have a value and expands/collapses
the subsection accordingly. This issue was happening because that logic was
also being triggered when the user didn't select a new style, which is
controlled by DOMNodeStyles and the significantChange value in refresh().

* UserInterface/Base/Utilities.js:
(String.prototype.toCamelCase):
Added utility function to transform a string into a camel-cased version.

* UserInterface/Models/DOMNodeStyles.js:
(WebInspector.DOMNodeStyles.prototype.refresh.fetchedComputedStyle):
Dropped unused variable and added checks to make sure doubly-matching styles
don't count as a significant change and cause refreshes of the styles sidebar.

* UserInterface/Views/VisualStyleDetailsPanel.js:
(WebInspector.VisualStyleDetailsPanel.prototype._updateSections):
If this function has an event, meaning it was triggered by a newly selected
selector in the selector section, loop through each subsection and perform
the logic described above, but instead only to open sections.

(WebInspector.VisualStyleDetailsPanel.prototype._generateSection.replaceDashWithCapital): Deleted.
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
Removed logic that was already being called by _sectionModified().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196867 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWheel event callback removing the window causes crash in WebCore.
simon.fraser@apple.com [Sat, 20 Feb 2016 21:21:41 +0000 (21:21 +0000)]
Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.

Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

The new test triggered a cross-load side-effect, where wheel event filtering wasn't
reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
which resets the filtering.

Test: fast/events/wheel-event-destroys-frame.html

* page/EventHandler.cpp:
(WebCore::EventHandler::clear):
(WebCore::EventHandler::clearLatchedState):
* page/Frame.cpp:
(WebCore::Frame::setView): If the view doesn't change (e.g. was and is null)
don't bother clearing the event handler; should avoid EventHandler::clearLatchedState()
from accessing a deleted MainFrame.
* page/WheelEventDeltaFilter.cpp:
(WebCore::WheelEventDeltaFilter::filteredDelta):
* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::platformCompleteWheelEvent):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollTo):

LayoutTests:

* fast/events/wheel-event-destroys-frame-expected.txt: Added.
* fast/events/wheel-event-destroys-frame.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline inspector/model/remote-object.html for Mac after r196846
ryanhaddad@apple.com [Sat, 20 Feb 2016 19:51:05 +0000 (19:51 +0000)]
Rebaseline inspector/model/remote-object.html for Mac after r196846

Unreviewed test gardening.

* platform/mac/inspector/model/remote-object-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196865 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoResolve style iteratively
antti@apple.com [Sat, 20 Feb 2016 18:29:40 +0000 (18:29 +0000)]
Resolve style iteratively
https://bugs.webkit.org/show_bug.cgi?id=154355

Reviewed by Andreas Kling.

Instead of a set of recursive functions use ComposedTreeIterator for traversing the DOM
tree in composed tree order.

This, along with maintaining explicit parent stack makes style resolve code more tractable
for future work.

It also makes the ComposedTreeIterator the definite authority for the shape of the composed tree
instead of duplicating it as a set of recursive style resolve functions. This eliminates
a significant source of bugs and confusion.

The render tree building code path remains recursive for now.

* css/StyleInvalidationAnalysis.cpp:
(WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):

    Invalidate the host element instead of the shadow root. This reduces need for special handling for shadow roots.

* dom/ComposedTreeIterator.cpp:
(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::dropAssertions):

    Add support for dropping DOM mutation assertions.

(WebCore::ComposedTreeIterator::traverseShadowRoot):
* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
* dom/PseudoElement.h:
* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::TreeResolver::Scope::Scope):
(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::resetStyleForNonRenderedDescendants):
(WebCore::Style::pseudoStyleCacheIsInvalid):
(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::resolveTextNode):
(WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::TreeResolver::popParent):
(WebCore::Style::TreeResolver::popParentsToDepth):

    Maintain explicit parent stack.

(WebCore::Style::TreeResolver::resolveComposedTree):

    The main loop that iterates over the composed tree and computes style for dirty elements.

(WebCore::Style::TreeResolver::resolve):
(WebCore::Style::detachRenderTree):
(WebCore::Style::TreeResolver::resolveLocally): Deleted.
(WebCore::Style::TreeResolver::resolveChildAtShadowBoundary): Deleted.
(WebCore::Style::TreeResolver::resolveShadowTree): Deleted.
(WebCore::Style::TreeResolver::resolveChildren): Deleted.
(WebCore::Style::TreeResolver::resolveSlotAssignees): Deleted.
(WebCore::Style::TreeResolver::resolveRecursively): Deleted.

    Recursive functions go away.

* style/StyleTreeResolver.h:
(WebCore::Style::TreeResolver::scope):
(WebCore::Style::TreeResolver::parent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Text Align segmented control blinks while editing other properties...
commit-queue@webkit.org [Sat, 20 Feb 2016 18:16:37 +0000 (18:16 +0000)]
Web Inspector: Text Align segmented control blinks while editing other properties in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154487
<rdar://problem/24754703>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-20
Reviewed by Timothy Hatcher.

The icon list property editor blinking issue was caused by the fact that
the selected value was toggled on/off each time the value was set on the
editor. In order to prevent this, the logic for the setter value() was
modified to just match a keyword icon to the given value and select it.

* UserInterface/Views/VisualStyleKeywordIconList.js:
(WebInspector.VisualStyleKeywordIconList.prototype.set value):
(WebInspector.VisualStyleKeywordIconList.prototype._handleKeywordChanged):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196863 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION(r196780): Fake memory handler takes too long to run now.
akling@apple.com [Sat, 20 Feb 2016 17:02:16 +0000 (17:02 +0000)]
REGRESSION(r196780): Fake memory handler takes too long to run now.

Unreviewed bot fix.

Put the footprint comparison code behind a compile-time flag for now.
It's taking too long to run on bots, and memory is getting measured
before all the pressure relief code has a chance to run.

* platform/cocoa/MemoryPressureHandlerCocoa.mm:
(WebCore::MemoryPressureHandler::install):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDo not require UDate in LocaleICU with !ENABLE_DATE_AND_TIME_INPUT_TYPES
commit-queue@webkit.org [Sat, 20 Feb 2016 16:42:24 +0000 (16:42 +0000)]
Do not require UDate in LocaleICU with !ENABLE_DATE_AND_TIME_INPUT_TYPES
https://bugs.webkit.org/show_bug.cgi?id=154483

Patch by Olivier Blin <olivier.blin@softathome.com> on 2016-02-20
Reviewed by Michael Catanzaro.

Put initializeShortDateFormat(), dateFormat(), m_shortDateFormat and
m_didCreateShortDateFormat under flag, since they are only used by
code under the ENABLE_DATE_AND_TIME_INPUT_TYPES flag.

This helps to build with a light ICU that does not provide UDate
features (with UCONFIG_NO_FORMATTING).

* platform/text/LocaleICU.cpp:
(WebCore::LocaleICU::LocaleICU):
(WebCore::LocaleICU::~LocaleICU):
(WebCore::createFallbackMonthLabels): Deleted.
(WebCore::createFallbackAMPMLabels): Deleted.
* platform/text/LocaleICU.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove declaration of unimplemented methods in LocaleICU
commit-queue@webkit.org [Sat, 20 Feb 2016 16:31:28 +0000 (16:31 +0000)]
Remove declaration of unimplemented methods in LocaleICU
https://bugs.webkit.org/show_bug.cgi?id=154482

Patch by Olivier Blin <olivier.blin@softathome.com> on 2016-02-20
Reviewed by Michael Catanzaro.

detectSignAndGetDigitRange() and matchedDecimalSymbolIndex() are
implemented in PlatformLocale, not LocaleICU.

They were moved out from LocaleICU to NumberLocalizer in r124459
(2012), which has then been renamed as Localizer, then Locale, and
finally PlatformLocale.

* platform/text/LocaleICU.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196860 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Use ICU include dirs in WebKit2 and WebKitTestRunner
commit-queue@webkit.org [Sat, 20 Feb 2016 16:30:29 +0000 (16:30 +0000)]
[cmake] Use ICU include dirs in WebKit2 and WebKitTestRunner
https://bugs.webkit.org/show_bug.cgi?id=154479

Patch by Olivier Blin <olivier.blin@softathome.com> on 2016-02-20
Reviewed by Michael Catanzaro.

Source/WebKit2:

* CMakeLists.txt:

Tools:

* WebKitTestRunner/CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196859 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r196837.
commit-queue@webkit.org [Sat, 20 Feb 2016 11:01:15 +0000 (11:01 +0000)]
Unreviewed, rolling out r196837.
https://bugs.webkit.org/show_bug.cgi?id=154495

It caused a lot of crashes in EFL and GTK bots (Requested by
KaL on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196837

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196858 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Placeholder text in Visual Styles sidebar table row should be white
nvasilyev@apple.com [Sat, 20 Feb 2016 08:40:38 +0000 (08:40 +0000)]
Web Inspector: Placeholder text in Visual Styles sidebar table row should be white
https://bugs.webkit.org/show_bug.cgi?id=154488
<rdar://problem/24754715>

Reviewed by Timothy Hatcher.

* UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:
(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196857 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Fix debug build error since r196847
jh718.park@samsung.com [Sat, 20 Feb 2016 06:31:45 +0000 (06:31 +0000)]
Unreviewed. Fix debug build error since r196847

Fix gcc build warning appeared as below
by removing BASSERT(refCount <= maxRefCount).
error: comparison is always true due to limited range of data type
[-Werror=type-limits]

* bmalloc/SmallLine.h:
(bmalloc::SmallLine::ref): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196856 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Inherited selector rows have text too low
nvasilyev@apple.com [Sat, 20 Feb 2016 05:51:29 +0000 (05:51 +0000)]
Web Inspector: Inherited selector rows have text too low
https://bugs.webkit.org/show_bug.cgi?id=154489
<rdar://problem/24754774>

Reviewed by Timothy Hatcher.

* UserInterface/Views/VisualStyleSelectorSection.css:
(.details-section.visual-style-selector-section > .content > .selectors > .selector-list > .section-divider):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196855 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLand release assertions to help track down a possible HTMLCollection lifetime bug
cdumez@apple.com [Sat, 20 Feb 2016 04:41:06 +0000 (04:41 +0000)]
Land release assertions to help track down a possible HTMLCollection lifetime bug
https://bugs.webkit.org/show_bug.cgi?id=154490

Reviewed by Ryosuke Niwa.

