WebKit-https.git
4 years agosendProcessWillSuspendImminently uses a wrong message flag
dbates@webkit.org [Thu, 10 Sep 2015 20:13:52 +0000 (20:13 +0000)]
sendProcessWillSuspendImminently uses a wrong message flag
https://bugs.webkit.org/show_bug.cgi?id=148995

Reviewed by Alexey Proskuryakov.

Remove use of flag IPC::InterruptWaitingIfSyncMessageArrives as it does not make
sense when sending a sync message.

* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminently):
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::sendProcessWillSuspendImminently):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThere should be one stub hanging off an inline cache that contains code for all of...
fpizlo@apple.com [Thu, 10 Sep 2015 19:49:36 +0000 (19:49 +0000)]
There should be one stub hanging off an inline cache that contains code for all of the cases, rather than forming a linked list consisting of one stub per case
https://bugs.webkit.org/show_bug.cgi?id=148717

Reviewed by Michael Saboff.

Source/JavaScriptCore:

This is a major rewrite of the JSC get/put/in inline caches (ICs), motivated by the need to add
fancy new kinds of inline caches for property type inference (https://webkit.org/b/148610).

Previously, our inline caches had some problems that made them difficult to work with. It was
impossible to change any code that was previously generated by the IC except by blowing the
whole IC away, the ICs scaled poorly if there were many cases, and there was a lot of duplicate
and ad hoc code.

Impossible to regenerate a previously generated stub: Say that some access (o.f = v) causes our
IC code to emit some stub; let's call it stub1. Then later we find that we need to emit a
different stub, stub2, where we think that stub2 might subsume stub1. We say that stub2
subsumes stub1 if failing to execute stub2 to completion means that we are guaranteed to fail
to execute stub1 to completion. This could happen in trunk if stub2 has the same base structure
as stub1 but different prototype conditions. It could happen with property type inference if
stub2 has a looser type check on v than stub1 did. Currently, if this happened, we would emit
stub2 and have its slow path jump to stub1. Hence, we would still end up executing the checks
of stub1 before falling through to the slow path. This gets bad when there are many stubs.
Stub1 might be in front of a bunch of other stubs, so when we add stub2, we will end up
executing both stub2's and stub1's checks before falling through to the other stubs. It would
be better if we could remove stub1 from the list at this point. But since stub1 could be linked
to from a different stub that we had already generated, we'd have to have a way of patching
stubs or regenerating them from scratch. This is currenty impossible because we just don't keep
around enough meta-data to mess with a stub after it's generated. After this change, we never
link new stubs onto a linked list of pre-existing stubs; instead each IC will have one stub
hanging off of it and we always regenerate that one stub from scratch. That one stub contains
either a BinarySwitch or a branch cascade to select one of the AccessCases. Each AccessCase is
an object that describes everything we need to regenerate it in the future. This means that
when we add a new case to an IC stub, we can figure out which previous cases this one subsumes.

Poor scalability when there are many cases: Previously, the cases of a polymorphic inline cache
formed a linked list of branches. This meant that the complexity of an inline cache grew
linearly with the number of cases. This change turns this into a BinarySwitch in most cases,
leading to logarithmic scaling.

Duplicate code between get, put, and in: The code for op_get_by_id, op_put_by_id, and op_in
inline caches grew independently and ended up having a lot of duplicate code. We had the worst
kinds of duplicate code. In some cases, the code was copy-pasted. In other cases, we wrote code
that felt like it was new despite the fact that it was logically identical to code that was
already written elsewhere. The main sources of duplication were in selecting a scratch
register, checking all of the ObjectPropertyConditions and the base structure, the pro forma
involved in generating a stub, and the data structures needed to describe all of the access
cases. This change deduplicates all of that code. Now, all of those ICs use the same classes:
the PolymorphicAccess and AccessCase. There is code in those classes that handles all of the
common things, and for the most part the only code that actually specializes for the kind of
access is in some switch statement in AccessCase::generate().

Special-casing of array length and string length: Previously, array.length and string.length
were handled in an ad hoc manner in the get_by_id repatching code. The handling was separate
from the polymorphic get_by_id handling, which meant that we could not handle polymorphic
length accesses if one of the length cases was either array or string length. For example, if
you had "o.length" where the length was either array length or a vanilla length property, then
the get_by_id inline cache would either emit a monomorphic stub for array length, or a
monomorphic stub for the vanilla length property, but never a polymorphic stub (or list) that
could do both. This change addresses this problem by folding array length and string length
into the polymorphic get_by_id code.

This was meant to be a perf-neutral change to enable property type inference, but it ended up
being a 1% Octane speed-up, mainly because of a 14% speed-up in raytrace. This isn't too
surprising, since that test does use inline caches a lot and this change makes inline caches
more scalable.

