WebKit-https.git
3 years agoGet rid of custom bindings code for XMLHttpRequest.open()
cdumez@apple.com [Wed, 20 Jul 2016 22:03:36 +0000 (22:03 +0000)]
Get rid of custom bindings code for XMLHttpRequest.open()
https://bugs.webkit.org/show_bug.cgi?id=159984

Reviewed by Ryosuke Niwa.

Get rid of custom bindings code for XMLHttpRequest.open() as the
bindings generator is able to generate it.

Relevant specification:
- https://xhr.spec.whatwg.org/#xmlhttprequest

The issue is that legacy content prevents treating the 'async' argument
being undefined identical from it being omitted. However, this can be
achieved by using overloading in IDL, like in the specification.

No new tests, already covered by the following tests:
- http/tests/xmlhttprequest/basic-auth.html
- http/tests/xmlhttprequest/open-async-overload.html

* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::SendFunctor::SendFunctor): Deleted.
(WebCore::SendFunctor::line): Deleted.
(WebCore::SendFunctor::column): Deleted.
(WebCore::SendFunctor::url): Deleted.
(WebCore::SendFunctor::operator()): Deleted.
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open):
* xml/XMLHttpRequest.h:
* xml/XMLHttpRequest.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark overriden methods in WebCore/svg final classes as final
commit-queue@webkit.org [Wed, 20 Jul 2016 21:21:21 +0000 (21:21 +0000)]
Mark overriden methods in WebCore/svg final classes as final
https://bugs.webkit.org/show_bug.cgi?id=159966

Patch by Rawinder Singh <rawinder.singh-webkit@cisra.canon.com.au> on 2016-07-20
Reviewed by Michael Catanzaro.

Update WebCore/svg classes so that overriden methods in final classes are marked final.

* svg/SVGAElement.h:
* svg/SVGAltGlyphDefElement.h:
* svg/SVGAltGlyphItemElement.h:
* svg/SVGAnimateTransformElement.h:
* svg/SVGAnimatedColor.h:
* svg/SVGCircleElement.h:
* svg/SVGClipPathElement.h:
* svg/SVGCursorElement.h:
* svg/SVGDefsElement.h:
* svg/SVGDescElement.h:
* svg/SVGEllipseElement.h:
* svg/SVGFEMergeNodeElement.h:
* svg/SVGFilterElement.h:
* svg/SVGFontElement.h:
* svg/SVGFontFaceElement.h:
* svg/SVGFontFaceFormatElement.h:
* svg/SVGFontFaceNameElement.h:
* svg/SVGFontFaceSrcElement.h:
* svg/SVGFontFaceUriElement.h:
* svg/SVGForeignObjectElement.h:
* svg/SVGGElement.h:
* svg/SVGGlyphElement.h:
* svg/SVGGlyphRefElement.h:
* svg/SVGHKernElement.h:
* svg/SVGImageElement.h:
* svg/SVGLineElement.h:
* svg/SVGMPathElement.h:
* svg/SVGMaskElement.h:
* svg/SVGMetadataElement.h:
* svg/SVGMissingGlyphElement.h:
* svg/SVGPathBuilder.h:
* svg/SVGPathByteStreamBuilder.h:
* svg/SVGPathByteStreamSource.h:
* svg/SVGPathElement.h:
* svg/SVGPathSegArcAbs.h:
* svg/SVGPathSegArcRel.h:
* svg/SVGPathSegClosePath.h:
* svg/SVGPathSegCurvetoCubicAbs.h:
* svg/SVGPathSegCurvetoCubicRel.h:
* svg/SVGPathSegCurvetoCubicSmoothAbs.h:
* svg/SVGPathSegCurvetoCubicSmoothRel.h:
* svg/SVGPathSegCurvetoQuadraticAbs.h:
* svg/SVGPathSegCurvetoQuadraticRel.h:
* svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
* svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
* svg/SVGPathSegLinetoAbs.h:
* svg/SVGPathSegLinetoHorizontalAbs.h:
* svg/SVGPathSegLinetoHorizontalRel.h:
* svg/SVGPathSegLinetoRel.h:
* svg/SVGPathSegLinetoVerticalAbs.h:
* svg/SVGPathSegLinetoVerticalRel.h:
* svg/SVGPathSegListBuilder.h:
* svg/SVGPathSegListSource.h:
* svg/SVGPathSegMovetoAbs.h:
* svg/SVGPathSegMovetoRel.h:
* svg/SVGPathStringSource.h:
* svg/SVGPathTraversalStateBuilder.h:
* svg/SVGPatternElement.h:
* svg/SVGRectElement.h:
* svg/SVGScriptElement.h:
* svg/SVGStopElement.h:
* svg/SVGStyleElement.h:
* svg/SVGSwitchElement.h:
* svg/SVGTRefElement.cpp:
* svg/SVGTitleElement.h:
* svg/SVGToOTFFontConversion.cpp:
* svg/SVGUnknownElement.h:
* svg/SVGVKernElement.h:
* svg/SVGViewElement.h:
* svg/SVGZoomEvent.h:
* svg/animation/SVGSMILElement.cpp:
* svg/graphics/SVGImage.h:
* svg/graphics/SVGImageClients.h:
* svg/graphics/SVGImageForContainer.h:
* svg/graphics/filters/SVGFEImage.h:
* svg/graphics/filters/SVGFilter.h:
* svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
* svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
* svg/properties/SVGAnimatedPropertyTearOff.h:
* svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
* svg/properties/SVGMatrixTearOff.h:
* svg/properties/SVGPathSegListPropertyTearOff.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203469 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix the build after 41dade3
wenson_hsieh@apple.com [Wed, 20 Jul 2016 20:28:44 +0000 (20:28 +0000)]
Fix the build after 41dade3

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203468 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix a linking failure caused by NetworkCache::Data::~Data()
changseok@webkit.org [Wed, 20 Jul 2016 20:03:06 +0000 (20:03 +0000)]
Fix a linking failure caused by NetworkCache::Data::~Data()
https://bugs.webkit.org/show_bug.cgi?id=159931

Linking is failed with clang 3.6. It says WebKit::NetworkCache::Data::~Data is undefined.
It is fixed by adding a destructor for NetworkCache::Data.

Reviewed by Alex Christensen.

* NetworkProcess/cache/NetworkCacheData.h:
(WebKit::NetworkCache::Data::~Data):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203467 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove unnecessary if check from ParkingLot.cpp
commit-queue@webkit.org [Wed, 20 Jul 2016 20:00:04 +0000 (20:00 +0000)]
Remove unnecessary if check from ParkingLot.cpp
https://bugs.webkit.org/show_bug.cgi?id=159961

Patch by Rajeev Misra <rajeevmisraforapple@gmail.com> on 2016-07-20
Reviewed by Alex Christensen.

A good practice is to have as less conditional statement
or special cases as possible in code. This change
simply removes a unnecessary "if" statement for
condition which was already evaluated by switch/case
and thus there was no need to evaluate again.

* wtf/ParkingLot.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203466 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTransition most IDB interfaces from ScriptExecutionContext to ExecState.
beidson@apple.com [Wed, 20 Jul 2016 19:42:53 +0000 (19:42 +0000)]
Transition most IDB interfaces from ScriptExecutionContext to ExecState.
https://bugs.webkit.org/show_bug.cgi?id=159975

Reviewed by Alex Christensen.

No new tests (No known behavior change).

* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::continueFunction):
(WebCore::IDBCursor::deleteFunction):
* Modules/indexeddb/IDBCursor.h:
* Modules/indexeddb/IDBCursor.idl:

* Modules/indexeddb/IDBDatabase.idl:

* Modules/indexeddb/IDBFactory.cpp:
(WebCore::IDBFactory::cmp):
* Modules/indexeddb/IDBFactory.h:
* Modules/indexeddb/IDBFactory.idl:

* Modules/indexeddb/IDBIndex.cpp:
(WebCore::IDBIndex::openCursor):
(WebCore::IDBIndex::count):
(WebCore::IDBIndex::doCount):
(WebCore::IDBIndex::openKeyCursor):
(WebCore::IDBIndex::get):
(WebCore::IDBIndex::doGet):
(WebCore::IDBIndex::getKey):
(WebCore::IDBIndex::doGetKey):
* Modules/indexeddb/IDBIndex.h:
* Modules/indexeddb/IDBIndex.idl:

* Modules/indexeddb/IDBKeyRange.cpp:
(WebCore::IDBKeyRange::only): Deleted.
* Modules/indexeddb/IDBKeyRange.h:

* Modules/indexeddb/IDBObjectStore.cpp:
(WebCore::IDBObjectStore::openCursor):
(WebCore::IDBObjectStore::get):
(WebCore::IDBObjectStore::putOrAdd):
(WebCore::IDBObjectStore::deleteFunction):
(WebCore::IDBObjectStore::doDelete):
(WebCore::IDBObjectStore::modernDelete):
(WebCore::IDBObjectStore::clear):
(WebCore::IDBObjectStore::createIndex):
(WebCore::IDBObjectStore::count):
(WebCore::IDBObjectStore::doCount):
* Modules/indexeddb/IDBObjectStore.h:
* Modules/indexeddb/IDBObjectStore.idl:

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::requestOpenCursor):
(WebCore::IDBTransaction::doRequestOpenCursor):
(WebCore::IDBTransaction::requestGetRecord):
(WebCore::IDBTransaction::requestGetValue):
(WebCore::IDBTransaction::requestGetKey):
(WebCore::IDBTransaction::requestIndexRecord):
(WebCore::IDBTransaction::requestCount):
(WebCore::IDBTransaction::requestDeleteRecord):
(WebCore::IDBTransaction::requestClearObjectStore):
(WebCore::IDBTransaction::requestPutOrAdd):
* Modules/indexeddb/IDBTransaction.h:

* inspector/InspectorIndexedDBAgent.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMedia controls don't appear when pausing a small autoplaying video
wenson_hsieh@apple.com [Wed, 20 Jul 2016 19:25:16 +0000 (19:25 +0000)]
Media controls don't appear when pausing a small autoplaying video
https://bugs.webkit.org/show_bug.cgi?id=159972
<rdar://problem/27180657>

Reviewed by Beth Dakin.

Source/WebCore:

When pausing an autoplaying video, remove behavior restrictions for the
initial user gesture and show media controls.

New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::pause):

Tools:

Adds a new test that verifies media controls show up when pausing a small autoplayed video. Also adds mechanisms
for simulating basic user interaction in VideoControlsManager.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm:
(-[WKWebView mouseDownAtPoint:]):
(-[DidPlayMessageHandler userContentController:didReceiveScriptMessage:]):
(-[OnLoadMessageHandler initWithWKWebView:handler:]):
(-[OnLoadMessageHandler userContentController:didReceiveScriptMessage:]):
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKit2Cocoa/autoplaying-video-with-audio.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203464 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix null handling of HTMLMediaElement.mediaGroup
cdumez@apple.com [Wed, 20 Jul 2016 19:21:51 +0000 (19:21 +0000)]
Fix null handling of HTMLMediaElement.mediaGroup
https://bugs.webkit.org/show_bug.cgi?id=159974

Reviewed by Eric Carlson.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
- https://www.w3.org/TR/html5/embedded-content-0.html#media-elements

null is supposed to be treated as the String "null". This patch aligns
our behavior with the specification. I tested Firefox and Chrome but both
do not have this attribute on HTMLMediaElement.

Also remove support for [TreatNullAs=LegacyNullString] from our bindings
generator as HTMLMediaElement.mediaGroup was the last user.

No new tests, rebaselined existing test.

* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
* bindings/scripts/IDLAttributes.txt:
* html/HTMLMediaElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoExplain the default value of WKWebViewConfiguration's ignoresViewportScaleLimits
timothy_horton@apple.com [Wed, 20 Jul 2016 18:59:22 +0000 (18:59 +0000)]
Explain the default value of WKWebViewConfiguration's ignoresViewportScaleLimits
https://bugs.webkit.org/show_bug.cgi?id=159978
<rdar://problem/27453189>

Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/WKWebViewConfiguration.h:
This defaults to NO.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203462 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSSStyleDeclaration.setProperty() should be able to unset "important" on a property
cdumez@apple.com [Wed, 20 Jul 2016 18:01:26 +0000 (18:01 +0000)]
CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
https://bugs.webkit.org/show_bug.cgi?id=159959

Reviewed by Alexey Proskuryakov.

Source/WebCore:

CSSStyleDeclaration.setProperty() should be able to unsert "important"
on a property as per the latest specification:
- https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
- https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute

Firefox and Chrome match the specification here but WebKit was ignoring calls
to setProperty() if there is already an "important" property wit this name
and if the new property does not have the "important" flag set.

This behavior was added a long time ago via Bug 60007. However, it does not
match the latest specification or other browsers.

Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html

* css/StyleProperties.cpp:
(WebCore::MutableStyleProperties::addParsedProperty):
Drop code that was added via Bug 60007 as this behavior no longer matches the
specification or other browsers. The layout test added in Bug 60007 fails in
other browsers and was updated in this patch to match the specification.

LayoutTests:

* fast/css/CSSStyleDeclaration-setProperty-unset-important-expected.txt: Added.
* fast/css/CSSStyleDeclaration-setProperty-unset-important.html: Added.
Add layout test coverage.

* fast/css/important-js-override.html:
The test covered our 'wrong' behavior and was failing in Firefox / Chrome.
I updated the test to match the behavior in the specification. The test
now passed in Chrome and Firefox.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203460 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r203423.
ryanhaddad@apple.com [Wed, 20 Jul 2016 17:55:53 +0000 (17:55 +0000)]
Unreviewed, rolling out r203423.
https://bugs.webkit.org/show_bug.cgi?id=159977

The test for this change is failing on Mac Release WK2
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"HTMLVideoElement frames do not update on iOS when src is a
MediaStream blob"
https://bugs.webkit.org/show_bug.cgi?id=159833
http://trac.webkit.org/changeset/203423

Patch by Commit Queue <commit-queue@webkit.org> on 2016-07-20

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203459 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLand test expectations for rdar://problem/27434307.
ryanhaddad@apple.com [Wed, 20 Jul 2016 17:54:19 +0000 (17:54 +0000)]
Land test expectations for rdar://problem/27434307.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] MathML fonts are not found.
pvollan@apple.com [Wed, 20 Jul 2016 17:18:35 +0000 (17:18 +0000)]
[Win] MathML fonts are not found.
https://bugs.webkit.org/show_bug.cgi?id=159920

Reviewed by Alex Christensen.

When looking up a font in the registry, use the /v option of the Windows 'reg query' command to query
for a specific registry key value.

* Scripts/webkitdirs.pm:
(fontExists):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix null handling of HTMLSelectElement.value attribute
cdumez@apple.com [Wed, 20 Jul 2016 16:37:40 +0000 (16:37 +0000)]
Fix null handling of HTMLSelectElement.value attribute
https://bugs.webkit.org/show_bug.cgi?id=159925

Reviewed by Benjamin Poulain.

Source/WebCore:

Fix null handling of HTMLSelectElement.value attribute:
- https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement

We were treating null as the null String which would end up setting
selectedIndex to -1. However, we should treat null as the String "null"
which would set the selectedIndex to the index of the <option> element
whose value is "null".

Firefox and Chrome match the specification.

Test: fast/dom/HTMLSelectElement/value-null-handling.html

* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::setValue):
* html/HTMLSelectElement.idl:

LayoutTests:

Add layout test coverage. I have verified that this test is passing in
both Firefox and Chrome.

* fast/dom/HTMLSelectElement/value-null-handling-expected.txt: Added.
* fast/dom/HTMLSelectElement/value-null-handling.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203456 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoConsolidating duplicate TestExpectations for fast/images/animated-png.html.
ryanhaddad@apple.com [Wed, 20 Jul 2016 15:50:45 +0000 (15:50 +0000)]
Consolidating duplicate TestExpectations for fast/images/animated-png.html.

