WebKit-https.git
16 months agoProcess swapping on navigation needs to handle server redirects.
beidson@apple.com [Mon, 2 Apr 2018 20:05:48 +0000 (20:05 +0000)]
Process swapping on navigation needs to handle server redirects.
<rdar://problem/38690465> and https://bugs.webkit.org/show_bug.cgi?id=184142

Reviewed by Alex Christensen.

Source/WebKit:

The same rules we apply to process swapping for basic navigations need to apply
to server redirects as well.

There's three interesting cases we need to support that are covered by new API tests:
1 - The initial load in a WKWebView redirects cross-origin.
2 - A WKWebView is showing content from a.com, we start a load to b.com, and that redirects to c.com
3 - A WKWebView is showing content from a.com, we start a load to a.com, that that redirects to b.com.

Supporting all 3 of these brought their own little challenges.

By teaching Navigation objects more about redirects I was able to support all 3 cases.

* UIProcess/API/APINavigation.cpp:
(API::Navigation::Navigation):
(API::Navigation::setCurrentRequest):
(API::Navigation::appendRedirectionURL):
(API::Navigation::loggingString const):
(API::Navigation::loggingURL const): Deleted.
* UIProcess/API/APINavigation.h:
(API::Navigation::originalRequest const):
(API::Navigation::currentRequest const):
(API::Navigation::currentRequestProcessIdentifier const):
(API::Navigation::setCurrentRequestIsRedirect):
(API::Navigation::currentRequestIsRedirect const):
(API::Navigation::request const): Deleted.

* UIProcess/API/Cocoa/WKNavigation.mm:
(-[WKNavigation _request]):

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedPolicyDecision):
(WebKit::WebPageProxy::continueNavigationInNewProcess): If this continued navigation is currently in a server
  redirect, save off a lambda to synthesize a "did receive server redirect" callback once the new WebProcess is running.
(WebKit::WebPageProxy::didCreateMainFrame):
(WebKit::WebPageProxy::didStartProvisionalLoadForFrame): Possibly ignore this notification if it is really a
  cross-origin redirect that is just starting back up in a new WebProcess.
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
(WebKit::WebPageProxy::didCommitLoadForFrame):
(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::resetStateAfterProcessExited): Do not clear pageLoadState if the process is exitting for
  a navigation swap, as we will need to pick up where we left off when the load continues in a new WebProcess.
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::processForNavigation): If a process has never committed any provisional load, it can always
  be used to continue a navigation.
* UIProcess/WebProcessPool.h:

* UIProcess/WebProcessProxy.h:
(WebKit::WebProcessProxy::didCommitProvisionalLoad):
(WebKit::WebProcessProxy::hasCommittedAnyProvisionalLoads const):

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
(-[PSONNavigationDelegate webView:didFinishNavigation:]):
(-[PSONNavigationDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(-[PSONNavigationDelegate webView:didReceiveServerRedirectForProvisionalNavigation:]):
(-[PSONScheme addRedirectFromURLString:toURLString:]):
(-[PSONScheme webView:startURLSchemeTask:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoREGRESSION(r228260):WebHTMLView beeps at every keydown for Chinese/Japanese/Korean...
rniwa@webkit.org [Mon, 2 Apr 2018 19:59:42 +0000 (19:59 +0000)]
REGRESSION(r228260):WebHTMLView beeps at every keydown for Chinese/Japanese/Korean Input Method
https://bugs.webkit.org/show_bug.cgi?id=184231

Reviewed by Alexey Proskuryakov.

The bug was caused by EventHandler::internalKeyEvent calling setDefaultHandled and expecting it to stay true
after dispatching the event even though m_defaultHandled is always cleared after r228260. This results in
EventHandler::internalKeyEvent returning false, and resulting in a beep.

Unfortunately, no new tests since there is no facility to detect this case in layout tests, and we can't
easily emulate or trigger a real input method in API tests.

* page/EventHandler.cpp:
(WebCore::EventHandler::internalKeyEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230173 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoFollowup(r230063): Add test a layout test for https://bugs.webkit.org/show_bug.cgi...
said@apple.com [Mon, 2 Apr 2018 19:42:18 +0000 (19:42 +0000)]
Followup(r230063): Add test a layout test for https://bugs.webkit.org/show_bug.cgi?id=183972
https://bugs.webkit.org/show_bug.cgi?id=184162

Reviewed by Daniel Bates.

Without r230063, running run-webkit-tests -g for this test will crash.

* svg/dom/animated-tearoff-list-remove-target-expected.txt: Added.
* svg/dom/animated-tearoff-list-remove-target.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Extra zoom mode] Zoom level is sometimes excessive when zooming to focused form...
wenson_hsieh@apple.com [Mon, 2 Apr 2018 19:06:44 +0000 (19:06 +0000)]
[Extra zoom mode] Zoom level is sometimes excessive when zooming to focused form controls
https://bugs.webkit.org/show_bug.cgi?id=184222
<rdar://problem/39063886>

Reviewed by Timothy Hatcher.

Upon interactively focusing an element, we zoom and scroll to reveal that element. The heuristics introduced in
<https://trac.webkit.org/r168744> work by computing a target scale, and then a point to zoom to given that
scale. Currently, this scale is dependent on the computed font size of the form control, such that the form
control would be scaled to have an effective font size of 16.

However, in extra zoom mode, applying these same heuristics (ironically) results in excessive zoom levels, since
scaling the font up to 16 would cause most form controls to zoom so far in that we lose context of surrounding
elements such as labels and other form controls; the fact that the element is highlighted by the focused form
control overlay makes this even more confusing, since part of the focus overlay highlight rect often ends up
outside the viewport.

To fix this, we make a couple of tweaks to focus rect zooming in extra zoom mode. (1) Instead of computing
target zoom level based on font size, try to zoom such that the focused element rect fills up most of the
viewport (similar to double-tap zooming). This ensures that the focused form control overlay's highlight rect
makes sense in most cases, with few exceptions (e.g. the element frame is larger than the viewport). (2)
Introduce a minimum legible font size of 11, and compute the minimium scale needed such that the form control
font would appear to be at least this legible font size. Then, clamp the target scale chosen by (1) to this
minimum scale.

One additional consideration for (1) is that naively scaling to fit the element rect to the viewport (with some
fixed margins) would cause the viewport scale to always change when moving focus between form controls of
different dimensions, even if the current scale is more or less appropriate for all the focusable elements. To
address this, instead of computing a single target zoom scale for an element rect, compute a range of possible
target zoom scales (where the minimum and maximum values depend on the margin we add around the element rect).
If the current scale already falls within this target scale range, then we won't bother adjusting the scale at
all (unless the font size is too small — see (2)). If the current scale falls outside the target scale range, we
then make the minimal adjustment needed to ensure that the element rect fits well within the viewport without
being too small.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _zoomToFocusRect:selectionRect:insideFixed:fontSize:minimumScale:maximumScale:allowScaling:forceScroll:]):

Move some logic around so that the target scale is computed after computing the visible size. Also renames some
constants local to this function (WKWebViewStandardFontSize, kMinimumHeightToShowContentAboveKeyboard,
UIWebFormAnimationDuration, CaretOffsetFromWindowEdge) such that they now share a consistent naming style.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230171 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoEnable Legacy EME for all WebKit & WebKitLegacy clients
jer.noble@apple.com [Mon, 2 Apr 2018 18:59:59 +0000 (18:59 +0000)]
Enable Legacy EME for all WebKit & WebKitLegacy clients
https://bugs.webkit.org/show_bug.cgi?id=184018
<rdar://problem/34887387>

Reviewed by Eric Carlson.

Source/WebKit:

* Shared/WebPreferences.yaml:
* Shared/WebPreferencesDefaultValues.h:

Source/WebKitLegacy/mac:

* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230169 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agowebkitpy: Use current environment value for GST_DEBUG(_FILE) and DOT_DIR env vars
commit-queue@webkit.org [Mon, 2 Apr 2018 18:34:35 +0000 (18:34 +0000)]
webkitpy: Use current environment value for GST_DEBUG(_FILE) and DOT_DIR env vars
https://bugs.webkit.org/show_bug.cgi?id=184036

Patch by Thibault Saunier <tsaunier@igalia.com> on 2018-04-02
Reviewed by Philippe Normand.

Those variables are for debug purpose and should not change the behaviour
itself, and developers expect them to have effect.

* Scripts/webkitpy/port/gtk.py:
(GtkPort.setup_environ_for_server):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove Options constructor and use internal linkage for option handlers
dbates@webkit.org [Mon, 2 Apr 2018 18:09:04 +0000 (18:09 +0000)]
Remove Options constructor and use internal linkage for option handlers
https://bugs.webkit.org/show_bug.cgi?id=184229

Reviewed by Andy Estes.

Use C++11 default initializer syntax to remove the need to explicitly have a constructor
for the struct Options. Use internal linkage for option handler functions as these
are never invoked outside the translation unit they are defined in.

* WebKitTestRunner/Options.cpp:
(WTR::handleOptionNoTimeout):
(WTR::handleOptionVerbose):
(WTR::handleOptionGcBetweenTests):
(WTR::handleOptionPixelTests):
(WTR::handleOptionPrintSupportedFeatures):
(WTR::handleOptionComplexText):
(WTR::handleOptionAcceleratedDrawing):
(WTR::handleOptionRemoteLayerTree):
(WTR::handleOptionShowWebView):
(WTR::handleOptionShowTouches):
(WTR::handleOptionAllowedHost):
(WTR::handleOptionUnmatched):
(WTR::Options::Options): Deleted.
* WebKitTestRunner/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230166 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[MIPS] Optimize JIT code generated by methods with TrustedImm32 operand
commit-queue@webkit.org [Mon, 2 Apr 2018 17:49:17 +0000 (17:49 +0000)]
[MIPS] Optimize JIT code generated by methods with TrustedImm32 operand
https://bugs.webkit.org/show_bug.cgi?id=183740

Patch by Stanislav Ocovaj <stanislav.ocovaj@rt-rk.com> on 2018-04-02
Reviewed by Yusuke Suzuki.

In many macro assembler methods with TrustedImm32 operand a move imm, immTemp (pseudo)instruction is
first generated and a register operand variant of the same method is called to generate the rest
of the code. If the immediate value can fit in 16 bits then we can skip the move instruction and
generate more efficient code using MIPS instructions with immediate operand.

* assembler/MIPSAssembler.h:
(JSC::MIPSAssembler::slti):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::lshift32):
(JSC::MacroAssemblerMIPS::xor32):
(JSC::MacroAssemblerMIPS::branch8):
(JSC::MacroAssemblerMIPS::compare8):
(JSC::MacroAssemblerMIPS::branch32):
(JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerMIPS::branchTest32):
(JSC::MacroAssemblerMIPS::mask8OnTest):
(JSC::MacroAssemblerMIPS::branchTest8):
(JSC::MacroAssemblerMIPS::branchAdd32):
(JSC::MacroAssemblerMIPS::branchNeg32):
(JSC::MacroAssemblerMIPS::compare32):
(JSC::MacroAssemblerMIPS::test8):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoREGRESSION (229680): Fullscreen video does not work (youtube, netflix)
jer.noble@apple.com [Mon, 2 Apr 2018 17:45:07 +0000 (17:45 +0000)]
REGRESSION (229680): Fullscreen video does not work (youtube, netflix)
https://bugs.webkit.org/show_bug.cgi?id=184235

Reviewed by Eric Carlson.

Enable the Fullscreen API by default.

* Shared/WebPreferences.yaml:
* Shared/WebPreferencesDefaultValues.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Win] MSVC can't compile WebResourceLoadStatisticsStore::scheduleClearInMemoryAndPers...
Hironori.Fujii@sony.com [Mon, 2 Apr 2018 17:44:48 +0000 (17:44 +0000)]
[Win] MSVC can't compile WebResourceLoadStatisticsStore::scheduleClearInMemoryAndPersistent
https://bugs.webkit.org/show_bug.cgi?id=184120

Reviewed by Alex Christensen.

It seems that MSVC can't compile the code using `this` in a
generalized lambda capture in another lambda.

In this case, there is no need to copy `protectedThis` for the
inner lambda. Move `protectedThis` of the outer lambda to the
inner as well as `callback`.

* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::scheduleClearInMemoryAndPersistent):
Moved `protectedThis` from the outer lambda to the inner.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoBuild fix after r230121
mitz@apple.com [Mon, 2 Apr 2018 17:16:48 +0000 (17:16 +0000)]
Build fix after r230121

* Configurations/WebKit.xcconfig: Disabled framework header postprocessing when building for
  iOS 11.*
* UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h: Reverted r230159.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoFixed the build when BOOL is not bool.
mitz@apple.com [Mon, 2 Apr 2018 16:45:06 +0000 (16:45 +0000)]
Fixed the build when BOOL is not bool.
<rdar://problem/39094484>

Reviewed by Jer Noble.

* UIProcess/ios/fullscreen/WKFullScreenViewController.mm:
(-[WKFullScreenViewController videoControlsManagerDidChange]): Removed the write-only ivar
  _hasControlsManager, the assignment to which was causing the compiler error.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed build fix.
ryanhaddad@apple.com [Mon, 2 Apr 2018 16:41:17 +0000 (16:41 +0000)]
Unreviewed build fix.

* UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h: Update availability annotation.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoAudioBufferSourceNode start method causes OfflineAudioContext to start running
jer.noble@apple.com [Mon, 2 Apr 2018 15:40:20 +0000 (15:40 +0000)]
AudioBufferSourceNode start method causes OfflineAudioContext to start running
https://bugs.webkit.org/show_bug.cgi?id=181939
<rdar://problem/36755393>

Reviewed by Eric Carlson.

Source/WebCore:

Test: webaudio/offlineaudiocontext-restriction.html

Don't respect playback restrictions for offline AudioContexts.

* Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::constructCommon):
* Modules/webaudio/AudioContext.h:
(WebCore::AudioContext::isOfflineContext const):
(WebCore::AudioContext::userGestureRequiredForAudioStart const):
(WebCore::AudioContext::pageConsentRequiredForAudioStart const):
(WebCore::AudioContext::isOfflineContext): Deleted.

LayoutTests:

* webaudio/offlineaudiocontext-restriction-expected.txt: Added.
* webaudio/offlineaudiocontext-restriction.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed fixing GTK port X86 32bits compilation after r230152.
alex@webkit.org [Mon, 2 Apr 2018 14:55:48 +0000 (14:55 +0000)]
Unreviewed fixing GTK port X86 32bits compilation after r230152.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[GTK] DragAndDropHandler.cpp should include GUniquePtrGtk.h
mcatanzaro@igalia.com [Mon, 2 Apr 2018 14:42:33 +0000 (14:42 +0000)]
[GTK] DragAndDropHandler.cpp should include GUniquePtrGtk.h
https://bugs.webkit.org/show_bug.cgi?id=184119

Reviewed by Daniel Bates.

* UIProcess/gtk/DragAndDropHandler.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed fixing GTK port ARM compilation after r230152.
alex@webkit.org [Mon, 2 Apr 2018 14:33:30 +0000 (14:33 +0000)]
Unreviewed fixing GTK port ARM compilation after r230152.

* CMakeLists.txt: Properly avoid SSE implementations for ARM.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed GTK port dependencies fix after r230152.
alex@webkit.org [Mon, 2 Apr 2018 13:57:40 +0000 (13:57 +0000)]
Unreviewed GTK port dependencies fix after r230152.

Add alsa library dependency for gtk.

