WebKit-https.git
18 months agoMake StyleBench compatible with run-benchmark and run-perf-tests
rniwa@webkit.org [Mon, 29 Jan 2018 22:09:07 +0000 (22:09 +0000)]
Make StyleBench compatible with run-benchmark and run-perf-tests
https://bugs.webkit.org/show_bug.cgi?id=182262

Reviewed by Antti Koivisto.

Copied resource files referenced from Speedometer directory since run-benchmark needs to be able
to checkout each benchmark separately.

Removed the code to create tests of the same name five times in makeSteps since this
won't be compatible with either run-benchmark or run-perf-tests.

* StyleBench/index.html: Removed the code to show warnings for local files since run-benchmark
doesn't use HTTP server in WebDriver mode.
* StyleBench/resources/benchmark-report.js: Copied from resources/benchmark-report.js.
* StyleBench/resources/benchmark-runner.js: Copied from resources/benchmark-runner.js.
(BenchmarkRunner.prototype._finalize): Use the correction factor of 8 instead of 5 in StyleBench.
* StyleBench/resources/gauge.png: Copied from resources/gauge.png.
* StyleBench/resources/gauge@2x.png: Copied from resources/gauge@2x.png.
* StyleBench/resources/main.css: Copied from resources/main.css.
* StyleBench/resources/main.js: Copied from resources/main.js.
* StyleBench/resources/tests.js:
(makeSteps): Only make each test once.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227756 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAdd telemetry to track storage access API adoption
bfulgham@apple.com [Mon, 29 Jan 2018 22:00:58 +0000 (22:00 +0000)]
Add telemetry to track storage access API adoption
https://bugs.webkit.org/show_bug.cgi?id=182197
<rdar://problem/35803309>

Reviewed by Chris Dumez.
Source/WebCore:

Part 1: Add telemetry for the user interaction case

This patch adds telemetry to track how frequently third-party cookies are
used in a first party context due to user interaction. This will help
understand cases where the new Storage Access API can help, and to help
us understand if we have considered relevant use cases in its design.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::setTimeToLivePartitionFree): Let the observer
know the first party interaction duration.
(WebCore::ResourceLoadObserver::wasAccessedWithinInteractionWindow const): Added.
(WebCore::ResourceLoadObserver::logFrameNavigation): Note when a third party
resource is accessed as a first party due to user interaction.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
* loader/ResourceLoadObserver.h:
* loader/ResourceLoadStatistics.cpp:
(WebCore::ResourceLoadStatistics::encode const): Handle new fields.
(WebCore::ResourceLoadStatistics::decode): Ditto.
* loader/ResourceLoadStatistics.h:

Source/WebKit:

Part 1: Add telemetry for the user interaction case

This patch adds telemetry to track how frequently third-party cookies are
used in a first party context due to user interaction. This will help
understand cases where the new Storage Access API can help, and to help
us understand if we have considered relevant use cases in its design.

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* UIProcess/WebResourceLoadStatisticsTelemetry.cpp:
(WebKit::sortedPrevalentResourceTelemetry): Update for new telemetry.
(WebKit::submitTopList): Update for new data types.
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess): Handle the partitioning time
passed from the UIProcess.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227755 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoFix crash when during canAuthenticateAgainstProtectionSpace
achristensen@apple.com [Mon, 29 Jan 2018 21:58:31 +0000 (21:58 +0000)]
Fix crash when during canAuthenticateAgainstProtectionSpace
https://bugs.webkit.org/show_bug.cgi?id=182260
<rdar://problem/34911343>

Reviewed by Chris Dumez.

If we have a valid network load with no challenge completion handler and we are
telling it to continue with the challenge handling, something has gone wrong.
Maybe we've just recovered from a crashed network process.  If this happens, do nothing.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227754 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoCalcExpressionBlendLength::evaluate hits stack limit
antti@apple.com [Mon, 29 Jan 2018 21:46:02 +0000 (21:46 +0000)]
CalcExpressionBlendLength::evaluate hits stack limit
https://bugs.webkit.org/show_bug.cgi?id=182243

Reviewed by Zalan Bujtas.

Speculative fix to prevent nesting of CalcExpressionBlendLength.

No test, don't know how to make one.

* platform/CalculationValue.cpp:
(WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength):

CalcExpressionBlendLength is only used in Length values of animated style. Normally such styles are not used
as input for further blending but there are some paths where this could in principle happen. Repeated
application (for each animation frame) could construct CalcExpressionBlendLength expression that blows
the stack when evaluated.

Speculatively fix by flattening any nesting.

* platform/CalculationValue.h:
(WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWarning in 32-bit WebKit build when trying to link to SafariSafeBrowsing
commit-queue@webkit.org [Mon, 29 Jan 2018 21:32:41 +0000 (21:32 +0000)]
Warning in 32-bit WebKit build when trying to link to SafariSafeBrowsing
https://bugs.webkit.org/show_bug.cgi?id=182251
rdar://problem/36964995

Patch by Zach Li <zacharyli323@gmail.com> on 2018-01-29
Reviewed by Alex Christensen.

* Configurations/WebKit.xcconfig:
Only link against SafariSafeBrowsing framework in 64-bit architecture.

* Platform/spi/Cocoa/SafeBrowsingSPI.h:
Guard the Safe Browsing code with WK_API_ENABLED.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227752 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake sure we do not re-enter Webcore during StorageToWebProcessConnection::EstablishS...
cdumez@apple.com [Mon, 29 Jan 2018 21:20:49 +0000 (21:20 +0000)]
Make sure we do not re-enter Webcore during StorageToWebProcessConnection::EstablishSWServerConnection Sync IPC
https://bugs.webkit.org/show_bug.cgi?id=182256
<rdar://problem/36689233>

Reviewed by Simon Fraser.

Make sure we do not re-enter Webcore during StorageToWebProcessConnection::EstablishSWServerConnection Sync IPC as
this can lead to crashes such as the one in <rdar://problem/36689233>.

* WebProcess/Storage/WebSWClientConnection.cpp:
(WebKit::WebSWClientConnection::WebSWClientConnection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227751 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAdd the support for reporting Speedometer 2.0 results to perf dashboard
rniwa@webkit.org [Mon, 29 Jan 2018 20:38:37 +0000 (20:38 +0000)]
Add the support for reporting Speedometer 2.0 results to perf dashboard
https://bugs.webkit.org/show_bug.cgi?id=182089
<rdar://problem/36172346>

Rubber-stamped by Chris Dumez.

Apparently, this has always worked since the very first version of the perf dashboard added in r163688.
The relevant code is at the line 313 of report-processor.php now.

Added regression tests for this feature since we didn't have any tests four years ago.

* server-tests/api-report-tests.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227750 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSION(r225898): The perf dashboard fails to open when there are no summary pages
rniwa@webkit.org [Mon, 29 Jan 2018 20:35:11 +0000 (20:35 +0000)]
REGRESSION(r225898): The perf dashboard fails to open when there are no summary pages
https://bugs.webkit.org/show_bug.cgi?id=182210

Rubber-stamped by Chris Dumez.

The bug was caused by TestFreshnessPage unconditionally assuming that summaryPageConfiguration is set.
Fixed it by not creating TestFreshnessPage when there are no summary pages specified.

Also modernized the code to use const & let instead of var.

* public/v3/main.js:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227749 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake the API test added in r227737 be Mac-only.
beidson@apple.com [Mon, 29 Jan 2018 20:34:38 +0000 (20:34 +0000)]
Make the API test added in r227737 be Mac-only.

Unreviewed gardening.

* TestWebKitAPI/Tests/WebKitCocoa/MessagePortProviders.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227748 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoPerf dashboard's page title can be set to a previously visited page
rniwa@webkit.org [Mon, 29 Jan 2018 20:31:06 +0000 (20:31 +0000)]
Perf dashboard's page title can be set to a previously visited page
https://bugs.webkit.org/show_bug.cgi?id=182209

Rubber-stamped by Chris Dumez.

Before this patch, opening a page and navigating away from it could result in the page title
getting set to that of the previously visited page after the new page had been opened.

This bug was caused by Page.render keep setting document.title even though the page is no longer
the currently open page of the router. Fixed it by exiting early in Page.enqueueToRender when
this page is not the currently open page of the router.

Also added basic tests for Page.

* browser-tests/index.html:
* browser-tests/page-tests.js: Added.
* public/v3/pages/page.js:
(Page): Removed the unused second constructor argument.
(Page.prototype.enqueueToRender): Fixed the bug.
(Page.prototype.render): Use const instead of var.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227747 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoCommitLogViewer should not fetch commits in serial
rniwa@webkit.org [Mon, 29 Jan 2018 20:27:56 +0000 (20:27 +0000)]
CommitLogViewer should not fetch commits in serial
https://bugs.webkit.org/show_bug.cgi?id=182207

Rubber-stamped by Chris Dumez.

Fetch both the commits in the range as well as the preceding commit at once instead of
fetching the preceding commit only after the commits in the range had been fetched.

* browser-tests/commit-log-viewer-tests.js: Fixed the tcoest case after r224227.
* public/v3/components/commit-log-viewer.js:
(CommitLogViewer.prototype._fetchCommitLogs): Fetch commits in parallel.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227746 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDrop unnecessary "ServiceWorker Task Thread" in SWServer
cdumez@apple.com [Mon, 29 Jan 2018 19:45:30 +0000 (19:45 +0000)]
Drop unnecessary "ServiceWorker Task Thread" in SWServer
https://bugs.webkit.org/show_bug.cgi?id=182253

Reviewed by Youenn Fablet.

Drop unnecessary "ServiceWorker Task Thread" in SWServer. We're spinning a thread for
each SWServer that is never used.

* workers/service/server/SWServer.cpp:
(WebCore::SWServer::~SWServer):
(WebCore::SWServer::SWServer):
(WebCore::SWServer::taskThreadEntryPoint): Deleted.
(WebCore::SWServer::postTask): Deleted.
(WebCore::SWServer::postTaskReply): Deleted.
(WebCore::SWServer::handleTaskRepliesOnMainThread): Deleted.
* workers/service/server/SWServer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227745 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[GTK] Zooming gesture incorrectly uses scale instead of zoom
commit-queue@webkit.org [Mon, 29 Jan 2018 19:29:08 +0000 (19:29 +0000)]
[GTK] Zooming gesture incorrectly uses scale instead of zoom
https://bugs.webkit.org/show_bug.cgi?id=182174

Patch by Jan-Michael Brummer <jan.brummer@tabos.org> on 2018-01-29
Reviewed by Michael Catanzaro.

Switch zooming gesture to use zoom instead of scale function.

* UIProcess/gtk/GestureController.cpp:
(WebKit::GestureController::ZoomGesture::begin):
(WebKit::GestureController::ZoomGesture::handleZoom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227744 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed, rolling out r227731.
jlewis3@apple.com [Mon, 29 Jan 2018 19:27:06 +0000 (19:27 +0000)]
Unreviewed, rolling out r227731.

This caused and assertion failure in API tests.

Reverted changeset:

"Layout Test fast/events/beforeunload-dom-manipulation-
crash.html is crashing"
https://bugs.webkit.org/show_bug.cgi?id=181204
https://trac.webkit.org/changeset/227731

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227743 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSION (r227341): DFG_ASSERT failure at JSC::DFG::AtTailAbstractState::forNode()
msaboff@apple.com [Mon, 29 Jan 2018 19:13:45 +0000 (19:13 +0000)]
REGRESSION (r227341): DFG_ASSERT failure at JSC::DFG::AtTailAbstractState::forNode()
https://bugs.webkit.org/show_bug.cgi?id=182249

Reviewed by Keith Miller.

JSTests:

New regression test.

* stress/compare-clobber-untypeduse.js: Added.

Source/JavaScriptCore:

Changed clobberize() handling of CompareEq, et al to properly handle comparisons between
Untyped and Object values when compared against built in types.  Such comparisons can
invoke toNumber() or other methods.

* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227742 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMove http/wpt/service-workers/clone-opaque-being-loaded-response.https.html to use...
commit-queue@webkit.org [Mon, 29 Jan 2018 18:37:48 +0000 (18:37 +0000)]
Move http/wpt/service-workers/clone-opaque-being-loaded-response.https.html to use HTTP
https://bugs.webkit.org/show_bug.cgi?id=182202

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-29
Reviewed by Chris Dumez.

Some bots dislike cross origin HTTPS fetches.

* http/wpt/service-workers/clone-opaque-being-loaded-response-expected.txt: Renamed from LayoutTests/http/wpt/service-workers/clone-opaque-being-loaded-response.https-expected.txt.
* http/wpt/service-workers/clone-opaque-being-loaded-response.html: Renamed from LayoutTests/http/wpt/service-workers/clone-opaque-being-loaded-response.https.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227741 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWPT test exporter should add WebKit export in its PR description
commit-queue@webkit.org [Mon, 29 Jan 2018 18:37:14 +0000 (18:37 +0000)]
WPT test exporter should add WebKit export in its PR description
https://bugs.webkit.org/show_bug.cgi?id=182246

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-29
Reviewed by Chris Dumez.

