WebKit-https.git
9 years ago2011-01-30 Simon Fraser <simon.fraser@apple.com>
simon.fraser@apple.com [Mon, 31 Jan 2011 00:44:18 +0000 (00:44 +0000)]
2011-01-30  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Sam Weinig.

        Make ContextShadow code cross-platform
        https://bugs.webkit.org/show_bug.cgi?id=51312

        Add a new class, ShadowBlur, that contains most of the
        code from ContextShadow, but is fully cross-platform.
        It depends on one new method, GraphicsContext::clipBounds(),
        which platforms will have to implement.

        Add ShadowBlur to the Mac Xcode project, but don't use it
        anywhere yet.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::clipBounds):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/ShadowBlur.cpp: Added.
        (WebCore::roundUpToMultipleOf32):
        (WebCore::ScratchBuffer::ScratchBuffer):
        (WebCore::ScratchBuffer::getScratchBuffer):
        (WebCore::ScratchBuffer::scheduleScratchBufferPurge):
        (WebCore::ScratchBuffer::timerFired):
        (WebCore::ScratchBuffer::clearScratchBuffer):
        (WebCore::ScratchBuffer::shared):
        (WebCore::ShadowBlur::ShadowBlur):
        (WebCore::ShadowBlur::blurLayerImage):
        (WebCore::ShadowBlur::adjustBlurDistance):
        (WebCore::ShadowBlur::calculateLayerBoundingRect):
        (WebCore::ShadowBlur::beginShadowLayer):
        (WebCore::ShadowBlur::endShadowLayer):
        (WebCore::ShadowBlur::drawRectShadow):
        (WebCore::ShadowBlur::drawRectShadowWithoutTiling):
        (WebCore::ShadowBlur::drawRectShadowWithTiling):
        (WebCore::ShadowBlur::clipBounds):
        * platform/graphics/ShadowBlur.h: Added.
        (WebCore::ShadowBlur::setShadowsIgnoreTransforms):
        (WebCore::ShadowBlur::shadowsIgnoreTransforms):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::clipBounds):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77097 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sun, 30 Jan 2011 23:32:23 +0000 (23:32 +0000)]
2011-01-30  Dirk Pranke  <dpranke@chromium.org>

        Unreviewed, build fix.

        Fix regression introduced in r77093 - path.rsplit() doesn't
        take keyword arguments.

        https://bugs.webkit.org/show_bug.cgi?id=53326

        * Scripts/webkitpy/common/system/filesystem_mock.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77096 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sun, 30 Jan 2011 23:16:26 +0000 (23:16 +0000)]
2011-01-30  Dirk Pranke  <dpranke@chromium.org>

        Reviewed by Mihai Parparita.

        Add more unit tests for rebaseline-chromium-webkit-tests. This
        change involves restructuring a bunch of r-c-w-t code to make it
        more testable as well. We also add wrapper classes for handling
        testing zip files and fetching URLs.

        https://bugs.webkit.org/show_bug.cgi?id=53040

        * Scripts/webkitpy/common/system/urlfetcher.py:
        * Scripts/webkitpy/common/system/urlfetcher_mock.py:
        * Scripts/webkitpy/common/system/zipfileset_mock.py:
        * Scripts/webkitpy/layout_tests/rebaseline_chromium_webkit_tests.py:
        * Scripts/webkitpy/layout_tests/rebaseline_chromium_webkit_tests_unittest.py:
        * Scripts/webkitpy/tool/mocktool.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Sun, 30 Jan 2011 23:07:11 +0000 (23:07 +0000)]
2011-01-30  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Filter all Heap collection through a common reset function, in
        preparation for adding features triggered by collection.
        https://bugs.webkit.org/show_bug.cgi?id=53396

        SunSpider reports no change.

        * runtime/Heap.cpp:
        (JSC::Heap::reportExtraMemoryCostSlowCase): When we're over the extraCost
        limit, just call collectAllGarbage() instead of rolling our own special
        way of resetting the heap. In theory, this may be slower in some cases,
        but it also fixes cases of pathological heap growth that we've seen,
        where the only objects being allocated are temporary and huge
        (<rdar://problem/8885843>).

        (JSC::Heap::allocate):
        (JSC::Heap::collectAllGarbage): Use the shared reset function.

        (JSC::Heap::reset):
        * runtime/Heap.h: Carved a new shared reset function out of the old
        collectAllGarbage.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77094 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sun, 30 Jan 2011 23:07:06 +0000 (23:07 +0000)]
2011-01-30  Dirk Pranke  <dpranke@chromium.org>

        Reviewed by Eric Seidel.

        Clean up of the filesystem-related modules used in webkitpy.
        I've added relpath() to the filesystem interface, modified
        ospath.relpath() so that it could work with the filesystem
        interface, and modified the fileset* routines to use the
        filesystem interface consistently.

        This patch also adds a close() routine to the fileset routines
        to indicate that the caller is done with the fileset. This
        allows zipfileset to clean up after itself when it creates
        tempfiles to store downloads.

        https://bugs.webkit.org/show_bug.cgi?id=53326

        * Scripts/webkitpy/common/system/directoryfileset.py:
        * Scripts/webkitpy/common/system/fileset.py:
        * Scripts/webkitpy/common/system/filesystem.py:
        * Scripts/webkitpy/common/system/filesystem_mock.py:
        * Scripts/webkitpy/common/system/filesystem_unittest.py:
        * Scripts/webkitpy/common/system/ospath.py:
        * Scripts/webkitpy/common/system/zipfileset.py:
        * Scripts/webkitpy/common/system/zipfileset_unittest.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77093 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Balazs Kelemen <kbalazs@webkit.org>
kbalazs@webkit.org [Sun, 30 Jan 2011 20:25:33 +0000 (20:25 +0000)]
2011-01-30  Balazs Kelemen  <kbalazs@webkit.org>

        Reviewed by Csaba Osztrogonác.

        [Qt][WK2]REGRESSION (r76991): Fix build errors
        https://bugs.webkit.org/show_bug.cgi?id=53400

        Revert the temporary build fix (http://trac.webkit.org/changeset/77088)
        and remove WebKit2Prefix.h from the build.
        * UIProcess/API/qt/qwkhistory.h:
        * UIProcess/API/qt/qwkpage.h:
        * WebKit2.pro:
2011-01-30  Balazs Kelemen  <kbalazs@webkit.org>

        Reviewed by Csaba Osztrogonác.

        [Qt][WK2]REGRESSION (r76991): Fix build errors
        https://bugs.webkit.org/show_bug.cgi?id=53400

        Revert the temporary build fix (http://trac.webkit.org/changeset/77088)
        and remove WebKit2Prefix.h from the build.
        * MiniBrowser/qt/MiniBrowser.pro:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77092 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Jeff Miller <jeffm@apple.com>
commit-queue@webkit.org [Sun, 30 Jan 2011 20:04:43 +0000 (20:04 +0000)]
2011-01-30  Jeff Miller  <jeffm@apple.com>

        Reviewed by Dan Bernstein.

        FindController::updateFindIndicator() crashes if selection isn't visible
        https://bugs.webkit.org/show_bug.cgi?id=53399

        * WebProcess/WebPage/FindController.cpp:
        (WebKit::FindController::updateFindIndicator): Return false if ShareableBitmap::createShareable() returns null (typically because the selection rect is empty).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed, rolling out r77025.
ossy@webkit.org [Sun, 30 Jan 2011 19:54:56 +0000 (19:54 +0000)]
Unreviewed, rolling out r77025.
http://trac.webkit.org/changeset/77025
https://bugs.webkit.org/show_bug.cgi?id=53401

Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2011-01-30
It made js1_5/Regress/regress-159334.js fail on 64 bit Linux
(Requested by Ossy on #webkit).

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FreeListEntry::FreeListEntry):
(JSC::AVLTreeAbstractorForFreeList::get_less):
(JSC::AVLTreeAbstractorForFreeList::set_less):
(JSC::AVLTreeAbstractorForFreeList::get_greater):
(JSC::AVLTreeAbstractorForFreeList::set_greater):
(JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
(JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
(JSC::AVLTreeAbstractorForFreeList::null):
(JSC::AVLTreeAbstractorForFreeList::compare_key_key):
(JSC::AVLTreeAbstractorForFreeList::compare_key_node):
(JSC::AVLTreeAbstractorForFreeList::compare_node_node):
(JSC::reverseSortFreeListEntriesByPointer):
(JSC::reverseSortCommonSizedAllocations):
(JSC::FixedVMPoolAllocator::release):
(JSC::FixedVMPoolAllocator::reuse):
(JSC::FixedVMPoolAllocator::addToFreeList):
(JSC::FixedVMPoolAllocator::coalesceFreeSpace):
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
(JSC::FixedVMPoolAllocator::alloc):
(JSC::FixedVMPoolAllocator::free):
(JSC::FixedVMPoolAllocator::isValid):
(JSC::FixedVMPoolAllocator::allocInternal):
(JSC::FixedVMPoolAllocator::isWithinVMPool):
(JSC::FixedVMPoolAllocator::addToCommittedByteCount):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::maybeModifyVMPoolSize):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutablePool::systemAlloc):
(JSC::ExecutablePool::systemRelease):
* wtf/PageReservation.h:
(WTF::PageReservation::PageReservation):
(WTF::PageReservation::commit):
(WTF::PageReservation::decommit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Simon Fraser <simon.fraser@apple.com>
simon.fraser@apple.com [Sun, 30 Jan 2011 18:19:54 +0000 (18:19 +0000)]
2011-01-29  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        CSS3 gradients with em-based stops fail to repaint when font size changes
        https://bugs.webkit.org/show_bug.cgi?id=51845

        Mark as uncacheable gradidients whose color stops depend on font size,
        and don't attempt to put these into CSSImageGeneratorValue's image cache.
        This means we return a new gradient each time, which is fairly cheap, and
        fixes repaint issues under changing font size.

        Test: fast/repaint/gradients-em-stops-repaint.html

        * css/CSSGradientValue.cpp:
        (WebCore::CSSGradientValue::image):
        (WebCore::CSSGradientValue::isCacheable):
        * css/CSSGradientValue.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77089 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed.
ossy@webkit.org [Sun, 30 Jan 2011 13:21:39 +0000 (13:21 +0000)]
Unreviewed.

[Qt][WK2] Buildfix.

Source/WebKit2:

* UIProcess/API/qt/qwkhistory.h:
* UIProcess/API/qt/qwkpage.h:

Tools:

* MiniBrowser/qt/MiniBrowser.pro:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77088 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Leo Yang <leo.yang@torchmobile.com.cn>
commit-queue@webkit.org [Sun, 30 Jan 2011 11:54:48 +0000 (11:54 +0000)]
2011-01-30  Leo Yang  <leo.yang@torchmobile.com.cn>

        Reviewed by Daniel Bates.

        Code style issue in JavaScriptCore/wtf/CurrentTime.h
        https://bugs.webkit.org/show_bug.cgi?id=53394

        According to rule #3 at http://webkit.org/coding/coding-style.html,
        This patch fix style issue in CurrentTime.h.

        No functionality change, no new tests.