This also fixes and adds a test for a BinarySwitch bug. BinarySwitch had an optimization for
consecutive integer cases. Using it on typed array structures triggers this bug. It's a hard
bug to trigger any other way because our other switch optimizations will usually use a jump
table in case of consecutive integers.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodePtr::dumpWithName):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printGetByIdCacheStatus):
(JSC::CodeBlock::printPutByIdCacheStatus):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::getByValInfoMap):
(JSC::CodeBlock::addStubInfo):
(JSC::CodeBlock::findStubInfo):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::stubInfoBegin):
(JSC::CodeBlock::stubInfoEnd):
* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
* bytecode/PolymorphicAccess.cpp: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.cpp.
(JSC::AccessGenerationState::addWatchpoint):
(JSC::AccessGenerationState::restoreScratch):
(JSC::AccessGenerationState::succeed):
(JSC::AccessCase::AccessCase):
(JSC::AccessCase::get):
(JSC::AccessCase::replace):
(JSC::AccessCase::transition):
(JSC::AccessCase::setter):
(JSC::AccessCase::in):
(JSC::AccessCase::getLength):
(JSC::AccessCase::~AccessCase):
(JSC::AccessCase::fromStructureStubInfo):
(JSC::AccessCase::clone):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::alternateBase):
(JSC::AccessCase::canReplace):
(JSC::AccessCase::dump):
(JSC::AccessCase::visitWeak):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerateWithCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::~GetByIdAccess): Deleted.
(JSC::GetByIdAccess::fromStructureStubInfo): Deleted.
(JSC::GetByIdAccess::visitWeak): Deleted.
(JSC::PolymorphicGetByIdList::PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::from): Deleted.
(JSC::PolymorphicGetByIdList::~PolymorphicGetByIdList): Deleted.
(JSC::PolymorphicGetByIdList::currentSlowPathTarget): Deleted.
(JSC::PolymorphicGetByIdList::addAccess): Deleted.
(JSC::PolymorphicGetByIdList::isFull): Deleted.
(JSC::PolymorphicGetByIdList::isAlmostFull): Deleted.
(JSC::PolymorphicGetByIdList::didSelfPatching): Deleted.
(JSC::PolymorphicGetByIdList::visitWeak): Deleted.
* bytecode/PolymorphicAccess.h: Copied from Source/JavaScriptCore/bytecode/PolymorphicGetByIdList.h.
(JSC::AccessCase::isGet):
(JSC::AccessCase::isPut):
(JSC::AccessCase::isIn):
(JSC::AccessCase::type):
(JSC::AccessCase::offset):
(JSC::AccessCase::viaProxy):
(JSC::AccessCase::structure):
(JSC::AccessCase::newStructure):
(JSC::AccessCase::conditionSet):
(JSC::AccessCase::additionalSet):
(JSC::AccessCase::customSlotBase):
(JSC::AccessCase::doesCalls):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessCase::RareData::RareData):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):
(JSC::PolymorphicAccess::operator[]):
(JSC::GetByIdAccess::GetByIdAccess): Deleted.
(JSC::GetByIdAccess::isSet): Deleted.
(JSC::GetByIdAccess::operator!): Deleted.
(JSC::GetByIdAccess::type): Deleted.
(JSC::GetByIdAccess::structure): Deleted.
(JSC::GetByIdAccess::conditionSet): Deleted.
(JSC::GetByIdAccess::stubRoutine): Deleted.
(JSC::GetByIdAccess::doesCalls): Deleted.
(JSC::PolymorphicGetByIdList::isEmpty): Deleted.
(JSC::PolymorphicGetByIdList::size): Deleted.
(JSC::PolymorphicGetByIdList::at): Deleted.
(JSC::PolymorphicGetByIdList::operator[]): Deleted.
* bytecode/PolymorphicAccessStructureList.h: Removed.
* bytecode/PolymorphicGetByIdList.cpp: Removed.
* bytecode/PolymorphicGetByIdList.h: Removed.
* bytecode/PolymorphicPutByIdList.cpp: Removed.
* bytecode/PolymorphicPutByIdList.h: Removed.
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
* bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):
* bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initPutByIdReplace):
(JSC::StructureStubInfo::initStub):
(JSC::StructureStubInfo::setSeen):
(JSC::getStructureStubInfoCodeOrigin):
(JSC::isGetByIdAccess): Deleted.
(JSC::isPutByIdAccess): Deleted.
(JSC::isInAccess): Deleted.
(JSC::StructureStubInfo::initGetByIdList): Deleted.
(JSC::StructureStubInfo::initPutByIdTransition): Deleted.
(JSC::StructureStubInfo::initPutByIdList): Deleted.
(JSC::StructureStubInfo::initInList): Deleted.
(JSC::StructureStubInfo::addWatchpoint): Deleted.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateDataSection):
* jit/AccessorCallJITStubRoutine.cpp: Removed.
* jit/AccessorCallJITStubRoutine.h: Removed.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::branchIfEmpty):
(JSC::AssemblyHelpers::branchStructure):
(JSC::AssemblyHelpers::boxBooleanPayload):
(JSC::AssemblyHelpers::boxBoolean):
(JSC::AssemblyHelpers::boxInt32):
* jit/BinarySwitch.cpp:
(JSC::BinarySwitch::BinarySwitch):
(JSC::BinarySwitch::build):
(JSC::BinarySwitch::Case::dump):
(JSC::BinarySwitch::BranchCode::dump):
* jit/BinarySwitch.h:
(JSC::BinarySwitch::Case::operator<):
(JSC::BinarySwitch::BranchCode::BranchCode):
* jit/JIT.h:
* jit/JITInlineCacheGenerator.cpp:
(JSC::garbageStubInfo):
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
(JSC::JITInlineCacheGenerator::stubInfo):
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITByIdGenerator::reportSlowPathCall):
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::repatchCall):
(JSC::repatchByIdSelfAccess):
(JSC::resetGetByIDCheckAndLoad):
(JSC::resetPutByIDCheckAndLoad):
(JSC::replaceWithJump):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::appropriateGenericPutByIdFunction):
(JSC::appropriateOptimizingPutByIdFunction):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):
(JSC::resetGetByID):
(JSC::resetPutByID):
(JSC::checkObjectPropertyCondition): Deleted.
(JSC::checkObjectPropertyConditions): Deleted.
(JSC::emitRestoreScratch): Deleted.
(JSC::linkRestoreScratch): Deleted.
(JSC::toString): Deleted.
(JSC::kindFor): Deleted.
(JSC::customFor): Deleted.
(JSC::generateByIdStub): Deleted.
(JSC::patchJumpToGetByIdStub): Deleted.
(JSC::tryBuildGetByIDList): Deleted.
(JSC::buildGetByIDList): Deleted.
(JSC::appropriateListBuildingPutByIdFunction): Deleted.
(JSC::emitPutReplaceStub): Deleted.
(JSC::emitPutTransitionStub): Deleted.
(JSC::tryBuildPutByIdList): Deleted.
(JSC::buildPutByIdList): Deleted.
* jit/ScratchRegisterAllocator.cpp:
(JSC::ScratchRegisterAllocator::lock):
(JSC::ScratchRegisterAllocator::allocateScratch):
* jit/ScratchRegisterAllocator.h:
(JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionQuit):
(functionAbort):
(functionFalse1):
(functionFalse2):
* runtime/Options.h:
* tests/stress/array-message-passing.js: Added.
(window.addEventListener):
(window.postMessage):
(window._handleEvents):
(testPassed):
(testFailed):
(classCompare):
(bufferCompare):
(viewCompare):
(typedArrayCompare):
(dataViewCompare):
(dataViewCompare2):
(dataViewCompare3):
(createBuffer):
(createTypedArray):
(createTypedArrayOverBuffer):
(new.DataView):
(testList.testList.concat.basicBufferTypes.map):
(doneTest):

Source/WTF:

Beef up dumping a bit.

* wtf/PrintStream.h:
(WTF::pointerDump):
(WTF::printInternal):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189586 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCodeBlock::codeType() doesn't need to compute anything
ggaren@apple.com [Thu, 10 Sep 2015 19:36:42 +0000 (19:36 +0000)]
CodeBlock::codeType() doesn't need to compute anything
https://bugs.webkit.org/show_bug.cgi?id=149039

Reviewed by Michael Saboff.

CodeBlock already has an m_codeType data member.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::codeType):
(JSC::CodeBlock::putByIdContext):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189585 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement global variables in WebAssembly
commit-queue@webkit.org [Thu, 10 Sep 2015 19:34:40 +0000 (19:34 +0000)]
Implement global variables in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149031

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch implements global variables in WebAssembly. There are two
types of global variables in the current format that we use (the format
used by <https://github.com/WebAssembly/polyfill-prototype-1>): internal
global variables and imported global variables. This patch does not yet
import values for imported global variables. It will be done in a
subsequent patch.

* tests/stress/wasm-globals.js: Added.
(shouldBe):
* tests/stress/wasm/globals.wasm: Added.
* wasm/JSWASMModule.h:
(JSC::JSWASMModule::globalVariables):
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildSetGlobal):
(JSC::WASMFunctionCompiler::buildGetGlobal):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseSetGlobalStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildSetGlobal):
(JSC::WASMFunctionSyntaxChecker::buildGetGlobal):
* wasm/WASMModuleParser.cpp:
(JSC::WASMModuleParser::parseGlobalSection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189584 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoConsider long module path name case in Windows
utatane.tea@gmail.com [Thu, 10 Sep 2015 19:19:15 +0000 (19:19 +0000)]
Consider long module path name case in Windows
https://bugs.webkit.org/show_bug.cgi?id=148917

Reviewed by Alex Christensen.

The local file system module loader in the JSC shell manages the module files by the absolute path.
However, in Windows, _MAX_PATH is defined as 260. So if the path like the current working directory or the path to the module is long,
it will be truncated by the API and it fail to open the file.
In JSC tests in Apple Windows buildbot, since the current working directory is long enough, the tests failed.

This patch introduces the following 3 tweaks.

1. When retrieving the current working path, we use GetCurrentDirectoryW instead of _getcwd.
   GetCurrentDirectoryW allows the long path while _getcwd automatically truncate the result by the _MAX_PATH.

2. Before opening the module file, we prepend "\\?\" to the path. It converts the local file path to the long UNC path
   which allows longer path names.

3. Since Windows ASCII API accepts the characters in the current code page, we use the Unicode APIs like _wfopen instead.

And enable the once disabled module tests in Windows.

Since this functionality is the part of the JSC shell to run the module tests, it is now implemented in jsc.cpp.

* jsc.cpp:
(stringFromUTF):
(jscSource):
(extractDirectoryName):
(currentWorkingDirectory):
(convertShebangToJSComment):
(fillBufferWithContentsOfFile):
(fetchScriptFromLocalFileSystem):
(fetchModuleFromLocalFileSystem):
(GlobalObject::moduleLoaderFetch):
(functionRun):
(functionLoad):
(functionReadFile):
(functionCheckSyntax):
(functionLoadModule):
(runWithScripts):
(runInteractive):
* tests/modules.yaml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189583 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoConvert arguments to WebAssembly functions to the declared types
commit-queue@webkit.org [Thu, 10 Sep 2015 19:01:47 +0000 (19:01 +0000)]
Convert arguments to WebAssembly functions to the declared types
https://bugs.webkit.org/show_bug.cgi?id=149033

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-10
Reviewed by Geoffrey Garen.