Updating PR description body to contain the words 'WebKit export'.
That way, WPT PR bot will mark the PR as reviewed downstream.

* Scripts/webkitpy/w3c/test_exporter.py:
(TestExporter.__init__):
(TestExporter.make_pull_request):
* Scripts/webkitpy/w3c/test_exporter_unittest.py:
(TestExporterTest.test_export):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227740 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAdd the support for running Speedometer 2.0 to run-benchmark
rniwa@webkit.org [Mon, 29 Jan 2018 18:18:37 +0000 (18:18 +0000)]
Add the support for running Speedometer 2.0 to run-benchmark
https://bugs.webkit.org/show_bug.cgi?id=182231

Reviewed by Antti Koivisto.

Made it possible to run Speedometer 2.0 using run-benchmark. To do this, this patch adds the ability to
aggregate results using the differently aggregated values of subtests. In particular, Speedometer 2.0
requires aggregating the geometric mean out of total time spent in each suite.

Also added --show-iteration-values to show individual measured values in each iteration.

* Scripts/webkitpy/benchmark_runner/benchmark_results.py:
(BenchmarkResults.format): Added show_iteration_values as an option.
(BenchmarkResults._format_tests): Ditto.
(BenchmarkResults._format_values): Ditto. Added the code to show the measured values for each iteration
when show_iteration_values is set to True. We don't emit the unit in each value so that the list of values
is easily parsable as a JSON array.
(BenchmarkResults._format_values.format_scaled): Added. A helper function.
(BenchmarkResults._subtest_values_by_config_iteration): Added the support for aggregating values using
the aggregated values of a subtest even when they were computed using a different aggregator if the subtest
had exactly one aggregator.
(BenchmarkResults._lint_results):
(BenchmarkResults._lint_subtest_results): Replaced parent_needing_aggregation, which is set to the parent
test's name only when the parent test had an aggregator, by self-explanatory parent_test and
parent_aggregator_list.
(BenchmarkResults._lint_aggregator_list): Ditto. Added raise an exception when a test has an aggregator but
its subtest doesn't specify the same aggregator or it has more than one aggregators, making it ambiguous.
(BenchmarkResults._lint_configuration):
* Scripts/webkitpy/benchmark_runner/benchmark_results_unittest.py:
(test_format_values_with_no_unit_scaling): Added.
(test_format_values_with_iteration_values): Added.
(test_format_values_with_no_unit_scaling_and_iteration_values): Added.
(test_aggregate_results_from_another_aggregator): Added.
(test_lint_results): Added a test case.
* Scripts/webkitpy/benchmark_runner/benchmark_runner.py:
(BenchmarkRunner.__init__): Added show_iteration_values as an argument.
(BenchmarkRunner._run_benchmark): Ditto.
(BenchmarkRunner.show_results): Ditto.
* Scripts/webkitpy/benchmark_runner/data/patches/webserver/Speedometer2.patch: Added.
* Scripts/webkitpy/benchmark_runner/data/plans/speedometer2.plan: Added.
* Scripts/webkitpy/benchmark_runner/run_benchmark.py:
(parse_args): Added --show-iteration-values as a boolean argument.
(run_benchmark_plan): Ditto.
(start): Ditto.
* Scripts/webkitpy/benchmark_runner/webserver_benchmark_runner.py:
(WebServerBenchmarkRunner.__init__): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227739 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed, rolling out r227725.
jlewis3@apple.com [Mon, 29 Jan 2018 17:47:30 +0000 (17:47 +0000)]
Unreviewed, rolling out r227725.

This caused internal failures.

Reverted changeset:

"JSC Sampling Profiler: Detect tester and testee when sampling
in RegExp JIT"
https://bugs.webkit.org/show_bug.cgi?id=152729
https://trac.webkit.org/changeset/227725

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227738 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake it possible for apps that use both WK1 and WK2 to use MessagePorts.
beidson@apple.com [Mon, 29 Jan 2018 17:45:17 +0000 (17:45 +0000)]
Make it possible for apps that use both WK1 and WK2 to use MessagePorts.
https://bugs.webkit.org/show_bug.cgi?id=182229

Reviewed by Chris Dumez.

Source/WebCore:

Covered by existing LayoutTests and a new API test.

* dom/messageports/MessagePortChannel.cpp:
(WebCore::MessagePortChannel::checkRemotePortForActivity): Don't use the global singleton
  provider. Instead use the provider that belongs to the owning registry.

* dom/messageports/MessagePortChannelProviderImpl.cpp:
(WebCore::MessagePortChannelProviderImpl::MessagePortChannelProviderImpl): Pass a reference
  to *this to the Registry.
* dom/messageports/MessagePortChannelProviderImpl.h:

* dom/messageports/MessagePortChannelRegistry.cpp:
(WebCore::MessagePortChannelRegistry::MessagePortChannelRegistry): Keep a Provider member so
  MessagePortChannels can get to it instead of relying on the global singleton provider.
* dom/messageports/MessagePortChannelRegistry.h:
(WebCore::MessagePortChannelRegistry::provider):

Source/WebKit:

* UIProcess/UIMessagePortChannelProvider.cpp:
(WebKit::UIMessagePortChannelProvider::UIMessagePortChannelProvider):

* UIProcess/WebPageProxy.cpp:
(WebKit::m_configurationPreferenceValues): The UI process does not need to override the
  global singleton provider. It can remain the default ProviderImpl to allow WK1 views
  to work fine, too.

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/MessagePortProviders.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227737 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed WPE test gardening
mcatanzaro@igalia.com [Mon, 29 Jan 2018 16:56:04 +0000 (16:56 +0000)]
Unreviewed WPE test gardening

* platform/wpe/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227734 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebDriver: ASSERTION FAILED: !m_loadTimer.isActive()
carlosgc@webkit.org [Mon, 29 Jan 2018 16:47:08 +0000 (16:47 +0000)]
WebDriver: ASSERTION FAILED: !m_loadTimer.isActive()
https://bugs.webkit.org/show_bug.cgi?id=182237

Reviewed by Carlos Alberto Lopez Perez.

We should stop the load timer when we dispatch the pending navigation callbacks due to an alert open.

* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::willShowJavaScriptDialog):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227733 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebDriver: properly recover w3c tests after a webdriver server crash
carlosgc@webkit.org [Mon, 29 Jan 2018 16:45:53 +0000 (16:45 +0000)]
WebDriver: properly recover w3c tests after a webdriver server crash
https://bugs.webkit.org/show_bug.cgi?id=182242

Reviewed by Carlos Alberto Lopez Perez.

When a test makes the webdriver server crash, all other subsequent tests fail because they still try to send
messages to the server, gettin connection refused errors all the time. Selenium tests handle this correctly by
relaunching the server after every test failure, because other failures, even when not crashing the server,
might leave it in an bad state. WPT runner does the same for test files, it uses a subprocess to run the tests
and when any subtest fails, a new subsprocess is used for the following test file. We could do the same.

* Scripts/webkitpy/webdriver_tests/webdriver_test_runner_w3c.py:
(WebDriverTestRunnerW3C.run): Restart the executor if any subtest failed.
* Scripts/webkitpy/webdriver_tests/webdriver_w3c_executor.py:
(WebDriverW3CExecutor.__init__): Save timeout and expectations and do not import pytest.
(WebDriverW3CExecutor.setup): Create a subprocess to run the tests.
(WebDriverW3CExecutor.teardown): Send a message to the subprocess to terminate.
(WebDriverW3CExecutor._runner): Run the tests using pytest runner.
(WebDriverW3CExecutor.run): Send a message to the subprocess to run the given test and return the results message.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227732 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoLayout Test fast/events/beforeunload-dom-manipulation-crash.html is crashing
pvollan@apple.com [Mon, 29 Jan 2018 16:02:17 +0000 (16:02 +0000)]
Layout Test fast/events/beforeunload-dom-manipulation-crash.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=181204
<rdar://problem/36256274>

Reviewed by Ryosuke Niwa.

Source/WebCore:

When a frame element is moved in the DOM tree during the execution of a beforeunload handler,
the frame will be detached when removed from its previous position in the DOM tree. When being
detached, an attempt will also be made to stop the load by calling FrameLoader::stopAllLoaders().
However, this method will return early when executed in a beforeunload handler, since navigation
is not allowed then. The end result is a detached frame which will continue to load, and hitting
asserts in DocumentLoader::dataReceived(), and DocumentLoader::notifyFinished(). It should be
possible to stop a frame load, even when executing a beforeunload handler.

No new tests. Covered by the existing test fast/events/beforeunload-dom-manipulation-crash.html.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::isStopLoadingAllowed const):
(WebCore::FrameLoader::stopAllLoaders):
* loader/FrameLoader.h:

Tools:

Implement 'testRunner.forceImmediateCompletion()' for WK1.

* DumpRenderTree/TestRunner.cpp:
(forceImmediateCompletionCallback):
(TestRunner::staticFunctions):

LayoutTests:

* fast/events/beforeunload-dom-manipulation-crash.html: Make it clear that the
frame element is a child of the 'del' element.
* fast/events/beforeunload-dom-manipulation-crash-expected.html:
* platform/mac-wk1/TestExpectations: Unskip test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227731 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMark js/dom/array-with-double-assign.html as a failure on Windows.
pvollan@apple.com [Mon, 29 Jan 2018 15:35:05 +0000 (15:35 +0000)]
Mark js/dom/array-with-double-assign.html as a failure on Windows.
https://bugs.webkit.org/show_bug.cgi?id=182239

Unreviewed test gardening.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227730 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[CoordnatedGraphics] A child layer of a semitransparent layer isn't clipped properly
magomez@igalia.com [Mon, 29 Jan 2018 15:26:17 +0000 (15:26 +0000)]
[CoordnatedGraphics] A child layer of a semitransparent layer isn't clipped properly
https://bugs.webkit.org/show_bug.cgi?id=181080

Reviewed by Žan Doberšek.

Check whether the applied clipping area is empty before drawing the children of a TextureMapperLayer. If
the area is empty no children will be drawn, so we can avoid drawing them.

No new tests -- no change in behavior.

* platform/graphics/texmap/TextureMapperLayer.cpp:
(WebCore::TextureMapperLayer::paintSelfAndChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227729 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[Cairo] Add GraphicsContextImplCairo::createFactory() helpers
zandobersek@gmail.com [Mon, 29 Jan 2018 14:32:25 +0000 (14:32 +0000)]
[Cairo] Add GraphicsContextImplCairo::createFactory() helpers
https://bugs.webkit.org/show_bug.cgi?id=182238

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Instead of duplicating lambdas that return a newly-created
GraphicsContextImplCairo object, provide static createFactory() helpers
on that class that produce GraphicsContextImplFactory wrappers which are
then invoked in the GraphicsContext constructor. The static functions
accept either the PlatformContextCairo reference or the cairo_t pointer,
invoking the proper GraphicsContextImplCairo constructor in the returned
lambda wrapper.

No new tests -- no change in functionality.

* platform/graphics/cairo/GraphicsContextImplCairo.cpp:
(WebCore::GraphicsContextImplCairo::createFactory):
* platform/graphics/cairo/GraphicsContextImplCairo.h:
* platform/graphics/cairo/ImageBufferCairo.cpp:
(WebCore::ImageBuffer::ImageBuffer):
* platform/graphics/cairo/PathCairo.cpp:
(WebCore::Path::strokeBoundingRect const):
(WebCore::Path::strokeContains const):
* platform/graphics/nicosia/NicosiaPaintingContextCairo.cpp:
(Nicosia::PaintingContextCairo::PaintingContextCairo):
* platform/graphics/win/ImageCairoWin.cpp:
(WebCore::BitmapImage::getHBITMAPOfSize):

Source/WebKit:

Use GraphicsContextImplCairo::createFactory() helpers throughout the
Cairo-specific GraphicsContext constructors in the WebKit layer.

* Shared/cairo/ShareableBitmapCairo.cpp:
(WebKit::ShareableBitmap::createGraphicsContext):
* UIProcess/cairo/BackingStoreCairo.cpp:
(WebKit::BackingStore::incorporateUpdate):
* WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp:
(WebKit::WebPrintOperationGtk::renderPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoConstruct GraphicsContext with NonPaintingReasons::NoReason in FrameView::adjustPageH...
zandobersek@gmail.com [Mon, 29 Jan 2018 10:56:57 +0000 (10:56 +0000)]
Construct GraphicsContext with NonPaintingReasons::NoReason in FrameView::adjustPageHeightDeprecated()
https://bugs.webkit.org/show_bug.cgi?id=182235

Reviewed by Carlos Garcia Campos.

Pass the NonPaintingReasons::NoReason value to the GraphicsContext
constructor in FrameView::adjustPageHeightDeprecated(). This has the
same effect as when passing a null PlatformGraphicsContext to the
constructor, which effectively disables any painting through that
GraphicsContext, but doesn't have a platform-specific connotation.

No new tests -- no change in functionality.