Land release assertions to help track down a possible HTMLCollection
lifetime bug: <rdar://problem/24457478>.

* bindings/js/JSHTMLCollectionCustom.cpp:
(WebCore::JSHTMLCollection::getOwnPropertyNames):
* html/HTMLCollection.cpp:
(WebCore::HTMLCollection::HTMLCollection):
(WebCore::HTMLCollection::~HTMLCollection):
* html/HTMLCollection.h:
(WebCore::HTMLCollection::wasDeletionStarted):
* html/HTMLCollection.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196854 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/WebCore:
commit-queue@webkit.org [Sat, 20 Feb 2016 04:17:12 +0000 (04:17 +0000)]
Source/WebCore:
Bug 154366 - AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for equivalent visibly equivalent positions
https://bugs.webkit.org/show_bug.cgi?id=154366

Patch by Doug Russell <d_russell@apple.com> on 2016-02-19
Reviewed by Chris Fleizach.

Test: accessibility/mac/text-marker-line-boundary.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionForTextMarkerData):

LayoutTests:
Bug 154366: AX: AXObjectCache::visiblePositionForTextMarkerData() doesn't account for visibly equivalent positions
https://bugs.webkit.org/show_bug.cgi?id=154366

Patch by Doug Russell <d_russell@apple.com> on 2016-02-19
Reviewed by Chris Fleizach.

* accessibility/mac/text-marker-line-boundary-expected.txt: Added.
* accessibility/mac/text-marker-line-boundary.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196853 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Color picker in Visual Styles sidebar should not default to zero alpha
commit-queue@webkit.org [Sat, 20 Feb 2016 03:24:22 +0000 (03:24 +0000)]
Web Inspector: Color picker in Visual Styles sidebar should not default to zero alpha
https://bugs.webkit.org/show_bug.cgi?id=154474
<rdar://problem/24750217>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-19
Reviewed by Timothy Hatcher.

* UserInterface/Views/InlineSwatch.js:
(WebInspector.InlineSwatch.prototype._fallbackValue):
Changed the fallback value for color from transparent to white so that
the color picker starts out with an alpha value of 1.

(WebInspector.InlineSwatch.prototype._handleContextMenuEvent):
Prevents context menu events from having an effect if there is no value
for them to modify.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196852 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse more concrete types for parsing positions
simon.fraser@apple.com [Sat, 20 Feb 2016 02:47:08 +0000 (02:47 +0000)]
Use more concrete types for parsing positions
https://bugs.webkit.org/show_bug.cgi?id=154481

Reviewed by Dean Jackson.

Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
the need to downcast<> the values returned by the parsing functions.

* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parsePositionX):
(WebCore::CSSParser::parsePositionY):
(WebCore::CSSParser::parse4ValuesFillPosition):
(WebCore::CSSParser::parse3ValuesFillPosition):
(WebCore::CSSParser::parseFillPosition):
(WebCore::CSSParser::parse2ValuesFillPosition):
(WebCore::CSSParser::parseFillProperty):
(WebCore::CSSParser::parseTransformOriginShorthand):
(WebCore::CSSParser::parseBasicShapeCircle):
(WebCore::CSSParser::parseBasicShapeEllipse):
(WebCore::CSSParser::parseDeprecatedRadialGradient):
(WebCore::CSSParser::parseRadialGradient):
(WebCore::CSSParser::parseTransformOrigin):
(WebCore::CSSParser::parsePerspectiveOrigin):
* css/CSSParser.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196851 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[INTL] Implement Number Format Functions
sukolsak@gmail.com [Sat, 20 Feb 2016 01:58:06 +0000 (01:58 +0000)]
[INTL] Implement Number Format Functions
https://bugs.webkit.org/show_bug.cgi?id=147605

Reviewed by Darin Adler.

Source/JavaScriptCore:

This patch implements Intl.NumberFormat.prototype.format() according
to the ECMAScript 2015 Internationalization API spec (ECMA-402 2nd edition.)

* runtime/IntlNumberFormat.cpp:
(JSC::IntlNumberFormat::UNumberFormatDeleter::operator()):
(JSC::IntlNumberFormat::initializeNumberFormat):
(JSC::IntlNumberFormat::createNumberFormat):
(JSC::IntlNumberFormat::formatNumber):
(JSC::IntlNumberFormatFuncFormatNumber): Deleted.
* runtime/IntlNumberFormat.h:
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatFuncFormatNumber):

LayoutTests:

* js/intl-numberformat-expected.txt:
* js/intl-numberformat.html:
* js/number-toLocaleString-expected.txt:
* js/script-tests/intl-numberformat.js:
* js/script-tests/number-toLocaleString.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoJSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
barraclough@apple.com [Sat, 20 Feb 2016 01:51:48 +0000 (01:51 +0000)]
JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
https://bugs.webkit.org/show_bug.cgi?id=154416

Reviewed by Geoff Garen.

Source/JavaScriptCore:

Here's the bug. Suppose you call JSObject::getOwnProperty and -
  - PropertyName contains an index,
  - An object on the prototype chain overrides getOwnPropertySlot, and has that index property,
  - The base of the access (or another object on the prototype chain) shadows that property.

JSObject::getPropertySlot is written assuming the common case is that propertyName is not an
index, and as such walks up the prototype chain looking for non-index properties before it
tries calling parseIndex.

At the point we reach an object on the prototype chain overriding getOwnPropertySlot (which
would potentially return the property) we may have already skipped over non-overriding
objects that contain the property in index storage.

* runtime/JSObject.h:
(JSC::JSObject::getOwnNonIndexPropertySlot):
    - renamed from inlineGetOwnPropertySlot to better describe behaviour;
      added ASSERT guarding that this method never returns index properties -
      if it ever does, this is unsafe for getPropertySlot.
(JSC::JSObject::getOwnPropertySlot):
    - inlineGetOwnPropertySlot -> getOwnNonIndexPropertySlot.
(JSC::JSObject::getPropertySlot):
    - In case of object overriding getOwnPropertySlot check if propertyName is an index.
(JSC::JSObject::getNonIndexPropertySlot):
    - called by getPropertySlot if we encounter an object that overrides getOwnPropertySlot,
      in order to avoid repeated calls to parseIndex.
(JSC::JSObject::inlineGetOwnPropertySlot): Deleted.
    - this was renamed to getOwnNonIndexPropertySlot.
(JSC::JSObject::fastGetOwnPropertySlot): Deleted.
    - this was folded back in to getPropertySlot.

Source/WebCore:

* testing/Internals.cpp:
(WebCore::Internals::isReadableStreamDisturbed):
    - fastGetOwnPropertySlot -> getOwnPropertySlot
      (internal method removed; test shouldn't really have been using this anyway)

LayoutTests:

* js/index-property-shadows-overriden-get-own-property-slot-expected.txt: Added.
* js/index-property-shadows-overriden-get-own-property-slot.html: Added.
* js/script-tests/index-property-shadows-overriden-get-own-property-slot.js: Added.
(test):
    - added test case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196849 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebAutomationSession should tell its delegate when its remote end disconnects
bburg@apple.com [Sat, 20 Feb 2016 01:37:55 +0000 (01:37 +0000)]
WebAutomationSession should tell its delegate when its remote end disconnects
https://bugs.webkit.org/show_bug.cgi?id=154426
<rdar://problem/24732382>

Reviewed by Timothy Hatcher.

The client might want to free up resources or close spawned windows
if the remote end has disconnected from the automation session.

* UIProcess/API/APIAutomationSessionClient.h:
(API::AutomationSessionClient::didDisconnectFromRemote): Added.
(API::AutomationSessionClient::didRequestNewWindow):
Remove WebProcessPool* argument as it is never used.

* UIProcess/API/Cocoa/_WKAutomationSession.h:
* UIProcess/API/Cocoa/_WKAutomationSession.mm:
(-[_WKAutomationSession isPaired]):
Expose whether the session is paired with a remote end.

* UIProcess/API/Cocoa/_WKAutomationSessionDelegate.h: Add method.
* UIProcess/Cocoa/AutomationSessionClient.h: Add method.
Remove WebProcessPool* argument as it is never used.

* UIProcess/Cocoa/AutomationSessionClient.mm:
(WebKit::AutomationSessionClient::AutomationSessionClient):
(WebKit::AutomationSessionClient::didRequestNewWindow):
(WebKit::AutomationSessionClient::didDisconnectFromRemote):
Add necessary forwarding boilerplate.

* UIProcess/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::disconnect): Inform the client.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196848 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: Chunk, Page, and Line don't need to be class templates
ggaren@apple.com [Sat, 20 Feb 2016 01:06:49 +0000 (01:06 +0000)]
bmalloc: Chunk, Page, and Line don't need to be class templates
https://bugs.webkit.org/show_bug.cgi?id=154480

Reviewed by Gavin Barraclough.

We needed class templates to distinguish between small and medium,
but medium is gone now.

* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/Chunk.h: Removed.
* bmalloc/Heap.cpp:
(bmalloc::Heap::initializeLineMetadata):
(bmalloc::Heap::allocateSmallBumpRanges):
* bmalloc/Heap.h:
* bmalloc/Line.h: Removed.
* bmalloc/Page.h: Removed.
* bmalloc/Sizes.h:
* bmalloc/SmallChunk.h: Replaced with Source/bmalloc/bmalloc/Chunk.h.
(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages):
(bmalloc::SmallChunk::get):
(bmalloc::SmallLine::get):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::get):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Chunk::begin): Deleted.
(bmalloc::Chunk::end): Deleted.
(bmalloc::Chunk::lines): Deleted.
(bmalloc::Chunk::pages): Deleted.
* bmalloc/SmallLine.h: Replaced with Source/bmalloc/bmalloc/Line.h.
(bmalloc::SmallLine::ref):
(bmalloc::SmallLine::deref):
(bmalloc::Line<Traits>::begin): Deleted.
(bmalloc::Line<Traits>::end): Deleted.
(bmalloc::Line<Traits>::ref): Deleted.
(bmalloc::Line<Traits>::deref): Deleted.
* bmalloc/SmallPage.h: Replaced with Source/bmalloc/bmalloc/Page.h.
(bmalloc::SmallPage::hasFreeLines):
(bmalloc::SmallPage::setHasFreeLines):
(bmalloc::SmallPage::ref):
(bmalloc::SmallPage::deref):
(bmalloc::Page::hasFreeLines): Deleted.
(bmalloc::Page::setHasFreeLines): Deleted.
(bmalloc::Page<Traits>::ref): Deleted.
(bmalloc::Page<Traits>::deref): Deleted.
* bmalloc/SmallTraits.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHTMLFormElement.autocomplete should only return known values
cdumez@apple.com [Sat, 20 Feb 2016 00:09:11 +0000 (00:09 +0000)]
HTMLFormElement.autocomplete should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154247
<rdar://problem/24658195>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline a couple of W3C HTML tests now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:
* web-platform-tests/html/semantics/forms/the-form-element/form-autocomplete-expected.txt:

Source/WebCore:

Update HTMLFormElement.autocomplete to only return known values:
- https://html.spec.whatwg.org/multipage/forms.html#dom-form-autocomplete
- https://html.spec.whatwg.org/multipage/forms.html#attr-form-autocomplete

Also, update HTMLInputElement.autocomplete to fall back to using the form
owner's autocomplete attribute ("on" or "off") when it's autocomplete
attribute is omitted and the input element is wearing the "autofill
expectation mantle" (i.e. the input is not hidden). If there is no
form owner, the "on" value is used instead. This behavior is specified
in:
https://html.spec.whatwg.org/multipage/forms.html#autofilling-form-controls:-the-autocomplete-attribute:attr-fe-autocomplete-7

No new tests, already covered by existing tests.

* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::autocomplete):
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::setAutocomplete):
(WebCore::HTMLFormElement::autocomplete):
* html/HTMLFormElement.h:
* html/HTMLFormElement.idl:

LayoutTests:

Update test to expect Form.autocomplete to return "on" by
default instead of the empty string.

* fast/forms/autocomplete-expected.txt:
* fast/forms/autocomplete.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196846 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: Remove the concept of medium objects
ggaren@apple.com [Sat, 20 Feb 2016 00:03:56 +0000 (00:03 +0000)]
bmalloc: Remove the concept of medium objects
https://bugs.webkit.org/show_bug.cgi?id=154436

Reviewed by Sam Weinig.

There's no need to distinguish medium objects from small: Small object
metadata works naturally for both as long as we allow an object to
span more than two small lines. (We already allow an object to span
more than one small line.)

This change reduces memory use because it eliminates the 1kB line size,
so we don't have to hold down 1kB lines for individual 264+ byte objects.

1kB lines were always a bit of a compromise. The main point of bump
allocation is to take advantage of cache lines. Cache lines are usually
64 bytes, so line sizes above 256 bytes are a bit of a stretch.

This change speeds up small object benchmarks because it eliminates the
branch to detect medium objects in deallocation log processing.

This change reduces virtual memory use from worst cast 4X to worst case
2X because the medium chunk is gone. iOS cares about virtual memory use
and terminates apps above ~1GB, so this change gives us more breathing room.

This change slows down medium benchmarks a bit because we end up doing
more work to recycle fragmented medium objects. Overall, the tradeoff
seems justified, since we have a net speedup and a memory use savings.

* bmalloc.xcodeproj/project.pbxproj: Removed all the medium files. We
can simplify even further in a follow-up patch, removing the base class
templates for Chunk, Page, and Line as well.

* bmalloc/Allocator.cpp:
(bmalloc::Allocator::Allocator):
(bmalloc::Allocator::allocate):
(bmalloc::Allocator::reallocate):
(bmalloc::Allocator::scavenge):
(bmalloc::Allocator::refillAllocatorSlowCase):
(bmalloc::Allocator::refillAllocator):
(bmalloc::Allocator::allocateSlowCase): Medium is gone. Small max is the
new medium max.

* bmalloc/Allocator.h:
(bmalloc::Allocator::allocateFastCase): Ditto.

* bmalloc/BumpAllocator.h:
(bmalloc::BumpAllocator::validate):
(bmalloc::BumpAllocator::allocate): No more medium.

* bmalloc/Chunk.h: No more medium.

* bmalloc/Deallocator.cpp:
(bmalloc::Deallocator::processObjectLog): No check for medium. This is
a speedup.

(bmalloc::Deallocator::deallocateSlowCase): No more medium.

* bmalloc/Deallocator.h:
(bmalloc::Deallocator::deallocateFastCase): Ditto.

* bmalloc/Heap.cpp:
(bmalloc::Heap::initializeLineMetadata): The algorithm here changed from
iterating each line to iterating each object. This helps us accomodate
objects that might span more than two lines -- i.e., all objects between
(512 bytes, 1024 bytes].

(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Medium is gone.

(bmalloc::Heap::allocateSmallBumpRanges): Allow for lines that allocate
zero objects. This happens when an object spans more than two lines --
the middle lines allocate zero objects.

Also set the "has free lines" bit to false if we consume the last free
line. This needs to be a bit now because not all pages agree on their
maximum refcount anymore, so we need an explicit signal for the transition
from maximum to maximum - 1.

(bmalloc::Heap::allocateSmallPage): This code didn't change; I just removed
the medium code.

(bmalloc::Heap::deallocateSmallLine): Changed the algorithm to check
hasFreeLines. See allocateSmallBumpRanges.

(bmalloc::Heap::scavengeMediumPages): Deleted.
(bmalloc::Heap::allocateMediumBumpRanges): Deleted.
(bmalloc::Heap::allocateMediumPage): Deleted.
(bmalloc::Heap::deallocateMediumLine): Deleted.
* bmalloc/Heap.h:
(bmalloc::Heap::derefMediumLine): Deleted.

* bmalloc/LargeChunk.h:
(bmalloc::LargeChunk::get):
(bmalloc::LargeChunk::endTag):
* bmalloc/Line.h: No more medium.

* bmalloc/MediumChunk.h: Removed.
* bmalloc/MediumLine.h: Removed.
* bmalloc/MediumPage.h: Removed.
* bmalloc/MediumTraits.h: Removed.

* bmalloc/ObjectType.cpp:
(bmalloc::objectType):
* bmalloc/ObjectType.h:
(bmalloc::isSmall):
(bmalloc::isXLarge):
(bmalloc::isSmallOrMedium): Deleted.
(bmalloc::isMedium): Deleted. No more medium.

* bmalloc/Page.h:
(bmalloc::Page::sizeClass):
(bmalloc::Page::setSizeClass):
(bmalloc::Page::hasFreeLines):
(bmalloc::Page::setHasFreeLines): Add the free lines bit. You get better
codegen if you make it the low bit, since ref / deref can then add / sub
2. So do that.

* bmalloc/Sizes.h:
(bmalloc::Sizes::sizeClass): Expand the small size class to include the
medium size class.

* bmalloc/SuperChunk.h:
(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::mediumChunk): Deleted. No more medium.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::grow):
* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateSmallPage): Set the has free lines bit before
returning a Page to the Heap since this is the correct default state
when we first allocate a page.

(bmalloc::VMHeap::allocateMediumPage): Deleted.
(bmalloc::VMHeap::deallocateMediumPage): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196845 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Fixed link error when G_DEFINE_AUTOPTR_CLEANUP_FUNC is not defined.
commit-queue@webkit.org [Sat, 20 Feb 2016 00:01:51 +0000 (00:01 +0000)]
[GTK] Fixed link error when G_DEFINE_AUTOPTR_CLEANUP_FUNC is not defined.
https://bugs.webkit.org/show_bug.cgi?id=154467

Patch by Konstantin Tokarev <annulen@yandex.ru> on 2016-02-19
Reviewed by Michael Catanzaro.

* TestWebKitAPI/Tests/WebKit2Gtk/TestAutocleanups.cpp:
(beforeAll):
(afterAll):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196844 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: CSS var() function should be syntax highlighted
mattbaker@apple.com [Fri, 19 Feb 2016 23:56:26 +0000 (23:56 +0000)]
Web Inspector: CSS var() function should be syntax highlighted
https://bugs.webkit.org/show_bug.cgi?id=154406
<rdar://problem/24726136>

Reviewed by Timothy Hatcher.

* UserInterface/Models/CSSCompletions.js:
Added "var" to CodeMirror value keywords for syntax highlighting.

* UserInterface/Models/CSSKeywordCompletions.js:
(WebInspector.CSSKeywordCompletions.forProperty):
Added "var" to accepted keywords for auto-completion.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196843 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobmalloc: Unify VMHeap and Heap LargeObjects free lists to reduce fragmentation
msaboff@apple.com [Fri, 19 Feb 2016 23:27:40 +0000 (23:27 +0000)]
bmalloc: Unify VMHeap and Heap LargeObjects free lists to reduce fragmentation
https://bugs.webkit.org/show_bug.cgi?id=154192

Reviewed by Geoffrey Garen.

Change the operation of Heap and VMHeap LargeObject free lists.
Renamed Owner to VMState to track the state of each LargeObject.
    Physical - The pages have been allocated.
    Virtual - The pages have not been allocated.
    Mixed - The object contains a mixture of Physical and Virtual pages.
VMState uses one bit each for Physical and Virtual to simplify merging states
when merging two adjacent blocks.  This change enforces the rule that objects in
the Heap free list must have have the Physical bit set in their VMState while objects
in the VMHeap free list must have the Physical bit clear.  Thie means that the Heap
can have LargeObjects in Physical or Mixed VMState, but the VMHeap's free list can
only contain Virtual LargeObjects.

In both Heap::allocateLarge(), we now allocate physical pages if the LargeObject we
pull from the free list has any Virtual pages before we possilby split the
object.  When we merge objects, the result might be made up of Mixed page allocations.
When allocating a Mixed LargeObject, we need to allocate memory for them as well.
The scavenger deallocates both Physical and Mixed LargeObjects, placing them back into
the VMHeap's free list.