This patch checks the types of arguments to WebAssembly functions and
converts them to the declared types. This is necessary because:
- For example, if a function expects an argument of type double and we
  pass 1.0 to it, it will get a JSValue of an integer, not a double.
- We should follow asm.js's behavior for now, because we want to be able
  to test WebAssembly apps against asm.js apps. asm.js does type
  coercion on arguments by using int|0, Math.fround(float), and +double.

* jit/JITOperations.h:
* tests/stress/wasm-type-conversion.js: Added.
(shouldBe):
(two.valueOf):
* tests/stress/wasm/type-conversion.wasm: Added.
* wasm/WASMFunctionCompiler.h:
(JSC::operationConvertJSValueToInt32):
(JSC::operationConvertJSValueToDouble):
(JSC::WASMFunctionCompiler::startFunction):
(JSC::WASMFunctionCompiler::appendCallSetResult):
(JSC::WASMFunctionCompiler::callOperation):
(JSC::WASMFunctionCompiler::loadValueAndConvertToInt32):
(JSC::WASMFunctionCompiler::loadValueAndConvertToDouble):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189582 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
commit-queue@webkit.org [Thu, 10 Sep 2015 18:57:01 +0000 (18:57 +0000)]
[WebGL][GLES] bad shaders should not be linked not only for GL but also for GL ES
https://bugs.webkit.org/show_bug.cgi?id=148794

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

Checking bad shaders, precision matching and varyings packing are all valid for GL ES too.

Test: webgl/1.0.2/conformance/programs/program-test.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::linkProgram):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189581 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStatic variables in GraphicsContext3DOpenGLCommon should be avoided because of the...
commit-queue@webkit.org [Thu, 10 Sep 2015 18:47:56 +0000 (18:47 +0000)]
Static variables in GraphicsContext3DOpenGLCommon should be avoided because of the race condition
https://bugs.webkit.org/show_bug.cgi?id=148957

Patch by Jinyoung Hur <hur.ims@navercorp.com> on 2015-09-10
Reviewed by Dean Jackson.

There is no guarantee that only one thread calls GraphicsContext3D::compileShader() at a time so it would be
better to use a thread local storage variable rather than use a static variable.

No new tests. No behavioural changes.

* platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
(WebCore::getCurrentNameHashMapForShader):
(WebCore::setCurrentNameHashMapForShader):
(WebCore::nameHashForShader):
(WebCore::GraphicsContext3D::compileShader):
(WebCore::GraphicsContext3D::mappedSymbolName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189580 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate windows platform expected results for bug 148810.
dewei_zhu@apple.com [Thu, 10 Sep 2015 18:15:45 +0000 (18:15 +0000)]
Update windows platform expected results for bug 148810.
https://bugs.webkit.org/show_bug.cgi?id=149038

Reviewed by Alexey Proskuryakov.

* platform/win/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189579 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix after r189572.
joepeck@webkit.org [Thu, 10 Sep 2015 18:08:23 +0000 (18:08 +0000)]
Unreviewed build fix after r189572.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
Remove the const on the now static methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189578 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoJSInternalPromiseDeferred should inherit JSPromiseDeferred
utatane.tea@gmail.com [Thu, 10 Sep 2015 18:04:58 +0000 (18:04 +0000)]
JSInternalPromiseDeferred should inherit JSPromiseDeferred
https://bugs.webkit.org/show_bug.cgi?id=149027

Reviewed by Darin Adler.

JSInternalPromiseDeferred is constructed by using JSPromiseDeferred implementation.
So the class info of JSInternalPromiseDeferred should inherit JSPromiseDeferred.

* runtime/JSInternalPromiseDeferred.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189577 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoNode.appendChild(null) / replaceChild(null, null) / removeChild(null) / insertBefore...
cdumez@apple.com [Thu, 10 Sep 2015 18:02:15 +0000 (18:02 +0000)]
Node.appendChild(null) / replaceChild(null, null) / removeChild(null) / insertBefore(null, ref) should throw a TypeError
https://bugs.webkit.org/show_bug.cgi?id=148971
<rdar://problem/22560883>
<rdar://problem/22559225>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/dom/nodes/Node-appendChild-expected.txt:
* web-platform-tests/dom/nodes/Node-insertBefore-expected.txt:
* web-platform-tests/dom/nodes/Node-removeChild-expected.txt:
* web-platform-tests/dom/nodes/Node-replaceChild-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Node.appendChild(null) / replaceChild(null, null) / removeChild(null)
and insertBefore(null, ref) should throw a TypeError instead of a
NotFoundError, as per the specification:
https://dom.spec.whatwg.org/#node

The parameters are not nullable so the Web IDL specification says
we should throw a TypeError in this case.

This patch moves the null-checking from ContainerNode to the methods
on Node. The null-checking is supposed to be done by the bindings code
but our generator currently does not support this so we do the null
checking as close to the bindings as possible. The bindings code is
calling the methods on Node. This also makes sure we throw a TypeError
for null-argument when the Node is not a ContainerNode. For e.g.
Text.appendChild(null) should throw a TypeError too.

The methods on ContainerNode now take references insteaad of pointer
parameters now that the null-checking is done at the call site in
Node. This lead to a lot of code update as those methods are used
a lot throughout the code base.

No new tests, already covered by pre-existing layout tests.

Source/WebKit/mac:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call site.

* WebView/WebFrame.mm:
(-[WebFrame _documentFragmentWithNodesAsParagraphs:]):

Source/WebKit2:

ContainerNode::appendChild() now takes a Ref<Node>&& parameter so we
need to update the call sites.

* WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::PDFPlugin):
* WebProcess/Plugins/PDF/PDFPluginAnnotation.mm:
(WebKit::PDFPluginAnnotation::attach):
(WebKit::PDFPluginAnnotation::~PDFPluginAnnotation):
* WebProcess/Plugins/PDF/PDFPluginChoiceAnnotation.mm:
(WebKit::PDFPluginChoiceAnnotation::createAnnotationElement):

LayoutTests:

Update / rebaseline tests now that we throw a different exception type.

* fast/dom/Document/replaceChild-null-oldChild-expected.txt:
* fast/dom/Document/script-tests/replaceChild-null-oldChild.js:
* fast/dom/Node/fragment-mutation-expected.txt:
* fast/dom/Node/fragment-mutation.html:
* fast/dom/incompatible-operations-expected.txt:
* fast/dom/incompatible-operations.html:
* fast/dom/move-nodes-across-documents.html:
* fast/dom/processing-instruction-appendChild-exceptions-expected.txt:
* fast/dom/processing-instruction-appendChild-exceptions.xhtml:
* fast/dom/setter-type-enforcement-expected.txt:
* fast/dom/timer-clear-interval-in-handler-and-generate-error-expected.txt:
* fast/inspector-support/uncaught-dom8-exception.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189576 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd support for Callee-Saves registers
msaboff@apple.com [Thu, 10 Sep 2015 17:47:16 +0000 (17:47 +0000)]
Add support for Callee-Saves registers
https://bugs.webkit.org/show_bug.cgi?id=148666

Reviewed by Filip Pizlo.

We save platform callee save registers right below the call frame header,
in the location(s) starting with VirtualRegister 0.  This local space is
allocated in the bytecode compiler.  This space is the maximum space
needed for the callee registers that the LLInt and baseline JIT use,
rounded up to a stack aligned number of VirtualRegisters.
The LLInt explicitly saves and restores the registers in the macros
preserveCalleeSavesUsedByLLInt and restoreCalleeSavesUsedByLLInt.
The JITs saves and restores callee saves registers by what registers
are included in m_calleeSaveRegisters in the code block.

Added handling of callee save register restoration to exception handling.
The basic flow is when an exception is thrown or one is recognized to
have been generated in C++ code, we save the current state of all
callee save registers to VM::calleeSaveRegistersBuffer.  As we unwind
looking for the corresponding catch, we copy the callee saves from call
frames to the same VM::calleeSaveRegistersBuffer.  This is done for all
call frames on the stack up to but not including the call frame that has
the corresponding catch block.  When we process the catch, we restore
the callee save registers with the contents of VM::calleeSaveRegistersBuffer.
If there isn't a catch, then handleUncaughtException will restore callee
saves before it returns back to the calling C++.