* page/FrameView.cpp:
(WebCore::FrameView::adjustPageHeightDeprecated):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227727 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[Cairo] Remove the GraphicsContext(cairo_t*) constructor
zandobersek@gmail.com [Mon, 29 Jan 2018 10:56:09 +0000 (10:56 +0000)]
[Cairo] Remove the GraphicsContext(cairo_t*) constructor
https://bugs.webkit.org/show_bug.cgi?id=182234

Reviewed by Carlos Garcia Campos.

Source/WebCore:

Instead of using the GraphicsContext(cairo_t*) constructor, leverage the
GraphicsContextImplCairo class and work with an existing Cairo context
through that GraphicsContextImpl implementation.

A new GraphicsContextImplCairo constructor is added, expecting pointer
to the cairo_t object. With that, a PlatformContextCairo object is
created, with ownership of that object now being handled by the
GraphicsContextImplCairo class.

Call sites of the GraphicsContext(cairo_t*) constructor are adjusted to
instead provide a factory function that returns a fresh
GraphicsContextImplCairo object, passing that cairo_t object to its
constructor.

No new tests -- no change in behavior.

* platform/graphics/GraphicsContext.h:
* platform/graphics/cairo/GraphicsContextCairo.cpp:
(WebCore::GraphicsContext::GraphicsContext): Deleted.
* platform/graphics/cairo/GraphicsContextImplCairo.cpp:
(WebCore::GraphicsContextImplCairo::GraphicsContextImplCairo):
(WebCore::m_private):
* platform/graphics/cairo/GraphicsContextImplCairo.h:
* platform/graphics/cairo/PathCairo.cpp:
(WebCore::Path::strokeBoundingRect const):
(WebCore::Path::strokeContains const):
* platform/graphics/win/ImageCairoWin.cpp:
(WebCore::BitmapImage::getHBITMAPOfSize):

Source/WebKit:

Call sites of the GraphicsContext(cairo_t*) constructor are adjusted to
instead provide a factory function that returns a fresh
GraphicsContextImplCairo object, passing that cairo_t object to its
constructor.

* Shared/cairo/ShareableBitmapCairo.cpp:
(WebKit::ShareableBitmap::createGraphicsContext):
* UIProcess/cairo/BackingStoreCairo.cpp:
(WebKit::BackingStore::incorporateUpdate):
* WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp:
(WebKit::WebPrintOperationGtk::renderPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227726 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoJSC Sampling Profiler: Detect tester and testee when sampling in RegExp JIT
utatane.tea@gmail.com [Mon, 29 Jan 2018 10:43:13 +0000 (10:43 +0000)]
JSC Sampling Profiler: Detect tester and testee when sampling in RegExp JIT
https://bugs.webkit.org/show_bug.cgi?id=152729

Reviewed by Saam Barati.

JSTests:

* stress/sampling-profiler-regexp.js: Added.
(platformSupportsSamplingProfiler.test):
(platformSupportsSamplingProfiler.baz):
(platformSupportsSamplingProfiler):

Source/JavaScriptCore:

This patch extends SamplingProfiler to recognize JIT RegExp execution. We record
executing RegExp in VM so that SamplingProfiler can detect it. This is better
than the previous VM::isExecutingInRegExpJIT flag approach since

1. isExecutingInRegExpJIT is set after starting executing JIT RegExp code. Thus,
if we suspend the thread just before executing this flag, or just after clearing
this flag, SamplingProfiler gets invalid frame, and frame validation fails. We
should set such a flag before and after executing JIT RegExp code.

2. This removes VM dependency from YarrJIT which is not essential one.

We add ExecutionContext enum to RegExp::matchInline not to mark execution if it
is done in non JS thread.

* bytecode/BytecodeDumper.cpp:
(JSC::regexpName):
(JSC::BytecodeDumper<Block>::dumpRegExps):
(JSC::regexpToSourceString): Deleted.
* heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
* runtime/RegExp.cpp:
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::toSourceString const):
* runtime/RegExp.h:
* runtime/RegExpInlines.h:
(JSC::RegExp::matchInline):
* runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::SamplingProfiler):
(JSC::SamplingProfiler::timerLoop):
(JSC::SamplingProfiler::takeSample):
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::nameFromCallee):
(JSC::SamplingProfiler::StackFrame::displayName):
(JSC::SamplingProfiler::StackFrame::displayNameForJSONTests):
(JSC::SamplingProfiler::StackFrame::functionStartLine):
(JSC::SamplingProfiler::StackFrame::functionStartColumn):
(JSC::SamplingProfiler::StackFrame::sourceID):
(JSC::SamplingProfiler::StackFrame::url):
(WTF::printInternal):
(JSC::SamplingProfiler::~SamplingProfiler): Deleted.
* runtime/SamplingProfiler.h:
* runtime/VM.h:
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generateEnter):
(JSC::Yarr::YarrGenerator::generateReturn):
(JSC::Yarr::YarrGenerator::YarrGenerator):
(JSC::Yarr::jitCompile):
* yarr/YarrJIT.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227725 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed, add myself to some watch lists.
fred.wang@free.fr [Mon, 29 Jan 2018 10:20:32 +0000 (10:20 +0000)]
Unreviewed, add myself to some watch lists.

Patch by Frederic Wang <fwang@igalia.com> on 2018-01-29

* Scripts/webkitpy/common/config/watchlist:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227724 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[DFG][FTL] WeakMap#set should have DFG node
utatane.tea@gmail.com [Mon, 29 Jan 2018 09:25:35 +0000 (09:25 +0000)]
[DFG][FTL] WeakMap#set should have DFG node
https://bugs.webkit.org/show_bug.cgi?id=180015

Reviewed by Saam Barati.

JSTests:

* stress/weakmap-set-change-get.js: Added.
(shouldBe):
(test):
* stress/weakmap-set-cse.js: Added.
(shouldBe):
(test):
* stress/weakset-add-change-get.js: Added.
(shouldBe):
* stress/weakset-add-cse.js: Added.
(shouldBe):

Source/JavaScriptCore:

This patch adds WeakMapSet and WeakSetAdd DFG nodes to handle them efficiently in DFG and FTL.
We also define CSE rules for them. Now, WeakMapSet and WeakSetAdd can offer the results of
the subsequent WeakMapGet if CSE allows.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addVarArgChild):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
WeakMap operations do not cause GC.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileWeakSetAdd):
(JSC::DFG::SpeculativeJIT::compileWeakMapSet):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileWeakSetAdd):
(JSC::FTL::DFG::LowerDFGToB3::compileWeakMapSet):
* jit/JITOperations.h:
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* runtime/WeakMapPrototype.cpp:
(JSC::WeakMapPrototype::finishCreation):
* runtime/WeakSetPrototype.cpp:
(JSC::WeakSetPrototype::finishCreation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoOverflow of formulas is hidden for display mathematics
commit-queue@webkit.org [Mon, 29 Jan 2018 06:35:57 +0000 (06:35 +0000)]
Overflow of formulas is hidden for display mathematics
https://bugs.webkit.org/show_bug.cgi?id=160547

Patch by Minsheng Liu <lambda@liu.ms> on 2018-01-28
Reviewed by Frédéric Wang.

Source/WebCore:

Previously, <math> with display="block" uses its container's logical width as logical width.
However, that behavior will truncate overflowed contents. The patch fixes it by setting
the logical width as its content width rather than its container's logical width
if the former is wider than the latter.

Test: mathml/presentation/display-math-horizontal-overflow.html

* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::layoutBlock):

LayoutTests:

Add a test to ensure <math> with display="block" will not truncate overflowed contents.

* mathml/presentation/display-math-horizontal-overflow-expected.txt: Added.
* mathml/presentation/display-math-horizontal-overflow.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227722 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoLargeAllocation should do the same distancing as MarkedBlock
fpizlo@apple.com [Mon, 29 Jan 2018 05:08:13 +0000 (05:08 +0000)]
LargeAllocation should do the same distancing as MarkedBlock
https://bugs.webkit.org/show_bug.cgi?id=182226

Reviewed by Saam Barati.

This makes LargeAllocation do the same exact distancing that MarkedBlock promises to do.

To make that possible, this patch first makes MarkedBlock know exactly how much distancing it
is doing:

- I've rationalized the payloadSize calculation. In particular, I made MarkedSpace use the
  calculation done in MarkedBlock. MarkedSpace used to do the math a different way. This
  keeps the old way just for a static_assert.

- The promised amount of distancing is now codified in HeapCell.h as
  minimumDistanceBetweenCellsFromDifferentOrigins. We assert that the footer size is at least
  as big as this. I didn't want to just use footer size for this constant because then, if
  you increased the size of the footer, you'd also add padding to every large allocation.

Then this patch just adds minimumDistanceBetweenCellsFromDifferentOrigins to each large
allocation. It also zeroes that slice of memory to prevent any information leaks that way.

This is perf neutral. Large allocations start out at ~8000 bytes. The amount of padding is
~300 bytes. That's 3.75% space overhead for objects that are ~8000 bytes, zero overhead for
smaller objects, and diminishing overhead for larger objects. We allocate very few large
objects, so we shouldn't have any real space overhead from this.

* heap/HeapCell.h:
* heap/LargeAllocation.cpp:
(JSC::LargeAllocation::tryCreate):
* heap/MarkedBlock.h:
* heap/MarkedSpace.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227721 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed WPE gardening.
zandobersek@gmail.com [Sun, 28 Jan 2018 20:54:19 +0000 (20:54 +0000)]
Unreviewed WPE gardening.

* platform/wpe/TestExpectations: Add test failure expectations. Shuffle
around a few expectations and eliminate duplicate ones, removing overlap
warnings printed out when invoking run-webkit-tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed GTK+ gardening.
zandobersek@gmail.com [Sun, 28 Jan 2018 20:00:07 +0000 (20:00 +0000)]
Unreviewed GTK+ gardening.

* platform/gtk/TestExpectations: Add failure expectations for three tests.
* platform/gtk/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/errorhandling-expected.txt:
Added a test baseline due to console messages being output in a slightly different order.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227719 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake MarkedBlock::Footer bigger
fpizlo@apple.com [Sun, 28 Jan 2018 19:08:08 +0000 (19:08 +0000)]
Make MarkedBlock::Footer bigger
https://bugs.webkit.org/show_bug.cgi?id=182220

Reviewed by JF Bastien.

This makes the block footer larger by moving the newlyAllocated bits from the handle into
the footer.

It used to be profitable to put anything we could into the handle because that would free up
payload space inside the block. But now that we want to use the footer for padding, it's
profitable to put GC state information - especially data that is used by the GC itself and so
is not useful for a Spectre attack - into the footer to increase object distancing.

* heap/CellContainer.cpp:
(JSC::CellContainer::isNewlyAllocated const):
* heap/IsoCellSet.cpp:
(JSC::IsoCellSet::sweepToFreeList):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::Handle):
(JSC::MarkedBlock::Footer::Footer):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::aboutToMarkSlow):
(JSC::MarkedBlock::resetAllocated):
(JSC::MarkedBlock::Handle::resetAllocated): Deleted.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::newlyAllocatedVersion const):
(JSC::MarkedBlock::isNewlyAllocated):
(JSC::MarkedBlock::setNewlyAllocated):
(JSC::MarkedBlock::clearNewlyAllocated):
(JSC::MarkedBlock::newlyAllocated const):
(JSC::MarkedBlock::Handle::newlyAllocatedVersion const): Deleted.
(JSC::MarkedBlock::Handle::isNewlyAllocated): Deleted.
(JSC::MarkedBlock::Handle::setNewlyAllocated): Deleted.
(JSC::MarkedBlock::Handle::clearNewlyAllocated): Deleted.
(JSC::MarkedBlock::Handle::newlyAllocated const): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::isNewlyAllocatedStale const):
(JSC::MarkedBlock::hasAnyNewlyAllocated):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::newlyAllocatedMode):
(JSC::MarkedBlock::Handle::isNewlyAllocatedStale const): Deleted.
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated): Deleted.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::endMarking):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendJSCellOrAuxiliary):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227718 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMarkedBlock should have a footer instead of a header
fpizlo@apple.com [Sun, 28 Jan 2018 02:23:25 +0000 (02:23 +0000)]
MarkedBlock should have a footer instead of a header
https://bugs.webkit.org/show_bug.cgi?id=182217

Reviewed by JF Bastien.

This moves the MarkedBlock's meta-data from the header to the footer. This doesn't really
change anything except for some compile-time constants, so it should not affect performance.

This change is to help protect against Spectre attacks on structure checks, which allow for
small-offset out-of-bounds access. By putting the meta-data at the end of the block, small
OOBs will only get to other objects in the same block or the block footer. The block footer
is not super interesting. So, if we combine this with the TLC change (r227617), this means we
can use blocks as the mechanism of achieving distance between objects from different origins.
We just need to avoid ever putting objects from different origins in the same block. That's
what bug 181636 is about.