        * wtf/CurrentTime.h:
        (WTF::currentTimeMS):
        (WTF::getLocalTime):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-30 Benjamin Poulain <ikipou@gmail.com>
commit-queue@webkit.org [Sun, 30 Jan 2011 10:40:40 +0000 (10:40 +0000)]
2011-01-30  Benjamin Poulain  <ikipou@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] JavaScriptCore does not link on Mac if building WebKit 2
        https://bugs.webkit.org/show_bug.cgi?id=53377

        The option "-whole-archive" is not availabe with the libtool of Mac OS X,
        instead, we can use "-all_load" on Mac.

        * JavaScriptCore.pri:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77086 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Maciej Stachowiak <mjs@apple.com>
mjs@apple.com [Sun, 30 Jan 2011 08:30:27 +0000 (08:30 +0000)]
2011-01-29  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Geoffrey Garen.

        Add WKPageCopyPendingAPIRequestURL API
        https://bugs.webkit.org/show_bug.cgi?id=53383

        This API returns the last URL requested for load via API, if neither that load nor any
        other load subsequently reaches the provisional state.

        This is useful to be able to track loads initiated via the API

        * UIProcess/API/C/WKPage.cpp:
        (WKPageCopyPendingAPIRequestURL): Retrieve the pending URL.
        * UIProcess/API/C/WKPage.h:
        * UIProcess/WebPageProxy.cpp:
        (WebKit::WebPageProxy::loadURL): Set pending URL.
        (WebKit::WebPageProxy::loadURLRequest): ditto
        (WebKit::WebPageProxy::reload): ditto
        (WebKit::WebPageProxy::goForward): ditto
        (WebKit::WebPageProxy::goBack): ditto
        (WebKit::WebPageProxy::estimatedProgress): Assume the initial
        progress value when there is a pending URL.
        (WebKit::WebPageProxy::didStartProvisionalLoadForFrame): Clear
        pending URL; clients should look at the provisional URL now.
        (WebKit::WebPageProxy::decidePolicyForNavigationAction): Clear
        pending URL if it doesn't match the policy URL; this means we
        were interrupted by another load.
        * UIProcess/WebPageProxy.h:
        (WebKit::WebPageProxy::pendingAPIRequestURL): Helper function.
        (WebKit::WebPageProxy::clearPendingAPIRequestURL): ditto
        (WebKit::WebPageProxy::setPendingAPIRequestURL): ditto

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSet the svn:mime-type property of some PNG files to image/png
mitz@apple.com [Sun, 30 Jan 2011 06:48:11 +0000 (06:48 +0000)]
Set the svn:mime-type property of some PNG files to image/png

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77084 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSorry Leopard bot -- I committed a change by accident.
ggaren@apple.com [Sun, 30 Jan 2011 06:43:02 +0000 (06:43 +0000)]
Sorry Leopard bot -- I committed a change by accident.

* JavaScriptCore.exp: You may have your symbols back now.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77083 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Sun, 30 Jan 2011 06:23:13 +0000 (06:23 +0000)]
2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        Simplified Heap iteration
        https://bugs.webkit.org/show_bug.cgi?id=53393

        * runtime/CollectorHeapIterator.h:
        (JSC::CollectorHeapIterator::isValid):
        (JSC::CollectorHeapIterator::isLive):
        (JSC::CollectorHeapIterator::advance): Removed "max" argument to
        advance because it's a constant.
        (JSC::LiveObjectIterator::LiveObjectIterator):
        (JSC::LiveObjectIterator::operator++):
        (JSC::DeadObjectIterator::DeadObjectIterator):
        (JSC::DeadObjectIterator::operator++):
        (JSC::ObjectIterator::ObjectIterator):
        (JSC::ObjectIterator::operator++): Factored out common checks into
        two helper functions -- isValid() for "Am I past the end?" and isLive()
        for "Is the cell I'm pointing to live?".

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::freeBlock):
        (JSC::MarkedSpace::sweep): Always sweep from the beginning of the heap
        to the end, to avoid making sweep subtly reliant on internal Heap state.
        (JSC::MarkedSpace::primaryHeapBegin):
        (JSC::MarkedSpace::primaryHeapEnd): Always be explicit about where
        iteration begins.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Sun, 30 Jan 2011 06:11:07 +0000 (06:11 +0000)]
2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.

        Simplified heap destruction
        https://bugs.webkit.org/show_bug.cgi?id=53392

        * JavaScriptCore.exp:
        * runtime/Heap.cpp:
        (JSC::Heap::destroy):
        * runtime/Heap.h:
        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::destroy):
        * runtime/MarkedSpace.h: Don't go out of our way to destroy GC-protected
        cells last -- the difficult contortions required to do so just don't seem
        justified. We make no guarantees about GC protection after the client
        throws away JSGlobalData, and it doesn't seem like any meaningful
        guarantee is even possible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Sun, 30 Jan 2011 05:58:30 +0000 (05:58 +0000)]
2011-01-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Switched heap to use the Bitmap class and removed CollectorBitmap
        https://bugs.webkit.org/show_bug.cgi?id=53391

        SunSpider says 1.005x as fast. Seems like a fluke.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::allocate): Updated for rename and returning a value
        rather than taking a value by reference.

        * runtime/MarkedSpace.h: Code reuse is good.

        * wtf/Bitmap.h:
        (WTF::::testAndSet): Added, since this is the one thing Bitmap was missing
        which CollectorBitmap had. (Renamed from the less conventional "getset".)

        (WTF::::nextPossiblyUnset): Renamed and changed to return a value for
        clarity. It's all the same with inlining.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77080 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUndo try to fix the Qt build.
ggaren@apple.com [Sun, 30 Jan 2011 04:17:36 +0000 (04:17 +0000)]
Undo try to fix the Qt build.

My guess didn't work.

* WebCore.pro:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77079 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoTry to fix the Qt build.
ggaren@apple.com [Sun, 30 Jan 2011 04:04:16 +0000 (04:04 +0000)]
Try to fix the Qt build.

* WebCore.pro: Added platform/text/CharacterNames.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Sun, 30 Jan 2011 03:32:52 +0000 (03:32 +0000)]
2011-01-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Some more Heap cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=53357

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated exported symbols.

        * runtime/Heap.cpp:
        (JSC::Heap::reportExtraMemoryCostSlowCase): Renamed recordExtraCost to
        reportExtraMemoryCostSlowCase to match our naming conventions.

        (JSC::Heap::capacity): Renamed size to capacity because this function
        returns the capacity of the heap, including unused portions.

        * runtime/Heap.h:
        (JSC::Heap::globalData):
        (JSC::Heap::markedSpace):
        (JSC::Heap::machineStackMarker):
        (JSC::Heap::reportExtraMemoryCost): Moved statics to the top of the file.
        Moved ctor and dtor to the beginning of the class definition. Grouped
        functions by purpose.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::capacity): Renamed size to capacity because this
        function returns the capacity of the heap, including unused portions.

        * runtime/MarkedSpace.h: Removed statistics and the Statistics class because
        the same information can be gotten just by calling size() and capacity().

        * runtime/MemoryStatistics.cpp:
        * runtime/MemoryStatistics.h: Ditto.
2011-01-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Some more Heap cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=53357

        Updated for JavaScriptCore changes.

        * Misc/WebCoreStatistics.mm:
        (+[WebCoreStatistics memoryStatistics]):
2011-01-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.

        Some more Heap cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=53357

        Updated for JavaScriptCore changes.

        * bindings/js/ScriptGCEvent.cpp:
        (WebCore::ScriptGCEvent::getHeapSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77077 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sun, 30 Jan 2011 02:39:40 +0000 (02:39 +0000)]
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Fix XSSFilter crash when extracting the source for a token twice
        https://bugs.webkit.org/show_bug.cgi?id=53368

        Previously, it was unsafe to extract the source for the same token
        twice because the HTMLSourceTracker would advance its internal
        representation of the SegmentedString.  This patch introduces a cache
        to make calling HTMLSourceTracker::sourceForToken multiple times safe.

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::end):
        (WebCore::HTMLSourceTracker::sourceForToken):
        * html/parser/HTMLSourceTracker.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Maciej Stachowiak <mjs@apple.com>
mjs@apple.com [Sun, 30 Jan 2011 00:22:49 +0000 (00:22 +0000)]
2011-01-29  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dan Bernstein.

        Fix fat build for both 32-bit and 64-bit under llvm-gcc 4.2
        https://bugs.webkit.org/show_bug.cgi?id=53386

        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::elasticDeltaForReboundDelta):
        (WebCore::scrollWheelMultiplier):
        (WebCore::ScrollAnimatorMac::smoothScrollWithEvent):
        (WebCore::ScrollAnimatorMac::beginScrollGesture):
        (WebCore::roundTowardZero):
        (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77075 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUnreviewed fix for last commit.
mjs@apple.com [Sat, 29 Jan 2011 23:21:02 +0000 (23:21 +0000)]
Unreviewed fix for last commit.

Remove stray slash in previous commit.

* platform/mac-wk2/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77074 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Daniel Bates <dbates@rim.com>
dbates@webkit.org [Sat, 29 Jan 2011 23:14:22 +0000 (23:14 +0000)]
2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Maciej Stachowiak.

        Remove reference to ${CMAKE_SOURCE_DIR}/Source in CMake files
        https://bugs.webkit.org/show_bug.cgi?id=53382

        Our file system hierarchy ensures that CMAKE_SOURCE_DIR is defined to be /Source.
        So, ${CMAKE_SOURCE_DIR}/Source evaluates to the non-existent directory /Source/Source.
        Therefore, we should remove such references.

        * Source/cmake/OptionsCommon.cmake:
2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Maciej Stachowiak.

        Remove reference to ${CMAKE_SOURCE_DIR}/Source in CMake files
        https://bugs.webkit.org/show_bug.cgi?id=53382

        Our file system hierarchy ensures that CMAKE_SOURCE_DIR is defined to be /Source.
        So, ${CMAKE_SOURCE_DIR}/Source evaluates to the non-existent directory /Source/Source.
        Therefore, we should remove such references.

        * CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77073 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Maciej Stachowiak <mjs@apple.com>
mjs@apple.com [Sat, 29 Jan 2011 23:10:21 +0000 (23:10 +0000)]
2011-01-29  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Daniel Bates.

        Skip a test that uses unimplemented DRT API
        https://bugs.webkit.org/show_bug.cgi?id=53381

        * platform/mac-wk2/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix 32-bit build on the Mac.
weinig@apple.com [Sat, 29 Jan 2011 22:19:01 +0000 (22:19 +0000)]
Fix 32-bit build on the Mac.

Reviewed by Jon Honeycutt.

* platform/mac/ScrollAnimatorMac.mm:
(WebCore::roundTowardZero):
(WebCore::roundToDevicePixelTowardZero):
Use floats instead of doubles to avoid double-to-float conversion
issues.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77071 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Daniel Bates <dbates@rim.com>
dbates@webkit.org [Sat, 29 Jan 2011 22:17:43 +0000 (22:17 +0000)]
2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Eric Seidel.

        Move wince/mt19937ar.c to ThirdParty and make it a policy choice
        https://bugs.webkit.org/show_bug.cgi?id=53253

        Move implementation of Mersenne Twister pseudorandom number generator to
        ThirdParty since it is a third party library.

        * Source/ThirdParty/mt19937ar.c: Copied from Source/JavaScriptCore/wtf/wince/mt19937ar.c.
2011-01-29  Daniel Bates  <dbates@rim.com>

        Reviewed by Eric Seidel.