Eliminated callee saves registers as free registers for various thunk
generators as the callee saves may not have been saved by the function
calling the thunk.

Added code to transition callee saves from one VM's format to the another
as part of OSR entry and OSR exit.

Cleaned up the static RegisterSet's including adding one for LLInt and
baseline JIT callee saves and one to be used to allocate local registers
not including the callee saves or other special registers.

Moved ftl/FTLRegisterAtOffset.{cpp,h} to jit/RegisterAtOffset.{cpp,h}.
Factored out the vector of RegisterAtOffsets in ftl/FTLUnwindInfo.{cpp,h}
into a new class in jit/RegisterAtOffsetList.{cpp,h}.
Eliminted UnwindInfo and changed UnwindInfo::parse() into a standalone
function named parseUnwindInfo.  That standalone function now returns
the callee saves RegisterAtOffsetList.  This is stored in the CodeBlock
and used instead of UnwindInfo.

Turned off register preservation thunks for outgoing calls from FTL
generated code.  THey'll be removed in a subsequent patch.

Changed specialized thinks to save and restore the contents of
tagTypeNumberRegister and tagMaskRegister as they can be called by FTL
compiled functions.  We materialize those tag registers for the thunk's
use and then restore the prior contents on function exit.

Also removed the arity check fail return thunk since it is now the
caller's responsibility to restore the stack pointer.

Removed saving of callee save registers and materialization of special
tag registers for 64 bit platforms from vmEntryToJavaScript and
vmEntryToNative.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* ftl/FTLJITCode.h:
* ftl/FTLRegisterAtOffset.cpp: Removed.
* ftl/FTLRegisterAtOffset.h: Removed.
* ftl/FTLUnwindInfo.cpp:
(JSC::FTL::parseUnwindInfo):
(JSC::FTL::UnwindInfo::UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::~UnwindInfo): Deleted.
(JSC::FTL::UnwindInfo::parse): Deleted.
(JSC::FTL::UnwindInfo::dump): Deleted.
(JSC::FTL::UnwindInfo::find): Deleted.
(JSC::FTL::UnwindInfo::indexOf): Deleted.
* ftl/FTLUnwindInfo.h:
(JSC::RegisterAtOffset::dump):
* jit/RegisterAtOffset.cpp: Added.
* jit/RegisterAtOffset.h: Added.
(JSC::RegisterAtOffset::RegisterAtOffset):
(JSC::RegisterAtOffset::operator!):
(JSC::RegisterAtOffset::reg):
(JSC::RegisterAtOffset::offset):
(JSC::RegisterAtOffset::offsetAsIndex):
(JSC::RegisterAtOffset::operator==):
(JSC::RegisterAtOffset::operator<):
(JSC::RegisterAtOffset::getReg):
* jit/RegisterAtOffsetList.cpp: Added.
(JSC::RegisterAtOffsetList::RegisterAtOffsetList):
(JSC::RegisterAtOffsetList::sort):
(JSC::RegisterAtOffsetList::dump):
(JSC::RegisterAtOffsetList::find):
(JSC::RegisterAtOffsetList::indexOf):
* jit/RegisterAtOffsetList.h: Added.
(JSC::RegisterAtOffsetList::clear):
(JSC::RegisterAtOffsetList::size):
(JSC::RegisterAtOffsetList::at):
(JSC::RegisterAtOffsetList::append):
Move and refactored use of FTLRegisterAtOffset to RegisterAtOffset.
Added RegisterAtOffset and RegisterAtOffsetList to build configurations.
Remove FTLRegisterAtOffset files.

* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::setUpCallFromFTL):
Turned off FTL register preservation thunks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::setCalleeSaveRegisters):
(JSC::roundCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::calleeSaveSpaceAsVirtualRegisters):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfLLIntBaselineCalleeSaveRegisters):
(JSC::CodeBlock::calleeSaveRegisters):
(JSC::CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::numberOfDFGCompiles):
Methods to manage a set of callee save registers.  Also to allocate the appropriate
number of VirtualRegisters for callee saves.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::allocateCalleeSaveSpace):
* bytecompiler/BytecodeGenerator.h:
Allocate the appropriate number of VirtualRegisters for callee saves needed by LLInt or baseline JIT.

* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compileExceptionHandlers):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler.h:
* interpreter/Interpreter.cpp:
(JSC::UnwindFunctor::operator()):
(JSC::UnwindFunctor::copyCalleeSavesToVMCalleeSavesBuffer):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::usedRegisters):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):
(JSC::FTL::compile):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* ftl/FTLThunks.cpp:
(JSC::FTL::osrExitGenerationThunkGenerator):
* jit/ArityCheckFailReturnThunks.cpp: Removed.
* jit/ArityCheckFailReturnThunks.h: Removed.
* jit/JIT.cpp:
(JSC::JIT::emitEnterOptimizationCheck):
(JSC::JIT::privateCompile):
(JSC::JIT::privateCompileExceptionHandlers):
* jit/JITCall32_64.cpp:
(JSC::JIT::emit_op_ret):
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITExceptions.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_ret):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_loop_hint):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_end):
(JSC::JIT::emit_op_throw):
(JSC::JIT::emit_op_catch):
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::generateByIdStub):
* jit/ThunkGenerators.cpp:
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
(JSC::throwExceptionFromCallSlowPathGenerator):
(JSC::arityFixupGenerator):
* runtime/CommonSlowPaths.cpp:
(JSC::setupArityCheckData):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
Emit code to save and restore callee save registers and materialize tagTypeNumberRegister
and tagMaskRegister.
Handle callee saves when tiering up.
Copy callee saves register contents to VM::calleeSaveRegistersBuffer at beginning of
exception processing.
Process callee save registers in frames when unwinding from an exception.
Restore callee saves register contents from VM::calleeSaveRegistersBuffer on catch.
Use appropriate register set to make sure we don't allocate a callee save register when
compiling a thunk.
Helper to populate tagTypeNumberRegister and tagMaskRegister with the appropriate
constants.
Removed arity fixup return thunks.

* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
Restore callee saves from the DFG and save the appropriate ones for the baseline JIT.
Materialize the tag registers on 64 bit platforms.

* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitSaveCalleeSavesFor):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
(JSC::AssemblyHelpers::emitSaveCalleeSaves):
(JSC::AssemblyHelpers::emitRestoreCalleeSaves):
(JSC::AssemblyHelpers::copyCalleeSavesToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::restoreCalleeSavesFromVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::copyCalleeSavesFromFrameOrRegisterToVMCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitMaterializeTagCheckRegisters):
New helpers to save and restore callee saves as well as materialize the tag registers
contents.

* jit/FPRInfo.h:
* jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
Updated to include FP callee save registers.  Added number of callee saves registers and
cleanup register aliases that collide with callee save registers.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitGetByValWithCachedId):
(JSC::JIT::emitPutByValWithCachedId):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
Uses new stubUnavailableRegisters register set to limit what registers are available for
temporaries.

* jit/RegisterSet.cpp:
(JSC::RegisterSet::stubUnavailableRegisters):
(JSC::RegisterSet::calleeSaveRegisters):
(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):
(JSC::RegisterSet::ftlCalleeSaveRegisters):
* jit/RegisterSet.h:
New register sets with the callee saves used by various tiers as well as one listing registers
not availble to stub code.

* jit/SpecializedThunkJIT.h:
(JSC::SpecializedThunkJIT::SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::loadDoubleArgument):
(JSC::SpecializedThunkJIT::returnJSValue):
(JSC::SpecializedThunkJIT::returnDouble):
(JSC::SpecializedThunkJIT::returnInt32):
(JSC::SpecializedThunkJIT::returnJSCell):
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
(JSC::SpecializedThunkJIT::emitSaveThenMaterializeTagRegisters):
(JSC::SpecializedThunkJIT::emitRestoreSavedTagRegisters):
(JSC::SpecializedThunkJIT::tagReturnAsInt32):
* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
Changed to save and restore existing tag register contents as the may contain other values.
After saving the existing values, we materialize the tag constants.

