WebKit-https.git
4 years ago[JSC] Recover parser performance regression by async support
utatane.tea@gmail.com [Tue, 31 May 2016 20:57:20 +0000 (20:57 +0000)]
[JSC] Recover parser performance regression by async support
https://bugs.webkit.org/show_bug.cgi?id=158228

Reviewed by Saam Barati.

This patch recovers parser performance regression caused in r201481.

Compared to the version that reverts r201481, still ~1% regression remains.
But compared to ToT, this patch significantly improves the code-load performance.

In Linux x64 JSCOnly port, with GCC 5.3.1.

reverted v.s. patched.
                         reverted                  patched

closure              0.61805+-0.00376    ?     0.62280+-0.00525       ?
jquery               8.03778+-0.02114          8.03453+-0.04646

<geometric>          2.22883+-0.00836    ?     2.23688+-0.00995       ? might be 1.0036x slower

ToT v.s. patched.
                         baseline                  patched

closure              0.65490+-0.00351    ^     0.62473+-0.00363       ^ definitely 1.0483x faster
jquery               8.25373+-0.06256    ^     8.04701+-0.03455       ^ definitely 1.0257x faster

<geometric>          2.32488+-0.00921    ^     2.24210+-0.00592       ^ definitely 1.0369x faster

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
Extend SourceParseMode.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::isArrowFunctionParameters):
Do not call `matchSpecIdentifier()` as much as we can. This greatly improves the performance.

(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
Do not touch `currentScope()->isGenerator()` even if it is unnecessary in parseFunctionInfo.
And accidental `syntaxChecker => context` changes are fixed.

(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
(JSC::Parser<LexerType>::parseImportClauseItem):
(JSC::Parser<LexerType>::parseExportDeclaration):
(JSC::Parser<LexerType>::parseAssignmentExpression):
Do not use matchSpecIdentifier() in the hot paths.

(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):
(JSC::Parser<LexerType>::printUnexpectedTokenText): Deleted.
* parser/Parser.h:
(JSC::isIdentifierOrKeyword):
AWAIT shoud be one of the keywords. This AWAIT check is unnecessary.

(JSC::Parser::upperScope):
(JSC::Parser::matchSpecIdentifier):
Touching currentScope() and its member causes significant performance degradation.
We carefully remove the above access in the hot paths.

(JSC::Parser::isDisallowedIdentifierAwait):
* parser/ParserModes.h:
(JSC::SourceParseModeSet::SourceParseModeSet):
(JSC::SourceParseModeSet::contains):
(JSC::SourceParseModeSet::mergeSourceParseModes):
(JSC::isFunctionParseMode):
(JSC::isAsyncFunctionParseMode):
(JSC::isAsyncArrowFunctionParseMode):
(JSC::isAsyncFunctionWrapperParseMode):
(JSC::isAsyncFunctionBodyParseMode):
(JSC::isModuleParseMode):
(JSC::isProgramParseMode):
(JSC::constructAbilityForParseMode):
The parser frequently checks SourceParseMode. And variety of SourceParseMode becomes many.
So using switch onto SourceParseMode degrades the performance. Instead, we use bit tests to guard against
many SourceParseModes. We expect that this will be efficiently compiled into test & jmp.

* parser/ParserTokens.h:
Change AWAIT to one of the keywords, as the same to YIELD / LET.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] AirPlay route is sometimes reset when changing video.src
eric.carlson@apple.com [Tue, 31 May 2016 20:47:53 +0000 (20:47 +0000)]
[Mac] AirPlay route is sometimes reset when changing video.src
https://bugs.webkit.org/show_bug.cgi?id=158226
<rdar://problem/24197592>

Reviewed by Jer Noble.

Source/WebCore:

Test: media/airplay-autoplay.html

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::webkitShowPlaybackTargetPicker): Remove the gesture requirement
  if currently processing a user gesture.
(WebCore::HTMLMediaElement::dispatchEvent): Set m_failedToPlayToWirelessTarget to false when
  dispatching webkitcurrentplaybacktargetiswirelesschanged so an element can succeed after failing.

LayoutTests:

* media/airplay-autoplay-expected.txt: Added.
* media/airplay-autoplay.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRegression(r201482): Crash under dispatch_semaphore_wait
cdumez@apple.com [Tue, 31 May 2016 20:32:21 +0000 (20:32 +0000)]
Regression(r201482): Crash under dispatch_semaphore_wait
https://bugs.webkit.org/show_bug.cgi?id=158230
<rdar://problem/26534698>

Reviewed by Eric Carlson.

Stop moving hasSessionSemaphore in the lambda capture since it is used in
dispatch_semaphore_wait() call after the callOnMainThread() call.

No new tests, already covered by tests that are crashing on the bots.

* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: capturing with Allocations timeline causes GC to take 100x longer...
sbarati@apple.com [Tue, 31 May 2016 19:45:10 +0000 (19:45 +0000)]
Web Inspector: capturing with Allocations timeline causes GC to take 100x longer and cause frame drops
https://bugs.webkit.org/show_bug.cgi?id=158054
<rdar://problem/25280762>

Reviewed by Joseph Pecoraro.

HeapSnapshot::sweepCell was taking a long time on
http://bl.ocks.org/syntagmatic/6c149c08fc9cde682635
because it has to do a binary search to find if
an item is or is not in the list. 90% of the binary searches
would not find anything. This resulted in a lot of wasted time.

This patch adds a TinyBloomFilter member variable to HeapSnapshot.
We use this filter to try to bypass doing a binary search when the
filter tells us that a particular JSCell is definitely not in our
list. This is a 2x speedup on the steady state GC of the above
website.

* heap/HeapSnapshot.cpp:
(JSC::HeapSnapshot::appendNode):
(JSC::HeapSnapshot::sweepCell):
(JSC::HeapSnapshot::shrinkToFit):
(JSC::HeapSnapshot::nodeForCell):
* heap/HeapSnapshot.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201520 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Better deal with WebProcess suspension due to screen locking
cdumez@apple.com [Tue, 31 May 2016 19:35:06 +0000 (19:35 +0000)]
[iOS] Better deal with WebProcess suspension due to screen locking
https://bugs.webkit.org/show_bug.cgi?id=158229
<rdar://problem/17665473>
<rdar://problem/26554699>

Reviewed by Tim Horton.

When locking the screen while MobileSafari is front-most, we would try keep
trying to mark IOSurfaces as volatile until the 30 seconds timeout was
reached. This patch deals more cleanly with this situation by only trying
to mark IOSurfaces as volatile once if the suspension is due to screen
locking. In such case, it is apparently expected that some IOSurfaces cannot
be marked as volatile so it is enough to try once and let ourselves get
suspended.

This patch also reduces the timeout from 30 seconds to ~3 seconds in the
other suspension cases (e.g. homing out of MobileSafari). If we fail to mark
them as purgeable for 3 seconds for a reason or another, it is no use in
retrying, it is simply not going to happen and there is no reason to delay
process suspension any further.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::callVolatilityCompletionHandlers):
(WebKit::WebPage::layerVolatilityTimerFired):
(WebKit::WebPage::markLayersVolatileImmediatelyIfPossible):
(WebKit::WebPage::markLayersVolatile):
* WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::markLayersVolatile):
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::applicationDidEnterBackground):
(WebKit::WebPage::applicationWillEnterForeground):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake createCrossThreadTask() functions return on the stack instead of the heap.
beidson@apple.com [Tue, 31 May 2016 19:33:22 +0000 (19:33 +0000)]
Make createCrossThreadTask() functions return on the stack instead of the heap.
https://bugs.webkit.org/show_bug.cgi?id=158215

Reviewed by Darin Adler.

Source/WebCore:

No new tests (Refactor, no change in behavior).

* Modules/indexeddb/client/IDBConnectionProxy.h:

* Modules/indexeddb/server/IDBServer.cpp:
(WebCore::IDBServer::IDBServer::postDatabaseTask):
(WebCore::IDBServer::IDBServer::postDatabaseTaskReply):
(WebCore::IDBServer::IDBServer::databaseRunLoop):
* Modules/indexeddb/server/IDBServer.h:

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
(WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
* Modules/indexeddb/server/UniqueIDBDatabase.h:

* dom/ScriptExecutionContext.h:
(WebCore::ScriptExecutionContext::postCrossThreadTask):

* fileapi/ThreadableBlobRegistry.cpp:
(WebCore::threadableQueue):

Source/WebKit2:

* DatabaseProcess/DatabaseProcess.cpp:
(WebKit::DatabaseProcess::postDatabaseTask):
(WebKit::DatabaseProcess::performNextDatabaseTask):
(WebKit::DatabaseProcess::fetchWebsiteData):
* DatabaseProcess/DatabaseProcess.h:

Source/WTF:

* WTF.xcodeproj/project.pbxproj:

* wtf/CrossThreadCopier.cpp:

* wtf/CrossThreadQueue.h: Added. A lightweight of MessageQueue that deals directly
  in objects instead of in std::unique_ptrs.
(WTF::CrossThreadQueue::isKilled):
(WTF::CrossThreadQueue<DataType>::append):
(WTF::CrossThreadQueue<DataType>::waitForMessage):
(WTF::CrossThreadQueue<DataType>::tryGetMessage):

* wtf/CrossThreadTask.h:
(WTF::createCrossThreadTask):
(WTF::CrossThreadTask::CrossThreadTask): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed: add myself to the reviewers list.
jonlee@apple.com [Tue, 31 May 2016 18:49:52 +0000 (18:49 +0000)]
Unreviewed: add myself to the reviewers list.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r189567): Elements with aspect ratios not handled correctly inside flexbox.
hyatt@apple.com [Tue, 31 May 2016 18:42:17 +0000 (18:42 +0000)]
REGRESSION (r189567): Elements with aspect ratios not handled correctly inside flexbox.
https://bugs.webkit.org/show_bug.cgi?id=158040

Reviewed by Zalan Bujtas.

Source/WebCore:

Added new tests in fast/flexbox.

* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::clientLogicalBottomAfterRepositioning):
(WebCore::RenderFlexibleBox::hasOrthogonalFlow):
(WebCore::RenderFlexibleBox::mainAxisContentExtent):
(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisBorderAndPaddingExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisLengthIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisScrollbarExtentForChild):
(WebCore::RenderFlexibleBox::prepareOrderIteratorAndMargins):
(WebCore::RenderFlexibleBox::crossAxisLengthIsDefinite):
(WebCore::RenderFlexibleBox::computeMainSizeFromAspectRatioUsing):
(WebCore::RenderFlexibleBox::adjustChildSizeForAspectRatioCrossAxisMinAndMax):
(WebCore::RenderFlexibleBox::useChildAspectRatio):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::resetAutoMarginsAndLogicalTopInCrossAxis):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite): Deleted.
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite): Deleted.
* rendering/RenderFlexibleBox.h:
(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):

LayoutTests:

* fast/flexbox/aspect-ratio-intrinsic-adjust-expected.html: Added.
* fast/flexbox/aspect-ratio-intrinsic-adjust.html: Added.
* fast/flexbox/resources/subjects_sm.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201516 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix after r201482.
achristensen@apple.com [Tue, 31 May 2016 17:53:20 +0000 (17:53 +0000)]
Build fix after r201482.

* platform/network/curl/CurlDownload.cpp:
(WebCore::CurlDownload::didReceiveHeader):
header used to be capturedHeader, which was a StringCapture, which needed .string() to get the String.
Now it's a WTF::String, so we already have the String.  Hooray for c++14!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix.
svillar@igalia.com [Tue, 31 May 2016 15:35:58 +0000 (15:35 +0000)]
Unreviewed build fix.

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Empty grid without explicit tracks shouldn't have any size
svillar@igalia.com [Tue, 31 May 2016 15:17:03 +0000 (15:17 +0000)]
[css-grid] Empty grid without explicit tracks shouldn't have any size
https://bugs.webkit.org/show_bug.cgi?id=155197

Reviewed by Darin Adler.

Source/WebCore:

The internal representation of the grid is a Vector of Vector representing rows and
columns. Because of that it was not possible to have columns without having at least one
row. That forced us to have a 1x1 internal representation of the grid even if it was
actually empty. That works for most of the cases except when the grid is actually empty.

By changing the way we compute the sizes we can overcome that implementation
restriction. This allowed us also to thighten the conditions under we could use the
GridIterator. From now on it won't be possible to use it on empty grids so callers should
enforce that restriction.

A new bool was added to verify that placeItemsOnGrid() has been already called. The previous
code was relying on the fact that there were items in the internal representation, which is
wrong, as there might be no items in the grid.

Test: fast/css-grid-layout/empty-grid.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::GridIterator::GridIterator): Added ASSERTs.
(WebCore::RenderGrid::GridIterator::nextGridItem): Ditto.
(WebCore::RenderGrid::GridIterator::isEmptyAreaEnough): Ditto.
(WebCore::RenderGrid::GridIterator::nextEmptyGridArea): Ditto.
(WebCore::RenderGrid::gridColumnCount): Use the style to resolve the number of columns if
the internal representation is empty.
(WebCore::RenderGrid::gridRowCount):
(WebCore::RenderGrid::guttersSize): Allow to pass 0 as span, this permits using the return
value of gridColumnCount|gridRowCount directly to call this method.
(WebCore::RenderGrid::computeIntrinsicLogicalWidths): Use m_gridIsDirty.
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks): Do not examine the contents of grid
tracks if there are no items in the grid.
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions): Ditto.
(WebCore::RenderGrid::placeItemsOnGrid): Set m_gridIsDirty to false.
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::clearGrid):
(WebCore::RenderGrid::populateGridPositionsForDirection):
* rendering/RenderGrid.h: Moved gridColumnCount/gridRowCount to cpp file.

LayoutTests:

Make sure that empty grids (and grids with one empty axis) are properly handled. Do also
verify that removing all the items from a grid also generates an correct empty grid.

* fast/css-grid-layout/empty-grid-expected.txt: Added.
* fast/css-grid-layout/empty-grid.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201510 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Provide alternative mirror for the ICU tarball.
clopez@igalia.com [Tue, 31 May 2016 10:34:29 +0000 (10:34 +0000)]
[GTK] Provide alternative mirror for the ICU tarball.
https://bugs.webkit.org/show_bug.cgi?id=154530

Unreviewed.

* gtk/jhbuild.modules: After r201449 the GTK+ ARM buildbot is having
a hard time trying to download the ICU tarball from download.icu-project.org
(which redirects to sourceforge and gives problems with something related to
SSL). Provide this alternative mirror to make things working back.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Update OptionsGTK.cmake and NEWS for 2.13.1 release.
carlosgc@webkit.org [Tue, 31 May 2016 09:25:04 +0000 (09:25 +0000)]
Unreviewed. Update OptionsGTK.cmake and NEWS for 2.13.1 release.

.:

* Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

* gtk/NEWS: Add release notes for 2.13.1.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Fix GTK+ clean build after r201504.
carlosgc@webkit.org [Tue, 31 May 2016 07:51:45 +0000 (07:51 +0000)]
Unreviewed. Fix GTK+ clean build after r201504.

* DatabaseProcess/DatabaseProcess.cpp: Add missing include.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Test /webkit2/WebKitWebView/geolocation-permission-requests is failing since...
carlosgc@webkit.org [Tue, 31 May 2016 07:22:40 +0000 (07:22 +0000)]
[GTK] Test /webkit2/WebKitWebView/geolocation-permission-requests is failing since r201423
https://bugs.webkit.org/show_bug.cgi?id=158200

Reviewed by Philippe Normand.

This is because geolocation is no longer allowed for non secure sites, like HTTP. In that case
POSITION_UNAVAILABLE is returned without asking the API layer.

* TestWebKitAPI/Tests/WebKit2Gtk/TestUIClient.cpp:
(testWebViewGeolocationPermissionRequests): Keep the HTTP case to check that it indeed returns
POSITION_UNAVAILABLE and use HTTPS URLs to check permission requests are allowed or denied. Also stop using the
document title, and use user script messages that are more reliable instead.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove CrossThreadCopier/CrossThreadTask to WTF.
beidson@apple.com [Tue, 31 May 2016 03:35:44 +0000 (03:35 +0000)]
Move CrossThreadCopier/CrossThreadTask to WTF.
https://bugs.webkit.org/show_bug.cgi?id=158207

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Refactor, no behavior change).

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:

* Modules/indexeddb/IDBActiveDOMObject.h:
* Modules/indexeddb/IDBValue.cpp:
* Modules/indexeddb/client/IDBConnectionProxy.h:
* Modules/indexeddb/server/IDBServer.cpp:
* Modules/indexeddb/server/IDBServer.h:
* Modules/indexeddb/server/UniqueIDBDatabase.h:
* dom/ScriptExecutionContext.h:
* fileapi/ThreadableBlobRegistry.cpp:

* platform/WebCoreCrossThreadCopier.cpp: Added.
(WTF::WebCore::SessionID>::copy):
(WTF::WebCore::ThreadSafeDataBuffer>::copy):
* platform/WebCoreCrossThreadCopier.h: Added.

* platform/network/cf/ResourceError.h:
(WebCore::ResourceError::isolatedCopy):

* platform/network/cf/ResourceRequest.h:
(WebCore::ResourceRequest::isolatedCopy):

* platform/network/cf/ResourceResponse.h:
(WebCore::ResourceResponse::isolatedCopy):

Source/WebKit2:

* CMakeLists.txt:
* WebKit2.xcodeproj/project.pbxproj:

* DatabaseProcess/DatabaseProcess.cpp:
* DatabaseProcess/DatabaseProcess.h:

* Shared/WebCrossThreadCopier.cpp: Removed.
* Shared/WebCrossThreadCopier.h: Removed.

Source/WTF:

* WTF.xcodeproj/project.pbxproj:
* wtf/CMakeLists.txt:

* wtf/CrossThreadCopier.cpp: Renamed from Source/WebCore/platform/CrossThreadCopier.cpp.
* wtf/CrossThreadCopier.h: Renamed from Source/WebCore/platform/CrossThreadCopier.h.
(WTF::CrossThreadCopierPassThrough::copy):

* wtf/CrossThreadTask.h: Renamed from Source/WebCore/platform/CrossThreadTask.h.
(WTF::CrossThreadTask::CrossThreadTask):
(WTF::CrossThreadTask::performTask):
(WTF::createCrossThreadTask):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Timelines: "-0.000ms" in Self Time
bburg@apple.com [Tue, 31 May 2016 03:25:40 +0000 (03:25 +0000)]
Web Inspector: Timelines: "-0.000ms" in Self Time
https://bugs.webkit.org/show_bug.cgi?id=158162
<rdar://problem/26523350>

Reviewed by Darin Adler.

Values such as -0.0000 and +0.00001 seem to indicate there is
some floating point error accumulating in profile node data.
Since the sampling profiler isn't accurate to that precision,
let's clean up the data so near-zero numbers are simply zero.

* UserInterface/Models/ProfileNode.js:
Round selfTime down to zero if it's less than the
smallest value we would show in the user interface.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Uncaught exception page should pre-populate the bug's URL with the...
bburg@apple.com [Mon, 30 May 2016 20:26:25 +0000 (20:26 +0000)]
Web Inspector: Uncaught exception page should pre-populate the bug's URL with the inspected page URL
https://bugs.webkit.org/show_bug.cgi?id=158055
<rdar://problem/26516693>

Reviewed by Saam Barati.

* UserInterface/Debug/UncaughtExceptionReporter.js:
Include the encoded URL in the query string if it is not empty.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201502 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed test gardening.
peavo@outlook.com [Mon, 30 May 2016 19:03:39 +0000 (19:03 +0000)]
Unreviewed test gardening.