        Move wince/mt19937ar.c to ThirdParty and make it a policy choice
        https://bugs.webkit.org/show_bug.cgi?id=53253

        Make inclusion of MT19937 a policy decision.

        Currently, we hardcoded to  use MT19937 when building for
        Windows CE. Instead, we should make this a policy decision
        with the Windows CE port using this by default.

        * JavaScriptCore.pri: Append Source/ThirdParty to the end
        of the list include directories.
        * wtf/CMakeLists.txt: Ditto.
        * wtf/Platform.h: Defined WTF_USE_MERSENNE_TWISTER_19937 when
        building for Windows CE.
        * wtf/RandomNumber.cpp:
        (WTF::randomNumber): Substituted USE(MERSENNE_TWISTER_19937) for OS(WINCE).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77070 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Gustavo Noronha Silva <gns@gnome.org>
kov@webkit.org [Sat, 29 Jan 2011 22:00:07 +0000 (22:00 +0000)]
2011-01-29  Gustavo Noronha Silva  <gns@gnome.org>

        [GTK] REGRESSION:  http/tests/media/video-{cookie,referer}.html failing
        https://bugs.webkit.org/show_bug.cgi?id=53379

        Skip tests failing likely by the usage of a newer version of soup.

        * platform/gtk/Skipped:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77069 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 20:47:24 +0000 (20:47 +0000)]
2011-01-29  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed Chromium rebaselines.

        * platform/chromium-linux/fast/block/positioning/001-expected.checksum: Added.
        * platform/chromium-linux/fast/block/positioning/001-expected.png: Added.
        * platform/chromium-linux/svg/clip-path/clip-in-mask-objectBoundingBox-expected.checksum: Added.
        * platform/chromium-linux/svg/clip-path/clip-in-mask-objectBoundingBox-expected.png: Added.
        * platform/chromium-linux/svg/clip-path/clip-in-mask-userSpaceOnUse-expected.checksum: Added.
        * platform/chromium-linux/svg/clip-path/clip-in-mask-userSpaceOnUse-expected.png: Added.
        * platform/chromium-win/svg/clip-path/clip-in-mask-objectBoundingBox-expected.checksum: Added.
        * platform/chromium-win/svg/clip-path/clip-in-mask-objectBoundingBox-expected.png: Added.
        * platform/chromium-win/svg/clip-path/clip-in-mask-userSpaceOnUse-expected.checksum: Added.
        * platform/chromium-win/svg/clip-path/clip-in-mask-userSpaceOnUse-expected.png: Added.
        * platform/chromium-win/svg/custom/missing-xlink-expected.txt:
        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77068 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBug 53374 - Remove uses of unsafe string functions in debugging code
cwzwarich@webkit.org [Sat, 29 Jan 2011 20:31:29 +0000 (20:31 +0000)]
Bug 53374 - Remove uses of unsafe string functions in debugging code
https://bugs.webkit.org/show_bug.cgi?id=53374

Reviewed by David Kilzer.

* runtime/RegExp.cpp:
(JSC::RegExp::printTraceData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77067 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix ChangeLog date.
cwzwarich@webkit.org [Sat, 29 Jan 2011 20:27:41 +0000 (20:27 +0000)]
Fix ChangeLog date.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77066 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoJavaScriptCoreUseJIT environment variable broken
cwzwarich@webkit.org [Sat, 29 Jan 2011 20:18:34 +0000 (20:18 +0000)]
JavaScriptCoreUseJIT environment variable broken
https://bugs.webkit.org/show_bug.cgi?id=53372

Reviewed by Oliver Hunt.

* runtime/JSGlobalData.cpp:
(JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
by getenv() rather than just doing a NULL check on the return value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77065 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Simon Fraser <simon.fraser@apple.com>
simon.fraser@apple.com [Sat, 29 Jan 2011 19:43:41 +0000 (19:43 +0000)]
2011-01-28  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Adam Barth.

        Use clampToInteger() functions in a few places
        https://bugs.webkit.org/show_bug.cgi?id=53363

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applyProperty): Use clampToInteger() for z-index.
        (WebCore::CSSStyleSelector::createTransformOperations): Use clampToPositiveInteger().
        * platform/graphics/transforms/PerspectiveTransformOperation.cpp: Ditto.
        (WebCore::PerspectiveTransformOperation::blend): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77064 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 18:50:14 +0000 (18:50 +0000)]
2011-01-29  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed Chromium test expectation update; removed http/tests/appcache/online-whitelist.html
        from the test expectation, because it has been passing on Chromium Windows.

        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77063 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Patrick Gansterer <paroga@webkit.org>
paroga@webkit.org [Sat, 29 Jan 2011 17:04:51 +0000 (17:04 +0000)]
2011-01-29  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Move CharacterNames.h into WTF directory
        https://bugs.webkit.org/show_bug.cgi?id=49618

        * GNUmakefile.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/CMakeLists.txt:
        * wtf/unicode/CharacterNames.h: Renamed from WebCore/platform/text/CharacterNames.h.
        * wtf/unicode/UTF8.cpp:
2011-01-29  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Move CharacterNames.h into WTF directory
        https://bugs.webkit.org/show_bug.cgi?id=49618

        * ForwardingHeaders/wtf/unicode/CharacterNames.h: Added.
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * accessibility/AccessibilityObject.cpp:
        * accessibility/AccessibilityRenderObject.cpp:
        * bindings/cpp/WebDOMHTMLDocumentCustom.cpp:
        * bindings/js/JSHTMLDocumentCustom.cpp:
        * dom/Position.cpp:
        * dom/SelectElement.cpp:
        * editing/CompositeEditCommand.cpp:
        * editing/Editor.cpp:
        * editing/HTMLInterchange.cpp:
        * editing/InsertTextCommand.cpp:
        * editing/MarkupAccumulator.cpp:
        * editing/TextIterator.cpp:
        * editing/VisibleSelection.cpp:
        * editing/htmlediting.cpp:
        * editing/htmlediting.h:
        * editing/markup.cpp:
        * html/FTPDirectoryDocument.cpp:
        * html/HTMLFormControlElement.cpp:
        * html/parser/HTMLTreeBuilder.cpp:
        * loader/appcache/ManifestParser.cpp:
        * platform/chromium/PopupMenuChromium.cpp:
        * platform/graphics/Font.h:
        * platform/graphics/FontFastPath.cpp:
        * platform/graphics/GlyphPageTreeNode.cpp:
        * platform/graphics/StringTruncator.cpp:
        * platform/graphics/mac/ComplexTextController.cpp:
        * platform/graphics/mac/ComplexTextControllerATSUI.cpp:
        * platform/graphics/wince/GraphicsContextWinCE.cpp:
        * platform/mac/PasteboardMac.mm:
        * platform/text/TextCodecICU.cpp:
        * platform/text/mac/TextCodecMac.cpp:
        * platform/text/transcoder/FontTranscoder.cpp:
        * rendering/RenderBlockLineLayout.cpp:
        * rendering/RenderFlexibleBox.cpp:
        * rendering/RenderListMarker.cpp:
        * rendering/RenderText.cpp:
        * rendering/RenderTextControl.cpp:
        * rendering/RenderTreeAsText.cpp:
        * rendering/break_lines.cpp:
        * rendering/mathml/RenderMathMLOperator.h:
        * websockets/WebSocketHandshake.cpp:
        * wml/WMLTableElement.cpp:
2011-01-29  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by David Kilzer.

        Move CharacterNames.h into WTF directory
        https://bugs.webkit.org/show_bug.cgi?id=49618

        * src/ChromeClientImpl.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77062 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Dan Winship <danw@gnome.org>
commit-queue@webkit.org [Sat, 29 Jan 2011 11:39:57 +0000 (11:39 +0000)]
2011-01-29  Dan Winship  <danw@gnome.org>

        Reviewed by Xan Lopez.

        [GTK] Require the latest glib and libsoup, and remove conditional
        support for older versions
        https://bugs.webkit.org/show_bug.cgi?id=50675

        * autotools/webkit.m4: use AM_PATH_GLIB_2_0 rather than doing
        basically the same work by hand
        * configure.ac:
2011-01-29  Dan Winship  <danw@gnome.org>

        Reviewed by Xan Lopez.

        [GTK] Remove HAVE_LIBSOUP_2_29_90 conditionals; we depend on
        libsoup 2.33.1 now.
        https://bugs.webkit.org/show_bug.cgi?id=50675

        * platform/network/soup/CookieJarSoup.cpp:
        (WebCore::defaultCookieJar):
        (WebCore::setCookies):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::prepareForURL):
        (WebCore::restartedCallback):
        (WebCore::startHttp):
        * platform/network/soup/ResourceRequestSoup.cpp:
        (WebCore::ResourceRequest::updateSoupMessage):
        (WebCore::ResourceRequest::toSoupMessage):
        (WebCore::ResourceRequest::updateFromSoupMessage):
2011-01-29  Dan Winship  <danw@gnome.org>

        Reviewed by Xan Lopez.

        [GTK] Remove HAVE_LIBSOUP_2_29_90 conditionals; we depend on
        libsoup 2.33.1 now.
        https://bugs.webkit.org/show_bug.cgi?id=50675

        * ewk/ewk_cookies.cpp:
        (ewk_cookies_file_set):
        (ewk_cookies_policy_set):
        (ewk_cookies_policy_get):
2011-01-29  Dan Winship  <danw@gnome.org>

        Reviewed by Xan Lopez.

        [GTK] Remove HAVE_LIBSOUP_2_29_90 and HAVE_GSETTINGS conditionals;
        we depend on glib 2.27.4 and libsoup 2.33.1 now.
        https://bugs.webkit.org/show_bug.cgi?id=50675

        * GNUmakefile.am:
        * WebCoreSupport/InspectorClientGtk.cpp:
        (WebKit::InspectorClient::storeSetting):
        * webkit/webkitprivate.cpp:
        (inspectorGSettings):
        * webkit/webkitprivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77061 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 09:22:18 +0000 (09:22 +0000)]
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should replace URLs with about:blank instead of the empty string
        https://bugs.webkit.org/show_bug.cgi?id=53370

        Using the empty string will make the URL complete to the current
        document's URL, which isn't really what we want.  Instead, we want to
        use about:blank, which is safe.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77060 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 09:20:44 +0000 (09:20 +0000)]
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass xssAuditor/script-tag-addslashes*
        https://bugs.webkit.org/show_bug.cgi?id=53365

        We need to canonicalize strings to avoid being tricked by addslashes.

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::isNonCanonicalCharacter):
            - This function is copied from the XSSAuditor (with some tweaks).
              We'll eventually remove the XSSAuditor once we've got XSSFilter
              working properly.
        (WebCore::HTMLNames::canonicalize):
        (WebCore::HTMLNames::decodeURL):
        (WebCore::XSSFilter::isContainedInRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77059 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 09:19:21 +0000 (09:19 +0000)]
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass xssAuditor/script-tag-with-source-same-host.html
        and xssAuditor/script-tag-post-*
        https://bugs.webkit.org/show_bug.cgi?id=53364

        We're supposed to allow loading same-origin resources even if they
        appear as part of the request.