* gtk/install-dependencies:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoFix warnings for unused lambda captures in Source/WebKit
fred.wang@free.fr [Mon, 2 Apr 2018 12:45:05 +0000 (12:45 +0000)]
Fix warnings for unused lambda captures in Source/WebKit
https://bugs.webkit.org/show_bug.cgi?id=173555

Patch by Frederic Wang <fwang@igalia.com> on 2018-04-02
Reviewed by Konstantin Tokarev.

When release logs are disabled, several lambda captures are unused, causing compilation
failures with -Wunused-lambda-capture. This patch marks the corresponding variables as unused
in order to fix these warnings.

Based on initial patch by: Konstantin Tokarev  <annulen@yandex.ru>

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::fetchWebsiteData):
(WebKit::NetworkProcessProxy::deleteWebsiteData):
(WebKit::NetworkProcessProxy::deleteWebsiteDataForOrigins):
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::fetchWebsiteData):
(WebKit::WebProcessProxy::deleteWebsiteData):
(WebKit::WebProcessProxy::deleteWebsiteDataForOrigins):
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView dragInteraction:willAnimateLiftWithAnimator:session:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230153 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[GTK] Make libwebrtc backend buildable for GTK port
commit-queue@webkit.org [Mon, 2 Apr 2018 11:29:03 +0000 (11:29 +0000)]
[GTK] Make libwebrtc backend buildable for GTK  port
https://bugs.webkit.org/show_bug.cgi?id=178860

Patch by Alejandro G. Castro <alex@igalia.com> on 2018-04-02
Reviewed by Youenn Fablet.

.:

* Source/CMakeLists.txt: Add the libwebrtc directory to the compilation.
* Source/cmake/OptionsGTK.cmake: Add the USE_LIBWEBRTC option to
allow compilation of the specific code.

Source/ThirdParty/libwebrtc:

Modified the cmake file and added some assembly code to the
boringssl compilation required for the linux compilation generated
by libwebrtc.

* CMakeLists.txt: This cmake file was unused so we have modified
it completely to make it work for our port. It was originally
generated from the libwebrtc json file but not anymore. We could
change its structure at some point but current one seems a good
option for the moment.
* Source/webrtc/base/task_queue_libevent.cc: We use system
libevent for the moment so we needed to adapt the includes in this file.
* Source/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:
Readded lines removed by mistake in a previous commit.

Source/WebCore:

This is the first step to add webrtc support to the GTK port using
the libwebrtc backend.

No new tests, no new feature added, it should be tested by current
tests.

* CMakeLists.txt: Add the new files to the compilation and set the
new includes in the libwebrtc library.
* Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
Reorder the includes alphabetically and add some that are missing.
* Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
Ditto.
* Sources.txt: Add new file to the compilation.
* platform/mediastream/gstreamer/RealtimeIncomingAudioSourceLibWebRTC.cpp:
Added. Initial implementation for GTK and WPE.
* platform/mediastream/gstreamer/RealtimeIncomingAudioSourceLibWebRTC.h:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeIncomingVideoSourceLibWebRTC.cpp:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeIncomingVideoSourceLibWebRTC.h:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeOutgoingAudioSourceLibWebRTC.cpp:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeOutgoingAudioSourceLibWebRTC.h:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeOutgoingVideoSourceLibWebRTC.cpp:
Added. Ditto.
* platform/mediastream/gstreamer/RealtimeOutgoingVideoSourceLibWebRTC.h:
Added. Ditto.
* platform/mediastream/libwebrtc/LibWebRTCProviderGlib.cpp: Added includes
for the compilation.
* platform/mediastream/libwebrtc/LibWebRTCProviderGlib.h: Added, inherit from
the LibWebRTCProvider to adapt for glib.

Source/WebKit:

* CMakeLists.txt: Add RTC network classes to the compilation and
the libwebrtc includes.
* PlatformGTK.cmake: Add the libwebrtc directory.
* SourcesGTK.txt: Add RTC files to the compilation.

Tools:

* gstreamer/jhbuild.modules: Modified the libvpx module for the
libwebrtc compilation.
* gtk/install-dependencies: Add libevent as a system requirement.
* Scripts/webkitpy/style/checker.py: Added libwebrtc to the list of third
party libraries with reduced style checks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove deprecated Buildbot 0.8 code from Perf syncing scripts
aakash_jain@apple.com [Mon, 2 Apr 2018 09:09:08 +0000 (09:09 +0000)]
Remove deprecated Buildbot 0.8 code from Perf syncing scripts
https://bugs.webkit.org/show_bug.cgi?id=183915

Reviewed by Ryosuke Niwa.

* server-tests/resources/mock-data.js:
(MockData.buildbotBuildersURLDeprecated): Deleted.
(MockData.mockBuildbotBuildersDeprecated): Deleted.
(MockData.pendingBuildDeprecated): Deleted.
(MockData.runningBuildDeprecated): Deleted.
(MockData.finishedBuildDeprecated): Deleted.
* tools/js/buildbot-syncer.js:
(BuildbotBuildEntryDeprecated): Deleted.
(BuildbotBuildEntryDeprecated.prototype.initialize): Deleted.
(BuildbotBuildEntryDeprecated.prototype.url): Deleted.
(BuildbotSyncer.prototype.scheduleBuildOnBuildbotDeprecated): Deleted.
(BuildbotSyncer.prototype._pullRecentBuildsDeprecated): Deleted.
(BuildbotSyncer.prototype.pathForPendingBuildsJSONDeprecated): Deleted.
(BuildbotSyncer.prototype.pathForBuildJSONDeprecated): Deleted.
(BuildbotSyncer.prototype.pathForForceBuildDeprecated): Deleted.
(BuildbotSyncer.prototype.url): Deleted.
(BuildbotSyncer.prototype.urlForBuildNumberDeprecated): Deleted.
* tools/js/buildbot-triggerable.js:
(BuildbotTriggerable.prototype.getBuilderNameToIDMapDeprecated): Deleted.
* unit-tests/buildbot-syncer-tests.js:
(smallPendingBuildDeprecated): Deleted.
(smallInProgressBuildDeprecated): Deleted.
(smallFinishedBuildDeprecated): Deleted.
(samplePendingBuildRequestDeprecated): Deleted.
(sampleInProgressBuildDeprecated): Deleted.
(sampleFinishedBuildDeprecated): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[DFG] More aggressive removal of duplicate 32bit DFG code
utatane.tea@gmail.com [Mon, 2 Apr 2018 07:51:17 +0000 (07:51 +0000)]
[DFG] More aggressive removal of duplicate 32bit DFG code
https://bugs.webkit.org/show_bug.cgi?id=184089

Reviewed by Saam Barati.

This patch more aggressively removes duplicate 32bit DFG code
by leveraging JSValueRegs and meta-programmed callOperation.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
(JSC::DFG::SpeculativeJIT::compileArithMinMax):
(JSC::DFG::SpeculativeJIT::compileNewArray):
(JSC::DFG::SpeculativeJIT::compileCheckCell):
(JSC::DFG::SpeculativeJIT::compileGetGlobalVariable):
(JSC::DFG::SpeculativeJIT::compilePutGlobalVariable):
(JSC::DFG::SpeculativeJIT::compileGetClosureVar):
(JSC::DFG::SpeculativeJIT::compilePutClosureVar):
(JSC::DFG::SpeculativeJIT::compileGetByOffset):
(JSC::DFG::SpeculativeJIT::compilePutByOffset):
(JSC::DFG::SpeculativeJIT::compileGetExecutable):
(JSC::DFG::SpeculativeJIT::compileNewArrayBuffer):
(JSC::DFG::SpeculativeJIT::compileToThis):
(JSC::DFG::SpeculativeJIT::compileIdentity):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoWeb Inspector: Remove dead TabBrowser/TabContentView code
mattbaker@apple.com [Mon, 2 Apr 2018 05:59:28 +0000 (05:59 +0000)]
Web Inspector: Remove dead TabBrowser/TabContentView code
https://bugs.webkit.org/show_bug.cgi?id=184104

Reviewed by Devin Rousso.

* UserInterface/Base/Main.js:
(WI._tryToRestorePendingTabs):
* UserInterface/Views/NewTabContentView.js:
(WI.NewTabContentView.prototype.shown):
(WI.NewTabContentView.prototype.hidden):
* UserInterface/Views/TabBrowser.js:
(WI.TabBrowser.prototype.addTabForContentView):
(WI.TabBrowser.prototype.showTabForContentView):
(WI.TabBrowser._tabBarItemRemoved):
* UserInterface/Views/TabContentView.js:
(WI.TabContentView.prototype.get parentTabBrowser): Deleted.
(WI.TabContentView.prototype.set parentTabBrowser): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Use containing block's contentBox left edge when the float is to...
zalan@apple.com [Mon, 2 Apr 2018 05:03:57 +0000 (05:03 +0000)]
[LayoutReloaded] Use containing block's contentBox left edge when the float is to the right.
https://bugs.webkit.org/show_bug.cgi?id=184230

Reviewed by Antti Koivisto.

* LayoutReloaded/FormattingContext/InlineFormatting/InlineFormattingContext.js:
(InlineFormattingContext.prototype._mapFloatingPosition):
(InlineFormattingContext):
* LayoutReloaded/test/index.html:
* LayoutReloaded/test/inline-formatting-context-with-floats2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUse WTF::Lock instead of GMutex
utatane.tea@gmail.com [Mon, 2 Apr 2018 03:18:50 +0000 (03:18 +0000)]
Use WTF::Lock instead of GMutex
https://bugs.webkit.org/show_bug.cgi?id=184227

Reviewed by Saam Barati.

Prefer WTF::Lock over GMutex since these locks are just protecting WebKit C++ fields.

No behavior change.

* platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp:
(WebCore::AudioSourceProviderGStreamer::AudioSourceProviderGStreamer):
(WebCore::AudioSourceProviderGStreamer::~AudioSourceProviderGStreamer):
(WebCore::AudioSourceProviderGStreamer::provideInput):
(WebCore::AudioSourceProviderGStreamer::handleAudioBuffer):
(WebCore::AudioSourceProviderGStreamer::clearAdapters):
* platform/audio/gstreamer/AudioSourceProviderGStreamer.h:
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
(WebCore::MediaPlayerPrivateGStreamerBase::naturalSize const):
(WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
(WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
(WebCore::MediaPlayerPrivateGStreamerBase::flushCurrentBuffer):
(WebCore::MediaPlayerPrivateGStreamerBase::paint):
(WebCore::MediaPlayerPrivateGStreamerBase::copyVideoTextureToPlatformTexture):
(WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
* platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
* platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoShow punycode if URL contains hyphen character
bfulgham@apple.com [Mon, 2 Apr 2018 02:04:05 +0000 (02:04 +0000)]
Show punycode if URL contains hyphen character
https://bugs.webkit.org/show_bug.cgi?id=184221
<rdar://problem/38044633>

Reviewed by Darin Adler.

Source/WebCore:

Revise our "lookalike character" logic to include the hyphen,
non-breaking hyphen, and minus sign.

Test: fast/url/host.html

* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::isLookalikeCharacter):

LayoutTests:

* fast/url/host-expected.txt:
* fast/url/host.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRaise the for-call inlining threshold to 190 to fix JetStream/richards regression
fpizlo@apple.com [Sun, 1 Apr 2018 19:46:05 +0000 (19:46 +0000)]
Raise the for-call inlining threshold to 190 to fix JetStream/richards regression
https://bugs.webkit.org/show_bug.cgi?id=184228

Reviewed by Yusuke Suzuki.

* runtime/Options.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoJSObject shouldn't do index masking
fpizlo@apple.com [Sun, 1 Apr 2018 17:57:53 +0000 (17:57 +0000)]
JSObject shouldn't do index masking
https://bugs.webkit.org/show_bug.cgi?id=184194

Reviewed by Yusuke Suzuki.
Source/JavaScriptCore:

Remove index masking, because it's not the way we'll mitigate Spectre.

* API/tests/JSObjectGetProxyTargetTest.cpp:
(testJSObjectGetProxyTarget):
* b3/B3LowerToAir.cpp:
* b3/B3Validate.cpp:
* b3/B3WasmBoundsCheckValue.cpp:
(JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue):
(JSC::B3::WasmBoundsCheckValue::dumpMeta const):
* b3/B3WasmBoundsCheckValue.h:
(JSC::B3::WasmBoundsCheckValue::bounds const):
(JSC::B3::WasmBoundsCheckValue::pinnedIndexingMask const): Deleted.
* b3/testb3.cpp:
(JSC::B3::testWasmBoundsCheck):
(JSC::B3::run):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArgumentsEliminationPhase.cpp:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSSALoweringPhase.cpp:
(JSC::DFG::SSALoweringPhase::handleNode):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::loadFromIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
(JSC::DFG::SpeculativeJIT::compileArraySlice):
(JSC::DFG::SpeculativeJIT::compileNewStringObject):
(JSC::DFG::SpeculativeJIT::compileNewTypedArrayWithSize):
(JSC::DFG::SpeculativeJIT::compileNewRegexp):
(JSC::DFG::SpeculativeJIT::compileCreateThis):
(JSC::DFG::SpeculativeJIT::compileNewObject):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::pointerIntoTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileGetArrayMask): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::maskedIndex): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::computeButterflyIndexingMask): Deleted.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateJSObject):
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
(JSC::AssemblyHelpers::emitAllocateVariableSizedJSObject):
(JSC::AssemblyHelpers::emitAllocateDestructibleObject):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emit_op_create_this):
* jit/JITOperations.cpp:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitDoubleLoad):
(JSC::JIT::emitContiguousLoad):
(JSC::JIT::emitArrayStorageLoad):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/Butterfly.h:
(JSC::ContiguousData::at const):
(JSC::ContiguousData::at):
(JSC::Butterfly::computeIndexingMask const): Deleted.
* runtime/ButterflyInlines.h:
(JSC::ContiguousData<T>::at const): Deleted.
(JSC::ContiguousData<T>::at): Deleted.
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::createEmpty):
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitializedRestricted):
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
(JSC::JSArray::fillArgList):
(JSC::JSArray::copyToArguments):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::JSArrayBufferView):
* runtime/JSArrayInlines.h:
(JSC::JSArray::pushInline):
* runtime/JSFixedArray.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::putByIndex):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::createInitialForValueAndSet):
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::countElements):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::reallocateAndShrinkButterfly):
(JSC::JSObject::getEnumerableLength):
* runtime/JSObject.h:
(JSC::JSObject::canGetIndexQuickly):
(JSC::JSObject::getIndexQuickly):
(JSC::JSObject::tryGetIndexQuickly const):
(JSC::JSObject::setIndexQuickly):
(JSC::JSObject::initializeIndex):
(JSC::JSObject::initializeIndexWithoutBarrier):
(JSC::JSObject::butterflyOffset):
(JSC::JSObject::setButterfly):
(JSC::JSObject::nukeStructureAndSetButterfly):
(JSC::JSObject::JSObject):
(JSC::JSObject::butterflyIndexingMaskOffset): Deleted.
(JSC::JSObject::butterflyIndexingMask const): Deleted.
(JSC::JSObject::setButterflyWithIndexingMask): Deleted.
* runtime/JSObjectInlines.h:
(JSC::JSObject::prepareToPutDirectWithoutTransition):
(JSC::JSObject::putDirectInternal):
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::B3IRGenerator):
(JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
(JSC::Wasm::B3IRGenerator::load):
(JSC::Wasm::B3IRGenerator::store):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* wasm/WasmInstance.h:
(JSC::Wasm::Instance::updateCachedMemory):
(JSC::Wasm::Instance::offsetOfCachedMemorySize):
(JSC::Wasm::Instance::offsetOfCachedIndexingMask): Deleted.
* wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::Memory):
(JSC::Wasm::Memory::grow):
* wasm/WasmMemory.h:
(JSC::Wasm::Memory::size const):
(JSC::Wasm::Memory::offsetOfSize):
(JSC::Wasm::Memory::indexingMask): Deleted.
(JSC::Wasm::Memory::offsetOfIndexingMask): Deleted.
* wasm/WasmMemoryInformation.cpp:
(JSC::Wasm::PinnedRegisterInfo::get):
(JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
* wasm/WasmMemoryInformation.h:
(JSC::Wasm::PinnedRegisterInfo::toSave const):
* wasm/js/JSToWasm.cpp:
(JSC::Wasm::createJSToWasmWrapper):

Source/WebCore:

No new tests because no new behavior.