After the crash fix in r201500, update the test expectations for
http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler.html.

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-05-30

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201501 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agohttp/tests/websocket/tests/hybi/stop-on-resume-in-error-handler.html crashes on Windo...
peavo@outlook.com [Mon, 30 May 2016 18:44:38 +0000 (18:44 +0000)]
http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler.html crashes on Windows almost all the time
https://bugs.webkit.org/show_bug.cgi?id=144057

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-05-30
Reviewed by Brent Fulgham.

Protect SocketStreamHandle object before trying to access it on the main thread, and make sure
CFWriteStreamRef parameter is valid before calling CFWriteStreamCanAcceptBytes.

* platform/network/cf/SocketStreamHandleCFNet.cpp:
(WebCore::SocketStreamHandle::readStreamCallback):
(WebCore::SocketStreamHandle::writeStreamCallback):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Right-clicking in Snapshot's DataGrid throws an exception
mattbaker@apple.com [Mon, 30 May 2016 16:56:24 +0000 (16:56 +0000)]
Web Inspector: Right-clicking in Snapshot's DataGrid throws an exception
https://bugs.webkit.org/show_bug.cgi?id=157934
<rdar://problem/26380910>

Reviewed by Brian Burg.

Check that click event target is actually a cell, as it can be a row
when focusing the table after dismissing a popup menu.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGridNode.prototype.isEventWithinDisclosureTriangle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[CSS Box Alignment] New CSS Value 'normal' for Self Alignment
jfernandez@igalia.com [Mon, 30 May 2016 08:14:31 +0000 (08:14 +0000)]
[CSS Box Alignment] New CSS Value 'normal' for Self Alignment
https://bugs.webkit.org/show_bug.cgi?id=156254

Reviewed by Darin Adler.

Source/WebCore:

The Box Alignment specification defines a new value 'normal' to be used
as default for the different layout models, which will define the
specific behavior for each case. This patch adds a new CSS value in the
parsing logic and adapts the Self Alignment properties to the new
value.

The 'auto' value is no longer valid for the 'align-items' property and
the Computed Value will be always the specified value. Hence, I removed
the StyleResolver logic because is not required now; the specific
behavior of the 'normal' value will be resolved at layout time.

Additionally, this patch updates the layout logic as well, for both
Flexbox and Grid layout models.

Test: css3/parse-alignment-of-root-elements.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::resolveLegacyJustifyItems): Added.
(WebCore::resolveJustifyItemsAuto): Added.
(WebCore::resolveJustifySelfAuto): Added.
(WebCore::resolveAlignSelfAuto): Added.
(WebCore::valueForItemPositionWithOverflowAlignment): Using a StyleSelfAlignmentData argument.
(WebCore::ComputedStyleExtractor::propertyValue): Using the new resolving functions.
* css/CSSParser.cpp:
(WebCore::CSSParser::parseItemPositionOverflowPosition): A new value 'normal' is now valid.
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Mappings for the new value 'normal'.
(WebCore::CSSPrimitiveValue::operator ItemPosition): Mappings for the new value 'normal'.
* css/CSSPropertyNames.in:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle): We don't need to resolve 'legacy" keyword.
* rendering/RenderBox.cpp:
(WebCore::flexItemHasStretchAlignment):
(WebCore::RenderBox::hasStretchedLogicalWidth):
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::styleDidChange):
(WebCore::RenderFlexibleBox::alignmentForChild):
(WebCore::contentAlignmentNormalBehaviorFlexibleBox):
(WebCore::RenderFlexibleBox::layoutAndPlaceChildren):
(WebCore::RenderFlexibleBox::layoutColumnReverse):
(WebCore::RenderFlexibleBox::alignFlexLines):
(WebCore::RenderFlexibleBox::alignChildren):
* rendering/RenderGrid.cpp:
(WebCore::defaultAlignmentChangedToStretchInRowAxis):
(WebCore::defaultAlignmentChangedFromStretchInRowAxis):
(WebCore::defaultAlignmentChangedFromStretchInColumnAxis):
(WebCore::selfAlignmentChangedToStretchInRowAxis):
(WebCore::selfAlignmentChangedFromStretchInRowAxis):
(WebCore::selfAlignmentChangedFromStretchInColumnAxis):
(WebCore::contentAlignmentNormalBehaviorGrid):
(WebCore::RenderGrid::applyStretchAlignmentToTracksIfNeeded):
(WebCore::RenderGrid::needToStretchChildLogicalHeight):
(WebCore::RenderGrid::applyStretchAlignmentToChildIfNeeded):
(WebCore::RenderGrid::columnAxisPositionForChild):
(WebCore::RenderGrid::rowAxisPositionForChild):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
(WebCore::RenderGrid::computeContentPositionAndDistributionOffset):
* rendering/style/RenderStyle.cpp:
(WebCore::resolvedSelfAlignment):
(WebCore::RenderStyle::resolvedAlignItems):
(WebCore::RenderStyle::resolvedAlignSelf):
(WebCore::RenderStyle::resolvedJustifyItems):
(WebCore::RenderStyle::resolvedJustifySelf):
* rendering/style/RenderStyle.h:
* rendering/style/RenderStyleConstants.h:
* rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): align-items uses now a different initial function.

LayoutTests:

Changes in the already defined tests for the alignment properties to
consider the new CSS value 'normal', which is the default for align-items
and the value to resolve 'auto' when there is no parent.

Added a new test to verify the Self-Alignment properties work as expected
with root elements.

* css3/flexbox/css-properties-expected.txt:
* css3/flexbox/css-properties.html:
* css3/parse-align-items-expected.txt:
* css3/parse-align-items.html:
* css3/parse-align-self-expected.txt:
* css3/parse-align-self.html:
* css3/parse-alignment-of-root-elements-expected.txt: Added.
* css3/parse-alignment-of-root-elements.html: Added.
* fast/css/getComputedStyle/computed-style-expected.txt:
* fast/css/getComputedStyle/computed-style-without-renderer-expected.txt:
* fast/css/parse-justify-items-expected.txt:
* fast/css/parse-justify-items.html:
* fast/css/parse-justify-self-expected.txt:
* fast/css/parse-justify-self.html:
* fast/css/resources/alignment-parsing-utils.js:
* svg/css/getComputedStyle-basic-expected.txt:
(checkBadValues):
* svg/css/getComputedStyle-basic-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTransition various Task/Function queues from std::function to NoncopyableFunction.
beidson@apple.com [Mon, 30 May 2016 06:53:36 +0000 (06:53 +0000)]
Transition various Task/Function queues from std::function to NoncopyableFunction.
https://bugs.webkit.org/show_bug.cgi?id=158196

Reviewed by Chris Dumez.

No new tests (Refactor, no behavior change).

* dom/ActiveDOMCallbackMicrotask.cpp:
(WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
* dom/ActiveDOMCallbackMicrotask.h:

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::layoutSizeChanged):

* page/FrameView.cpp:
(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):
* page/FrameView.h:

* platform/GenericTaskQueue.cpp:
(WebCore::TaskDispatcher<Timer>::postTask):
(WebCore::TaskDispatcher<Timer>::dispatchOneTask):
* platform/GenericTaskQueue.h:
(WebCore::TaskDispatcher::postTask):
(WebCore::GenericTaskQueue::enqueueTask):

* style/StyleTreeResolver.cpp:
(WebCore::Style::postResolutionCallbackQueue):
(WebCore::Style::queuePostResolutionCallback):
(WebCore::Style::suspendMemoryCacheClientCalls):
* style/StyleTreeResolver.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake ScriptExecutionContext::Task work in terms of wtf::NoncopyableFunction instead...
beidson@apple.com [Mon, 30 May 2016 04:30:22 +0000 (04:30 +0000)]
Make ScriptExecutionContext::Task work in terms of wtf::NoncopyableFunction instead of std::function.
https://bugs.webkit.org/show_bug.cgi?id=158187

Reviewed by Chris Dumez.

No new tests (Refactor, no behavior change).

Also make postTask take an rvalue reference.

* bindings/js/JSDOMGlobalObjectTask.cpp:
(WebCore::JSGlobalObjectTask::JSGlobalObjectTask):

* dom/Document.cpp:
(WebCore::Document::postTask):
* dom/Document.h:

* dom/ScriptExecutionContext.h:
(WebCore::ScriptExecutionContext::Task::Task):

* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::postTask):
* workers/WorkerGlobalScope.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStack overflow crashes with deep or cyclic proxy prototype chains
sbarati@apple.com [Sun, 29 May 2016 19:01:36 +0000 (19:01 +0000)]
Stack overflow crashes with deep or cyclic proxy prototype chains
https://bugs.webkit.org/show_bug.cgi?id=157087

Reviewed by Filip Pizlo and Mark Lam.

Because a Proxy can call back into the JS runtime in arbitrary
ways, we may have effectively cyclic prototype chains and property lookups
by using a Proxy. We may also have arbitrarily long Proxy chains
where we call into a C frame for each link in the Proxy chain.
This means that every Proxy hook must be aware that it can stack overflow.
Before, only certain hooks were aware of this fact. That was a bug,
all hooks must assume they can stack overflow.

Also, because we may have effectively cyclic prototype chains, we
compile ProxyObject.cpp with -fno-optimize-sibling-calls. This prevents
tail call optimization from happening on any of the calls from
ProxyObject.cpp. We do this because we rely on the machine stack
growing for throwing a stack overflow error. It's better for developers
to be able to see a stack overflow error than to have their program
infinite loop because the compiler performed TCO.

This patch also fixes a couple call sites of various methods
where we didn't check for an exception.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* interpreter/Interpreter.cpp:
(JSC::sizeOfVarargs):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::createSubclassStructure):
* runtime/JSArray.h:
(JSC::getLength):
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncToString):
* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::getOwnPropertyNames):
(JSC::ProxyObject::getPropertyNames):
(JSC::ProxyObject::getOwnNonIndexPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):
* runtime/ProxyObject.h:
(JSC::ProxyObject::create):
* tests/stress/proxy-stack-overflow-exceptions.js: Added.
(shouldThrowStackOverflow):
(const.emptyFunction):
(makeLongProxyChain):
(shouldThrowStackOverflow.longProxyChain):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain1):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain2):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain3):
(shouldThrowStackOverflow.longProxyChainBind):
(shouldThrowStackOverflow.longProxyChainPropertyAccess):
(shouldThrowStackOverflow.longProxyChainReflectConstruct):
(shouldThrowStackOverflow.longProxyChainReflectSet):
(shouldThrowStackOverflow.longProxyChainReflectOwnKeys):
(shouldThrowStackOverflow.longProxyChainGetPrototypeOf):
(shouldThrowStackOverflow.longProxyChainSetPrototypeOf):
(shouldThrowStackOverflow.longProxyChainGetOwnPropertyDescriptor):
(shouldThrowStackOverflow.longProxyChainDefineProperty):
(shouldThrowStackOverflow.longProxyChainIsExtensible):
(shouldThrowStackOverflow.longProxyChainPreventExtensions):
(shouldThrowStackOverflow.longProxyChainDeleteProperty):
(shouldThrowStackOverflow.longProxyChainWithScope):
(shouldThrowStackOverflow.longProxyChainWithScope2):
(shouldThrowStackOverflow.longProxyChainWithScope3):
(shouldThrowStackOverflow.longProxyChainArrayPrototypePush):
(shouldThrowStackOverflow.longProxyChainWithScope4):
(shouldThrowStackOverflow.longProxyChainCall):
(shouldThrowStackOverflow.longProxyChainConstruct):
(shouldThrowStackOverflow.longProxyChainHas):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoJSGlobalLexicalEnvironment leaks SegmentedVector due to lack of destructor.
akling@apple.com [Sun, 29 May 2016 04:47:41 +0000 (04:47 +0000)]
JSGlobalLexicalEnvironment leaks SegmentedVector due to lack of destructor.
<https://webkit.org/b/158186>

Reviewed by Saam Barati.

Give JSGlobalLexicalEnvironment a destroy() and set up a finalizer for it
like we do with JSGlobalObject. (This is needed because they don't inherit
from JSDestructibleObjects and thus can't use JSCell::needsDestruction to
ask for allocation in destructor space.)

This stops us from leaking all the SegmentedVector backing stores.

* runtime/JSGlobalLexicalEnvironment.cpp:
(JSC::JSGlobalLexicalEnvironment::destroy):
* runtime/JSGlobalLexicalEnvironment.h:
(JSC::JSGlobalLexicalEnvironment::create):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201494 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoTemplatize NoncopyableFunction class similarly to std::function
cdumez@apple.com [Sun, 29 May 2016 04:20:06 +0000 (04:20 +0000)]
Templatize NoncopyableFunction class similarly to std::function
https://bugs.webkit.org/show_bug.cgi?id=158185

Reviewed by Darin Adler.

Templatize NoncopyableFunction class similarly to std::function, so
that it can be used as a std::function replacement in more places.

Previously, NoncopyableFunction could only support "void()" lambdas.

Source/WebCore:

* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::MediaEndpointPeerConnection::runTask):
* Modules/mediastream/MediaEndpointPeerConnection.h:
* fileapi/AsyncFileStream.cpp:
(WebCore::callOnFileThread):
(WebCore::AsyncFileStream::perform):
(WebCore::AsyncFileStream::getSize):
(WebCore::AsyncFileStream::openForRead):
(WebCore::AsyncFileStream::openForWrite):
(WebCore::AsyncFileStream::write):
* fileapi/AsyncFileStream.h:
* page/scrolling/ScrollingThread.cpp:
(WebCore::ScrollingThread::dispatch):
(WebCore::ScrollingThread::dispatchBarrier):
(WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
* page/scrolling/ScrollingThread.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
* platform/mediastream/MediaStreamPrivate.cpp:
(WebCore::MediaStreamPrivate::scheduleDeferredTask):
* platform/mediastream/MediaStreamPrivate.h:
* platform/mediastream/mac/AVMediaCaptureSource.h:
* platform/mediastream/mac/AVMediaCaptureSource.mm:
(WebCore::AVMediaCaptureSource::scheduleDeferredTask):

Source/WebKit:

* Storage/StorageSyncManager.cpp:
(WebCore::StorageSyncManager::dispatch):
* Storage/StorageSyncManager.h:
* Storage/StorageThread.cpp:
(WebCore::StorageThread::dispatch):
(WebCore::StorageThread::terminate):
* Storage/StorageThread.h:

Source/WebKit2:

* NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:
(WebKit::NetworkCache::runTaskInQueue):

Source/WTF:

* wtf/FunctionDispatcher.h:
* wtf/MainThread.cpp:
(WTF::functionQueue):
(WTF::dispatchFunctionsFromMainThread):
(WTF::callOnMainThread):
* wtf/MainThread.h:
* wtf/NoncopyableFunction.h:
* wtf/RunLoop.cpp:
(WTF::RunLoop::performWork):
(WTF::RunLoop::dispatch):
* wtf/RunLoop.h:
* wtf/WorkQueue.h:
* wtf/cocoa/WorkQueueCocoa.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/efl/DispatchQueueWorkItemEfl.h:
(WorkItem::WorkItem):
(TimerWorkItem::create):
(TimerWorkItem::TimerWorkItem):
* wtf/efl/WorkQueueEfl.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/generic/RunLoopGeneric.cpp:
(WTF::RunLoop::TimerBase::ScheduledTask::create):
(WTF::RunLoop::TimerBase::ScheduledTask::ScheduledTask):
(WTF::RunLoop::dispatchAfter):
* wtf/generic/WorkQueueGeneric.cpp:
(WorkQueue::dispatch):
(WorkQueue::dispatchAfter):
* wtf/glib/RunLoopGLib.cpp:
(WTF::DispatchAfterContext::DispatchAfterContext):
(WTF::RunLoop::dispatchAfter):
* wtf/win/WorkItemWin.cpp:
(WTF::WorkItemWin::WorkItemWin):
(WTF::WorkItemWin::create):
(WTF::HandleWorkItem::HandleWorkItem):
(WTF::HandleWorkItem::createByAdoptingHandle):
* wtf/win/WorkItemWin.h:
(WTF::WorkItemWin::function):
* wtf/win/WorkQueueWin.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix the build with newer clang and other custom configuration options
ap@apple.com [Sat, 28 May 2016 23:16:50 +0000 (23:16 +0000)]
Fix the build with newer clang and other custom configuration options
https://bugs.webkit.org/show_bug.cgi?id=158161

Reviewed by Dan Bernstein.

Source/WebCore:

* platform/mac/WebVideoFullscreenInterfaceMac.mm:
(WebCore::WebVideoFullscreenInterfaceMac::rateChanged): Added UNUSED_PARAMs for the
case where this function is unimplemented.
(WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Added a non-additions
version of this function.
* platform/spi/cf/CFNetworkSPI.h: Silence nullability-completeness (and other) warnings.
I doubt that it's practical to get these right for every SDK version at this time. Added
functions for overriding HTTPS certicate behavior that we used to declare in .m files.
* platform/spi/mac/AVFoundationSPI.h: Define AVAssetCache conditionally.

Source/WebKit2:

* NetworkProcess/ios/NetworkProcessIOS.mm: -setAllowsSpecificHTTPSCertificate:forHost:
is now in CFNetworkSPI.h
* NetworkProcess/mac/NetworkProcessMac.mm: Ditto.
* Shared/mac/CookieStorageShimLibrary.cpp:
(WebKit::WebKitCookieStorageShimInitialize): Use more portable std::call_once.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdding wptserve logging for 404 file-serving responses
youenn.fablet@crf.canon.fr [Sat, 28 May 2016 19:53:27 +0000 (19:53 +0000)]
Adding wptserve logging for 404 file-serving responses
https://bugs.webkit.org/show_bug.cgi?id=158183

Reviewed by Alexey Proskuryakov.

* resources/web-platform-tests-modules.json: Modifying wptserve module to log 404 FileHandler exceptions.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAutocorrection makes it hard to type "doesn't" and to type @ in email addresses
rniwa@webkit.org [Sat, 28 May 2016 19:18:48 +0000 (19:18 +0000)]
Autocorrection makes it hard to type "doesn't" and to type @ in email addresses
https://bugs.webkit.org/show_bug.cgi?id=158177
.:

Reviewed by Darin Adler.

Fixed manual tests for autocorrection panels and added a manual test for . Most of changes are fixing up the path to LayoutTests/editing/editing.js.

Also wrap many steps to type in a space or delete a character inside setTimeout since autocorrection happens on a timer
and the fact WebKit2 communicates with NSSpellChecker via IPC makes the behavior even more indeterministic.