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Pausing when Debugger tab is closed opens tab in wrong state
commit-queue@webkit.org [Wed, 20 Jul 2016 15:41:04 +0000 (15:41 +0000)]
Web Inspector: Pausing when Debugger tab is closed opens tab in wrong state
https://bugs.webkit.org/show_bug.cgi?id=159946
<rdar://problem/27429886>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-07-20
Reviewed by Timothy Hatcher.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel):
At the end of construction, update the UI to match the current state
of the world. Such as updating the UI if we are paused, or if the
Timeline is capturing and we are temporarily disabling breakpoints.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImprove prepare-ChangeLog for @media blocks
commit-queue@webkit.org [Wed, 20 Jul 2016 15:40:05 +0000 (15:40 +0000)]
Improve prepare-ChangeLog for @media blocks
https://bugs.webkit.org/show_bug.cgi?id=159907

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-07-20
Reviewed by Timothy Hatcher.

* Scripts/prepare-ChangeLog:
(get_selector_line_ranges_for_css):
Get a range for @media blocks just like a selector.
    Start Line = line with '{'
    End line = line with '}'
    Name = "@media ..."

* Scripts/webkitperl/prepare-ChangeLog_unittest/resources/css_unittests_warning-expected.txt:
Improved error messages for unbalanced portions.

* Scripts/webkitperl/prepare-ChangeLog_unittest/resources/css_unittests-expected.txt:
* Scripts/webkitperl/prepare-ChangeLog_unittest/resources/css_unittests.css:
(.media-query::before):
(@media only screen and (max-width: 980px)):
(.media-query a):
(@media (-webkit-min-device-pixel-ratio: 2)):
(.both a):
(.both b):
(.media-query b):
(.media-query::after):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCrashOnOverflow in JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets
msaboff@apple.com [Wed, 20 Jul 2016 14:50:32 +0000 (14:50 +0000)]
CrashOnOverflow in JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets
https://bugs.webkit.org/show_bug.cgi?id=159954

Reviewed by Benjamin Poulain.

YarrPatternConstructor::setupAlternativeOffsets() is using the checked arithmetic class
Checked<>, for offset calculations.  However the default use will just crash on
overflow.  Instead we should stop processing and propagate the error up the call stack.

Consolidated explicit error string with the common RegExp parsing error logic.
Moved that logic to YarrPattern as that seems like a better common place to put it.

* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* tests/stress/regress-159954.js: New test.
* yarr/YarrParser.h:
(JSC::Yarr::Parser::CharacterClassParserDelegate::CharacterClassParserDelegate):
(JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::Parser):
(JSC::Yarr::Parser::isIdentityEscapeAnError):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::parseCharacterClass):
(JSC::Yarr::Parser::parseParenthesesBegin):
(JSC::Yarr::Parser::parseParenthesesEnd):
(JSC::Yarr::Parser::parseQuantifier):
(JSC::Yarr::Parser::parseTokens):
(JSC::Yarr::Parser::parse):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::disjunction):
(JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):
(JSC::Yarr::YarrPatternConstructor::setupOffsets):
(JSC::Yarr::YarrPattern::errorMessage):
(JSC::Yarr::YarrPattern::compile):
* yarr/YarrPattern.h:
(JSC::Yarr::YarrPattern::reset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Linux] MemoryPressureMonitor fallback code to get memory available in older linux...
carlosgc@webkit.org [Wed, 20 Jul 2016 13:07:05 +0000 (13:07 +0000)]
[Linux] MemoryPressureMonitor fallback code to get memory available in older linux kernels doesn't work
https://bugs.webkit.org/show_bug.cgi?id=159970

Reviewed by Antonio Gomes.

We are failing to detect zones when parsing /proc/zoneinfo.

* UIProcess/linux/MemoryPressureMonitor.cpp:
(WebKit::lowWatermarkPages): Use strncmp since we want to know whether the line starts with "Node".
(WebKit::MemoryPressureMonitor::MemoryPressureMonitor): Stop the polling if we fail to get the memory available,
because that means it's not sopported in the system for whatever reason.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoPostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspen...
cdumez@apple.com [Wed, 20 Jul 2016 13:02:30 +0000 (13:02 +0000)]
PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
https://bugs.webkit.org/show_bug.cgi?id=159962
<rdar://problem/21439264>

Reviewed by David Kilzer.

PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
other. It is therefore possible for a PostResolutionCallbackDisabler object to get
destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
ResourceLoadSuspender object is alive.

This leads to hard to investigate crashes where we end up re-entering WebKit and killing
the style resolver.

This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
is better because it manages a resolutionNestingDepth counter internally to make sure
it only calls LoaderStrategy::resumePendingRequests() once all
PostResolutionCallbackDisabler instances are destroyed.

No new tests, there is no easy way to reproduce the crashes.

* dom/Document.cpp:
(WebCore::Document::styleForElementIgnoringPendingStylesheets):
* loader/LoaderStrategy.cpp:
(WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
(WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
* loader/LoaderStrategy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Threaded Compositor] Web Process crash when the layer tree host is destroyed
carlosgc@webkit.org [Wed, 20 Jul 2016 12:17:37 +0000 (12:17 +0000)]
[Threaded Compositor] Web Process crash when the layer tree host is destroyed
https://bugs.webkit.org/show_bug.cgi?id=159922

Reviewed by Sergio Villar Senin.

It happens when the layer tree host is destroyed after the didChangeVisibleRect is scheduled to be run in the
main thread, but before it's actually dispatched. In that case the threaded compositor client points to a
deleted object and crashes when trying to dereference it.

* Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:
(WebKit::ThreadedCompositor::~ThreadedCompositor): Add an assert to ensure invalidate is always called before
the object is deleted.
(WebKit::ThreadedCompositor::invalidate): Terminate the compositing thread and nullify the client.
(WebKit::ThreadedCompositor::didChangeVisibleRect): Return early if the client is null when the task is
dispatched in the main thread.
* Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h: Add invalidate().
* WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp:
(WebKit::ThreadedCoordinatedLayerTreeHost::invalidate): Invalidate the ThreadedCompositor and chain up.
* WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix expectedFailErrorHandler in run-jsc-stress-tests
ossy@webkit.org [Wed, 20 Jul 2016 08:50:16 +0000 (08:50 +0000)]
Fix expectedFailErrorHandler in run-jsc-stress-tests
https://bugs.webkit.org/show_bug.cgi?id=159811

Reviewed by Yusuke Suzuki.

* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203448 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed Mac cmake buildfix after r203426. Just for fun.
ossy@webkit.org [Wed, 20 Jul 2016 08:49:49 +0000 (08:49 +0000)]
Unreviewed Mac cmake buildfix after r203426. Just for fun.

* TestWebKitAPI/PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoJSC JIT Broken on ARMv7 Traditional (without Thumb2)
ossy@webkit.org [Wed, 20 Jul 2016 07:30:51 +0000 (07:30 +0000)]
JSC JIT Broken on ARMv7 Traditional (without Thumb2)
https://bugs.webkit.org/show_bug.cgi?id=159880

Reviewed by Carlos Garcia Campos.

* Source/cmake/OptionsCommon.cmake: Use the BFD linker on ARM traditional because of a gold linker bug.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept...
commit-queue@webkit.org [Wed, 20 Jul 2016 06:23:13 +0000 (06:23 +0000)]
[Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
https://bugs.webkit.org/show_bug.cgi?id=159932

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-19
Reviewed by Alex Christensen.

Covered by existing tests.

Refactoring Headers initializeWith to use the new built-in internal that implements
https://fetch.spec.whatwg.org/#concept-headers-fill.

Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.

* CMakeLists.txt: Adding FetchHeadersInternals.js
* DerivedSources.make: Ditto.
* Modules/fetch/FetchHeaders.js:
(initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
* Modules/fetch/FetchInternals.js: Added.
(fillFetchHeaders):
* Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
that the checks are done in the order defined by the spec.
(WebCore::FetchResponse::setStatus):
(WebCore::FetchResponse::initializeWith):
(WebCore::isNullBodyStatus): Deleted.
* Modules/fetch/FetchResponse.h:
* Modules/fetch/FetchResponse.idl:
* Modules/fetch/FetchResponse.js:
(initializeFetchResponse): New built-in internal.
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/WebCoreBuiltinNames.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix null handling of SVGScriptElement.type attribute
cdumez@apple.com [Wed, 20 Jul 2016 05:13:06 +0000 (05:13 +0000)]
Fix null handling of SVGScriptElement.type attribute
https://bugs.webkit.org/show_bug.cgi?id=159927

Reviewed by Benjamin Poulain.

Source/WebCore:

Fix null handling of SVGScriptElement.type attribute:
- https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement

We were treating null as the null String which would end up removing
the 'type' content attribute. However, we should treat null as the
String "null".

Firefox and Chrome match the specification.

No new tests, updated existing test.

* svg/SVGScriptElement.idl:

LayoutTests:

Rebaseline existing test to reflect the behavior change.

* svg/dom/svg-element-attribute-js-null-expected.txt:
* svg/dom/svg-element-attribute-js-null.xhtml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix null handling of several HTMLDocument attributes
cdumez@apple.com [Wed, 20 Jul 2016 05:09:51 +0000 (05:09 +0000)]
Fix null handling of several HTMLDocument attributes
https://bugs.webkit.org/show_bug.cgi?id=159923

Reviewed by Benjamin Poulain.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-sections-expected.txt:

Source/WebCore:

Fix null handling of several HTMLDocument attributes:
- https://html.spec.whatwg.org/multipage/dom.html#document
- https://html.spec.whatwg.org/multipage/obsolete.html#document-partial

In particular, null handling was incorrect in WebKit for 'dir',
'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.

Firefox and Chrome match the specification.

Test: fast/dom/HTMLDocument/null-handling.html

* html/HTMLDocument.idl:

LayoutTests:

Add layout test coverage. I have verified that this test is passing in
both Firefox and Chrome.

* fast/dom/HTMLDocument/null-handling-expected.txt: Added.
* fast/dom/HTMLDocument/null-handling.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Automation: WebAutomationSessionProxy's HashMaps should support '0' as valid...
bburg@apple.com [Wed, 20 Jul 2016 03:23:18 +0000 (03:23 +0000)]
Web Automation: WebAutomationSessionProxy's HashMaps should support '0' as valid keys
https://bugs.webkit.org/show_bug.cgi?id=159957
<rdar://problem/27376446>

Reviewed by Joseph Pecoraro.

* WebProcess/Automation/WebAutomationSessionProxy.h:
Use UnsignedWithZeroKeyHashTraits to avoid problems with zero as a key.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203442 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDocument.createElementNS() / createAttributeNS() parameters should be mandatory
cdumez@apple.com [Wed, 20 Jul 2016 01:45:51 +0000 (01:45 +0000)]
Document.createElementNS() / createAttributeNS() parameters should be mandatory
https://bugs.webkit.org/show_bug.cgi?id=159938

Reviewed by Benjamin Poulain.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/dom/nodes/Document-createElementNS-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Document.createElementNS() / createAttributeNS() parameters should be mandatory:
- https://dom.spec.whatwg.org/#document

They were optional in WebKit. However, Firefox and Chrome both match the
specification.

No new tests, rebaselined existing tests.

* dom/Document.idl:

LayoutTests:

Update / rebaseline existing tests to reflect the behavior change.

* fast/dom/Document/createAttributeNS-namespace-err-expected.txt:
* fast/dom/Document/createElementNS-namespace-err-expected.txt:
* fast/dom/Document/script-tests/createAttributeNS-namespace-err.js:
* fast/dom/Document/script-tests/createElementNS-namespace-err.js:
* fast/dom/attribute-downcast-right.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203441 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThe default testing mode should not involve disabling the FTL JIT
fpizlo@apple.com [Wed, 20 Jul 2016 01:45:25 +0000 (01:45 +0000)]
The default testing mode should not involve disabling the FTL JIT
https://bugs.webkit.org/show_bug.cgi?id=159929

Rubber stamped by Mark Lam and Saam Barati.

Source/JavaScriptCore:

Use the new powers to make some tests run only in the default configuration (i.e. FTL,
concurrent JIT).

* tests/mozilla/mozilla-tests.yaml:

Tools:

It used to be the case that most actively maintained ports did not have the FTL JIT enabled.
Heck, for most of the FTL's initial development, it wasn't enabled anywhere. So, testing the
FTL was not the default. You had to enable it with an option.

For some reason we have kept this arrangement even though the FTL JIT is now the default on
all of the major ports. This has become a serious pain. For example, it's useful to be able
to say that a test should only run in the default config that is representative of what a
normal user would see if they ran JSC. Clearly, this would be a config that does not
explicitly disable the FTL JIT on the command line. However, if you try to specify this then
your test won't run at all if the --ftl-jit option is not passed. That's dangerous!

So, this change gets rid of all of this logic. I think it's better to get rid of it then to
try to fix it, because:

- I don't know what the fix would look like. Presumably it would ensure that ports that don't
  have the FTL enabled never run any tests that explicitly disable the FTL, since that
  doesn't do anything. The code is not really structured to allow this.

- It benefits a minority of clients. Three build bots run tests in a config that has the FTL
  disabled in testing. On the other hand there are already build bots that do FTL tests
  despite having the FTL disabled by virtue of being a 32-bit platform. So, maybe rather than
  preserving this broken feature, we should create something that (a) acknowledges the fact
  that the FTL is the default on those platforms that support it and (b) avoids running
  no-ftl tests on precisely those platforms that don't have FTL.

- To the extent that some bots benefited from disabling FTL tests, they were doing it by
  relying on a feature that was never meant to stick around. The FTL JIT is meant to be the
  default configuration. Disabling the FTL JIT is the non-default. So, we shouldn't be
  pretending that the FTL JIT is not the default just because some bots used that as an
  optimization.

This change allows me to speed up some debug tests and paint some bots green.

* Scripts/run-javascriptcore-tests:
(runJSCStressTests):
* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203440 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUse getElementById for attribute matching if the attribute name is html's id
benjamin@webkit.org [Wed, 20 Jul 2016 01:29:25 +0000 (01:29 +0000)]
Use getElementById for attribute matching if the attribute name is html's id
https://bugs.webkit.org/show_bug.cgi?id=159960

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-07-19
Reviewed by Chris Dumez.

Source/WebCore:

Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
(https://bugs.chromium.org/p/chromium/issues/detail?id=627242).

If we are not in quirks mode, IdForStyleResolution has the same value
as the Id attribute. We can use the same optimization for both cases.

Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
       fast/selectors/id-attribute-querySelector-used-as-id-selector.html

* dom/SelectorQuery.cpp:
(WebCore::canBeUsedForIdFastPath):
(WebCore::findIdMatchingType):
(WebCore::SelectorDataList::SelectorDataList):
(WebCore::selectorForIdLookup):
(WebCore::filterRootById):

LayoutTests:

* fast/selectors/id-attribute-querySelector-used-as-id-selector-expected.txt: Added.
* fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks-expected.txt: Added.
* fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html: Added.
* fast/selectors/id-attribute-querySelector-used-as-id-selector.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDrop SVGElement.xmlbase attribute
cdumez@apple.com [Wed, 20 Jul 2016 01:27:24 +0000 (01:27 +0000)]
Drop SVGElement.xmlbase attribute
https://bugs.webkit.org/show_bug.cgi?id=159926

Reviewed by Benjamin Poulain.

Source/WebCore:

Drop SVGElement.xmlbase attribute as it is no longer part of the
specification:
- https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement

Both Firefox and Chrome have already dropped support for
SVGElement.xmlbase.

Chrome's intent to remove:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ

Test: svg/dom/SVGElement-xmlbase.html

* svg/SVGElement.cpp:
(WebCore::SVGElement::removedFrom): Deleted.
* svg/SVGElement.h:
* svg/SVGElement.idl:

LayoutTests:

* svg/dom/SVGElement-xmlbase-expected.txt: Added.
* svg/dom/SVGElement-xmlbase.html: Added.
Check that SVGElement.xmlbase does not exist.