* bindings/js/JSDOMConvertSequences.h:
(WebCore::Detail::NumericSequenceConverter::convertArray):
(WebCore::Detail::SequenceConverter::convertArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoJSC crash in JIT code with for-of loop and Array/Set iterators
fpizlo@apple.com [Sun, 1 Apr 2018 17:08:39 +0000 (17:08 +0000)]
JSC crash in JIT code with for-of loop and Array/Set iterators
https://bugs.webkit.org/show_bug.cgi?id=183174

Reviewed by Saam Barati.

JSTests:

* microbenchmarks/hoist-get-by-offset-tower-with-inferred-types.js: Added. This test shows that fixing the bug didn't break hoisting of GetByOffset with inferred types. I confirmed that if I did break it, this test slows down by >7x.
(foo):
* stress/hoist-get-by-offset-with-control-dependent-inferred-type.js: Added. This test shows that the bug is fixed.
(f):

Source/JavaScriptCore:

* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute): Fix the bug by making GetByOffset and friends verify that they are getting the type proof they want at the desired hoisting site.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Right floating box reduces available line width.
zalan@apple.com [Sun, 1 Apr 2018 16:47:59 +0000 (16:47 +0000)]
[LayoutReloaded] Right floating box reduces available line width.
https://bugs.webkit.org/show_bug.cgi?id=184226

Reviewed by Antti Koivisto.

* LayoutReloaded/FormattingContext/InlineFormatting/InlineFormattingContext.js:
(InlineFormattingContext.prototype._createNewLine):
* LayoutReloaded/test/index.html:
* LayoutReloaded/test/inline-with-floats-right-left-simple.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Floating box reduces line with in inline formatting context
zalan@apple.com [Sun, 1 Apr 2018 05:37:20 +0000 (05:37 +0000)]
[LayoutReloaded] Floating box reduces line with in inline formatting context
https://bugs.webkit.org/show_bug.cgi?id=184223

Reviewed by Antti Koivisto.

* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext.prototype.left):
(FloatingContext.prototype.right):
(FloatingContext.prototype._mapDisplayMarginBoxToFormattingRoot):
(FloatingContext.prototype._mapBorderBoxToFormattingRoot):
(FloatingContext.prototype._mapContentBoxToFormattingRoot):
(FloatingContext.prototype.formattingRoot):
(FloatingContext.prototype._floatingState):
(FloatingContext.prototype._formattingRoot): Deleted.
* LayoutReloaded/FormattingContext/InlineFormatting/InlineFormattingContext.js:
(InlineFormattingContext.prototype._createNewLine):
(InlineFormattingContext.prototype._mapFloatingPosition):
(InlineFormattingContext):
* LayoutReloaded/FormattingState/FormattingState.js:
(FormattingState.prototype.displayBox):
(FormattingState):
* LayoutReloaded/test/index.html:
* LayoutReloaded/test/inline-formatting-context-with-floats.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] InlineFormattingState should inherit the floating state from its...
zalan@apple.com [Sun, 1 Apr 2018 03:07:26 +0000 (03:07 +0000)]
[LayoutReloaded] InlineFormattingState should inherit the floating state from its parent formatting state
https://bugs.webkit.org/show_bug.cgi?id=184220

Reviewed by Antti Koivisto.

If the block container box that initiates an inline formatting context also establishes a block context,
create a new float state, otherwise use the existing one.

* LayoutReloaded/FormattingContext/BlockFormatting/BlockFormattingContext.js:
(BlockFormattingContext.prototype._contentHeight):
* LayoutReloaded/FormattingState/InlineFormattingState.js:
(InlineFormattingState):
* LayoutReloaded/LayoutState.js:
(LayoutState.prototype.establishedFormattingState):
(LayoutState.prototype.formattingStateForBox):
(LayoutState.prototype.formattingState): Deleted.
* LayoutReloaded/Utils.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] FloatingContext does not need a parent formatting context.
zalan@apple.com [Sun, 1 Apr 2018 02:44:49 +0000 (02:44 +0000)]
[LayoutReloaded] FloatingContext does not need a parent formatting context.
https://bugs.webkit.org/show_bug.cgi?id=184219

Reviewed by Antti Koivisto.

We don't need the formatting context in the FloatingContext now that margins are moved over to Display.Box.
This is in preparation for being able to create a FloatingContext for an inline formatting context,
when the inline context actually inherits the floating state from its formatting root.

* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext):
(FloatingContext.prototype._availableSpace):
(FloatingContext.prototype._adjustedFloatingPosition):
(FloatingContext.prototype._addFloatingBox):
(FloatingContext.prototype._formattingContext): Deleted.
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Do not clone Display.Box for FloatingState stacks.
zalan@apple.com [Sun, 1 Apr 2018 02:24:32 +0000 (02:24 +0000)]
[LayoutReloaded] Do not clone Display.Box for FloatingState stacks.
https://bugs.webkit.org/show_bug.cgi?id=184218

Reviewed by Antti Koivisto.

Now that Display.Box is in a tree context, we can't just clone it for the purpose of caching its absolute position.

* LayoutReloaded/DisplayTree/Box.js:
(Display.Box.prototype.clone): Deleted.
* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext.prototype._positionForFloating):
(FloatingContext.prototype._moveToNextVerticalPosition):
(FloatingContext.prototype._availableSpace):
(FloatingContext.prototype._findFloatingAtVerticalPosition):
(FloatingContext.prototype._adjustedFloatingPosition):
(FloatingContext.prototype._bottom):
(FloatingContext.prototype._addFloatingBox):
(FloatingContext.prototype._mapMarginBoxToFormattingRoot):
(FloatingContext.prototype._mapDisplayMarginBoxToFormattingRoot):
* LayoutReloaded/FormattingState/FloatingState.js:
(FloatingState.prototype.addFloating):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Remove all FormattingContext::absolute*Box functions.
zalan@apple.com [Sun, 1 Apr 2018 02:07:25 +0000 (02:07 +0000)]
[LayoutReloaded] Remove all FormattingContext::absolute*Box functions.
https://bugs.webkit.org/show_bug.cgi?id=184215

Reviewed by Antti Koivisto.

Use Display.Box instead.

* LayoutReloaded/FormattingContext/BlockFormatting/BlockFormattingContext.js:
(BlockFormattingContext.prototype._computeOutOfFlowPosition):
* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext.prototype._availableSpace):
(FloatingContext.prototype._adjustedFloatingPosition):
(FloatingContext.prototype._mapBorderBoxToFormattingRoot):
(FloatingContext.prototype._mapContentBoxToFormattingRoot):
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext.prototype.absoluteBorderBox): Deleted.
(FormattingContext.prototype.absolutePaddingBox): Deleted.
(FormattingContext.prototype.absoluteContentBox): Deleted.
(FormattingContext.prototype._toAbsolutePosition): Deleted.
(FormattingContext.prototype._toRootAbsolutePosition): Deleted.
* LayoutReloaded/Utils.js:
(Utils.mapPosition):
(Utils.marginBox):
(Utils.borderBox):
(Utils.contentBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230137 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Remove FormattingContext::absoluteMarginBox
zalan@apple.com [Sun, 1 Apr 2018 01:12:13 +0000 (01:12 +0000)]
[LayoutReloaded] Remove FormattingContext::absoluteMarginBox
https://bugs.webkit.org/show_bug.cgi?id=184213

Reviewed by Antti Koivisto.

Display.Box already has the margin values.

* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext.prototype._positionForFloating):
(FloatingContext.prototype._addFloatingBox):
(FloatingContext.prototype._mapMarginBoxToFormattingRoot):
(FloatingContext.prototype._formattingRoot):
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext.prototype.absoluteMarginBox): Deleted.
* LayoutReloaded/Utils.js:
(Utils.marginBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230136 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[layoutReloaded] Introduce margin to Display.Box
zalan@apple.com [Sun, 1 Apr 2018 00:50:13 +0000 (00:50 +0000)]
[layoutReloaded] Introduce margin to Display.Box
https://bugs.webkit.org/show_bug.cgi?id=184212

Reviewed by Antti Koivisto.

This is in preparation for moving margin box out of formatting context to Display.Box.

* LayoutReloaded/DisplayTree/Box.js:
(Display.Box):
(Display.Box.prototype.setRect):
(Display.Box.prototype.setTopLeft):
(Display.Box.prototype.setTop):
(Display.Box.prototype.setLeft):
(Display.Box.prototype.setSize):
(Display.Box.prototype.setWidth):
(Display.Box.prototype.setHeight):
(Display.Box.prototype.width):
(Display.Box.prototype.setMarginTop):
(Display.Box.prototype.setMarginLeft):
(Display.Box.prototype.setMarginBottom):
(Display.Box.prototype.setMarginRight):
(Display.Box.prototype.marginTop):
(Display.Box.prototype.marginLeft):
(Display.Box.prototype.marginBottom):
(Display.Box.prototype.marginRight):
(Display.Box.prototype.marginBox):
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext.prototype.absoluteMarginBox):
(FormattingContext.prototype._addToLayoutQueue):
* LayoutReloaded/FormattingState/FormattingState.js:
(FormattingState.prototype.createDisplayBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Add tree context to Display.Box
zalan@apple.com [Sat, 31 Mar 2018 23:39:06 +0000 (23:39 +0000)]
[LayoutReloaded] Add tree context to Display.Box
https://bugs.webkit.org/show_bug.cgi?id=184211

Reviewed by Antti Koivisto.

This is preparation for using the Display.Box tree to resolve absolute coordinates.

* LayoutReloaded/DisplayTree/Box.js:
(Display.Box):
(Display.Box.prototype.setParent):
(Display.Box.prototype.setNextSibling):
(Display.Box.prototype.setPreviousSibling):
(Display.Box.prototype.setFirstChild):
(Display.Box.prototype.setLastChild):
(Display.Box.prototype.parent):
(Display.Box.prototype.nextSibling):
(Display.Box.prototype.previousSibling):
(Display.Box.prototype.firstChild):
(Display.Box.prototype.lastChild):
* LayoutReloaded/FormattingState/FormattingState.js:
(FormattingState.prototype.createDisplayBox):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoStrings and Vectors shouldn't do index masking
fpizlo@apple.com [Sat, 31 Mar 2018 15:55:38 +0000 (15:55 +0000)]
Strings and Vectors shouldn't do index masking
https://bugs.webkit.org/show_bug.cgi?id=184193

Reviewed by Mark Lam.

Source/JavaScriptCore:

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharCodeAt):
* jit/ThunkGenerators.cpp:
(JSC::stringCharLoad):

Source/WTF:

* wtf/SizeLimits.cpp:
* wtf/Vector.h:
(WTF::VectorBufferBase::allocateBuffer):
(WTF::VectorBufferBase::tryAllocateBuffer):
(WTF::VectorBufferBase::reallocateBuffer):
(WTF::VectorBufferBase::deallocateBuffer):
(WTF::VectorBufferBase::releaseBuffer):
(WTF::VectorBufferBase::VectorBufferBase):
(WTF::VectorBuffer::allocateBuffer):
(WTF::VectorBuffer::tryAllocateBuffer):
(WTF::VectorBuffer::swap):
(WTF::VectorBuffer::restoreInlineBufferIfNeeded):
(WTF::Vector::at):
(WTF::Vector::at const):
(WTF::VectorBufferBase::updateMask): Deleted.
* wtf/text/StringImpl.h:
(WTF::StringImpl::flagIsSymbol):
(WTF::StringImpl::length const):
(WTF::StringImplShape::StringImplShape):
(WTF::StringImpl::at const):
(WTF::StringImpl::tailOffset):
(WTF::StringImpl::maskOffset): Deleted.
(WTF::StringImpl::mask const): Deleted.
* wtf/text/StringView.h:
(WTF::StringView::StringView):
(WTF::StringView::operator=):
(WTF::StringView::initialize):
(WTF::StringView::clear):
(WTF::StringView::operator[] const):
* wtf/text/WTFString.h:
(WTF::String::length const):
(WTF::String::mask const): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230130 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoAdd pointer profiling support in baseline JIT and supporting files.
mark.lam@apple.com [Sat, 31 Mar 2018 07:04:00 +0000 (07:04 +0000)]
Add pointer profiling support in baseline JIT and supporting files.
https://bugs.webkit.org/show_bug.cgi?id=184200
<rdar://problem/39057300>

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

1. To simplify pointer profiling support, vmEntryToJavaScript() now always enters
   the code via the arity check entry.
2. To accommodate (1), all JITCode must now populate their arity check entry code
   pointers as well.  For native code, programs, evals, and modules that don't
   do arity check, we set the normal entry as the arity check entry (though with
   the CodeEntryWithArityCheckPtrTag profile instead).