        Also, we're supposed to look at the POST data too.  :)

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        (WebCore::XSSFilter::isSameOriginResource):
            - Copy/paste from XSSAuditor::isSameOriginResource.  We'll
              eventually remove the XSSAuditor version when XSSFilter is done.
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77058 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 09:17:55 +0000 (09:17 +0000)]
2011-01-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        XSSFilter should pass 16 of the xssAuditor/script-tag* tests
        https://bugs.webkit.org/show_bug.cgi?id=53362

        Turns out we need to replace the src attribute of script tags with
        about:blank to avoid loading the main document URL as a script.  Also,
        move misplaced return statement that was triggering the console message
        too often.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::appendToAttributeValue):
        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77057 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 09:11:11 +0000 (09:11 +0000)]
2011-01-29  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed Chromium test expectation update.

        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77056 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoDownloads in WK2 on Windows should write resume data to bundle
jhoneycutt@apple.com [Sat, 29 Jan 2011 08:34:46 +0000 (08:34 +0000)]
Downloads in WK2 on Windows should write resume data to bundle
https://bugs.webkit.org/show_bug.cgi?id=53282
<rdar://problem/8753077>

Reviewed by Alice Liu.

Source/WebCore:

* WebCore.vcproj/WebCore.vcproj:
Added new files to project.

* platform/network/cf/DownloadBundle.h: Added.
* platform/network/win/DownloadBundleWin.cpp: Added.
(WebCore::DownloadBundle::magicNumber):
Moved from WebKit's WebDownload so that WebKit and WebKit2 can share
it.
(WebCore::DownloadBundle::fileExtension):
Ditto.
(WebCore::DownloadBundle::appendResumeData):
Ditto - but modified to return bool rather than HRESULT and to clean up
whitespace.
(WebCore::DownloadBundle::extractResumeData):
Ditto - modified to clean up whitespace.

Source/WebKit/win:

* WebDownload.cpp:
(WebDownload::bundlePathForTargetPath):
Use the new WebCore::DownloadBundle function.
(WebDownload::request):

* WebDownload.h:
Removed declarations for functions that were moved to a new location.

* WebDownloadCFNet.cpp:
(WebDownload::initToResumeWithBundle):
Use the new WebCore::DownloadBundle function.
(WebDownload::cancelForResume):
Fix a leak of the resume data CFDataRef by using adoptCF(). Use the new
WebCore::DownloadBundle function.

Source/WebKit2:

* WebProcess/Downloads/Download.cpp:
(WebKit::Download::decideDestinationWithSuggestedFilename):
Call didDecideDestination(), now that the destination is decided.

* WebProcess/Downloads/Download.h:
Declare didDecideDestination(). Added member variables to hold the
destination file path and the download bundle path.
(WebKit::Download::destination):
Return the path to the final destination for this download.

* WebProcess/Downloads/cf/DownloadCFNet.cpp:
(WebKit::Download::start):
Remove the name of an unused param.
(WebKit::Download::startWithHandle):
Ditto.
(WebKit::Download::cancel):
Tell CFNetwork not to delete the file upon failure, and tell it to
cancel the download. Copy the resume data for the download, and append
it to the download bundle. Call didCancel() with an empty
DataReference, since we have written our own resume data.
(WebKit::decideDestinationWithSuggestedObjectNameCallback):
Remove some unused param names. Removed the call to
CFURLDownloadSetDestination() - this is now handled in
Download::didDecideDestination().
(WebKit::didCreateDestinationCallback):
Report that the final destination was created, rather than the download
bundle, matching old WebKit.
(WebKit::Download::didDecideDestination):
Store the final destination and the download bundle paths, and call
CFURLDownloadSetDestination(), passing the path to the download bundle.

* WebProcess/Downloads/curl/DownloadCurl.cpp:
(WebKit::Download::didDecideDestination):
Stubbed.

* WebProcess/Downloads/mac/DownloadMac.mm:
(WebKit::Download::didDecideDestination):
Stubbed - unneeded on the Mac.

* WebProcess/Downloads/qt/DownloadQt.cpp:
(WebKit::Download::didDecideDestination):
Stubbed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77055 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Jeff Miller <jeffm@apple.com>
commit-queue@webkit.org [Sat, 29 Jan 2011 08:27:23 +0000 (08:27 +0000)]
2011-01-29  Jeff Miller  <jeffm@apple.com>

        Reviewed by Anders Carlsson.

        Support find bouncy in WebKit2 on Windows
        https://bugs.webkit.org/show_bug.cgi?id=53329
        <rdar://problem/8565843>
        The Mac implements the find bouncy inside of WebKit in the UI process for WebKit2, but we need to do this inside Safari for WebKit2 on Windows.
        Add infrastructure to call back into the app when the find indicator changes.

        * UIProcess/API/C/win/WKView.cpp: Cleanup some code style violations.
        (WKViewSetFindIndicatorCallback): Added.
        (WKViewGetFindIndicatorCallback): Added.
        * UIProcess/API/C/win/WKView.h: Cleanup some code style violations.
        * UIProcess/FindIndicator.cpp:
        (WebKit::FindIndicator::create):
        (WebKit::FindIndicator::FindIndicator):
        (WebKit::FindIndicator::frameRect):
        (WebKit::FindIndicator::draw):
        Rename m_selectionRect to m_selectionRectInWindowCoordinates and m_textRects to m_textRectsInSelectionRectCoordinates (along with similarly named local variables) to be more explict about the coordinate system.
        * UIProcess/FindIndicator.h:
        (WebKit::FindIndicator::selectionRectInWindowCoordinates): Added.
        (WebKit::FindIndicator::textRects): Rename m_textRects to m_textRectsInSelectionRectCoordinates.
        * UIProcess/WebPageProxy.cpp:
        (WebKit::WebPageProxy::setFindIndicator): Rename selectionRect to selectionRectInWindowCoordinates and textRects to textRectsInSelectionRectCoordinates to be more explict about the coordinate system.
        * UIProcess/WebPageProxy.h: Ditto.
        * UIProcess/win/WebView.cpp:
        (WebKit::WebView::WebView):
        (WebKit::WebView::setFindIndicator): Added.
        (WebKit::WebView::setFindIndicatorCallback): Added.
        (WebKit::WebView::getFindIndicatorCallback): Added.
        * UIProcess/win/WebView.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77054 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Sheriff Bot <webkit.review.bot@gmail.com>
rniwa@webkit.org [Sat, 29 Jan 2011 08:23:45 +0000 (08:23 +0000)]
2011-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77050.
        http://trac.webkit.org/changeset/77050
        https://bugs.webkit.org/show_bug.cgi?id=53371

        Caused a crash in Chromium's test_shell_tests (Requested by
        rniwa on #webkit).

        * resources/performance-test.js: Removed.
        * tiny-innerHTML.html: Removed.
2011-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77050.
        http://trac.webkit.org/changeset/77050
        https://bugs.webkit.org/show_bug.cgi?id=53371

        Caused a crash in Chromium's test_shell_tests (Requested by
        rniwa on #webkit).

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
        * html/parser/HTMLTreeBuilder.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77053 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-29 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 08:13:42 +0000 (08:13 +0000)]
2011-01-29  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed rebaselines and test expectation updates for Chromium Linux.

        * platform/chromium-linux/fast/forms/select-dirty-parent-pref-widths-expected.checksum: Added.
        * platform/chromium-linux/fast/forms/select-dirty-parent-pref-widths-expected.png: Added.
        * platform/chromium-linux/fast/forms/select-dirty-parent-pref-widths-expected.txt: Added.
        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Alexey Proskuryakov <ap@apple.com>
ap@apple.com [Sat, 29 Jan 2011 07:56:02 +0000 (07:56 +0000)]
2011-01-28  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=53367
        <rdar://problem/8926460> Remove dysfunctional code from -[WKPrintingView _isPrintingPreview].

        * UIProcess/API/mac/WKPrintingView.mm: (-[WKPrintingView _isPrintingPreview]): The common
        branch works fine for now, no need to make platforms different.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77051 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Eric Seidel <eric@webkit.org>
eric@webkit.org [Sat, 29 Jan 2011 07:37:58 +0000 (07:37 +0000)]
2011-01-28  Eric Seidel  <eric@webkit.org>

        Reviewed by Darin Adler.

        HTML5 TreeBuilder regressed a Peacekeeper DOM test by 40%
        https://bugs.webkit.org/show_bug.cgi?id=48719

        It's unclear exactly what the Peacekeeper benchmark is testing,
        because I haven't found a way to run it myself.

        However, I constructed a benchmark which shows at least one possible slow point.
        The HTML5 spec talks about creating a new document for every time we use
        the fragment parsing algorithm.  Document() it turns out, it a huge bloated
        mess, and the constructor and destructor do a huge amount of work.
        To avoid constructing (or destructing) documents for each innerHTML call,
        this patch adds a shared dummy document used by all innerHTML calls.

        * benchmarks/parser/tiny-innerHTML.html: Added.
2011-01-28  Eric Seidel  <eric@webkit.org>

        Reviewed by Darin Adler.

        HTML5 TreeBuilder regressed a Peacekeeper DOM test by 40%
        https://bugs.webkit.org/show_bug.cgi?id=48719

        It's unclear exactly what the Peacekeeper benchmark is testing,
        because I haven't found a way to run it myself.

        However, I constructed a benchmark which shows at least one possible slow point.
        The HTML5 spec talks about creating a new document for every time we use
        the fragment parsing algorithm.  Document() it turns out, it a huge bloated
        mess, and the constructor and destructor do a huge amount of work.
        To avoid constructing (or destructing) documents for each innerHTML call,
        this patch adds a shared dummy document used by all innerHTML calls.

        This patch brings us from 7x slower than Safari 5 on tiny-innerHTML
        to only 1.5x slower than Safari 5.  I'm sure there is more work to do here.

        Saving a shared Document like this is error prone.  Currently
        DummyDocumentFactory::releaseDocument() calls removeAllChildren()
        in an attempt to clear the Document's state. However it's possible
        that that call is not sufficient and we'll have future bugs here.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::DummyDocumentFactory::createDummyDocument):
        (WebCore::DummyDocumentFactory::releaseDocument):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
        (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
        * html/parser/HTMLTreeBuilder.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77050 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Johnny Ding <jnd@chromium.org>
jnd@chromium.org [Sat, 29 Jan 2011 07:06:57 +0000 (07:06 +0000)]
2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API, disallow popup bypass with using iframe src.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        * fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
        * fast/events/popup-blocked-from-iframe-src.html: Added.
2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
        The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        Test: fast/events/popup-blocked-from-iframe-src.html

        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77049 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 07:00:26 +0000 (07:00 +0000)]
2011-01-28  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed; removed Chromium test expectations for tests that have been steadily passing.

        In particular, many ietestcenter tests have been passing since V8 is updated to
        version 3.0.12 in Chromium r72940.

        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77048 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 06:25:57 +0000 (06:25 +0000)]
2011-01-28  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed; roll WebKit Chromium revision from 72894 to 73048.

        * DEPS:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77047 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoUpdated test results after r76983.
mitz@apple.com [Sat, 29 Jan 2011 05:56:31 +0000 (05:56 +0000)]
Updated test results after r76983.

Rubber-stamped by Maciej Stachowiak.