* svg/dom/svg-element-attribute-js-null-expected.txt:
* svg/dom/svg-element-attribute-js-null.xhtml:
Drop obsolete testing for SVGElement.xmlbase.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAlign CSSStyleDeclaration.setProperty() with the specification
cdumez@apple.com [Wed, 20 Jul 2016 01:20:23 +0000 (01:20 +0000)]
Align CSSStyleDeclaration.setProperty() with the specification
https://bugs.webkit.org/show_bug.cgi?id=159955

Reviewed by Benjamin Poulain.

Source/WebCore:

Align CSSStyleDeclaration.setProperty() with the specification:
- https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface

In particular, the following changes were needed:
1. The 'value' parameter should not be optional
2. The 'priority' parameter should treat null as the empty string
   rather than the string "null".
3. The 'priority' parameter's default value should be the empty string,
   not the string "undefined".
4. CSSStyleDeclaration.setProperty() should return early if 'priority'
   is not the empty string and is not an ASCII case-insensitive match
   for the string "important".

Chrome matches the specification entirely.
Firefox matches the specification with the exception that it does a
case-sensitive match for "important".

Test: fast/css/CSSStyleDeclaration-setProperty.html

* css/CSSStyleDeclaration.idl:
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::PropertySetCSSStyleDeclaration::setProperty):

LayoutTests:

Add layout test coverage.

* fast/css/CSSStyleDeclaration-setProperty-expected.txt: Added.
* fast/css/CSSStyleDeclaration-setProperty.html: Added.
* fast/css/shorthand-priority.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203437 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix API test after r203426.
achristensen@apple.com [Wed, 20 Jul 2016 00:29:21 +0000 (00:29 +0000)]
Fix API test after r203426.
https://bugs.webkit.org/show_bug.cgi?id=159949

* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm:
(TEST):
If there is website data already on disk, the initial count after putting the AppCache data in place will not be exactly 1.
This is no problem.  We want to verify that it is a nonzero number and that it decrements by one when we remove the 1 AppCache data.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203436 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove WebKitErrorFrameLoadBlockedByContentFilter from WebKitErrors.h to WebKitErrorsPr...
aestes@apple.com [Wed, 20 Jul 2016 00:09:52 +0000 (00:09 +0000)]
Move WebKitErrorFrameLoadBlockedByContentFilter from WebKitErrors.h to WebKitErrorsPrivate.h
https://bugs.webkit.org/show_bug.cgi?id=159956

Reviewed by Dan Bernstein.

Source/WebKit/mac:

* Misc/WebKitErrors.h: Moved definition of WebKitErrorFrameLoadBlockedByContentFilter from here ...
* Misc/WebKitErrorsPrivate.h: to here.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/ContentFiltering.mm: Included WKErrorRef.h.
(-[LoadAlternateNavigationDelegate webView:didFailProvisionalNavigation:withError:]):
Used kWKErrorCodeFrameLoadBlockedByContentFilter instead of WebKitErrorFrameLoadBlockedByContentFilter.
* TestWebKitAPI/Tests/mac/ContentFiltering.mm: Included WebKitErrorsPrivate.h instead of WebKitErrors.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSP: Improve support for multiple policies to more closely conform to the CSP Level...
dbates@webkit.org [Tue, 19 Jul 2016 23:38:26 +0000 (23:38 +0000)]
CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
https://bugs.webkit.org/show_bug.cgi?id=159841
<rdar://problem/27381684>

Reviewed by Brent Fulgham.

Source/WebCore:

Implement a first pass at sending multiple violation reports so as to more closely
conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
<https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).

Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
       http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
       http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html

* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
is allowed by all of the policies with the specified disposition.
(WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
all of the enforced policies.
(WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
(WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
(WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
(WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
(WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
(WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
report-only policies so that we only allow the resource for the former. As a side effect of this change
we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
for more details.
(WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
(WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
(WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
(WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
(WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
(WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
(WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
(WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
(WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
* page/csp/ContentSecurityPolicy.h:
(WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.

LayoutTests:

* http/tests/security/contentSecurityPolicy/1.1/resources/scripthash-in-enforced-policy-and-not-in-report-only.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/resources/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/resources/scriptnonce-in-enforced-policy-and-not-in-report-only.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/resources/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/scripthash-multiple-policies-expected.txt: Update expected result to reflect additional console
messages. We will remove these extraneous console messages as part of the fix for <https://bugs.webkit.org/show_bug.cgi?id=159832>.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203434 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd regression test for r203392
achristensen@apple.com [Tue, 19 Jul 2016 23:06:42 +0000 (23:06 +0000)]
Add regression test for r203392
https://bugs.webkit.org/show_bug.cgi?id=159949

Reviewed by Brady Eidson.

* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm:
(fileSize):
(swizzledBundleIdentifierWebBookmarksD):
(defaultApplicationCacheDirectory):
(TEST):
(swizzledBundleIdentifierMobileSafari): Deleted.
This actually tests that webbookmarksd uses the path quirk in WebsiteDataStore::defaultApplicationCacheDirectory.
I wanted to verify that it uses the same path as MobileSafari, but swizzling out the bundleIdentifier twice caused
problems with the static bools that are set once in RuntimeApplicationChecks.mm.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix null handling of HTMLScriptElement.text attribute
cdumez@apple.com [Tue, 19 Jul 2016 22:55:50 +0000 (22:55 +0000)]
Fix null handling of HTMLScriptElement.text attribute
https://bugs.webkit.org/show_bug.cgi?id=159943

Reviewed by Benjamin Poulain.

LayoutTests/imported/w3c:

Rebaseline W3C test now that one more check is passing.

* web-platform-tests/html/semantics/scripting-1/the-script-element/script-text-expected.txt:

Source/WebCore:

Fix null handling of HTMLScriptElement.text attribute:
- https://html.spec.whatwg.org/multipage/scripting.html#the-script-element

We should treat null as the "null" String but we were treating it as
the empty string.

Firefox and Chrome match the specification.

No new tests, rebaselined existing test.

* html/HTMLScriptElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoautocapitalize attribute should not use [TreatNullAs=LegacyNullString]
cdumez@apple.com [Tue, 19 Jul 2016 22:55:21 +0000 (22:55 +0000)]
autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
https://bugs.webkit.org/show_bug.cgi?id=159934

Reviewed by Benjamin Poulain.

Source/WebCore:

autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
non-standard and we want to drop support for it from the bindings generator.

Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
given that both a missing/empty attribute result in using the default
autocapitalization mode and that autocapitalize returns the empty string by
default.

Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html

* html/HTMLFormElement.idl:
* html/HTMLInputElement.idl:
* html/HTMLTextAreaElement.idl:

LayoutTests:

Add layout test coverage.

* platform/ios-simulator/ios/fast/forms/autocapitalize-null-expected.txt: Added.
* platform/ios-simulator/ios/fast/forms/autocapitalize-null.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd regression test for r203392
achristensen@apple.com [Tue, 19 Jul 2016 22:51:13 +0000 (22:51 +0000)]
Add regression test for r203392
https://bugs.webkit.org/show_bug.cgi?id=159949

Reviewed by Brady Eidson.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/ApplicationCache.db: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/ApplicationCache.db-shm: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/ApplicationCache.db-wal: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm:
(TEST):
(fileSize):
(swizzledBundleIdentifierMobileSafari):
(swizzledBundleIdentifierWebBookmarksD):
(defaultApplicationCacheDirectory):
* TestWebKitAPI/cocoa/InstanceMethodSwizzler.h: Copied from TestWebKitAPI/mac/InstanceMethodSwizzler.h.
* TestWebKitAPI/cocoa/InstanceMethodSwizzler.mm: Copied from TestWebKitAPI/mac/InstanceMethodSwizzler.mm.
* TestWebKitAPI/mac/InstanceMethodSwizzler.h: Removed.
* TestWebKitAPI/mac/InstanceMethodSwizzler.mm: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot...
zalan@apple.com [Tue, 19 Jul 2016 22:50:10 +0000 (22:50 +0000)]
REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
https://bugs.webkit.org/show_bug.cgi?id=159952

Reviewed by Simon Fraser.

Update ASSERTs to reflect new functionality, that is, now we can end up in a state
where the container (RenderView) of one of the dirty subtrees is dirty.
See r203415.

Covered by editing/pasteboard/drag-drop-input-in-svg.svg

* page/FrameView.cpp:
(WebCore::FrameView::scheduleRelayoutOfSubtree):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(202927): The first slide is the only displayed slide when Quicklooking...
dino@apple.com [Tue, 19 Jul 2016 22:43:41 +0000 (22:43 +0000)]
REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
https://bugs.webkit.org/show_bug.cgi?id=159948
<rdar://problem/27391012>

Reviewed by Simon Fraser.

There is an iOS bug (<rdar://problem/27416744>) that is causing us
to not always get a color space on CGContextRefs. Investigation of this
exposed some optimizations we can take when we are creating ImageBuffers.
In particular, if we have a bitmap context or an IOSurfaceContext we
can simply copy their color space using API. Otherwise we stick with
the existing CGContextCopyDeviceColorSpace.

Lastly, if for some reason we are unable to copy the device color space,
we should fall back to sRGB.

* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::createCompatibleBuffer):
* platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHTMLVideoElement frames do not update on iOS when src is a MediaStream blob
commit-queue@webkit.org [Tue, 19 Jul 2016 22:35:51 +0000 (22:35 +0000)]
HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
https://bugs.webkit.org/show_bug.cgi?id=159833
<rdar://problem/27379487>

Patch by George Ruan <gruan@apple.com> on 2016-07-19
Reviewed by Eric Carlson.

Source/WebCore:

Test: fast/mediastream/MediaStream-video-element-displays-buffer.html

* WebCore.xcodeproj/project.pbxproj:
* platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
of RefPtr<T>
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
observers and AVSampleBufferDisplayLayer
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
is available.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
for enqueuing sample buffers to the active video track.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
exists.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
new SampleBuffer is available.
(WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
MediaPlayerPrivateMediaSourceAVFObjC.mm
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
* platform/mediastream/MediaStreamPrivate.cpp:
(WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
* platform/mediastream/MediaStreamTrackPrivate.cpp:
(WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
is available.
* platform/mediastream/MediaStreamTrackPrivate.h:
(WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
* platform/mediastream/RealtimeMediaSource.cpp:
(WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
* platform/mediastream/RealtimeMediaSource.h:
* platform/mediastream/mac/AVVideoCaptureSource.mm:
(WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.

LayoutTests:

* fast/mediastream/MediaStream-video-element-displays-buffer-expected.txt: Added.
* fast/mediastream/MediaStream-video-element-displays-buffer.html: Added. Checks that
a video element with a mediastream source displays frames that are neither black or transparent.
* fast/mediastream/resources/getUserMedia-helper.js:
(setupVideoElementWithStream): Sets up video element with global variable mediastream.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of a #define private public hack in WebCore
andersca@apple.com [Tue, 19 Jul 2016 21:55:51 +0000 (21:55 +0000)]
Get rid of a #define private public hack in WebCore
https://bugs.webkit.org/show_bug.cgi?id=159953

Reviewed by Dan Bernstein.

Use @package instead.

* bindings/objc/DOMInternal.h:
* bindings/objc/DOMObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTest262 should have a file with the revision and url
keith_miller@apple.com [Tue, 19 Jul 2016 21:27:01 +0000 (21:27 +0000)]
Test262 should have a file with the revision and url
https://bugs.webkit.org/show_bug.cgi?id=159937

Reviewed by Mark Lam.

Source/JavaScriptCore:

The file.

* tests/test262/test262-Revision.txt: Added.

Tools:

The import script should update the information from
the path to the test262 repository it gets.

* Scripts/import-test262-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203421 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix SharedBuffer leak in MockContentFilter::replacementData().
akling@apple.com [Tue, 19 Jul 2016 21:14:04 +0000 (21:14 +0000)]
Fix SharedBuffer leak in MockContentFilter::replacementData().
<https://webkit.org/b/159945>

Reviewed by Andy Estes.

Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
Since this is in the mock filter, it only affected layout tests.

* testing/MockContentFilter.cpp:
(WebCore::MockContentFilter::replacementData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebCore-7602.1.42 fails to build: error: private field 'm_vm' is not used
andersca@apple.com [Tue, 19 Jul 2016 20:52:48 +0000 (20:52 +0000)]
WebCore-7602.1.42 fails to build: error: private field 'm_vm' is not used
https://bugs.webkit.org/show_bug.cgi?id=159944
rdar://problem/27420308

Reviewed by Dan Bernstein.

Wrap the m_vm declaration and initialization in conditional guards.

* Scripts/builtins/builtins_generate_internals_wrapper_header.py:
(generate_members):
* Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
(BuiltinsInternalsWrapperImplementationGenerator.generate_constructor):
Add guards.

* Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
Update expected results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoLand test expectations for rdar://problem/27356144.
ryanhaddad@apple.com [Tue, 19 Jul 2016 20:43:49 +0000 (20:43 +0000)]
Land test expectations for rdar://problem/27356144.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTemporary workaround for iOS EWS failing after the fix for bug 159539.
ap@apple.com [Tue, 19 Jul 2016 20:32:29 +0000 (20:32 +0000)]
Temporary workaround for iOS EWS failing after the fix for bug 159539.
To be deleted once the root cause is found and addressed.

* EWSTools/start-queue-mac.sh:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203417 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r203348-r203368): ASSERTION FAILED: from.isCell() && from.asCell()->JSCel...
fpizlo@apple.com [Tue, 19 Jul 2016 20:15:51 +0000 (20:15 +0000)]
REGRESSION (r203348-r203368): ASSERTION FAILED: from.isCell() && from.asCell()->JSCell::inherits(std::remove_pointer<To>::type::info())
https://bugs.webkit.org/show_bug.cgi?id=159930

Reviewed by Geoffrey Garen.

The problem is that the 32-bit DFG can flush the scope register as an unboxed cell, but the
Register::scope() method was causing us to assert that it's a JSValue with proper cell
boxing. We could have forced the DFG to flush it as a boxed JSValue, but I don't think that
would have made anything better. This fixes the issue by teaching Register::scope() that it
might see unboxed cells.

* runtime/JSScope.h:
(JSC::Register::scope):
(JSC::ExecState::lexicalGlobalObject):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203416 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agotheguardian.co.uk crossword puzzles are sometimes not displaying text
zalan@apple.com [Tue, 19 Jul 2016 20:10:02 +0000 (20:10 +0000)]
theguardian.co.uk crossword puzzles are sometimes not displaying text
https://bugs.webkit.org/show_bug.cgi?id=159924
<rdar://problem/27409483>

Reviewed by Simon Fraser.

Source/WebCore:

This patch fixes the case when
- 2 disjoint subtrees are dirty
- RenderView is also dirty.
and we end up not laying out one of the 2 subtrees.

In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
we already have a pending full layout which means that any previous subtree layouts have already been
converted to full layouts.
However this assumption is incorrect. RenderView can get dirty without checking if there's
already a pending subtree layout.
One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
This patch implements the second option.

Test: fast/misc/subtree-layouts.html

* page/FrameView.cpp:
(WebCore::FrameView::scheduleRelayoutOfSubtree):

LayoutTests:

* fast/misc/subtree-layouts-expected.html: Added.
* fast/misc/subtree-layouts.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203415 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSome payment authorization status values should keep the sheet active
andersca@apple.com [Tue, 19 Jul 2016 20:07:38 +0000 (20:07 +0000)]
Some payment authorization status values should keep the sheet active
https://bugs.webkit.org/show_bug.cgi?id=159936
rdar://problem/26756701

Reviewed by Tim Horton.

Source/WebCore:

* Modules/applepay/ApplePaySession.cpp:
(WebCore::ApplePaySession::completePayment):
Keep the sheet active if the status isn't a final state status.

* Modules/applepay/PaymentAuthorizationStatus.h:
(WebCore::isFinalStateStatus):
Add a new helper function that returns whether a given payment authorization status is "final",
meaning that once that status has been passed to completePayment, the session is finished.