* heap/BlockDirectory.cpp:
(JSC::blockHeaderSize): Deleted.
(JSC::BlockDirectory::blockSizeForBytes): Deleted.
* heap/BlockDirectory.h:
* heap/HeapUtil.h:
(JSC::HeapUtil::findGCObjectPointersForMarking):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::~MarkedBlock):
(JSC::MarkedBlock::Footer::Footer):
(JSC::MarkedBlock::Footer::~Footer):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::aboutToMarkSlow):
(JSC::MarkedBlock::resetMarks):
(JSC::MarkedBlock::assertMarksNotStale):
(JSC::MarkedBlock::Handle::didConsumeFreeList):
(JSC::MarkedBlock::markCount):
(JSC::MarkedBlock::clearHasAnyMarked):
(JSC::MarkedBlock::Handle::didAddToDirectory):
(JSC::MarkedBlock::Handle::didRemoveFromDirectory):
(JSC::MarkedBlock::Handle::sweep):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::markingVersion const):
(JSC::MarkedBlock::lock):
(JSC::MarkedBlock::subspace const):
(JSC::MarkedBlock::footer):
(JSC::MarkedBlock::footer const):
(JSC::MarkedBlock::handle):
(JSC::MarkedBlock::handle const):
(JSC::MarkedBlock::Handle::blockFooter):
(JSC::MarkedBlock::isAtomAligned):
(JSC::MarkedBlock::Handle::cellAlign):
(JSC::MarkedBlock::blockFor):
(JSC::MarkedBlock::vm const):
(JSC::MarkedBlock::weakSet):
(JSC::MarkedBlock::cellSize):
(JSC::MarkedBlock::attributes const):
(JSC::MarkedBlock::atomNumber):
(JSC::MarkedBlock::areMarksStale):
(JSC::MarkedBlock::aboutToMark):
(JSC::MarkedBlock::isMarkedRaw):
(JSC::MarkedBlock::isMarked):
(JSC::MarkedBlock::testAndSetMarked):
(JSC::MarkedBlock::marks const):
(JSC::MarkedBlock::isAtom):
(JSC::MarkedBlock::Handle::forEachCell):
(JSC::MarkedBlock::hasAnyMarked const):
(JSC::MarkedBlock::noteMarked):
(WTF::MarkedBlockHash::hash):
(JSC::MarkedBlock::firstAtom): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::marksConveyLivenessDuringMarking):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::forEachLiveCell):
(JSC::MarkedBlock::Handle::forEachDeadCell):
(JSC::MarkedBlock::Handle::forEachMarkedCell):
* heap/MarkedSpace.cpp:
* heap/MarkedSpace.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227717 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDFG strength reduction fails to convert NumberToStringWithValidRadixConstant for...
utatane.tea@gmail.com [Sat, 27 Jan 2018 18:14:06 +0000 (18:14 +0000)]
DFG strength reduction fails to convert NumberToStringWithValidRadixConstant for 0 to constant '0'
https://bugs.webkit.org/show_bug.cgi?id=182213

Reviewed by Mark Lam.

JSTests:

* stress/int32-min-to-string.js: Added.
(shouldBe):
(test2):
(test4):
(test8):
(test16):
(test32):
* stress/zero-to-string.js: Added.
(shouldBe):
(test2):
(test4):
(test8):
(test16):
(test32):

Source/JavaScriptCore:

toStringWithRadixInternal is originally used for the slow path if the given value is larger than radix or negative.
As a result, it does not accept 0 correctly, and produces an empty string. Since DFGStrengthReductionPhase uses
this function, it accidentally converts NumberToStringWithValidRadixConstant(0, radix) to an empty string.
This patch fixes toStringWithRadixInternal to accept 0. This change fixes twitch.tv's issue.

We also add a careful cast to avoid `-INT32_MIN`. It does not produce incorrect value in x86 in practice,
but it is UB, and a compiler may assume that the given value is never INT32_MIN and could do an incorrect optimization.

* runtime/NumberPrototype.cpp:
(JSC::toStringWithRadixInternal):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227716 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoHaveInternalSDK includes should be "#include?"
mitz@apple.com [Sat, 27 Jan 2018 17:50:55 +0000 (17:50 +0000)]
HaveInternalSDK includes should be "#include?"
https://bugs.webkit.org/show_bug.cgi?id=179670

Source/ThirdParty:

* gtest/xcode/Config/General.xcconfig:

Source/ThirdParty/ANGLE:

* Configurations/Base.xcconfig:

Source/ThirdParty/libwebrtc:

* Configurations/Base.xcconfig:

Source/WebCore/PAL:

* Configurations/Base.xcconfig:

Source/WebKitLegacy/mac:

* Configurations/Base.xcconfig:

Tools:

* DumpRenderTree/mac/Configurations/Base.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227715 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[Web Animations] Distinguish between an omitted and a null timeline argument to the...
graouts@webkit.org [Sat, 27 Jan 2018 09:26:18 +0000 (09:26 +0000)]
[Web Animations] Distinguish between an omitted and a null timeline argument to the Animation constructor
https://bugs.webkit.org/show_bug.cgi?id=179065
LayoutTests/imported/w3c:

Reviewed by Dean Jackson.

Update WPT test output with progressions.

* web-platform-tests/web-animations/interfaces/Animation/constructor-expected.txt:
* web-platform-tests/web-animations/timing-model/animations/reversing-an-animation-expected.txt:
* web-platform-tests/web-animations/timing-model/animations/set-the-timeline-of-an-animation-expected.txt:

Source/WebCore:

<rdar://problem/36869046>

Reviewed by Dean Jackson.

The Web Animations specification requires that a missing or undefined "timeline" parameter means that the
document's timeline should be used, but a null value should be supported. To support this, we need to provide
a custom Animation constructor where we can check on the ExecState whether the second argument passed is
undefined, which is true if an explicit "undefined" value is passed or if the argument does not exist.

* Sources.txt: Add the new JSWebAnimationCustom.cpp file.
* WebCore.xcodeproj/project.pbxproj: Add the new JSWebAnimationCustom.cpp file.
* animation/WebAnimation.cpp:
(WebCore::WebAnimation::create): Add a create() variant that doesn't provide an AnimationTimeline parameter
to clearly indicate that the provided Document's timeline should be used.
* animation/WebAnimation.h:
* animation/WebAnimation.idl:
* bindings/js/JSWebAnimationCustom.cpp: Added.
(WebCore::constructJSWebAnimation): Provide a custom Animation constructor where we check whether the second
argument, the timeline, is undefined.
* dom/Element.cpp:
(WebCore::Element::animate): Use the new create() variant since passing "nullptr" now means a null timeline.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227714 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake accessibility/mac/selection-notification-focus-change.html more reliable and...
rniwa@webkit.org [Sat, 27 Jan 2018 06:26:09 +0000 (06:26 +0000)]
Make accessibility/mac/selection-notification-focus-change.html more reliable and re-enable it
https://bugs.webkit.org/show_bug.cgi?id=182198
<rdar://problem/36930258>

Reviewed by Tim Horton.

Refactored the test by splitting each test case into its own function split by setTimeout by zero seconds
instead of triggering the next test case when receiving a specific notification to make the test more robust.

Also moved functions which trigger the focus move into evalAndLog so that they appear in the expected result,
and added more logging to make the debugging of the test easier.

Finally, added WebKit2 specific expected result because it has one extra test failure compared to WebKit1.

* accessibility/mac/selection-notification-focus-change-expected.txt:
* accessibility/mac/selection-notification-focus-change.html:
* platform/mac-wk2/accessibility/mac: Added.
* platform/mac-wk2/accessibility/mac/selection-notification-focus-change-expected.txt: Added.
* platform/mac/TestExpectations: Removed the flaky test failure expectation since this test should now have
the same expected result everywhere on macOS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227713 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoLayout Test http/wpt/beacon/beacon-async-error-logging.html is flaky
cdumez@apple.com [Sat, 27 Jan 2018 04:26:11 +0000 (04:26 +0000)]
Layout Test http/wpt/beacon/beacon-async-error-logging.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=182184
<rdar://problem/36929478>

Reviewed by Youenn Fablet.

Stop relying on a setTimeout(500) to end the test. Instead rely on the
internals.setConsoleMessageListener() API to wait for the console message
we are expecting.

* http/wpt/beacon/beacon-async-error-logging.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227712 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUse the standard -webkit-autofill color on iOS
rmondello@apple.com [Sat, 27 Jan 2018 03:32:57 +0000 (03:32 +0000)]
Use the standard -webkit-autofill color on iOS
https://bugs.webkit.org/show_bug.cgi?id=182182

Reviewed by Tim Horton.

Source/WebCore:

* css/html.css:
(input:-webkit-autofill, input:-webkit-autofill-strong-password):

LayoutTests:

Update test expectations.

* platform/ios/fast/forms/auto-fill-button/input-strong-confirmation-password-auto-fill-button-expected.txt:
* platform/ios/fast/forms/auto-fill-button/input-strong-password-auto-fill-button-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227711 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDon't retain focus for input peripheral views
megan_gardner@apple.com [Sat, 27 Jan 2018 02:13:48 +0000 (02:13 +0000)]
Don't retain focus for input peripheral views
https://bugs.webkit.org/show_bug.cgi?id=182204

Reviewed by Tim Horton.

Source/WebKit:

Retaining focus on input peripheral views makes it so they cannot dismiss themselves with
the current architecture. This should probably be fixed in UIKit, as there is no reason for
focus to be retained on these views anyways, as they don't have keyboard input, but this
guards against over-aggressive retain requests.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _restoreFocusWithToken:]):
(-[WKContentView _preserveFocusWithToken:destructively:]):

LayoutTests:

Fixed a spelling error while fixing a bug this test caught.

* fast/forms/ios/ipad/unfocus-inside-fixed-hittest.html:
* fast/forms/ios/ipad/unfocus-inside-fixed-hittest-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227710 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake sure service worker code does not launch a StorageProcess unnecessarily
cdumez@apple.com [Sat, 27 Jan 2018 01:49:11 +0000 (01:49 +0000)]
Make sure service worker code does not launch a StorageProcess unnecessarily
https://bugs.webkit.org/show_bug.cgi?id=182192
<rdar://problem/36927427>

Reviewed by Geoffrey Garen.

Source/WebKit:

When calling WebProcess::existingWebToStorageProcessConnection(), make sure we do not
force the creation of a WebProcess connection to the StorageProcess. If there is
no WebProcess, just return false right away.

* WebProcess/Storage/WebServiceWorkerProvider.cpp:
(WebKit::WebServiceWorkerProvider::existingServiceWorkerConnectionForSession):
* WebProcess/WebProcess.h:

Tools:

Add API test coverage.

* TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227709 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoLayout Test imported/w3c/web-platform-tests/service-workers/service-worker/appcache...
commit-queue@webkit.org [Sat, 27 Jan 2018 01:43:33 +0000 (01:43 +0000)]
Layout Test imported/w3c/web-platform-tests/service-workers/service-worker/appcache-ordering-main.https.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=182176
<rdar://problem/36915685>

Unreviewed.

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-26

* TestExpectations: Skiping test for now.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227708 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: Timelines content browser NavigationBar is squashed at narrow heights
mattbaker@apple.com [Sat, 27 Jan 2018 01:36:36 +0000 (01:36 +0000)]
Web Inspector: Timelines content browser NavigationBar is squashed at narrow heights
https://bugs.webkit.org/show_bug.cgi?id=182196
<rdar://problem/36929899>

Reviewed by Joseph Pecoraro.

* UserInterface/Views/NavigationBar.css:
(.navigation-bar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMark imported/blink/fast/text/international-iteration-simple-text.html as flaky.
ryanhaddad@apple.com [Sat, 27 Jan 2018 01:35:47 +0000 (01:35 +0000)]
Mark imported/blink/fast/text/international-iteration-simple-text.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=179853

Unreviewed test gardening.

* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: TabBar redesign: improvements to tab layout and resize behavior
mattbaker@apple.com [Sat, 27 Jan 2018 00:49:10 +0000 (00:49 +0000)]
Web Inspector: TabBar redesign: improvements to tab layout and resize behavior
https://bugs.webkit.org/show_bug.cgi?id=181468
<rdar://problem/36395439>

Reviewed by Devin Rousso.

* Localizations/en.lproj/localizedStrings.js:

* UserInterface/Images/TabPicker.svg: Added.
New ">>" icon for the tab picker button.

* UserInterface/Views/CanvasTabContentView.js:
(WI.CanvasTabContentView):
* UserInterface/Views/ConsoleTabContentView.js:
(WI.ConsoleTabContentView):
* UserInterface/Views/DebuggerTabContentView.js:
(WI.DebuggerTabContentView):
* UserInterface/Views/ElementsTabContentView.js:
(WI.ElementsTabContentView):

* UserInterface/Views/GeneralTabBarItem.js:
(WI.GeneralTabBarItem):
(WI.GeneralTabBarItem.fromTabContentViewConstructor):
(WI.GeneralTabBarItem.prototype.get title):
Add missing override for getter/setter pair.
(WI.GeneralTabBarItem.prototype.set title):
(WI.GeneralTabBarItem.prototype._handleContextMenuEvent):
Show the close button on ephemeral tabs only (Search, New Tab).
Replace unused `representedObject` parameter with `isEphemeral`, which
determines whether to show a close button for the tab.