* assembler/AbstractMacroAssembler.h:
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::locationOfNearCall):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::readCallTarget):
(JSC::MacroAssemblerARM64::linkCall):
* bytecode/AccessCase.cpp:
(JSC::AccessCase::generateImpl):
* bytecode/AccessCaseSnippetParams.cpp:
(JSC::SlowPathCallGeneratorWithArguments::generateImpl):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::addJITAddIC):
(JSC::CodeBlock::addJITMulIC):
(JSC::CodeBlock::addJITSubIC):
(JSC::CodeBlock::addJITNegIC):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addMathIC):
* bytecode/InlineAccess.cpp:
(JSC::InlineAccess::rewireStubAsJump):
* bytecode/LLIntCallLinkInfo.h:
(JSC::LLIntCallLinkInfo::unlink):
(): Deleted.
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessGenerationState::emitExplicitExceptionHandler):
(JSC::PolymorphicAccess::regenerate):
* dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
(JSC::DFG::SpeculativeJIT::emitSwitchImm):
(JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
* disassembler/ARM64Disassembler.cpp:
(JSC::tryToDisassemble):
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeCommon):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
(JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
* heap/JITStubRoutineSet.h:
(JSC::JITStubRoutineSet::mark):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::callExceptionFuzz):
(JSC::AssemblyHelpers::debugCall):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitFunctionPrologue):
* jit/CCallHelpers.cpp:
(JSC::CCallHelpers::ensureShadowChickenPacket):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::prepareForTailCall):
* jit/ExecutableAllocator.cpp:
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/JIT.cpp:
(JSC::JIT::compileWithoutLinking):
(JSC::JIT::link):
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitMathICFast):
(JSC::JIT::emitMathICSlow):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emit_op_sub):
* jit/JITCode.cpp:
(JSC::JITCode::execute):
(JSC::JITCodeWithCodeRef::executableAddressAtOffset):
(JSC::DirectJITCode::DirectJITCode):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::NativeJITCode::addressForCall):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITMathIC.h:
(JSC::isProfileEmpty):
(JSC::JITBinaryMathIC::JITBinaryMathIC):
(JSC::JITUnaryMathIC::JITUnaryMathIC):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
(JSC::JIT::emit_op_switch_string):
(JSC::JIT::privateCompileHasIndexedProperty):
(JSC::JIT::emitSlow_op_has_indexed_property):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileHasIndexedProperty):
* jit/JITOperations.cpp:
(JSC::getByVal):
(JSC::tryGetByValOptimize):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompileGetByValWithCachedId):
(JSC::JIT::privateCompilePutByVal):
(JSC::JIT::privateCompilePutByValWithCachedId):
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::appropriateOptimizingPutByIdFunction):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::linkFor):
(JSC::revertCall):
(JSC::linkPolymorphicCall):
(JSC::resetGetByID):
(JSC::resetPutByID):
* jit/Repatch.h:
* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::finalize):
(JSC::SpecializedThunkJIT::callDoubleToDouble):
* jit/ThunkGenerators.cpp:
(JSC::emitPointerValidation):
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::slowPathFor):
(JSC::linkCallThunkGenerator): Deleted.
(JSC::linkPolymorphicCallThunkGenerator): Deleted.
(JSC::virtualThunkFor): Deleted.
(JSC::nativeForGenerator): Deleted.
(JSC::nativeCallGenerator): Deleted.
(JSC::nativeTailCallGenerator): Deleted.
(JSC::nativeTailCallWithoutSavedTagsGenerator): Deleted.
(JSC::nativeConstructGenerator): Deleted.
(JSC::internalFunctionCallGenerator): Deleted.
(JSC::internalFunctionConstructGenerator): Deleted.
(JSC::arityFixupGenerator): Deleted.
(JSC::unreachableGenerator): Deleted.
(JSC::stringCharLoad): Deleted.
(JSC::charToString): Deleted.
(JSC::charCodeAtThunkGenerator): Deleted.
(JSC::charAtThunkGenerator): Deleted.
(JSC::fromCharCodeThunkGenerator): Deleted.
(JSC::clz32ThunkGenerator): Deleted.
(JSC::sqrtThunkGenerator): Deleted.
(JSC::floorThunkGenerator): Deleted.
(JSC::ceilThunkGenerator): Deleted.
(JSC::truncThunkGenerator): Deleted.
(JSC::roundThunkGenerator): Deleted.
(JSC::expThunkGenerator): Deleted.
(JSC::logThunkGenerator): Deleted.
(JSC::absThunkGenerator): Deleted.
(JSC::imulThunkGenerator): Deleted.
(JSC::randomThunkGenerator): Deleted.
(JSC::boundThisNoArgsFunctionCallGenerator): Deleted.
* llint/LLIntData.cpp:
(JSC::LLInt::initialize):
* llint/LLIntData.h:
(JSC::LLInt::getCodePtr):
* llint/LLIntEntrypoint.cpp:
(JSC::LLInt::setEvalEntrypoint):
(JSC::LLInt::setProgramEntrypoint):
(JSC::LLInt::setModuleProgramEntrypoint):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* llint/LLIntThunks.cpp:
(JSC::LLInt::generateThunkWithJumpTo):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/ExecutableBase.h:
* runtime/NativeExecutable.cpp:
(JSC::NativeExecutable::finishCreation):
* runtime/NativeFunction.h:
(JSC::TaggedNativeFunction::TaggedNativeFunction):
(JSC::TaggedNativeFunction::operator NativeFunction):
* runtime/PropertySlot.h:
(JSC::PropertySlot::setCustom):
(JSC::PropertySlot::setCacheableCustom):
* runtime/PtrTag.h:
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::setCustomValue):
(JSC::PutPropertySlot::setCustomAccessor):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::takeSample):
* runtime/VMTraps.cpp:
(JSC::SignalContext::SignalContext):
(JSC::VMTraps::tryInstallTrapBreakpoints):
* tools/SigillCrashAnalyzer.cpp:
(JSC::installCrashHandler):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generateTryReadUnicodeCharacterHelper):
(JSC::Yarr::YarrGenerator::generateEnter):

Source/WTF:

* wtf/PointerPreparations.h:
- Remove WTF_PREPARE_FUNCTION_POINTER_FOR_EXECUTION.  It is no longer needed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoREGRESSION (r229828): Facebook login popup is blank
cdumez@apple.com [Sat, 31 Mar 2018 06:44:29 +0000 (06:44 +0000)]
REGRESSION (r229828): Facebook login popup is blank
https://bugs.webkit.org/show_bug.cgi?id=184206
<rdar://problem/39057006>

Reviewed by Wenson Hsieh.

Source/WebCore:

Since r229828, we freeze the layer tree during the navigation policy check.
We freeze in WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction()
and unfreeze in WebFrameLoaderClient::didDecidePolicyForNavigationAction().

WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction() gets called
from PolicyChecker::checkNavigationPolicy() which has 3 call sites in
FrameLoader and one in DocumentLoader for redirects. The call sites in
FrameLoader were taking care of calling didDecidePolicyForNavigationAction()
on the FrameLoaderClient in their completion handler, but the DocumentLoader
call site was failing to do so. As a result, the layer tree would stay frozen.

To make this a lot less error prone, I moved the call to
WebFrameLoaderClient::didDecidePolicyForNavigationAction() to
PolicyChecker::checkNavigationPolicy(), inside the completion handler passed
to WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(). This way,
even if new code starts calling PolicyChecker::checkNavigationPolicy(), we
do not need to worry about letting the client know when the policy decision
is made.

No new tests, covered by existing redirection tests with the
new assertion I added.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy):
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
* loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNavigationPolicy):

Source/WebKit:

Add assertion to make sure we never try to do a policy check to
a resource response while a policy check for a navigation is
pending. This assertion was being hit by several of our redirection
tests without my fix.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoWeb Inspector: tint all pixels drawn by shader program when hovering ShaderProgramTre...
webkit@devinrousso.com [Sat, 31 Mar 2018 05:14:49 +0000 (05:14 +0000)]
Web Inspector: tint all pixels drawn by shader program when hovering ShaderProgramTreeElement
https://bugs.webkit.org/show_bug.cgi?id=175223

Reviewed by Matt Baker.

Source/JavaScriptCore:

* inspector/protocol/Canvas.json:
Add `setShaderProgramHighlighted` command that will cause a blend to be applied to the
canvas if the given shader program is active immediately before `drawArrays` or `drawElements`
is called. The blend is removed and the previous value is applied once the draw is complete.

Source/WebCore:

Test: inspector/canvas/setShaderProgramHighlighted.html

* html/canvas/InspectorShaderProgram.h:
(WebCore::InspectorShaderProgram::highlighted):
(WebCore::InspectorShaderProgram::setHighlighted):

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::InspectorScopedShaderProgramHighlight::InspectorScopedShaderProgramHighlight):
(WebCore::InspectorScopedShaderProgramHighlight::~InspectorScopedShaderProgramHighlight):
(WebCore::InspectorScopedShaderProgramHighlight::showHighlight):
(WebCore::InspectorScopedShaderProgramHighlight::hideHighlight):
(WebCore::InspectorScopedShaderProgramHighlight::saveBlendValue):
(WebCore::InspectorScopedShaderProgramHighlight::hasBufferBinding):
(WebCore::InspectorScopedShaderProgramHighlight::hasFramebufferParameterAttachment):
(WebCore::WebGLRenderingContextBase::drawArrays):
(WebCore::WebGLRenderingContextBase::drawElements):
If the current shader program has been marked as highlighted, apply a blend right before
`drawArrays` and `drawElements` is called, tinting the resulting pixels so that they are
visually distinguished from pixels drawn by other shader programs.

* inspector/InspectorCanvasAgent.h:
* inspector/InspectorCanvasAgent.cpp:
(WebCore::InspectorCanvasAgent::setShaderProgramHighlighted):
(WebCore::InspectorCanvasAgent::isShaderProgramHighlighted):

* inspector/InspectorInstrumentation.h:
* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::isShaderProgramHighlighted):
(WebCore::InspectorInstrumentation::isShaderProgramHighlightedImpl):

Source/WebInspectorUI:

* UserInterface/Models/ShaderProgram.js:
(WI.ShaderProgram):
(WI.ShaderProgram.prototype.showHighlight):
(WI.ShaderProgram.prototype.hideHighlight):

* UserInterface/Views/ShaderProgramTreeElement.js:
(WI.ShaderProgramTreeElement.prototype.onattach):
(WI.ShaderProgramTreeElement.prototype._handleMouseOver):
(WI.ShaderProgramTreeElement.prototype._handleMouseOut):
Whenever a ShaderProgramTreeElement is hovered, highlight the corresponding shader program
by tinting the pixels it draws via a blend.

LayoutTests:

* inspector/canvas/setShaderProgramHighlighted-expected.txt: Added.
* inspector/canvas/setShaderProgramHighlighted.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230127 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed, rolling out r230125.
ryanhaddad@apple.com [Sat, 31 Mar 2018 03:09:26 +0000 (03:09 +0000)]
Unreviewed, rolling out r230125.

Build fix broke more builds.

Reverted changeset:

"Unreviewed build fix, remove unused lambda capture."
https://trac.webkit.org/changeset/230125

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230126 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed build fix, remove unused lambda capture.
ryanhaddad@apple.com [Sat, 31 Mar 2018 02:54:32 +0000 (02:54 +0000)]
Unreviewed build fix, remove unused lambda capture.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::retrieveCacheEntry):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230125 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoSkip http/tests/resourceLoadStatistics/prevalent-resource-with-user-interaction-timeo...
ryanhaddad@apple.com [Sat, 31 Mar 2018 00:13:32 +0000 (00:13 +0000)]
Skip http/tests/resourceLoadStatistics/prevalent-resource-with-user-interaction-timeout.html
https://bugs.webkit.org/show_bug.cgi?id=178472

Unreviewed test gardening.

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230124 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoMark imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache...
ryanhaddad@apple.com [Sat, 31 Mar 2018 00:13:31 +0000 (00:13 +0000)]
Mark imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=184198

Unreviewed test gardening.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230123 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Extra zoom mode] Adopt list view controller UI for numeric input types
wenson_hsieh@apple.com [Sat, 31 Mar 2018 00:12:36 +0000 (00:12 +0000)]
[Extra zoom mode] Adopt list view controller UI for numeric input types
https://bugs.webkit.org/show_bug.cgi?id=184184
<rdar://problem/37238916>

Reviewed by Timothy Hatcher.

Source/WebCore:

Add a localized string for the OK button shown on number pads in extra zoomed form controls.

* English.lproj/Localizable.strings:
* platform/LocalizedStrings.cpp:
(WebCore::numberPadOKButtonTitle):
* platform/LocalizedStrings.h:

Source/WebKit:

Remove existing logic for presenting a number pad view controller, since number pads will now be handled as a
special case of general text form controls in extra zoom mode.

* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView presentViewControllerForCurrentAssistedNode]):
(-[WKContentView dismissAllInputViewControllers]):
(-[WKContentView _wheelChangedWithEvent:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230122 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUpdate availability annotations to match the macOS 10.13.4 and iOS 11.3 GM SDKs
mitz@apple.com [Sat, 31 Mar 2018 00:09:16 +0000 (00:09 +0000)]
Update availability annotations to match the macOS 10.13.4 and iOS 11.3 GM SDKs
https://bugs.webkit.org/show_bug.cgi?id=184173

Reviewed by Alex Christensen.

Changed WK_MAC_TBA and WK_IOS_TBA to 10.13.4 and 11.3, respectively, in all declarations that
appear in the GM SDKs.

* Shared/API/Cocoa/_WKNSWindowExtras.h:
* UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
* UIProcess/API/Cocoa/WKOpenPanelParameters.h:
* UIProcess/API/Cocoa/WKOpenPanelParametersPrivate.h:
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/API/Cocoa/WKViewPrivate.h:
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/API/Cocoa/WKWebsiteDataRecord.h:
* UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
* UIProcess/API/Cocoa/_WKApplicationManifest.h:
* UIProcess/API/Cocoa/_WKAttachment.h:
* UIProcess/API/Cocoa/_WKAutomationSession.h:
* UIProcess/API/Cocoa/_WKAutomationSessionConfiguration.h:
* UIProcess/API/Cocoa/_WKDownload.h:
* UIProcess/API/Cocoa/_WKDownloadDelegate.h:
* UIProcess/API/Cocoa/_WKFocusedElementInfo.h:
* UIProcess/API/Cocoa/_WKFullscreenDelegate.h:
* UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
* UIProcess/API/Cocoa/_WKRemoteWebInspectorViewController.h:
* UIProcess/API/Cocoa/_WKVisitedLinkStore.h:
* UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h:
* UIProcess/API/Cocoa/_WKWebsitePolicies.h:
* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandlePrivate.h:
* WebProcess/InjectedBundle/API/mac/WKDOMDocument.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230121 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoCopying a list from Microsoft Word to TinyMCE fails when mso-list is the first property
rniwa@webkit.org [Fri, 30 Mar 2018 23:57:50 +0000 (23:57 +0000)]
Copying a list from Microsoft Word to TinyMCE fails when mso-list is the first property
https://bugs.webkit.org/show_bug.cgi?id=182938
<rdar://problem/37683007>

Reviewed by Wenson Hsieh.

Source/WebCore:

Made the logic to detect Microsoft Word's mso-list CSS property more generic by detecting
inline styles which start with "mso-list:" and one which line-break right before it: "\nmso-list:"

Tests: PasteHTML.PreservesMSOList

* editing/markup.cpp:
(WebCore::StyledMarkupAccumulator::shouldPreserveMSOListStyleForElement):

Tools:

Added more assertions to PasteHTML.PreservesMSOList for preserving an inline style which starts with mso-list
or the one which line-breaks right before it.

* TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:
* TestWebKitAPI/Tests/WebKitCocoa/mso-list.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoWebAssembly compilation from DataView
jfbastien@apple.com [Fri, 30 Mar 2018 23:12:44 +0000 (23:12 +0000)]
WebAssembly compilation from DataView

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoNetworkLoadChecker should upgrade redirects if needed
youenn@apple.com [Fri, 30 Mar 2018 21:50:02 +0000 (21:50 +0000)]
NetworkLoadChecker should upgrade redirects if needed
https://bugs.webkit.org/show_bug.cgi?id=184098

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/beacon/resources/beacon-preflight.py: Added.
* web-platform-tests/beacon/resources/redirect.py: Added.
* web-platform-tests/beacon/resources/upgrade-iframe.html: Added.
* web-platform-tests/beacon/resources/upgrade-redirect-iframe.html: Added.
* web-platform-tests/beacon/upgrade-beacon.https-expected.txt: Added.
* web-platform-tests/beacon/upgrade-beacon.https.html: Added.

Source/WebCore:

Test: imported/w3c/web-platform-tests/beacon/upgrade-beacon.https.html

* page/csp/ContentSecurityPolicy.h:

Source/WebKit:

In case of redirections, upgrade URL according CSP.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::checkRequest):
(WebKit::NetworkLoadChecker::contentSecurityPolicy const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230118 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoASSERTION FAILED: ASSERT(!containsImage || MIMETypeRegistry::isSupportedImageResource...
dbates@webkit.org [Fri, 30 Mar 2018 21:01:35 +0000 (21:01 +0000)]
ASSERTION FAILED: ASSERT(!containsImage || MIMETypeRegistry::isSupportedImageResourceMIMEType([resource MIMEType])) in -[NSPasteboard(WebExtras) _web_writePromisedRTFDFromArchive:containsImage:]
https://bugs.webkit.org/show_bug.cgi?id=184161

Reviewed by Per Arne Vollan.