Source/WebKit2:

* UIProcess/ApplePay/WebPaymentCoordinatorProxy.cpp:
(WebKit::WebPaymentCoordinatorProxy::completePaymentSession):
If the status isn't a final state status, bounce the current state back to active.

* UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.h:
Rename the _authorized ivar to _didReachFinalState.

* UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:
(-[WKPaymentAuthorizationViewControllerDelegate paymentAuthorizationViewControllerDidFinish:]):
(WebKit::WebPaymentCoordinatorProxy::platformCompletePaymentSession):
Set _didReachFinalState based on the return value of isFinalStateStatus.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203414 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoB3 methods that mutate the successors array should take FrequentedBlock by value
fpizlo@apple.com [Tue, 19 Jul 2016 19:20:02 +0000 (19:20 +0000)]
B3 methods that mutate the successors array should take FrequentedBlock by value
https://bugs.webkit.org/show_bug.cgi?id=159935

Reviewed by Michael Saboff.

This bug was found by ASan testing. setSuccessors() takes a const FrequentedBlock&, and the
caller that caused the ASan crash was doing:

block->setSuccessors(block->notTaken())

So, inside setSuccessors(), after we resize() the successors array, the const
FrequentedBlock& points to nonsense.

The fix is to pass FrequentedBlock by value in all of these kinds of methods.

No new tests, but ASan testing catches this instantly for anything that triggers CFG
simplification in B3. So like half of our tests.

* b3/B3BasicBlock.cpp:
(JSC::B3::BasicBlock::clearSuccessors):
(JSC::B3::BasicBlock::appendSuccessor):
(JSC::B3::BasicBlock::setSuccessors):
* b3/B3BasicBlock.h:
(JSC::B3::BasicBlock::successors):
(JSC::B3::BasicBlock::successorBlock):
* b3/B3Value.cpp:
(JSC::B3::Value::replaceWithPhi):
(JSC::B3::Value::replaceWithJump):
(JSC::B3::Value::replaceWithOops):
* b3/B3Value.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203413 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Incorrect behavior for word related text marker functions when there's collapsed...
n_wang@apple.com [Tue, 19 Jul 2016 18:14:02 +0000 (18:14 +0000)]
AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
https://bugs.webkit.org/show_bug.cgi?id=159910

Reviewed by Chris Fleizach.

Source/WebCore:

We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
fixed a word navigation issue based on that.

Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::traverseToOffsetInRange):
(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
(WebCore::AXObjectCache::rightWordRange):
(WebCore::AXObjectCache::previousBoundary):
* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::isNodeInUse):

LayoutTests:

* accessibility/mac/text-marker-word-nav-collapsed-whitespace-expected.txt: Added.
* accessibility/mac/text-marker-word-nav-collapsed-whitespace.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203412 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Streams API] ReadableStreamController methods should throw if its stream is not...
commit-queue@webkit.org [Tue, 19 Jul 2016 17:27:32 +0000 (17:27 +0000)]
[Streams API] ReadableStreamController methods should throw if its stream is not readable
https://bugs.webkit.org/show_bug.cgi?id=159871

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-19
Reviewed by Xabier Rodriguez-Calvar.

LayoutTests/imported/w3c:

* web-platform-tests/streams/readable-streams/bad-underlying-sources.https-expected.txt:

Source/WebCore:

Spec now mandates close and enqueue to throw if ReadableStream is not readable.
Covered by rebased and/or modified tests.

* Modules/streams/ReadableStreamController.js:
(enqueue): Throwing a TypeError if controlled stream is not readable.
(close): Ditto.

LayoutTests:

* streams/reference-implementation/pipe-to-options.html: Updated test case according whatwg original test.
* streams/reference-implementation/readable-stream-templated.html: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203411 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdjust margins for first-line floating elements and add preset floating video sizing
jond@apple.com [Tue, 19 Jul 2016 17:23:59 +0000 (17:23 +0000)]
Adjust margins for first-line floating elements and add preset floating video sizing
https://bugs.webkit.org/show_bug.cgi?id=159898

Reviewed by Benjamin Poulain.

* wp-content/themes/webkit/style.css:
(article video.alignright):
(article .alignright:first-child):
(@media only screen and (max-width: 690px)):
    (article .alignright:first-child):
(@media only screen and (max-width: 415px)):
    (article video.alignright):
    (article .alignright:first-child):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203410 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoBubbles appear split for a brief moment in Messages
simon.fraser@apple.com [Tue, 19 Jul 2016 16:10:40 +0000 (16:10 +0000)]
Bubbles appear split for a brief moment in Messages
https://bugs.webkit.org/show_bug.cgi?id=159915
rdar://problem/27182267

Reviewed by David Hyatt.

Source/WebCore:

RenderView::repaintRootContents() had a long-standing bug in WebView when the
view is scrolled. repaint() uses visualOverflowRect() but, for the
RenderView, the visualOverflowRect() is the initial containing block
which is anchored at 0,0. When the view is scrolled it's clipped out and
calls to repaintRootContents() have no effect.

Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
will clip it to the view if necessary.

Test: fast/repaint/scrolled-view-full-repaint.html

* rendering/RenderView.cpp:
(WebCore::RenderView::repaintRootContents):

LayoutTests:

* fast/repaint/scrolled-view-full-repaint-expected.txt: Added.
* fast/repaint/scrolled-view-full-repaint.html: Added.
* platform/ios-simulator-wk1/fast/repaint/scrolled-view-full-repaint-expected.txt: Added.
* platform/mac-wk1/fast/repaint/scrolled-view-full-repaint-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefresh WPT tests up to 98ec1ad
commit-queue@webkit.org [Tue, 19 Jul 2016 16:08:56 +0000 (16:08 +0000)]
Refresh WPT tests up to 98ec1ad
https://bugs.webkit.org/show_bug.cgi?id=159879

Patch by Youenn Fablet <youennf@gmail.com> on 2016-07-19
Reviewed by Alex Christensen.

This refresh concerns fetch API tests with a number of test fixes.
Rebasing both window and worker expectations.

* resources/TestRepositories:
* web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt:
* web-platform-tests/fetch/api/basic/mode-same-origin-worker.html:
* web-platform-tests/fetch/api/basic/mode-same-origin.html:
* web-platform-tests/fetch/api/basic/mode-same-origin.js:
* web-platform-tests/fetch/api/cors/cors-basic-worker.html:
* web-platform-tests/fetch/api/cors/cors-basic.html:
* web-platform-tests/fetch/api/cors/cors-basic.js:
(cors):
* web-platform-tests/fetch/api/cors/cors-cookies-expected.txt:
* web-platform-tests/fetch/api/cors/cors-cookies-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-cookies-worker.html:
* web-platform-tests/fetch/api/cors/cors-cookies.html:
* web-platform-tests/fetch/api/cors/cors-cookies.js:
(corsCookies):
* web-platform-tests/fetch/api/cors/cors-no-preflight-worker.html:
* web-platform-tests/fetch/api/cors/cors-no-preflight.html:
* web-platform-tests/fetch/api/cors/cors-no-preflight.js:
(corsNoPreflight):
* web-platform-tests/fetch/api/cors/cors-origin-worker.html:
* web-platform-tests/fetch/api/cors/cors-origin.html:
* web-platform-tests/fetch/api/cors/cors-origin.js:
(corsOrigin):
* web-platform-tests/fetch/api/cors/cors-preflight-redirect-worker.html:
* web-platform-tests/fetch/api/cors/cors-preflight-redirect.html:
* web-platform-tests/fetch/api/cors/cors-preflight-redirect.js:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer-worker-expected.txt:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer-worker.html:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer.html:
* web-platform-tests/fetch/api/cors/cors-preflight-referrer.js:
(corsPreflightReferrer):
* web-platform-tests/fetch/api/cors/cors-preflight-status-worker.html:
* web-platform-tests/fetch/api/cors/cors-preflight-status.html:
* web-platform-tests/fetch/api/cors/cors-preflight-status.js:
* web-platform-tests/fetch/api/cors/cors-redirect-credentials.html:
* web-platform-tests/fetch/api/cors/cors-redirect-credentials.js:
* web-platform-tests/fetch/api/cors/cors-redirect-worker.html:
* web-platform-tests/fetch/api/cors/cors-redirect.html:
* web-platform-tests/fetch/api/cors/cors-redirect.js:
* web-platform-tests/fetch/api/request/request-cache.html:
* web-platform-tests/fetch/api/request/resources/w3c-import.log:
* web-platform-tests/fetch/api/resources/get-host-info.sub.js: Added.
(get_host_info):
* web-platform-tests/fetch/api/resources/utils.js:
(validateBufferFromString):
* web-platform-tests/fetch/api/resources/w3c-import.log:
* web-platform-tests/fetch/api/response/response-clone-expected.txt:
* web-platform-tests/fetch/api/response/response-clone.html:
* web-platform-tests/fetch/api/response/response-consume-stream-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203408 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[win] Fixup the register name for STIX Math and Latin Modern Math
fred.wang@free.fr [Tue, 19 Jul 2016 14:33:16 +0000 (14:33 +0000)]
[win] Fixup the register name for STIX Math and Latin Modern Math

Unreviewed follow-up of r203406

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-19

* Scripts/webkitdirs.pm:
(checkInstalledTools):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203407 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[win] Update the list of MathML fonts
fred.wang@free.fr [Tue, 19 Jul 2016 14:18:19 +0000 (14:18 +0000)]
[win] Update the list of MathML fonts
https://bugs.webkit.org/show_bug.cgi?id=156838

The set of recommended math fonts is now described at
https://trac.webkit.org/wiki/MathML/Fonts
We update the Perl script to use the latest list of fonts.

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-19
Reviewed by Brent Fulgham.

* Scripts/webkitdirs.pm:
(checkInstalledTools):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Release WK2] LayoutTest imported/w3c/web-platform-tests/XMLHttpRequest/send-redirect...
commit-queue@webkit.org [Tue, 19 Jul 2016 14:12:58 +0000 (14:12 +0000)]
[Release WK2] LayoutTest imported/w3c/web-platform-tests/XMLHttpRequest/send-redirect-post-upload.htm failing
https://bugs.webkit.org/show_bug.cgi?id=159724

Unreviewed.

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-19

* TestExpectations: Marking test as failure,passs,crash.
* platform/ios-simulator-wk2/TestExpectations: Removing specific expectation.
* platform/mac-wk2/TestExpectations: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203405 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter...
mitz@apple.com [Tue, 19 Jul 2016 14:12:22 +0000 (14:12 +0000)]
<rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'

* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] The test fast/scrolling/overflow-scroll-past-max.html is timing out.
pvollan@apple.com [Tue, 19 Jul 2016 10:56:09 +0000 (10:56 +0000)]
[Win] The test fast/scrolling/overflow-scroll-past-max.html is timing out.
https://bugs.webkit.org/show_bug.cgi?id=159342

Reviewed by Darin Adler.

Source/WebKit/win:

* WebFrame.h: Link fix.

Tools:

Implement required functions in event sender.

* DumpRenderTree/PlatformWin.cmake:
* DumpRenderTree/win/EventSender.cpp:
(monitorWheelEvents): Added.
(callAfterScrollingCompletes): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Streams API] Make ReadableStream properties not enumerable
commit-queue@webkit.org [Tue, 19 Jul 2016 07:59:05 +0000 (07:59 +0000)]
[Streams API] Make ReadableStream properties not enumerable
https://bugs.webkit.org/show_bug.cgi?id=159868

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-19
Reviewed by Darin Adler.

LayoutTests/imported/w3c:

* web-platform-tests/streams/readable-streams/general.https-expected.txt:
* web-platform-tests/streams/readable-streams/readable-stream-reader.https-expected.txt:

Source/WebCore:

Covered by rebased tests.

Uopdating IDL definitions to mark all functions/attributes as not enumerable.
Updating IDL constructor definitions to correctly compute constructor length.
Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).

* Modules/streams/ReadableStream.idl:
* Modules/streams/ReadableStream.js:
* Modules/streams/ReadableStreamController.idl:
* Modules/streams/ReadableStreamReader.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203402 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoform.enctype / encoding / method should treat null as "null" string
cdumez@apple.com [Tue, 19 Jul 2016 07:41:21 +0000 (07:41 +0000)]
form.enctype / encoding / method should treat null as "null" string
https://bugs.webkit.org/show_bug.cgi?id=159916

Reviewed by Ryosuke Niwa.

Source/WebCore:

form.enctype / encoding / method should treat null as "null" string:
- https://html.spec.whatwg.org/multipage/forms.html#htmlformelement

Previously, WebKit would treat null as the null String, which would
end up removing the existing attribute.

Firefox and Chrome match the specification.

Test: fast/dom/HTMLFormElement/null-handling.html

* html/HTMLFormElement.h:
* html/HTMLFormElement.idl:

LayoutTests:

Add layout test coverage.

* fast/dom/HTMLFormElement/null-handling-expected.txt: Added.
* fast/dom/HTMLFormElement/null-handling.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203401 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd new aliases to http test server
commit-queue@webkit.org [Tue, 19 Jul 2016 07:38:55 +0000 (07:38 +0000)]
Add new aliases to http test server
https://bugs.webkit.org/show_bug.cgi?id=159878

Patch by Youenn Fablet <youenn@apple.com> on 2016-07-19
Reviewed by Darin Adler.

Tools:

Adding testharness.css, testharness.js and testharnessreport.js new aliases to http test servers.
Adding explicitly these links to perl script.
Extracting default alias in an aliases.json file.
Reading that file from python scripts to initialize aliases from that file.

Python script changes covered by unit tests and changed layout test.

* Scripts/webkitperl/httpd.pm:
(getDefaultConfigForTestDirectory): Adding 3 new aliases
* Scripts/webkitpy/layout_tests/servers/aliases.json: Added.
* Scripts/webkitpy/layout_tests/servers/apache_http_server.py:
(LayoutTestApacheHttpd.__init__): Setting upper class tests_dir member if needed and according constructor parameter.
Adding -c directives for each alias.
* Scripts/webkitpy/layout_tests/servers/apache_http_server_unittest.py:
(TestLayoutTestApacheHttpd.test_start_cmd): Adding aliases.json mock-up file.
* Scripts/webkitpy/layout_tests/servers/http_server.py:
(Lighttpd.__init__): Setting upper class tests_dir member if needed and according constructor parameter.
Adding alias directive for each alias.
(Lighttpd._prepare_config):
* Scripts/webkitpy/layout_tests/servers/http_server_base.py:
(HttpServerBase.__init__): Adding tests_dir member with a default value being layout tests directory.
(HttpServerBase.aliases): Computing of alias from the json file, paths to the real files being relative to
layout tests directory.
* Scripts/webkitpy/layout_tests/servers/http_server_unittest.py:
(TestHttpServer.test_start_cmd): Adding aliases.json mock-up file and updating test expectation.
(TestHttpServer.test_win32_start_and_stop): Adding aliases.json mock-up file.

LayoutTests:

* http/tests/xmlhttprequest/set-bad-headervalue.html: Updating testharness.js and testharnessreport.js links to
ensure these new links are working on test servers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203400 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAll-in-one buildfix after r202439
ossy@webkit.org [Tue, 19 Jul 2016 06:50:49 +0000 (06:50 +0000)]
All-in-one buildfix after r202439
https://bugs.webkit.org/show_bug.cgi?id=159877

Reviewed by Chris Dumez.

* Modules/webaudio/AudioDestinationNode.h:
(WebCore::AudioDestinationNode::resume):
(WebCore::AudioDestinationNode::suspend):
(WebCore::AudioDestinationNode::close):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203399 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix the --minimal build fail in InjectedBundle.cpp
ossy@webkit.org [Tue, 19 Jul 2016 06:50:02 +0000 (06:50 +0000)]
Fix the --minimal build fail in InjectedBundle.cpp
https://bugs.webkit.org/show_bug.cgi?id=159770

Reviewed by Benjamin Poulain.