* UserInterface/Views/LayersTabContentView.js:
(WI.LayersTabContentView):

* UserInterface/Views/NavigationBar.js:
Remove unused symbol.

* UserInterface/Views/NetworkTabContentView.js:
(WI.NetworkTabContentView):
* UserInterface/Views/NewTabContentView.js:
(WI.NewTabContentView):

* UserInterface/Views/PinnedTabBarItem.js:
(WI.PinnedTabBarItem):
Remove unused parameter.

* UserInterface/Views/ResourcesTabContentView.js:
(WI.ResourcesTabContentView):
* UserInterface/Views/SearchTabContentView.js:
(WI.SearchTabContentView):
* UserInterface/Views/StorageTabContentView.js:
(WI.StorageTabContentView):

* UserInterface/Views/TabBar.css:
(.tab-bar > .item):
(.tab-bar.calculate-width > .item):
(.tab-bar > .item.pinned.tab-picker):
(.tab-bar > .item > .close):
(.tab-bar > .item > .title):
(.tab-bar:not(.collapsed) > .item > .title):
(.tab-bar.collapsed > .item:not(.pinned) > .icon):
(.tab-bar > .item:hover > .close):
(.tab-bar.collapsed > .item:hover > .close):
(.tab-bar:not(.collapsed) > .item.ephemeral:hover > .icon):
(.tab-bar.collapsed > .item.ephemeral:hover > .title):
(body[dir=ltr] .tab-bar > .item > .close): Deleted.
(body[dir=rtl] .tab-bar > .item > .close): Deleted.
(.tab-bar > .item > .flex-space): Deleted.
(.tab-bar > .item:not(.pinned) > .flex-space:last-child): Deleted.
(body[dir=ltr] .tab-bar > .item:not(.pinned) > .flex-space:last-child): Deleted.
(body[dir=rtl] .tab-bar > .item:not(.pinned) > .flex-space:last-child): Deleted.
(body[dir=ltr] .tab-bar > .item > .title): Deleted.
(body[dir=rtl] .tab-bar > .item > .title): Deleted.
(.tab-bar.collapsed > .item): Deleted.
(.tab-bar.collapsed > .item > .flex-space): Deleted.
(.tab-bar.collapsed > .item > .close): Deleted.
(body[dir=ltr] .tab-bar.collapsed > .item > .close): Deleted.
(body[dir=rtl] .tab-bar.collapsed > .item > .close): Deleted.
(.tab-bar.hide-titles > .item > .title): Deleted.
(.tab-bar.collapsed:not(.hide-titles) > .item:not(.pinned):hover > .icon,): Deleted.
(.tab-bar.collapsed:not(.hide-titles) > .item:hover > .close,): Deleted.
Clean up tab styles and prevent tabs from shrinking during flex layout.
Added new `calculate-width` class, to disable flex layout when measuring
the minimum width of the TabBar required to fit all tab items.

* UserInterface/Views/TabBar.js:
(WI.TabBar):
(WI.TabBar.prototype.set selectedTabBarItem):
(WI.TabBar.prototype.layout.forceItemHidden):
(WI.TabBar.prototype.layout):
Perform two layout passes, similar to NavigationBar. The first pass disables
flex layout and measures tab items at full size. If the bar isn't wide enough
to show all the tabs, hide their icons and measure again. If there still isn't
room, hide tabs starting from the end of the bar and display the tab picker.

(WI.TabBar.prototype._handleMouseDown):
(WI.TabBar.prototype._handleTabPickerTabContextMenu):

* UserInterface/Views/TabBarItem.js:
(WI.TabBarItem):

* UserInterface/Views/TimelineTabContentView.js:
(WI.TimelineTabContentView):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227703 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSION (r222961): Clear function not clearing whole screen when antialias is...
dino@apple.com [Sat, 27 Jan 2018 00:45:43 +0000 (00:45 +0000)]
REGRESSION (r222961): Clear function not clearing whole screen when antialias is set to false
https://bugs.webkit.org/show_bug.cgi?id=179368
<rdar://problem/36111549>

Reviewed by Sam Weinig.

When we changed from using a CAOpenGLLayer to a regular CALayer, we should
have also swapped the "opaque" property to "contentsOpaque".

Covered by the existing test: fast/canvas/webgl/context-attributes-alpha.html
(when run on some hardware!)

* platform/graphics/cocoa/WebGLLayer.mm:
(-[WebGLLayer initWithGraphicsContext3D:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227702 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAdd infrastructure for pointer preparation.
mark.lam@apple.com [Sat, 27 Jan 2018 00:43:27 +0000 (00:43 +0000)]
Add infrastructure for pointer preparation.
https://bugs.webkit.org/show_bug.cgi?id=182191
<rdar://problem/36889194>

Reviewed by JF Bastien.

Source/WebCore:

No new tests because this patch does not introduce any behavior change.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSInterfaceName.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSMapLike.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestCallTracer.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestException.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestPluginInterface.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestSerialization.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifier.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
(WebCore::toJSNewlyCreated):
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
(WebCore::toJSNewlyCreated):

Source/WTF:

* WTF.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:
* wtf/PointerPreparations.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227701 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoFix emitAllocateWithNonNullAllocator to work on arm
sbarati@apple.com [Sat, 27 Jan 2018 00:05:16 +0000 (00:05 +0000)]
Fix emitAllocateWithNonNullAllocator to work on arm
https://bugs.webkit.org/show_bug.cgi?id=182187
<rdar://problem/36906550>

Reviewed by Filip Pizlo.

This patch unifies the x86 and ARM paths in emitAllocateWithNonNullAllocator
and makes it so that emitAllocateWithNonNullAllocator uses the macro scratch
register on ARM.

* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDisable VCP for MacOS
commit-queue@webkit.org [Fri, 26 Jan 2018 22:37:24 +0000 (22:37 +0000)]
Disable VCP for MacOS
https://bugs.webkit.org/show_bug.cgi?id=182183
<rdar://problem/36919791>

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-26
Reviewed by Eric Carlson.

* Source/webrtc/sdk/objc/Framework/Classes/VideoProcessing/VideoProcessingSoftLink.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227698 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement...
simon.fraser@apple.com [Fri, 26 Jan 2018 22:36:39 +0000 (22:36 +0000)]
REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
https://bugs.webkit.org/show_bug.cgi?id=182185
rdar://problem/36836262

Reviewed by Zalan Bujtas.

Document::absoluteRegionForEventTargets() can fire when layout is dirty, and SVGPathElement's path() can be null if it
hasn't been laid out yet. So protect against a null path in getBBox().

Not easily testable because internals.nonFastScrollableRects() forces layout, and the crash depends on the timing of
absoluteRegionForEventTargets().

* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::getBBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227697 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoOfflined content does not work for apps on home screen
cdumez@apple.com [Fri, 26 Jan 2018 22:11:06 +0000 (22:11 +0000)]
Offlined content does not work for apps on home screen
https://bugs.webkit.org/show_bug.cgi?id=182070
<rdar://problem/36843906>

Reviewed by Youenn Fablet.

Source/WebCore:

Already registered service workers were unable to intercept the very first
load because registration matching was happening after the registration
was loaded from disk, but *before* its active worker was populated.

We now initialize the registrations' active worker as soon as we load
them from disk. We do not necessarily have a SW Context process connection
identifier yet at this point so I made it optional on the SWServerWorker.
This identifier gets set on the SWServerWorker when the worker is actually
launched and gets cleared when the SWServerWorker gets terminated.

Covered by new API test.

* workers/service/server/SWServer.cpp:
(WebCore::SWServer::addRegistrationFromStore):
(WebCore::SWServer::installContextData):
(WebCore::SWServer::terminateWorkerInternal):
(WebCore::SWServer::workerContextTerminated):
(WebCore::SWServer::fireInstallEvent):
(WebCore::SWServer::fireActivateEvent):
* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::SWServerWorker):
* workers/service/server/SWServerWorker.h:
(WebCore::SWServerWorker::contextConnectionIdentifier const):
(WebCore::SWServerWorker::setContextConnectionIdentifier):

Tools:

Add API test coverage to make sure an already registered service worker is able to intercept
the very first load.

* TestWebKitAPI/Tests/WebKitCocoa/ServiceWorkerBasic.mm:
(-[SWMessageHandlerWithExpectedMessage userContentController:didReceiveScriptMessage:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227696 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoRebaselining builtin generator tests after r227685.
joepeck@webkit.org [Fri, 26 Jan 2018 21:23:31 +0000 (21:23 +0000)]
Rebaselining builtin generator tests after r227685.

Unreviewed.

* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
* Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
* Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
* Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:
It used to be that the builtins generator was minifying by default. That was an accident
and we now only minify on Release builds. The generator tests are now getting the
default unminified output behavior so they need to update their expectations
for some extra whitespace.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227693 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWe should only append ParserArenaDeletable pointers to ParserArena::m_deletableObjects.
mark.lam@apple.com [Fri, 26 Jan 2018 21:14:17 +0000 (21:14 +0000)]
We should only append ParserArenaDeletable pointers to ParserArena::m_deletableObjects.
https://bugs.webkit.org/show_bug.cgi?id=182180
<rdar://problem/36460697>

Reviewed by Michael Saboff.

Some parser Node subclasses extend ParserArenaDeletable via multiple inheritance,
but not as the Node's first base class.  ParserArena::m_deletableObjects is
expecting pointers to objects of the shape of ParserArenaDeletable.  We ensure
this by allocating the Node subclass, and casting it to ParserArenaDeletable to
get the correct pointer to append to ParserArena::m_deletableObjects.

To simplify things, we introduce a JSC_MAKE_PARSER_ARENA_DELETABLE_ALLOCATED
(analogous to WTF_MAKE_FAST_ALLOCATED) for use in Node subclasses that extends
ParserArenaDeletable.

* parser/NodeConstructors.h:
(JSC::ParserArenaDeletable::operator new):
* parser/Nodes.h:
* parser/ParserArena.h:
(JSC::ParserArena::allocateDeletable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAddressing post-review comments after r226614
commit-queue@webkit.org [Fri, 26 Jan 2018 20:55:36 +0000 (20:55 +0000)]
Addressing post-review comments after r226614
https://bugs.webkit.org/show_bug.cgi?id=182151

Patch by Chris Nardi <cnardi@chromium.org> on 2018-01-26
Reviewed by Myles C. Maxfield.

PerformanceTests:

* StitchMarker/wtf/text/StringImpl.h:
(WTF::isSpaceOrNewline):
* StitchMarker/wtf/text/TextBreakIterator.cpp:
(WTF::numCodeUnitsInGraphemeClusters):
* StitchMarker/wtf/text/TextBreakIterator.h:

Source/WebCore:

* html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::sanitizeUserInputValue):
* html/TextFieldInputType.cpp:
(WebCore::limitLength):
* platform/LocalizedStrings.cpp:
(WebCore::truncatedStringForLookupMenuItem):
* rendering/updating/RenderTreeBuilderFirstLetter.cpp:
(WebCore::RenderTreeBuilder::FirstLetter::createRenderers):

Source/WTF:

* wtf/text/StringImpl.h:
(WTF::isSpaceOrNewline):
* wtf/text/TextBreakIterator.cpp:
(WTF::numCodeUnitsInGraphemeClusters):
* wtf/text/TextBreakIterator.h:

Tools:

* TestWebKitAPI/Tests/WTF/TextBreakIterator.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227691 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAllow cellular access for default-created ephemeral sessions
achristensen@apple.com [Fri, 26 Jan 2018 20:15:02 +0000 (20:15 +0000)]
Allow cellular access for default-created ephemeral sessions
https://bugs.webkit.org/show_bug.cgi?id=182179
<rdar://problem/36572023>

Reviewed by Andy Estes.

This makes it so when we recover from a NetworkProcess crash (see r227590) on iOS, we will
be able to continue browsing using cell data.

* Shared/WebsiteDataStoreParameters.cpp:
(WebKit::WebsiteDataStoreParameters::privateSessionParameters):
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::pageBeginUsingWebsiteDataStore):
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::setPrivateBrowsingEnabled):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227687 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[iOS] prefers-reduced-motion media query is not working
commit-queue@webkit.org [Fri, 26 Jan 2018 19:39:37 +0000 (19:39 +0000)]
[iOS] prefers-reduced-motion media query is not working
https://bugs.webkit.org/show_bug.cgi?id=182169
<rdar://problem/36801631>

Patch by Antoine Quint <graouts@apple.com> on 2018-01-26
Reviewed by Dean Jackson.

The code that would eventually query UIKit for the system setting was not run since USE(NEW_THEME) is off on iOS.
Adding a PLATFORM(IOS) flag here allows the code to run.

* css/MediaQueryEvaluator.cpp:
(WebCore::prefersReducedMotionEvaluate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227686 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoJavaScriptCore builtins should be partially minified in Release builds not Debug...
commit-queue@webkit.org [Fri, 26 Jan 2018 19:32:05 +0000 (19:32 +0000)]
JavaScriptCore builtins should be partially minified in Release builds not Debug builds
https://bugs.webkit.org/show_bug.cgi?id=182165

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-26
Reviewed by Keith Miller.