* platform/mac-leopard/fast/forms/select-writing-direction-natural-expected.txt: Copied from LayoutTests/platform/mac/fast/forms/select-writing-direction-natural-expected.txt.
* platform/mac-leopard/fast/text/international/bidi-menulist-expected.txt: Copied from LayoutTests/platform/mac/fast/text/international/bidi-menulist-expected.txt.
* platform/mac/fast/forms/select-writing-direction-natural-expected.checksum:
* platform/mac/fast/forms/select-writing-direction-natural-expected.png:
* platform/mac/fast/forms/select-writing-direction-natural-expected.txt:
* platform/mac/fast/text/international/bidi-menulist-expected.checksum:
* platform/mac/fast/text/international/bidi-menulist-expected.png:
* platform/mac/fast/text/international/bidi-menulist-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77046 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Simon Fraser <simon.fraser@apple.com>
simon.fraser@apple.com [Sat, 29 Jan 2011 05:02:31 +0000 (05:02 +0000)]
2011-01-28  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Gavin Barraclough.

        Add various clampToInt() methods to MathExtras.h
        https://bugs.webkit.org/show_bug.cgi?id=52910

        Use clampToInteger() from MathExtras.h

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseCounter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77045 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
rniwa@webkit.org [Sat, 29 Jan 2011 04:06:04 +0000 (04:06 +0000)]
2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::tryCacheGetByID):
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::~ConservativeSet):
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::JSValue::toThisObject):
        (JSC::JSCell::MarkStack::append):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::Structure::prototypeForLookup):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::getDirectOffset):
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
        (JSC::JSPropertyNameIterator::get):
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        (JSC::MarkStack::appendValues):
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::toDictionaryTransition):
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototype):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::isValid):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Removed.
2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * JSValueWrapper.cpp:
        (JSValueWrapper::JSObjectMark):
2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * WebView/WebScriptDebugDelegate.mm:
        (-[WebScriptCallFrame scopeChain]):
2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r77006 and r77020.
        http://trac.webkit.org/changeset/77006
        http://trac.webkit.org/changeset/77020
        https://bugs.webkit.org/show_bug.cgi?id=53360

        "Broke Windows tests" (Requested by rniwa on #webkit).

        * ForwardingHeaders/runtime/WriteBarrier.h: Removed.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::createAccelerationObject):
        (WebCore::createRotationRateObject):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
        (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
        (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
        (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
        * bridge/qt/qt_runtime.h:
        * bridge/runtime_root.cpp:
        (JSC::Bindings::RootObject::invalidate):
        * bridge/runtime_root.h:
        * dom/Document.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77044 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Maciej Stachowiak <mjs@apple.com>
mjs@apple.com [Sat, 29 Jan 2011 03:45:17 +0000 (03:45 +0000)]
2011-01-28  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dan Bernstein.

        WKPageGetEstimatedProgress returns wrong value after a mainframe provisional load has started
        https://bugs.webkit.org/show_bug.cgi?id=53358

        * UIProcess/WebPageProxy.cpp:
        (WebKit::WebPageProxy::didStartProgress): Start progress at the magic initial value, not 0.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77043 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Maciej Stachowiak <mjs@apple.com>
mjs@apple.com [Sat, 29 Jan 2011 02:25:32 +0000 (02:25 +0000)]
2011-01-28  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.

        WebKitTestRunner needs layoutTestController.setPOSIXLocale
        https://bugs.webkit.org/show_bug.cgi?id=42682

        * platform/mac-wk2/Skipped:
2011-01-28  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.

        WebKitTestRunner needs layoutTestController.setPOSIXLocale
        https://bugs.webkit.org/show_bug.cgi?id=42682

        * WebKitTestRunner/InjectedBundle/Bindings/LayoutTestController.idl:
        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
        (WTR::InjectedBundle::resetLocalSettings):
        (WTR::InjectedBundle::didReceiveMessage):
        * WebKitTestRunner/InjectedBundle/InjectedBundle.h:
        * WebKitTestRunner/InjectedBundle/LayoutTestController.cpp:
        (WTR::LayoutTestController::setPOSIXLocale):
        * WebKitTestRunner/InjectedBundle/LayoutTestController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77042 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 02:08:44 +0000 (02:08 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        XSSFilter should log to the console when it blocks something
        https://bugs.webkit.org/show_bug.cgi?id=53354

        This patch refactors a bunch of methods in XSSFilter to return a bool
        indicating whether they blocked anything.  Using this bool, we decide
        whether to log to the console.  We're using the same log message as the
        XSSAuditor, but it seems likely we can improve this message in the
        future (especially by piping in the correct line number, which is now
        accessible via the parser).

        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::isNameOfInlineEventHandler):
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterTokenInitial):
        (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):
        (WebCore::XSSFilter::filterAppletToken):
        (WebCore::XSSFilter::filterMetaToken):
        (WebCore::XSSFilter::filterBaseToken):
        (WebCore::XSSFilter::eraseInlineEventHandlersIfInjected):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77041 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sat, 29 Jan 2011 02:08:00 +0000 (02:08 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

         Reviewed by Mihai Parparita.

         test-webkitpy: fix webkitpy.layout_tests.port.mac_unittest.MacTest.test_skipped_file_paths

         This patch re-enables this test and changes it to
         handle all of the mac platform versions, not just the one
         it is running on.

         https://bugs.webkit.org/show_bug.cgi?id=53356

         * Scripts/webkitpy/layout_tests/port/mac_unittest.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77039 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sat, 29 Jan 2011 01:41:51 +0000 (01:41 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

        Unreviewed, build fix.

        Take two. The fix in 77023 didn't work, because we were
        still calling path.abspath_to_uri, which calls _cygpath under
        the covers, and it appears the cygpath on the bots does
        something different than it does on my machine. This patch
        removes the calls to path.abspath_to_uri, so it should be safe.
        If it doesn't work, I'll roll it out along with r76982 and 77023.

        https://bugs.webkit.org/show_bug.cgi?id=53126

        * Scripts/webkitpy/layout_tests/port/test.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77038 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 00:58:36 +0000 (00:58 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Wire up settings->xssAuditorEnabled to XSSFilter
        https://bugs.webkit.org/show_bug.cgi?id=53345

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::filterToken):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77034 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 00:57:05 +0000 (00:57 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about <meta> and <base> tags
        https://bugs.webkit.org/show_bug.cgi?id=53339

        I'm not 100% sure we need to block <meta http-equiv>, but it seems
        prudent given how powerful that attribute is.  We definitely need to
        block injection of <base href> because that can redirect script tags
        that use relative URLs.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterMetaToken):
        (WebCore::XSSFilter::filterBaseToken):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77033 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 00:55:37 +0000 (00:55 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter about <applet>
        https://bugs.webkit.org/show_bug.cgi?id=53338

        HTML5 is pretty light on information about how the <applet> tag works.
        According to this site:

        http://download.oracle.com/javase/1.4.2/docs/guide/misc/applet.html

        The "code" and "object" attributes are the essential attributes for
        determining which piece of Java to run.  We might need to expand to the
        codebase and archive attributes at some point, but hopefully code and
        object will be sufficient.

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterAppletToken):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77032 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Sat, 29 Jan 2011 00:53:57 +0000 (00:53 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach the XSSFilter about object and embed tags
        https://bugs.webkit.org/show_bug.cgi?id=53336

        For <object> and <embed>, we filter out attribute values that either
        indicate which piece of media to load or which plugin to load.  In a
        perfect world, we'd only need to filter out the URLs of the media, but
        some plug-ins (like Flash) have lots of fun places you can hide the
        URL (e.g., the "movie" <param>).

        * html/parser/XSSFilter.cpp:
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::filterObjectToken):
        (WebCore::XSSFilter::filterEmbedToken):
        (WebCore::XSSFilter::eraseAttributeIfInjected):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77031 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoAdded link to bug in ChangeLog.
ddkilzer@apple.com [Sat, 29 Jan 2011 00:53:14 +0000 (00:53 +0000)]
Added link to bug in ChangeLog.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77030 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoYet another build fix (What was I thinking?)
andersca@apple.com [Sat, 29 Jan 2011 00:50:19 +0000 (00:50 +0000)]
Yet another build fix (What was I thinking?)

* WebProcess/Downloads/Download.h:
* WebProcess/Plugins/PluginProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77029 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago<rdar://problem/8930699> build-webkit gives a bogus warning with newer versions of...
ddkilzer@apple.com [Sat, 29 Jan 2011 00:46:59 +0000 (00:46 +0000)]
<rdar://problem/8930699> build-webkit gives a bogus warning with newer versions of Xcode

Reviewed by Mark Rowe.

* Scripts/webkitdirs.pm:
(checkRequiredSystemConfig): Check the Xcode marketing version
in addition to the DevCoreTools build version before complaining
about an old version of Xcode.  Also make the Mac OS X version
check use Perl's built-in version string comparitor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77028 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 00:39:05 +0000 (00:39 +0000)]
2011-01-28  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed; Fixed Chromium test expectation.

        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77027 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoBuild fix.
andersca@apple.com [Sat, 29 Jan 2011 00:35:38 +0000 (00:35 +0000)]
Build fix.

Update WKSI.

* WebKitSystemInterface.h:
* libWebKitSystemInterfaceLeopard.a:
* libWebKitSystemInterfaceSnowLeopard.a:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77026 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agohttps://bugs.webkit.org/show_bug.cgi?id=53352
barraclough@apple.com [Sat, 29 Jan 2011 00:35:17 +0000 (00:35 +0000)]
https://bugs.webkit.org/show_bug.cgi?id=53352
Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().

Reviewed by Geoff Garen.

The FixedVMPoolAllocator currently uses a best fix policy -
switch to first fit, this is less prone to external fragmentation.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::AllocationTableSizeClass::AllocationTableSizeClass):
(JSC::AllocationTableSizeClass::blockSize):
(JSC::AllocationTableSizeClass::blockCount):
(JSC::AllocationTableSizeClass::blockAlignment):
(JSC::AllocationTableSizeClass::size):
(JSC::AllocationTableLeaf::AllocationTableLeaf):
(JSC::AllocationTableLeaf::~AllocationTableLeaf):
(JSC::AllocationTableLeaf::allocate):
(JSC::AllocationTableLeaf::free):
(JSC::AllocationTableLeaf::isEmpty):
(JSC::AllocationTableLeaf::isFull):
(JSC::AllocationTableLeaf::size):
(JSC::AllocationTableLeaf::classForSize):
(JSC::AllocationTableLeaf::dump):
(JSC::LazyAllocationTable::LazyAllocationTable):
(JSC::LazyAllocationTable::~LazyAllocationTable):
(JSC::LazyAllocationTable::allocate):
(JSC::LazyAllocationTable::free):
(JSC::LazyAllocationTable::isEmpty):
(JSC::LazyAllocationTable::isFull):
(JSC::LazyAllocationTable::size):
(JSC::LazyAllocationTable::dump):
(JSC::LazyAllocationTable::classForSize):
(JSC::AllocationTableDirectory::AllocationTableDirectory):
(JSC::AllocationTableDirectory::~AllocationTableDirectory):
(JSC::AllocationTableDirectory::allocate):
(JSC::AllocationTableDirectory::free):
(JSC::AllocationTableDirectory::isEmpty):
(JSC::AllocationTableDirectory::isFull):
(JSC::AllocationTableDirectory::size):
(JSC::AllocationTableDirectory::classForSize):
(JSC::AllocationTableDirectory::dump):
(JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
(JSC::FixedVMPoolAllocator::alloc):
(JSC::FixedVMPoolAllocator::free):
(JSC::FixedVMPoolAllocator::allocated):
(JSC::FixedVMPoolAllocator::isValid):
(JSC::FixedVMPoolAllocator::classForSize):
(JSC::FixedVMPoolAllocator::offsetToPointer):
(JSC::FixedVMPoolAllocator::pointerToOffset):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::isValid):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutablePool::systemAlloc):
(JSC::ExecutablePool::systemRelease):
* wtf/PageReservation.h:
(WTF::PageReservation::PageReservation):
(WTF::PageReservation::commit):
(WTF::PageReservation::decommit):
(WTF::PageReservation::committed):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77025 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix Windows build.
andersca@apple.com [Sat, 29 Jan 2011 00:33:45 +0000 (00:33 +0000)]
Fix Windows build.