* WebProcess/InjectedBundle/InjectedBundle.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203398 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMove parsing of subscriptshift and superscriptshift from rendering to element classes
fred.wang@free.fr [Tue, 19 Jul 2016 05:42:46 +0000 (05:42 +0000)]
Move parsing of subscriptshift and superscriptshift from rendering to element classes
https://bugs.webkit.org/show_bug.cgi?id=159622

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-18
Reviewed by Darin Adler.

We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
attribute parsing to the DOM (bug 156536).

No new tests, rendering is unchanged.

* CMakeLists.txt: Add MathMLScriptsElement files.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* mathml/MathMLAllInOne.cpp: Ditto.
* mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
(WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
* mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
parsing for the subscriptshift and superscriptshift MathML lengths.
(WebCore::MathMLScriptsElement::MathMLScriptsElement):
(WebCore::MathMLScriptsElement::create):
(WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
parsing the attribute again if necessary.
(WebCore::MathMLScriptsElement::superscriptShift): Ditto.
(WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
(WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
* mathml/MathMLScriptsElement.h: Ditto.
* mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
* rendering/mathml/RenderMathMLScripts.cpp:
(WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
MathMLScriptsElement.
(WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
using the functions from the MathMLScriptsElement class.
* rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203396 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDo not store gap and shift parameters on RenderMathMLFraction
fred.wang@free.fr [Tue, 19 Jul 2016 05:36:16 +0000 (05:36 +0000)]
Do not store gap and shift parameters on RenderMathMLFraction
https://bugs.webkit.org/show_bug.cgi?id=159876

Patch by Frederic Wang <fwang@igalia.com> on 2016-07-18
Reviewed by Darin Adler.

After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
do not need to store them on the class. We remove them and split updateLayoutParameters into
three functions: one to update the linethickness and two others to retrieve the fraction and
stack respectively.

No new tests, rendering is unchanged.

* rendering/mathml/RenderMathMLFraction.cpp:
(WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
(WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
(WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
(WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
for fraction and stack parameters.
(WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
* rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
for stack and fraction parameters.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoinput.formEnctype / formMethod and button.formEnctype / formMethod / type should...
cdumez@apple.com [Tue, 19 Jul 2016 04:45:53 +0000 (04:45 +0000)]
input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
https://bugs.webkit.org/show_bug.cgi?id=159908

Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

input.formEnctype / formMethod and button.formEnctype / formMethod / type
should treat null as "null" String:
- https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
- https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement

In WebKit, we would treat null as a null String which would end up
removing the corresponding attribute. This does not match the
specification. Firefox and Chrome match the specification here.

Tests:
- fast/dom/HTMLButtonElement/null-handling.html
- fast/dom/HTMLInputElement/null-handling.html

* html/HTMLButtonElement.idl:
* html/HTMLInputElement.idl:

LayoutTests:

Add layout test coverage.

* fast/dom/HTMLButtonElement/change-type-expected.txt:
* fast/dom/HTMLButtonElement/change-type.html:
* fast/dom/HTMLButtonElement/null-handling-expected.txt: Added.
* fast/dom/HTMLButtonElement/null-handling.html: Added.
* fast/dom/HTMLInputElement/null-handling-expected.txt: Added.
* fast/dom/HTMLInputElement/null-handling.html: Added.
* fast/forms/submit-form-attributes-expected.txt:
* fast/forms/submit-form-attributes.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake builtin TypeErrors consistent
commit-queue@webkit.org [Tue, 19 Jul 2016 02:45:35 +0000 (02:45 +0000)]
Make builtin TypeErrors consistent
https://bugs.webkit.org/show_bug.cgi?id=159899

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-07-18
Reviewed by Keith Miller.

Source/JavaScriptCore:

Converge on the single TypeError for non-coercible this objects in builtins.
Also update some other style to be more consistent with-in builtins.

* builtins/ArrayIteratorPrototype.js:
(next):
* builtins/ArrayPrototype.js:
(values):
(keys):
(entries):
(reduce):
(reduceRight):
(every):
(forEach):
(filter):
(map):
(some):
(fill):
(find):
(findIndex):
(includes):
(sort):
(concatSlowPath):
(copyWithin):
* builtins/StringPrototype.js:
(match):
(repeat):
(padStart):
(padEnd):
(intrinsic.StringPrototypeReplaceIntrinsic.replace):
(localeCompare):
(search):
(split):
* tests/es6/String.prototype_methods_String.prototype.padEnd.js:
* tests/es6/String.prototype_methods_String.prototype.padStart.js:
* tests/stress/array-iterators-next-error-messages.js:
(catch):
* tests/stress/array-iterators-next-with-call.js:
* tests/stress/regexp-match.js:
(shouldThrow):
* tests/stress/regexp-search.js:
(shouldThrow):

LayoutTests:

* js/array-find-expected.txt:
* js/array-findIndex-expected.txt:
* js/array-includes-expected.txt:
* js/dom/array-prototype-properties-expected.txt:
* js/dom/script-tests/string-prototype-properties.js:
* js/dom/string-prototype-properties-expected.txt:
* js/script-tests/array-find.js:
* js/script-tests/array-findIndex.js:
* js/script-tests/string-localeCompare.js:
* js/string-localeCompare-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
* sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agowebbookmarksd needs to use the same AppCache directory as MobileSafari
achristensen@apple.com [Tue, 19 Jul 2016 02:02:37 +0000 (02:02 +0000)]
webbookmarksd needs to use the same AppCache directory as MobileSafari
https://bugs.webkit.org/show_bug.cgi?id=159912
Source/WebCore:

Reviewed by Alexey Proskuryakov.

No new tests.  This only changes behavior for webbookmarksd.

* platform/RuntimeApplicationChecks.h:
* platform/RuntimeApplicationChecks.mm:
(WebCore::IOSApplication::isWebBookmarksD): Added.

Source/WebKit2:

<rdar://problem/27056844>

Reviewed by Alexey Proskuryakov.

* UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:
(API::WebsiteDataStore::defaultApplicationCacheDirectory):
Make webbookmarksd match MobileSafari by adding a matching runtime exception.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEventTarget.dispatchEvent() parameter should not be nullable
cdumez@apple.com [Tue, 19 Jul 2016 01:18:06 +0000 (01:18 +0000)]
EventTarget.dispatchEvent() parameter should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=159897

Reviewed by Benjamin Poulain.

Source/WebCore:

EventTarget.dispatchEvent() parameter should not be nullable:
- https://dom.spec.whatwg.org/#interface-eventtarget

Even though the parameter was marked as nullable in our IDL, our
implementation does a null check and we already throw a TypeError
when calling dispatchEvent(null).

Update our IDL so that it matches the specification and so that
the null check is generated in the bindings instead.

No new tests, rebaseline existing tests.

* dom/EventTarget.cpp:
(WebCore::EventTarget::dispatchEventForBindings):
* dom/EventTarget.h:
* dom/EventTarget.idl:

LayoutTests:

Update layout tests as the message of the TypeError exception being
thrown when calling dispatchEvent(null) is now more helpful.

* fast/dom/Window/dispatchEvent-expected.txt:
* fast/events/dispatchEvent-crash-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement table-based switches in B3/Air
fpizlo@apple.com [Tue, 19 Jul 2016 01:16:24 +0000 (01:16 +0000)]
Implement table-based switches in B3/Air
https://bugs.webkit.org/show_bug.cgi?id=151141

Reviewed by Benjamin Poulain.
Source/JavaScriptCore:

If a switch statement gets large, it's better to express it as an indirect jump rather than
using a binary switch (divide-and-conquer tree of comparisons leading to O(log n) branches to
get to the switch case). When dealing with integer switches, FTL will already use the B3
Switch and expect this to get lowered as efficiently as possible; it's a bug that B3 will
always use a binary switch rather than indirect jumps. When dealing with switches over some
more sophisticated types, we'd want FTL to build an indirect jump table itself and use
something like a hashtable to feed it. In that case, there will be no B3 Switch; we'll want
some way for the FTL to directly express an indirection jump when emitting B3.

This implies that we want B3 to have the ability to lower Switch to indirect jumps and to
expose those indirect jumps in IR so that the FTL could do its own indirect jumps for
switches over more complicated things like strings. But indirect jumps are tough to express
in IR. For example, the LLVM approach ("indirectbr" and "blockaddress", see
http://blog.llvm.org/2010/01/address-of-label-and-indirect-branches.html) means that some
control flow edges cannot be split. Indirectbr takes an address as input and jumps to it, and
blockaddress lets you build jump tables out of basic block addresses. This means that the
compiler can never change any successor of an indirectbr, since the client will have already
arranged for that indirectbr to jump to exactly those successors. We don't want such
restrictions in B3, since B3 relies on being able to break critical edges for SSA conversion.
Also, indirectbr is not cloneable, which would break any hope of doing specialization-based
transformations like we want to do for multiple entrypoints (bug 159391). The goal of this
change is to let clients do indirect jumps without placing any restrictions on IR.

The trick is to allow Patchpoints to be used as block terminals. Patchpoints already allow
clients of B3 to emit whatever code they like. Patchpoints are friendly to B3's other
transformations because the client of the patchpoint has to play along with whatever
decisions B3 had made around the patchpoint: what registers got used, what the control flow
looks like, etc. Patchpoints can even be cloned by B3, and the client has to accommodate this
in their patchpoint generator. It turns out that using Patchpoints as terminals is quite
natural. We accomplish this by moving the successor edges out of ControlValue and into
BasicBlock, and removing ControlValue entirely. This way, any Value subclass can be a
terminal. It was already true that a Value is a terminal if value->effects().terminal, which
works great with Patchpoints since they control their effects via PatchpointValue::effects.
You can make your Patchpoint into a terminal by placing it at the end of a block and doing:

patchpoint->effects.terminal = true;

A Patchpoints in terminal position gets access to additional API in StackmapGenerationParams.
The generator can get a Box<Label> for each successor to its owning block. For example, to
implement a jump-table-based switch, you would make your patchpoint take the table index as
its sole input. Inside the generator, you allocate the jump table and emit a BaseIndex jump
that uses the jump table pointer (which will be a constant known to the generator since it
just allocated it) as the base and the patchpoint input as an index. The jump table can be
populated by MacroAssemblerCodePtr's computed by installing a link task to resolve the labels
to concrete locations. This change makes LowerMacros do such a lowering for Switches that can
benefit from jump tables. This happens recursively: if the original Switch is too sparse, we
will divide-and-conquer as before. If at any recursion step we find that the remaining cases
are dense and large enough to profit from a jump table, then those cases will be lowered to a
Patchpoint that does the table jump. This is a fun way to do stepwise lowering: LowerMacros
is essentially pre-lowering the Switch directly to machine code, and wrapping that machine
code in a Patchpoint so that the rest of the compiler doesn't have to know anything about
what happened. I suspect that in the future we will want to do other pre-lowerings this way,
whenever the B3 IR phases have some special knowledge about what machine code should be
emitted and it would be annoying to drag that knowledge through the rest of the compiler.

One downside of this change is that we used ControlValue in so many places. Most of this
patch involves removing references to ControlValue. It would be less than 100kb if it wasn't
for that. To make this a bit easier, I added "appendNewControlValue" methods to BasicBlock,
which allocate a Value and set the successors as if you had done "appendNew<ControlValue>".
This made for an easy search-and-replace in testb3 and FTLOutput. I filed bug 159440 to
remove this ugly stopgap method.

I think that we will also end up using this facility to extend our use of snippets. We
already use shared snippet generators for the generic forms of arithmetic. We will probably
also want to do this for generic forms of branches. This wouldn't have been possible prior to
this change, since there would have been no way to emit a control snippet in FTL. Now we can
emit control snippets using terminal patchpoints.

This is a ~30% speed-up on microbenchmarks that have big switch statements (~60 cases). It's
not a speed-up on mainstream benchmarks.