* Scripts/builtins/builtins_model.py:
(BuiltinFunction.fromString):
Apply minifications on Release builds instead of Debug builds.
Also eliminate leading whitespace.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227685 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoFix style - need to use C comments.
fpizlo@apple.com [Fri, 26 Jan 2018 18:52:25 +0000 (18:52 +0000)]
Fix style - need to use C comments.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227684 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDisable TLS-based TLCs
fpizlo@apple.com [Fri, 26 Jan 2018 18:42:52 +0000 (18:42 +0000)]
Disable TLS-based TLCs
https://bugs.webkit.org/show_bug.cgi?id=182175

Reviewed by Saam Barati.

Source/JavaScriptCore:

Check for the new USE(FAST_TLS_FOR_TLC) flag instead of just ENABLE(FAST_TLS_JIT).

* heap/BlockDirectory.cpp:
(JSC::BlockDirectory::~BlockDirectory):
* heap/BlockDirectory.h:
* heap/ThreadLocalCache.cpp:
(JSC::ThreadLocalCache::installSlow):
(JSC::ThreadLocalCache::installData):
* heap/ThreadLocalCache.h:
* heap/ThreadLocalCacheInlines.h:
(JSC::ThreadLocalCache::getImpl):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
* runtime/VM.cpp:
(JSC::VM::~VM):
* runtime/VM.h:

Source/WTF:

Add a flag for TLS-based TLCs and set it to 0. We can re-enable this feature when we need to use TLCs for
actual thread-local allocation and when we fix the fact that WebCore context switches JSC VMs without telling
us.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227683 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoClean up more networking code
achristensen@apple.com [Fri, 26 Jan 2018 18:36:32 +0000 (18:36 +0000)]
Clean up more networking code
https://bugs.webkit.org/show_bug.cgi?id=182161

Reviewed by Anders Carlsson.

Two cleanups:
1. The WebProcess doesn't need to initialize NetworkSessions.
2. WebFrameNetworkingContext doesn't need to have the NetworkingContext functions to support ResourceHandles in WebKit any more.

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
* NetworkProcess/NetworkLoad.h:
* NetworkProcess/RemoteNetworkingContext.h:
(): Deleted.
* NetworkProcess/cocoa/NetworkProcessCocoa.mm:
* NetworkProcess/curl/RemoteNetworkingContextCurl.cpp:
(WebKit::RemoteNetworkingContext::~RemoteNetworkingContext): Deleted.
(WebKit::RemoteNetworkingContext::isValid const): Deleted.
(WebKit::RemoteNetworkingContext::storageSession const): Deleted.
* NetworkProcess/mac/RemoteNetworkingContext.mm:
(WebKit::RemoteNetworkingContext::~RemoteNetworkingContext): Deleted.
(WebKit::RemoteNetworkingContext::isValid const): Deleted.
(WebKit::RemoteNetworkingContext::localFileContentSniffingEnabled const): Deleted.
(WebKit::RemoteNetworkingContext::storageSession const): Deleted.
(WebKit::RemoteNetworkingContext::sourceApplicationAuditData const): Deleted.
(WebKit::RemoteNetworkingContext::sourceApplicationIdentifier const): Deleted.
(WebKit::RemoteNetworkingContext::blockedError const): Deleted.
* NetworkProcess/soup/RemoteNetworkingContextSoup.cpp:
(WebKit::RemoteNetworkingContext::~RemoteNetworkingContext): Deleted.
(WebKit::RemoteNetworkingContext::isValid const): Deleted.
(WebKit::RemoteNetworkingContext::storageSession const): Deleted.
* WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:
(WebKit::WebFrameNetworkingContext::ensureWebsiteDataStoreSession):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
(WebKit::WebProcess::clearCachedCredentials):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227682 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoCSP post checks should be done for service worker responses
commit-queue@webkit.org [Fri, 26 Jan 2018 17:36:47 +0000 (17:36 +0000)]
CSP post checks should be done for service worker responses
https://bugs.webkit.org/show_bug.cgi?id=182160

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-26
Reviewed by Daniel Bates.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/fetch-csp.https-expected.txt:

Source/WebCore:

Covered by updated test.

Add security checks when receiving a service worker response.

* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didReceiveResponse):
* loader/cache/CachedResourceLoader.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227680 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed, rolling out r224920.
pvollan@apple.com [Fri, 26 Jan 2018 16:53:49 +0000 (16:53 +0000)]
Unreviewed, rolling out r224920.

Some Win EWS bots are not coming back up after starting reboot.

* EWSTools/start-queue-win.sh:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227679 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[Win] Update test expectations.
pvollan@apple.com [Fri, 26 Jan 2018 16:49:30 +0000 (16:49 +0000)]
[Win] Update test expectations.

Unreviewed test gardening.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227678 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebDriver: simplify the tests json report
carlosgc@webkit.org [Fri, 26 Jan 2018 16:48:04 +0000 (16:48 +0000)]
WebDriver: simplify the tests json report
https://bugs.webkit.org/show_bug.cgi?id=182171

Reviewed by Carlos Alberto Lopez Perez.

We are duplicating the test name in every subtest name. WPT already changed the format to remove the test name
form the subtest name. We should do the same for simplicity and compatibility with WPT.

* Scripts/webkitpy/webdriver_tests/webdriver_test_runner.py:
(WebDriverTestRunner.dump_results_to_json_file):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[css-multicol] Support percentages in column-gap
rego@igalia.com [Fri, 26 Jan 2018 14:57:47 +0000 (14:57 +0000)]
[css-multicol] Support percentages in column-gap
https://bugs.webkit.org/show_bug.cgi?id=182004

Reviewed by Javier Fernandez.

LayoutTests/imported/w3c:

New expected results for a few tests that are passing now.
One is the test for this specific patch, the other are tests related to animations
of "normal" and initial value, that were fixed with the introduction of GapLength.

* web-platform-tests/css/css-multicol/multicol-gap-animation-002-expected.txt:
* web-platform-tests/css/css-multicol/multicol-gap-animation-003-expected.txt:
* web-platform-tests/css/css-multicol/multicol-gap-percentage-001-expected.txt:

Source/WebCore:

This patch adds percentage support to column-gap property.

Most of the changes are related to the parsing logic,
the column-gap property now accepts both length and percentages,
on top of the "normal" initial value.
A new utility class GapLength has been added, as it'll be useful
to implement row-gap in the future.

Apart from that the muticolumn layout code has been modified
to resolve the percentage gaps (treating them as zero while computing
preferred widths) and resolving them during layout.
This doesn't follow the current text on the spec, but there is an
ongoing discussion that might cause the text is changed:
https://github.com/w3c/csswg-drafts/issues/509#issuecomment-355242101
We could update the implementation once we have a definitive answer
from the CSS WG.

Test: web-platform-tests/css/css-multicol/multicol-gap-percentage-001.html

* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):
* css/CSSProperties.json:
* css/StyleBuilderConverter.h:
(WebCore::StyleBuilderConverter::convertGapLength):
* css/StyleBuilderCustom.h:
(WebCore::forwardInheritedValue):
* css/parser/CSSPropertyParser.cpp:
(WebCore::consumeGapLength):
(WebCore::CSSPropertyParser::parseSingleValue):
* page/FrameView.cpp:
(WebCore::FrameView::applyPaginationToViewport):
* page/animation/CSSPropertyAnimation.cpp:
(WebCore::blendFunc):
(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::columnGap const):
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::columnGap const):
* rendering/style/GapLength.cpp: Added.
(WebCore::operator<<):
* rendering/style/GapLength.h: Added.
(WebCore::GapLength::GapLength):
(WebCore::GapLength::isNormal const):
(WebCore::GapLength::length const):
(WebCore::GapLength::operator== const):
* rendering/style/RenderStyle.h:
(WebCore::RenderStyle::columnGap const):
(WebCore::RenderStyle::setColumnGap):
(WebCore::RenderStyle::initialColumnGap):
* rendering/style/StyleMultiColData.cpp:
(WebCore::StyleMultiColData::StyleMultiColData):
(WebCore::StyleMultiColData::operator== const):
* rendering/style/StyleMultiColData.h:
* style/StyleResolveForDocument.cpp:
(WebCore::Style::resolveForDocument):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227676 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[GTK] Support using long-tap gesture to open context menu
commit-queue@webkit.org [Fri, 26 Jan 2018 14:52:26 +0000 (14:52 +0000)]
[GTK] Support using long-tap gesture to open context menu
https://bugs.webkit.org/show_bug.cgi?id=140747

Patch by Jan-Michael Brummer <jan.brummer@tabos.org> on 2018-01-26
Reviewed by Carlos Garcia Campos.

Add long press gesture which simulates a secondary mouse press to open context menu.

* UIProcess/gtk/GestureController.cpp:
(WebKit::GestureController::GestureController):
(WebKit::GestureController::handleEvent):
(WebKit::GestureController::isProcessingGestures const):
(WebKit::GestureController::Gesture::simulateMousePress):
(WebKit::GestureController::DragGesture::handleTap):
(WebKit::GestureController::LongPressGesture::longPressed):
(WebKit::GestureController::LongPressGesture::pressed):
(WebKit::GestureController::LongPressGesture::LongPressGesture):
* UIProcess/gtk/GestureController.h:
(WebKit::GestureController::reset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227675 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebDriver: service hangs after a browser crash
carlosgc@webkit.org [Fri, 26 Jan 2018 13:20:11 +0000 (13:20 +0000)]
WebDriver: service hangs after a browser crash
https://bugs.webkit.org/show_bug.cgi?id=182170

Reviewed by Carlos Alberto Lopez Perez.

This is currently happening in the GTK+ debug bot. There's a test that makes the browser crash due to an assert,
hanging the whole process and preventing the rest of the tests from running. When the browser crashes, we
correctly handle the pending requests, by completing them with an error. However, if the client tries to send
another command we fail to send the message to the browser and the reply is never sent to the client. In the
case of the tests, delete session command is sent, but never gets a reply.

* Session.cpp:
(WebDriver::Session::isConnected const): Return whether the session is connected to the browser.
* Session.h:
* SessionHost.cpp:
(WebDriver::SessionHost::sendCommandToBackend): Pass the message ID to SessionHost::sendMessageToBackend().
* SessionHost.h:
* WebDriverService.cpp:
(WebDriver::WebDriverService::deleteSession): Ignore unknown errors if the session is no longer connected.
* glib/SessionHostGlib.cpp:
(WebDriver::SessionHost::sendMessageToBackend): Handle errors when sending the command by completing the request
with an error.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227674 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoRemove unused RenderFragmentedFlow::createFragmentedFlowStyle.
emilio@crisal.io [Fri, 26 Jan 2018 10:46:38 +0000 (10:46 +0000)]
Remove unused RenderFragmentedFlow::createFragmentedFlowStyle.
https://bugs.webkit.org/show_bug.cgi?id=182138

Reviewed by Manuel Rego Casasnovas.

Has no callers.

No new tests, just removes unused code so no behavior change.

* rendering/RenderFragmentedFlow.cpp:
* rendering/RenderFragmentedFlow.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227673 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoRemove useless RenderBlockFlow overrides.
emilio@crisal.io [Fri, 26 Jan 2018 10:45:39 +0000 (10:45 +0000)]
Remove useless RenderBlockFlow overrides.
https://bugs.webkit.org/show_bug.cgi?id=182139

Reviewed by Manuel Rego Casasnovas.

I think these are leftovers from the CSS regions removal, looking at
blame.

No new tests, no behavior change.

* rendering/RenderBlockFlow.cpp:
* rendering/RenderBlockFlow.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227672 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebDriver: timeouts value and cookie expiry should be limited to max safe integer
carlosgc@webkit.org [Fri, 26 Jan 2018 09:50:58 +0000 (09:50 +0000)]
WebDriver: timeouts value and cookie expiry should be limited to max safe integer
https://bugs.webkit.org/show_bug.cgi?id=182167

Reviewed by Žan Doberšek.

This changed recently in the spec, but our implementation was wrong in any case since we were limiting to
INT_MAX. Use valueAsNumberInRange() to ensure we get a valid double value in the given range, and then convert
to unsigned if it's a valid integer.

Fixes: imported/w3c/webdriver/tests/sessions/new_session/create_firstMatch.py::test_valid[timeouts-value10]
       imported/w3c/webdriver/tests/sessions/new_session/create_alwaysMatch.py::test_valid[timeouts-value10]

* Session.h:
* WebDriverService.cpp:
(WebDriver::valueAsNumberInRange):
(WebDriver::unsignedValue):
(WebDriver::deserializeTimeouts):
(WebDriver::deserializeCookie):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227671 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed. REGRESSION(r227647): window.open() is broken in GTK and WPE after r227647.
carlosgc@webkit.org [Fri, 26 Jan 2018 09:18:23 +0000 (09:18 +0000)]
Unreviewed. REGRESSION(r227647): window.open() is broken in GTK and WPE after r227647.