* Shared/PrintInfo.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77024 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Sat, 29 Jan 2011 00:32:20 +0000 (00:32 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

        Unreviewed, build fix.

        Work around breakage on Win 7 Release bot caused by r76982
        and the fact that windows ports use "file:////" instead of
        "file:///". Ideally the test code should be isolated from
        this, but it isn't yet. Will fix properly in a bit.

        * Scripts/webkitpy/layout_tests/port/mock_drt_unittest.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77023 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago[Windows 7 Release Tests] fast/repaint/select-option-background-color.html failing...
jberlin@webkit.org [Sat, 29 Jan 2011 00:30:24 +0000 (00:30 +0000)]
[Windows 7 Release Tests] fast/repaint/select-option-background-color.html failing since
introduction in r76826.
https://bugs.webkit.org/show_bug.cgi?id=53327

Add the pixel-test results missing from http://trac.webkit.org/changeset/76976. Unreviewed.

* platform/win/fast/repaint/select-option-background-color-expected.checksum: Added.
* platform/win/fast/repaint/select-option-background-color-expected.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77021 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFixed Qt build.
oliver@apple.com [Sat, 29 Jan 2011 00:29:41 +0000 (00:29 +0000)]
Fixed Qt build.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77020 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoCSS styles are shared based on uninitialized property values
antti@apple.com [Sat, 29 Jan 2011 00:23:39 +0000 (00:23 +0000)]
CSS styles are shared based on uninitialized property values
https://bugs.webkit.org/show_bug.cgi?id=53285

Reviewed by Simon Fraser.

Null test.

* dom/NamedNodeMap.cpp:
(WebCore::NamedNodeMap::mappedMapsEquivalent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77019 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Ryosuke Niwa <rniwa@webkit.org>
rniwa@webkit.org [Sat, 29 Jan 2011 00:12:26 +0000 (00:12 +0000)]
2011-01-28  Ryosuke Niwa  <rniwa@webkit.org>

        Unreviewed Chromium test expectation update.

        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77014 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix tyop.
andersca@apple.com [Sat, 29 Jan 2011 00:08:55 +0000 (00:08 +0000)]
Fix tyop.

* Shared/mac/CoreAnimationRenderer.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77013 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Anders Carlsson <andersca@apple.com>
andersca@apple.com [Sat, 29 Jan 2011 00:06:49 +0000 (00:06 +0000)]
2011-01-28  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Add CoreAnimationRenderer class
        https://bugs.webkit.org/show_bug.cgi?id=53343

        * Shared/mac/CoreAnimationRenderer.h: Added.
        * Shared/mac/CoreAnimationRenderer.mm: Added.

        (WebKit::CoreAnimationRenderer::CoreAnimationRenderer):
        Initialize the underlying CARenderer object and hook up a notification observer.

        (WebKit::CoreAnimationRenderer::~CoreAnimationRenderer):
        Assert that the client is null. It has been set to null by the call to invalidate().

        (WebKit::CoreAnimationRenderer::setBounds):
        Update the bounds on the CARenderer and the root layer.

        (WebKit::CoreAnimationRenderer::render):
        Ask the renderer to render and return the next frame time.

        (WebKit::CoreAnimationRenderer::invalidate):
        Remove the change observer and reset the client.

        (WebKit::CoreAnimationRenderer::rendererDidChange):
        Call the client member function.

        * WebKit2.xcodeproj/project.pbxproj:
        Add new files.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77012 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Anders Carlsson <andersca@apple.com>
andersca@apple.com [Fri, 28 Jan 2011 23:42:37 +0000 (23:42 +0000)]
2011-01-28  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Add an OBJC_CLASS macro for forward declaring an Objective-C class
        https://bugs.webkit.org/show_bug.cgi?id=53337

        * Shared/NativeWebKeyboardEvent.h:
        * Shared/PrintInfo.h:
        * UIProcess/ChunkedUpdateDrawingAreaProxy.h:
        * UIProcess/LayerBackedDrawingAreaProxy.h:
        * UIProcess/WebInspectorProxy.h:
        * UIProcess/mac/WebContextMenuProxyMac.h:
        * UIProcess/mac/WebPopupMenuProxyMac.h:
        * WebProcess/Downloads/Download.h:
        * WebProcess/Plugins/PluginProxy.h:
        * WebProcess/WebPage/LayerBackedDrawingArea.h:
        * WebProcess/WebPage/WebPage.h:
        * config.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77007 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-27 Oliver Hunt <oliver@apple.com>
oliver@apple.com [Fri, 28 Jan 2011 23:39:54 +0000 (23:39 +0000)]
2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Move the MarkStack over to a slot based marking API.

        In order to avoiding aliasing concerns there are two new types
        that need to be used when holding on to JSValues and JSCell that
        need to be marked: WriteBarrier and DeprecatedPtr.  WriteBarrier
        is expected to be used for any JSValue or Cell that's lifetime and
        marking is controlled by another GC object.  DeprecatedPtr is used
        for any value that we need to rework ownership for.

        The change over to this model has produced a large amount of
        code changes, but they are mostly mechanical (forwarding JSGlobalData,
        etc).

        * API/JSCallbackObject.h:
        (JSC::JSCallbackObjectData::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
        (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
        (JSC::JSCallbackObject::setPrivateProperty):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::put):
        (JSC::::staticFunctionGetter):
        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor):
        (JSObjectSetPrivateProperty):
        * API/JSWeakObjectMapRefInternal.h:
        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::globalObject):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        (JSC::BytecodeGenerator::findScopedProperty):
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        (JSC::DebuggerActivation::markChildren):
        * debugger/DebuggerActivation.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::appendSourceToError):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::privateExecute):
        * interpreter/Register.h:
        (JSC::Register::jsValueSlot):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCacheGetByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSplice):
        * runtime/BatchedTransitionOptimizer.h:
        (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
        (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
        * runtime/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeSet::mark):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncSetTime):
        (JSC::setNewValueFromTimeArgs):
        (JSC::setNewValueFromDateArgs):
        (JSC::dateProtoFuncSetYear):
        * runtime/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * runtime/ErrorInstance.cpp:
        (JSC::ErrorInstance::ErrorInstance):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::ErrorPrototype):
        * runtime/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor):
        * runtime/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * runtime/GetterSetter.cpp:
        (JSC::GetterSetter::markChildren):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::GetterSetter):
        (JSC::GetterSetter::getter):
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setter):
        (JSC::GetterSetter::setSetter):
        * runtime/GlobalEvalFunction.cpp:
        (JSC::GlobalEvalFunction::GlobalEvalFunction):
        (JSC::GlobalEvalFunction::markChildren):
        * runtime/GlobalEvalFunction.h:
        (JSC::GlobalEvalFunction::cachedGlobalObject):
        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::value):
        (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::put):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::getOwnPropertySlot):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::put):
        (JSC::JSArray::putSlowCase):
        (JSC::JSArray::deleteProperty):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::push):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::sort):
        (JSC::JSArray::fillArgList):
        (JSC::JSArray::copyToRegisters):
        (JSC::JSArray::compactForSorting):
        * runtime/JSArray.h:
        (JSC::JSArray::getIndex):
        (JSC::JSArray::setIndex):
        (JSC::JSArray::uncheckedSetIndex):
        (JSC::JSArray::markChildrenDirect):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::MarkStack::append):
        (JSC::JSCell::MarkStack::appendCell):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSGlobalObject.cpp:
        (JSC::markIfNeeded):
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::resetPrototype):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::regExpConstructor):
        (JSC::JSGlobalObject::errorConstructor):
        (JSC::JSGlobalObject::evalErrorConstructor):
        (JSC::JSGlobalObject::rangeErrorConstructor):
        (JSC::JSGlobalObject::referenceErrorConstructor):
        (JSC::JSGlobalObject::syntaxErrorConstructor):
        (JSC::JSGlobalObject::typeErrorConstructor):
        (JSC::JSGlobalObject::URIErrorConstructor):
        (JSC::JSGlobalObject::evalFunction):
        (JSC::JSGlobalObject::objectPrototype):
        (JSC::JSGlobalObject::functionPrototype):
        (JSC::JSGlobalObject::arrayPrototype):
        (JSC::JSGlobalObject::booleanPrototype):
        (JSC::JSGlobalObject::stringPrototype):
        (JSC::JSGlobalObject::numberPrototype):
        (JSC::JSGlobalObject::datePrototype):
        (JSC::JSGlobalObject::regExpPrototype):
        (JSC::JSGlobalObject::methodCallDummy):
        (JSC::constructArray):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Holder::object):
        (JSC::Stringifier::Holder::objectSlot):
        (JSC::Stringifier::markAggregate):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::Holder::appendNextProperty):
        (JSC::Walker::callReviver):
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        (JSC::JSObject::removeDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirectOffset):
        (JSC::JSObject::putUndefinedAtDirectOffset):
        (JSC::JSObject::flattenDictionaryObject):
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putDirect):
        (JSC::JSObject::putDirectFunction):
        (JSC::JSObject::putDirectWithoutTransition):
        (JSC::JSObject::putDirectFunctionWithoutTransition):
        (JSC::JSValue::putDirect):
        (JSC::JSObject::allocatePropertyStorageInline):
        (JSC::JSObject::markChildrenDirect):
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSString.cpp:
        (JSC::StringObject::create):
        * runtime/JSValue.h:
        * runtime/JSWrapperObject.cpp:
        (JSC::JSWrapperObject::markChildren):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser::parse):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::lookupPut):
        * runtime/MarkStack.h:
        * runtime/MathObject.cpp:
        (JSC::MathObject::MathObject):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorPrototype.cpp:
        (JSC::NativeErrorPrototype::NativeErrorPrototype):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        (JSC::constructWithNumberConstructor):
        * runtime/NumberObject.cpp:
        (JSC::constructNumber):
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::NumberPrototype):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        * runtime/Operations.h:
        (JSC::normalizePrototypeChain):
        (JSC::resolveBase):
        * runtime/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::~ScopeChainNode):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChain::top):
        * runtime/ScopeChainMark.h:
        (JSC::ScopeChain::markAggregate):
        * runtime/SmallStrings.cpp:
        (JSC::isMarked):
        (JSC::SmallStrings::markChildren):
        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject):
        * runtime/StringObject.h:
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::StringPrototype):
        * runtime/Structure.cpp:
        (JSC::Structure::flattenDictionaryStructure):
        * runtime/Structure.h:
        (JSC::Structure::storedPrototypeSlot):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::uncheckedGet):
        (JSC::WeakGCMap::uncheckedGetSlot):
        (JSC::::get):
        (JSC::::take):
        (JSC::::set):
        (JSC::::uncheckedRemove):
        * runtime/WriteBarrier.h: Added.
        (JSC::DeprecatedPtr::DeprecatedPtr):
        (JSC::DeprecatedPtr::get):
        (JSC::DeprecatedPtr::operator*):
        (JSC::DeprecatedPtr::operator->):
        (JSC::DeprecatedPtr::slot):
        (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
        (JSC::DeprecatedPtr::operator!):
        (JSC::WriteBarrierBase::set):
        (JSC::WriteBarrierBase::get):
        (JSC::WriteBarrierBase::operator*):
        (JSC::WriteBarrierBase::operator->):
        (JSC::WriteBarrierBase::slot):
        (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
        (JSC::WriteBarrierBase::operator!):
        (JSC::WriteBarrier::WriteBarrier):
        (JSC::operator==):
2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        There's no reason to recurse here, the value we
        were marking was protected.