* jit/TempRegisterSet.h:
(JSC::TempRegisterSet::getFPRByIndex):
(JSC::TempRegisterSet::getFreeFPR):
(JSC::TempRegisterSet::setByIndex):
* offlineasm/arm64.rb:
* offlineasm/registers.rb:
Added methods for floating point registers to support callee save FP registers.

* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_mod):
Removed unnecessary #if CPU(X86_64) check to this 32 bit only file.

* offlineasm/x86.rb:
Fixed Windows callee saves naming.

* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::calleeSaveRegistersBufferOffset):
(JSC::VM::getAllCalleeSaveRegistersMap):
Provide a RegisterSaveMap that has all registers that might be saved.  Added a callee save buffer to be
used for OSR exit and for exception processing in a future patch.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189575 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Teach run-webkit-tests how to parse simulator runtimes when version numbers...
aestes@apple.com [Thu, 10 Sep 2015 17:30:20 +0000 (17:30 +0000)]
[iOS] Teach run-webkit-tests how to parse simulator runtimes when version numbers contain a revision
https://bugs.webkit.org/show_bug.cgi?id=149022

Reviewed by Daniel Bates.

Simulator runtime versions can contain a revision number (e.g. 8.4.1), but the regex for matching runtimes
did not account for this.

* Scripts/webkitpy/xcode/simulator.py:
(Simulator): Optionally matched a revision at the end of a runtime version number.
* Scripts/webkitpy/xcode/simulator_unittest.py: Added a test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189573 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Make WebInspectorProxy inspectorURL path methods static
commit-queue@webkit.org [Thu, 10 Sep 2015 17:27:46 +0000 (17:27 +0000)]
Web Inspector: Make WebInspectorProxy inspectorURL path methods static
https://bugs.webkit.org/show_bug.cgi?id=149021

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-10
Reviewed by Brian Burg.

* UIProcess/WebInspectorProxy.cpp:
(WebKit::WebInspectorProxy::didRelaunchInspectorPageProcess):
(WebKit::isMainOrTestInspectorPage):
(WebKit::decidePolicyForNavigationAction):
(WebKit::WebInspectorProxy::eagerlyCreateInspectorPage):
(WebKit::WebInspectorProxy::createInspectorPage):
* UIProcess/WebInspectorProxy.h:
* UIProcess/efl/WebInspectorProxyEfl.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
* UIProcess/gtk/WebInspectorProxyGtk.cpp:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::inspectorPageURL):
(WebKit::WebInspectorProxy::inspectorTestPageURL):
(WebKit::WebInspectorProxy::inspectorBaseURL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189572 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoModuleProgramExecutable should provide CodeBlock to ScriptExecutable::forEachCodeBlock
utatane.tea@gmail.com [Thu, 10 Sep 2015 17:11:35 +0000 (17:11 +0000)]
ModuleProgramExecutable should provide CodeBlock to ScriptExecutable::forEachCodeBlock
https://bugs.webkit.org/show_bug.cgi?id=149028

Reviewed by Michael Saboff.

ModuleProgramExecutable should provide CodeBlock since ModuleProgramExecutable inherits
ScriptExecutable.

* bytecode/CodeBlock.h:
(JSC::ScriptExecutable::forEachCodeBlock):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189571 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Teach run-webkit-tests how to parse `simctl list` when a tvOS SDK is installed
aestes@apple.com [Thu, 10 Sep 2015 17:08:07 +0000 (17:08 +0000)]
[iOS] Teach run-webkit-tests how to parse `simctl list` when a tvOS SDK is installed
https://bugs.webkit.org/show_bug.cgi?id=149029
<rdar://problem/22432624>

Reviewed by Daniel Bates.

* Scripts/webkitpy/xcode/simulator.py:
(Simulator): Taught to parse tvOS runtimes.
* Scripts/webkitpy/xcode/simulator_unittest.py: Added tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189570 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark some more W3C IDB tests as flaky.
beidson@apple.com [Thu, 10 Sep 2015 16:26:44 +0000 (16:26 +0000)]
Mark some more W3C IDB tests as flaky.
https://bugs.webkit.org/show_bug.cgi?id=148713

Reviewed by NOBODY.

* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189569 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWrite a test to ensure we don't regress processing of tasks when page defers loading
dbates@webkit.org [Thu, 10 Sep 2015 15:50:58 +0000 (15:50 +0000)]
Write a test to ensure we don't regress processing of tasks when page defers loading
https://bugs.webkit.org/show_bug.cgi?id=135882
<rdar://problem/22550497>

Reviewed by Darin Adler.

Source/WebCore:

Towards adding a test for <https://bugs.webkit.org/show_bug.cgi?id=135688>, add a window.internals
function, setPageDefersLoading, to enable and disable whether the page defers loading.

Test: storage/websql/success-callback-when-page-defers-loading.html

* testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState): Reset defers loading for the page to false.
(WebCore::Internals::setPageDefersLoading): Added.
* testing/Internals.h:
* testing/Internals.idl: Added IDL declaration setPageDefersLoading.

LayoutTests:

Add a test to ensure we do not regress <https://bugs.webkit.org/show_bug.cgi?id=135688>.

* storage/websql/success-callback-when-page-defers-loading-expected.txt: Added.
* storage/websql/success-callback-when-page-defers-loading.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189568 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agomin-width/height should default to auto for flexbox items
svillar@igalia.com [Thu, 10 Sep 2015 11:58:24 +0000 (11:58 +0000)]
min-width/height should default to auto for flexbox items
https://bugs.webkit.org/show_bug.cgi?id=146020

Reviewed by David Hyatt.

Based on Blink's r193665, r194062, r194887 and r195930 by <cbiesinger@chromium.org>.

Source/WebCore:

As specified here
http://dev.w3.org/csswg/css-flexbox/#min-size-auto the default
value of min-{width|height} is auto for flex items.

In case this patch breaks any website (as it's changing the
default value of those properties) the fix is likely to add:

min-width: 0;
min-height: 0;

to any relevant flexitems.

Test: css3/flexbox/min-size-auto.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::isFlexOrGrid): New helper method to identify grids and flexs.
(WebCore::ComputedStyleExtractor::propertyValue): Return auto
for flex items if min-width/height is auto.
* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):
* html/shadow/SliderThumbElement.cpp:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::constrainLogicalHeightByMinMax):
(WebCore::RenderBox::constrainContentBoxLogicalHeightByMinMax):
(WebCore::RenderBox::computeLogicalWidthInRegionUsing):
(WebCore::RenderBox::computeLogicalHeight):
(WebCore::RenderBox::computeLogicalHeightUsing):
(WebCore::RenderBox::computeContentLogicalHeight):
(WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
(WebCore::RenderBox::computeReplacedLogicalWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthUsing):
(WebCore::RenderBox::computeReplacedLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::RenderBox::availableLogicalHeightUsing):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalWidthUsing):
(WebCore::RenderBox::computePositionedLogicalHeight):
(WebCore::RenderBox::computePositionedLogicalHeightUsing):
* rendering/RenderBox.h:
* rendering/RenderButton.h:
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
* rendering/RenderFlexibleBox.h:
(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):
* rendering/RenderFullScreen.h:
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):
* rendering/RenderMediaControlElements.h:
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::adjustInnerStyle): Do not longer set
the min-width explicitly.
* rendering/RenderMenuList.h:
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):
* rendering/RenderSlider.h:
* rendering/RenderTextControl.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Do not longer set
the min-width explicitly.
* rendering/mathml/RenderMathMLBlock.h:
* rendering/style/RenderStyle.h:

LayoutTests:

* TestExpectations: Removed passing flexbox tests.
* css3/flexbox/csswg/flex-flow-007.html: Added min-height: 0px.
* css3/flexbox/flexbox-baseline.html: Ditto.
* css3/flexbox/min-size-auto-expected.txt: Added.
* css3/flexbox/min-size-auto.html: Added.
* css3/flexbox/preferred-widths-orthogonal.html: Added min-height: 0px.
* fast/css/auto-min-size-expected.txt: Check default computed
styles for min-width/height for flex items.
* fast/css/auto-min-size.html: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189567 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Volume bar is broken
changseok.oh@collabora.com [Thu, 10 Sep 2015 09:10:11 +0000 (09:10 +0000)]
[GTK] Volume bar is broken
https://bugs.webkit.org/show_bug.cgi?id=145639

Reviewed by Philippe Normand.