* ManualTests/autocorrection/autocorrection-at-mark.html: Added.
* ManualTests/autocorrection/autocorrection-cancelled-by-ESC.html:
* ManualTests/autocorrection/autocorrection-cancelled-by-typing-1.html:
* ManualTests/autocorrection/autocorrection-contraction-2.html: Added.
* ManualTests/autocorrection/autocorrection-contraction.html:
* ManualTests/autocorrection/autocorrection-in-iframe.html:
* ManualTests/autocorrection/close-window-when-correction-is-shown.html:
* ManualTests/autocorrection/continue-typing-to-dismiss-reversion.html:
* ManualTests/autocorrection/delete-to-dismiss-reversion.html:
* ManualTests/autocorrection/delete-to-end-of-word-to-show-reversion.html:
* ManualTests/autocorrection/dismiss-multiple-guesses.html:
* ManualTests/autocorrection/document-for-iframe-test.html: Removed.
* ManualTests/autocorrection/move-to-end-of-word-to-show-reversion.html: Type a space and move care in setTimeout as
the reversion panel wouldn't show up otherwise.
* ManualTests/autocorrection/remove-misspelling-marker-after-appending-letter.html: Delay the typing of a space as well as
deleting letters since autocorrection panel wouldn't show up in time otherwise, and deleting character immediately would
reject the autocorrection instead of accepting it. Also removed the steps to add back the spellchecking marker and extracted
it as a separate test.
* ManualTests/autocorrection/removing-misspelling-marker-after-appending-letter-2.html: Copied. This test continues the full
scenario in the previous test by typing a space and deleting the character, thereby bringing up spellchecking marker.
* ManualTests/autocorrection/resources: Added.
* ManualTests/autocorrection/resources/document-for-iframe-test.html: Moved from ManualTests/autocorrection/.
* ManualTests/autocorrection/select-from-multiple-guesses.html: Added a missing instruction.
* ManualTests/autocorrection/spell-checking-after-reversion.html:
* ManualTests/autocorrection/type-whitespace-to-dismiss-reversion.html: Delay the typing of a space and moving the selection
since the reversion panel wouldn't show up otherwise.
* ManualTests/autocorrection/undo-autocorrection-2.html: Copied. Automated most of steps in the second test case.
* ManualTests/autocorrection/undo-autocorrection.html:

Source/WebCore:

<rdar://problem/20490862>
<rdar://problem/24707954>

Reviewed by Darin Adler.

When the user had typed "doesn'", some unified spellchecker may try to autocorrect it to "doesn't" or "does"
but we should ignore this for a moment until the next character is typed by the user. The code to deal with
this situation which checks the existence of an "ambiguous boundary character" was not robust when the
replacement text was longer than the corrected text.

Fixed this bug by fixing the logic to detect this case. Also added '@' as an ambiguous boundary character
since autocorrecting letters that appear right before '@' would not be useful in many cases.

Tests: ManualTests/autocorrection/autocorrection-at-mark.html
       ManualTests/autocorrection/autocorrection-contraction-2.html

* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::timerFired): Fixed a bug that we can show an empty reversion panel.
* editing/Editor.cpp:
(WebCore::Editor::markAndReplaceFor): When the user had typed "doesn'" and our autocorrection result is
"doesn't", resultEndLocation (the end of "doesn't") is larger than selectionOffset (the end of "doesn'").
When the correction is "does", resultEndLocation (the end of "does") is one less than selectionOffset.
Updated the condition to deal with both of these conditions as well as cases where the correction result
contains more than one letter after '.
* editing/htmlediting.cpp:
(WebCore::isAmbiguousBoundaryCharacter): Moved from the header file since this is not a hot function and
doesn't need to be inlined everywhere. Added '@' as an ambiguous boundary character.
* editing/htmlediting.h:
(WebCore::isAmbiguousBoundaryCharacter): Moved to the cpp file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agotests fail if display sleeps while run-webkit-tests is running
aakash_jain@apple.com [Sat, 28 May 2016 18:27:53 +0000 (18:27 +0000)]
tests fail if display sleeps while run-webkit-tests is running
https://bugs.webkit.org/show_bug.cgi?id=153919

Reviewed by Darin Adler.

* DumpRenderTree/mac/LayoutTestHelper.m:
(addDisplaySleepAssertion): Use PreventUserIdleSystemSleep flag, same as set by caffeinate tool.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201489 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Next] Trailing commas in function parameters.
gskachkov@gmail.com [Sat, 28 May 2016 18:26:41 +0000 (18:26 +0000)]
[Next] Trailing commas in function parameters.
https://bugs.webkit.org/show_bug.cgi?id=158020

Reviewed by Keith Miller.

ESNext allow to add trailing commas in function parameters and function arguments.
Link to spec - https://jeffmo.github.io/es-trailing-function-commas
Example of using - (function (a, b,) { return a + b; })(1,2,);

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::Parser<LexerType>::parseArguments):
* tests/stress/trailing-comma-in-function-paramters.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] op_new_arrow_func_exp is no longer necessary
utatane.tea@gmail.com [Sat, 28 May 2016 17:47:10 +0000 (17:47 +0000)]
[JSC] op_new_arrow_func_exp is no longer necessary
https://bugs.webkit.org/show_bug.cgi?id=158180

Reviewed by Saam Barati.

This patch removes op_new_arrow_func_exp bytecode since
what op_new_arrow_func_exp is doing is completely the same to op_new_func_exp.

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset): Deleted.
(JSC::computeDefsForBytecodeOffset): Deleted.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode): Deleted.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel): Deleted.
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass): Deleted.
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_arrow_func_exp): Deleted.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL): Deleted.
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFileSystem: use OS(WINDOWS) instead of PLATFORM(WIN).
annulen@yandex.ru [Sat, 28 May 2016 17:05:06 +0000 (17:05 +0000)]
FileSystem: use OS(WINDOWS) instead of PLATFORM(WIN).
https://bugs.webkit.org/show_bug.cgi?id=158168

Reviewed by Darin Adler.

No new tests needed.

* platform/FileSystem.cpp:
(WebCore::lastComponentOfPathIgnoringTrailingSlash):
(WebCore::MappedFileData::~MappedFileData):
(WebCore::MappedFileData::MappedFileData):
* platform/FileSystem.h: Removed unused PlatformFilePathSeparator
constant.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201486 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse COMPILER(MSVC) instead of PLATFORM(WIN) for MSVC-specific workaround
annulen@yandex.ru [Sat, 28 May 2016 16:55:38 +0000 (16:55 +0000)]
Use COMPILER(MSVC) instead of PLATFORM(WIN) for MSVC-specific workaround
https://bugs.webkit.org/show_bug.cgi?id=158169

Reviewed by NOBODY (OOPS!).

No new tests needed.

* platform/PlatformMouseEvent.h:
* platform/win/PlatformMouseEventWin.cpp: Moved operators'
implementations to PlatformMouseEvent.h

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModernize lambda captures in the network disk cache implementation
cdumez@apple.com [Sat, 28 May 2016 16:54:36 +0000 (16:54 +0000)]
Modernize lambda captures in the network disk cache implementation
https://bugs.webkit.org/show_bug.cgi?id=158179

Reviewed by Darin Adler.

Modernize lambda captures in the network disk cache implementation.

* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::traverse):
* NetworkProcess/cache/NetworkCache.h:
* NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:
(WebKit::NetworkCache::inputStreamReadReadyCallback):
(WebKit::NetworkCache::outputStreamWriteReadyCallback):
* NetworkProcess/cache/NetworkCacheStatistics.cpp:
(WebKit::NetworkCache::Statistics::initialize):
(WebKit::NetworkCache::Statistics::shrinkIfNeeded):
(WebKit::NetworkCache::Statistics::queryWasEverRequested):
* NetworkProcess/cache/NetworkCacheStatistics.h:
* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::updateFileModificationTime):
(WebKit::NetworkCache::Storage::clear):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201484 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix for projects that include MainThread.h without including FastMalloc.h.
mitz@apple.com [Sat, 28 May 2016 16:33:00 +0000 (16:33 +0000)]
Build fix for projects that include MainThread.h without including FastMalloc.h.

* wtf/NoncopyableFunction.h: Include FastMalloc.h from here.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201483 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agocallOnMainThread() should not copy captured lambda variables
cdumez@apple.com [Sat, 28 May 2016 05:51:42 +0000 (05:51 +0000)]
callOnMainThread() should not copy captured lambda variables
https://bugs.webkit.org/show_bug.cgi?id=158166

Reviewed by Brady Eidson.

Source/WebCore:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::putOrAddOnServer):
* Modules/mediastream/MediaDevicesRequest.cpp:
(WebCore::MediaDevicesRequest::didCompletePermissionCheck):
(WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::MediaEndpointPeerConnection::runTask):
* Modules/mediastream/MediaEndpointPeerConnection.h:
* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::UserMediaRequest::constraintsValidated):
(WebCore::UserMediaRequest::userMediaAccessGranted):
* Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::scheduleNodeDeletion):
(WebCore::AudioContext::isPlayingAudioDidChange):
* dom/Document.cpp:
(WebCore::Document::postTask):
(WebCore::Document::pendingTasksTimerFired): Deleted.
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestScript):
* fileapi/AsyncFileStream.cpp:
(WebCore::callOnFileThread):
(WebCore::AsyncFileStream::~AsyncFileStream):
(WebCore::AsyncFileStream::perform):
* fileapi/AsyncFileStream.h:
* fileapi/ThreadableBlobRegistry.cpp:
(WebCore::ThreadableBlobRegistry::registerFileBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURLForSlice):
(WebCore::ThreadableBlobRegistry::blobSize):
(WebCore::ThreadableBlobRegistry::unregisterBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked): Deleted.
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::dispatchDidImportIconURLForPageURLOnMainThread):
(WebCore::IconDatabase::dispatchDidImportIconDataForPageURLOnMainThread):
* page/ResourceUsageThread.cpp:
(WebCore::ResourceUsageThread::notifyObservers):
(WebCore::ResourceUsageThread::threadBody):
* page/ResourceUsageThread.h:
* page/scrolling/ScrollingThread.cpp:
(WebCore::ScrollingThread::dispatch):
(WebCore::ScrollingThread::dispatchBarrier):
(WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
* page/scrolling/ScrollingThread.h:
* page/scrolling/ios/ScrollingTreeIOS.cpp:
(WebCore::ScrollingTreeIOS::invalidate):
(WebCore::ScrollingTreeIOS::scrollingTreeNodeDidScroll):
(WebCore::ScrollingTreeIOS::currentSnapPointIndicesDidChange):
(WebCore::ScrollingTreeIOS::createScrollingTreeNode): Deleted.
* page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
(WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollerImpsOnTheMainThread):
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::releaseMemory):
* platform/audio/ios/MediaSessionManagerIOS.mm:
(-[WebMediaSessionHelper dealloc]):
(-[WebMediaSessionHelper startMonitoringAirPlayRoutes]):
(-[WebMediaSessionHelper stopMonitoringAirPlayRoutes]):
* platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
(WebCore::AudioSourceProviderAVFObjC::prepare):
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
(WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):
(WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification):
* platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
(-[WebCDMSessionAVFoundationObjCListener observeValueForKeyPath:ofObject:change:context:]):
* platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
(-[WebAVOutputDeviceMenuControllerHelper observeValueForKeyPath:ofObject:change:context:]):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
(-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
(-[WebCoreAVFMovieObserver outputSequenceWasFlushed:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForResponseToAuthenticationChallenge:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:didCancelLoadingRequest:]):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::CMTimebaseEffectiveRateChangedCallback):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::play):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::pause):
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]):
(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]):
(-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]):
(-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
(-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]):
(-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
(-[WebAVSampleBufferErrorListener observeValueForKeyPath:ofObject:change:context:]):
(-[WebAVSampleBufferErrorListener layerFailedToDecode:]):
* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::patternReleaseCallback):
* platform/graphics/cg/PatternCG.cpp:
(WebCore::patternReleaseCallback):
* platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
(WebCore::MediaPlayerPrivateMediaFoundation::endCreatedMediaSource):
(WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
(WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::processInputNotify):
* platform/mediastream/MediaStreamPrivate.cpp:
(WebCore::MediaStreamPrivate::scheduleDeferredTask):
* platform/mediastream/MediaStreamPrivate.h:
* platform/mediastream/mac/AVMediaCaptureSource.h:
* platform/mediastream/mac/AVMediaCaptureSource.mm:
(WebCore::AVMediaCaptureSource::scheduleDeferredTask):
* platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):
* platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
(WebCore::WebAudioSourceProviderAVFObjC::prepare):
* platform/mock/MockRealtimeMediaSourceCenter.cpp:
(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):
* platform/network/BlobResourceHandle.cpp:
(WebCore::BlobResourceHandle::start):
(WebCore::BlobResourceHandle::notifyFinish):
* platform/network/DataURLDecoder.cpp:
(WebCore::DataURLDecoder::decode):
* platform/network/DataURLDecoder.h:
* platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSession dealloc]):
(-[WebCoreNSURLSessionDataTask cancel]):
(-[WebCoreNSURLSessionDataTask suspend]):
(-[WebCoreNSURLSessionDataTask resume]):
* platform/network/curl/CurlDownload.cpp:
(WebCore::CurlDownload::didReceiveHeader):
(WebCore::CurlDownload::didReceiveData): Deleted.

Source/WebKit:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

* Storage/StorageAreaSync.cpp:
(WebCore::StorageAreaSync::deleteEmptyDatabase):
* Storage/StorageSyncManager.cpp:
(WebCore::StorageSyncManager::dispatch):
* Storage/StorageSyncManager.h:
* Storage/StorageThread.cpp:
(WebCore::StorageThread::dispatch):
(WebCore::StorageThread::terminate):
(WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads):
* Storage/StorageThread.h:
* Storage/StorageTracker.cpp:
(WebCore::StorageTracker::syncFileSystemAndTrackerDatabase):
(WebCore::StorageTracker::setOriginDetails):

Source/WebKit/mac:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

* Storage/WebDatabaseManagerClient.mm:
(DidModifyOriginData::dispatchToMainThread):
(DidModifyOriginData::DidModifyOriginData): Deleted.
* Storage/WebStorageTrackerClient.mm:
(WebStorageTrackerClient::dispatchDidModifyOrigin):

Source/WTF:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

* WTF.xcodeproj/project.pbxproj:

* wtf/FunctionDispatcher.h:
* wtf/NoncopyableFunction.h:
- Moved NoncopyableFunction from FunctionDispatcher.h to
  NoncopyableFunction.h.
- Add a new operator=(nullptr_t) operator to NoncopyableFunction to
  match std::function, as one of the call sites needed it.

* wtf/MainThread.cpp:
(WTF::functionQueue):
(WTF::dispatchFunctionsFromMainThread):
(WTF::callOnMainThread):
* wtf/MainThread.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201482 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] implement async functions proposal
caitp@igalia.com [Sat, 28 May 2016 05:44:10 +0000 (05:44 +0000)]
[JSC] implement async functions proposal
https://bugs.webkit.org/show_bug.cgi?id=156147

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

Adds support for `async` functions, proposed in https://tc39.github.io/ecmascript-asyncawait/.

On the front-end side, "await" becomes a contextual keyword when used within an async function,
which triggers parsing an AwaitExpression. "await" becomes an illegal identifier name within
these contexts. The bytecode generated from an "await" expression is identical to that generated
in a "yield" expression in a Generator, as AsyncFunction reuses generator's state machine mechanism.

There are numerous syntactic forms for language features, including a variation on ArrowFunctions,
requiring the keyword `async` to precede ArrowFormalParameters, and similarly, MethodDefinitions,
which are ordinary MethodDefinitions preceded by the keyword `async`.

An async function desugars to the following:

```
async function asyncFn() {
}

becomes:

function asyncFn() {
    let generator = {
        @generatorNext: function(@generator, @generatorState, @generatorValue, @generatorResumeMode) {
          // generator state machine stuff here
        },
        @generatorState: 0,
        @generatorThis: this,
        @generatorFrame: null
    };
    return @asyncFunctionResume(generator, undefined, GeneratorResumeMode::NormalMode);
}
```

`@asyncFunctionResume()` is similar to `@generatorResume`, with the exception that it will wrap the
result of invoking `@generatorNext()` in a Promise, and will avoid allocating an iterator result
object.

If the generator has yielded (an AwaitExpression has occurred), resumption will occur automatically
once the await-expression operand is finished, via Promise chaining.