This also adds a new test to testb3 for terminal Patchpoints, Get, and Set. The FTL does not
currently use terminal Patchpoints directly, but we want this to be possible. It also doesn't
use Get/Set directly even though we want this to be possible. It's important to test these
since opcodes that result from lowering don't affect early phases, so we could have
regressions in early phases related to these opcodes that wouldn't be caught by any JS test.
So, this adds a very basic threaded interpreter to testb3 for a Brainfuck-style language, and
tests it by having it run a program that prints the numbers 1..100 in a loop. Unlike a real
threaded interpreter, it uses a common dispatch block rather than having dispatch at the
terminus of each opcode. That's necessary because PolyJump is not cloneable. The state of the
interpreter is represented using Variables that we Get and Set, so it tests Get/Set as well.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::jump):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::jump):
* assembler/X86Assembler.h:
(JSC::X86Assembler::jmp_m):
* b3/B3BasicBlock.cpp:
(JSC::B3::BasicBlock::append):
(JSC::B3::BasicBlock::appendNonTerminal):
(JSC::B3::BasicBlock::removeLast):
(JSC::B3::BasicBlock::appendIntConstant):
(JSC::B3::BasicBlock::clearSuccessors):
(JSC::B3::BasicBlock::appendSuccessor):
(JSC::B3::BasicBlock::setSuccessors):
(JSC::B3::BasicBlock::replaceSuccessor):
(JSC::B3::BasicBlock::addPredecessor):
(JSC::B3::BasicBlock::deepDump):
(JSC::B3::BasicBlock::appendNewControlValue):
* b3/B3BasicBlock.h:
(JSC::B3::BasicBlock::numSuccessors):
(JSC::B3::BasicBlock::successor):
(JSC::B3::BasicBlock::successors):
(JSC::B3::BasicBlock::successorBlock):
(JSC::B3::BasicBlock::successorBlocks):
(JSC::B3::BasicBlock::numPredecessors):
(JSC::B3::BasicBlock::predecessor):
(JSC::B3::BasicBlock::frequency):
* b3/B3BasicBlockInlines.h:
(JSC::B3::BasicBlock::replaceLastWithNew):
(JSC::B3::BasicBlock::taken):
(JSC::B3::BasicBlock::notTaken):
(JSC::B3::BasicBlock::fallThrough):
(JSC::B3::BasicBlock::numSuccessors): Deleted.
(JSC::B3::BasicBlock::successor): Deleted.
(JSC::B3::BasicBlock::successors): Deleted.
(JSC::B3::BasicBlock::successorBlock): Deleted.
(JSC::B3::BasicBlock::successorBlocks): Deleted.
* b3/B3BlockInsertionSet.cpp:
(JSC::B3::BlockInsertionSet::splitForward):
* b3/B3BreakCriticalEdges.cpp:
(JSC::B3::breakCriticalEdges):
* b3/B3CaseCollection.cpp: Added.
(JSC::B3::CaseCollection::dump):
* b3/B3CaseCollection.h: Added.
(JSC::B3::CaseCollection::CaseCollection):
(JSC::B3::CaseCollection::operator[]):
(JSC::B3::CaseCollection::iterator::iterator):
(JSC::B3::CaseCollection::iterator::operator*):
(JSC::B3::CaseCollection::iterator::operator++):
(JSC::B3::CaseCollection::iterator::operator==):
(JSC::B3::CaseCollection::iterator::operator!=):
(JSC::B3::CaseCollection::begin):
(JSC::B3::CaseCollection::end):
* b3/B3CaseCollectionInlines.h: Added.
(JSC::B3::CaseCollection::fallThrough):
(JSC::B3::CaseCollection::size):
(JSC::B3::CaseCollection::at):
* b3/B3CheckSpecial.cpp:
(JSC::B3::CheckSpecial::CheckSpecial):
(JSC::B3::CheckSpecial::hiddenBranch):
* b3/B3Common.h:
(JSC::B3::is64Bit):
* b3/B3ControlValue.cpp: Removed.
* b3/B3ControlValue.h: Removed.
* b3/B3DataSection.cpp:
(JSC::B3::DataSection::DataSection):
* b3/B3DuplicateTails.cpp:
* b3/B3FixSSA.cpp:
* b3/B3FoldPathConstants.cpp:
* b3/B3LowerMacros.cpp:
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::run):
(JSC::B3::Air::LowerToAir::lower):
* b3/B3MathExtras.cpp:
(JSC::B3::powDoubleInt32):
* b3/B3Opcode.h:
(JSC::B3::isConstant):
(JSC::B3::isDefinitelyTerminal):
* b3/B3PatchpointSpecial.cpp:
(JSC::B3::PatchpointSpecial::generate):
(JSC::B3::PatchpointSpecial::isTerminal):
(JSC::B3::PatchpointSpecial::dumpImpl):
* b3/B3PatchpointSpecial.h:
* b3/B3Procedure.cpp:
(JSC::B3::Procedure::resetReachability):
* b3/B3Procedure.h:
(JSC::B3::Procedure::lastPhaseName):
(JSC::B3::Procedure::byproducts):
* b3/B3ReduceStrength.cpp:
* b3/B3StackmapGenerationParams.cpp:
(JSC::B3::StackmapGenerationParams::unavailableRegisters):
(JSC::B3::StackmapGenerationParams::successorLabels):
(JSC::B3::StackmapGenerationParams::fallsThroughToSuccessor):
(JSC::B3::StackmapGenerationParams::proc):
* b3/B3StackmapGenerationParams.h:
(JSC::B3::StackmapGenerationParams::gpScratch):
(JSC::B3::StackmapGenerationParams::fpScratch):
* b3/B3SwitchValue.cpp:
(JSC::B3::SwitchValue::~SwitchValue):
(JSC::B3::SwitchValue::removeCase):
(JSC::B3::SwitchValue::hasFallThrough):
(JSC::B3::SwitchValue::setFallThrough):
(JSC::B3::SwitchValue::appendCase):
(JSC::B3::SwitchValue::dumpSuccessors):
(JSC::B3::SwitchValue::dumpMeta):
(JSC::B3::SwitchValue::cloneImpl):
(JSC::B3::SwitchValue::SwitchValue):
* b3/B3SwitchValue.h:
(JSC::B3::SwitchValue::accepts):
(JSC::B3::SwitchValue::caseValues):
(JSC::B3::SwitchValue::cases):
(JSC::B3::SwitchValue::fallThrough): Deleted.
(JSC::B3::SwitchValue::size): Deleted.
(JSC::B3::SwitchValue::at): Deleted.
(JSC::B3::SwitchValue::operator[]): Deleted.
(JSC::B3::SwitchValue::iterator::iterator): Deleted.
(JSC::B3::SwitchValue::iterator::operator*): Deleted.
(JSC::B3::SwitchValue::iterator::operator++): Deleted.
(JSC::B3::SwitchValue::iterator::operator==): Deleted.
(JSC::B3::SwitchValue::iterator::operator!=): Deleted.
(JSC::B3::SwitchValue::begin): Deleted.
(JSC::B3::SwitchValue::end): Deleted.
* b3/B3Validate.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::replaceWithPhi):
(JSC::B3::Value::replaceWithJump):
(JSC::B3::Value::replaceWithOops):
(JSC::B3::Value::dump):
(JSC::B3::Value::deepDump):
(JSC::B3::Value::dumpSuccessors):
(JSC::B3::Value::negConstant):
(JSC::B3::Value::typeFor):
* b3/B3Value.h:
* b3/air/AirCode.cpp:
(JSC::B3::Air::Code::addFastTmp):
(JSC::B3::Air::Code::addDataSection):
(JSC::B3::Air::Code::jsHash):
* b3/air/AirCode.h:
(JSC::B3::Air::Code::isFastTmp):
(JSC::B3::Air::Code::setLastPhaseName):
* b3/air/AirCustom.h:
(JSC::B3::Air::PatchCustom::shouldTryAliasingDef):
(JSC::B3::Air::PatchCustom::isTerminal):
(JSC::B3::Air::PatchCustom::hasNonArgNonControlEffects):
(JSC::B3::Air::PatchCustom::generate):
(JSC::B3::Air::CCallCustom::admitsStack):
(JSC::B3::Air::CCallCustom::isTerminal):
(JSC::B3::Air::CCallCustom::hasNonArgNonControlEffects):
(JSC::B3::Air::ShuffleCustom::admitsStack):
(JSC::B3::Air::ShuffleCustom::isTerminal):
(JSC::B3::Air::ShuffleCustom::hasNonArgNonControlEffects):
* b3/air/AirGenerate.cpp:
(JSC::B3::Air::generate):
* b3/air/AirGenerationContext.h:
* b3/air/AirInst.h:
(JSC::B3::Air::Inst::hasNonControlEffects):
* b3/air/AirSimplifyCFG.cpp:
(JSC::B3::Air::simplifyCFG):
* b3/air/AirSpecial.cpp:
(JSC::B3::Air::Special::shouldTryAliasingDef):
(JSC::B3::Air::Special::isTerminal):
(JSC::B3::Air::Special::hasNonArgNonControlEffects):
* b3/air/AirSpecial.h:
* b3/air/AirValidate.cpp:
* b3/air/opcode_generator.rb:
* b3/testb3.cpp:
* ftl/FTLLowerDFGToB3.cpp:
* ftl/FTLOutput.cpp:
(JSC::FTL::Output::jump):
(JSC::FTL::Output::branch):
(JSC::FTL::Output::ret):
(JSC::FTL::Output::unreachable):
(JSC::FTL::Output::speculate):
(JSC::FTL::Output::trap):
(JSC::FTL::Output::anchor):
(JSC::FTL::Output::decrementSuperSamplerCount):
(JSC::FTL::Output::addIncomingToPhi):
* ftl/FTLOutput.h:
(JSC::FTL::Output::constIntPtr):
(JSC::FTL::Output::callWithoutSideEffects):
(JSC::FTL::Output::switchInstruction):
(JSC::FTL::Output::phi):
(JSC::FTL::Output::addIncomingToPhi):

Websites/webkit.org:

Update documentation to reflect Patchpoint's new powers.

* docs/b3/intermediate-representation.html:

LayoutTests:

* js/regress/bigswitch-expected.txt: Added.
* js/regress/bigswitch.html: Added.
* js/regress/script-tests/bigswitch.js: Added.
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDocType's publicId / systemId should not be nullable
cdumez@apple.com [Tue, 19 Jul 2016 00:57:18 +0000 (00:57 +0000)]
DocType's publicId / systemId should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=159901

Reviewed by Benjamin Poulain.

LayoutTests/imported/w3c:

Rebaseline now that more checks regarding DocumentType serialization
are passing.

* web-platform-tests/domparsing/xml-serialization-expected.txt:

Source/WebCore:

DocType's publicId / systemId should not be nullable. While they were
not marked as nullable in our IDL, they could be stored as null Strings
in our implementation depending on how the Node was constructed. This
led to subtle bugs where String() != emptyString().

In particular, Node.isEqualNode() would return false when DocumentType
nodes would mismatch because of their publicId / systemId being null
instead of the emptyString.

Serialization would DocumentType nodes would also be wrong when
publicId / systemId were empty Strings instead of null strings. The
new behavior now matches:
- https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)

To address these issues, we now always store publicId / systemId as
non-null Strings inside the DocumentType class.

Test: fast/dom/DocumentType/isEqualNode.html

* dom/DocumentType.cpp:
(WebCore::DocumentType::DocumentType):
* editing/MarkupAccumulator.cpp:
(WebCore::MarkupAccumulator::appendDocumentType):

LayoutTests:

Add test coverage for comparison of DocumentType nodes
using isEqualNode(). This tests used to fail and now passes.
The test passes in Firefox and Chrome as well.

* fast/dom/DocumentType/isEqualNode-expected.txt: Added.
* fast/dom/DocumentType/isEqualNode.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203389 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoIf previous media session interruptions were prevented, still allow subsequent interr...
commit-queue@webkit.org [Tue, 19 Jul 2016 00:47:40 +0000 (00:47 +0000)]
If previous media session interruptions were prevented, still allow subsequent interruptions to try.
https://bugs.webkit.org/show_bug.cgi?id=157553
rdar://problem/25740804

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-07-18
Reviewed by Eric Carlson.

Source/WebCore:

Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html

When suspending under lock on iOS, there is first a resign active event, then a
suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
suspend under lock to interrupt playback.

Currently if there are nested interruptions only the first one is acted upon.

This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
previous interruptions were ignored.

This test is for iPad only, so it must be run manually.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
* platform/audio/PlatformMediaSession.cpp:
(WebCore::PlatformMediaSession::beginInterruption):
* testing/Internals.cpp:
(WebCore::Internals::beginMediaSessionInterruption):

LayoutTests:

When suspending under lock on iOS, there is first a resign active event, then a
suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
suspend under lock to interrupt playback.

Currently if there are nested interruptions only the first one is acted upon.

This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
previous interruptions were ignored.

This test is for iPad only, so it must be run manually.

* platform/ios-simulator/TestExpectations:
* platform/ios-simulator/media/video-interruption-suspendunderlock-expcted.txt: Added.
* platform/ios-simulator/media/video-interruption-suspendunderlock.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't null out the IPC::Connection's XPC connection
andersca@apple.com [Tue, 19 Jul 2016 00:38:23 +0000 (00:38 +0000)]
Don't null out the IPC::Connection's XPC connection
https://bugs.webkit.org/show_bug.cgi?id=159911
rdar://problem/27018065

Reviewed by Alex Christensen.

The function that nulls out the XPC connection, platformInvalidate(), is called from the connection queue,
whereas the XPC connection is normally accessed from the main thread leading to inconsistencies when the
connection is being invalidated while the main thread is trying to access it.

Fix this by simply never nulling out the XPC connection. It will be released when the IPC::Connection is destroyed anyway.

* Platform/IPC/mac/ConnectionMac.mm:
(IPC::Connection::platformInvalidate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEWS console logs doesn't go to log file
aakash_jain@apple.com [Tue, 19 Jul 2016 00:24:50 +0000 (00:24 +0000)]
EWS console logs doesn't go to log file
https://bugs.webkit.org/show_bug.cgi?id=159539
<rdar://problem/24464570>

Reviewed by David Kilzer.

* Scripts/webkitpy/common/system/logutils.py:
(configure_logger_to_log_to_file): Added method to configure the logger to log to file.
(FileSystemHandler): Added class which uses logging.FileHandler as base class and supports writing
to filesystem. It also supports passing MockFilesystem.
(FileSystemHandler.__init__): Initialize the class and calls base class __init__.
(FileSystemHandler._open): Overrides the base class _open method to use filesystem object.
* Scripts/webkitpy/tool/commands/earlywarningsystem_unittest.py:
(AbstractEarlyWarningSystemTest.test_failing_tests_message): Added MockHost() parameter.
(_test_ews): Same.
* Scripts/webkitpy/tool/commands/queues.py:
(AbstractQueue.begin_work_queue): Configure the logger to log to file.
(AbstractQueue._log_directory): Using filesystem object instead of os.
(AbstractQueue.queue_log_path): Same.
(AbstractQueue.__init__): Passed host parameter.
(PatchProcessingQueue.__init__): Same.
(CommitQueue.__init__): Same.
(AbstractReviewQueue.__init__): Same.
(StyleQueue.__init__): Same.
* Scripts/webkitpy/tool/commands/queues_unittest.py:
(TestCommitQueue): Passed MockHost() as host.
(TestCommitQueue.__init__): Same.
(TestQueue.__init__): Same.
(TestReviewQueue.__init__): Same.
(TestFeederQueue.__init__): Same.
(AbstractPatchQueueTest.test_next_patch): Same.
(PatchProcessingQueueTest.test_upload_results_archive_for_patch): Same.
(test_commit_queue_failure): Same.
(MockCommitQueueTask.results_from_patch_test_run): Same.
(test_rollout_lands): Same.
(test_non_valid_patch): Same.
(test_auto_retry): Same.
(test_style_queue_with_watch_list_exception): Same.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTapping on an apple.com tab in tab overview stutters when switching to it
timothy_horton@apple.com [Tue, 19 Jul 2016 00:24:28 +0000 (00:24 +0000)]
Tapping on an apple.com tab in tab overview stutters when switching to it
https://bugs.webkit.org/show_bug.cgi?id=159904
<rdar://problem/27192350>

Reviewed by Simon Fraser.

* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::waitForDidUpdateViewState):
In any case where we get to waitForDidUpdateViewState (usually a tab switch),
if we have an outstanding didUpdate message, the Web process will not commit
a new layer tree until it receives the didUpdate message. However, since
waitForDidUpdateViewState synchronously blocks the UI process, we also
won't *send* the didUpdate message, so we block for the full timeout duration.

Instead, if we get to waitForDidUpdateViewState, just send the didUpdate without
waiting for the DisplayLink or anything else, because calling rAF slightly too
quickly, once, is certainly better than blocking the UI process for a whole second.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] ENABLE_OPENGL=OFF build broken since r201802
clopez@igalia.com [Tue, 19 Jul 2016 00:20:23 +0000 (00:20 +0000)]
[GTK] ENABLE_OPENGL=OFF build broken since r201802
https://bugs.webkit.org/show_bug.cgi?id=159909

Reviewed by Antonio Gomes.

* WebProcess/WebPage/LayerTreeHost.h: Add missing include.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't associate form-associated elements with forms in other trees.
bfulgham@apple.com [Tue, 19 Jul 2016 00:13:49 +0000 (00:13 +0000)]
Don't associate form-associated elements with forms in other trees.
https://bugs.webkit.org/show_bug.cgi?id=119451
<rdar://problem/27382946>

Change is based on the Blink change (patch by <adamk@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

Reviewed by Chris Dumez.

Source/WebCore:

Prevent elements from being associated with forms that are not part of the same home subtree.
This brings us in line with the WhatWG HTML specification as of September, 2013.

Tests: fast/forms/image-disconnected-during-parse.html
       fast/forms/input-disconnected-during-parse.html

* dom/Element.h:
(WebCore::Node::rootElement): Added.
* html/FormAssociatedElement.cpp:
(WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
is not part of the same tree, remove the association.
* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::insertedInto): Ditto.

LayoutTests:

* fast/forms/image-disconnected-during-parse-expected.txt: Added.
* fast/forms/image-disconnected-during-parse.html: Added.
* fast/forms/input-disconnected-during-parse-expected.txt: Added.
* fast/forms/input-disconnected-during-parse.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebKit nightly fails to build on macOS Sierra
andersca@apple.com [Mon, 18 Jul 2016 23:54:37 +0000 (23:54 +0000)]
WebKit nightly fails to build on macOS Sierra
https://bugs.webkit.org/show_bug.cgi?id=159902
rdar://problem/27365672

Reviewed by Tim Horton.

Source/JavaScriptCore:

* icu/unicode/ucurr.h: Added.
Add ucurr.h from ICU.

Source/WebCore:

* Modules/applepay/cocoa/PaymentCocoa.mm:
* Modules/applepay/cocoa/PaymentContactCocoa.mm:
* Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
* Modules/applepay/cocoa/PaymentMethodCocoa.mm:
Use new PassKitSPI header.

* WebCore.xcodeproj/project.pbxproj:
Add new PassKitSPI header.

* icu/unicode/ucurr.h: Added.
Add ucurr.h from ICU.

* platform/spi/cocoa/PassKitSPI.h: Added.
Add new PassKitSPI header.

Source/WebKit/mac:

* icu/unicode/ucurr.h: Added.
Add ucurr.h from ICU.

Source/WebKit2:

* Shared/Cocoa/WebCoreArgumentCodersCocoa.mm:
* UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.h:
* UIProcess/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm:
* UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm:
Use new PassKitSPI header.

Source/WTF:

* icu/unicode/ucurr.h: Added.
Add ucurr.h from ICU.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
dino@apple.com [Mon, 18 Jul 2016 23:39:38 +0000 (23:39 +0000)]
REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
https://bugs.webkit.org/show_bug.cgi?id=159906
<rdar://problem/27391725>

Reviewed by Simon Fraser.

The fix for webkit.org/b/157569 in r200769 broke AMP pages.
The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.

Revert them both until we have better testing.