Source/WebCore:

The ControlPart enum values' order has mismatched the one of values in CSSValueKeywords.in
after r180965. The MediaVolumeSliderPart should be prior to the MediaVolumeSliderContainerpart.

Tests: media/click-volume-bar-not-pausing.html
       media/volume-bar-empty-when-muted.html

* platform/ThemeTypes.h:

LayoutTests:

Unblock relevant tests. media/click-volume-bar-not-pausing.html, media/volume-bar-empty-when-muted.html

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189566 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove all uses of PassRefPtr in WebCore/svg
gyuyoung.kim@webkit.org [Thu, 10 Sep 2015 02:16:22 +0000 (02:16 +0000)]
Remove all uses of PassRefPtr in WebCore/svg
https://bugs.webkit.org/show_bug.cgi?id=148472

Reviewed by Darin Adler.

Clean up all uses of PassRefPtr in WebCore/svg.

* Modules/webaudio/AudioScheduledSourceNode.cpp:
(WebCore::AudioScheduledSourceNode::addEventListener):
* Modules/webaudio/AudioScheduledSourceNode.h:
* Modules/webaudio/ScriptProcessorNode.cpp:
(WebCore::ScriptProcessorNode::addEventListener):
* Modules/webaudio/ScriptProcessorNode.h:
* dom/EventListenerMap.cpp:
(WebCore::copyListenersNotCreatedFromMarkupToTarget):
* dom/EventTarget.cpp:
(WebCore::EventTarget::addEventListener):
* dom/EventTarget.h:
* dom/MessagePort.cpp:
(WebCore::MessagePort::addEventListener):
* dom/MessagePort.h:
* dom/Node.cpp:
(WebCore::tryAddEventListener):
(WebCore::Node::addEventListener):
* dom/Node.h:
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::addEventListener):
* html/HTMLMediaElement.h:
* html/ImageDocument.cpp:
(WebCore::ImageDocument::createDocumentStructure):
* html/shadow/MediaControlsApple.cpp:
(WebCore::MediaControlsApple::showClosedCaptionTrackList):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::addEventListener):
* page/DOMWindow.h:
* rendering/svg/RenderSVGResourceFilter.cpp:
(WebCore::RenderSVGResourceFilter::buildPrimitives):
* svg/SVGElement.cpp:
(WebCore::SVGElement::addEventListener):
* svg/SVGElement.h:
* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::pathSegListChanged):
* svg/SVGPathUtilities.cpp:
(WebCore::appendSVGPathByteStreamFromSVGPathSeg):
* svg/SVGPathUtilities.h:
* svg/SVGTRefElement.cpp:
(WebCore::SVGTRefTargetEventListener::attach):
(WebCore::SVGTRefElement::buildPendingResource):
* svg/graphics/filters/SVGFilterBuilder.cpp:
(WebCore::SVGFilterBuilder::appendEffectToEffectReferences):
* svg/graphics/filters/SVGFilterBuilder.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189565 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLayoutTests/imported/w3c:
dewei_zhu@apple.com [Thu, 10 Sep 2015 02:04:02 +0000 (02:04 +0000)]
LayoutTests/imported/w3c:
Document.characterSet should return "UTF-8" by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Update the tests which test the default encoding of document.

* web-platform-tests/dom/interfaces-expected.txt:
* web-platform-tests/dom/nodes/DOMImplementation-createDocument-expected.txt:
* web-platform-tests/dom/nodes/Node-properties-expected.txt:
* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:
Document.characterSet should return "UTF-8" instead of null by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Document encoding should default to "UTF-8" as is specified in
https://dom.spec.whatwg.org/#concept-document-encoding. This behavior
is consistent with Firefox and Chrome.

* dom/Document.cpp:
(WebCore::Document::encoding): Returns nullAtom according to declearation.
(WebCore::Document::characterSetForBindings): Returns "UTF-8" by default instead of null String.
* dom/Document.h:
(WebCore::Document::charset):
(WebCore::Document::inputEncoding): Deleted.
(WebCore::Document::characterSet): Deleted.
* dom/Document.idl:
* dom/InlineStyleSheetOwner.cpp:
(WebCore::InlineStyleSheetOwner::createSheet):
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::mainResourceContent):
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::didFinishLoading):
(WebCore::InspectorResourceAgent::didFailLoading):
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::createDecoderIfNeeded):
* loader/FormSubmission.cpp:
(WebCore::encodingFromAcceptCharset):

LayoutTests:
Document.characterSet should return "UTF-8" by default.
https://bugs.webkit.org/show_bug.cgi?id=148810
<rdar://problem/22548727>

Reviewed by Ryosuke Niwa.

Update the tests which test the default encoding of document.

* dom/xhtml/level3/core/documentgetinputencoding02-expected.txt: Obsolete test.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement internal calls in WebAssembly
commit-queue@webkit.org [Thu, 10 Sep 2015 01:43:20 +0000 (01:43 +0000)]
Implement internal calls in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148998

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-09
Reviewed by Filip Pizlo.

This patch implements internal calls to functions that return a 32-bit
integer in WebAssembly.

* tests/stress/wasm-calls.js: Added.
(shouldBe):
* tests/stress/wasm/calls.wasm: Added.
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::WASMFunctionCompiler):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildCallInternal):
(JSC::WASMFunctionCompiler::appendExpressionList):
(JSC::WASMFunctionCompiler::emitNakedCall):
(JSC::WASMFunctionCompiler::boxArgumentsAndAdjustStackPointer):
(JSC::WASMFunctionCompiler::callAndUnboxResult):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::compile):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseCallInternalExpressionI32):
(JSC::WASMFunctionParser::parseCallArguments):
(JSC::WASMFunctionParser::parseCallInternal):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildCallInternal):
(JSC::WASMFunctionSyntaxChecker::appendExpressionList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189563 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove dead WebInspectorProxy related code
commit-queue@webkit.org [Thu, 10 Sep 2015 01:38:34 +0000 (01:38 +0000)]
Web Inspector: Remove dead WebInspectorProxy related code
https://bugs.webkit.org/show_bug.cgi?id=149019

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-09
Reviewed by Timothy Hatcher.

* UIProcess/API/C/mac/WKInspectorPrivateMac.h:
* UIProcess/WebInspectorProxy.cpp:
* UIProcess/WebInspectorProxy.h:
* UIProcess/mac/WebInspectorProxyMac.mm:
(-[WKWebInspectorProxyObjCAdapter attachRight:]): Deleted.
(-[WKWebInspectorProxyObjCAdapter attachBottom:]): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189562 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189522.
cdumez@apple.com [Thu, 10 Sep 2015 00:27:32 +0000 (00:27 +0000)]
Unreviewed, rolling out r189522.
https://bugs.webkit.org/show_bug.cgi?id=149020

"Caused a ~4% Speedometer regression" (Requested by cdumez on
#webkit).

Reverted changeset:

"Function.prototype.bind: Bound functions must use the
[[Prototype]] of their target function instead of
Function.prototype"
https://bugs.webkit.org/show_bug.cgi?id=145605
http://trac.webkit.org/changeset/189522

Patch by Commit Queue <commit-queue@webkit.org> on 2015-09-09

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189561 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCSS general sibling selectors does not work without CSS JIT
benjamin@webkit.org [Wed, 9 Sep 2015 23:40:55 +0000 (23:40 +0000)]
CSS general sibling selectors does not work without CSS JIT
https://bugs.webkit.org/show_bug.cgi?id=148987
rdar://problem/22559860

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-09
Reviewed by Andreas Kling.

Source/WebCore:

When traversing with the indirect adjacent combinator, SelectorChecker
was not setting the style invalidation flag on the right element.

Tests: fast/css/indirect-adjacent-style-invalidation-1.html
       fast/css/indirect-adjacent-style-invalidation-2.html
       fast/css/indirect-adjacent-style-invalidation-3.html

* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::matchRecursively):

LayoutTests:

There are multiple variations of the same tests to test
cases where we JIT and cases without JIT.