* API/JSScriptRef.cpp:
(parseScript):
* CMakeLists.txt:
* DerivedSources.make:
* JavaScriptCore.xcodeproj/project.pbxproj:
* builtins/AsyncFunctionPrototype.js: Added.
(asyncFunctionResume):
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createExecutable):
* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::isArrowFunction):
(JSC::UnlinkedCodeBlock::isOrdinaryArrowFunction):
(JSC::UnlinkedCodeBlock::isAsyncArrowFunction):
* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):
(JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
* bytecode/UnlinkedFunctionExecutable.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitNewMethodDefinition):
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::makeFunction):
* bytecompiler/NodesCodegen.cpp:
(JSC::FunctionNode::emitBytecode):
* inspector/agents/InspectorRuntimeAgent.cpp:
(Inspector::InspectorRuntimeAgent::parse):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emitNewFuncCommon):
(JSC::JIT::emit_op_new_async_func):
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_async_func_exp):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jsc.cpp:
(runInteractive):
(printUsageStatement):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createAsyncFunctionBody):
* parser/Keywords.table:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::isArrowFunctionParameters):
(JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionDeclarationStatement):
(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::stringForFunctionMode):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
(JSC::Parser<LexerType>::parseImportClauseItem):
(JSC::Parser<LexerType>::parseImportDeclaration):
(JSC::Parser<LexerType>::parseExportDeclaration):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseAwaitExpression):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
(JSC::Parser<LexerType>::parseAsyncFunctionExpression):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::parseArrowFunctionExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):
(JSC::Parser<LexerType>::printUnexpectedTokenText):
* parser/Parser.h:
(JSC::isIdentifierOrKeyword):
(JSC::Scope::Scope):
(JSC::Scope::setSourceParseMode):
(JSC::Scope::isAsyncFunction):
(JSC::Scope::isAsyncFunctionBoundary):
(JSC::Scope::isModule):
(JSC::Scope::setIsFunction):
(JSC::Scope::setIsAsyncArrowFunction):
(JSC::Scope::setIsAsyncFunction):
(JSC::Scope::setIsAsyncFunctionBody):
(JSC::Scope::setIsAsyncArrowFunctionBody):
(JSC::Parser::ExpressionErrorClassifier::forceClassifyExpressionError):
(JSC::Parser::ExpressionErrorClassifier::propagateExpressionErrorClass):
(JSC::Parser::ExpressionErrorClassifier::indicatesPossibleAsyncArrowFunction):
(JSC::Parser::forceClassifyExpressionError):
(JSC::Parser::declarationTypeToVariableKind):
(JSC::Parser::closestParentOrdinaryFunctionNonLexicalScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::matchSpecIdentifier):
(JSC::Parser::isDisallowedIdentifierAwait):
(JSC::Parser::disallowedIdentifierAwaitReason):
(JSC::parse):
* parser/ParserModes.h:
(JSC::isFunctionParseMode):
(JSC::isAsyncFunctionParseMode):
(JSC::isAsyncArrowFunctionParseMode):
(JSC::isAsyncFunctionWrapperParseMode):
(JSC::isAsyncFunctionBodyParseMode):
(JSC::isModuleParseMode):
(JSC::isProgramParseMode):
(JSC::constructAbilityForParseMode):
* parser/ParserTokens.h:
* parser/SourceCodeKey.h:
(JSC::SourceCodeKey::SourceCodeKey):
(JSC::SourceCodeKey::runtimeFlags):
(JSC::SourceCodeKey::operator==):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createAsyncFunctionBody):
* runtime/AsyncFunctionConstructor.cpp: Added.
(JSC::AsyncFunctionConstructor::AsyncFunctionConstructor):
(JSC::AsyncFunctionConstructor::finishCreation):
(JSC::callAsyncFunctionConstructor):
(JSC::constructAsyncFunctionConstructor):
(JSC::AsyncFunctionConstructor::getCallData):
(JSC::AsyncFunctionConstructor::getConstructData):
* runtime/AsyncFunctionConstructor.h: Added.
(JSC::AsyncFunctionConstructor::create):
(JSC::AsyncFunctionConstructor::createStructure):
* runtime/AsyncFunctionPrototype.cpp: Added.
(JSC::AsyncFunctionPrototype::AsyncFunctionPrototype):
(JSC::AsyncFunctionPrototype::finishCreation):
* runtime/AsyncFunctionPrototype.h: Added.
(JSC::AsyncFunctionPrototype::create):
(JSC::AsyncFunctionPrototype::createStructure):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getModuleProgramCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):
* runtime/CodeCache.h:
* runtime/CommonIdentifiers.h:
* runtime/Completion.cpp:
(JSC::checkSyntax):
(JSC::checkModuleSyntax):
* runtime/Completion.h:
* runtime/Executable.cpp:
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ProgramExecutable::checkSyntax):
* runtime/Executable.h:
* runtime/FunctionConstructor.cpp:
(JSC::constructFunctionSkippingEvalEnabledCheck):
* runtime/FunctionConstructor.h:
* runtime/JSAsyncFunction.cpp: Added.
(JSC::JSAsyncFunction::JSAsyncFunction):
(JSC::JSAsyncFunction::createImpl):
(JSC::JSAsyncFunction::create):
(JSC::JSAsyncFunction::createWithInvalidatedReallocationWatchpoint):
* runtime/JSAsyncFunction.h: Added.
(JSC::JSAsyncFunction::allocationSize):
(JSC::JSAsyncFunction::createStructure):
* runtime/JSFunction.cpp:
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::asyncFunctionPrototype):
(JSC::JSGlobalObject::asyncFunctionStructure):
* runtime/ModuleLoaderObject.cpp:
(JSC::moduleLoaderObjectParseModule):
* runtime/RuntimeFlags.h:
(JSC::RuntimeFlags::operator==):
(JSC::RuntimeFlags::operator!=):
* tests/stress/async-await-basic.js: Added.
(shouldBe):
(shouldBeAsync):
(shouldThrow):
(shouldThrowAsync):
(let.AsyncFunction.async):
(async.asyncFunctionForProto):
(Object.getPrototypeOf.async):
(Object.getPrototypeOf.async.method):
(async):
(async.method):
(async.asyncNonConstructorDecl):
(shouldThrow.new.async):
(shouldThrow.new.async.nonConstructor):
(async.asyncDecl):
(async.f):
(MyError):
(async.asyncDeclThrower):
(shouldThrowAsync.async):
(resolveLater):
(rejectLater):
(async.resumeAfterNormal):
(O.async.resumeAfterNormal):
(resumeAfterNormalArrow.async):
(async.resumeAfterThrow):
(O.async.resumeAfterThrow):
(resumeAfterThrowArrow.async):
(catch):
* tests/stress/async-await-module-reserved-word.js: Added.
(shouldThrow):
(SyntaxError.Canstring_appeared_hereawait.checkModuleSyntaxError.String.raw.await):
(checkModuleSyntaxError.String.raw.await):
(checkModuleSyntaxError.String.raw.async.await):
(SyntaxError.Cannot.declare.named):
* tests/stress/async-await-mozilla.js: Added.
(shouldBe):
(shouldBeAsync):
(shouldThrow):
(shouldThrowAsync):
(assert):
(shouldThrowSyntaxError):
(mozSemantics.async.empty):
(mozSemantics.async.simpleReturn):
(mozSemantics.async.simpleAwait):
(mozSemantics.async.simpleAwaitAsync):
(mozSemantics.async.returnOtherAsync):
(mozSemantics.async.simpleThrower):
(mozSemantics.async.delegatedThrower):
(mozSemantics.async.tryCatch):
(mozSemantics.async.tryCatchThrow):
(mozSemantics.async.wellFinally):
(mozSemantics.async.finallyMayFail):
(mozSemantics.async.embedded.async.inner):
(mozSemantics.async.embedded):
(mozSemantics.async.fib):
(mozSemantics.async.isOdd.async.isEven):
(mozSemantics.async.isOdd):
(mozSemantics.hardcoreFib.async.fib2):
(mozSemantics.namedAsyncExpr.async.simple):
(mozSemantics.async.executionOrder.async.first):
(mozSemantics.async.executionOrder.async.second):
(mozSemantics.async.executionOrder.async.third):
(mozSemantics.async.executionOrder):
(mozSemantics.async.miscellaneous):
(mozSemantics.thrower):
(mozSemantics.async.defaultArgs):
(mozSemantics.shouldThrow):
(mozSemantics):
(mozMethods.X):
(mozMethods.X.prototype.async.getValue):
(mozMethods.X.prototype.setValue):
(mozMethods.X.prototype.async.increment):
(mozMethods.X.prototype.async.getBaseClassName):
(mozMethods.X.async.getStaticValue):
(mozMethods.Y.prototype.async.getBaseClassName):
(mozMethods.Y):
(mozFunctionNameInferrence.async.test):
(mozSyntaxErrors):
* tests/stress/async-await-reserved-word.js: Added.
(assert):
(shouldThrowSyntaxError):
(AsyncFunction.async):
* tests/stress/async_arrow_functions_lexical_arguments_binding.js: Added.
(shouldBe):
(shouldBeAsync):
(shouldThrowAsync):
(noArgumentsArrow2.async):
* tests/stress/async_arrow_functions_lexical_new.target_binding.js: Added.
(shouldBe):
(shouldBeAsync):
(shouldThrowAsync):
(C1):
(C2):
(shouldThrowAsync.async):
* tests/stress/async_arrow_functions_lexical_super_binding.js: Added.
(shouldBe):
(shouldBeAsync):
(BaseClass.prototype.baseClassValue):
(BaseClass):
(ChildClass.prototype.asyncSuperProp):
(ChildClass.prototype.asyncSuperProp2):
(ChildClass):
* tests/stress/async_arrow_functions_lexical_this_binding.js: Added.
(shouldBe):
(shouldBeAsync):
(d.y):

Source/WebKit/mac:

* WebView/WebPreferencesPrivate.h:

Source/WebKit/win:

* Interfaces/IWebPreferencesPrivate.idl:

Source/WebKit2:

* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImprove lambda capture in NetworkCache::Storage::synchronize()
cdumez@apple.com [Sat, 28 May 2016 04:48:49 +0000 (04:48 +0000)]
Improve lambda capture in NetworkCache::Storage::synchronize()
https://bugs.webkit.org/show_bug.cgi?id=158176

Reviewed by Brady Eidson.

Improve lambda capture in NetworkCache::Storage::synchronize(). We can
now capture the std::unique_ptr<> variables directly thanks to:
1. C++14's support for initializer's in lambda captures
2. RunLoop::dispatch() now takes a NoncopyableFunction in instead of
   a std::function, allowing us to capture non-copyable variables.

* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::synchronize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201480 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, build fix for JSCOnly port.
utatane.tea@gmail.com [Sat, 28 May 2016 04:18:57 +0000 (04:18 +0000)]
Unreviewed, build fix for JSCOnly port.
https://bugs.webkit.org/show_bug.cgi?id=158111

Use NoncopyableFunction instead of std::function<>.

* wtf/generic/RunLoopGeneric.cpp:
(WTF::RunLoop::TimerBase::ScheduledTask::create):
(WTF::RunLoop::TimerBase::ScheduledTask::ScheduledTask):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201479 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION (r190574): Swipe snapshots are always black on iPhone 5
timothy_horton@apple.com [Sat, 28 May 2016 01:22:50 +0000 (01:22 +0000)]
REGRESSION (r190574): Swipe snapshots are always black on iPhone 5
https://bugs.webkit.org/show_bug.cgi?id=158171
<rdar://problem/24639709>

Reviewed by Beth Dakin.

* platform/graphics/cocoa/IOSurface.mm:
(optionsForBiplanarSurface):
(optionsFor32BitSurface):
(IOSurface::IOSurface):
(IOSurface::format):
We are supposed to be using bi-planar 422f, not yuvf. They're the same
size, but different formats, and 422f is supported in more places.

Clean up the IOSurface constructor so we don't have a switch inside an if
with random ASSERT_NOT_REACHED, making helper functions to build the
options dictionary for arbitrary-size biplanar and 32-bit single-planar
surfaces.

I don't know how to write a test because IOSurface is not supported
in the simulator.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Not all transitively dominated nodes display their retained size
commit-queue@webkit.org [Sat, 28 May 2016 00:44:13 +0000 (00:44 +0000)]
Web Inspector: Not all transitively dominated nodes display their retained size
https://bugs.webkit.org/show_bug.cgi?id=158174

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-27
Reviewed by Timothy Hatcher.

* UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._isDominatedByNonBaseParent):
Use the parent reference changing in the loop instead of always using the same parent.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEventHandler finds incorrect scrollable container.
zalan@apple.com [Sat, 28 May 2016 00:07:35 +0000 (00:07 +0000)]
EventHandler finds incorrect scrollable container.
https://bugs.webkit.org/show_bug.cgi?id=158132
<rdar://problem/26423126>

Reviewed by Brent Fulgham.

Fix the logic that checks whether we are at the beginning or at the end of the container (horizontally).
While scrolling to the right, deltaX has negative values. So in case of deltaX < 0, we need to check if
the container is not scrolled all the way to the right.

Source/WebCore:

Test: fast/scrolling/scroll-container-horizontally.html

* page/mac/EventHandlerMac.mm:
(WebCore::findEnclosingScrollableContainer):

LayoutTests:

* fast/scrolling/scroll-container-horizontally-expected.txt: Added.
* fast/scrolling/scroll-container-horizontally.html: Added.
* platform/ios-simulator/TestExpectations:
* platform/mac-wk1/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201476 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDisplay failing JSC stress tests in buildbot dashboard
commit-queue@webkit.org [Sat, 28 May 2016 00:06:01 +0000 (00:06 +0000)]
Display failing JSC stress tests in buildbot dashboard
https://bugs.webkit.org/show_bug.cgi?id=156595

Patch by Srinivasan Vijayaraghavan <svijayaraghavan@apple.com> on 2016-05-27
Reviewed by Alexey Proskuryakov.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Buildbot.js:
(Buildbot.prototype.javaScriptCoreTestFailuresURLForIteration):
(Buildbot.prototype.javaScriptCoreTestStdioUrlForIteration):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotCombinedQueueView.js:
(BuildbotCombinedQueueView.prototype.update):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:
(BuildbotIteration):
(BuildbotIteration.prototype._parseData):
(BuildbotIteration.prototype.loadLayoutTestResults):
(BuildbotIteration.prototype.):
(BuildbotIteration.prototype.loadJavaScriptCoreTestResults):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueueView.js:
(BuildbotQueueView.prototype._createLoadingIndicator):
(BuildbotQueueView.prototype.):
(BuildbotQueueView.prototype._onPopoverCopy):
(BuildbotQueueView.prototype._popoverContentForJavaScriptCoreTestRegressions):
(BuildbotQueueView.prototype._presentPopoverForJavaScriptCoreTestRegressions):
(BuildbotQueueView.prototype._addIterationHeadingToPopover):
(BuildbotQueueView.prototype._testStepFailureDescription):
(BuildbotQueueView.prototype._testStepFailureDescriptionWithCount):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:
(BuildbotTestResults.prototype.addJavaScriptCoreTestFailures):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:
(BuildbotTesterQueueView.prototype.appendBuilderQueueStatus):
(BuildbotTesterQueueView.prototype.update):
(BuildbotTesterQueueView.prototype._popoverContentForLayoutTestRegressions):
(BuildbotTesterQueueView.prototype._presentPopoverForLayoutTestRegressions):
(BuildbotTesterQueueView.prototype._testStepFailureDescription): Deleted.
(BuildbotTesterQueueView.prototype._testStepFailureDescriptionWithCount): Deleted.
(BuildbotTesterQueueView.prototype.): Deleted.
(BuildbotTesterQueueView.prototype.content.oncopy): Deleted.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/index.html:
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbot.js: Copied from Tools/BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js.
(MockBuildbot):
(MockBuildbot.prototype.buildPageURLForIteration):
(MockBuildbot.prototype.javaScriptCoreTestFailuresURLForIteration):
(MockBuildbot.prototype.javaScriptCoreTestStdioUrlForIteration):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js:
(MockBuildbotQueue):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotTestResults.js: Copied from Tools/BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js.
(MockBuildbotTestResults):
(MockBuildbotTestResults.prototype.addJavaScriptCoreTestFailures):
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/test-jsc-results.json: Added.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/tests.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDecrease flicker when changing video presentation mode.
commit-queue@webkit.org [Fri, 27 May 2016 23:58:28 +0000 (23:58 +0000)]
Decrease flicker when changing video presentation mode.
https://bugs.webkit.org/show_bug.cgi?id=158148
rdar://problem/24476949

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-05-27
Source/WebCore:

Reviewed by Jer Noble.

No new tests because there is no behavior change. This change is about the timing of
moving AVPlayerLayers between layers to prevent flicker.

1) Moving an AVPlayerLayer between CAContexts can flicker. So always keep two
AVPlayerLayers around and add and remove them from the inline and fullscreen contexts.
2) Wait to show the inline placeholder until the fullscreen video layer has been installed.
3) Wait to remove the fullscreen video layer until the placeholder has been removed.

* Modules/mediacontrols/MediaControlsHost.cpp:
(WebCore::MediaControlsHost::isVideoLayerInline): Expose isVideoLayerInline to the shadow DOM.
(WebCore::MediaControlsHost::setPreparedForInline): Expose setPreparedForInline to the shadow DOM.
* Modules/mediacontrols/MediaControlsHost.h: Add setPreparedForInline and isVideoLayerInline
* Modules/mediacontrols/MediaControlsHost.idl: Add setPreparedForInline and isVideoLayerInline
* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.showInlinePlaybackPlaceholderWhenSafe): Wait to show placeholder when entering fullscreen.
(Controller.prototype.handlePresentationModeChange): Wait to show placeholder, and notify when placeholder is removed.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::setPreparedForInline):
(WebCore::HTMLMediaElement::waitForPreparedForInlineThen): Used to delay fullscreen cleanup until placeholder is removed.
(WebCore::HTMLMediaElement::setVideoFullscreenLayer): Add a callback so we can wait until this completes before continuing.
* html/HTMLMediaElement.h:
(WebCore::HTMLMediaElement::isVideoLayerInline):
(WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
(WebCore::HTMLMediaElement::setVideoFullscreenLayer): Add completionHandler.
* platform/cocoa/WebVideoFullscreenModelVideoElement.h:
(WebCore::WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer): Add completionHandler.
(WebCore::WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen): Added.
* platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
(WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer): Add completionHandler.
(WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::setVideoFullscreenLayer): Add completionHandler.
* platform/graphics/MediaPlayer.h:
(WebCore::MediaPlayer::setVideoFullscreenLayer): Add completionHandler.
* platform/graphics/MediaPlayerPrivate.h:
(WebCore::MediaPlayerPrivateInterface::setVideoFullscreenLayer): Add completionHandler.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer): Create two video layers.
(WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): Allow two video layers.
(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): Add completionHandler.
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): Allow two video layers.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Allow two video layers.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer): Add completionHandler.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Allow two video layers.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer): Add completionHandler.
* platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
* platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:
(WebCore::VideoFullscreenLayerManager::setVideoLayers): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): Add completionHandler.
(WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::setVideoLayer): Deleted.
* platform/ios/WebVideoFullscreenControllerAVKit.mm:
(WebVideoFullscreenControllerContext::didSetupFullscreen): Use completionHandler.
(WebVideoFullscreenControllerContext::didExitFullscreen): Use completionHandler.

Source/WebKit2:

Reviewed by Tim Horton.

Prevent flicker by using setVideoFullscreenLayer with a completion handler to delay
enter fullscreen and cleanup fullscreen until the video layer has completely been
installed or removed.

* WebProcess/cocoa/WebVideoFullscreenManager.mm:
(WebKit::WebVideoFullscreenManager::didSetupFullscreen):
(WebKit::WebVideoFullscreenManager::didExitFullscreen):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201474 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDebuggerCallFrame crashes when updated with the globalExec because neither ShadowChic...
sbarati@apple.com [Fri, 27 May 2016 23:42:08 +0000 (23:42 +0000)]
DebuggerCallFrame crashes when updated with the globalExec because neither ShadowChicken's algorithm nor StackVisitor's algorithm reasons about the globalExec
https://bugs.webkit.org/show_bug.cgi?id=158104

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

I think globalExec is a special enough case that it should be handled
at the layers above ShadowChicken and StackVisitor. Those APIs should
deal with real stack frames on the machine stack, not a heap constructed frame.

This patch makes DebuggerCallFrame::create aware that it may be
created with the globalObject->globalExec() by having it construct
a single DebuggerCallFrame that wraps the globalExec.

This fixes a crasher because we will construct a DebuggerCallFrame
with the globalExec when the Inspector is set to pause on all uncaught
exceptions and the JS program has a syntax error. Because the program
hasn't begun execution, there is no machine JS stack frame yet. So
DebuggerCallFrame is created with globalExec, which will cause it
to hit an assertion that dictates that the stack have size greater
than zero.

* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::create):

LayoutTests:

* inspector/debugger/breakpoint-syntax-error-top-level-expected.txt: Added.
* inspector/debugger/breakpoint-syntax-error-top-level.html: Added.
* inspector/debugger/resources/file-with-syntax-error.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201473 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed test fix after r201468.
bfulgham@apple.com [Fri, 27 May 2016 23:34:25 +0000 (23:34 +0000)]
Unreviewed test fix after r201468.

Correct output handling to reduce flakiness on test bots.

* http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201472 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash in TreeScope::focusedElement
rniwa@webkit.org [Fri, 27 May 2016 22:31:43 +0000 (22:31 +0000)]
Crash in TreeScope::focusedElement
https://bugs.webkit.org/show_bug.cgi?id=158108

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by a flawed sequence of steps we took to remove an element. When an element is removed,
willRemoveChild and willRemoveChildren fire blur events on removed focused element and its ancestors and
unload event on any removed iframes. However, it was possible to focus an element on which we had fired blur
during an unload event, leaving m_focusedElement point to an element that's not in the document anymore.

Changing the order doesn't help because that would make it possible to insert the removed iframes back into
the document inside a event listener of the blur event, which was specifically fixed by r127534 four years ago.

Instead, fix the bug by not firing blur and change events on removed nodes. New behavior matches Firefox and HTML5
specification: https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule-one

Test: fast/shadow-dom/shadow-root-active-element-crash.html

* dom/ContainerNode.cpp:
(WebCore::willRemoveChild): Made this function static local since it didn't need to have access to any private
member variables. Call Document::nodeWillBeRemoved after disconnecting iframes since unload event handler could
allocate new Ranges just like mutation events.
(WebCore::willRemoveChildren): Ditto.
(WebCore::ContainerNode::removeChild): Removed the calls to removeFullScreenElementOfSubtree and
removeFocusedNodeOfSubtree as they're now called in Document::nodeWillBeRemoved.
(WebCore::ContainerNode::removeChildren): Ditto.
* dom/ContainerNode.h:
* dom/Document.cpp:
(WebCore::Document::removeFocusedNodeOfSubtree): Don't dispatch blur and change events when a node is removed.
(WebCore::Document::setFocusedElement): Added FocusRemovalEventsMode as the third argument. Avoid dispatching blur
and change events when FocusRemovalEventsMode::Dispatch is set.
(WebCore::Document::nodeChildrenWillBeRemoved): Added calls to removeFullScreenElementOfSubtree and
removeFocusedNodeOfSubtree. Also assert that no events are fired within this function. If we ever fire an event here,
"unloaded" iframes can be inserted back into a document before ContainerNode::removeChild actually removes them.
(WebCore::Document::nodeWillBeRemoved): Ditto.
* dom/Document.h:
* dom/TreeScope.cpp:
(WebCore::TreeScope::focusedElement): Added a release assertion to make sure the focused element is in the document
of the tree scope, and added an explicit type check just in case.