When we allocate or deallocate Mixed LargeObjects, there are pages that within these
objects that will be redundantly modified.  It would require additional metadata to
eliminate this redundancy.

* bmalloc.xcodeproj/project.pbxproj:
* bmalloc/BoundaryTag.h:
(bmalloc::BoundaryTag::vmState): New helper.
(bmalloc::BoundaryTag::setVMState): New helper.
(bmalloc::BoundaryTag::owner): Deleted.
(bmalloc::BoundaryTag::setOwner): Deleted.
* bmalloc/Heap.h:
(bmalloc::Heap::splitAndAllocate): New helpers.
* bmalloc/LargeObject.h:
(bmalloc::LargeObject::vmState): New helper.
(bmalloc::LargeObject::setVMState): New helper.

* bmalloc/Heap.cpp:
(bmalloc::Heap::splitAndAllocate): New helpers.
(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::deallocatePhysicalPages): Refactored from VMHeap::deallocateLargeObjectMemory.

* bmalloc/FreeList.cpp:
(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):
* bmalloc/FreeList.h:
(bmalloc::FreeList::FreeList):
(bmalloc::FreeList::push):
* bmalloc/Heap.cpp:
(bmalloc::Heap::Heap):
(bmalloc::Heap::scavengeLargeObjects):
* bmalloc/LargeObject.h:
(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::validateSelf):
* bmalloc/SegregatedFreeList.cpp:
(bmalloc::SegregatedFreeList::SegregatedFreeList): Changed to initialize our required Physical state.
* bmalloc/SegregatedFreeList.h:
(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):
Replaced Owner parameters and checks with VMState::HasPhysical.

* bmalloc/LargeObject.h:
(bmalloc::LargeObject::prevCanMerge): Removed owner from tests.
(bmalloc::LargeObject::nextCanMerge): Removed owner from tests.
(bmalloc::LargeObject::merge): Removed owner from tests.  Updated to merge VMStates andset the
VMState after the merge.

* bmalloc/LargeObject.h:
(bmalloc::LargeObject::owner): Deleted.
(bmalloc::LargeObject::setOwner): Deleted.

* bmalloc/Owner.h: Removed.

* bmalloc/VMAllocate.h:
(bmalloc::vmAllocatePhysicalPagesSloppy): Changed to round begin down to eliminate the left to right
allocation constraint.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::grow): Large space managed like small or medium as a vector of LargeChunks.
(bmalloc::VMHeap::VMHeap): Changed to initialize our required Physical state.

* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateLargeObject): These no longer allocate memory.
(bmalloc::VMHeap::deallocateLargeObject): Removed setOwner.  Now we set the VMState after any merges.

* bmalloc/VMState.h: Copied from Source/bmalloc/bmalloc/Owner.h.
(bmalloc::VMState::VMState):
(bmalloc::VMState::hasPhysical):
(bmalloc::VMState::hasVirtual):
(bmalloc::VMState::merge):
(bmalloc::VMState::operator ==):
(bmalloc::VMState::operator unsigned):
New class with various helpers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196840 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDrop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack
cdumez@apple.com [Fri, 19 Feb 2016 23:24:51 +0000 (23:24 +0000)]
Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack
https://bugs.webkit.org/show_bug.cgi?id=154477

Reviewed by Ryosuke Niwa.

Drop UnsafeVectorOverflow on ElementDescendantConstIterator::m_ancestorSiblingStack to
restore bounds checking.

Andreas already dropped in on ElementDescendantIterator::m_ancestorSiblingStack in
r178253 but did not update the "Const" counterpart.

* dom/ElementDescendantIterator.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196839 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWheel event callback removing the window causes crash in WebCore.
simon.fraser@apple.com [Fri, 19 Feb 2016 22:59:25 +0000 (22:59 +0000)]
Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.

Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

The new test triggered a cross-load side-effect, where wheel event filtering wasn't
reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
which resets the filtering.

Test: fast/events/wheel-event-destroys-frame.html

* page/EventHandler.cpp:
(WebCore::EventHandler::clear):
* page/WheelEventDeltaFilter.cpp:
(WebCore::WheelEventDeltaFilter::filteredDelta):
* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::platformCompleteWheelEvent):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollTo):

LayoutTests:

* fast/events/wheel-event-destroys-frame-expected.txt: Added.
* fast/events/wheel-event-destroys-frame.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196837 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement Proxy.[[Call]]
sbarati@apple.com [Fri, 19 Feb 2016 22:56:31 +0000 (22:56 +0000)]
[ES6] Implement Proxy.[[Call]]
https://bugs.webkit.org/show_bug.cgi?id=154425

Reviewed by Mark Lam.

This patch is a straight forward implementation of
Proxy.[[Call]] with respect to section 9.5.12
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-call-thisargument-argumentslist

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::performProxyCall):
(JSC::ProxyObject::getCallData):
(JSC::ProxyObject::visitChildren):
* runtime/ProxyObject.h:
(JSC::ProxyObject::create):
* tests/es6.yaml:
* tests/stress/proxy-call.js: Added.
(assert):
(throw.new.Error.let.target):
(throw.new.Error.let.handler.apply):
(throw.new.Error):
(assert.let.target):
(assert.let.handler.get apply):
(let.target):
(let.handler.apply):
(i.catch):
(assert.let.handler.apply):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196836 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
mmaxfield@apple.com [Fri, 19 Feb 2016 22:28:24 +0000 (22:28 +0000)]
[Win] [SVG -> OTF Converter] All uses of a font except the first one are invisible
https://bugs.webkit.org/show_bug.cgi?id=154465

Reviewed by Alex Christensen.

We should re-use the existing converted data if it exists.

Covered by existing tests.

* css/CSSFontFaceSource.cpp:
(WebCore::CSSFontFaceSource::font):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEnhance EditorState to include TypingAttributes, alignment, and color
bdakin@apple.com [Fri, 19 Feb 2016 22:15:09 +0000 (22:15 +0000)]
Enhance EditorState to include TypingAttributes, alignment, and color
https://bugs.webkit.org/show_bug.cgi?id=154424

Reviewed by Dean Jackson and Sam Weinig.

TypingAttributes is already available for iOS and GTK. This patch hooks
that up on Mac as well, and it moves the calculation of that to the shared
file since there is no reason for this to be written in an iOS-only way. This
patch also adds textColor and textAlignment to EditorState, and since those
are not technically platform-specific either, they are also calculated in the
shared editorState() function.

* Shared/EditorState.cpp:
(WebKit::EditorState::PostLayoutData::encode):
(WebKit::EditorState::PostLayoutData::decode):
* Shared/EditorState.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::editorState):
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::platformEditorState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoComposedTreeIterator traverses normal children for elements with empty shadow root
antti@apple.com [Fri, 19 Feb 2016 21:49:34 +0000 (21:49 +0000)]
ComposedTreeIterator traverses normal children for elements with empty shadow root
https://bugs.webkit.org/show_bug.cgi?id=154464

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-basic.html

* dom/ComposedTreeIterator.cpp:
(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::traverseShadowRoot):

    If the shadow root is empty continue by skipping the real children.

(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::composedTreeAsText):
(WebCore::ComposedTreeIterator::pushContext): Deleted.
* dom/ComposedTreeIterator.h:
(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::composedTreeChildren):
* testing/Internals.cpp:
(WebCore::Internals::composedTreeAsText):

    Testing support.

* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

* fast/shadow-dom/composed-tree-basic-expected.txt: Added.
* fast/shadow-dom/composed-tree-basic.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAnalysis tasks page complains about missing repository but with a wrong name
rniwa@webkit.org [Fri, 19 Feb 2016 21:12:40 +0000 (21:12 +0000)]
Analysis tasks page complains about missing repository but with a wrong name
https://bugs.webkit.org/show_bug.cgi?id=154468

Reviewed by Chris Dumez.

Fixed the bug by using the right variable in the template literal.

* public/v3/components/customizable-test-group-form.js:
(CustomizableTestGroupForm.prototype._computeRootSetMap): Use querySelector here since Chrome doesn't have
getElementsByClassName on ShadowRoot.
* public/v3/pages/analysis-task-page.js:
(AnalysisTaskPage.prototype._createTestGroupAfterVerifyingRootSetList): Use name which is the name of
repository here.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196832 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCo...
jer.noble@apple.com [Fri, 19 Feb 2016 21:04:56 +0000 (21:04 +0000)]
Adopt CachedRawResourceClient::shouldCacheResponse() in MediaResourceLoader and WebCoreNSURLSession
https://bugs.webkit.org/show_bug.cgi?id=154466

Reviewed by Alex Christensen.

Adopt the new shouldCacheResponse() callback so that byte-range
requests generated by WebCoreNSURLSession are not cached.

* loader/MediaResourceLoader.cpp:
(WebCore::MediaResource::shouldCacheResponse):
* loader/MediaResourceLoader.h:
* platform/graphics/PlatformMediaResourceLoader.h:
(WebCore::PlatformMediaResourceClient::shouldCacheResponse):
* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession downloadTaskWithRequest:]):
(-[WebCoreNSURLSession streamTaskWithHostName:port:]):
(-[WebCoreNSURLSession streamTaskWithNetService:]):
(-[WebCoreNSURLSessionDataTask _timingData]):
(-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRe-sync W3C web-platform-tests' html/dom/interfaces.html
cdumez@apple.com [Fri, 19 Feb 2016 21:02:43 +0000 (21:02 +0000)]
Re-sync W3C web-platform-tests' html/dom/interfaces.html
https://bugs.webkit.org/show_bug.cgi?id=154463

Reviewed by Ryosuke Niwa.

Re-sync W3C web-platform-tests' html/dom/interfaces.html after:
- https://github.com/w3c/web-platform-tests/pull/2588

* web-platform-tests/html/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/interfaces.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196830 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] CORS-compliant videos throw security errors when painting to Canvas
jer.noble@apple.com [Fri, 19 Feb 2016 19:46:19 +0000 (19:46 +0000)]
[Mac] CORS-compliant videos throw security errors when painting to Canvas
https://bugs.webkit.org/show_bug.cgi?id=154188
<rdar://problem/22959556>

Reviewed by Alex Christensen.