        * JSValueWrapper.cpp:
        (JSValueWrapper::JSObjectMark):
2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Update WebCore to the new marking apis, correct bindings
        codegen.

        * ForwardingHeaders/runtime/WriteBarrier.h: Added.
        * WebCore.exp.in:
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::globalData):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::JSAudioConstructor::JSAudioConstructor):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::markDOMNodesForDocument):
        (WebCore::markDOMObjectWrapper):
        (WebCore::markDOMNodeWrapper):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::markChildren):
        (WebCore::JSDOMGlobalObject::setInjectedScript):
        (WebCore::JSDOMGlobalObject::injectedScript):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::DialogHandler::dialogCreated):
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::JSDOMWindowShell):
        (WebCore::JSDOMWindowShell::setWindow):
        (WebCore::JSDOMWindowShell::markChildren):
        (WebCore::JSDOMWindowShell::unwrappedObject):
        * bindings/js/JSDOMWindowShell.h:
        (WebCore::JSDOMWindowShell::window):
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener):
        (WebCore::JSEventListener::markJSFunction):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::setAll):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::JSImageConstructor):
        * bindings/js/JSImageDataCustom.cpp:
        (WebCore::toJS):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeChain):
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/js/JSNodeFilterCondition.cpp:
        (WebCore::JSNodeFilterCondition::markAggregate):
        (WebCore::JSNodeFilterCondition::acceptNode):
        * bindings/js/JSNodeFilterCondition.h:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::JSOptionConstructor::JSOptionConstructor):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptGlobalObject::set):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::putProperty):
        * bindings/scripts/CodeGeneratorJS.pm:
        * dom/Document.h:
2011-01-27  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Convert markstack to a slot visitor API
        https://bugs.webkit.org/show_bug.cgi?id=53219

        Update to new marking api

        * WebView/WebScriptDebugDelegate.mm:
        (-[WebScriptCallFrame scopeChain]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77006 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Fri, 28 Jan 2011 23:33:27 +0000 (23:33 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

        Reviewed by Tony Chang.

        new-run-webkit-tests: change worker model values to
        "old-inline", "old-threads" in preparation for test_runner2 /
        multiprocessing changes.

        https://bugs.webkit.org/show_bug.cgi?id=53156

        * Scripts/webkitpy/layout_tests/layout_package/test_runner.py:
        * Scripts/webkitpy/layout_tests/port/base.py:
        * Scripts/webkitpy/layout_tests/port/chromium_mac.py:
        * Scripts/webkitpy/layout_tests/port/mac.py:
        * Scripts/webkitpy/layout_tests/run_webkit_tests.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77004 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoKeyboard scrolling doesn’t work in WebKit2
weinig@apple.com [Fri, 28 Jan 2011 23:21:00 +0000 (23:21 +0000)]
Keyboard scrolling doesn’t work in WebKit2
<rdar://problem/8909672>

Reviewed by Anders Carlsson.

* platform/mac/ScrollAnimatorMac.mm:
(-[ScrollAnimationHelperDelegate convertSizeToBacking:]):
(-[ScrollAnimationHelperDelegate convertSizeFromBacking:]):
Add additional necessary delegate methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoDon't put config.h in the message headers.
andersca@apple.com [Fri, 28 Jan 2011 23:12:47 +0000 (23:12 +0000)]
Don't put config.h in the message headers.

Reviewed by Sam Weinig.

* Scripts/webkit2/messages.py:
* Scripts/webkit2/messages_unittest.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@77000 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoRe-land this patch with the missing null check that caused crashes in layout tests.
darin@apple.com [Fri, 28 Jan 2011 23:12:32 +0000 (23:12 +0000)]
Re-land this patch with the missing null check that caused crashes in layout tests.

Reviewed by Dan Bernstein.

Changing cursor style has no effect until the mouse moves
https://bugs.webkit.org/show_bug.cgi?id=14344
rdar://problem/7563712

No tests added because we don't have infrastructure for testing actual cursor
changes (as opposed to cursor style computation) at this time. We might add it later.

* page/EventHandler.cpp:
(WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
* page/EventHandler.h: Ditto.

* rendering/RenderObject.cpp:
(WebCore::areNonIdenticalCursorListsEqual): Added.
(WebCore::areCursorsEqual): Added.
(WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
cursor styles changed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76999 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Fri, 28 Jan 2011 23:12:27 +0000 (23:12 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

        Reviewed by Tony Chang.

        committers.py - add an IRC nickname for dpranke
        https://bugs.webkit.org/show_bug.cgi?id=53335

        * Scripts/webkitpy/common/config/committers.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76998 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoFix build.
andersca@apple.com [Fri, 28 Jan 2011 23:03:16 +0000 (23:03 +0000)]
Fix build.

* Shared/mac/ShareableSurface.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76996 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoTry to unbreak the Windows build.
andersca@apple.com [Fri, 28 Jan 2011 22:55:13 +0000 (22:55 +0000)]
Try to unbreak the Windows build.

* UIProcess/cf/WebPageProxyCF.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76995 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Tony Chang <tony@chromium.org>
tony@chromium.org [Fri, 28 Jan 2011 22:51:09 +0000 (22:51 +0000)]
2011-01-28  Tony Chang  <tony@chromium.org>

        Unreviewed, a chromium win/linux rebaseline.  The mac result was
        rebaselined in r76735.

        * platform/chromium-linux/fast/overflow/overflow-rtl-vertical-expected.checksum:
        * platform/chromium-linux/fast/overflow/overflow-rtl-vertical-expected.png:
        * platform/chromium-win/fast/overflow/overflow-rtl-vertical-expected.checksum:
        * platform/chromium-win/fast/overflow/overflow-rtl-vertical-expected.png:
        * platform/chromium-win/fast/overflow/overflow-rtl-vertical-expected.txt:
        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76994 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agohttps://bugs.webkit.org/show_bug.cgi?id=53330
beidson@apple.com [Fri, 28 Jan 2011 22:48:35 +0000 (22:48 +0000)]
https://bugs.webkit.org/show_bug.cgi?id=53330
Need InjectedBundle API to get the response MIMEType for a URL

Reviewed by John Sullivan.

* WebProcess/InjectedBundle/API/c/WKBundleFrame.cpp:
(WKBundleFrameCopyMIMETypeForResourceWithURL):
* WebProcess/InjectedBundle/API/c/WKBundleFrame.h:

Get the MIMEType from the in-memory cache, or cachedResponseMIMETypeForURL() if not available:
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::mimeTypeForResourceWithURL):
* WebProcess/WebPage/WebFrame.h:

Get the MIMEType from the platform's disk cache if available:
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::cachedResponseMIMETypeForURL):
* WebProcess/WebPage/qt/WebPageQt.cpp:
(WebKit::WebPage::cachedResponseMIMETypeForURL):
* WebProcess/WebPage/win/WebPageWin.cpp:
(WebKit::WebPage::cachedResponseMIMETypeForURL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76993 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoClean up the mess introduced when config.h was added to the project:
andersca@apple.com [Fri, 28 Jan 2011 22:31:11 +0000 (22:31 +0000)]
Clean up the mess introduced when config.h was added to the project:

Reviewed by Sam Weinig.

- Remove the contents of WebKit2Prefix.h that is now in config.h, to avoid including everything
  twice in each file, probably slowing down compile time.

- Add config.h to all the files that were forgotten in order to keep the build from breaking.

- Added trap to ensure that config.h is included at the top of every implementation file. If this
  had been added it would have caught the previous issue.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76991 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Justin Schuh <jschuh@chromium.org>
jschuh@chromium.org [Fri, 28 Jan 2011 22:26:19 +0000 (22:26 +0000)]
2011-01-28  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Eric Seidel.

        We should hold RefPtrs to SVG font faces
        https://bugs.webkit.org/show_bug.cgi?id=53270

        * svg/custom/use-multiple-on-nested-disallowed-font-expected.txt: Added.
        * svg/custom/use-multiple-on-nested-disallowed-font.html: Added.
2011-01-28  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Eric Seidel.

        We should hold RefPtrs to SVG font faces
        https://bugs.webkit.org/show_bug.cgi?id=53270

        Test: svg/custom/use-multiple-on-nested-disallowed-font.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::getFontData):
        * css/CSSFontFaceSource.h:
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::associatedFontElement):
        * svg/SVGFontFaceElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76990 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago<rdar://problem/8857651> Implement unregisterWorld for WebKit2
slewis@apple.com [Fri, 28 Jan 2011 22:26:06 +0000 (22:26 +0000)]
<rdar://problem/8857651> Implement unregisterWorld for WebKit2
Rename unregisterWorld to clearWrappers.  Clearing the wrappers reduces the
memory use of isolated worlds.

Reviewed by Geoff Garen.

* WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.cpp:
(WKBundleScriptWorldClearWrappers):
* WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.h:
* WebProcess/InjectedBundle/InjectedBundleScriptWorld.cpp:
(WebKit::InjectedBundleScriptWorld::clearWrappers):
* WebProcess/InjectedBundle/InjectedBundleScriptWorld.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76989 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Zhenyao Mo <zmo@google.com>
zmo@google.com [Fri, 28 Jan 2011 22:20:31 +0000 (22:20 +0000)]
2011-01-28  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        uniformN*v should generate INVALID_VALUE of the array size is not a multiple of N
        https://bugs.webkit.org/show_bug.cgi?id=53306

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateUniformMatrixParameters):
2011-01-28  Zhenyao Mo  <zmo@google.com>

        Reviewed by Kenneth Russell.

        uniformN*v should generate INVALID_VALUE of the array size is not a multiple of N
        https://bugs.webkit.org/show_bug.cgi?id=53306

        * fast/canvas/webgl/gl-uniform-arrays-expected.txt:
        * fast/canvas/webgl/gl-uniform-arrays.html:
        * fast/canvas/webgl/gl-uniformmatrix4fv-expected.txt:
        * fast/canvas/webgl/gl-uniformmatrix4fv.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76988 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Tom Sepez <tsepez@chromium.org>
commit-queue@webkit.org [Fri, 28 Jan 2011 22:17:24 +0000 (22:17 +0000)]
2011-01-28  Tom Sepez  <tsepez@chromium.org>

        Reviewed by Eric Seidel.