LayoutTests:

Added a regression test for accessing shadowRoot.activeElement after re-focusing an element
inside DOMNodeRemovedFromDocument event and unload events.

This patch also restores the expected result of fast/events/onblur-remove.html to that of when
the test was in r15720 and updated in r19014. The expected result was changed in r85495 as it was
converted to a eventSender test.

* fast/dom/Range/range-created-during-remove-children-expected.txt:
* fast/dom/Range/range-created-during-remove-children.html: Update the test to use unload event
of an iframe since we no longer fire blur event when removing a focused element.
* fast/dom/adopt-node-prevented-expected.txt:
* fast/dom/adopt-node-prevented.html: Ditto.
* fast/dom/remove-body-during-body-replacement2.html: Ditto. Use DOMNodeRemoved instead.
* fast/events/nested-event-remove-node-crash.html: Ditto. Use DOMNodeRemovedFromDocument instead.
* fast/events/onblur-remove-expected.txt:
* fast/events/onblur-remove.html: See above.
* fast/shadow-dom/shadow-root-active-element-crash-expected.txt: Added.
* fast/shadow-dom/shadow-root-active-element-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201471 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDFG::LazyJSValue::tryGetStringImpl() crashes for empty values
fpizlo@apple.com [Fri, 27 May 2016 22:29:02 +0000 (22:29 +0000)]
DFG::LazyJSValue::tryGetStringImpl() crashes for empty values
https://bugs.webkit.org/show_bug.cgi?id=158170

Reviewed by Michael Saboff.

The problem here is that jsDynamicCast<>() is evil! It avoids checking for the empty
value, presumably because this makes it soooper fast. In DFG IR, empty values can appear
anywhere because of TDZ.

This patch doesn't change jsDynamicCast<>(), but it hardens our wrappers for it in the DFG
and it has the affected code use one of those wrappers.

* dfg/DFGFrozenValue.h:
(JSC::DFG::FrozenValue::dynamicCast): Harden this.
(JSC::DFG::FrozenValue::cast):
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::tryGetStringImpl): Use the hardened wrapper.
* tests/stress/strcat-emtpy.js: Added. This used to crash every time.
(foo):
(i.catch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSP: Fire 'load' events even when blocking loads via 'frame-src'.
bfulgham@apple.com [Fri, 27 May 2016 20:50:04 +0000 (20:50 +0000)]
CSP: Fire 'load' events even when blocking loads via 'frame-src'.
https://bugs.webkit.org/show_bug.cgi?id=153150
<rdar://problem/24383162>

Reviewed by Daniel Bates.

Source/WebCore:

Always fire a load event, even when the load is blocked by CSP rules, so that
attackers cannot gain knowledge about the URL in the frame by blocking the
load and waiting long enough to be sure that a 'load' event would have
fired if the load wasn't blocked.

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?view=rev&revision=165743>

Tests: http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html

* loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):

LayoutTests:

* TestExpectations: Unskip the cross-origin load test.
* http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt: Update to match
our message format.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201468 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoregExpProtoFuncSplitFast should OOM before it swaps
fpizlo@apple.com [Fri, 27 May 2016 20:45:08 +0000 (20:45 +0000)]
regExpProtoFuncSplitFast should OOM before it swaps
https://bugs.webkit.org/show_bug.cgi?id=158157

Reviewed by Mark Lam.

This is a huge speed-up on some jsfunfuzz test cases because it makes us realize much
sooner that running a regexp split will result in swapping. It uses the same basic
approach as http://trac.webkit.org/changeset/201451: if the result array crosses a certain
size threshold, we proceed with a dry run to see how big the array will get before
allocating anything else. This way, bogus uses of split that would have OOMed only after
killing the user's machine will now OOM before killing the user's machine.

This is an enormous speed-up on some jsfunfuzz tests: they go from running for a long
time to running instantly.

* runtime/RegExpPrototype.cpp:
(JSC::advanceStringIndex):
(JSC::genericSplit):
(JSC::regExpProtoFuncSplitFast):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* tests/stress/big-split-captures.js: Added.
* tests/stress/big-split.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201467 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDocument abandons its EventTargetData.
akling@apple.com [Fri, 27 May 2016 20:32:42 +0000 (20:32 +0000)]
Document abandons its EventTargetData.
<https://webkit.org/b/158158>

Reviewed by Darin Adler.

Node::willBeDeletedFrom() is called when destroying all Node types *except* Document.
If a Document had an associated EventTargetData, it would not get cleaned up.

This patch moves the EventTargetData cleanup to ~Node() where it's guaranteed to run.

* dom/Node.cpp:
(WebCore::Node::~Node):
(WebCore::Node::willBeDeletedFrom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201466 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoShadowChicken/DebuggerCallFrame don't properly handle when the entry stack frame...
sbarati@apple.com [Fri, 27 May 2016 20:26:06 +0000 (20:26 +0000)]
ShadowChicken/DebuggerCallFrame don't properly handle when the entry stack frame is a tail deleted frame
https://bugs.webkit.org/show_bug.cgi?id=158131

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

There were bugs both in DebuggerCallFrame and ShadowChicken when the entry stack
frame(s) are tail deleted.

DebuggerCallFrame had an assertion saying that the entry frame shouldn't be
tail deleted. This is clearly wrong. The following program proves that this assertion
was misguided:
```
"use strict";
setTimeout(function foo() { return bar(); }, 0);
```

ShadowChicken had a very subtle bug when creating the shadow stack when
the entry frames of the stack were tail deleted. Because it places frames into its shadow
stack by walking the machine frame and looking up entries in the log,
the machine frame doesn't have any notion of those tail deleted frames
at the entry of execution. ShadowChicken would never find those frames
because it would look for tail deleted frames *before* consulting the
current machine frame. This is wrong because if the entry frames
are tail deleted, then there is no machine frame for them because there
is no machine frame before them! Therefore, we must search for tail deleted
frames *after* consulting a machine frame. This is sound because we will always
have at least one machine frame on the stack (when we are using StackVisitor on a valid ExecState).
So when we consult the machine frame that is the entry frame on the machine stack,
we will search for tail deleted frames that come before it in the shadow stack.
This will allow us to find those tail deleted frames that are the entry frames
for the shadow stack.

* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::create):
* interpreter/ShadowChicken.cpp:
(JSC::ShadowChicken::Packet::dump):
(JSC::ShadowChicken::update):
(JSC::ShadowChicken::dump):

LayoutTests:

* inspector/debugger/resources/tail-deleted-frames-from-vm-entry.js: Added.
(timeout):
(bar):
* inspector/debugger/tail-deleted-frames-from-vm-entry-expected.txt: Added.
* inspector/debugger/tail-deleted-frames-from-vm-entry.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201465 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables
cdumez@apple.com [Fri, 27 May 2016 20:22:12 +0000 (20:22 +0000)]
WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables
https://bugs.webkit.org/show_bug.cgi?id=158111

Reviewed by Darin Adler.

WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables.
These are often used cross-thread and copying the captured lambda variables can be
dangerous (e.g. we do not want to copy a String after calling isolatedCopy() upon
capture).

Source/JavaScriptCore:

* runtime/Watchdog.cpp:
(JSC::Watchdog::startTimer):
(JSC::Watchdog::Watchdog): Deleted.
(JSC::Watchdog::setTimeLimit): Deleted.
* runtime/Watchdog.h:

Source/WebKit2:

* NetworkProcess/NetworkProcess.cpp:
(WebKit::clearDiskCacheEntries):
* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::clear):
* NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:
(WebKit::NetworkCache::runTaskInQueue):
* Platform/IPC/Connection.cpp:
(IPC::Connection::processIncomingMessage):
* UIProcess/Storage/StorageManager.cpp:
(WebKit::StorageManager::getSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
* UIProcess/Storage/StorageManager.h:

Source/WTF:

This patch introduces a new NoncopyableFunction type that behaves similarly to
std::function but guarantees that the passed-in lambda (and its captured variables)
cannot be copied. This new NoncopyableFunction type is now used for
WorkQueue / RunLoop's dispatch() / dispatchAfter() which are commonly used
cross-thread. This should now allow us to call WorkQueue::dispatch() with a lambda
that captures a String like so:
[str = str.isolatedCopy()]() { }

Also note that even though this is not leveraged in this patch, NoncopyableFunction
would allow us to capture move-only types such as std::unique_ptr as so:
[p = WTFMove(p)]() { }
This does not work if we convert the lambda into an std::function because
std::function requires the lambda to be copyable, NoncopyableFunction does not.

* wtf/FunctionDispatcher.h:
(WTF::CallableWrapperBase::~CallableWrapperBase):
(WTF::NoncopyableFunction::NoncopyableFunction):
(WTF::NoncopyableFunction::operator()):
(WTF::NoncopyableFunction::operator bool):
(WTF::NoncopyableFunction::operator=):
* wtf/RunLoop.cpp:
(WTF::RunLoop::performWork):
(WTF::RunLoop::dispatch):
* wtf/RunLoop.h:
* wtf/WorkQueue.h:
* wtf/cocoa/WorkQueueCocoa.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/efl/DispatchQueueWorkItemEfl.h:
(WorkItem::WorkItem):
(TimerWorkItem::create):
(TimerWorkItem::TimerWorkItem):
* wtf/efl/WorkQueueEfl.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):
* wtf/generic/RunLoopGeneric.cpp:
(WTF::RunLoop::dispatchAfter):
* wtf/generic/WorkQueueGeneric.cpp:
(WorkQueue::dispatch):
(WorkQueue::dispatchAfter):
* wtf/glib/RunLoopGLib.cpp:
(WTF::DispatchAfterContext::DispatchAfterContext):
(WTF::RunLoop::dispatchAfter):
* wtf/win/WorkItemWin.cpp:
(WTF::WorkItemWin::WorkItemWin):
(WTF::WorkItemWin::create):
(WTF::HandleWorkItem::HandleWorkItem):
(WTF::HandleWorkItem::createByAdoptingHandle):
* wtf/win/WorkItemWin.h:
(WTF::WorkItemWin::function):
* wtf/win/WorkQueueWin.cpp:
(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::timerCallback):
(WTF::WorkQueue::dispatchAfter):

Tools:

* WebKitTestRunner/TestController.cpp:
(WTR::TestController::decidePolicyForNavigationAction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201464 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAttempt to fix the iOS build.
ryanhaddad@apple.com [Fri, 27 May 2016 20:14:16 +0000 (20:14 +0000)]
Attempt to fix the iOS build.

Unreviewed build fix.

* platform/graphics/cocoa/TextTrackRepresentationCocoa.mm:
* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(-[WebAVPlayerLayer layoutSublayers]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201463 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoved unused headers from ExecutableAllocatorFixedVMPool.cpp.
annulen@yandex.ru [Fri, 27 May 2016 19:50:00 +0000 (19:50 +0000)]
Removed unused headers from ExecutableAllocatorFixedVMPool.cpp.
https://bugs.webkit.org/show_bug.cgi?id=158159

Reviewed by Darin Adler.

* jit/ExecutableAllocatorFixedVMPool.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201462 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModern IDB: After closing a Netflix video, trying to watch it again fails.
beidson@apple.com [Fri, 27 May 2016 19:45:42 +0000 (19:45 +0000)]
Modern IDB: After closing a Netflix video, trying to watch it again fails.
<rdar://problem/25092473> and https://bugs.webkit.org/show_bug.cgi?id=158160

Reviewed by Alex Christensen.

Source/WebCore:

New APITest: IndexedDB.WebProcessKillIDBCleanup

* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::stop):

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient): All active transactions need to be aborted
  (without callback, since there's no connection to callback to).
(WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-1.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-2.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup.mm: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201461 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: [ATK] accessibility/gtk/no-notification-for-unrendered-iframe-children.html began...
jdiggs@igalia.com [Fri, 27 May 2016 19:08:31 +0000 (19:08 +0000)]
AX: [ATK] accessibility/gtk/no-notification-for-unrendered-iframe-children.html began failing after r201416
https://bugs.webkit.org/show_bug.cgi?id=158152

Reviewed by Chris Fleizach.

The failure is actually a bug fix because only one child is being added, but two
notifications were being emitted. Now there is only one notification. To verify
this was the case, we really should examine the child reportedly being added. That
child is the ATK event's any_data, so pass along that child to the listener.

Tools:

* WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.cpp:

LayoutTests:

The failing test and associated expectations were modified to remove the duplicate
notification and include the title of the added child for the notification we get.

* accessibility/gtk/no-notification-for-unrendered-iframe-children.html: Updated.
* accessibility/gtk/no-notification-for-unrendered-iframe-children-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201458 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoExpose content extension failure error codes in SPI
achristensen@apple.com [Fri, 27 May 2016 18:50:24 +0000 (18:50 +0000)]
Expose content extension failure error codes in SPI
https://bugs.webkit.org/show_bug.cgi?id=158095
rdar://problem/26475651

Reviewed by Anders Carlsson.

Source/WebKit2:

* UIProcess/API/APIUserContentExtensionStore.cpp:
(API::UserContentExtensionStore::synchronousRemoveAllContentExtensions):
(API::UserContentExtensionStore::invalidateContentExtensionVersion):
Added for testing.
(API::userContentExtensionStoreErrorCategory):
* UIProcess/API/APIUserContentExtensionStore.h:
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.h:
Added the new enum, _WKUserContentExtensionStoreErrorCode.
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.mm:
(-[_WKUserContentExtensionStore compileContentExtensionForIdentifier:encodedContentExtension:completionHandler:]):
Sometimes the error code returned by UserContentExtensionStore::compileContentExtension has the error code from compileRuleList.
When this happens, we want to get the message from the internal compiler error, but we want the NSError's code to always be CompileFailed.
(-[_WKUserContentExtensionStore lookupContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore removeContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore _removeAllContentExtensions]):
(-[_WKUserContentExtensionStore _invalidateContentExtensionVersionForIdentifier:]):
* UIProcess/API/Cocoa/_WKUserContentExtensionStorePrivate.h:
Added new invalidator for testing.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentExtensionStore.mm:
(checkDomain):
(TEST_F):
Add tests that use the new enum.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoget_by_id should support caching unset properties in the LLInt
keith_miller@apple.com [Fri, 27 May 2016 18:36:30 +0000 (18:36 +0000)]
get_by_id should support caching unset properties in the LLInt
https://bugs.webkit.org/show_bug.cgi?id=158136

Reviewed by Benjamin Poulain.

Recently, we started supporting prototype load caching for get_by_id
in the LLInt. This patch extends that to caching unset properties.
While it is uncommon in general for a program to see a single structure
without a given property, the Array.prototype.concat function needs to
lookup the Symbol.isConcatSpreadable property. For any existing code
That property will never be set as it did not exist prior to ES6.

Similarly to the get_by_id_proto_load bytecode, this patch adds a new
bytecode, get_by_id_unset that checks the structureID of the base and
assigns undefined to the result.

There are no new tests here since we already have many tests that
incidentally cover this change.

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201456 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: Update RTCPeerConnection overloaded legacy operations to return a Promise
adam.bergkvist@ericsson.com [Fri, 27 May 2016 18:35:49 +0000 (18:35 +0000)]
WebRTC: Update RTCPeerConnection overloaded legacy operations to return a Promise
https://bugs.webkit.org/show_bug.cgi?id=158114

Reviewed by Eric Carlson.

Source/WebCore:

Update overloaded operations so that the legacy callback versions also return a promise
and never throw [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#legacy-interface-extensions

Updated existing tests.
- fast/mediastream/RTCPeerConnection-overloaded-operations-params.html
- fast/mediastream/RTCPeerConnection-overloaded-operations.html

* Modules/mediastream/RTCPeerConnection.idl:
Updated legacy signatures (just for documentation purposes)
* Modules/mediastream/RTCPeerConnection.js:
Implements the promise overload and the legacy callbacks overload (using the promise version)
as specified in [1] (above).
(createOffer):
(createAnswer):
(setLocalDescription):
(setRemoteDescription):
(addIceCandidate):
(getStats):
* Modules/mediastream/RTCPeerConnectionInternals.js:
Added helper functions objectAndCallbacksOverload and callbacksAndDictionaryOverload that
process an argument list and determine which overloaded version to use.
(callbacksAndDictionaryOverload):
(setLocalOrRemoteDescription): Deleted.
(extractCallbackArg): Deleted.

LayoutTests:

Updated existing tests (see below).

* fast/mediastream/RTCPeerConnection-overloaded-operations-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params.html:
Test various combinations of good and bad arguments and verify that no errors are thrown.
* fast/mediastream/RTCPeerConnection-overloaded-operations.html:
Test that all overloaded versions return a promise.
* fast/mediastream/resources/promise-utils.js: Added.
Shared utils to make it easier to test async promise APIs.
(ensurePromise):
(promiseShouldReject):
(promiseShouldNotRejectWithTypeError.):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add indicators to show nesting levels inside DOM Tree
commit-queue@webkit.org [Fri, 27 May 2016 18:33:58 +0000 (18:33 +0000)]
Web Inspector: Add indicators to show nesting levels inside DOM Tree
https://bugs.webkit.org/show_bug.cgi?id=157468
<rdar://problem/26162640>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-05-27
Reviewed by Timothy Hatcher.

Add CSS rules to give all expanded node children lists a small line on the
left border indicating that all items under the line are descendants.

* UserInterface/Views/DOMTreeOutline.css:
(.tree-outline.dom li .selection):
(.tree-outline.dom li > span):
(.tree-outline.dom ol):
(.tree-outline.dom .tree-outline.dom li:matches(.hovered, .selected) + ol.children.expanded):
(.tree-outline.dom li.selected + ol.children.expanded):
(.tree-outline.dom li.parent::before):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRegression(r200972): Webcore::Range::collectSelectionsRects() asserts in startContain...
zalan@apple.com [Fri, 27 May 2016 17:09:14 +0000 (17:09 +0000)]
Regression(r200972): Webcore::Range::collectSelectionsRects() asserts in startContainer() while selecting text.
https://bugs.webkit.org/show_bug.cgi?id=158155
<rdar://problem/26502712>

Reviewed by Chris Dumez.

This patch ensures that we still have a valid paragraphRange after returning from enclosingTextUnitOfGranularity().

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::selectTextWithGranularityAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[cmake] Deduplicated bmalloc/Zone.cpp handling.
annulen@yandex.ru [Fri, 27 May 2016 16:05:25 +0000 (16:05 +0000)]
[cmake] Deduplicated bmalloc/Zone.cpp handling.
https://bugs.webkit.org/show_bug.cgi?id=158154

Reviewed by Alex Christensen.

File bmalloc/Zone.cpp is required on Darwin irrespectively from what
port is being built.

Also I removed WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS() because it's
unlikely that bmalloc will ever need port-specific customizations (as
opposed to OS-specific customizations which should be done in
CMakeLists.txt).