Pass the CORS access check results from WebCoreNSURLSession to it's client,
MediaPlayerPrivateAVFoundationObjC.

* WebCore.xcodeproj/project.pbxproj:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::didPassCORSAccessCheck): Ask the WebCoreNSURLSession.
* platform/network/cocoa/WebCoreNSURLSession.h:
* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession task:didReceiveCORSAccessCheckResult:]): Conditionally set _corsResults.
(-[WebCoreNSURLSession didPassCORSAccessChecks]): Return _corsResults.
(WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed): Call -resource:accessControlCheckFailedWithError:.
(WebCoreNSURLSessionDataTaskClient::loadFailed): Call -resource:loadFailedWithError:.
(-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Set _response within the delegate queue.
(-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]): Renamed from resourceFinished:
(-[WebCoreNSURLSessionDataTask resource:accessControlCheckFailedWithError:]): Ditto.
(-[WebCoreNSURLSessionDataTask resource:loadFailedWithError:]): Ditto.
(-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196827 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix.
cdumez@apple.com [Fri, 19 Feb 2016 19:12:51 +0000 (19:12 +0000)]
Unreviewed build fix.

* loader/cocoa/SubresourceLoaderCocoa.mm:
(WebCore::SubresourceLoader::willCacheResponse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196826 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Inconsistency between CharacterOffset and VisiblePostition
n_wang@apple.com [Fri, 19 Feb 2016 18:58:31 +0000 (18:58 +0000)]
AX: Inconsistency between CharacterOffset and VisiblePostition
https://bugs.webkit.org/show_bug.cgi?id=154431

Reviewed by Chris Fleizach.

Source/WebCore:

VoiceOver is not getting the correct text marker from VisiblePostition when
navigating using arrow keys. We should make the CharacterOffset behavior consistent
with VisiblePosition so that the conversion between the two won't create different
text markers.

Changes are covered in the modified tests.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::characterOffsetForTextMarkerData):
(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
(WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
(WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
(WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
(WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
(WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
(WebCore::AXObjectCache::nextCharacterOffset):
(WebCore::AXObjectCache::previousCharacterOffset):
(WebCore::AXObjectCache::startCharacterOffsetOfWord):
(WebCore::AXObjectCache::endCharacterOffsetOfWord):
(WebCore::AXObjectCache::previousWordStartCharacterOffset):
(WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
(WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
* accessibility/AXObjectCache.h:
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):

LayoutTests:

* accessibility/mac/text-marker-word-nav-expected.txt:
* accessibility/mac/text-marker-word-nav.html:
* accessibility/text-marker/text-marker-previous-next.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPurge as much as we can from WKDeprecatedFunctions.cpp
andersca@apple.com [Fri, 19 Feb 2016 18:06:32 +0000 (18:06 +0000)]
Purge as much as we can from WKDeprecatedFunctions.cpp
https://bugs.webkit.org/show_bug.cgi?id=154459

Reviewed by Sam Weinig.

* Shared/API/c/WKDeprecatedFunctions.cpp:
(WKArrayIsMutable): Deleted.
(WKPageSetVisibilityState): Deleted.
(WKDictionaryIsMutable): Deleted.
(WKDictionaryAddItem): Deleted.
(WKDictionaryRemoveItem): Deleted.
(WKPreferencesSetRegionBasedColumnsEnabled): Deleted.
(WKPreferencesGetRegionBasedColumnsEnabled): Deleted.
(WKPreferencesSetMultithreadedWebGLEnabled): Deleted.
(WKPreferencesGetMultithreadedWebGLEnabled): Deleted.
(WKPreferencesSetScreenFontSubstitutionEnabled): Deleted.
(WKPreferencesGetScreenFontSubstitutionEnabled): Deleted.
(WKInspectorIsDebuggingJavaScript): Deleted.
(WKInspectorToggleJavaScriptDebugging): Deleted.
(WKInspectorIsProfilingJavaScript): Deleted.
(WKInspectorToggleJavaScriptProfiling): Deleted.
(WKContextGetProcessModel): Deleted.
(WKGraphicsContextGetCGContext): Deleted.
(WKContextGetProcessSuppressionEnabled): Deleted.
(WKContextSetProcessSuppressionEnabled): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196823 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAllow CachedRawResource clients to opt out of caching on a per-response basis
jer.noble@apple.com [Fri, 19 Feb 2016 18:05:55 +0000 (18:05 +0000)]
Allow CachedRawResource clients to opt out of caching on a per-response basis
https://bugs.webkit.org/show_bug.cgi?id=154453

Reviewed by Brady Eidson.

For CF or NS networking clients, the system loader will ask whether the client (the
SubResourceLoader in this case) wants the response to be cached. This breaks for byte
range requests due to <rdar://problem/20001985>. Allow the SubresourceLoader to query
its clients, and return null, if they opt out.

* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::shouldCacheResponse):
* loader/cache/CachedRawResource.h:
* loader/cache/CachedRawResourceClient.h:
(WebCore::CachedRawResourceClient::shouldCacheResponse):
* loader/cache/CachedResource.h:
(WebCore::CachedResource::shouldCacheResponse):
* loader/cocoa/SubresourceLoaderCocoa.mm:
(WebCore::SubresourceLoader::willCacheResponse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd "databaseProcessDidCrash" to the WKContextClient; Adopt it in WKTR.
beidson@apple.com [Fri, 19 Feb 2016 17:35:52 +0000 (17:35 +0000)]
Add "databaseProcessDidCrash" to the WKContextClient; Adopt it in WKTR.
https://bugs.webkit.org/show_bug.cgi?id=154428

Reviewed by Jer Noble.

Source/WebKit2:

* UIProcess/API/C/WKContext.h:
* UIProcess/API/C/mac/WKContextPrivateMac.h:
* UIProcess/API/C/mac/WKContextPrivateMac.mm:
(WKContextGetDatabaseProcessIdentifier):

* UIProcess/WebContextClient.cpp:
(WebKit::WebContextClient::databaseProcessDidCrash):
* UIProcess/WebContextClient.h:

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::databaseProcessCrashed):
(WebKit::WebProcessPool::databaseProcessIdentifier):
* UIProcess/WebProcessPool.h:

Tools:

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::generatePageConfiguration):
(WTR::TestController::databaseProcessName):
(WTR::TestController::databaseProcessDidCrash):
* WebKitTestRunner/TestController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196821 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator...
ryanhaddad@apple.com [Fri, 19 Feb 2016 16:49:28 +0000 (16:49 +0000)]
Rebaseline imported/w3c/web-platform-tests/html/dom/interfaces.html for ios-simulator after r196797

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196820 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CSS Grid Layout Refactoring some layout tests
jfernandez@igalia.com [Fri, 19 Feb 2016 13:25:49 +0000 (13:25 +0000)]
[CSS Grid Layout Refactoring some layout tests
https://bugs.webkit.org/show_bug.cgi?id=154291

Refactored several tests so they use the shared sizing keywords
instead of specific CSS rules.

Reviewed by Sergio Villar Senin.

* fast/css-grid-layout/calc-resolution-grid-item.html:
* fast/css-grid-layout/flex-and-intrinsic-sizes-expected.txt:
* fast/css-grid-layout/flex-and-intrinsic-sizes.html:
* fast/css-grid-layout/grid-align-justify-margin-border-padding-vertical-lr.html:
* fast/css-grid-layout/grid-align-justify-margin-border-padding-vertical-rl.html:
* fast/css-grid-layout/grid-align-justify-margin-border-padding.html:
* fast/css-grid-layout/grid-align-justify-overflow.html:
* fast/css-grid-layout/grid-align-justify-stretch.html:
* fast/css-grid-layout/grid-align.html:
* fast/css-grid-layout/grid-columns-rows-get-set-multiple.html:
* fast/css-grid-layout/grid-columns-rows-get-set.html:
* fast/css-grid-layout/grid-container-margin-border-padding-scrollbar.html:
* fast/css-grid-layout/grid-content-alignment-and-self-alignment.html:
* fast/css-grid-layout/grid-content-alignment-overflow.html:
* fast/css-grid-layout/grid-content-alignment-with-span-vertical-lr.html:
* fast/css-grid-layout/grid-content-alignment-with-span-vertical-rl.html:
* fast/css-grid-layout/grid-content-alignment-with-span.html:
* fast/css-grid-layout/grid-element-change-columns-repaint.html:
* fast/css-grid-layout/grid-element-change-rows-repaint.html:
* fast/css-grid-layout/grid-element-repeat-get-set.html:
* fast/css-grid-layout/grid-gutters-and-alignment.html:
* fast/css-grid-layout/grid-item-auto-margins-alignment-vertical-lr.html:
* fast/css-grid-layout/grid-item-auto-margins-alignment-vertical-rl.html:
* fast/css-grid-layout/grid-item-auto-margins-alignment.html:
* fast/css-grid-layout/grid-item-auto-margins-and-stretch.html:
* fast/css-grid-layout/grid-item-auto-sized-align-justify-margin-border-padding.html:
* fast/css-grid-layout/grid-item-change-column-repaint.html:
* fast/css-grid-layout/grid-item-order-paint-order.html:
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-expected.txt: Added.
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-lr-expected.txt: Added.
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-lr.html: Added.
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-rl-expected.txt: Added.
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding-vertical-rl.html: Added.
* fast/css-grid-layout/grid-item-stretch-with-margins-borders-padding.html: Added.
* fast/css-grid-layout/grid-item-z-index-stacking-context-expected.html:
* fast/css-grid-layout/grid-item-z-index-stacking-context.html:
* fast/css-grid-layout/grid-items-should-not-be-stretched-when-height-or-width-or-margin-change.html:
* fast/css-grid-layout/grid-justify-content-distribution.html:
* fast/css-grid-layout/grid-justify-content-vertical-lr.html:
* fast/css-grid-layout/grid-justify-content-vertical-rl.html:
* fast/css-grid-layout/justify-self-cell.html:
* fast/css-grid-layout/min-width-height-auto-and-margins.html:
* fast/css-grid-layout/minmax-fixed-logical-height-only.html:
* fast/css-grid-layout/minmax-fixed-logical-width-only.html:
* fast/css-grid-layout/minmax-max-content-resolution-columns.html:
* fast/css-grid-layout/minmax-max-content-resolution-rows.html:
* fast/css-grid-layout/named-grid-line-get-set.html:
* fast/css-grid-layout/percent-grid-item-in-percent-grid-track-in-percent-grid.html:
* fast/css-grid-layout/percent-grid-item-in-percent-grid-track.html:
* fast/css-grid-layout/percent-of-indefinite-track-size-in-auto.html:
* fast/css-grid-layout/percent-of-indefinite-track-size.html:
* fast/css-grid-layout/percent-track-breadths-regarding-container-size.html:
* fast/css-grid-layout/place-cell-by-index.html:
* fast/css-grid-layout/resources/grid-alignment.css:
(.alignSelfCenterSafe):
(.alignSelfCenterUnsafe):
(.alignSelfEndSafe):
(.alignSelfEndUnsafe):
(.alignItemsAuto):
(.alignItemsStretch):
(.alignItemsStart):
(.alignItemsEnd):
(.alignItemsCenterSafe):
(.alignItemsCenterUnsafe):
(.alignItemsEndSafe):
(.alignItemsEndUnsafe):
(.justifySelfAuto):
(.justifySelfStretch):
(.justifySelfStart):
(.justifySelfCenter):
(.justifySelfEnd):
(.justifySelfRight):
(.justifySelfLeft):
(.justifySelfFlexStart):
(.justifySelfFlexEnd):
(.justifySelfSelfStart):
(.justifySelfSelfEnd):
(.justifySelfCenterSafe):
(.justifySelfCenterUnsafe):
(.justifyItemsAuto):
(.justifyItemsStretch):
(.justifyItemsStart):
(.justifyItemsCenter):
(.justifyItemsEnd):
(.justifyItemsCenterSafe):
(.justifyItemsCenterUnsafe):
(.justifyItemsEndSafe):
(.justifyItemsEndUnsafe):
(.selfStretch):
(.contentStart):
(.contentCenter):
(.contentEnd):
(.contentCenterSafe):
(.contentCenterUnsafe):
(.contentEndSafe):
(.contentEndUnsafe):
(.contentSpaceBetween):
(.contentSpaceAround):
(.contentSpaceEvenly):
(.contentStretch):
* fast/css-grid-layout/resources/grid.css:
(.verticalRL):
(.verticalLR):
(.horizontalTB):
(.horizontalBT):
(.inline-grid): Deleted.
(.firstRowFirstColumn): Deleted.
(.directionRTL): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196819 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBlocked plug-in placeholder is sometimes not shown.
zalan@apple.com [Fri, 19 Feb 2016 11:48:20 +0000 (11:48 +0000)]
Blocked plug-in placeholder is sometimes not shown.
https://bugs.webkit.org/show_bug.cgi?id=154434
<rdar://problem/22584973>