* fast/css/indirect-adjacent-style-invalidation-1-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-1.html: Added.
* fast/css/indirect-adjacent-style-invalidation-2-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-2.html: Added.
* fast/css/indirect-adjacent-style-invalidation-3-expected.txt: Added.
* fast/css/indirect-adjacent-style-invalidation-3.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189560 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix bit rot on bot watcher's dashboard page
ap@apple.com [Wed, 9 Sep 2015 23:31:32 +0000 (23:31 +0000)]
Fix bit rot on bot watcher's dashboard page
https://bugs.webkit.org/show_bug.cgi?id=149012

Reviewed by Tim Horton.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:
The code path used by the metrics page was trying to add properties to an undefined.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:
Silence an expection that would occur when the step has no logs. This should never
happen, but it did (perhaps buildbot was misconfigured for a while).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189559 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused InspectorFrontendHost methods
commit-queue@webkit.org [Wed, 9 Sep 2015 23:16:26 +0000 (23:16 +0000)]
Web Inspector: Remove unused InspectorFrontendHost methods
https://bugs.webkit.org/show_bug.cgi?id=149013

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-09
Reviewed by Brian Burg.

* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::canSaveAs): Deleted.
(WebCore::InspectorFrontendHost::canInspectWorkers): Deleted.
* inspector/InspectorFrontendHost.h:
* inspector/InspectorFrontendHost.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoASSERTION FAILED: typesettingFeatures & (Kerning | Ligatures) in WebCore::applyFontTr...
mmaxfield@apple.com [Wed, 9 Sep 2015 22:42:50 +0000 (22:42 +0000)]
ASSERTION FAILED: typesettingFeatures & (Kerning | Ligatures) in WebCore::applyFontTransforms
https://bugs.webkit.org/show_bug.cgi?id=146194

Reviewed by Dean Jackson.

Source/WebCore:

We might trigger shaping even if the author hasn't specified kerning or ligatures.

Test: fast/text/softbank-emoji-no-ligatures-nor-kerning.html

* platform/graphics/WidthIterator.cpp:
(WebCore::isSoftBankEmoji):
(WebCore::WidthIterator::applyFontTransforms):
(WebCore::WidthIterator::advanceInternal):
(WebCore::applyFontTransforms): Deleted.
* platform/graphics/WidthIterator.h:

LayoutTests:

* fast/text/softbank-emoji-no-ligatures-nor-kerning-expected.html: Added
* fast/text/softbank-emoji-no-ligatures-nor-kerning.html: Added

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2015-09-09 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Wed, 9 Sep 2015 22:26:16 +0000 (22:26 +0000)]
2015-09-09  Geoffrey Garen  <ggaren@apple.com>

        Fix the no-DFG build.

        Unreviewed.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::visitOSRExitTargets):
        (JSC::CodeBlock::stronglyVisitStrongReferences):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189556 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSetting document.title when there is no title and no head element should no nothing
cdumez@apple.com [Wed, 9 Sep 2015 22:11:44 +0000 (22:11 +0000)]
Setting document.title when there is no title and no head element should no nothing
https://bugs.webkit.org/show_bug.cgi?id=149005
<rdar://problem/22567524>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline tests now that more checks are passing.

* web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-01-expected.txt:
* web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-02-expected.txt:

Source/WebCore:

Setting document.title when there is no title element and no head
element should no nothing:
- https://html.spec.whatwg.org/multipage/dom.html#document.title

Firefox and Chrome comply with the specification. However, WebKit
was returning the updated title when querying document.title after
setting it.

No new tests, covered by existing tests.

* dom/Document.cpp:
(WebCore::Document::setTitle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189555 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCodeBlocks should strongly visit their OSR exit targets
ggaren@apple.com [Wed, 9 Sep 2015 22:06:49 +0000 (22:06 +0000)]
CodeBlocks should strongly visit their OSR exit targets
https://bugs.webkit.org/show_bug.cgi?id=148988

Reviewed by Saam Barati.

CodeBlocks jump to their OSR exit targets, so we need to keep them alive
explicitly.

This is a step toward throwing away CodeBlocks, which is only safe
if we keep alive logically in-use CodeBlocks.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::visitStrongly): Added a flag to indicate if visit
strongly had been performed yet, since we are likely to revisit
the same CodeBlock many times now.

(JSC::CodeBlock::visitOSRExitTargets):
(JSC::CodeBlock::stronglyVisitStrongReferences): Do the visiting.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearMarks):
(JSC::CodeBlockSet::mark): Added a helper function for clearing out
two flags.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189554 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago2015-09-09 Geoffrey Garen <ggaren@apple.com>
ggaren@apple.com [Wed, 9 Sep 2015 22:00:58 +0000 (22:00 +0000)]
2015-09-09  Geoffrey Garen  <ggaren@apple.com>

        Unreviewed, rolling back in r189516.
        https://bugs.webkit.org/show_bug.cgi?id=148989

        Restored changeset:

        "GC should be able to discover new strong CodeBlock references
        during marking"
        https://bugs.webkit.org/show_bug.cgi?id=148981
        http://trac.webkit.org/changeset/189516

        This patch caused infinite recursion on Windows because of a pre-existing
        logical error in the non-parallel GC configuration. Even in non-parallel
        GC, we must set the mark bit on a CodeBlock to avoid marking it twice
        (or, in the case of our crash, infinitely recursively).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189553 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdate LayoutTestRelay xcconfig file.
ap@apple.com [Wed, 9 Sep 2015 21:35:56 +0000 (21:35 +0000)]
Update LayoutTestRelay xcconfig file.

Rubber-stamped by Dan Bernstein.

* LayoutTestRelay/Configurations/DebugRelease.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove an unused NSString SPI constant
andersca@apple.com [Wed, 9 Sep 2015 21:15:07 +0000 (21:15 +0000)]
Remove an unused NSString SPI constant
https://bugs.webkit.org/show_bug.cgi?id=149009

Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/WKWebView.mm:
* UIProcess/API/Cocoa/WKWebViewPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189551 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Percentage columns shouldn't include border and padding
rego@igalia.com [Wed, 9 Sep 2015 21:11:02 +0000 (21:11 +0000)]
[css-grid] Percentage columns shouldn't include border and padding
https://bugs.webkit.org/show_bug.cgi?id=148978

Reviewed by Sergio Villar Senin.

Source/WebCore:

Subtract border and padding when we're calculating the breadth of the
columns in LayoutGrid::computeUsedBreadthOfSpecifiedLength().

Added test to check the behavior for both columns and rows.

Test: fast/css-grid-layout/grid-percent-track-margin-border-padding.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

* fast/css-grid-layout/grid-percent-track-margin-border-padding-expected.txt: Added.
* fast/css-grid-layout/grid-percent-track-margin-border-padding.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189550 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement the relational instructions for doubles in WebAssembly
commit-queue@webkit.org [Wed, 9 Sep 2015 21:01:03 +0000 (21:01 +0000)]
Implement the relational instructions for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148999

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-09
Reviewed by Filip Pizlo.

Implements the relational instructions for doubles (float64) in
WebAssembly. Also pass the values into the test functions as Mark Lam
suggested in https://bugs.webkit.org/show_bug.cgi?id=148882#c3

* tests/stress/wasm-relational.js:
* tests/stress/wasm/relational.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildRelationalF64):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseRelationalF64ExpressionI32):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildRelationalI32):
(JSC::WASMFunctionSyntaxChecker::buildRelationalF64):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189549 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark http/tests/css/link-css-disabled-value-with-slow-loading-sheet.html as flaky...
said@apple.com [Wed, 9 Sep 2015 20:58:44 +0000 (20:58 +0000)]
Mark http/tests/css/link-css-disabled-value-with-slow-loading-sheet.html as flaky on Windows

This test is marked as flaky on gtk and mak-wk2. It fails on Windows more
than it fails on any other platform.

* platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189548 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUpdated availability annotations for iOS 9 and OS X El Capitan.
mitz@apple.com [Wed, 9 Sep 2015 20:57:22 +0000 (20:57 +0000)]
Updated availability annotations for iOS 9 and OS X El Capitan.