* CMakeLists.txt: Added bmalloc/Zone.cpp for Darwin.
* PlatformGTK.cmake: Removed.
* PlatformMac.cmake: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201452 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBogus uses of regexp matching should realize that they will OOM before they start...
fpizlo@apple.com [Fri, 27 May 2016 14:59:46 +0000 (14:59 +0000)]
Bogus uses of regexp matching should realize that they will OOM before they start swapping
https://bugs.webkit.org/show_bug.cgi?id=158142

Reviewed by Michael Saboff.

Refactored the RegExpObject::matchGlobal() code so that there is less duplication. Took
advantage of this to make the code more resilient in case of absurd situations: if the
result array gets large, it proceeds with a dry run to detect how many matches there will
be. This allows it to OOM before it starts swapping.

This also improves the overall performance of the code by using lightweight substrings and
skipping the whole intermediate argument array.

This makes some jsfunfuzz tests run a lot faster and use a lot less memory.

* builtins/RegExpPrototype.js:
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/MatchResult.cpp: Added.
(JSC::MatchResult::dump):
* runtime/MatchResult.h:
(JSC::MatchResult::empty):
(MatchResult::empty): Deleted.
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::match):
(JSC::collectMatches):
(JSC::RegExpObject::matchGlobal):
* runtime/StringObject.h:
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
* tests/stress/big-match.js: Added. Make sure that this optimization doesn't break big matches.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201451 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVideo play glyph not visible if initially invisible when contained in a "-webkit...
commit-queue@webkit.org [Fri, 27 May 2016 13:51:02 +0000 (13:51 +0000)]
Video play glyph not visible if initially invisible when contained in a "-webkit-overflow-scrolling: touch" container
https://bugs.webkit.org/show_bug.cgi?id=158146
<rdar://problem/25816307>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-27
Reviewed by Dean Jackson.

Source/WebCore:

We now force the <video> controls play glyph into being composited due to webkit.org/b/158147. In most scenarios,
this element gets composited anyway, this is just to ensure that this happens in all cases until we get the
general fix for webkit.org/b/158147.

Test: platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html

* Modules/mediacontrols/mediaControlsiOS.css:
(video::-webkit-media-controls-start-playback-button .webkit-media-controls-start-playback-glyph):

LayoutTests:

Testing that on iOS the play glyph for <video> controls when play button would be initially invisible when contained
in a scrollable container is indeed composited.

* platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container-expected.txt: Added.
* platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNew intl-numberformat.js test fails on many Linux platforms
carlosgc@webkit.org [Fri, 27 May 2016 07:18:41 +0000 (07:18 +0000)]
New intl-numberformat.js test fails on many Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=154530

Reviewed by Darin Adler.

The test is actually failing because of a bug in the icu version installed in the bots, using a newer version of
icu makes the tests pass and explains why it worked for some people. So, let's add icu 55.1 to the internal
jhbuild to ensure JSC tests pass in the bots no matter what the icu version installed is.

* gtk/jhbuild.modules:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201449 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStatic table property lookup should not require getOwnPropertySlot override.
barraclough@apple.com [Fri, 27 May 2016 07:09:35 +0000 (07:09 +0000)]
Static table property lookup should not require getOwnPropertySlot override.
https://bugs.webkit.org/show_bug.cgi?id=158059

Reviewed by Darin Adler.

Currently JSObject does not handle property lookup of entries in the static
table. Each subclass with static properties mut override getOwnPropertySlot,
and explicitly call the lookup functions. This has the following drawbacks:

- Performance: for any class with static properties, property acces becomes
  virtual (via method table).
- Poor encapsulation: implementation detail of static property access is
  spread throughout & cross projects, rather than being contained in JSObject.
- Code size: this results in a great many additional functions.
- Inconsistency: static table presence has to be be taken into account in many
  other operations, e.g. presence of read-only properties for put.
- Memory: in order to avoid the virtual lookup, DOM prototypes eagerly reify
  all properties. This is likely suboptimal.

Instead, JSObject::getPropertySlot / JSObject::getOwnPropertySlot should be
able to handle static properties.

This is actually a fairly small & simple change.

The common pattern is for subclasses of JObject to override getOwnPropertySlot
to first defer to JSObject for property storage lookup, and only if this fails
consult the static table. They just want the static tables to be consulted after
regular property storgae lookup. So just add a fast flag in TypeInfo for JSObject
to check, and where it is set, do so. Then it's just a question of switching
classes over to start setting this flag, and drop the override.

The new mechanism does change static table lookup order from oldest-ancestor
first to most-derived first. The new ordering makes more sense (means derived
class static tables can now override entries from parents), and shoudn't affect
any existing code (since overriding didn't previously work, there likely aren't
shadowing properties in more derived types).

This patch changes all classes in JavaScriptCore over to using the new mechanism,
except JSGlobalObject. I'll move classes in WebCore over as a separate patch
(this is also why I've not moved JSGlobalObject in this patch - doing so would
move JSDOMWindow, and I'd rather handle that separately).

* runtime/JSTypeInfo.h:
(JSC::TypeInfo::hasStaticPropertyTable):
    - Add HasStaticPropertyTable flag.
* runtime/Lookup.cpp:
(JSC::setUpStaticFunctionSlot):
    - Change setUpStaticFunctionSlot to take a VM&.
* runtime/Lookup.h:
(JSC::getStaticPropertySlotFromTable):
    - Added helper function to perform static lookup alone.
(JSC::getStaticPropertySlot):
(JSC::getStaticFunctionSlot):
    - setUpStaticFunctionSlot changed to take a VM&.
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnStaticPropertySlot):
    - Added, walks ClassInfo chain looking for static properties.
* runtime/JSObject.h:
(JSC::JSObject::getOwnNonIndexPropertySlot):
    - getOwnNonIndexPropertySlot is used internally by getPropertySlot
      & getOwnPropertySlot. If property is not present in storage array
      then check the static table.
* runtime/ArrayConstructor.cpp:
(JSC::ArrayConstructor::finishCreation):
(JSC::constructArrayWithSizeQuirk):
(JSC::ArrayConstructor::getOwnPropertySlot): Deleted.
* runtime/ArrayConstructor.h:
(JSC::ArrayConstructor::create):
* runtime/ArrayIteratorPrototype.cpp:
(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::ArrayIteratorPrototype::getOwnPropertySlot): Deleted.
* runtime/ArrayIteratorPrototype.h:
(JSC::ArrayIteratorPrototype::create):
(JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::finishCreation):
(JSC::booleanProtoFuncToString):
(JSC::BooleanPrototype::getOwnPropertySlot): Deleted.
* runtime/BooleanPrototype.h:
(JSC::BooleanPrototype::create):
* runtime/DateConstructor.cpp:
(JSC::DateConstructor::finishCreation):
(JSC::millisecondsFromComponents):
(JSC::DateConstructor::getOwnPropertySlot): Deleted.
* runtime/DateConstructor.h:
(JSC::DateConstructor::create):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::finishCreation):
(JSC::dateProtoFuncToString):
(JSC::DatePrototype::getOwnPropertySlot): Deleted.
* runtime/DatePrototype.h:
(JSC::DatePrototype::create):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
(JSC::ErrorPrototype::getOwnPropertySlot): Deleted.
* runtime/ErrorPrototype.h:
(JSC::ErrorPrototype::create):
* runtime/GeneratorPrototype.cpp:
(JSC::GeneratorPrototype::finishCreation):
(JSC::GeneratorPrototype::getOwnPropertySlot): Deleted.
* runtime/GeneratorPrototype.h:
(JSC::GeneratorPrototype::create):
(JSC::GeneratorPrototype::createStructure):
(JSC::GeneratorPrototype::GeneratorPrototype):
* runtime/InspectorInstrumentationObject.cpp:
(JSC::InspectorInstrumentationObject::finishCreation):
(JSC::InspectorInstrumentationObject::isEnabled):
(JSC::InspectorInstrumentationObject::getOwnPropertySlot): Deleted.
* runtime/InspectorInstrumentationObject.h:
(JSC::InspectorInstrumentationObject::create):
(JSC::InspectorInstrumentationObject::createStructure):
* runtime/IntlCollatorConstructor.cpp:
(JSC::IntlCollatorConstructor::getCallData):
(JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
(JSC::IntlCollatorConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlCollatorConstructor.h:
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototype::finishCreation):
(JSC::IntlCollatorFuncCompare):
(JSC::IntlCollatorPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlCollatorPrototype.h:
* runtime/IntlDateTimeFormatConstructor.cpp:
(JSC::IntlDateTimeFormatConstructor::getCallData):
(JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlDateTimeFormatConstructor.h:
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototype::finishCreation):
(JSC::IntlDateTimeFormatFuncFormatDateTime):
(JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlDateTimeFormatPrototype.h:
* runtime/IntlNumberFormatConstructor.cpp:
(JSC::IntlNumberFormatConstructor::getCallData):
(JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlNumberFormatConstructor::getOwnPropertySlot): Deleted.
* runtime/IntlNumberFormatConstructor.h:
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototype::finishCreation):
(JSC::IntlNumberFormatFuncFormatNumber):
(JSC::IntlNumberFormatPrototype::getOwnPropertySlot): Deleted.
* runtime/IntlNumberFormatPrototype.h:
* runtime/JSDataViewPrototype.cpp:
(JSC::JSDataViewPrototype::createStructure):
(JSC::getData):
(JSC::JSDataViewPrototype::getOwnPropertySlot): Deleted.
* runtime/JSDataViewPrototype.h:
* runtime/JSInternalPromiseConstructor.cpp:
(JSC::JSInternalPromiseConstructor::getCallData):
(JSC::JSInternalPromiseConstructor::getOwnPropertySlot): Deleted.
* runtime/JSInternalPromiseConstructor.h:
* runtime/JSONObject.cpp:
(JSC::Walker::Walker):
(JSC::JSONObject::getOwnPropertySlot): Deleted.
* runtime/JSONObject.h:
(JSC::JSONObject::create):
* runtime/JSPromiseConstructor.cpp:
(JSC::JSPromiseConstructor::getCallData):
(JSC::JSPromiseConstructor::getOwnPropertySlot): Deleted.
* runtime/JSPromiseConstructor.h:
* runtime/JSPromisePrototype.cpp:
(JSC::JSPromisePrototype::addOwnInternalSlots):
(JSC::JSPromisePrototype::getOwnPropertySlot): Deleted.
* runtime/JSPromisePrototype.h:
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::getMap):
(JSC::MapPrototype::getOwnPropertySlot): Deleted.
* runtime/MapPrototype.h:
(JSC::MapPrototype::create):
(JSC::MapPrototype::MapPrototype):
* runtime/ModuleLoaderObject.cpp:
(JSC::ModuleLoaderObject::finishCreation):
(JSC::printableModuleKey):
(JSC::ModuleLoaderObject::getOwnPropertySlot): Deleted.
* runtime/ModuleLoaderObject.h:
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::finishCreation):
(JSC::toThisNumber):
(JSC::NumberPrototype::getOwnPropertySlot): Deleted.
* runtime/NumberPrototype.h:
(JSC::NumberPrototype::create):
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructor::addDefineProperty):
(JSC::constructObject):
(JSC::ObjectConstructor::getOwnPropertySlot): Deleted.
* runtime/ObjectConstructor.h:
(JSC::ObjectConstructor::create):
(JSC::ObjectConstructor::createStructure):
* runtime/ReflectObject.cpp:
(JSC::ReflectObject::finishCreation):
(JSC::ReflectObject::getOwnPropertySlot): Deleted.
* runtime/ReflectObject.h:
(JSC::ReflectObject::create):
(JSC::ReflectObject::createStructure):
* runtime/RegExpConstructor.cpp:
(JSC::RegExpConstructor::getRightContext):
(JSC::regExpConstructorDollar):
(JSC::RegExpConstructor::getOwnPropertySlot): Deleted.
* runtime/RegExpConstructor.h:
(JSC::RegExpConstructor::create):
(JSC::RegExpConstructor::createStructure):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::getSet):
(JSC::SetPrototype::getOwnPropertySlot): Deleted.
* runtime/SetPrototype.h:
(JSC::SetPrototype::create):
(JSC::SetPrototype::SetPrototype):
* runtime/StringConstructor.cpp:
(JSC::StringConstructor::finishCreation):
(JSC::stringFromCharCodeSlowCase):
(JSC::StringConstructor::getOwnPropertySlot): Deleted.
* runtime/StringConstructor.h:
(JSC::StringConstructor::create):
* runtime/StringIteratorPrototype.cpp:
(JSC::StringIteratorPrototype::finishCreation):
(JSC::StringIteratorPrototype::getOwnPropertySlot): Deleted.
* runtime/StringIteratorPrototype.h:
(JSC::StringIteratorPrototype::create):
(JSC::StringIteratorPrototype::StringIteratorPrototype):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::create):
(JSC::substituteBackreferencesSlow):
(JSC::StringPrototype::getOwnPropertySlot): Deleted.
* runtime/StringPrototype.h:
* runtime/SymbolConstructor.cpp:
(JSC::SymbolConstructor::finishCreation):
(JSC::callSymbol):
(JSC::SymbolConstructor::getOwnPropertySlot): Deleted.
* runtime/SymbolConstructor.h:
(JSC::SymbolConstructor::create):
* runtime/SymbolPrototype.cpp:
(JSC::SymbolPrototype::finishCreation):
(JSC::SymbolPrototype::getOwnPropertySlot): Deleted.
* runtime/SymbolPrototype.h:
(JSC::SymbolPrototype::create):
    - remove getOwnPropertySlot, replace OverridesGetOwnPropertySlot flag with HasStaticPropertyTable.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201448 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPreload single download tests.
yoav@yoav.ws [Fri, 27 May 2016 05:43:52 +0000 (05:43 +0000)]
Preload single download tests.
https://bugs.webkit.org/show_bug.cgi?id=157988

Reviewed by Alex Christensen.

Source/WebCore:

ResourceTiming entries for some subresource weren't registered as resource->response().isHTTP() was false, since
resource->response().url() was empty. I switched the check to use resource->resourceRequest().url() directly instead.

Test: http/tests/preload/single_download_preload_runner.html

* loader/ResourceTimingInformation.cpp:
(WebCore::ResourceTimingInformation::addResourceTiming):

LayoutTests:

Make sure preload is only downloading a single resource, which is properly reused.

* http/tests/preload/resources/single_download_preload.html: Added.
* http/tests/preload/single_download_preload_runner-expected.txt: Added.
* http/tests/preload/single_download_preload_runner.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed EFL gardening.
gyuyoung.kim@webkit.org [Fri, 27 May 2016 05:40:15 +0000 (05:40 +0000)]
Unreviewed EFL gardening.
Release some passing tests which have been marked to Crash, Failure.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201446 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r201436.
commit-queue@webkit.org [Fri, 27 May 2016 03:31:18 +0000 (03:31 +0000)]
Unreviewed, rolling out r201436.
https://bugs.webkit.org/show_bug.cgi?id=158143

Caused 30% regression on Dromaeo DOM core tests (Requested by
rniwa on #webkit).

Reverted changeset:

"REGRESSION: JSBench spends a lot of time transitioning
to/from dictionary"
https://bugs.webkit.org/show_bug.cgi?id=158045
http://trac.webkit.org/changeset/201436

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201445 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCertain NetworkResourceLoader callbacks can deref a null m_networkLoad.
beidson@apple.com [Fri, 27 May 2016 03:19:20 +0000 (03:19 +0000)]
Certain NetworkResourceLoader callbacks can deref a null m_networkLoad.
https://bugs.webkit.org/show_bug.cgi?id=158134

Reviewed by Alex Christensen.

It's legit for m_networkLoad to be null in these callbacks.

We need null checks, just like we have in many other callbacks in this class.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::continueCanAuthenticateAgainstProtectionSpace):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201444 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Wrong CharacterOffset from VisiblePosition with composed characters
n_wang@apple.com [Fri, 27 May 2016 01:41:18 +0000 (01:41 +0000)]
AX: Wrong CharacterOffset from VisiblePosition with composed characters
https://bugs.webkit.org/show_bug.cgi?id=158138

Reviewed by Chris Fleizach.

Source/WebCore:

The conversion logic is not correct when the text node contains composed characters.
We should use VisiblePosition's offset directly for text nodes so we won't mess things up.

Test: accessibility/mac/character-offset-visible-position-conversion-with-emoji.html

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):

LayoutTests:

* accessibility/mac/character-offset-visible-position-conversion-with-emoji-expected.txt: Added.
* accessibility/mac/character-offset-visible-position-conversion-with-emoji.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Allow JSBench to use precise time
utatane.tea@gmail.com [Fri, 27 May 2016 00:40:09 +0000 (00:40 +0000)]
[JSC] Allow JSBench to use precise time
https://bugs.webkit.org/show_bug.cgi?id=158050

Reviewed by Geoffrey Garen.

PerformanceTests:

* JSBench/amazon-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-firefox-win/urm.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-firefox/urm.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/amazon-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/facebook-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-firefox/uem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/google-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/harness.js:
(runBenchmark.window.currentTimeInMS):
(runBenchmark.else.window.currentTimeInMS):
* JSBench/twitter-chrome-win/rem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/twitter-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-chrome-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-chrome/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-firefox-win/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-firefox/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):
* JSBench/yahoo-safari/urem.js:
(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

Tools:

JSBench use `new Date().getTime()` without options and there is no way to use precise time.
This patch modifies the JSBench code to inject the code taking the precise time.
`currentTimeInMS` is given by the benchmerk harness and JSBench uses it.
run-jsc-benchmark switches this function's implementation between `Date.now()` and
testRunner's precise time one.

While this patch modifies the code of JSBench, the last release of JSBench is Jan 2013 and
the contents are not changed for a long time. As described in the original paper[1], the
tests can be generated by using JSBench's record & replay system, but in that case, we can
adopt this modification by changing the tool side.

We also add currentTimeInMS implementation in harness.js and u?rem.js directly.
u?rem.js implementation is required when it is executed in u?rem.html without harness.
And harness.js implementation is required when it is executed in the JSBench's harness.
In these implementation, we follow the JetStream's time measuring function: performance.now(),
preciseTime(), or Date.now().

[1]: http://dl.acm.org/citation.cfm?id=2048119

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201442 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMedia queries and platform screen modernization and streamlining
darin@apple.com [Fri, 27 May 2016 00:05:24 +0000 (00:05 +0000)]
Media queries and platform screen modernization and streamlining
https://bugs.webkit.org/show_bug.cgi?id=158067

Reviewed by Alex Christensen.

Source/WebCore:

* bindings/objc/DOM.mm:
(-[DOMHTMLLinkElement _mediaQueryMatches]): Use references, use fastGetAttribute,
pass a document instead of a frame to the media query evaluator and a reference instead
of a pointer.

* css/CSSGrammar.y.in: Use "expression" instead of "exp" for media query expressions.
Update vectors and arguments to move media query expressions instead of using unique_ptr.

* css/CSSImportRule.h: Use pragma once. Removed unneeded forward declarations.
Made more overrides private and marked them final.

* css/CSSParser.cpp:
(WebCore::CSSParser::SourceSize::SourceSize): Added missing WTFMove to avoid reference
count churn. Changed type of expression to no longer use unique_ptr.
(WebCore::CSSParser::sourceSize): Ditto.

* css/CSSParser.h: Changed SourceSize::expression to no longer use unique_ptr.
Also changed SourceSize::length to be Ref instead of RefPtr.

* css/DocumentRuleSets.cpp:
(WebCore::DocumentRuleSets::appendAuthorStyleSheets): Updated for changes to
MediaQueryEvaluator.