Reviewed by Brent Fulgham.

m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
(The reason why the indicator showed up most of the time was because some renderer
triggered repaint on the view.)

Unable to test.

* rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
(WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.
* rendering/RenderEmbeddedObject.h:
(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196813 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove more LLVM related dead code after r196729
ossy@webkit.org [Fri, 19 Feb 2016 11:30:18 +0000 (11:30 +0000)]
Remove more LLVM related dead code after r196729
https://bugs.webkit.org/show_bug.cgi?id=154387

Reviewed by Filip Pizlo.

* Configurations/CompileRuntimeToLLVMIR.xcconfig: Removed.
* Configurations/LLVMForJSC.xcconfig: Removed.
* JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.props: Removed.
* JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj: Removed.
* JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj.filters: Removed.
* JavaScriptCore.xcodeproj/project.pbxproj:
* disassembler/X86Disassembler.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix pessimizing-move warnings
ossy@webkit.org [Fri, 19 Feb 2016 10:49:00 +0000 (10:49 +0000)]
Fix pessimizing-move warnings
https://bugs.webkit.org/show_bug.cgi?id=154395

Reviewed by Michael Catanzaro.

* platform/graphics/efl/CairoUtilitiesEfl.cpp:
(WebCore::evasObjectFromCairoImageSurface):
* platform/graphics/surfaces/GLTransportSurface.cpp:
(WebCore::GLTransportSurface::createTransportSurface):
(WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196811 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd isJSString(JSCell*) variant to avoid Cell->JSValue->Cell conversion
commit-queue@webkit.org [Fri, 19 Feb 2016 10:39:34 +0000 (10:39 +0000)]
Add isJSString(JSCell*) variant to avoid Cell->JSValue->Cell conversion
https://bugs.webkit.org/show_bug.cgi?id=154442

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-19
Reviewed by Saam Barati.

* runtime/JSString.h:
(JSC::isJSString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196810 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GStreamer] clean-up various leaks
philn@webkit.org [Fri, 19 Feb 2016 10:30:08 +0000 (10:30 +0000)]
[GStreamer] clean-up various leaks
https://bugs.webkit.org/show_bug.cgi?id=154285

Reviewed by Carlos Garcia Campos.

* platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
(webkit_web_audio_src_init): Take full ownership of the GstTask.
* platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
(WTF::adoptGRef): Null pointer support in ASSERTs.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
(WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196809 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove unused SymbolTable::createNameScopeTable
commit-queue@webkit.org [Fri, 19 Feb 2016 10:17:20 +0000 (10:17 +0000)]
Remove unused SymbolTable::createNameScopeTable
https://bugs.webkit.org/show_bug.cgi?id=154443

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-19
Reviewed by Saam Barati.

* runtime/SymbolTable.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196808 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRevert to dispatching the popstate event synchronously
aestes@apple.com [Fri, 19 Feb 2016 09:29:44 +0000 (09:29 +0000)]
Revert to dispatching the popstate event synchronously
https://bugs.webkit.org/show_bug.cgi?id=153297
rdar://problem/24092294

Reviewed by Brent Fulgham.

Source/WebCore:

r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
r192369's changes to Document.cpp, but retains the new tests.

Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
frames from the document that will later be accessed by HistoryController::recursiveGoToItem().

To prevent the crashes, this change does two things:
1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
   loadInSameDocument() might otherwise delete it.
2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
   since calling goToItem() on one frame might cause another frame to be deleted.

Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

* dom/Document.cpp:
(WebCore::Document::enqueuePopstateEvent):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadSameDocumentItem):
* loader/HistoryController.cpp:
(WebCore::HistoryController::recursiveGoToItem):

LayoutTests:

Renamed and modified this test to expect synchronous dispatch.

* fast/loader/stateobjects/popstate-is-synchronous-expected.txt: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt.
* fast/loader/stateobjects/popstate-is-synchronous.html: Renamed from LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196807 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Fix GObject DOM bindings API break after r196769.
carlosgc@webkit.org [Fri, 19 Feb 2016 08:47:00 +0000 (08:47 +0000)]
Unreviewed. Fix GObject DOM bindings API break after r196769.

* html/HTMLTextAreaElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GStreamer] Bump internal jhbuild versions to 1.6.3
philn@webkit.org [Fri, 19 Feb 2016 08:09:57 +0000 (08:09 +0000)]
[GStreamer] Bump internal jhbuild versions to 1.6.3
https://bugs.webkit.org/show_bug.cgi?id=149594

Reviewed by Michael Catanzaro.

.:

* Source/cmake/FindGStreamer.cmake: Check gst-gl version for the latest stable release of GStreamer.

Tools:

* gtk/jhbuild.modules: Bump to GStreamer 1.6.3.
* gtk/patches/gst-plugins-bad-fix-faad2-version-check.patch: Removed.
* gtk/patches/gst-plugins-bad-remove-gnustep-support.patch: Removed.
* gtk/patches/gst-plugins-base-rtp-rtcpbuffer-fix-typo-in-enum.patch: Removed.

LayoutTests:

* platform/gtk/TestExpectations: Skipping new failing tests for now.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Limit the number of tiles according to the visible area
yoon@igalia.com [Fri, 19 Feb 2016 07:27:28 +0000 (07:27 +0000)]
[GTK] Limit the number of tiles according to the visible area
https://bugs.webkit.org/show_bug.cgi?id=126122

Reviewed by Carlos Garcia Campos.

Source/WebCore:

TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
means it creates the huge amount of textures if there is an excessively big
layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
drivers.

This patch modifies TextureMapperTiledBackingStore to take into account the
visible area with a coverage multiplier when creating tiles.

* platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
(WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
Set a flag to recalculate the visible area of the layer when there are
geometric changes.
(WebCore::GraphicsLayerTextureMapper::setContentsToImage):
(WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
(WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
(WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
(WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
(WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
(WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
Compute the inverse transform matrix to map a global visible are to
the local visible area.
(WebCore::clampToContentsRectIfRectIsInfinite):
(WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
* platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
(WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
In HiDPI, the directly composited image is uploaded to the unscaled
texture to reduce memory usages. So we should apply device scale
factor to render it correctly.
(WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
Create tiles which covered by visible rect with a coverage multiplier.

Source/WebKit2:

* WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:
(WebKit::LayerTreeHostGtk::initialize): Because we creates
nonCompositingLayer with a size of current view, we should not apply
the currently visible rect when creating / deleting tiles.
(WebKit::LayerTreeHostGtk::flushPendingLayerChanges): Passes the current
visible rect to the GraphicsLayers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExtend HashCountedSet with a method to efficiently set the count of an entry
bfulgham@apple.com [Fri, 19 Feb 2016 07:22:36 +0000 (07:22 +0000)]
Extend HashCountedSet with a method to efficiently set the count of an entry
https://bugs.webkit.org/show_bug.cgi?id=154352

Reviewed by Geoffrey Garen.

Source/WebCore:

Tested by new TestWebKitAPI tests.

* loader/ResourceLoadStatistics.cpp:
(WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

Source/WTF:

Tested by new TestWebKitAPI tests.

Update the HashCountedSet class with a new 'add' method to support efficient initialization of
the count of a given key. Also provide move and pointer template specializations to expand the
types of data that can be used as 'keys' in the HashCountedSet to match the underlying HashMap
implementation.