.:

* ManualTests/DragInlinePDFImageDocument.html: Added.
* ManualTests/resources/simple.pdf: Added.

Source/WebCore:

Fixes an assertion failure when quiting an app that uses a Legacy WebKit web view
after dragging-and-dropping a PDF embedded using an HTML image element into the
same web view.

When performing a drag-and-drop of a PDF document image (WebCore::PDFDocumentImage) we create a WebArchive
from the main frame's WebHTMLView and promise AppKit that will provide a Rich Text Format (RTF) document
from this archive if needed. For some reason, on app termination AppKit requests that the WebHTMLView
fullfill its RTF document promise for the WebArchive created at the start of the drag operation. WebKit
expects that the created WebArchive is either for an inline image (e.g. <img>) or an image document that
has a supported image resource MIME type (by querying MIMETypeRegistry::isSupportedImageResourceMIMEType())
and checks for these cases in this order. PDF/PostScript are not listed in the set of supported image
resource MIME types. So, the first check fails and WebKit assumes that the WebArchive was created from
an image document of a supported image resource MIME type. However, the WebArchive was created from a
WebHTMLView and has MIME type text/html. Therefore the assertion fails. We need to add PDF and PostScript
to the set of supported image resource MIME types so that WebKit does not fall back to the WebHTMLView
code path. Historically, PDF and PostScript were in the set supported image resource MIME types. Over time
the set of MIME types for image resouces (images loaded as a document) became identical to the set of MIME
types for images loaded inline (e.g. <img>) and this set omitted the MIME types for PDF and PostScript.

Additionally it is sufficient to implement MIMETypeRegistry::isSupportedImageResourceMIMEType() in terms
of MIMETypeRegistry::isSupportedImageMIMEType() and MIMETypeRegistry::isPDFOrPostScriptMIMEType() instead
of allocating a dedicated HashSet for the supported image resource MIME types (as we currently do).

* dom/DOMImplementation.cpp:
(WebCore::DOMImplementation::createDocument): Assert that PDF is a supported image MIME type before
instantiating an ImageDocument.
* platform/MIMETypeRegistry.cpp:
(WebCore::initializeSupportedImageMIMETypes): Remove unnecessary allocation of a HashSet for the support
image resource MIME types.
(WebCore::MIMETypeRegistry::isSupportedImageResourceMIMEType): Write in terms of MIMETypeRegistry::isSupportedImageMIMEType()
and MIMETypeRegistry::isPDFOrPostScriptMIMEType().
(WebCore::MIMETypeRegistry::getSupportedImageResourceMIMETypes): Deleted.
* platform/MIMETypeRegistry.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230117 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoWorkQueueWin: don't move rvalues
jfbastien@apple.com [Fri, 30 Mar 2018 20:46:58 +0000 (20:46 +0000)]
WorkQueueWin: don't move rvalues
https://bugs.webkit.org/show_bug.cgi?id=184190
<rdar://problem/39049850>

Reviewed by Mark Lam.

As part of #184167 optional is now more frequently an rvalue
reference, and moving its .value() is not a thing that should be
done anymore.

* wtf/win/WorkQueueWin.cpp:
(WTF::WorkQueue::unregisterAndCloseHandle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoBytecode generator should not get_from_scope something that may be a hole into a...
fpizlo@apple.com [Fri, 30 Mar 2018 20:31:00 +0000 (20:31 +0000)]
Bytecode generator should not get_from_scope something that may be a hole into a variable that is already live
https://bugs.webkit.org/show_bug.cgi?id=184189

Reviewed by JF Bastien.

JSTests:

* stress/load-hole-from-scope-into-live-var.js: Added.
(result.eval.try.switch):
(catch):

Source/JavaScriptCore:

* bytecompiler/NodesCodegen.cpp:
(JSC::ResolveNode::emitBytecode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoMark inspector/unit-tests/debounce.html as flaky.
ryanhaddad@apple.com [Fri, 30 Mar 2018 20:25:26 +0000 (20:25 +0000)]
Mark inspector/unit-tests/debounce.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=184057

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230114 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove CXX_REFERENCE_QUALIFIED_FUNCTIONS and optional's equivalent
jfbastien@apple.com [Fri, 30 Mar 2018 19:16:55 +0000 (19:16 +0000)]
Remove CXX_REFERENCE_QUALIFIED_FUNCTIONS and optional's equivalent
https://bugs.webkit.org/show_bug.cgi?id=184167
<rdar://problem/39023130>

Reviewed by Yusuke Suzuki.

Remove COMPILER_SUPPORTS(CXX_REFERENCE_QUALIFIED_FUNCTIONS), it's
supported by all compilers WebKit supports (it's a C++11 feature,
*detection* of it with __has_extension was added to clang on May
13th 2011, and VS2015 / GCC support it).

Optional.h had a similar thing, ditch it too.

* wtf/Compiler.h:
* wtf/Optional.h:
(std::optional::contained_val const):
(std::optional::contained_val):
* wtf/Ref.h:
* wtf/RefPtr.h:
* wtf/text/WTFString.cpp:
* wtf/text/WTFString.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230113 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Web Animations] CSSTransition objects should have fill: backwards to allow seeking...
graouts@webkit.org [Fri, 30 Mar 2018 18:45:54 +0000 (18:45 +0000)]
[Web Animations] CSSTransition objects should have fill: backwards to allow seeking prior to start time
https://bugs.webkit.org/show_bug.cgi?id=184129

Reviewed by Dean Jackson.

Source/WebCore:

In order to allow a CSS Transition to be seeked prior to its start time, it needs to have its fill mode set
to backwards. Adding code to set the fill mode in CSSTransition::initialize() yields early timing model
invalidation and we could get in a situation where stylesWouldYieldNewCSSTransitionsBlendingKeyframes()
was called before we had a chance to create blending keyframes for a CSS transitions, since the call
to create blending keyframes is made after the call to initialize(), so we now cater for this case.

* animation/CSSTransition.cpp:
(WebCore::CSSTransition::initialize):
* animation/CSSTransition.h:
* animation/KeyframeEffectReadOnly.cpp:
(WebCore::KeyframeEffectReadOnly::stylesWouldYieldNewCSSTransitionsBlendingKeyframes const):

LayoutTests:

Make one test opt into CSS Animations and CSS Transitions as Web Animations and fix expectations for a CSSTransition
test which mistakenly assumes the fill to be "none".

* transitions/transition-in-delay-phase.html:
* webanimations/css-transitions.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230112 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoIntroduce WTF_LAZY_INSTANTIATE
jfbastien@apple.com [Fri, 30 Mar 2018 17:36:20 +0000 (17:36 +0000)]
Introduce WTF_LAZY_INSTANTIATE
https://bugs.webkit.org/show_bug.cgi?id=184169
<rdar://problem/39023385>

Reviewed by Mark Lam.

As part of #184164 I'm adding some forwarding methods to
WTF::String. These need to forward RetainPtr and CString, and
usually that would require #include'ing RetainPtr.h and CString.h
to WTFString.h which isn't really something we should do.

Introduce WTF_LAZY_INSTANTIATE to forward-declare functions which
just pass parameters to another function, and return whatever that
other function returned, without having to include the return's /
parameters' type header.

Try it out here: godbolt.org/g/oV8G5Q

* wtf/Forward.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230109 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUpdate messages.py codegen for String, fix tests
jfbastien@apple.com [Fri, 30 Mar 2018 17:30:18 +0000 (17:30 +0000)]
Update messages.py codegen for String, fix tests
https://bugs.webkit.org/show_bug.cgi?id=184179
<rdar://problem/39041352>

Reviewed by Mark Lam.

I updated some of the code in
https://trac.webkit.org/changeset/230097 and auto-magically used a
script to update copyright headers... and that broke the tests
which checked for a particular date. Update all of the headers.

Part of this change updates the code generated by messages.py

* Scripts/webkit/LegacyMessageReceiver-expected.cpp:
* Scripts/webkit/MessageReceiver-expected.cpp:
* Scripts/webkit/MessageReceiverSuperclass-expected.cpp:
* Scripts/webkit/MessagesSuperclass-expected.h:
* Scripts/webkit/messages.py:
* Scripts/webkit/messages_unittest.py:
(GeneratedFileContentsTest.assertGeneratedFileContentsEqual):
generate a better error message

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230108 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove unused MIMETypeRegistry::getSupportedImageMIMETypesForEncoding()
dbates@webkit.org [Fri, 30 Mar 2018 16:55:12 +0000 (16:55 +0000)]
Remove unused MIMETypeRegistry::getSupportedImageMIMETypesForEncoding()
https://bugs.webkit.org/show_bug.cgi?id=184154

Reviewed by Per Arne Vollan.

* platform/MIMETypeRegistry.cpp:
(WebCore::MIMETypeRegistry::getSupportedImageMIMETypesForEncoding): Deleted.
* platform/MIMETypeRegistry.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230107 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoAdd pointer profiling support to Wasm.
mark.lam@apple.com [Fri, 30 Mar 2018 16:31:06 +0000 (16:31 +0000)]
Add pointer profiling support to Wasm.
https://bugs.webkit.org/show_bug.cgi?id=184175
<rdar://problem/39027923>

Reviewed by JF Bastien.

* runtime/PtrTag.h:
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addGrowMemory):
(JSC::Wasm::B3IRGenerator::addCall):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
(JSC::Wasm::B3IRGenerator::addOp<OpType::I32Popcnt>):
(JSC::Wasm::B3IRGenerator::addOp<OpType::I64Popcnt>):
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::complete):
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* wasm/WasmBinding.h:
* wasm/WasmFaultSignalHandler.cpp:
(JSC::Wasm::trapHandler):
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
* wasm/WasmThunks.cpp:
(JSC::Wasm::throwExceptionFromWasmThunkGenerator):
(JSC::Wasm::throwStackOverflowFromWasmThunkGenerator):
(JSC::Wasm::triggerOMGTierUpThunkGenerator):
* wasm/js/WasmToJS.cpp:
(JSC::Wasm::handleBadI64Use):
(JSC::Wasm::wasmToJS):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::callWebAssemblyFunction):
* wasm/js/WebAssemblyFunction.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230106 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed, rolling out r230102.
ryanhaddad@apple.com [Fri, 30 Mar 2018 16:05:22 +0000 (16:05 +0000)]
Unreviewed, rolling out r230102.

Caused assertion failures on JSC bots.

Reverted changeset:

"A stack overflow in the parsing of a builtin (called by
createExecutable) cause a crash instead of a catchable js
exception"
https://bugs.webkit.org/show_bug.cgi?id=184074
https://trac.webkit.org/changeset/230102

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230105 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoMark imported/w3c/web-platform-tests/IndexedDB/idbobjectstore_createIndex7-event_orde...
ryanhaddad@apple.com [Fri, 30 Mar 2018 16:00:10 +0000 (16:00 +0000)]
Mark imported/w3c/web-platform-tests/IndexedDB/idbobjectstore_createIndex7-event_order.htm as flaky.
https://bugs.webkit.org/show_bug.cgi?id=184116

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230104 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoInlining of a function that ends in op_unreachable in a non-tail position triggers...
rmorisset@apple.com [Fri, 30 Mar 2018 14:03:10 +0000 (14:03 +0000)]
Inlining of a function that ends in op_unreachable in a non-tail position triggers an ASSERT
https://bugs.webkit.org/show_bug.cgi?id=183812

Reviewed by Keith Miller.

JSTests:

* stress/inlining-unreachable-non-tail.js: Added.
(foo.):
(foo):

Source/JavaScriptCore:

The fix I landed for https://bugs.webkit.org/show_bug.cgi?id=181027 was flawed: I tried setting the bytecodeIndex for the new block on line 1679 (at the end of inlineCall), but it is going to be reset on line 6612 (in parseCodeBlock).
The fix is simply to make the block untargetable by default, and let parseCodeBlock make it targetable afterwards if it is a jump target.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::allocateTargetableBlock):
(JSC::DFG::ByteCodeParser::inlineCall):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230103 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoA stack overflow in the parsing of a builtin (called by createExecutable) cause a...
rmorisset@apple.com [Fri, 30 Mar 2018 12:39:43 +0000 (12:39 +0000)]
A stack overflow in the parsing of a builtin (called by createExecutable) cause a crash instead of a catchable js exception
https://bugs.webkit.org/show_bug.cgi?id=184074
<rdar://problem/37165897>

Reviewed by Keith Miller.

JSTests:

* stress/stack-overflow-while-parsing-builtin.js: Added.
(f):

Source/JavaScriptCore:

Fixing this requires getting the ParserError (with information about the failure) and an ExecState* (to throw an exception) in the same place.
It is surprisingly painful, with quite a long call stack between the last function with an access to an ExecState* and the first function with the ParserError.
Even worse, many of these functions are generated by macros, themselves generated by a maze of python scripts.
As a result, this patch is grotesquely large, while all it does is adding enough plumbing to throw a proper exception in this specific case.

There are now bare calls to '.value()' on several paths that may crash. It is not a problem in my opinion, since we previously crashed in every case regardless of the path that took us to createExecutable when encountering a stack overflow.
If we ever find an example that can cause these calls to fail, it should be doable to throw a proper exception there too.

Two other minor changes:
- I removed BuiltinExecutableCreator.{cpp, h} as it was nearly empty, and only used in one place. That place now includes BuiltinExecutables.h directly instead.
- I moved code from ParserError.h into a newly created ParserError.cpp, as I see no need to inline functions that are only used when encountering a parser error, and ParserError.h is now included in quite a few places.

* JavaScriptCore.xcodeproj/project.pbxproj:
* Scripts/builtins/builtins_generate_combined_header.py:
(BuiltinsCombinedHeaderGenerator.generate_forward_declarations):
(ParserError):
(generate_section_for_object): Deleted.
(generate_externs_for_object): Deleted.
(generate_macros_for_object): Deleted.
(generate_section_for_code_table_macro): Deleted.
(generate_section_for_code_name_macro): Deleted.
(generate_section_for_global_private_code_name_macro): Deleted.
* Scripts/builtins/builtins_generate_separate_header.py:
(generate_secondary_header_includes):
* Scripts/builtins/builtins_templates.py:
* Sources.txt:
* builtins/BuiltinExecutableCreator.cpp: Removed.
* builtins/BuiltinExecutableCreator.h: Removed.
* builtins/BuiltinExecutables.cpp:
(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createBuiltinExecutable):
(JSC::createBuiltinExecutable):
(JSC::BuiltinExecutables::createExecutableOrCrash):
(JSC::BuiltinExecutables::createExecutable):
* builtins/BuiltinExecutables.h:
* bytecompiler/BytecodeGenerator.h:
* parser/ParserError.cpp: Added.
(JSC::ParserError::toErrorObject):
(JSC::ParserError::throwStackOverflowOrOutOfMemory):
(WTF::printInternal):
* parser/ParserError.h:
(JSC::ParserError::toErrorObject): Deleted.
(WTF::printInternal): Deleted.
* runtime/AsyncIteratorPrototype.cpp:
(JSC::AsyncIteratorPrototype::finishCreation):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSObject.cpp:
(JSC::JSObject::getOwnStaticPropertySlot):
(JSC::JSObject::reifyAllStaticProperties):
* runtime/JSObject.h:
(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::getOwnPropertySlot):
(JSC::JSObject::getPropertySlot):
* runtime/JSObjectInlines.h:
(JSC::JSObject::getNonIndexPropertySlot):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/Lookup.cpp:
(JSC::reifyStaticAccessor):
(JSC::setUpStaticFunctionSlot):
* runtime/Lookup.h:
(JSC::getStaticPropertySlotFromTable):
(JSC::reifyStaticProperty):
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
* tools/JSDollarVM.cpp:
(JSC::functionCreateBuiltin):

Source/WebCore:

I had to slightly change the type of some bindings between JSC and WebCore. No functional change intended on the WebCore side.