Source/WebCore:

* css/CSSParser.cpp:
(WebCore::CSSParser::addPropertyWithPrefixingVariant):
(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parseAnimationShorthand):
(WebCore::CSSParser::parseTransitionShorthand): Deleted.
* css/CSSPropertyNames.in:
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
(WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
* css/StyleProperties.cpp:
(WebCore::MutableStyleProperties::removeShorthandProperty):
(WebCore::MutableStyleProperties::removeProperty):
(WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
(WebCore::MutableStyleProperties::setProperty):
(WebCore::getIndexInShorthandVectorForPrefixingVariant):
(WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
(WebCore::MutableStyleProperties::setPrefixingVariantProperty):
(WebCore::StyleProperties::asText): Deleted.
* css/StyleProperties.h:

LayoutTests:

* animations/fill-mode-forwards-zero-duration.html:
* animations/play-state-start-paused.html:
* animations/script-tests/spring-parsing.js:
(testSpring):
* animations/spring-parsing-expected.txt:
* animations/unprefixed-properties-expected.txt:
* animations/unprefixed-properties.html:
* fast/css/prefixed-unprefixed-variant-style-declaration-expected.txt:
* fast/css/shorthand-omitted-initial-value-overrides-shorthand-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThere should be a way to simulate memory pressure in layout tests
akling@apple.com [Mon, 18 Jul 2016 23:16:24 +0000 (23:16 +0000)]
There should be a way to simulate memory pressure in layout tests
<https://webkit.org/b/159743>

Reviewed by Simon Fraser.

Source/WebCore:

Add three window.internal APIs:

    - boolean isUnderMemoryPressure (readonly attribute)
    - void beginSimulatedMemoryPressure()
    - void endSimulatedMemoryPressure()

These make it possible to write tests that exercise behaviors that only
occur during memory pressure situations.

I also implemented the "org.WebKit.lowMemory" notification handler using the new API.

Test: memory/memory-pressure-simulation.html

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
(WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
* platform/MemoryPressureHandler.h:
(WebCore::MemoryPressureHandler::isUnderMemoryPressure):
* platform/cocoa/MemoryPressureHandlerCocoa.mm:
(WebCore::MemoryPressureHandler::platformReleaseMemory):
(WebCore::MemoryPressureHandler::install):
* testing/Internals.cpp:
(WebCore::Internals::isUnderMemoryPressure):
(WebCore::Internals::beginSimulatedMemoryPressure):
(WebCore::Internals::endSimulatedMemoryPressure):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

Add a basic test for the new APIs.

* memory/memory-pressure-simulation-expected.txt: Added.
* memory/memory-pressure-simulation.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the...
commit-queue@webkit.org [Mon, 18 Jul 2016 22:46:37 +0000 (22:46 +0000)]
[iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
https://bugs.webkit.org/show_bug.cgi?id=158715

Source/WebCore:

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-07-18
Reviewed by Dean Jackson.

Test: fast/images/displaced-non-cached-pdf.html

For iOS, we need to ensure the size of the cached PDF images will not
exceed some limit. Also we should be caching only a sub image of the PDF
if caching the whole image will exceed the memory limit.

* page/Settings.cpp:
(WebCore::Settings::Settings):
(WebCore::Settings::setCachedPDFImageEnabled):
* page/Settings.h:
(WebCore::Settings::isCachedPDFImageEnabled):
    Add an option to disable caching the PDF images.

* platform/graphics/cg/PDFDocumentImage.cpp:
(WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
    Allow the caller of draw() to disable caching the PDF images.

(WebCore::PDFDocumentImage::cacheParametersMatch):
    Match the context dirty rectangle with the cached image rectangle.

(WebCore::transformContextForPainting):
    When preparing the context for drawing the PDF, take the location
    of the destination rectangle into account. We do not need to scale
    the location of the source rectangle because we scale the size of
    the rectangle but we don't scale the whole coordinate system.

(WebCore::cachedImageRect):
    Calculate the rectangle of the cached image such that it does not
    exceed the limit. Start from the center of the dirty rectangle and
    then expand around it.

(WebCore::PDFDocumentImage::decodedSizeChanged):
    In addition to notifying the ImageObserver, it keeps track of the size
    of all the cached PDF images.

(WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
    Ensure the size of all the cached images does not exceed the limit

(WebCore::PDFDocumentImage::destroyDecodedData):
* platform/graphics/cg/PDFDocumentImage.h:

* rendering/RenderImage.cpp:
(WebCore::RenderImage::paintIntoRect):
    Pass the option to disable caching the PDF images to PDFDocumentImage.

* testing/InternalSettings.cpp:
(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setCachedPDFImageEnabled):
* testing/InternalSettings.h:
* testing/InternalSettings.idl:
    Add an internal option to disable caching the PDF images.

LayoutTests:

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-07-18
Reviewed by Dean Jackson.

Make sure the PDF image will be displayed at the correct position if caching
the PDF image is disabled.

* fast/images/displaced-non-cached-pdf-expected.html: Added.
* fast/images/displaced-non-cached-pdf.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThe 2 first parameters to addEventListener() / removeEventListener() should be mandatory
cdumez@apple.com [Mon, 18 Jul 2016 22:33:32 +0000 (22:33 +0000)]
The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
https://bugs.webkit.org/show_bug.cgi?id=158008

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline several W3C tests now that more checks are passing.

* web-platform-tests/XMLHttpRequest/interfaces-expected.txt:
* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

The 2 first parameters to addEventListener() / removeEventListener() should be
mandatory:
- https://dom.spec.whatwg.org/#interface-eventtarget

Firefox 46 and Chrome 50 both match the specification and throw an exception when those
parameters are omitted. However, those parameters were marked as optional in WebKit and
the calls were no-ops if those parameters were omitted. This patch aligns our behavior
with the specification and other browsers.

Test: fast/dom/eventtarget-api-parameters.html

* bindings/scripts/CodeGeneratorJS.pm:
(GetFunctionLength): Deleted.
* dom/EventTarget.idl:

LayoutTests:

* fast/dom/Window/window-legacy-event-listener-expected.txt: Removed.
* fast/dom/Window/window-legacy-event-listener.html: Removed.
* fast/dom/XMLHttpRequest-legacy-event-listener-expected.txt: Removed.
* fast/dom/XMLHttpRequest-legacy-event-listener.html: Removed.
* fast/dom/node-legacy-event-listener-expected.txt: Removed.
* fast/dom/node-legacy-event-listener.html: Removed.
Drop legacy tests that expect the addEventListener() / removeEventListener()
parameters to be optional.

* fast/dom/eventtarget-api-parameters-expected.txt: Added.
* fast/dom/eventtarget-api-parameters.html: Added.
Add layout test to check that the 2 first parameters of addEventListener()
and removeEventListener() are now mandatory. It also checks that the
second parameter is nullable.

* media/video-remote-control-playpause.html:
Drop useless call to addEventListener() without a listener as it now throws.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203377 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: : (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0...
msaboff@apple.com [Mon, 18 Jul 2016 22:20:50 +0000 (22:20 +0000)]
ASSERTION FAILED: : (year >= 1970 && yearday >= 0) || (year < 1970 && yearday < 0) -- WTF/wtf/DateMath.cpp
https://bugs.webkit.org/show_bug.cgi?id=159883

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

New test.

* tests/stress/regress-159883.js: Added.

Source/WTF:

The function daysFrom1970ToYear() takes an integer year and returns a double result.
The calculation uses 1970 as a baseline year and subtracts 1970 from the argument year.
It does that subtraction using integer arithmetic, which given negative years close to
INT_MIN can underflow as a result of subtracting 1970.  Since we want a double result,
the fix is to cast year as a double before the subtraction, which eliminates the underflow.

* wtf/DateMath.cpp:
(WTF::daysFrom1970ToYear):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarkedBlocks should know that they can be used for more than JSCells
fpizlo@apple.com [Mon, 18 Jul 2016 21:33:45 +0000 (21:33 +0000)]
MarkedBlocks should know that they can be used for more than JSCells
https://bugs.webkit.org/show_bug.cgi?id=159643

Reviewed by Geoffrey Garen.

This teaches the Heap that a MarkedBlock may hold either JSCells, or Auxiliary, which is
not a JSCell. It teaches the heap and all of the things that walk the heap to ignore
non-JSCells whenever they are looking for global objects, JSObjects, and things to trace
for debugging or profiling. The idea is that we will be able to allocate butterflies and
typed array backing stores as Auxiliary in MarkedSpace rather than allocating those things
in CopiedSpace. That's what bug 159658 is all about.

This gives us a new type, called HeapCell, which is just meant to be a class distinct from
JSCell or any type we would use for Auxiliary. For convenience, JSCell is a subclass of
HeapCell. HeapCell has an enum called HeapCell::Kind, which is either HeapCell::JSCell or
HeapCell::Auxiliary. MarkedSpace no longer speaks of JSCells directly except when dealing
with destruction.

This change required doing a lot of stuff to all of those functor callbacks, since they
now take HeapCell* instead of JSCell* and they take an extra HeapCell::Kind argument to
tell them if they are dealing with JSCells or Auxiliary. I figured that this would be as
good a time as any to convert those functors to being lambda-compatible. This means that
operator() must be const. In some cases, converting the operator() to be const would have
taken more work than just turning the whole thing into a lambda. Whenever this was the
case, I converted the code to use lambdas. I left a lot of functors alone. In cases where
the functor would benefit from being a lambda, for example because it would get rid of
const_casts or mutables, I put in a FIXME referencing bug 159644.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* debugger/Debugger.cpp:
(JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
(JSC::Debugger::SetSteppingModeFunctor::operator()):
(JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
(JSC::Debugger::ToggleBreakpointFunctor::operator()):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
(JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
(JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
* heap/CodeBlockSet.h:
(JSC::CodeBlockSet::iterate):
* heap/HandleSet.h:
(JSC::HandleNode::next):
(JSC::HandleSet::forEachStrongHandle):
* heap/Heap.cpp:
(JSC::GatherHeapSnapshotData::GatherHeapSnapshotData):
(JSC::GatherHeapSnapshotData::operator()):
(JSC::RemoveDeadHeapSnapshotNodes::RemoveDeadHeapSnapshotNodes):
(JSC::RemoveDeadHeapSnapshotNodes::operator()):
(JSC::Heap::protectedGlobalObjectCount):
(JSC::Heap::globalObjectCount):
(JSC::Heap::protectedObjectCount):
(JSC::Heap::protectedObjectTypeCounts):
(JSC::Heap::objectTypeCounts):
(JSC::Heap::deleteAllCodeBlocks):
(JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
(JSC::MarkedBlockSnapshotFunctor::operator()):
(JSC::Zombify::visit):
(JSC::Zombify::operator()):
(JSC::Heap::zombifyDeadObjects):
(JSC::Heap::flushWriteBarrierBuffer):
* heap/Heap.h:
(JSC::Heap::handleSet):
(JSC::Heap::handleStack):
* heap/HeapCell.cpp: Added.
(WTF::printInternal):
* heap/HeapCell.h: Added.
(JSC::HeapCell::HeapCell):
(JSC::HeapCell::zap):
(JSC::HeapCell::isZapped):
* heap/HeapInlines.h:
(JSC::Heap::deprecatedReportExtraMemory):
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::forEachProtectedCell):
(JSC::Heap::allocateWithDestructor):
* heap/HeapStatistics.cpp:
(JSC::StorageStatistics::visit):
(JSC::StorageStatistics::operator()):
* heap/HeapVerifier.cpp:
(JSC::GatherLiveObjFunctor::visit):
(JSC::GatherLiveObjFunctor::operator()):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateBlock):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::reset):
(JSC::MarkedAllocator::lastChanceToFinalize):
(JSC::LastChanceToFinalize::operator()): Deleted.
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::takeLastActiveBlock):
(JSC::MarkedAllocator::resumeAllocating):
(JSC::MarkedAllocator::forEachBlock):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::create):
(JSC::MarkedBlock::destroy):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::callDestructor):
(JSC::MarkedBlock::specializedSweep):
(JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
(JSC::SetNewlyAllocatedFunctor::operator()):
(JSC::MarkedBlock::stopAllocating):
(JSC::MarkedBlock::didRetireBlock):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::CountFunctor::CountFunctor):
(JSC::MarkedBlock::CountFunctor::count):
(JSC::MarkedBlock::CountFunctor::returnValue):
(JSC::MarkedBlock::needsDestruction):
(JSC::MarkedBlock::cellKind):
(JSC::MarkedBlock::size):
(JSC::MarkedBlock::clearNewlyAllocated):
(JSC::MarkedBlock::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::isLive):
(JSC::MarkedBlock::isLiveCell):
(JSC::MarkedBlock::forEachCell):
(JSC::MarkedBlock::forEachLiveCell):
(JSC::MarkedBlock::forEachDeadCell):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::zombifySweep):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::MarkedSpace::forEachAllocator):
(JSC::MarkedSpace::stopAllocating):
(JSC::MarkedSpace::resumeAllocating):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::shrink):
(JSC::clearNewlyAllocatedInBlock):
(JSC::MarkedSpace::clearNewlyAllocated):
(JSC::MarkedSpace::clearMarks):
(JSC::Free::Free): Deleted.
(JSC::Free::operator()): Deleted.
(JSC::FreeOrShrink::FreeOrShrink): Deleted.
(JSC::FreeOrShrink::operator()): Deleted.
(JSC::VisitWeakSet::VisitWeakSet): Deleted.
(JSC::VisitWeakSet::operator()): Deleted.
(JSC::ReapWeakSet::operator()): Deleted.
(JSC::LastChanceToFinalize::operator()): Deleted.
(JSC::StopAllocatingFunctor::operator()): Deleted.
(JSC::ResumeAllocatingFunctor::operator()): Deleted.
(JSC::ClearNewlyAllocated::operator()): Deleted.
(JSC::VerifyNewlyAllocated::operator()): Deleted.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::forEachLiveCell):
(JSC::MarkedSpace::forEachDeadCell):
(JSC::MarkedSpace::allocatorFor):
(JSC::MarkedSpace::allocateWithDestructor):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::didAddBlock):
(JSC::MarkedSpace::objectCount):
(JSC::MarkedSpace::size):
(JSC::MarkedSpace::capacity):
(JSC::ClearMarks::operator()): Deleted.
(JSC::Sweep::operator()): Deleted.
(JSC::ZombifySweep::operator()): Deleted.
(JSC::MarkCount::operator()): Deleted.
(JSC::Size::operator()): Deleted.
* runtime/JSCell.h:
(JSC::JSCell::zap): Deleted.
(JSC::JSCell::isZapped): Deleted.
* runtime/JSCellInlines.h:
(JSC::allocateCell):
(JSC::JSCell::isObject):
(JSC::isZapped): Deleted.
* runtime/JSGlobalObject.cpp:
* tools/JSDollarVMPrototype.cpp:
(JSC::CellAddressCheckFunctor::CellAddressCheckFunctor):
(JSC::CellAddressCheckFunctor::operator()):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r203373.
bfulgham@apple.com [Mon, 18 Jul 2016 21:15:02 +0000 (21:15 +0000)]
Unreviewed, rolling out r203373.

Unaddressed

Reverted changeset:

"Don't associate form-associated elements with forms in other
trees."
https://bugs.webkit.org/show_bug.cgi?id=119451
http://trac.webkit.org/changeset/203373

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203374 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't associate form-associated elements with forms in other trees.
bfulgham@apple.com [Mon, 18 Jul 2016 21:12:14 +0000 (21:12 +0000)]
Don't associate form-associated elements with forms in other trees.
https://bugs.webkit.org/show_bug.cgi?id=119451
<rdar://problem/27382946>

Change is based on the Blink change (patch by <adamk@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

Reviewed by Zalan Bujtas.

Source/WebCore:

Prevent elements from being associated with forms that are not part of the same home subtree.
This brings us in line with the WhatWG HTML specification as of September, 2013.