* wtf/HashCountedSet.h:
(WTF::Traits>::add): Added new overload supporting a supplied count.

Tools:

* TestWebKitAPI/CMakeLists.txt: Add new HashCountedSet test files.
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.
* TestWebKitAPI/Tests/WTF/HashCountedSet.cpp: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196802 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r196790.
commit-queue@webkit.org [Fri, 19 Feb 2016 06:56:55 +0000 (06:56 +0000)]
Unreviewed, rolling out r196790.
https://bugs.webkit.org/show_bug.cgi?id=154439

made fast/events/wheelevent-basic-actual.txt fail in WK2
(Requested by alexchristensen on #webkit).

Reverted changeset:

"Wheel event callback removing the window causes crash in
WebCore."
https://bugs.webkit.org/show_bug.cgi?id=150871
http://trac.webkit.org/changeset/196790

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r196791.
commit-queue@webkit.org [Fri, 19 Feb 2016 06:53:54 +0000 (06:53 +0000)]
Unreviewed, rolling out r196791.
https://bugs.webkit.org/show_bug.cgi?id=154438

broke windows build (Requested by alexchristensen on #webkit).

Reverted changeset:

"Extend HashCountedSet with a method to efficiently set the
count of an entry"
https://bugs.webkit.org/show_bug.cgi?id=154352
http://trac.webkit.org/changeset/196791

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Improve the instruction selection of Select
commit-queue@webkit.org [Fri, 19 Feb 2016 06:42:06 +0000 (06:42 +0000)]
[JSC] Improve the instruction selection of Select
https://bugs.webkit.org/show_bug.cgi?id=154432

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-18
Reviewed by Filip Pizlo.

Plenty of code but this patch is pretty dumb:
-On ARM64: use the 3 operand form of CSEL instead of forcing a source
 to be alised to the destination. This gives more freedom to the register
 allocator and it is one less Move to process per Select.
-On x86, introduce a fake 3 operands form and use aggressive aliasing
 to try to alias both sources to the destination.

 If aliasing succeed on the "elseCase", the condition of the Select
 is reverted in the MacroAssembler.

 If no aliasing is possible and we end up with 3 registers, the missing
 move instruction is generated by the MacroAssembler.

 The missing move is generated after testing the values because the destination
 can use the same register as one of the test operand.
 Experimental testing seems to indicate there is no macro-fusion on CMOV,
 there is no measurable cost to having the move there.

* assembler/MacroAssembler.h:
(JSC::MacroAssembler::isInvertible):
(JSC::MacroAssembler::invert):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::moveConditionallyDouble):
(JSC::MacroAssemblerARM64::moveConditionallyFloat):
(JSC::MacroAssemblerARM64::moveConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveConditionally64):
(JSC::MacroAssemblerARM64::moveConditionallyTest32):
(JSC::MacroAssemblerARM64::moveConditionallyTest64):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::moveConditionallyDouble):
(JSC::MacroAssemblerX86Common::moveConditionallyFloat):
(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveConditionallyTest32):
(JSC::MacroAssemblerX86Common::invert):
(JSC::MacroAssemblerX86Common::isInvertible):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::moveConditionally64):
(JSC::MacroAssemblerX86_64::moveConditionallyTest64):
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::createSelect):
(JSC::B3::Air::LowerToAir::lower):
* b3/air/AirInstInlines.h:
(JSC::B3::Air::Inst::shouldTryAliasingDef):
* b3/air/AirOpcode.opcodes:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196799 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Styles Sidebar focus jumps when trying to edit a color
commit-queue@webkit.org [Fri, 19 Feb 2016 05:26:53 +0000 (05:26 +0000)]
Web Inspector: Styles Sidebar focus jumps when trying to edit a color
https://bugs.webkit.org/show_bug.cgi?id=154404
<rdar://problem/24725744>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-02-18
Reviewed by Timothy Hatcher.

Clicking an inline swatch in the CSS Rules sidebar causes any focused
editor, if any, to become blurred and therefore fire its handler function.
This causes an issue because when a CodeMirror instance in the styles
sidebar becomes blurred, it is possible for the entire Rules sidebar to
refresh and recreate all of the sections (r187714), meaning that it will
reselect whatever editor was previously selected before the refresh,
causing the swatch popup to be blurred and therefore dismiss.

* UserInterface/Views/CSSStyleDeclarationSection.js:
(WebInspector.CSSStyleDeclarationSection.prototype.cssStyleDeclarationTextEditorBlurActiveEditor):

* UserInterface/Views/CSSStyleDeclarationTextEditor.js:
(WebInspector.CSSStyleDeclarationTextEditor.prototype._createInlineSwatches.createSwatch):
(WebInspector.CSSStyleDeclarationTextEditor.prototype._inlineSwatchBeforeClicked):
Add listener for new event and call to delegate function for handling it.

* UserInterface/Views/InlineSwatch.js:
(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now fires an event before the clicked logic happens, but still after the
click event is fired on the element.

* UserInterface/Views/RulesStyleDetailsPanel.js:
(WebInspector.RulesStyleDetailsPanel.prototype.cssStyleDeclarationSectionBlurActiveEditor):
Clears the previously focused editor so when a reset happens no editor
is refocused.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196798 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agowindow.history / window.navigator should not be replaceable
cdumez@apple.com [Fri, 19 Feb 2016 05:17:32 +0000 (05:17 +0000)]
window.history / window.navigator should not be replaceable
https://bugs.webkit.org/show_bug.cgi?id=154412

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

window.history / window.navigator should not be replaceable as per
the latest HTML specification:
https://html.spec.whatwg.org/multipage/browsers.html#the-window-object

Firefox and Chrome already match the specification. This patch aligns
our behavior.

No new tests, already covered by existing tests.

* page/DOMWindow.idl:

LayoutTests:

Update / rebaseline existing tests now that window.history and
window.navigator are no longer replaceable.

* fast/dom/Window/get-set-properties-expected.txt:
* fast/dom/Window/get-set-properties.html:
* fast/dom/Window/window-property-shadowing-expected.txt:
* fast/dom/Window/window-property-shadowing.html:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html:
* js/dom/var-declarations-shadowing-expected.txt:
* js/dom/var-declarations-shadowing.html:
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CMake][GTK] Clean up llvm guard in PlatformGTK.cmake
gyuyoung.kim@webkit.org [Fri, 19 Feb 2016 05:12:02 +0000 (05:12 +0000)]
[CMake][GTK] Clean up llvm guard in PlatformGTK.cmake
https://bugs.webkit.org/show_bug.cgi?id=154430

Reviewed by Saam Barati.

llvm isn't used anymore.

* PlatformGTK.cmake: Remove USE_LLVM_DISASSEMBLER guard.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRevert an unintended change made in the previous commit.
rniwa@webkit.org [Fri, 19 Feb 2016 04:25:12 +0000 (04:25 +0000)]
Revert an unintended change made in the previous commit.

* init-database.sql:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196795 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPerf dashboard should let user cancel pending A/B testing and hide failed ones
rniwa@webkit.org [Fri, 19 Feb 2016 04:18:27 +0000 (04:18 +0000)]
Perf dashboard should let user cancel pending A/B testing and hide failed ones
https://bugs.webkit.org/show_bug.cgi?id=154433

Reviewed by Chris Dumez.

Added a button to hide a test group in the details view (the bottom table) in the analysis task page, and
"Show hidden tests" link to show the hidden test groups on demand. When a test group is hidden, all pending
requests in the group will also be canceled since a common scenario of using this feature is that the user
had triggered an useless A/B testing; e.g. all builds will fail, wrong, etc... We can revisit and add the
capability to just cancel the pending requests and leaving the group visible later if necessary.

Run `ALTER TYPE build_request_status_type ADD VALUE 'canceled';` to add the new type.

* init-database.sql: Added testgroup_hidden column to analysis_test_groups table and added 'canceled'
as a value to build_request_status_type table.
* public/api/test-groups.php:
(format_test_group): Added 'hidden' field in the JSON result.
* public/privileged-api/update-test-group.php:
(main): Added the support for updating testgroup_hidden column. When this column is set to true, also
cancel all pending build requests (by setting its request_status to 'canceled' which will be ignore by
the syncing script).
* public/v3/components/test-group-results-table.js:
(TestGroupResultsTable.prototype.setTestGroup): Reset _renderedTestGroup here so that the next call to
render() will update the table; e.g. when build requests' status change from 'Pending' to 'Canceled'.
* public/v3/models/build-request.js:
(BuildRequest.prototype.hasCompleted): A build request is considered complete/finished if it's canceled.
(BuildRequest.prototype.hasPending): Added.
(BuildRequest.prototype.statusLabel): Handle 'canceled' status.
* public/v3/models/test-group.js:
(TestGroup):
(TestGroup.prototype.updateSingleton): Added to update 'hidden' field.
(TestGroup.prototype.isHidden): Added.
(TestGroup.prototype.hasPending): Added.
(TestGroup.prototype.hasPending): Added.
(TestGroup.prototype.updateHiddenFlag): Added. Uses the privileged API to update testgroup_hidden column.
The JSON API also updates the status of the 'pending' build requests in the group to 'canceled'.
* public/v3/pages/analysis-task-page.js:
(AnalysisTaskPage): Added _showHiddenTestGroups and _filteredTestGroups as instance variables.
(AnalysisTaskPage.prototype._didFetchTestGroups):
(AnalysisTaskPage.prototype._showAllTestGroups): Added.
(AnalysisTaskPage.prototype._didUpdateTestGroupHiddenState): Extracted from _didFetchTestGroups.
(AnalysisTaskPage.prototype._renderTestGroupList): Use the filtered list of test groups to show the list
of test groups. When all test groups are shown, we would first show the hidden ones after the regular ones.
(AnalysisTaskPage.prototype._createTestGroupListItem): Extracted from _renderTestGroupList.
(AnalysisTaskPage.prototype._renderTestGroupDetails): Update the text inside the button to hide the test
group. Also show a warning text that the pending requests will be canceled if there are any.
(AnalysisTaskPage.prototype._hideCurrentTestGroup): Added.
(AnalysisTaskPage.cssTemplate): Updated the style.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196794 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHTMLTableHeaderCellElement.scope should only return known values
cdumez@apple.com [Fri, 19 Feb 2016 02:45:50 +0000 (02:45 +0000)]
HTMLTableHeaderCellElement.scope should only return known values
https://bugs.webkit.org/show_bug.cgi?id=154423
<rdar://problem/24731018>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

HTMLTableHeaderCellElement.scope should only return known values as per:
- https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope

Known values are document here:
- https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope

No new tests, already covered by existing test.