* bindings/js/JSReadableStreamPrivateConstructors.cpp:
(WebCore::JSBuiltinReadableStreamDefaultReaderPrivateConstructor::initializeExecutable):
(WebCore::JSBuiltinReadableStreamDefaultControllerPrivateConstructor::initializeExecutable):
(WebCore::JSBuiltinReadableByteStreamControllerPrivateConstructor::initializeExecutable):
(WebCore::JSBuiltinReadableStreamBYOBReaderPrivateConstructor::initializeExecutable):
(WebCore::JSBuiltinReadableStreamBYOBRequestPrivateConstructor::initializeExecutable):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorHelperMethods):
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
(WebCore::JSTestClassWithJSBuiltinConstructorConstructor::initializeExecutable):
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
(WebCore::JSTestJSBuiltinConstructorConstructor::initializeExecutable):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230102 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoOut-of-bounds accesses due to a missing check for MAX_STORAGE_VECTOR_LENGTH in unshif...
rmorisset@apple.com [Fri, 30 Mar 2018 12:05:34 +0000 (12:05 +0000)]
Out-of-bounds accesses due to a missing check for MAX_STORAGE_VECTOR_LENGTH in unshiftCountForAnyIndexingType
https://bugs.webkit.org/show_bug.cgi?id=183657
JSTests:

Reviewed by Keith Miller.

* stress/large-unshift-splice.js: Added.
(make_contig_arr):

Source/JavaScriptCore:

<rdar://problem/38464399>

Reviewed by Keith Miller.

There was just a missing check in unshiftCountForIndexingType.
I've also replaced 'return false' by 'return true' in the case of an 'out-of-memory' exception, because 'return false' means 'please continue to the slow path',
and the slow path has an assert that there is no unhandled exception (line 360 of ArrayPrototype.cpp).
Finally, I made the assert in ensureLength a release assert as it would have caught this bug and prevented it from being a security risk.

* runtime/ArrayPrototype.cpp:
(JSC::unshift):
* runtime/JSArray.cpp:
(JSC::JSArray::unshiftCountWithAnyIndexingType):
* runtime/JSObject.h:
(JSC::JSObject::ensureLength):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230101 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Web Animations] Correctly obtain the timing function for a given keyframe
graouts@webkit.org [Fri, 30 Mar 2018 05:41:47 +0000 (05:41 +0000)]
[Web Animations] Correctly obtain the timing function for a given keyframe
https://bugs.webkit.org/show_bug.cgi?id=184146

Reviewed by Dean Jackson.

Source/WebCore:

The way we would get the timing function for a given KeyframeValue stored in a KeyframeList was really suboptimal.
When keyframes were created, we would set the animated element's style on each keyframe, and set keyframe-specific
properties and values on top. When figuring out the timing function for a KeyframeValue, we would look at its render
style, go through its list of animations, which could include animations that are irrelevant to this specific keyframe
list since all animations from the animated element are referenced, and we would have to look up the correct animation
by name and get the timing function, even though the timing function stored on the animation was now specific to this
particular keyframe.

We now simply set a m_timingFunction member on a KeyframeValue, which is null if no explicit animation-timing-function
was provided for this keyframe in CSS, and otherwise set to a valid TimingFunction.

This fixes our behavior for a 4 existing animation tests when opted into the CSS Animations and CSS Transitions as
Web Animations feature.

* animation/KeyframeEffectReadOnly.cpp:
(WebCore::KeyframeEffectReadOnly::timingFunctionForKeyframeAtIndex):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::keyframeStylesForAnimation):
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty const):
* platform/animation/TimingFunction.cpp:
(WebCore::TimingFunction::createFromCSSText):
(WebCore::TimingFunction::createFromCSSValue):
* platform/animation/TimingFunction.h:
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::startAnimation):
* rendering/style/KeyframeList.cpp:
(WebCore::KeyframeValue::timingFunction const): Deleted.
* rendering/style/KeyframeList.h:
(WebCore::KeyframeValue::timingFunction const):
(WebCore::KeyframeValue::setTimingFunction):

LayoutTests:

Make 4 tests opt into CSS Animations and CSS Transitions as Web Animations.

* animations/keyframe-timing-functions-transform.html:
* animations/keyframe-timing-functions.html:
* animations/keyframe-timing-functions2.html:
* animations/missing-keyframe-properties-timing-function.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230100 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoCopying a list from Microsoft Word to TinyMCE fails when mso-list is on tags other...
rniwa@webkit.org [Fri, 30 Mar 2018 05:33:17 +0000 (05:33 +0000)]
Copying a list from Microsoft Word to TinyMCE fails when mso-list is on tags other than P
https://bugs.webkit.org/show_bug.cgi?id=182954
<rdar://problem/37713141>

Reviewed by Wenson Hsieh.

Source/WebCore:

Fixed the bug by relaxing the restriction that we only preserve mso-list on p.

Tests: PasteHTML.PreservesMSOListOnH4

* editing/markup.cpp:
(WebCore::StyledMarkupAccumulator::shouldPreserveMSOListStyleForElement):

Tools:

Added a test case for a HTML generated by Microsoft Word which sets mso-list on h4.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:
* TestWebKitAPI/Tests/WebKitCocoa/mso-list-compat-mode.html: Fixed the file path.
* TestWebKitAPI/Tests/WebKitCocoa/mso-list-on-h4.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230099 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoAdd some pointer profiling support to B3 and Air.
mark.lam@apple.com [Fri, 30 Mar 2018 05:13:32 +0000 (05:13 +0000)]
Add some pointer profiling support to B3 and Air.
https://bugs.webkit.org/show_bug.cgi?id=184165
<rdar://problem/39022125>

Reviewed by JF Bastien.

* b3/B3LowerMacros.cpp:
* b3/B3LowerMacrosAfterOptimizations.cpp:
* b3/B3MathExtras.cpp:
* b3/B3ReduceStrength.cpp:
* b3/air/AirCCallSpecial.cpp:
(JSC::B3::Air::CCallSpecial::generate):
* b3/air/AirCCallSpecial.h:
* b3/testb3.cpp:
(JSC::B3::testCallSimple):
(JSC::B3::testCallRare):
(JSC::B3::testCallRareLive):
(JSC::B3::testCallSimplePure):
(JSC::B3::testCallFunctionWithHellaArguments):
(JSC::B3::testCallFunctionWithHellaArguments2):
(JSC::B3::testCallFunctionWithHellaArguments3):
(JSC::B3::testCallSimpleDouble):
(JSC::B3::testCallSimpleFloat):
(JSC::B3::testCallFunctionWithHellaDoubleArguments):
(JSC::B3::testCallFunctionWithHellaFloatArguments):
(JSC::B3::testLinearScanWithCalleeOnStack):
(JSC::B3::testInterpreter):
(JSC::B3::testLICMPure):
(JSC::B3::testLICMPureSideExits):
(JSC::B3::testLICMPureWritesPinned):
(JSC::B3::testLICMPureWrites):
(JSC::B3::testLICMReadsLocalState):
(JSC::B3::testLICMReadsPinned):
(JSC::B3::testLICMReads):
(JSC::B3::testLICMPureNotBackwardsDominant):
(JSC::B3::testLICMPureFoiledByChild):
(JSC::B3::testLICMPureNotBackwardsDominantFoiledByChild):
(JSC::B3::testLICMExitsSideways):
(JSC::B3::testLICMWritesLocalState):
(JSC::B3::testLICMWrites):
(JSC::B3::testLICMFence):
(JSC::B3::testLICMWritesPinned):
(JSC::B3::testLICMControlDependent):
(JSC::B3::testLICMControlDependentNotBackwardsDominant):
(JSC::B3::testLICMControlDependentSideExits):
(JSC::B3::testLICMReadsPinnedWritesPinned):
(JSC::B3::testLICMReadsWritesDifferentHeaps):
(JSC::B3::testLICMReadsWritesOverlappingHeaps):
(JSC::B3::testLICMDefaultCall):
(JSC::B3::testShuffleDoesntTrashCalleeSaves):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
* jit/GPRInfo.h:
* runtime/PtrTag.h:
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230098 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUse Forward.h instead of forward-declaring WTF::String
jfbastien@apple.com [Fri, 30 Mar 2018 05:05:15 +0000 (05:05 +0000)]
Use Forward.h instead of forward-declaring WTF::String
https://bugs.webkit.org/show_bug.cgi?id=184172
<rdar://problem/39026146>

Reviewed by Yusuke Suzuki.

As part of #184164 I'm changing WTF::String, and the forward
declarations are just wrong because I'm making it templated. We
should use Forward.h anyways, so do that instead.

Source/JavaScriptCore:

* runtime/DateConversion.h:

Source/WebCore:

* css/makeprop.pl:
* platform/cocoa/PlaybackSessionInterface.h:
* platform/ios/Device.h:
* platform/ios/PlaybackSessionInterfaceAVKit.h:
* platform/ios/VideoFullscreenInterfaceAVKit.h:
* platform/win/PathWalker.h:
* testing/js/WebCoreTestSupport.h:

Source/WebKit:

* Scripts/webkit/LegacyMessages-expected.h:
* Scripts/webkit/Messages-expected.h:
* Scripts/webkit/MessagesSuperclass-expected.h:
* UIProcess/WebOpenPanelResultListenerProxy.h:

Source/WebKitLegacy/mac:

* WebView/WebScriptDebugger.h:

Source/WTF:

* wtf/Forward.h:
* wtf/HashTraits.h:
* wtf/PrintStream.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230097 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUse MacroAssemblerCodePtr in Wasm code for code pointers instead of void*.
mark.lam@apple.com [Fri, 30 Mar 2018 05:04:44 +0000 (05:04 +0000)]
Use MacroAssemblerCodePtr in Wasm code for code pointers instead of void*.
https://bugs.webkit.org/show_bug.cgi?id=184163
<rdar://problem/39020397>

Reviewed by JF Bastien.

With the use of MacroAssemblerCodePtr, we now get poisoning for Wasm code pointers.

Also renamed some structs, methods, and variable names to be more accurate.
Previously, there is some confusion between a code pointer and the address of a
code pointer (sometimes referred to in the code as a "LoadLocation").  We now name
the LoadLocation variables appropriately to distinguish them from code pointers.

* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addCall):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* wasm/WasmCodeBlock.cpp:
(JSC::Wasm::CodeBlock::CodeBlock):
* wasm/WasmCodeBlock.h:
(JSC::Wasm::CodeBlock::entrypointLoadLocationFromFunctionIndexSpace):
(JSC::Wasm::CodeBlock::wasmEntrypointLoadLocationFromFunctionIndexSpace): Deleted.
* wasm/WasmFormat.h:
(JSC::Wasm::WasmToWasmImportableFunction::WasmToWasmImportableFunction):
(JSC::Wasm::WasmToWasmImportableFunction::offsetOfEntrypointLoadLocation):
(JSC::Wasm::CallableFunction::CallableFunction): Deleted.
(JSC::Wasm::CallableFunction::offsetOfWasmEntrypointLoadLocation): Deleted.
* wasm/WasmInstance.h:
(JSC::Wasm::Instance::offsetOfWasmEntrypointLoadLocation):
(JSC::Wasm::Instance::offsetOfWasmToEmbedderStub):
(JSC::Wasm::Instance::offsetOfWasmEntrypoint): Deleted.
(JSC::Wasm::Instance::offsetOfWasmToEmbedderStubExecutableAddress): Deleted.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
* wasm/WasmTable.cpp:
(JSC::Wasm::Table::Table):
(JSC::Wasm::Table::grow):
(JSC::Wasm::Table::clearFunction):
(JSC::Wasm::Table::setFunction):
* wasm/WasmTable.h:
(JSC::Wasm::Table::offsetOfFunctions):
* wasm/js/JSWebAssemblyCodeBlock.h:
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::finalizeCreation):
(JSC::JSWebAssemblyInstance::create):
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::setFunction):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::create):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
* wasm/js/WebAssemblyFunction.h:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::link):
(JSC::WebAssemblyModuleRecord::evaluate):
* wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::WebAssemblyWrapperFunction):
(JSC::WebAssemblyWrapperFunction::create):
* wasm/js/WebAssemblyWrapperFunction.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230096 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agorun-jsc-benchmarks should recognize Windows-style build directory structure.
ross.kirsling@sony.com [Fri, 30 Mar 2018 04:35:07 +0000 (04:35 +0000)]
run-jsc-benchmarks should recognize Windows-style build directory structure.
https://bugs.webkit.org/show_bug.cgi?id=184117

Reviewed by Yusuke Suzuki.

* Scripts/run-jsc-benchmarks:
Allow not only bin/jsc but also bin64/jsc.exe.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230093 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove WTF_EXPORTDATA and JS_EXPORTDATA
utatane.tea@gmail.com [Fri, 30 Mar 2018 04:16:30 +0000 (04:16 +0000)]
Remove WTF_EXPORTDATA and JS_EXPORTDATA
https://bugs.webkit.org/show_bug.cgi?id=184170

Reviewed by JF Bastien.

Replace WTF_EXPORTDATA and JS_EXPORTDATA with
WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE respectively.

Source/JavaScriptCore:

* heap/WriteBarrierSupport.h:
* jit/ExecutableAllocator.cpp:
* jit/ExecutableAllocator.h:
* runtime/JSCPoison.h:
* runtime/JSCell.h:
* runtime/JSExportMacros.h:
* runtime/JSGlobalObject.h:
* runtime/JSObject.h:
* runtime/Options.h:
* runtime/PropertyDescriptor.h:
* runtime/PropertyMapHashTable.h:
* runtime/SamplingCounter.h:

Source/WTF:

* wtf/ExportMacros.h:
* wtf/Gigacage.h:
* wtf/HashTable.h:
* wtf/Threading.h:
* wtf/text/AtomicString.cpp:
* wtf/text/AtomicString.h:
* wtf/text/StringImpl.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230092 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoMSVC __forceinline slows down JSC release build fivefold after r229391
ross.kirsling@sony.com [Fri, 30 Mar 2018 02:47:34 +0000 (02:47 +0000)]
MSVC __forceinline slows down JSC release build fivefold after r229391
https://bugs.webkit.org/show_bug.cgi?id=184062

Reviewed by Alex Christensen.

Source/JavaScriptCore:

* jit/CCallHelpers.h:
(JSC::CCallHelpers::marshallArgumentRegister):
Exempt MSVC from a single forced inline used within recursive templates.

Source/WebCore:

* platform/graphics/FormatConverter.cpp:
Factor ALWAYS_INLINE_EXCEPT_MSVC out to WTF.

Source/WTF:

* wtf/Compiler.h:
Add ALWAYS_INLINE_EXCEPT_MSVC to support MSVC optimizer sensitivities.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230091 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoRemove WTF_EXPORT_STRING_API
jfbastien@apple.com [Fri, 30 Mar 2018 02:36:03 +0000 (02:36 +0000)]
Remove WTF_EXPORT_STRING_API
https://bugs.webkit.org/show_bug.cgi?id=184168
<rdar://problem/39023253>

Reviewed by Yusuke Suzuki.