* css/MediaFeatureNames.cpp:
(WebCore::MediaFeatureNames::init): Streamlined a bit. Removed "MediaFeature" suffix from
names of media feature strings.

* css/MediaFeatureNames.h: Use pragma once. Changed media feature name globals
to use normal WebKit naming style instead of all lowercase with underscores.
Sorted alphabetically. Removed "MediaFeature" suffix from names of media feature strings.

* css/MediaList.cpp:
(WebCore::MediaQuerySet::MediaQuerySet): Simplified copy constructor since the queries
vector can now be copied normally.
(WebCore::parseMediaDescriptor): Normalized types and changed to use isASCIIAlphanumeric.
The old code was not handling '0' the way the comment said it did.
(WebCore::MediaQuerySet::internalParse): Added. Helper function to cut down on redundant
code in functions below.
(WebCore::MediaQuerySet::parse): Use stripLeadingAndTrailingHTMLSpaces instead of
stripWhiteSpace. Streamlined logic using helper function. Updated to use a vector of
queries instead of a vector of unique_ptr.
(WebCore::MediaQuerySet::add): Use internalParse.
(WebCore::MediaQuerySet::remove): Ditto.
(WebCore::MediaQuerySet::addMediaQuery): Changed argument type to not be unique_ptr.
(WebCore::MediaQuerySet::mediaText): Use modern for loop.
(WebCore::MediaList::MediaList): Initialize pointers to null in the class definition
rather than in these constructors.
(WebCore::MediaList::setMediaText): Removed unhelpful local variable.
(WebCore::MediaList::item): Updated since queries no longer use unique_ptr.
(WebCore::addResolutionWarningMessageToConsole): Changed argument types to references
instead of pointers with assertions.
(WebCore::reportMediaQueryWarningIfNeeded): Updated to modernize.

* css/MediaList.h: Use pragma once. Removed unneeded includes and forward declarations.
Changed vector to contain media queries instead of unique_ptr. Use nullptr instead of 0.
Initialize pointers to null here.

* css/MediaQuery.cpp: Deleted now-unneeded copy constructor and destructor. Both are
correctly generated without us writing them explicitly.
(WebCore::MediaQuery::serialize): Rewrote to streamline.
(WebCore::MediaQuery::MediaQuery): Updates since expressions are no longer unique_ptr.
(WebCore::MediaQuery::cssText): Changed return type to reference.

* css/MediaQuery.h: Use pragma once. Added include since this now includes media query
expressions, not just unique_ptr. Deleted the unneeded copy function.

* css/MediaQueryEvaluator.cpp:
(WebCore::isViewportDependent): Moved this here. It used to be a member function of
MediaQueryExp, but this file has a lot more functions about specific features and how
they are evaluated, so it really belongs here.
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator): Changed constructor to take a
document instead of a frame. Initialize the fallback result in the class definition.
(WebCore::MediaQueryEvaluator::evaluate): Changed the argument type to a reference.
(WebCore::compareValue): Made both of the arguments separate template types. This
helps us compare an integer to a double without lots of type casts.
(WebCore::compareAspectRatioValue): Changed to use early return style and got rid of
the casts to int so we will do the work in double instead.
(WebCore::doubleValue): Replaced the old numberValue function with this. Since values
are stored as doubles, it's much better to use double rather than float.
(WebCore::zeroEvaluate): Added. Helpful for the many functions that just need to
evaluate as 0.
(WebCore::oneEvaluate): Ditto.
(WebCore::colorEvaluate): Renamed this and all the functions below. Simplified the logic
to use the new doubleValue function.
(WebCore::colorIndexEvaluate): Use zeroEvaluate.
(WebCore::colorGamutEvaluate): No longer use page just to get from the frame to the
main frame.
(WebCore::monochromeEvaluate): Simplify logic using zeroEvaluate.
(WebCore::invertedColorsEvaluate): Use auto for the keyword; easier to read.
(WebCore::orientationEvaluate): Use early return style.
(WebCore::aspectRatioEvaluate): Ditto.
(WebCore::deviceAspectRatioEvaluate): Simplified logic and removed type casts.
(WebCore::evaluateResolution): Added a couple null checks.
(WebCore::devicePixelRatioEvaluate): Renamed. Added missing type check.
(WebCore::resolutionEvaluate): Ditto.
(WebCore::gridEvaluate): Use zeroEvaluate.
(WebCore::computeLength): Added a null check.
(WebCore::deviceHeightEvaluate): Use early return.
(WebCore::deviceWidthEvaluate): Ditto.
(WebCore::heightEvaluate): Ditto.
(WebCore::widthEvaluate): Ditto.
(WebCore::minColorEvaluate): Updated name only.
(WebCore::maxColorEvaluate): Ditto.
(WebCore::minColorIndexEvaluate): Ditto.
(WebCore::maxColorIndexEvaluate): Ditto.
(WebCore::minMonochromeEvaluate): Ditto.
(WebCore::maxMonochromeEvaluate): Ditto.
(WebCore::minAspectRatioEvaluate): Ditto.
(WebCore::maxAspectRatioEvaluate): Ditto.
(WebCore::minDeviceAspectRatioEvaluate): Ditto.
(WebCore::maxDeviceAspectRatioEvaluate): Ditto.
(WebCore::minDevicePixelRatioEvaluate): Ditto.
(WebCore::maxDevicePixelRatioEvaluate): Ditto.
(WebCore::minHeightEvaluate): Ditto.
(WebCore::maxHeightEvaluate): Ditto.
(WebCore::minWidthEvaluate): Ditto.
(WebCore::maxWidthEvaluate): Ditto.
(WebCore::minDeviceHeightEvaluate): Ditto.
(WebCore::maxDeviceHeightEvaluate): Ditto.
(WebCore::minDeviceWidthEvaluate): Ditto.
(WebCore::maxDeviceWidthEvaluate): Ditto.
(WebCore::minResolutionEvaluate): Ditto.
(WebCore::maxResolutionEvaluate): Ditto.
(WebCore::animationEvaluate): Use oneEvaluate.
(WebCore::transitionEvaluate): Ditto.
(WebCore::transform2dEvaluate): Ditto.
(WebCore::transform3dEvaluate): Simplify using zeroEvaluate and oneEvaluate.
(WebCore::viewModeEvaluate): Simplified logic with fewer local variables and the name "keyword".
(WebCore::videoPlayableInlineEvaluate): Use reference.
(WebCore::hoverEvaluate): Simplify using keyword.
(WebCore::anyHoverEvaluate): Just updated name.
(WebCore::pointerEvaluate): Simplify using keyword.
(WebCore::anyPointerEvaluate): Just updated name.
(WebCore::add): Added. Helper for building up the media query function map.
(WebCore::MediaQueryEvaluator::evaluate): Moved code to build the function map in here in
a lambda, rather than having it in a separate global function.

* css/MediaQueryEvaluator.h: Use pragma once. Removed uneeded includes. Simplified comments and
modernized their style.

* css/MediaQueryExp.cpp:
(WebCore::isFeatureValidWithIdentifier): Renamed to make it clearer what this does. Updated
to take a reference and use te new feature names.
(WebCore::isFeatureValidWithNonNegativeLengthOrNumber): Ditto.
(WebCore::isFeatureValidWithDensity): Ditto.
(WebCore::isFeatureValidWithNonNegativeInteger): Ditto.
(WebCore::isFeatureValidWithNonNegativeNumber): Ditto.
(WebCore::isFeatureValidWithZeroOrOne): Ditto.
(WebCore::isAspectRatioFeature): Ditto.
(WebCore::isFeatureValidWithoutValue): Ditto.
(WebCore::isFeatureValidWithNumberWithUnit): Added. Helper that calls multiple functions above.
(WebCore::isFeatureValidWithNumber): Ditto.
(WebCore::isSlash): Added. Helper to make aspect ratio code below easier to read.
(WebCore::isPositiveIntegerValue): Ditto.
(WebCore::MediaQueryExpression::MediaQueryExpression): Rearranged code to be much less wordy and
to not use current/next.

* css/MediaQueryExp.h: Use pragma once. Renamed class to MediaQueryExpression. Removed
the isViewportDependent function, now part of MediaQueryEvaluator. Removed unneeded includes.

* css/MediaQueryList.cpp:
(WebCore::MediaQueryList::MediaQueryList): Marked this inline. Use a reference and a Ref&&
instead of PassRefPtr.
(WebCore::MediaQueryList::create): Updated argument types.
(WebCore::MediaQueryList::addListener): Updated argument type and use releaseNonNull.
(WebCore::MediaQueryList::removeListener): Updated argument types.
(WebCore::MediaQueryList::evaluate): Ditto.
(WebCore::MediaQueryList::matches): More of the same.

* css/MediaQueryList.h: Use pragma once. Changed types to use references, RefPtr&& and Ref&&.

* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::MediaQueryMatcher): Take a reference.
(WebCore::MediaQueryMatcher::documentDestroyed): Use nullptr.
(WebCore::MediaQueryMatcher::documentElementUserAgentStyle): Use auto.
(WebCore::MediaQueryMatcher::evaluate): Take a reference. Updated for changes to MediaQueryEvaluator.
(WebCore::MediaQueryMatcher::matchMedia): Updated for above changes.
(WebCore::MediaQueryMatcher::addListener): Use Ref&& and reference for arguments. Simplify code.
(WebCore::MediaQueryMatcher::removeListener): Ditto.
(WebCore::MediaQueryMatcher::styleResolverChanged): Moved the logic for evaluating each query here.
Updated for changes to MediaQueryEvaluator.

* css/MediaQueryMatcher.h: Use pragma once. Changed create to take a reference. Tightened argument
types for addListener and removeListener. Made the private Listener a simple struct rather than a
class. Initialized m_evaluationRound.

* css/RuleSet.cpp:
(WebCore::RuleSet::addChildRules): Updated for changes to MediaQueryEvaluator.
(WebCore::RuleSet::addRulesFromSheet): Ditto.

* css/SourceSizeList.cpp:
(WebCore::match): Updated to use MediaQueryEvaluator in a simpler way.
(WebCore::defaultLength): Use a reference and simpler syntax.
(WebCore::computeLength): Ditto.
(WebCore::parseSizesAttribute): Changed arguments to take a Document instead of both a
RenderView and a Frame.

* css/SourceSizeList.h: Use #pragma once. Change parseSizesAttribute to take a Document.

* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium): Update for changes to MediaQueryEvaluator.

* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver): Use a MediaQueryEvaluator instead of a unique_ptr
to one.
(WebCore::StyleResolver::appendAuthorStyleSheets): Ditto.
(WebCore::StyleResolver::styleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleRulesForElement): Ditto.
(WebCore::StyleResolver::addViewportDependentMediaQueryResult): Use references instead of
ponters, and use a vector of MediaQueryResult instead of unique_ptr.
(WebCore::StyleResolver::hasMediaQueriesAffectedByViewportChange): Use a modern for loop.

* css/StyleResolver.h: Use a MediaQueryEvaluator instead of a unique_ptr to one.
Use a vector of MediaQueryResult instead of a vector of unique_ptr.

* dom/Document.cpp:
(WebCore::Document::mediaQueryMatcher): Pass a reference instead of a pointer.

* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet): Updated for changes to MediaQueryEvaluator.

* editing/TextIterator.cpp:
(WebCore::SimplifiedBackwardsTextIterator::advance): Removed a stray space (unrelated to
the rest of the patch).

* html/HTMLImageElement.cpp:
(WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Updated for changes to the
MediaQueryEvaluator class. Also use auto a bit more and eliminated a double hash table
lookup in code that used hasAttribute followed by fastGetAttribute.
(WebCore::HTMLImageElement::selectImageSource): Updated for changes to parseSizesAttribute.

* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::process): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLLinkElement::setCSSStyleSheet): Use auto.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::selectNextSourceChild): Updated for changes to MediaQueryEvaluator.

* html/HTMLPictureElement.cpp:
(WebCore::HTMLPictureElement::viewportChangeAffectedPicture): Updated for changes to
MediaQueryEvaluator.

* html/HTMLPictureElement.h: Use #pragma once. Changed viewport dependent media query results
vector to be a vector of results, not of unique_ptr.

* html/parser/HTMLPreloadScanner.cpp:
(WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): Updated for changes to
parseSizesAttribute.
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Updated for changes to
MediaQueryEvaluator.

* html/parser/HTMLResourcePreloader.cpp:
(WebCore::mediaAttributeMatches): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLResourcePreloader::preload): Ditto.

* page/DOMWindow.cpp: Removed unneeded include of PlatformScreen.h.

* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::effectiveMousePositionForSelectionAutoscroll): Simplified code and
updated for changes to PlatformScreenMac functions.

* platform/PlatformScreen.h: Use #pragma once. Use using instad of typedef. Put the typedef
for PlatformDisplayID inside the WebCore namespace. Removed the typedef for ColorProfile.
Renamed the functions that find a screen to just "screen".

* platform/graphics/DisplayRefreshMonitorClient.cpp:
(WebCore::DisplayRefreshMonitorClient::DisplayRefreshMonitorClient): Moved initialization
of booleans to the class definition.

* platform/graphics/DisplayRefreshMonitorClient.h: Use pragma once. Removed unneeded
forward declarations. Changed display ID data member to be an Optional instead of a boolean
paired with another data member.

* platform/graphics/GraphicsLayerUpdater.h: Use pragma once. Removed unneeded include of
PlatformScreen.h.

* platform/image-decoders/ImageDecoder.h: Use pragma once. Moved ColorProfile here from
PlatformScreen.h, since it's not used there. and is used here.

* platform/mac/PlatformEventFactoryMac.h: Use parma once. Changed reutrn type of the
globalPoint function to NSPoint. Tweaked comments and formatting a bit.

* platform/mac/PlatformEventFactoryMac.mm:
(WebCore::globalPoint): Changed return type to NSPoint and so removed the explicit
conversion to IntPoint.
(WebCore::globalPointForEvent): Changed return type to NSPoint.
(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder): Moved conversion to
IntPoint in here. Also got rid of special indenting style and just indented normally.
(WebCore::PlatformWheelEventBuilder::PlatformWheelEventBuilder): Ditto.
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder): Ditto.

* platform/mac/PlatformScreenMac.mm:
(WebCore::displayID): Renamed from displayIDFromScreen and displayFromWidget since this
is C++ and we have overloading to determine the types of arguments. Added a null check
of the how dinwo pointer.
(WebCore::firstScreen): Added. Helper used below.
(WebCore::window): Added. Helper used below.
(WebCore::screen): Renamed from screenForWidget and screenFromWindow and removed the
unneeded window argument from the widget version.
(WebCore::screenDepth): Simplified, using new helpers.
(WebCore::screenDepthPerComponent): Ditto.
(WebCore::screenIsMonochrome): Tweaked comment.
(WebCore::screenHasInvertedColors): Ditto.
(WebCore::screenRect): Simplified using new elpers.
(WebCore::screenAvailableRect): Ditto.
(WebCore::screenSupportsExtendedColor): Streamlined using fewer local variables and
using auto for types of the results of adoptCF.
(WebCore::toUserSpace): Updated for function name changes.
(WebCore::toDeviceSpace): Ditto.

Source/WebKit/mac:

* WebView/WebFrame.mm:
(-[WebFrame _dragSourceEndedAt:operation:]): Updated to use the new version of
globalPoint, which returns an NSPoint.

Source/WebKit2:

* Shared/mac/WebEventFactory.mm:
(WebKit::screenForWindow): Deleted.
(WebKit::flipScreenPoint): Deleted.
(WebKit::globalPoint): Deleted.
(WebKit::globalPointForEvent): Use globalPoint function from WebCore so we don't need
copies of everything in here.

* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::windowDidChangeScreen): Removed unneeded type cast.
(WebKit::WebViewImpl::draggedImage): Added type cast since globalPoint now returns an
NSPoint rather than an IntPoint.

* UIProcess/WebPageProxy.h: Use pragma once. Add a WebCore prefix to a use of
PlatformDisplayID, since that is now inside the WebCore namespace.
* WebProcess/WebCoreSupport/WebChromeClient.h: Ditto.
* WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h: Ditto.
* WebProcess/WebPage/DrawingArea.h: Ditto.
* WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201441 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoPurge PassRefPtr in Modules/battery
gyuyoung.kim@webkit.org [Thu, 26 May 2016 23:53:25 +0000 (23:53 +0000)]
Purge PassRefPtr in Modules/battery
https://bugs.webkit.org/show_bug.cgi?id=157062

Reviewed by Darin Adler.

Use RefPtr<>& to reduce uses of PassRefPtr in WebKit.

Source/WebCore:

* Modules/battery/BatteryClient.h:
* Modules/battery/BatteryController.cpp:
(WebCore::BatteryController::BatteryController):
(WebCore::BatteryController::~BatteryController):
(WebCore::BatteryController::addListener):
(WebCore::BatteryController::removeListener):
(WebCore::BatteryController::updateBatteryStatus):
(WebCore::BatteryController::didChangeBatteryStatus):
(WebCore::provideBatteryTo):
* Modules/battery/BatteryController.h:
* Modules/battery/BatteryManager.cpp:
(WebCore::BatteryManager::didChangeBatteryStatus):
(WebCore::BatteryManager::updateBatteryStatus):
* Modules/battery/BatteryManager.h:
* Modules/battery/BatteryStatus.h:
* testing/Internals.cpp:
(WebCore::Internals::setBatteryStatus):

Source/WebKit2:

* WebProcess/Battery/WebBatteryManager.cpp:
(WebKit::WebBatteryManager::didChangeBatteryStatus):
(WebKit::WebBatteryManager::updateBatteryStatus):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::m_shouldDispatchFakeMouseMoveEvents):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201440 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDOM mutation methods fail to re-check validity of node insertion after removing nodes...
bfulgham@apple.com [Thu, 26 May 2016 23:40:37 +0000 (23:40 +0000)]
DOM mutation methods fail to re-check validity of node insertion after removing nodes from old parent
https://bugs.webkit.org/show_bug.cgi?id=81991
<rdar://problem/11120506>

Reviewed by Chris Dumez.

Add a test case for an old DOM mutation bug that was fixed long ago.

* fast/dom/circular-dom-tree-crash-expected.txt: Added.
* fast/dom/circular-dom-tree-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201439 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUncaught Exception: TypeError: undefined is not an object (evaluating 'records[endInd...
mattbaker@apple.com [Thu, 26 May 2016 23:05:09 +0000 (23:05 +0000)]
Uncaught Exception: TypeError: undefined is not an object (evaluating 'records[endIndex].endTime')
https://bugs.webkit.org/show_bug.cgi?id=158057

Reviewed by Timothy Hatcher.

* UserInterface/Views/TimelineRecordingContentView.js:
(WebInspector.TimelineRecordingContentView.prototype._updateTimelineViewTimes):
When the entire recording is selected, rendering frames should use the
record count as its end time instead of the recording's end time.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking js/function-apply.html as a flaky timeout on mac debug wk2
ryanhaddad@apple.com [Thu, 26 May 2016 23:03:49 +0000 (23:03 +0000)]
Marking js/function-apply.html as a flaky timeout on mac debug wk2
https://bugs.webkit.org/show_bug.cgi?id=158133

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201437 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION: JSBench spends a lot of time transitioning to/from dictionary
ggaren@apple.com [Thu, 26 May 2016 22:30:05 +0000 (22:30 +0000)]
REGRESSION: JSBench spends a lot of time transitioning to/from dictionary
https://bugs.webkit.org/show_bug.cgi?id=158045

Reviewed by Saam Barati.

15% speedup on jsbench-amazon-firefox, possibly 5% speedup overall on jsbench.