        NULL pointer crash in TextIterator::handleTextBox()
        https://bugs.webkit.org/show_bug.cgi?id=53267

        * fast/css/rtl-nth-child-first-letter-crash-expected.txt: Added.
        * fast/css/rtl-nth-child-first-letter-crash.html: Added.
2011-01-28  Tom Sepez  <tsepez@chromium.org>

        Reviewed by Eric Seidel.

        NULL pointer crash in TextIterator::handleTextBox()
        https://bugs.webkit.org/show_bug.cgi?id=53267

        Test: fast/css/rtl-nth-child-first-letter-crash.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76987 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dimitri Glazkov <dglazkov@chromium.org>
dglazkov@chromium.org [Fri, 28 Jan 2011 22:08:41 +0000 (22:08 +0000)]
2011-01-28  Dimitri Glazkov  <dglazkov@chromium.org>

        Skip webkitAudioPannerNode from the test. It's not yet implemented across
        all ports/platforms.

        * fast/dom/script-tests/prototype-inheritance.js: Skipped webkitAudioPannerNode.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76986 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adrienne Walker <enne@google.com>
enne@google.com [Fri, 28 Jan 2011 21:55:49 +0000 (21:55 +0000)]
2011-01-28  Adrienne Walker  <enne@google.com>

        Reviewed by Kenneth Russell.

        [chromium] Remove a spurious diagnostic CRASH check.
        https://bugs.webkit.org/show_bug.cgi?id=52379

        * platform/graphics/chromium/LayerTilerChromium.cpp:
        (WebCore::LayerTilerChromium::invalidateRect):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76984 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years agoSource/WebCore: <rdar://problem/4761512> <select> can't display right-to-left (rtl...
mitz@apple.com [Fri, 28 Jan 2011 21:34:55 +0000 (21:34 +0000)]
Source/WebCore: <rdar://problem/4761512> <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

Changed <select> pop-up menus on Mac OS X Snow Leopard and later to have their items aligned in the
direction corresponding to the writing direction of the <select> element, with the checkmarks
on the "start" side, and use the <option>'s writing direction rather than "natural". Made the
pop-up button match the menu by adding a Chrome boolean function, selectItemAlignmentFollowsMenuWritingDirection(),
which returns true for this pop-up behavior.

* loader/EmptyClients.h:
(WebCore::EmptyChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
* manual-tests/pop-up-alignment-and-direction.html: Added.
* page/Chrome.cpp:
(WebCore::Chrome::selectItemAlignmentFollowsMenuWritingDirection): Added. Calls through to the
client.
* page/Chrome.h:
* page/ChromeClient.h:
* platform/PopupMenuStyle.h:
(WebCore::PopupMenuStyle::PopupMenuStyle): Added hasTextDirectionOverride parameter and member
variable initialization.
(WebCore::PopupMenuStyle::hasTextDirectionOverride): Added this accessor.
* platform/mac/PopupMenuMac.mm:
(WebCore::PopupMenuMac::populate): Set the pop-up's layout direction and items' text alignment
to match the menu's writing direction. Set items' writing direction and direction override
according to their styles.
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::RenderMenuList): Removed unncesaary initialization of a smart pointer.
(WebCore::RenderMenuList::adjustInnerStyle): If the alignment of items in the menu follows the
menu's writing direction, use that alignment for the button as well. Also in this mode, use the
item's writing direction and override setting.
(WebCore::RenderMenuList::setTextFromOption): Store the option element's style.
(WebCore::RenderMenuList::itemStyle): Pass the text direction override value.
(WebCore::RenderMenuList::menuStyle): Ditto. Also use the button's direction, not the inner text's.
* rendering/RenderMenuList.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::menuStyle): Pass the text direction override value.

Source/WebKit/chromium: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* src/AutoFillPopupMenuClient.cpp:
(WebKit::AutoFillPopupMenuClient::initialize): Pass hasTextDirectionOverride to the PopupMenuStyle
constructor.
* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::selectItemAlignmentFollowsMenuWritingDirection): Added.
* src/ChromeClientImpl.h:
* tests/PopupMenuTest.cpp:
(WebKit::TestPopupMenuClient::itemStyle): Pass hasTextDirectionOverride to the PopupMenuStyle
constructor.

Source/WebKit/efl: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/ChromeClientEfl.cpp:
(WebCore::ChromeClientEfl::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/ChromeClientEfl.h:

Source/WebKit/gtk: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/ChromeClientGtk.cpp:
(WebKit::ChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/ChromeClientGtk.h:

Source/WebKit/haiku: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/ChromeClientHaiku.cpp:
(WebCore::ChromeClientHaiku::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/ChromeClientHaiku.h:

Source/WebKit/mac: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/WebChromeClient.h:
* WebCoreSupport/WebChromeClient.mm:
(WebChromeClient::selectItemWritingDirectionIsNatural): Changed to return false.
(WebChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added. Returns true.

Source/WebKit/qt: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/ChromeClientQt.cpp:
(WebCore::ChromeClientQt::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/ChromeClientQt.h:

Source/WebKit/win: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/WebChromeClient.cpp:
(WebChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/WebChromeClient.h:

Source/WebKit/wince: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebCoreSupport/ChromeClientWinCE.cpp:
(WebKit::ChromeClientWinCE::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebCoreSupport/ChromeClientWinCE.h:

Source/WebKit/wx: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* WebKitSupport/ChromeClientWx.cpp:
(WebCore::ChromeClientWx::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebKitSupport/ChromeClientWx.h:

Source/WebKit2: <select> can't display right-to-left (rtl) languages
https://bugs.webkit.org/show_bug.cgi?id=19785

Reviewed by Sam Weinig.

* Shared/WebPopupItem.cpp:
(WebKit::WebPopupItem::WebPopupItem): Added initializers for m_textDirection and m_hasTextDirectionOverride.
(WebKit::WebPopupItem::encode): Encode the item's writing direction and direction override values.
(WebKit::WebPopupItem::decode): Decode the item's writing direction and direction override values.
* Shared/WebPopupItem.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::showPopupMenu): Added a parameter for the menu's text direction.
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in: Ditto.
* UIProcess/WebPopupMenuProxy.h:
* UIProcess/mac/WebPopupMenuProxyMac.h:
* UIProcess/mac/WebPopupMenuProxyMac.mm:
(WebKit::WebPopupMenuProxyMac::populate): Added a parameter for the menu's text direction.
Set items' text alignment to match the menu's writing direction. Set items' writing direction
and direction override according to their styles.
(WebKit::WebPopupMenuProxyMac::showPopupMenu): Set the pop-up's layout direction.
* WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::selectItemWritingDirectionIsNatural): Changed to return false.
(WebKit::WebChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
* WebProcess/WebCoreSupport/WebChromeClient.h:
* WebProcess/WebCoreSupport/WebPopupMenu.cpp:
(WebKit::WebPopupMenu::populateItems): Initialize items' writing direction and direction override
values.
(WebKit::WebPopupMenu::show): Pass the menu's writing direction.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76983 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Dirk Pranke <dpranke@chromium.org>
dpranke@chromium.org [Fri, 28 Jan 2011 21:34:02 +0000 (21:34 +0000)]
2011-01-28  Dirk Pranke  <dpranke@chromium.org>

        Reviewed by Tony Chang.

        new-run-webkit-tests: add a "mock DRT" port implementation
        and a separate class that emulates what we expect the
        DumpRenderTree behavior to be.

        This will eventually replace port/dryrun.py and allow us to get
        better test coverage of the new-run-webkit-tests code as well as
        a reference for what new-run-webkit-tests expects from DRT.

        This is the first attempt at this, and it is pretty bare-boned. It
        really only has been tested on the 'mac' port (and a little on
        the 'chromium-mac' port.

        https://bugs.webkit.org/show_bug.cgi?id=53126

        * Scripts/webkitpy/common/system/filesystem_mock.py:
        * Scripts/webkitpy/layout_tests/port/dryrun.py:
        * Scripts/webkitpy/layout_tests/port/factory.py:
        * Scripts/webkitpy/layout_tests/port/mock_drt.py: Added.
        * Scripts/webkitpy/layout_tests/port/mock_drt_unittest.py: Added.
        * Scripts/webkitpy/layout_tests/port/test.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76982 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Fri, 28 Jan 2011 21:31:06 +0000 (21:31 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Teach XSSFilter how to filter <script> elements
        https://bugs.webkit.org/show_bug.cgi?id=53279

        This patch adds the ability for the XSSFilter to block injected
        <script> elements.  Handling script elements is slightly subtle because
        these elements act very differently depending on whether they have a
        src attribute.

        In the "src case", which check whether the src attribute was present in
        the request.  In the "non-src case", we check whether the start tag and
        the body of the script element was included in the request.  Checking
        for the whole start tag means we miss out on some attribute splitting
        attacks inside of script tags, but that doesn't seem like that big a
        deal.

        This patch also introduces some amount of state into the XSSFilter
        because inline script elements span multiple tokens.  There's a lot of
        tuning and optimization left in these cases, some of which I've noted
        with FIXMEs.

        To test this patch, I played around with some of the existing
        XSSAuditor tests.  Hopefully I'll be able to run the test suite more
        systematically in the future.

        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::eraseCharacters):
        (WebCore::HTMLToken::eraseValueOfAttribute):
        * html/parser/XSSFilter.cpp:
        (WebCore::HTMLNames::hasName):
        (WebCore::HTMLNames::findAttributeWithName):
        (WebCore::HTMLNames::isNameOfScriptCarryingAttribute):
        (WebCore::XSSFilter::XSSFilter):
        (WebCore::XSSFilter::filterToken):
        (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
        (WebCore::XSSFilter::filterScriptToken):
        (WebCore::XSSFilter::snippetForRange):
        (WebCore::XSSFilter::snippetForAttribute):
        * html/parser/XSSFilter.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76981 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Adam Barth <abarth@webkit.org>
abarth@webkit.org [Fri, 28 Jan 2011 21:29:31 +0000 (21:29 +0000)]
2011-01-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Daniel Bates.

        Sketch out new XSS filter design (disabled by default)
        https://bugs.webkit.org/show_bug.cgi?id=53205

        This patch adds a basic sketch of the new XSS filter design.  Rather
        than watching scripts as they execute, in this design, we watch tokens
        emitted by the tokenizer.  We then map the tokens directly back into
        input characters, which lets us skip all the complicated logic related
        to HTML entities and double-decoding of JavaScript URLs.

        This patch contains only the bare essentially machinery.  I'll add more
        in future patches and eventually remove the previous code once this
        code is up and running correctly.

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::HTMLDocumentParser):
        (WebCore::HTMLDocumentParser::pumpTokenizer):
        (WebCore::HTMLDocumentParser::sourceForToken):
        * html/parser/HTMLDocumentParser.h:
        * html/parser/XSSFilter.cpp: Added.
        * html/parser/XSSFilter.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76980 268f45cc-cd09-0410-ab3c-d52691b4dbfc

9 years ago2011-01-28 Martin Robinson <mrobinson@igalia.com>
mrobinson@webkit.org [Fri, 28 Jan 2011 21:29:07 +0000 (21:29 +0000)]
2011-01-28  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Build failure with --enable-indexed-database
        https://bugs.webkit.org/show_bug.cgi?id=50954

        Build fix for IndexedDB support.

        * configure.ac: Change the autogen.sh option --enable-indexeddb to
        --enable-indexed-database to match the build-webkit option.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@76979 268f45cc-cd09-0410-ab3c-d52691b4dbfc