Remove WTF_EXPORT_STRING_API as requested by a FIXME, and use
WTF_EXPORT_PRIVATE instead.

* wtf/ExportMacros.h:
* wtf/text/AtomicString.h:
* wtf/text/AtomicStringImpl.h:
* wtf/text/StringImpl.h:
* wtf/text/StringView.h:
* wtf/text/SymbolImpl.h:
* wtf/text/WTFString.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230090 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed, rolling out r230087.
ryanhaddad@apple.com [Fri, 30 Mar 2018 01:24:00 +0000 (01:24 +0000)]
Unreviewed, rolling out r230087.

Introduced LayoutTest failures.

Reverted changeset:

"FrameSelection::appearanceUpdateTimerFired should be robust
against layout passes underneath it"
https://bugs.webkit.org/show_bug.cgi?id=183395
https://trac.webkit.org/changeset/230087

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230089 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoWeb Automation: clipToViewport is ignored for element screenshots
bburg@apple.com [Fri, 30 Mar 2018 00:07:40 +0000 (00:07 +0000)]
Web Automation: clipToViewport is ignored for element screenshots
https://bugs.webkit.org/show_bug.cgi?id=184158
<rdar://problem/39014307>

Reviewed by Timothy Hatcher.

In §19.2 Take Element Screenshot, step 5.2 says that we should clip
the element screenshot rect with the visible viewport rect. We don't
do that right now even though we pass over clipToViewport.

* WebProcess/Automation/WebAutomationSessionProxy.cpp:
(WebKit::snapshotRectForScreenshot):
Clip the rect to viewport if needed.

(WebKit::WebAutomationSessionProxy::takeScreenshot):
This scrollIntoView is misplaced; by this point we have already done
the math to figure out the screenshot rect. Move it before computing the rect.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230088 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoFrameSelection::appearanceUpdateTimerFired should be robust against layout passes...
wenson_hsieh@apple.com [Thu, 29 Mar 2018 23:05:06 +0000 (23:05 +0000)]
FrameSelection::appearanceUpdateTimerFired should be robust against layout passes underneath it
https://bugs.webkit.org/show_bug.cgi?id=183395
<rdar://problem/38055732>

Reviewed by Zalan Bujtas.

Source/WebCore:

In the case where a FrameSelection updates its appearance when m_appearanceUpdateTimer is fired, the
FrameSelection's Frame is unprotected, and can be removed by arbitrary script. This patch applies a simple
mitigation by wrapping the Frame in a Ref when firing the appearance update timer, and ensuring that layout is
really up to date before calling updateAppearanceAfterLayoutOrStyleChange() from the timer.

Test: editing/selection/iframe-update-selection-appearance.html

* editing/FrameSelection.cpp:
(WebCore::FrameSelection::appearanceUpdateTimerFired):

LayoutTests:

Add a new layout test that passes if we didn't crash.

* editing/selection/iframe-update-selection-appearance-expected.txt: Added.
* editing/selection/iframe-update-selection-appearance.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230087 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoVersioning.
jmarcell@apple.com [Thu, 29 Mar 2018 23:02:09 +0000 (23:02 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230086 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoiOS build fix.
dino@apple.com [Thu, 29 Mar 2018 22:20:54 +0000 (22:20 +0000)]
iOS build fix.

* platform/graphics/cocoa/WebGLLayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoREGRESSION(r230035): ASSERT(MACH_PORT_VALID(m_sendPort)) hit in IPC::Connection:...
bfulgham@apple.com [Thu, 29 Mar 2018 21:59:54 +0000 (21:59 +0000)]
REGRESSION(r230035): ASSERT(MACH_PORT_VALID(m_sendPort)) hit in IPC::Connection::initializeSendSource()
https://bugs.webkit.org/show_bug.cgi?id=184122
<rdar://problem/39003606>

Reviewed by Chris Dumez.

One of the new assertions added in r230035 begin firing while running tests locally. This was happening
because the WebInspector was attempting to open a new connection to a web process that had already
terminated its mach port connection (a dead port).

We should avoid opening new connections when the port we were given is already dead.

* Platform/IPC/Connection.h:
(IPC::Connection::identifierIsValid): Added.
* Platform/IPC/mac/ConnectionMac.mm:
(IPC::Connection::platformInitialize): Do not perform initialization on a dead (or null) port.
(IPC::Connection::open): Add some assertions that ports are in a valid state.
(IPC::Connection::sendOutgoingMessage): Assert that the send port is not dead.
(IPC::Connection::receiveSourceEventHandler): Assert that the receive port is valid.
* UIProcess/ChildProcessProxy.cpp:
(WebKit::ChildProcessProxy::didFinishLaunching): Treat a dead port as a signal that the
child process failed to launch.
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::didFinishLaunching): Ditto.
* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::didFinishLaunching): Ditto.
* UIProcess/Storage/StorageProcessProxy.cpp:
(WebKit::StorageProcessProxy::didFinishLaunching): Ditto.
* WebProcess/Plugins/PluginProcessConnectionManager.cpp:
(WebKit::PluginProcessConnectionManager::getPluginProcessConnection): Ditto.
* WebProcess/WebPage/WebInspectorUI.cpp:
(WebKit::WebInspectorUI::establishConnection): Ditto.
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::ensureNetworkProcessConnection): Ditto.
(WebKit::WebProcess::ensureWebToStorageProcessConnection): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230084 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoSubstitute ArchiveFactory::isArchiveMIMEType() for ArchiveFactory::isArchiveMimeType().
dbates@webkit.org [Thu, 29 Mar 2018 21:53:35 +0000 (21:53 +0000)]
Substitute ArchiveFactory::isArchiveMIMEType() for ArchiveFactory::isArchiveMimeType().

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::commitLoad):
* loader/archive/ArchiveFactory.cpp:
(WebCore::ArchiveFactory::isArchiveMIMEType):
(WebCore::ArchiveFactory::isArchiveMimeType): Deleted.
* loader/archive/ArchiveFactory.h:
* platform/MIMETypeRegistry.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230083 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoMIMETypeRegistry should return const HashSets
dbates@webkit.org [Thu, 29 Mar 2018 21:49:25 +0000 (21:49 +0000)]
MIMETypeRegistry should return const HashSets
https://bugs.webkit.org/show_bug.cgi?id=184150

Reviewed by Per Arne Vollan.

Only getSupportedNonImageMIMETypes() needs to return a non-const HashSet so that
LegacyWebKit can modify the set of non-image MIME types.

* platform/MIMETypeRegistry.cpp:
(WebCore::MIMETypeRegistry::getSupportedImageMIMETypes):
(WebCore::MIMETypeRegistry::getSupportedImageResourceMIMETypes):
(WebCore::MIMETypeRegistry::getSupportedImageMIMETypesForEncoding):
(WebCore::MIMETypeRegistry::getSupportedMediaMIMETypes):
(WebCore::MIMETypeRegistry::getPDFMIMETypes):
(WebCore::MIMETypeRegistry::getUnsupportedTextMIMETypes):
* platform/MIMETypeRegistry.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUpdate Service Worker feature status.
beidson@apple.com [Thu, 29 Mar 2018 21:15:26 +0000 (21:15 +0000)]
Update Service Worker feature status.
https://bugs.webkit.org/show_bug.cgi?id=184139

Reviewed by Chris Dumez.

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230081 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoSynchronize SecurityOrigin related scheme registries with NetworkProcess
youenn@apple.com [Thu, 29 Mar 2018 20:36:06 +0000 (20:36 +0000)]
Synchronize SecurityOrigin related scheme registries with NetworkProcess
https://bugs.webkit.org/show_bug.cgi?id=184140

Reviewed by Chris Dumez.

Add syncing of scheme registries that are used by SecurityOrigin and ContentSecurityPolicy
so that we can properly use them in NetworkProcess as we do in WebProcess.
The registries that are not synced are:
- URLSchemeAsEmptyDocument
- URLSchemeDomainRelaxationForbidden
- URLSchemeAsCachePartitioned
- URLSchemeAsCanDisplayOnlyIfCanRequest

* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::initializeNetworkProcess):
(WebKit::NetworkProcess::registerURLSchemeAsSecure const):
(WebKit::NetworkProcess::registerURLSchemeAsBypassingContentSecurityPolicy const):
(WebKit::NetworkProcess::registerURLSchemeAsLocal const):
(WebKit::NetworkProcess::registerURLSchemeAsNoAccess const):
(WebKit::NetworkProcess::registerURLSchemeAsDisplayIsolated const):
(WebKit::NetworkProcess::registerURLSchemeAsCORSEnabled const):
(WebKit::NetworkProcess::registerURLSchemeAsCanDisplayOnlyIfCanRequest const):
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* NetworkProcess/NetworkProcessCreationParameters.cpp:
(WebKit::NetworkProcessCreationParameters::encode const):
(WebKit::NetworkProcessCreationParameters::decode):
* NetworkProcess/NetworkProcessCreationParameters.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess):
(WebKit::WebProcessPool::registerURLSchemeAsSecure):
(WebKit::WebProcessPool::registerURLSchemeAsBypassingContentSecurityPolicy):
(WebKit::WebProcessPool::registerURLSchemeAsLocal):
(WebKit::WebProcessPool::registerURLSchemeAsNoAccess):
(WebKit::WebProcessPool::registerURLSchemeAsDisplayIsolated):
(WebKit::WebProcessPool::registerURLSchemeAsCORSEnabled):
(WebKit::WebProcessPool::registerURLSchemeAsCanDisplayOnlyIfCanRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230079 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoArrayMode should not try to get the DFG to think it can convert TypedArrays
keith_miller@apple.com [Thu, 29 Mar 2018 19:09:01 +0000 (19:09 +0000)]
ArrayMode should not try to get the DFG to think it can convert TypedArrays
https://bugs.webkit.org/show_bug.cgi?id=184137

Reviewed by Saam Barati.

* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::fromObserved):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoDrop DOMWindow::frames() / DOMWindow::window() methods
cdumez@apple.com [Thu, 29 Mar 2018 16:52:33 +0000 (16:52 +0000)]
Drop DOMWindow::frames() / DOMWindow::window() methods
https://bugs.webkit.org/show_bug.cgi?id=184112

Reviewed by Daniel Bates.

Drop DOMWindow::frames() / DOMWindow::window() methods as they are just aliases for DOMWindow::self().

* page/DOMWindow.h:
* page/DOMWindow.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230077 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoREGRESSION(r229480): ERROR: Unhandled web process message 'WebCookieManager:SetHTTPCo...
bfulgham@apple.com [Thu, 29 Mar 2018 16:28:03 +0000 (16:28 +0000)]
REGRESSION(r229480): ERROR: Unhandled web process message 'WebCookieManager:SetHTTPCookieAcceptPolicy'
https://bugs.webkit.org/show_bug.cgi?id=184124
<rdar://problem/38998971>

Reviewed by Chris Dumez.

Cookie accept policy messages were still being sent to the WebContent process after
I removed cookie access in r229480. The WebContent process no longer recognizes these
messages, and generates logging to that effect.

This patch stops sending these unnecessary messages to the WebContent process. Only the
Network process needs to receive this information.

* UIProcess/WebCookieManagerProxy.cpp:
(WebKit::WebCookieManagerProxy::setHTTPCookieAcceptPolicy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Decouple formatting state and context lifetime.
zalan@apple.com [Thu, 29 Mar 2018 15:38:54 +0000 (15:38 +0000)]
[LayoutReloaded] Decouple formatting state and context lifetime.
https://bugs.webkit.org/show_bug.cgi?id=184136

Reviewed by Antti Koivisto.

FormattingContext is about the layout logic. We don't need to hold on to it.

* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext):
(FloatingContext.prototype.computePosition):
(FloatingContext.prototype._positionForClear):
(FloatingContext.prototype._computePositionToAvoidIntrudingFloats):
(FloatingContext.prototype._addFloatingBox):
(FloatingContext.prototype._formattingContext):
(FloatingContext.prototype._formattingState):
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext):
* LayoutReloaded/FormattingState/BlockFormattingState.js:
(BlockFormattingState):
* LayoutReloaded/FormattingState/FloatingState.js:
(FloatingState):
(FloatingState.prototype.addFloating):
(FloatingState.prototype.formattingState):
(FloatingState.prototype.formattingContext): Deleted.
* LayoutReloaded/FormattingState/FormattingState.js:
(FormattingState):
(FormattingState.prototype.formattingContext): Deleted.
* LayoutReloaded/FormattingState/InlineFormattingState.js:
(InlineFormattingState):
* LayoutReloaded/LayoutState.js:
(LayoutState.prototype.layout):
(LayoutState.prototype.formattingContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230075 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[WPE] Floating point exception in WebEventFactory::createWebWheelEvent
commit-queue@webkit.org [Thu, 29 Mar 2018 15:38:29 +0000 (15:38 +0000)]
[WPE] Floating point exception in WebEventFactory::createWebWheelEvent
https://bugs.webkit.org/show_bug.cgi?id=184037

Patch by Carlos Eduardo Ramalho <cadubentzen@gmail.com> on 2018-03-29
Reviewed by Žan Doberšek.

* Shared/wpe/WebEventFactory.cpp:
(WebKit::WebEventFactory::createWebWheelEvent): Use std::copysign() to avoid division by 0.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230074 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[l10n] [pt_BR] Updated Brazilian Portuguese translation
mcatanzaro@igalia.com [Thu, 29 Mar 2018 15:01:48 +0000 (15:01 +0000)]
[l10n] [pt_BR] Updated Brazilian Portuguese translation
https://bugs.webkit.org/show_bug.cgi?id=184132

Patch by Rafael Fontenelle <rafaelff@gnome.org> on 2018-03-29
Rubber-stamped by Michael Catanzaro.

* pt_BR.po:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230073 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoThe test http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html...
pvollan@apple.com [Thu, 29 Mar 2018 14:47:08 +0000 (14:47 +0000)]
The test http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html is failing on Windows.
https://bugs.webkit.org/show_bug.cgi?id=184134

Unreviewed test gardening.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoThe test transitions/opacity-transition-zindex.html is timing out on Windows.
pvollan@apple.com [Thu, 29 Mar 2018 14:13:48 +0000 (14:13 +0000)]
The test transitions/opacity-transition-zindex.html is timing out on Windows.
https://bugs.webkit.org/show_bug.cgi?id=184133

Unreviewed test gardening.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230071 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoUnreviewed, rolling out r230062.
commit-queue@webkit.org [Thu, 29 Mar 2018 07:34:58 +0000 (07:34 +0000)]
Unreviewed, rolling out r230062.
https://bugs.webkit.org/show_bug.cgi?id=184128

Broke mac port. web content process crashes while loading any
web page (Requested by rniwa on #webkit).

Reverted changeset:

"MSVC __forceinline slows down JSC release build fivefold
after r229391"
https://bugs.webkit.org/show_bug.cgi?id=184062
https://trac.webkit.org/changeset/230062

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230070 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Web Animations] Stop using internals.pauseTransitionAtTimeOnElement() in favor of...
graouts@webkit.org [Thu, 29 Mar 2018 06:49:27 +0000 (06:49 +0000)]
[Web Animations] Stop using internals.pauseTransitionAtTimeOnElement() in favor of Web Animations API for transitions tests
https://bugs.webkit.org/show_bug.cgi?id=184097

Reviewed by Dean Jackson.

Make 55 tests opt into CSS Animations and CSS Transitions as Web Animations. These tests used the internals.pauseTransitionAtTimeOnElement()
method, but this method should be going away since the Web Animations API allows seeking and pausing. To support this, we make
transition-test-helpers.js use the Web Animations API instead of internals.pauseTransitionAtTimeOnElement() if the tests has opted
into CSS Animations and CSS Transitions as Web Animations and we know it's safe to use these APIs.