* CMakeLists.txt:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.vcxproj/WebCore.vcxproj.filters:
* WebCore.xcodeproj/project.pbxproj:
* html/HTMLElementsAllInOne.cpp:
* html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
(WebCore::HTMLTableHeaderCellElement::scope):
(WebCore::HTMLTableHeaderCellElement::setScope):
* html/HTMLTableHeaderCellElement.h:
* html/HTMLTableHeaderCellElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThe rows in the analysis results table should be expandable
rniwa@webkit.org [Fri, 19 Feb 2016 02:44:34 +0000 (02:44 +0000)]
The rows in the analysis results table should be expandable
https://bugs.webkit.org/show_bug.cgi?id=154427

Reviewed by Chris Dumez.

Added "(Expand)" link between rows that have hidden points. Upon click it inserts the hidden rows.

We insert around five rows at a time when there are hundreds of hidden points but we also avoid leaving
behind expandable rows of less than two rows.

Also fixed a bug in CustomizableTestGroupForm that getElementsById would throw in the shipping Safari
because getElementsById doesn't exist on Element.prototype by using class name instead.

* public/v3/components/analysis-results-viewer.js:
(AnalysisResultsViewer):
(AnalysisResultsViewer.prototype.setCurrentTestGroup): Removed superfluous call to render().
(AnalysisResultsViewer.prototype.setPoints): Always show the start and the end points.
(AnalysisResultsViewer.prototype.buildRowGroups):
(AnalysisResultsViewer.prototype._buildRowsForPointsAndTestGroups): Add an instance of ExpandableRow which
shows a "(Expand)" link to show hidden rows here.
(AnalysisResultsViewer.prototype._expandBetween): Added. Expands rows between two points.
(AnalysisResultsViewer.cssTemplate): Added rules for "(Expand)" links.
(AnalysisResultsViewer.ExpandableRow): Added.
(AnalysisResultsViewer.ExpandableRow.prototype.resultContent): Added. Overrides what's in the results column.
(AnalysisResultsViewer.ExpandableRow.prototype.heading): Added. Generates "(Expand)" link.

* public/v3/components/customizable-test-group-form.js:
(CustomizableTestGroupForm.prototype._computeRootSetMap): Use getElementsByClassName instead of
getElementById.
(CustomizableTestGroupForm.prototype._classForLabelAndRepository): Renamed from _idForLabelAndRepository.
(CustomizableTestGroupForm._constructRevisionRadioButtons): Set class name instead of id.

* public/v3/components/results-table.js:
(ResultsTable.prototype.render): Don't generate radio buttons to select a row when root set is missing;
e.g. for rows that show "(Expand)" links.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExtend HashCountedSet with a method to efficiently set the count of an entry
bfulgham@apple.com [Fri, 19 Feb 2016 01:14:07 +0000 (01:14 +0000)]
Extend HashCountedSet with a method to efficiently set the count of an entry
https://bugs.webkit.org/show_bug.cgi?id=154352

Reviewed by Geoffrey Garen.

Source/WebCore:

Tested by new TestWebKitAPI tests.

* loader/ResourceLoadStatistics.cpp:
(WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

Source/WTF:

Tested by new TestWebKitAPI tests.

Update the HashCountedSet class with a new 'add' method to support efficient initialization of
the count of a given key. Also provide move and pointer template specializations to expand the
types of data that can be used as 'keys' in the HashCountedSet to match the underlying HashMap
implementation.

* wtf/HashCountedSet.h:
(WTF::Traits>::add): Added new overload supporting a supplied count.

Tools:

* TestWebKitAPI/CMakeLists.txt: Add new HashCountedSet test files.
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.
* TestWebKitAPI/Tests/WTF/HashCountedSet.cpp: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWheel event callback removing the window causes crash in WebCore.
simon.fraser@apple.com [Fri, 19 Feb 2016 01:13:15 +0000 (01:13 +0000)]
Wheel event callback removing the window causes crash in WebCore.
https://bugs.webkit.org/show_bug.cgi?id=150871

Reviewed by Brent Fulgham.
Source/WebCore:

Null check the FrameView before using it, since the iframe may have been removed
from its parent document inside the event handler.

Test: fast/events/wheel-event-destroys-frame.html

* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::platformCompleteWheelEvent):

LayoutTests:

* fast/events/wheel-event-destroys-frame-expected.txt: Added.
* fast/events/wheel-event-destroys-frame.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement Proxy.[[HasProperty]]
sbarati@apple.com [Fri, 19 Feb 2016 01:07:37 +0000 (01:07 +0000)]
Implement Proxy.[[HasProperty]]
https://bugs.webkit.org/show_bug.cgi?id=154313

Reviewed by Filip Pizlo.

This patch is a straight forward implementation of
Proxy.[[HasProperty]] with respect to section 9.5.7
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-hasproperty-p

* runtime/ProxyObject.cpp:
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
* runtime/ProxyObject.h:
* tests/es6.yaml:
* tests/stress/proxy-basic.js:
(assert):
(let.handler.has):
* tests/stress/proxy-has-property.js: Added.
(assert):
(throw.new.Error.let.handler.get has):
(throw.new.Error):
(assert.let.handler.has):
(let.handler.has):
(getOwnPropertyDescriptor):
(i.catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add Native Parameter Lists to Console prototype functions
commit-queue@webkit.org [Fri, 19 Feb 2016 01:03:13 +0000 (01:03 +0000)]
Web Inspector: Add Native Parameter Lists to Console prototype functions
https://bugs.webkit.org/show_bug.cgi?id=154419
<rdar://problem/24730314>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-02-18
Reviewed by Timothy Hatcher.

* UserInterface/Models/NativeFunctionParameters.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStatistically significant A/B testing results should be color coded in details view
rniwa@webkit.org [Fri, 19 Feb 2016 00:51:46 +0000 (00:51 +0000)]
Statistically significant A/B testing results should be color coded in details view
https://bugs.webkit.org/show_bug.cgi?id=154414

Reviewed by Chris Dumez.

Color code the statistically significant comparisions in TestGroupResultsTable as done in the analysis
results viewer.

* public/v3/components/customizable-test-group-form.js:
(CustomizableTestGroupForm.cssTemplate): Build fix after r196768.
* public/v3/components/test-group-results-table.js:
(TestGroupResultsTable.prototype.buildRowGroups): Add the status as a class name.
(TestGroupResultsTable.cssTemplate): Added styles to color-code statistically significant results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: Fix IDBGetResult encoder/decoder.
beidson@apple.com [Fri, 19 Feb 2016 00:42:01 +0000 (00:42 +0000)]
Modern IDB: Fix IDBGetResult encoder/decoder.
https://bugs.webkit.org/show_bug.cgi?id=154421

Reviewed by Alex Christensen.

No new tests, as Modern IDB is still disabled for WK2.

But if you manually enable it, "Basic IndexedDB Seems To Work"

Source/WebCore:

* Modules/indexeddb/IDBGetResult.h:
(WebCore::IDBGetResult::encode):
(WebCore::IDBGetResult::decode):

Source/WebKit2:

* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<IDBGetResult>::encode): Deleted.
(IPC::ArgumentCoder<IDBGetResult>::decode): Deleted.
* Shared/WebCoreArgumentCoders.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196786 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoProxy's don't properly handle Symbols as PropertyKeys.
sbarati@apple.com [Fri, 19 Feb 2016 00:27:15 +0000 (00:27 +0000)]
Proxy's don't properly handle Symbols as PropertyKeys.
https://bugs.webkit.org/show_bug.cgi?id=154385

Reviewed by Mark Lam and Yusuke Suzuki.

We were converting all PropertyKeys to strings, even when
the PropertyName was a Symbol. In the spec, PropertyKeys are
either a Symbol or a String. We now respect that in Proxy.[[Get]] and
Proxy.[[GetOwnProperty]].

* runtime/Completion.cpp:
(JSC::profiledEvaluate):
(JSC::createSymbolForEntryPointModule):
(JSC::identifierToJSValue): Deleted.
* runtime/Identifier.h:
(JSC::parseIndex):
* runtime/IdentifierInlines.h:
(JSC::Identifier::fromString):
(JSC::identifierToJSValue):
(JSC::identifierToSafePublicJSValue):
* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
* tests/es6.yaml:
* tests/stress/proxy-basic.js:
(let.handler.getOwnPropertyDescriptor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAddressing post-review comments after r196747.
mmaxfield@apple.com [Fri, 19 Feb 2016 00:03:58 +0000 (00:03 +0000)]
Addressing post-review comments after r196747.

Unreviewed.

* css/CSSFontFaceSet.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::size):
(WebCore::FontFaceSet::clear):
* css/FontFaceSet.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago.:
andersca@apple.com [Fri, 19 Feb 2016 00:01:32 +0000 (00:01 +0000)]
.:
Get rid of the "All Source (target WebProcess)" scheme.

Rubber-stamped by Dan Bernstein.

* WebKit.xcworkspace/xcshareddata/xcschemes/All Source (target WebProcess).xcscheme: Removed.

Tools:
Get rid of the --target-web-process and --use-web-process-xpc-service options.

Rubber-stamped by Dan Bernstein.

We now always use XPC, and --target-web-process is no longer supported.

* Scripts/webkitdirs.pm:
(execMacWebKitAppForDebugging):
(shouldTargetWebProcess): Deleted.
(determineShouldTargetWebProcess): Deleted.
(shouldUseXPCServiceForWebProcess): Deleted.
(determineShouldUseXPCServiceForWebProcess): Deleted.
(printHelpAndExitForRunAndDebugWebKitAppIfNeeded): Deleted.
(argumentsForRunAndDebugMacWebKitApp): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196783 268f45cc-cd09-0410-ab3c-d52691b4dbfc