In r227647, API::UIClient::createNewPage() was changed to use CompletionHandler instead of Function. All
implementations were updated expect the GLib one, and we didn't notice it because the method doesn't have the
final/override mark.

* UIProcess/API/glib/WebKitUIClient.cpp:
(UIClient::createNewPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227670 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[WebVR] Make WebVR available by default for developer builds
svillar@igalia.com [Fri, 26 Jan 2018 08:54:17 +0000 (08:54 +0000)]
[WebVR] Make WebVR available by default for developer builds
https://bugs.webkit.org/show_bug.cgi?id=182101

Reviewed by Michael Catanzaro.

Moved WebVR setting to the experimental features section and make it
available by default for developer builds for GTK and WPE.

* Shared/WebPreferences.yaml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227669 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed. Update W3C WebDriver imported tests.
carlosgc@webkit.org [Fri, 26 Jan 2018 08:51:55 +0000 (08:51 +0000)]
Unreviewed. Update W3C WebDriver imported tests.

* imported/w3c/importer.json:
* imported/w3c/tools/wptrunner/wptrunner/executors/executormarionette.py:
* imported/w3c/tools/wptrunner/wptrunner/executors/pytestrunner/runner.py:
* imported/w3c/webdriver/tests/element_click/select.py:
* imported/w3c/webdriver/tests/interaction/element_clear.py:
* imported/w3c/webdriver/tests/sessions/new_session/support/create.py:
* imported/w3c/webdriver/tests/state/get_element_attribute.py:
* imported/w3c/webdriver/tests/state/get_element_property.py:
* imported/w3c/webdriver/tests/state/get_element_tag_name.py:
* imported/w3c/webdriver/tests/state/is_element_selected.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227668 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: Network Table: Sort indicator is not displayed when sorted column...
commit-queue@webkit.org [Fri, 26 Jan 2018 05:30:29 +0000 (05:30 +0000)]
Web Inspector: Network Table: Sort indicator is not displayed when sorted column is hidden and re-shown
https://bugs.webkit.org/show_bug.cgi?id=182164
<rdar://problem/36892619>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-25
Reviewed by Brian Burg.

* UserInterface/Views/Table.js:
(WI.Table.prototype.showColumn):
Re-add the sort classes if the column being shown is the active sort column.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227667 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: Network - Cookies view should behave better at narrow widths, all...
commit-queue@webkit.org [Fri, 26 Jan 2018 05:22:24 +0000 (05:22 +0000)]
Web Inspector: Network - Cookies view should behave better at narrow widths, all data is hidden
https://bugs.webkit.org/show_bug.cgi?id=182163
<rdar://problem/36893241>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-25
Reviewed by Brian Burg.

* UserInterface/Views/ResourceCookiesContentView.css:
(.resource-cookies .table):
Give these tables a reasonable minimum size so that if the inspector
is narrow, the content view can still be scrolled to see all of
the table data.

* UserInterface/Views/Table.css:
(.table > .header):
Match the data-container and mark overflow as hidden, otherwise
super narrow widths show header content beyond the edge.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227666 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: Add InspectorShaderProgram to Unified Sources build
commit-queue@webkit.org [Fri, 26 Jan 2018 05:08:15 +0000 (05:08 +0000)]
Web Inspector: Add InspectorShaderProgram to Unified Sources build
https://bugs.webkit.org/show_bug.cgi?id=182084

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-25
Reviewed by Dan Bernstein.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* Sources.txt:
Move to Sources.txt always.

* inspector/InspectorShaderProgram.cpp:
Add ENABLE(WEBGL) guard to contents.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227665 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake scrolling to the focused element async
rniwa@webkit.org [Fri, 26 Jan 2018 05:03:37 +0000 (05:03 +0000)]
Make scrolling to the focused element async
https://bugs.webkit.org/show_bug.cgi?id=181575
<rdar://problem/36459767>

Reviewed by Simon Fraser.

Source/WebCore:

Made the revealing of the focused element asynchronous in Element::focus. Like selection, schedule a timer when
a new element is focused, and only scroll to the focused element when the timer fires. If any other scrolling
happens meanwhile, we cancel this timer.

There are two Web exposed behavioral changes:
1. The scrolling position doesn't change immediately when calling Element::focus.
2. Only the last focused element will be revealed.

Both behavioral changes pose its own compatibility risks but we're making a conscious decision here since
the scrolling asynchronous has a clear performance benefit.

There is one edge case to cosnider: when the history controller restores the scrolling position, canceling the
timer results in a focused element in an overflow: hidden element to be never revealed. Expediate revealing of
the focused element in this one case instead of canceling.

Tests: fast/scrolling/scroll-to-focused-element-asynchronously.html
       fast/scrolling/scroll-to-focused-element-canceled-by-fragment-navigation.html

* dom/Element.cpp:
(WebCore::Element::focus): Call updateFocusAppearance on focusAppearanceUpdateTarget to handle HTMLAreaElement
which delegates the focus appearance update to its image element.
(WebCore::Element::focusAppearanceUpdateTarget): Extracted. Returns "this" element for all but HTMLAreaElement.
(WebCore::Element::updateFocusAppearance): Schedule the revealing of the focused element in FrameView instead of
synchronously scrolling to the focused element.
* dom/Element.h:
(WebCore::Element::defaultFocusTextStateChangeIntent):
* html/HTMLAreaElement.cpp:
(WebCore::HTMLAreaElement::focusAppearanceUpdateTarget): Extracted from updateFocusAppearance.
(WebCore::HTMLAreaElement::updateFocusAppearance): Deleted.
* html/HTMLAreaElement.h:
* loader/HistoryController.cpp:
(WebCore::HistoryController::restoreScrollPositionAndViewState): Reveal the focused element
prior to restoring the scrolling location of the fragment navigation. This is needed to reveal a focused element
inside overflow: hidden element which got focused.
* page/FrameView.cpp:
(WebCore::FrameView::FrameView): Added a boolean flag and a timer for scrolling to the focused element.
(WebCore::FrameView::reset): Stop the timer and clear the flag.
(WebCore::FrameView::maintainScrollPositionAtAnchor): Ditto when scrolling to an anchor.
(WebCore::FrameView::setScrollPosition): Ditto when some other programatic scroll or the user scrolls the view.
(WebCore::FrameView::scheduleScrollToFocusedElement): Added.
(WebCore::FrameView::scrollToFocusedElementImmediatelyIfNeeded): Added.
(WebCore::FrameView::scrollToFocusedElementTimerFired): Added.
(WebCore::FrameView::scrollToAnchor): Stop the timer and clear the flag when scrolling to an achor.
(WebCore::FrameView::setWasScrolledByUser): Ditto when the user scrolls.
* page/FrameView.h:

LayoutTests:

Updated the tests per the behavioral change and added two more tests for scrolling to the focused element.

* accessibility/mac/webkit-scrollarea-position.html: Wait for the focus scrolling to take effect.
* fast/events/reveal-link-when-focused.html: Ditto.
* fast/images/imagemap-scroll.html: Ditto.
* fast/overflow/scroll-nested-positioned-layer-in-overflow.html: Ditto.
* fast/overflow/scrollRevealButton.html: Ditto.
* fast/transforms/scrollIntoView-transformed.html: Ditto. We need to focus each element in a seperate task
since only the last focused element will be revealed otherwise.
* fast/scrolling/scroll-to-focused-element-asynchronously-expected.txt: Added.
* fast/scrolling/scroll-to-focused-element-asynchronously.html: Added.
* fast/scrolling/scroll-to-focused-element-canceled-by-fragment-navigation-expected.txt: Added.
* fast/scrolling/scroll-to-focused-element-canceled-by-fragment-navigation.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227664 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: "Displayed Columns" should not be displayed in context menu if all...
commit-queue@webkit.org [Fri, 26 Jan 2018 04:58:33 +0000 (04:58 +0000)]
Web Inspector: "Displayed Columns" should not be displayed in context menu if all columns are required columns
https://bugs.webkit.org/show_bug.cgi?id=182162
<rdar://problem/36893758>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-25
Reviewed by Matt Baker.

* UserInterface/Views/Table.js:
(WI.Table.prototype._handleHeaderContextMenu):
Only add the header column when we know there are hideable columns.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227652 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSION(r217236): [iOS] PDFDocumentImage does not update its cached ImageBuffer...
commit-queue@webkit.org [Fri, 26 Jan 2018 03:42:41 +0000 (03:42 +0000)]
REGRESSION(r217236): [iOS] PDFDocumentImage does not update its cached ImageBuffer if it has a sub-rectangle of the image
https://bugs.webkit.org/show_bug.cgi?id=182083

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2018-01-25
Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/images/pdf-as-image-dest-rect-change.html

Revert the change r217236 back. Fix the issue of throwing out the cached
ImageBuffer of the PDF document image when moving its rectangle.

* platform/graphics/cg/PDFDocumentImage.cpp:
(WebCore::PDFDocumentImage::cacheParametersMatch): Return the if-statement
which was deleted in r217236 back but intersect it with dstRect. The context
clipping rectangle can be more than the dstRect.
(WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
-- Remove a wrong optimization which used to work for Mac only if the context
   interpolation quality is not set to low or none quality. This optimization
   does not consider the case when srcRect or destRect change after caching
   the ImageBuffer. Or even if m_cachedImageRect does not include the
   whole clipping rectangle.
-- Move back the call to cacheParametersMatch() before changing the
   m_cachedImageRect.
-- Always intersect the clipping rectangle with the dstRect to ensure we
   only look at the dirty rectangle inside the image boundary.
-- If cacheParametersMatch() returns true, set m_cachedDestinationRect to
   dstRect and move m_cachedImageRect by the difference between the new
   and the old dstRects since no re-caching will happen.
* platform/graphics/cg/PDFDocumentImage.h:
* testing/Internals.cpp:
(WebCore::pdfDocumentImageFromImageElement):
(WebCore::Internals::pdfDocumentCachingCount):
* testing/Internals.h:
* testing/Internals.idl:
Add an internal API which returns the number of drawing the PDF into an
ImageBuffer.

LayoutTests:

PDFDocumentImage renders only on CG platforms. Enable the new test for
iOS only.

* TestExpectations:
* fast/images/pdf-as-image-dest-rect-change-expected.txt: Added.
* fast/images/pdf-as-image-dest-rect-change.html: Added.
* platform/ios/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227651 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWeb Inspector: Remove unnecessary developerExtrasEnabled checks
commit-queue@webkit.org [Fri, 26 Jan 2018 03:31:36 +0000 (03:31 +0000)]
Web Inspector: Remove unnecessary developerExtrasEnabled checks
https://bugs.webkit.org/show_bug.cgi?id=182156

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2018-01-25
Reviewed by Matt Baker.

* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::didLoadResourceFromMemoryCacheImpl):
(WebCore::InspectorInstrumentation::frameDocumentUpdatedImpl):
(WebCore::InspectorInstrumentation::didCreateWebSocketImpl):
These checks should not be needed. The step above bails if there is
no inspector frontend, and there can be no inspector frontend unless
developer extras enabled are enabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227650 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoimported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module...
utatane.tea@gmail.com [Fri, 26 Jan 2018 02:42:14 +0000 (02:42 +0000)]
imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/errorhandling.html crashes
https://bugs.webkit.org/show_bug.cgi?id=181980

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-script-error-expected.txt:
* web-platform-tests/html/semantics/scripting-1/the-script-element/module/errorhandling-expected.txt: Added.

Source/JavaScriptCore:

We accidentally failed to propagate errored promise in instantiate and satify phase if entry.{instantiate,satisfy}
promises are set. Since we just returned `entry`, it becomes succeeded promise even if the dependent fetch, instantiate,
and satisfy promises are failed. This patch fixes error propagation by returning `entry.instantiate` and `entry.satisfy`
correctly.

* builtins/ModuleLoaderPrototype.js:
(requestInstantiate):
(requestSatisfy):

LayoutTests:

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227649 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed, fix windows build.
fpizlo@apple.com [Fri, 26 Jan 2018 01:35:14 +0000 (01:35 +0000)]
Unreviewed, fix windows build.

* wtf/MathExtras.h:
(WTF::opaque):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227648 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoREGRESSION (r221899): Web Content process hangs when webpage tries to make a new...
achristensen@apple.com [Fri, 26 Jan 2018 01:31:10 +0000 (01:31 +0000)]
REGRESSION (r221899): Web Content process hangs when webpage tries to make a new window if the WKWebView doesn’t have a UI delegate
https://bugs.webkit.org/show_bug.cgi?id=182152

Reviewed by Joseph Pecoraro.

Source/WebKit:

Call the completion handler of the default API::UIClient::createNewPage.

* UIProcess/API/APIUIClient.h:
(API::UIClient::createNewPage):
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPageUIClient):
* UIProcess/Cocoa/UIDelegate.h:
* UIProcess/Cocoa/UIDelegate.mm:
(WebKit::UIDelegate::UIClient::createNewPage):

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/UIDelegate.mm:
(-[NoUIDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227647 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAdd localizable strings for extra-zoomed form controls
wenson_hsieh@apple.com [Fri, 26 Jan 2018 01:18:30 +0000 (01:18 +0000)]
Add localizable strings for extra-zoomed form controls
https://bugs.webkit.org/show_bug.cgi?id=182080

Reviewed by Tim Horton.