Overall, 20 of those tests used to fail with the flag on before this change.

* compositing/animation/animated-composited-inside-hidden.html:
* compositing/animation/computed-style-during-delay.html:
* compositing/reflections/nested-reflection-transition.html:
* compositing/transitions/scale-transition-no-start.html:
* compositing/transitions/singular-scale-transition.html:
* css3/calc/transitions-dependent.html:
* css3/calc/transitions.html:
* transitions/background-position-transitions.html:
* transitions/background-transitions.html:
* transitions/blendmode-transitions.html:
* transitions/border-radius-transition.html:
* transitions/clip-path-path-transitions.html:
* transitions/clip-transition.html:
* transitions/color-transition-all.html:
* transitions/color-transition-rounding.html:
* transitions/cross-fade-background-image.html:
* transitions/cubic-bezier-overflow-color.html:
* transitions/cubic-bezier-overflow-shadow.html:
* transitions/cubic-bezier-overflow-transform.html:
* transitions/default-timing-function.html:
* transitions/delay.html:
* transitions/flex-transitions.html:
* transitions/font-family-during-transition.html:
* transitions/frames-timing-function.html:
* transitions/mask-transitions.html:
* transitions/min-max-width-height-transitions.html:
* transitions/mismatched-shadow-styles.html:
* transitions/mismatched-shadow-transitions.html:
* transitions/mixed-type.html:
* transitions/move-after-transition.html:
* transitions/multiple-background-size-transitions.html:
* transitions/multiple-mask-transitions.html:
* transitions/multiple-shadow-transitions.html:
* transitions/negative-delay.html:
* transitions/opacity-transition-zindex.html:
* transitions/resources/transition-test-helpers.js:
* transitions/shape-outside-transitions.html:
* transitions/shorthand-border-transitions.html:
* transitions/shorthand-transitions.html:
* transitions/steps-timing-function.html:
* transitions/svg-layout-transition.html:
* transitions/svg-text-shadow-transition.html:
* transitions/svg-transitions.html:
* transitions/text-indent-transition.html:
* transitions/transform-op-list-match.html:
* transitions/transform-op-list-no-match.html:
* transitions/transition-end-event-rendering.html:
* transitions/transition-hit-test.html:
* transitions/transition-on-element-with-content.html:
* transitions/transition-shorthand-delay.html:
* transitions/transition-timing-function.html:
* transitions/transition-to-from-auto.html:
* transitions/transition-to-from-undefined.html:
* transitions/visited-link-color.html:
* transitions/zero-duration-in-list.html:
* transitions/zero-duration-with-non-zero-delay-start.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230069 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[Web Animations] Implement more CSSPropertyBlendingClient methods
graouts@webkit.org [Thu, 29 Mar 2018 06:48:18 +0000 (06:48 +0000)]
[Web Animations] Implement more CSSPropertyBlendingClient methods
https://bugs.webkit.org/show_bug.cgi?id=184077

Reviewed by Dean Jackson.

LayoutTests/imported/w3c:

Mark progressions for WPT tests.

* web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-expected.txt:
* web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-expected.txt:
* web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-expected.txt:
* web-platform-tests/web-animations/animation-model/keyframe-effects/effect-value-iteration-composite-operation-expected.txt:

Source/WebCore:

We only had stubs for several of the CSSPropertyBlendingClient methods and thus always implied that we
were animating non-matching transform, filter and backdrop-filter properties. We now implement those using
the same code used in KeyframeAnimation. This allows for 31 new tests to opt into the CSS Animations and
CSS Transitions as Web Animations feature.

We also ensure we only run a CSSAnimationController assertion in FrameView::didDestroyRenderTree() if
we're not using the CSS Animations and CSS Transitions as Web Animations feature.

* animation/KeyframeEffectReadOnly.cpp:
(WebCore::KeyframeEffectReadOnly::copyPropertiesFromSource):
(WebCore::KeyframeEffectReadOnly::updateBlendingKeyframes):
(WebCore::KeyframeEffectReadOnly::setBlendingKeyframes):
(WebCore::KeyframeEffectReadOnly::checkForMatchingTransformFunctionLists):
(WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists):
(WebCore::KeyframeEffectReadOnly::checkForMatchingBackdropFilterFunctionLists):
(WebCore::KeyframeEffectReadOnly::computeCSSAnimationBlendingKeyframes):
(WebCore::KeyframeEffectReadOnly::computeCSSTransitionBlendingKeyframes):
* animation/KeyframeEffectReadOnly.h:
* page/FrameView.cpp:
(WebCore::FrameView::didDestroyRenderTree):

LayoutTests:

Make 31 tests opt into the CSS Animations and CSS Transitions as Web Animations feature.

* animations/3d/replace-filling-transform.html:
* animations/additive-transform-animations.html:
* animations/animation-direction-reverse-fill-mode-hardware.html:
* animations/combo-transform-rotate+scale.html:
* animations/simultaneous-start-transform.html:
* compositing/animation/layer-for-filling-animation.html:
* compositing/reflections/animation-inside-reflection.html:
* compositing/reflections/nested-reflection-animated.html:
* css3/filters/backdrop/animation.html:
* css3/filters/composited-during-animation.html:
* css3/filters/filter-animation-from-none-hw.html:
* css3/filters/filter-animation-from-none-multi-hw.html:
* css3/filters/filter-animation-from-none-multi.html:
* css3/filters/filter-animation-from-none.html:
* css3/filters/filter-animation-hw.html:
* css3/filters/filter-animation-multi-hw.html:
* css3/filters/filter-animation-multi.html:
* css3/filters/filter-animation.html:
* css3/masking/clip-path-animation.html:
* fast/filter-image/filter-image-animation.html:
* fast/shapes/shape-outside-floats/shape-outside-animation.html:
* fast/shapes/shape-outside-floats/shape-outside-shape-image-threshold-animation.html:
* fast/shapes/shape-outside-floats/shape-outside-shape-margin-animation.html:
* platform/mac-sierra/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/accumulation-per-property-expected.txt:
* platform/mac-sierra/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-expected.txt:
* platform/mac-sierra/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/interpolation-per-property-expected.txt:
* transitions/clip-path-transitions.html:
* transitions/color-transition-premultiplied.html:
* transitions/cross-fade-border-image.html:
* transitions/cubic-bezier-overflow-length.html:
* transitions/cubic-bezier-overflow-svg-length.html:
* transitions/delay.html:
* transitions/longhand-vs-shorthand-initial.html:
* transitions/multiple-background-transitions.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230068 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Introduce FloatingState.
zalan@apple.com [Thu, 29 Mar 2018 05:21:47 +0000 (05:21 +0000)]
[LayoutReloaded] Introduce FloatingState.
https://bugs.webkit.org/show_bug.cgi?id=184126

Reviewed by Antti Koivisto.

It holds the floating state (left/right floating stack) for a given formatting state (Block or Inline).
(FormattingState -> FloatingState/FormattingContext -> FloatingContext)

* LayoutReloaded/FormattingContext/BlockFormatting/BlockFormattingContext.js:
(BlockFormattingContext):
* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext):
(FloatingContext.prototype.computePosition):
(FloatingContext.prototype.bottom):
(FloatingContext.prototype._positionForFloating):
(FloatingContext.prototype._positionForClear):
(FloatingContext.prototype._findInnerMostLeftAndRight):
(FloatingContext.prototype._isEmpty):
(FloatingContext.prototype._floatingState):
(FloatingContext.prototype._formattingContext):
(FloatingContext.prototype._lastFloating):
(FloatingContext.prototype._leftFloatingStack):
(FloatingContext.prototype._rightFloatingStack):
(FloatingContext.prototype._addFloating): Deleted.
* LayoutReloaded/FormattingContext/FormattingContext.js:
(FormattingContext):
* LayoutReloaded/FormattingContext/InlineFormatting/InlineFormattingContext.js:
(InlineFormattingContext):
* LayoutReloaded/FormattingState/BlockFormattingState.js:
(BlockFormattingState):
* LayoutReloaded/FormattingState/FloatingState.js: Copied from Tools/LayoutReloaded/FormattingState/InlineFormattingState.js.
(FloatingState):
(FloatingState.prototype.addFloating):
(FloatingState.prototype.leftFloatingStack):
(FloatingState.prototype.rightFloatingStack):
(FloatingState.prototype.lastFloating):
(FloatingState.prototype.formattingContext):
* LayoutReloaded/FormattingState/FormattingState.js:
(FormattingState):
(FormattingState.prototype.floatingState):
* LayoutReloaded/FormattingState/InlineFormattingState.js:
(InlineFormattingState):
* LayoutReloaded/test/index.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230067 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoAlign XMLHttpRequest's open() / send() / abort() with the latest specification
cdumez@apple.com [Thu, 29 Mar 2018 04:16:26 +0000 (04:16 +0000)]
Align XMLHttpRequest's open() / send() / abort() with the latest specification
https://bugs.webkit.org/show_bug.cgi?id=184108

Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

* web-platform-tests/XMLHttpRequest/abort-after-send-expected.txt:
* web-platform-tests/XMLHttpRequest/abort-during-open-expected.txt:
* web-platform-tests/XMLHttpRequest/abort-during-open.worker-expected.txt:
* web-platform-tests/XMLHttpRequest/abort-event-abort-expected.txt:
* web-platform-tests/XMLHttpRequest/abort-event-order-expected.txt:
* web-platform-tests/XMLHttpRequest/open-during-abort-event-expected.txt:
* web-platform-tests/XMLHttpRequest/open-during-abort-expected.txt:
* web-platform-tests/XMLHttpRequest/open-send-during-abort-expected.txt:
* web-platform-tests/XMLHttpRequest/security-consideration.sub-expected.txt:
* web-platform-tests/XMLHttpRequest/send-data-unexpected-tostring-expected.txt:
Rebaseline WPT tests that are now passing.

* web-platform-tests/XMLHttpRequest/open-during-abort-processing-expected.txt:
We now fail the test differently. Our results are consistent with Firefox. I believe this
test does not match the specification so I filed:
https://github.com/w3c/web-platform-tests/issues/10217

Source/WebCore:

Align XMLHttpRequest's open() / send() / abort() with the latest specification:
- https://xhr.spec.whatwg.org

No new tests, rebaselined existing layout tests.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open):
Align with https://xhr.spec.whatwg.org/#the-open()-method:
- Change the order of some steps to match the order in the spec. In particular,
  open() no longer resets the state to UNSENT or abort any existing load when it
  fails early due to being passed a bad method.

(WebCore::XMLHttpRequest::createRequest):
Align with https://xhr.spec.whatwg.org/#the-send()-method:
- Use the simpler "upload listener flag" logic from the spec instead of our more
  complex m_uploadEventsAllowed flag. This avoids constructing a SecurityOrigin
  objects on a background thread when XHR is used inside Web Workers, which was
  not thread-safe.
- Set the upload complete flag when the request has no body as per step 9.
- After firing the loadstartEvent, return early if the state is no longer OPEN or
  if the send flag is unset, as per step 11.3.

(WebCore::XMLHttpRequest::abort):
Align with https://xhr.spec.whatwg.org/#the-abort()-method:
- Only set the state to UNSENT if the state is still DONE after firing the error
  events, as per step 3.

(WebCore::XMLHttpRequest::didSendData):
Use new "upload listener flag".

(WebCore::XMLHttpRequest::dispatchErrorEvents):
Align with https://xhr.spec.whatwg.org/#request-error-steps:
- Stop firing a progress event in case of error as this is not as per specification
  and Firefox does not fire those either.

* xml/XMLHttpRequest.h:

LayoutTests:

* http/tests/xmlhttprequest/onloadend-event-after-abort.html:
* http/tests/xmlhttprequest/onloadend-event-after-error.html:
* http/tests/xmlhttprequest/simple-cross-origin-progress-events-expected.txt:
* http/tests/xmlhttprequest/upload-onloadend-event-after-abort.html:
* http/tests/xmlhttprequest/xmlhttprequest-sync-no-progress-events-expected.txt:
Fix tests that expected a progress event before error/abort event. This is not as
per specification and those tests were also failing in Firefox.

* http/tests/xmlhttprequest/readystatechange-and-abort.html:
Fix test that expected abort() to reset state to UNSENT as this is not as per specification.
This test was failing in both Firefox and Chrome.

* http/tests/xmlhttprequest/xmlhttprequest-abort-readyState-shouldNotDispatchEvent.html:
Re-sync test from Blink. The test was wrongly expecting abort() to reset the state to
UNSENT.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230066 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months ago[LayoutReloaded] Convert floating left/right stack display boxes absolute to the...
zalan@apple.com [Thu, 29 Mar 2018 03:27:58 +0000 (03:27 +0000)]
[LayoutReloaded] Convert floating left/right stack display boxes absolute to the formatting context's root.
https://bugs.webkit.org/show_bug.cgi?id=184123

Reviewed by Antti Koivisto.

1. The left/right floating array should hold the Display.Box (and not the Layout.Box)
2. Clone the Display.Box and convert its rect absolute to the formatting context's root so that we
don't have to keep converting the coordinates while computing the positions.

* LayoutReloaded/DisplayTree/Box.js:
(Display.Box.prototype.clone):
(Display.Box.prototype.setRect):
* LayoutReloaded/FormattingContext/FloatingContext.js:
(FloatingContext.prototype.computePosition):
(FloatingContext.prototype._positionForFloating):
(FloatingContext.prototype._addFloating):
(FloatingContext.prototype._moveToNextVerticalPosition):
(FloatingContext.prototype._availableSpace):
(FloatingContext.prototype._findFloatingAtVerticalPosition):
(FloatingContext.prototype._adjustedFloatingPosition):
(FloatingContext.prototype._bottom):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230065 268f45cc-cd09-0410-ab3c-d52691b4dbfc

16 months agoConsolidate NSColor to WebCore::Color conversion and fix system colors.
timothy@apple.com [Thu, 29 Mar 2018 02:39:35 +0000 (02:39 +0000)]
Consolidate NSColor to WebCore::Color conversion and fix system colors.

https://bugs.webkit.org/show_bug.cgi?id=184096
rdar://problem/38918925

Reviewed by Tim Horton.

Source/WebCore:

* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(CreateCGColorIfDifferent): Use CGColor property on NSColor, don't manually create new CGColor.
* platform/graphics/mac/ColorMac.h:
* platform/graphics/mac/ColorMac.mm:
(WebCore::makeRGBAFromNSColor): Move pattern code from RenderThemeMac's convertNSColorToColor.
Also use nextafter for proper RGBA float conversion.
* platform/mac/PlatformPasteboardMac.mm:
(WebCore::PlatformPasteboard::color): Use colorFromNSColor.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::platformActiveSelectionBackgroundColor const): Use colorFromNSColor.
(WebCore::RenderThemeMac::platformInactiveSelectionBackgroundColor const): Ditto.
(WebCore::RenderThemeMac::platformActiveListBoxSelectionBackgroundColor const): Ditto.
(WebCore::RenderThemeMac::systemColor const): Ditto.
(WebCore::paintAttachmentTitleBackground): Ditto.
(WebCore::convertNSColorToColor): Deleted.

LayoutTests:

* fast/css/apple-system-control-colors-expected.txt: Updated with rgba() colors.
* platform/mac/accessibility/content-editable-as-textarea-expected.txt: Updated with color space.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230064 268f45cc-cd09-0410-ab3c-d52691b4dbfc