This regression seems to have two parts:

(1) Transitioning the window object to/from dictionary is more expensive
than it used to be to because the window object has lots more properties.
The window object has more properties because, for WebIDL compatibility,
we reify DOM APIs as properties when you delete.

(2) DOM prototypes transition to/from dictionary upon creation
because, once again for WebIDL compatibility, we reify their static
APIs eagerly.

The solution is to chill out a bit on dictionary transitions.

* bytecode/ObjectPropertyConditionSet.cpp: Don't flatten a dictionary
if we've already done so before. This avoids pathological churn, and it
is our idiom in other places.

* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute): Do flatten the global object unconditionally
if it is an uncacheable dictionary because the global object is super
important.

* runtime/BatchedTransitionOptimizer.h:
(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
(JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer): Deleted.
Don't transition away from dictionary after a batched set of property
puts because normal dictionaries are cacheable and that's a perfectly
fine state to be in -- and the transition is expensive.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init): Do start the global object out as a cacheable
dictionary because it will inevitably have enough properties to become
a dictionary.

* runtime/Operations.h:
(JSC::normalizePrototypeChain): Same as ObjectPropertyConditionSet.cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201436 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd WebKitAdditions extension point in HTMLMediaElement.
adachan@apple.com [Thu, 26 May 2016 22:05:26 +0000 (22:05 +0000)]
Add WebKitAdditions extension point in HTMLMediaElement.
https://bugs.webkit.org/show_bug.cgi?id=158097

Reviewed by Eric Carlson.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::shouldOverrideBackgroundLoadingRestriction):
We need to load data in the background if playing to wireless playback target.
(WebCore::HTMLMediaElement::fullscreenModeChanged):
Moved from header file.
* html/HTMLMediaElement.h:

* platform/audio/PlatformMediaSession.cpp:
(WebCore::PlatformMediaSession::clientWillPausePlayback):
The code to start m_clientDataBufferingTimer is also in visibilityChanged().
Moved that code to PlatformMediaSession::scheduleClientDataBufferingCheck() and call
that method here.
(WebCore::PlatformMediaSession::visibilityChanged):
Call PlatformMediaSession::scheduleClientDataBufferingCheck().
(WebCore::PlatformMediaSession::scheduleClientDataBufferingCheck):
Start m_clientDataBufferingTimer if it's not already active.
(WebCore::PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction):
Call the client.

* platform/audio/PlatformMediaSession.h:
(WebCore::PlatformMediaSessionClient::shouldOverrideBackgroundLoadingRestriction):

* platform/audio/PlatformMediaSessionManager.cpp:
(WebCore::PlatformMediaSessionManager::sessionCanLoadMedia):
Call the new PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed test fix after r201427.
bfulgham@apple.com [Thu, 26 May 2016 22:03:34 +0000 (22:03 +0000)]
Unreviewed test fix after r201427.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

A debug assertion was firing during some test runs due to the Geolocation permission
being turned off during the test. The timer logic was originally written to assert
if the timer fired when permissions were disabled. But this is no longer valid,
because we expect the Geolocation system to be active and become deactivated if the
browsing context violates one of the security criteria.

* DumpRenderTree/mac/UIDelegate.mm:
(-[UIDelegate timerFired]): Remove invalid assertion.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201434 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoScopedLambda should have a lifetime story that makes sense to the compiler
fpizlo@apple.com [Thu, 26 May 2016 21:58:42 +0000 (21:58 +0000)]
ScopedLambda should have a lifetime story that makes sense to the compiler
https://bugs.webkit.org/show_bug.cgi?id=158118

Reviewed by Mark Lam.
Source/WTF:

Prior to this change, there were two lifetime bugs in ScopedLambda:

- scopedLambda(Functor&&) would bind Functor to const lambda&, so the resulting ScopedLambdaFunctor
  would hold a reference to the original lambda. This would have surprising behavior; for example
  it meant that this code was wrong:

  auto l = scopedLambda<things>([&] ...);

  The solution is to have explicit copy/move versions of scopedLambda() rather than rely on perfect
  forwarding.

- ScopedLambdaFunctor did not override its copy or move operations, so if the compiler did not RVO
  scopedLambda(), it would return a ScopedLambdaFunctor whose m_arg points to a dead temporary
  ScopedLambdaFunctor instance. The solution is to have explicit copy/move constructors and
  operators, which preserve the invariant that ScopedLambda::m_arg points to this.

One nice side-effect of all of these constructors and operators being explicit is that we can rely
on WTFMove's excellent assertions, which helped catch the first issue.

This reverts ParkingLot to use ScopedLambda again.

* wtf/ParkingLot.cpp:
(WTF::ParkingLot::parkConditionallyImpl):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):
* wtf/ParkingLot.h:
(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
* wtf/ScopedLambda.h:
(WTF::scopedLambda):

Tools:

Added a test case. This test crashes before the fix and now it passes.

* TestWebKitAPI/CMakeLists.txt:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WTF/ScopedLambda.cpp: Added.
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse std::atomic<> rather than OSAtomicIncrement in CARingBuffer.cpp
jer.noble@apple.com [Thu, 26 May 2016 21:57:58 +0000 (21:57 +0000)]
Use std::atomic<> rather than OSAtomicIncrement in CARingBuffer.cpp
https://bugs.webkit.org/show_bug.cgi?id=158129

Reviewed by Eric Carlson.

std::atomic is a more portable atomic primitive than OSAtomicIncrement.

* platform/audio/mac/CARingBuffer.cpp:
(WebCore::CARingBuffer::setCurrentFrameBounds):
(WebCore::CARingBuffer::getCurrentFrameBounds):
(WebCore::CARingBuffer::currentStartFrame):
(WebCore::CARingBuffer::currentEndFrame):
* platform/audio/mac/CARingBuffer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix
mmaxfield@apple.com [Thu, 26 May 2016 21:24:28 +0000 (21:24 +0000)]
Build fix

Rubber stamped by Lucas Forschler.

* DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
* WebKitTestRunner/Configurations/DebugRelease.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201431 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix
mmaxfield@apple.com [Thu, 26 May 2016 21:21:25 +0000 (21:21 +0000)]
Build fix

Rubber stamped by Lucas Forschler.

* Configurations/DebugRelease.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline bindings tests after r201428
ryanhaddad@apple.com [Thu, 26 May 2016 20:37:33 +0000 (20:37 +0000)]
Rebaseline bindings tests after r201428

Unreviewed test gardening.

* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::setJSTestObjReplaceableAttribute):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoreplaceable own properties seem to ignore replacement after property caching
ggaren@apple.com [Thu, 26 May 2016 19:51:26 +0000 (19:51 +0000)]
replaceable own properties seem to ignore replacement after property caching
https://bugs.webkit.org/show_bug.cgi?id=158091

Reviewed by Darin Adler.

PerformanceTests:

* MallocBench/MallocBench.xcodeproj/project.pbxproj:
* MallocBench/MallocBench/Benchmark.cpp:
* MallocBench/MallocBench/Interpreter.cpp:
(Interpreter::doMallocOp):
* MallocBench/MallocBench/Interpreter.h:
* MallocBench/MallocBench/fastMallocLog.63316.ops: Added.
* MallocBench/MallocBench/jetstream.cpp: Added.
(benchmark_jetstream):
* MallocBench/MallocBench/jetstream.h: Added.

Source/JavaScriptCore:

* runtime/Lookup.h:
(JSC::replaceStaticPropertySlot): New helper function for replacing a
static property with a direct property. We need to do an attribute changed
transition because client code might have cached our static property.

Source/WebCore:

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation): Use our new replacement helper if we're replacing
an own static property with an own direct property. Because we advertise
that our own static properties are cacheable, we need to do a structure
transition to indicate when they change. (Only own properties need this
special treatment because JSC considers it normal to shadow a prototype
property with an own property.)

LayoutTests:

* js/cached-window-properties.html: Augmneted this test to enter cacheable
dictionary mode in order to demonstrate a bug that is not visible otherwise.

Factored out a helper test function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201428 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSites served over insecure connections should not be allowed to use geolocation.
bfulgham@apple.com [Thu, 26 May 2016 19:29:02 +0000 (19:29 +0000)]
Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Add missing test content from r201423.

* http/tests/security/resources/geolocation-over-insecure-content.html: Added.
* http/tests/security/resources/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/resources/geolocation-over-mixed-content.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Update test expectation for imported blink test.
peavo@outlook.com [Thu, 26 May 2016 19:12:37 +0000 (19:12 +0000)]
[Win] Update test expectation for imported blink test.
https://bugs.webkit.org/show_bug.cgi?id=158122

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-05-26
Reviewed by Alex Christensen.

The crash on imported/blink/compositing/perspective-origin-overflow-hidden.html
was fixed in https://trac.webkit.org/changeset/192166.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201426 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRelease JSC test test-observegc.js.layout failing.
beidson@apple.com [Thu, 26 May 2016 19:06:06 +0000 (19:06 +0000)]
Release JSC test test-observegc.js.layout failing.
https://bugs.webkit.org/show_bug.cgi?id=158126

Unreviewed.

Move this test to a directory that is less... "special"

* fast/misc/resources/test-observegc.js: Renamed from LayoutTests/js/script-tests/test-observegc.js.
* fast/misc/test-observegc-expected.txt: Renamed from LayoutTests/js/test-observegc-expected.txt.
* fast/misc/test-observegc.html: Added.
* js/test-observegc.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201425 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBitmapImage::checkForSolidColor() cleanup
commit-queue@webkit.org [Thu, 26 May 2016 18:46:02 +0000 (18:46 +0000)]
BitmapImage::checkForSolidColor() cleanup
https://bugs.webkit.org/show_bug.cgi?id=157750

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-05-26
Reviewed by Darin Adler.

Have a single implementation for BitmapImage::checkForSolidColor(). Create
a new function named NativeImage::solidColor() and call it from the former
one. The goal is to have the platform files contain only the platform dependent
code rather than repeating the platform independent code multiple times.

* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::destroyMetadataAndNotify): Invalidate m_solidColor.
(WebCore::BitmapImage::singlePixelSolidColor): Combine mayFillWithSolidColor(),
checkForSolidColor() and solidColor() in one function to guarantee the validity
of the returned value. Before, if solidColor() is called without calling
mayFillWithSolidColor() or checkForSolidColor(), the returned value would be
incorrect.

(WebCore::BitmapImage::dump): Use the m_solidColor Optional and Color states.
(WebCore::BitmapImage::mayFillWithSolidColor): Deleted.
(WebCore::BitmapImage::solidColor): Deleted.

* platform/graphics/BitmapImage.h: Delete m_checkedForSolidColor and
m_isSolidColor and change m_solidColor to be Optional<Color>.

* platform/graphics/Image.cpp:
(WebCore::Image::drawTiled): Use singlePixelSolidColor() and check the returned
value to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/Image.h:
(WebCore::Image::singlePixelSolidColor):
(WebCore::Image::mayFillWithSolidColor): Deleted.
(WebCore::Image::solidColor): Deleted.
Replace mayFillWithSolidColor() and solidColor() with a single function named
singlePixelSolidColor(). isValid() of the returned Color can be used to tell
whether the singe pixel solid color optimization applies or not.

* platform/graphics/cairo/BitmapImageCairo.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Delete the platform dependent BitmapImage::checkForSolidColor() and add
the new platform dependent function NativeImage::singlePixelSolidColor() and
use to know whether the singe pixel solid color optimization applies or not.

* platform/graphics/cg/BitmapImageCG.cpp:
(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSites served over insecure connections should not be allowed to use geolocation.
bfulgham@apple.com [Thu, 26 May 2016 18:19:30 +0000 (18:19 +0000)]
Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/insecure-geolocation.html
       http/tests/security/mixedcontent-geolocation-block-insecure-content.html
       http/tests/security/mixedcontent-geolocation.html

* Modules/geolocation/Geolocation.cpp:
(WebCore::logError):
Logs an error to the console if geolocation is blocked.
(WebCore::Geolocation::startRequest):
Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
(WebCore::Geolocation::shouldBlockGeolocationRequests)
Returns true if the access to geolocation should be blocked.
* Modules/geolocation/Geolocation.h:
* dom/SecurityContext.h:
(WebCore::SecurityContext::foundMixedContent):
Returns true if insecure content was accessed over secure connection.
(WebCore::SecurityContext::setFoundMixedContent):
Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
(WebCore::SecurityContext::geolocationAccessed):
Returns true if geolocation was accessed
(WebCore::SecurityContext::setGeolocationAccessed):
Sets m_geolocationAccessed to true if geolocation was accessed.
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canDisplayInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
(WebCore::MixedContentChecker::canRunInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.

LayoutTests:

* http/tests/security/geolocation-over-insecure-content.html: Added.
* http/tests/security/geolocation-over-mixed-content-block.html: Added.
* http/tests/security/geolocation-over-mixed-content.html: Added.
* http/tests/security/insecure-geolocation-expected.txt: Added.
* http/tests/security/insecure-geolocation.html: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
* http/tests/security/mixedcontent-geolocation-expected.txt: Added.
* http/tests/security/mixedcontent-geolocation.html: Added.
* http/tests/security/sandboxed-iframe-geolocation-watchPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures
* http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html:
  iframe is loaded over secure connection to avoid geolocation failures

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement internals.observeGC to get called back when a Javascript object is GC'ed.
beidson@apple.com [Thu, 26 May 2016 17:23:02 +0000 (17:23 +0000)]
Implement internals.observeGC to get called back when a Javascript object is GC'ed.
https://bugs.webkit.org/show_bug.cgi?id=158093

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: js/test-observegc.html

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:

* testing/GCObservation.cpp: Added.
(WebCore::GCObservation::GCObservation):
* testing/GCObservation.h: Added.
* testing/GCObservation.idl: Added.

* testing/Internals.cpp:
(WebCore::Internals::observeGC):
* testing/Internals.h:
* testing/Internals.idl:

LayoutTests:

* js/script-tests/test-observegc.js: Added.
* js/test-observegc-expected.txt: Added.
* js/test-observegc.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201422 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] Allow empty strings in FontFace constructor
mmaxfield@apple.com [Thu, 26 May 2016 17:08:17 +0000 (17:08 +0000)]
[Font Loading] Allow empty strings in FontFace constructor
https://bugs.webkit.org/show_bug.cgi?id=158112

Reviewed by Darin Adler.

Source/WebCore:

Other browsers accept empty strings and parse them as if they are omitted.
We should do the same. However, this is only true for the constructor. Setting
an attribute to an empty string should still throw an exception.

Test: fast/text/font-face-empty-string.html

* css/FontFace.cpp:
(WebCore::FontFace::create):
(WebCore::FontFace::setFamily):
(WebCore::FontFace::setStyle):
(WebCore::FontFace::setWeight):
(WebCore::FontFace::setUnicodeRange):
(WebCore::FontFace::setVariant):
(WebCore::FontFace::setFeatureSettings):

LayoutTests:

* fast/text/font-face-empty-string-expected.txt: Added.
* fast/text/font-face-empty-string.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201421 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
adam.bergkvist@ericsson.com [Thu, 26 May 2016 16:24:42 +0000 (16:24 +0000)]
WebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
https://bugs.webkit.org/show_bug.cgi?id=157858

Reviewed by Eric Carlson.

Source/WebCore:

Align RTCSessionDescription type with WebRTC 1.0 specification [1].
- Make constructor dictionary member mandatory
- Align constructor dictionary argument (RTCSessionDescriptionInit) with [1]
- Use RTCSdpType enum for the type attribute
- Remove custom binding

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html

Updated existing test.

* CMakeLists.txt:
* Modules/mediastream/MediaEndpointPeerConnection.cpp:
(WebCore::MediaEndpointPeerConnection::createOfferTask):
* Modules/mediastream/RTCSessionDescription.cpp:
(WebCore::parseTypeString):
(WebCore::RTCSessionDescription::create):
(WebCore::RTCSessionDescription::RTCSessionDescription):
(WebCore::verifyType): Deleted.
(WebCore::RTCSessionDescription::setType): Deleted.
* Modules/mediastream/RTCSessionDescription.h:
(WebCore::RTCSessionDescription::type):
* Modules/mediastream/RTCSessionDescription.idl:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSRTCSessionDescriptionCustom.cpp: Removed.
(WebCore::constructJSRTCSessionDescription): Deleted.

LayoutTests:

* fast/mediastream/RTCSessionDescription-expected.txt:
* fast/mediastream/RTCSessionDescription.html:
Add tests for mandatory constructor dictionary argument and required 'type' member (also
check its value). Verify that attributes are read-only.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNativeToJSValue is harcoding the $thisValue in some strings
commit-queue@webkit.org [Thu, 26 May 2016 16:10:33 +0000 (16:10 +0000)]
NativeToJSValue is harcoding the $thisValue in some strings
https://bugs.webkit.org/show_bug.cgi?id=158113

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

Replaced the string with the variable value.

Updated the tests results in the bindings.

* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue): Replaced the hardcoded string with the variable
value.
* bindings/scripts/test/JS/JSTestCallback.cpp:
(WebCore::JSTestCallback::callbackWithSerializedScriptValueParam):
* bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
(WebCore::JSTestCallbackFunction::callbackWithSerializedScriptValueParam):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201419 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSmall improvements to RenderBox/LayoutUnit casting in MathML
fred.wang@free.fr [Thu, 26 May 2016 09:14:20 +0000 (09:14 +0000)]
Small improvements to RenderBox/LayoutUnit casting in MathML
https://bugs.webkit.org/show_bug.cgi?id=157943

Patch by Frederic Wang <fwang@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

This is a small follow-up of the RenderMathMLRow/RenderMathMLUnderOver/RenderMathMLFraction
refactoring. Since these MathML renderers can only contain other MathML renderers, we can
just considerer RenderBox children and avoid unnecessary casts. Similarly, when the two
arguments of std::max are LayoutUnit's, we do not need to specialize to std::max<LayoutUnit>.

No new tests, behavior is not changed.

* rendering/mathml/RenderMathMLFraction.cpp:
(WebCore::RenderMathMLFraction::layoutBlock): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::updateOperatorProperties): Browse the list of RenderBox children
and use auto*.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): Do not to specialize to std::max<LayoutUnit>.
* rendering/mathml/RenderMathMLUnderOver.cpp:
(WebCore::RenderMathMLUnderOver::unembellishedOperator): Get the RenderBox child and use auto*.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Browse the list of
RenderBox children, use auto* and remove unnecessary casts. Do not to specialize to
std::max<LayoutUnit>.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201418 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: crash at AccessibilityRenderObject::remoteSVGRootElement const
cfleizach@apple.com [Thu, 26 May 2016 07:54:41 +0000 (07:54 +0000)]
AX: crash at AccessibilityRenderObject::remoteSVGRootElement const
https://bugs.webkit.org/show_bug.cgi?id=158098

Reviewed by Joanmarie Diggs.

What looks like happens here is that when a document is torn down and we try to detach, we end up creating an accessibility element during detachment phase.
So instead of just clearing the callback pointer on an existing AXObject, we make a new object and access properties of an object being deallocated.

I tried very hard to make a test but it looks like this can really only be triggered during document tear down which also tears down the AXObjectCache. I didn't
have luck reproducing because of that.

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::isSVGImage):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::remoteSVGRootElement):
(WebCore::AccessibilityRenderObject::addRemoteSVGChildren):
* accessibility/AccessibilityRenderObject.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@201417 268f45cc-cd09-0410-ab3c-d52691b4dbfc