Add new localizable strings. Additionally, run `update-webkit-localizable-strings` to re-sort
Localizable.strings.

* English.lproj/Localizable.strings:
* platform/LocalizedStrings.cpp:
(WebCore::formControlCancelButtonTitle):
(WebCore::formControlHideButtonTitle):
(WebCore::formControlGoButtonTitle):
(WebCore::formControlSearchButtonTitle):
(WebCore::textInputModeWriteButton):
(WebCore::textInputModeSpeechButton):
* platform/LocalizedStrings.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227646 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months ago[iOS] [WK2] Introduce new views and view controllers to support extra-zoomed text...
wenson_hsieh@apple.com [Fri, 26 Jan 2018 01:12:20 +0000 (01:12 +0000)]
[iOS] [WK2] Introduce new views and view controllers to support extra-zoomed text form controls
https://bugs.webkit.org/show_bug.cgi?id=182000
<rdar://problem/35143035>

Reviewed by Tim Horton.

Add new files to support text form control editing while extra-zoomed.

* UIProcess/ios/forms/WKFocusedFormControlView.h: Added.
* UIProcess/ios/forms/WKFocusedFormControlView.mm: Added.
* UIProcess/ios/forms/WKFocusedFormControlViewController.h: Added.
* UIProcess/ios/forms/WKFocusedFormControlViewController.mm: Added.
* UIProcess/ios/forms/WKTextFormControlViewController.h: Added.
* UIProcess/ios/forms/WKTextFormControlViewController.mm: Added.
* UIProcess/ios/forms/WKTextInputViewController.h: Added.
* UIProcess/ios/forms/WKTextInputViewController.mm: Added.
* UIProcess/ios/forms/WKTextSuggestionButton.h: Added.
* UIProcess/ios/forms/WKTextSuggestionButton.mm: Added.
* WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227645 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoGardening: fix 32-bit build after r227643.
mark.lam@apple.com [Fri, 26 Jan 2018 00:41:39 +0000 (00:41 +0000)]
Gardening: fix 32-bit build after r227643.
https://bugs.webkit.org/show_bug.cgi?id=182086

Not reviewed.

* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitDynamicPoisonOnLoadedType):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227644 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoDirectArguments should protect itself using dynamic poisoning and precise index masking
fpizlo@apple.com [Fri, 26 Jan 2018 00:05:57 +0000 (00:05 +0000)]
DirectArguments should protect itself using dynamic poisoning and precise index masking
https://bugs.webkit.org/show_bug.cgi?id=182086

Reviewed by Saam Barati.

Source/JavaScriptCore:

This implements dynamic poisoning and precise index masking in DirectArguments, using the
helpers from <wtf/MathExtras.h> and helpers in AssemblyHelpers and FTL::LowerDFGToB3.

We use dynamic poisoning for DirectArguments since this object did not have any additional
indirection inside it that could have been poisoned. So, we use the xor of the expected type
and the actual type as an additional input into the pointer.

We use precise index masking for bounds checks, because it's not worth doing index masking
unless we know that precise index masking is too slow.

* assembler/MacroAssembler.h:
(JSC::MacroAssembler::lshiftPtr):
(JSC::MacroAssembler::rshiftPtr):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):
(JSC::FTL::DFG::LowerDFGToB3::preciseIndexMask64):
(JSC::FTL::DFG::LowerDFGToB3::preciseIndexMask32):
(JSC::FTL::DFG::LowerDFGToB3::dynamicPoison):
(JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnLoadedType):
(JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnType):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitPreciseIndexMask32):
(JSC::AssemblyHelpers::emitDynamicPoison):
(JSC::AssemblyHelpers::emitDynamicPoisonOnLoadedType):
(JSC::AssemblyHelpers::emitDynamicPoisonOnType):
* jit/AssemblyHelpers.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitDirectArgumentsGetByVal):
* runtime/DirectArguments.h:
(JSC::DirectArguments::getIndexQuickly const):
(JSC::DirectArguments::setIndexQuickly):
(JSC::DirectArguments::argument):
* runtime/GenericArgumentsInlines.h:

Source/WTF:

Add helpers for:

Dynamic poisoning: this means arranging to have the pointer you will dereference become an
invalid pointer if the type check you were relying on would have failed.

Precise index masking: a variant of index masking that does not depend on distancing. I figured
I'd just try this first for DirectArguments, since I didn't think that arguments[i] was ever
hot enough to warrant anything better. Turns out that in all of the benchmarks that care about
arguments performance, we optimize things to the point that the index masking isn't on a hot
path anymore. Turns out, it's neutral!

* wtf/MathExtras.h:
(WTF::preciseIndexMask):
(WTF::dynamicPoison):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227643 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoUnreviewed build fix after r227631; make USE_VIDEOTOOLBOX universally enabled on...
jer.noble@apple.com [Thu, 25 Jan 2018 23:43:19 +0000 (23:43 +0000)]
Unreviewed build fix after r227631; make USE_VIDEOTOOLBOX universally enabled on iOS.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227641 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoAccess to service workers / Cache API should be disabled in sandboxed frames without...
cdumez@apple.com [Thu, 25 Jan 2018 23:09:38 +0000 (23:09 +0000)]
Access to service workers / Cache API should be disabled in sandboxed frames without allow-same-origin flag
https://bugs.webkit.org/show_bug.cgi?id=182140
<rdar://problem/36879952>

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Rebaseline several WPT test that either pass or fail differently.

* web-platform-tests/service-workers/cache-storage/window/sandboxed-iframes.https-expected.txt:
* web-platform-tests/service-workers/service-worker/sandboxed-iframe-navigator-serviceworker.https-expected.txt:

Source/WebCore:

Throw a SecurityError when accessing navigator.serviceWorker or window.caches inside a sandboxed iframe
without the allow-same-origin flag. This behavior is consistent with Chrome. Firefox, however, seems
to return these objects but have their API reject promises with a SecurityError instead.

No new tests, rebaselined existing tests.

* Modules/cache/DOMWindowCaches.cpp:
(WebCore::DOMWindowCaches::caches): Deleted.
* Modules/cache/DOMWindowCaches.h:
* Modules/cache/DOMWindowCaches.idl:
* page/NavigatorBase.cpp:
* page/NavigatorBase.h:
* page/NavigatorServiceWorker.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227639 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoClients.get(id) should only returns clients in the service worker's origin
cdumez@apple.com [Thu, 25 Jan 2018 23:08:23 +0000 (23:08 +0000)]
Clients.get(id) should only returns clients in the service worker's origin
https://bugs.webkit.org/show_bug.cgi?id=182149
<rdar://problem/36882310>

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Rebase WPT test that is now passing.

* web-platform-tests/service-workers/service-worker/clients-get-cross-origin.https-expected.txt:

Source/WebCore:

When looking for SW clients with a given identifier, only look in the list of
clients that have the same origin as the service worker.

No new tests, rebaselined existing test.

* workers/service/server/SWServer.cpp:
(WebCore::SWServer::serviceWorkerClientWithOriginByID const):
(WebCore::SWServer::serviceWorkerClientByID const): Deleted.
* workers/service/server/SWServer.h:
* workers/service/server/SWServerWorker.cpp:
(WebCore::SWServerWorker::findClientByIdentifier const):
* workers/service/server/SWServerWorker.h:

Source/WebKit:

* StorageProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::postMessageToServiceWorker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227638 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoWebPluginInfoProvider should handle null host queries
commit-queue@webkit.org [Thu, 25 Jan 2018 23:06:51 +0000 (23:06 +0000)]
WebPluginInfoProvider should handle null host queries
https://bugs.webkit.org/show_bug.cgi?id=182112

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-25
Reviewed by Chris Dumez.

Source/WebCore:

No change of behavior.

Removed assertion that is not always true, as shown by API tests.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived):

Source/WebKit:

Return early if host is null.

* WebProcess/Plugins/WebPluginInfoProvider.cpp:
(WebKit::WebPluginInfoProvider::populatePluginCache):

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/PluginLoadClientPolicies.mm:
(TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227637 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoRename some local vars from type to typedArrayType for greater clarity.
mark.lam@apple.com [Thu, 25 Jan 2018 22:56:57 +0000 (22:56 +0000)]
Rename some local vars from type to typedArrayType for greater clarity.
https://bugs.webkit.org/show_bug.cgi?id=182148
<rdar://problem/36882310>

Reviewed by Saam Barati.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227636 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoShapeOutside should use same origin credentials mode
commit-queue@webkit.org [Thu, 25 Jan 2018 22:49:31 +0000 (22:49 +0000)]
ShapeOutside should use same origin credentials mode
https://bugs.webkit.org/show_bug.cgi?id=182141

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-25
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/service-workers/service-worker/fetch-request-css-images.https-expected.txt:

Source/WebCore:

Covered by updated test.
As per https://drafts.csswg.org/css-shapes/#shape-outside-property, ShapeOutside images
should be fetched with anonymous cors mode, meaning credentials should be set to same-origin.

* style/StylePendingResources.cpp:
(WebCore::Style::loadPendingImage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227635 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMake sure we have a frame as we iterate in ResourceLoadObserver::nonNullOwnerURL()
wilander@apple.com [Thu, 25 Jan 2018 22:31:18 +0000 (22:31 +0000)]
Make sure we have a frame as we iterate in ResourceLoadObserver::nonNullOwnerURL()
https://bugs.webkit.org/show_bug.cgi?id=182116
<rdar://problem/36210134>

Reviewed by Alex Christensen.

No new tests. No known repro case, just crash logs.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::nonNullOwnerURL const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227632 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 months agoMove ImageDecoderAVFObjC from using AVSampleBufferGenerator to AVAssetReaderOutput...
jer.noble@apple.com [Thu, 25 Jan 2018 22:29:55 +0000 (22:29 +0000)]
Move ImageDecoderAVFObjC from using AVSampleBufferGenerator to AVAssetReaderOutput for parsing
https://bugs.webkit.org/show_bug.cgi?id=182091

Reviewed by Eric Carlson.

Source/WebCore:

No new tests; should be covered by existing tests.

AVSampleBufferGenerator is not available on iOS, so in order to enable ImageDecoderAVFObjC there,
we must adopt a similar API which is available both on iOS and macOS: AVAssetReaderOutput. Unlike
the generator, AVAssetReaderOutput doesn't necessarily generate samples in decode order, so we'll
repurpose the SampleMap from EME to hold the decoded samples as well as their generated images.

* Modules/mediasource/SampleMap.cpp:
* Modules/mediasource/SampleMap.h:
(WebCore::SampleMap::size const):
* platform/MIMETypeRegistry.cpp:
(WebCore::MIMETypeRegistry::isSupportedImageVideoOrSVGMIMEType):
* platform/MediaSample.h:
(WebCore::MediaSample::hasAlpha const):
* platform/graphics/ImageDecoder.cpp:
(WebCore::ImageDecoder::create):
(WebCore::ImageDecoder::supportsMediaType):
* platform/graphics/avfoundation/MediaSampleAVFObjC.h: Make non-final.
(WebCore::MediaSampleAVFObjC::sampleBuffer const):
(WebCore::MediaSampleAVFObjC::MediaSampleAVFObjC):
* platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.h:
* platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
(WebCore::ImageDecoderAVFObjCSample::create):
(WebCore::ImageDecoderAVFObjCSample::sampleBuffer const):
(WebCore::ImageDecoderAVFObjCSample::image const):
(WebCore::ImageDecoderAVFObjCSample::setImage):
(WebCore::ImageDecoderAVFObjCSample::ImageDecoderAVFObjCSample):
(WebCore::ImageDecoderAVFObjCSample::cacheMetadata):
(WebCore::toSample):
(WebCore::ImageDecoderAVFObjC::readSamples):
(WebCore::ImageDecoderAVFObjC::storeSampleBuffer):
(WebCore::ImageDecoderAVFObjC::advanceCursor):
(WebCore::ImageDecoderAVFObjC::setTrack):
(WebCore::ImageDecoderAVFObjC::encodedDataStatus const):
(WebCore::ImageDecoderAVFObjC::repetitionCount const):
(WebCore::ImageDecoderAVFObjC::frameIsCompleteAtIndex const):
(WebCore::ImageDecoderAVFObjC::frameDurationAtIndex const):
(WebCore::ImageDecoderAVFObjC::frameHasAlphaAtIndex const):
(WebCore::ImageDecoderAVFObjC::createFrameImageAtIndex):
(WebCore::ImageDecoderAVFObjC::setData):
(WebCore::ImageDecoderAVFObjC::clearFrameBufferCache):
(WebCore::ImageDecoderAVFObjC::sampleAtIndex const):
(WebCore::ImageDecoderAVFObjC::readSampleMetadata): Deleted.

Source/WTF:

* wtf/Platform.h:

LayoutTests:

* platform/ios/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/update-the-source-set-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227631 268f45cc-cd09-0410-ab3c-d52691b4dbfc