Tests: fast/forms/image-disconnected-during-parse.html
       fast/forms/input-disconnected-during-parse.html

* dom/NodeTraversal.h:
(WebCore::NodeTraversal::highestAncestorOrSelf): Added.
* html/FormAssociatedElement.cpp:
(WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
is not part of the same tree, remove the association.
* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::insertedInto): Ditto.

LayoutTests:

* fast/forms/image-disconnected-during-parse-expected.txt: Added.
* fast/forms/image-disconnected-during-parse.html: Added.
* fast/forms/input-disconnected-during-parse-expected.txt: Added.
* fast/forms/input-disconnected-during-parse.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking storage/indexeddb/modern/handle-user-delete.html as flaky on mac-wk2
ryanhaddad@apple.com [Mon, 18 Jul 2016 20:59:10 +0000 (20:59 +0000)]
Marking storage/indexeddb/modern/handle-user-delete.html as flaky on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=159896

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMail contents are temporarily obscured by black rectangles when returning from suspen...
timothy_horton@apple.com [Mon, 18 Jul 2016 20:41:18 +0000 (20:41 +0000)]
Mail contents are temporarily obscured by black rectangles when returning from suspend and in app switcher
https://bugs.webkit.org/show_bug.cgi?id=159894
<rdar://problem/26973202>

Reviewed by Simon Fraser.

* UIProcess/ApplicationStateTracker.h:
* UIProcess/ApplicationStateTracker.mm:
(WebKit::ApplicationStateTracker::ApplicationStateTracker):
(WebKit::ApplicationStateTracker::~ApplicationStateTracker):
(WebKit::ApplicationStateTracker::applicationDidCreateWindowContext):
* UIProcess/ios/WKContentView.mm:
(-[WKContentView didMoveToWindow]):
(-[WKContentView _applicationDidCreateWindowContext]):
(-[WKContentView _applicationWillEnterForeground]): Deleted.
* UIProcess/ios/WKPDFView.mm:
(-[WKPDFView didMoveToWindow]):
(-[WKPDFView _applicationDidCreateWindowContext]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::applicationDidFinishSnapshottingAfterEnteringBackground):
Hide content at window context creation time, instead of when the application
becomes foregrounded. Otherwise, background snapshots (which create/destroy
window contexts, but do not bring the app into the foreground) can have
parented layers that have volatile surfaces in them. In the normal case,
we will subsequently get foregrounded and re-build the layer tree; in the
background snapshot case, we will just have an empty layer tree.

In the future, we should consider making ApplicationStateTracker use
window context creation/destruction to drive web process lifetime, so
that we can actually paint correctly for background snapshots.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203371 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/JavaScriptCore:
fpizlo@apple.com [Mon, 18 Jul 2016 20:31:20 +0000 (20:31 +0000)]
Source/JavaScriptCore:
Repeatedly creating and destroying workers that enqueue DFG plans can outpace the DFG worklist, which then causes VM shutdown to stall, which then causes memory growth
https://bugs.webkit.org/show_bug.cgi?id=159754

Reviewed by Geoffrey Garen.

If you create and destroy workers at a high rate and those workers enqueue some DFG plans
that are still not compiled at the time that the worker is closed, then the closed workers
end up stalling in VM::~VM waiting for the DFG worklist thread to finish those plans. Since
we don't actually cancel the plans, it's easy to create a situation where the workers
outpace the DFG worklist, especially if you create many workers at a time and each one
finishes just after enqueueing those plans.

The solution is to allow VM::~VM to remove plans from the DFG worklist that are related to
that VM but aren't currently being worked on. That turns out to be an easy change.

I have a test that repros this, but it's quite long-running. I call it workers/bomb.html. We
may want to exclude it from test runs because of how long it takes.

* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::removeDeadPlans):
(JSC::DFG::Worklist::removeNonCompilingPlansForVM):
(JSC::DFG::Worklist::queueLength):
(JSC::DFG::Worklist::runThread):
* dfg/DFGWorklist.h:
* runtime/VM.cpp:
(JSC::VM::~VM):

LayoutTests:
Repeatedly creating and destroying workers that enqueue DFG plans can outpace the DFG worklist, which then causes VM shutdown to stall, which then causes a memory growth
https://bugs.webkit.org/show_bug.cgi?id=159754

Reviewed by Geoffrey Garen.

Adds two tests that create a lot of workers that do sophisticated things. These are
long-running tests so we may want to skip them. It's OK if we end up only running them
manually occasionally.

* workers: Added.
* workers/bomb.html: Added.
* workers/bomb-expected.txt: Added.
* workers/bomb-with-v8.html: Added.
* workers/tests: Added.
* workers/tests/3d-cube.js: Added.
* workers/tests/3d-morph.js: Added.
* workers/tests/3d-raytrace.js: Added.
* workers/tests/access-binary-trees.js: Added.
* workers/tests/access-fannkuch.js: Added.
* workers/tests/access-nbody.js: Added.
* workers/tests/access-nsieve.js: Added.
* workers/tests/bitops-3bit-bits-in-byte.js: Added.
* workers/tests/bitops-bits-in-byte.js: Added.
* workers/tests/bitops-bitwise-and.js: Added.
* workers/tests/bitops-nsieve-bits.js: Added.
* workers/tests/controlflow-recursive.js: Added.
* workers/tests/crypto-aes.js: Added.
* workers/tests/crypto-md5.js: Added.
* workers/tests/crypto-sha1.js: Added.
* workers/tests/date-format-tofte.js: Added.
* workers/tests/date-format-xparb.js: Added.
* workers/tests/math-cordic.js: Added.
* workers/tests/math-partial-sums.js: Added.
* workers/tests/math-spectral-norm.js: Added.
* workers/tests/regexp-dna.js: Added.
* workers/tests/string-base64.js: Added.
* workers/tests/string-fasta.js: Added.
* workers/tests/string-tagcloud.js: Added.
* workers/tests/string-unpack-code.js: Added.
* workers/tests/string-validate-input.js: Added.
* workers/tests/v8-crypto.js: Added.
* workers/tests/v8-deltablue.js: Added.
* workers/tests/v8-earley-boyer.js: Added.
* workers/tests/v8-raytrace.js: Added.
* workers/tests/v8-regexp.js: Added.
* workers/tests/v8-richards.js: Added.
* workers/tests/v8-splay.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203370 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking storage/indexeddb/modern/abort-requests-cancelled.html as flaky on mac-wk1
ryanhaddad@apple.com [Mon, 18 Jul 2016 20:16:55 +0000 (20:16 +0000)]
Marking storage/indexeddb/modern/abort-requests-cancelled.html as flaky on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=156070

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoObject.preventExtensions/seal/freeze makes code much slower
fpizlo@apple.com [Mon, 18 Jul 2016 20:12:45 +0000 (20:12 +0000)]
Object.preventExtensions/seal/freeze makes code much slower
https://bugs.webkit.org/show_bug.cgi?id=143247

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This has been a huge pet peeve of mine for a long time, but I was always afraid of fixing
it because I thought that it would be hard. Well, it looks like it's not hard at all.

The problem is that you cannot mutate a structure that participates in transition caching.
You can only clone the structure and mutate that one. But if you do this, you have to make
a hard choice:

1) Clone the structure without caching the transition. This is what the code did before
   this change. It's the most obvious choice, but it introduces an uncacheable transition
   that leads to an explosion of structures, which then breaks all inline caches.

2) Perform one of the existing cacheable transitions. Cacheable transitions can either add
   properties or they can do one of the NonPropertyTransitions, which until now have been
   restricted to just IndexingType transitions. So, only adding transitions or making
   certain prescribed changes to the indexing type count as cacheable transitions.

This change decouples NonPropertyTransition from IndexingType and adds three new kinds of
transitions: PreventExtensions, Seal, and Freeze. We have to give any cacheable transition
a name that fully disambiguates this transition from any other, so that the transition can
be cached. Since we're already giving them names in an enum, I figured that the most
pragmatic way to implement them is to have Structure::nonPropertyTransition() case on the
NonPropertyTransition and implement all of the mutations associated with that transition.
The alternative would have been to allow callers of nonPropertyTransition() to supply
something like a lambda that describes the mutation, but this seemed awkward since each
set of mutations has to anyway be tied to one of the NonPropertyTransition members.

This is an enormous speed-up on microbenchmarks that use Object.preventExtensions(),
Object.seal(), or Object.freeze(). I don't know if "real" benchmarks use these features
and I don't really care. This should be fast.

* runtime/JSObject.cpp:
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::switchToSlowPutArrayStorage):
* runtime/Structure.cpp:
(JSC::Structure::suggestedArrayStorageTransition):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::toUncacheableDictionaryTransition):
(JSC::Structure::sealTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::pin):
(JSC::Structure::pinForCaching):
(JSC::Structure::allocateRareData):
* runtime/Structure.h:
* runtime/StructureTransitionTable.h:
(JSC::toAttributes):
(JSC::changesIndexingType):
(JSC::newIndexingType):
(JSC::preventsExtensions):
(JSC::setsDontDeleteOnAllProperties):
(JSC::setsReadOnlyOnAllProperties):

LayoutTests:

These tests now run ~25x faster.

* js/regress/freeze-and-do-work-expected.txt: Added.
* js/regress/freeze-and-do-work.html: Added.
* js/regress/prevent-extensions-and-do-work-expected.txt: Added.
* js/regress/prevent-extensions-and-do-work.html: Added.
* js/regress/script-tests/freeze-and-do-work.js: Added.
(Foo):
* js/regress/script-tests/prevent-extensions-and-do-work.js: Added.
(Foo):
* js/regress/script-tests/seal-and-do-work.js: Added.
(Foo):
* js/regress/seal-and-do-work-expected.txt: Added.
* js/regress/seal-and-do-work.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking imported/w3c/web-platform-tests/XMLHttpRequest/event-readystatechange-loaded...
ryanhaddad@apple.com [Mon, 18 Jul 2016 20:12:00 +0000 (20:12 +0000)]
Marking imported/w3c/web-platform-tests/XMLHttpRequest/event-readystatechange-loaded.htm as flaky on mac-debug WK1
https://bugs.webkit.org/show_bug.cgi?id=159893

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203367 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking media/video-load-preload-metadata.html as flaky on Mac.
ryanhaddad@apple.com [Mon, 18 Jul 2016 20:03:18 +0000 (20:03 +0000)]
Marking media/video-load-preload-metadata.html as flaky on Mac.
https://bugs.webkit.org/show_bug.cgi?id=128312

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203366 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRegisterSet should use a Bitmap instead of a BitVector so that it never allocates...
fpizlo@apple.com [Mon, 18 Jul 2016 19:51:45 +0000 (19:51 +0000)]
RegisterSet should use a Bitmap instead of a BitVector so that it never allocates memory and is trivial to copy
https://bugs.webkit.org/show_bug.cgi?id=159863

Reviewed by Saam Barati.

Source/JavaScriptCore:

Switch RegisterSet set to Bitmap because Bitmap doesn't ever allocate memory and can be
assigned by memcpy. This should be a performance improvement for compiler code that does a
lot of things with RegisterSet. For example, it's one of the fundamental data structures in
Air. The previous use of BitVector meant that almost every operation on RegisterSet would
have a slow path call. On ARM64, it would mean memory allocation for any RegisterSet that
used all available registers.

This meant adding even more GPR/FPR reflection to the MacroAssembler API: we now have consts
called numGPRs and numFPRs. This is necessary to statically size the Bitmap in RegisterSet.

Here's the breakdown of sizes of RegisterSet on different CPUs:

x86-32: 8 bits (GPRs) + 8 bits (FPRs) + 1 bit (is deleted) = 1x uint32_t.
x86-64: 16 bits + 16 bits + 1 bit = 2x uint32_t.
ARMv7: 16 bits + 16 bits + 1 bit = 2x uint32_t.
ARM64: 32 bits + 32 bits + 1 bit = 3x uint32_t.

* assembler/MacroAssemblerARM.h:
* assembler/MacroAssemblerARM64.h:
* assembler/MacroAssemblerARMv7.h:
* assembler/MacroAssemblerX86.h:
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::scratchRegister):
* assembler/MacroAssemblerX86_64.h:
* jit/RegisterSet.h:
(JSC::RegisterSet::set):
(JSC::RegisterSet::get):
(JSC::RegisterSet::setAll):
(JSC::RegisterSet::merge):
(JSC::RegisterSet::filter):
(JSC::RegisterSet::exclude):
(JSC::RegisterSet::numberOfSetRegisters):
(JSC::RegisterSet::RegisterSet):
(JSC::RegisterSet::isEmptyValue):
(JSC::RegisterSet::isDeletedValue):
(JSC::RegisterSet::operator==):
(JSC::RegisterSet::operator!=):
(JSC::RegisterSet::hash):
(JSC::RegisterSet::forEach):
(JSC::RegisterSet::setMany):

Source/WTF:

Give Bitmap all of the power of BitVector (except for automatic resizing). This means a
variant of set() that takes a bool, and a bunch of helper methods (merge, filter, exclude,
forEachSetBit, ==, !=, and hash).

* wtf/Bitmap.h:
(WTF::WordType>::set):
(WTF::WordType>::testAndSet):
(WTF::WordType>::isFull):
(WTF::WordType>::merge):
(WTF::WordType>::filter):
(WTF::WordType>::exclude):
(WTF::WordType>::forEachSetBit):
(WTF::=):
(WTF::WordType>::hash):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDFG and FTL should support op_call_eval
fpizlo@apple.com [Mon, 18 Jul 2016 19:32:34 +0000 (19:32 +0000)]
DFG and FTL should support op_call_eval
https://bugs.webkit.org/show_bug.cgi?id=159786

Reviewed by Saam Barati.
Source/JavaScriptCore:

This adds support for op_call_eval in DFG and FTL by brute force:

- There is now a CallEval() node type, which compiles exactly the same way that we do in
  baseline.

- We teach the DFG and bytecode liveness that the scope register and 'this' are read by
  CallEval()/op_call_eval.

We can compile eval quite well, except that right now we cannot inline functions that use
eval. It would be nice to do that, but the payoff is probably smaller. "Don't inline users
of eval" may even be an OK inlining heuristic. Not inlining users of eval allows me to
reuse the baseline implementation, which is really great. Otherwise, I'd have to get rid
of things like the rogue reads of scope register and 'this'.

The goal here is to produce speed-ups for code that has functions that do both eval and
some computational stuff. Obviously, we're not producing any benefit for the eval itself.
But now the other stuff in a function that uses eval will get to participate in
optimization.

This is a huge speed-up on microbenchmarks.

* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::dumpBytecode):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::needsScopeRegister):
(JSC::DFG::Graph::needsFlushedThis):
* dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* dfg/DFGHeapLocation.h:
* dfg/DFGMayExit.cpp:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGNodeType.h:
* dfg/DFGOSRExitCompiler.cpp:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
(JSC::FTL::DFG::LowerDFGToB3::compileLoadVarargs):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitDumbVirtualCall):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitTypeOf):
* jit/JITCall.cpp:
(JSC::JIT::compileCallEvalSlowCase):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileCallEvalSlowCase):
* jit/JITOperations.cpp:
* tests/stress/exit-then-eval.js: Added.
(foo):
* tests/stress/force-exit-then-eval-dfg.js: Added.
(foo):
* tests/stress/force-exit-then-eval.js: Added.
(foo):

LayoutTests:

* js/regress/eval-compute-expected.txt: Added.
* js/regress/eval-compute.html: Added.
* js/regress/eval-not-eval-compute-args-expected.txt: Added.
* js/regress/eval-not-eval-compute-args.html: Added.
* js/regress/eval-not-eval-compute-expected.txt: Added.
* js/regress/eval-not-eval-compute.html: Added.
* js/regress/script-tests/eval-compute.js: Added.
(foo):
* js/regress/script-tests/eval-not-eval-compute-args.js: Added.
(foo):
(i.result.foo):
* js/regress/script-tests/eval-not-eval-compute.js: Added.
(foo):
(i.result.foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203364 268f45cc-cd09-0410-ab3c-d52691b4dbfc