Rubber-stamped by Anders Carlsson.

* Shared/API/Cocoa/_WKRenderingProgressEvents.h:
* UIProcess/API/Cocoa/WKError.h:
* UIProcess/API/Cocoa/WKErrorPrivate.h:
* UIProcess/API/Cocoa/WKFrameInfo.h:
* UIProcess/API/Cocoa/WKNavigationActionPrivate.h:
* UIProcess/API/Cocoa/WKNavigationDelegate.h:
* UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
* UIProcess/API/Cocoa/WKSecurityOrigin.h:
* UIProcess/API/Cocoa/WKUIDelegate.h:
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
* UIProcess/API/Cocoa/WKViewPrivate.h:
* UIProcess/API/Cocoa/WKWebView.h:
* UIProcess/API/Cocoa/WKWebViewConfiguration.h:
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/API/Cocoa/WKWebViewPrivate.h:
* UIProcess/API/Cocoa/WKWebsiteDataRecord.h:
* UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h:
* UIProcess/API/Cocoa/WKWebsiteDataStore.h:
* UIProcess/API/Cocoa/_WKDiagnosticLoggingDelegate.h:
* UIProcess/API/Cocoa/_WKElementAction.h:
* UIProcess/API/Cocoa/_WKLayoutMode.h:
* UIProcess/API/Cocoa/_WKOverlayScrollbarStyle.h:
* UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
* UIProcess/API/Cocoa/_WKUserContentExtensionStore.h:
* UIProcess/API/Cocoa/_WKUserContentFilter.h:
* UIProcess/API/Cocoa/_WKWebsiteDataRecord.h:
* UIProcess/API/Cocoa/_WKWebsiteDataStore.h:
* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189547 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofast/dom/rtl-scroll-to-leftmost-and-resize.html is a flaky timeout - IPC drops messages
ap@apple.com [Wed, 9 Sep 2015 20:39:32 +0000 (20:39 +0000)]
fast/dom/rtl-scroll-to-leftmost-and-resize.html is a flaky timeout - IPC drops messages
https://bugs.webkit.org/show_bug.cgi?id=148951

Reviewed by Anders Carlsson.

Source/WebKit2:

* Platform/IPC/Connection.cpp:
(IPC::Connection::waitForMessage): Don't modify m_waitingForMessage without holding
a lock. This is not part of this fix, but seems necessary for correctness.
(IPC::Connection::processIncomingMessage): Don't interrupt a wait that has already succeeded.

LayoutTests:

* platform/mac-wk2/TestExpectations: Unmark the test (it still fails per platform/mac
expectations, which is unrelated).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189546 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agohttp/tests/xmlhttprequest/ontimeout-response-getters.html is flaky
youenn.fablet@crf.canon.fr [Wed, 9 Sep 2015 20:29:16 +0000 (20:29 +0000)]
http/tests/xmlhttprequest/ontimeout-response-getters.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=148997

Reviewed by Alexey Proskuryakov.

* http/tests/xmlhttprequest/ontimeout-response-getters.html: Augmenting http response delay to trigger XHR timeout.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDFG should have a debugging option that runs a phase that flushes all locals
saambarati1@gmail.com [Wed, 9 Sep 2015 20:18:57 +0000 (20:18 +0000)]
DFG should have a debugging option that runs a phase that flushes all locals
https://bugs.webkit.org/show_bug.cgi?id=148916

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

There is now an option to enable the DFG's new MaximalFlushInsertionPhase
phase to run. This phase ensures that we keep all locals and arguments flushed
to the stack at all places in the CFG. This phase is helpful for finding
a class of bugs where enabling this phase to run removes the bug.
This may also be useful in the development of a faster debugger
that doesn't capture all variables.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGMaximalFlushInsertionPhase.cpp: Added.
(JSC::DFG::MaximalFlushInsertionPhase::MaximalFlushInsertionPhase):
(JSC::DFG::MaximalFlushInsertionPhase::run):
(JSC::DFG::MaximalFlushInsertionPhase::treatRegularBlock):
(JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
(JSC::DFG::MaximalFlushInsertionPhase::newVariableAccessData):
(JSC::DFG::performMaximalFlushInsertion):
* dfg/DFGMaximalFlushInsertionPhase.h: Added.
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Tools:

* Scripts/run-jsc-stress-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189544 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoVersioning.
bshafiei@apple.com [Wed, 9 Sep 2015 18:42:03 +0000 (18:42 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189543 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Add layout tests for QuickLook
aestes@apple.com [Wed, 9 Sep 2015 16:56:14 +0000 (16:56 +0000)]
[iOS] Add layout tests for QuickLook
https://bugs.webkit.org/show_bug.cgi?id=148994

Reviewed by Daniel Bates.

Add tests that verify WebKit's ability to preview certain document types on iOS using QuickLook.framework.
These tests do not cover every document type supported by QuickLook, but they do cover common types like .pages,
.numbers, .key, .doc(x), .xls(x), and .ppt(x). These tests should detect regressions in WebKit's conversion code,
as well as regressions in QuickLook itself. The expected results might need to be occasionally updated if QuickLook
changes its preview markup.

These files contain text and images from webkit.org.

* TestExpectations: Skipped quicklook tests on all platforms.
* platform/ios-simulator/TestExpectations: Enabled quicklook tests on iOS.
* quicklook/excel-expected.html: Added.
* quicklook/excel-legacy-expected.html: Added.
* quicklook/excel-legacy.html: Added.
* quicklook/excel.html: Added.
* quicklook/keynote-09-expected.html: Added.
* quicklook/keynote-09.html: Added.
* quicklook/keynote-expected.html: Added.
* quicklook/keynote.html: Added.
* quicklook/numbers-09-expected.html: Added.
* quicklook/numbers-09.html: Added.
* quicklook/numbers-expected.html: Added.
* quicklook/numbers.html: Added.
* quicklook/pages-09-expected.html: Added.
* quicklook/pages-09.html: Added.
* quicklook/pages-expected.html: Added.
* quicklook/pages.html: Added.
* quicklook/powerpoint-expected.html: Added.
* quicklook/powerpoint-legacy-expected.html: Added.
* quicklook/powerpoint-legacy.html: Added.
* quicklook/powerpoint.html: Added.
* quicklook/resources/excel-expected.html: Added.
* quicklook/resources/excel-legacy-expected.html: Added.
* quicklook/resources/excel-legacy.xls: Added.
* quicklook/resources/excel.xlsx: Added.
* quicklook/resources/keynote-09-expected/index.css: Added.
* quicklook/resources/keynote-09-expected/index.html: Added.
* quicklook/resources/keynote-09-expected/index.js: Added.
* quicklook/resources/keynote-09.key: Added.
* quicklook/resources/keynote-expected.pdf: Added.
* quicklook/resources/keynote.key: Added.
* quicklook/resources/numbers-09-expected/canvas.js: Added.
* quicklook/resources/numbers-09-expected/index.html: Added.
* quicklook/resources/numbers-09-expected/navigation.css: Added.
* quicklook/resources/numbers-09-expected/navigation.html: Added.
* quicklook/resources/numbers-09-expected/sheet_1.html: Added.
* quicklook/resources/numbers-09.numbers: Added.
* quicklook/resources/numbers-expected.pdf: Added.
* quicklook/resources/numbers.numbers: Added.
* quicklook/resources/pages-09-expected/index.css: Added.
* quicklook/resources/pages-09-expected/index.html: Added.
* quicklook/resources/pages-09.pages: Added.
* quicklook/resources/pages-expected.pdf: Added.
* quicklook/resources/pages.pages: Added.
* quicklook/resources/powerpoint-expected.html: Added.
* quicklook/resources/powerpoint-legacy-expected.html: Added.
* quicklook/resources/powerpoint-legacy.ppt: Added.
* quicklook/resources/powerpoint.pptx: Added.
* quicklook/resources/webkit-icon.pdf: Added.
* quicklook/resources/webkit-icon.png: Added.
* quicklook/resources/webkit-icon.tiff: Added.
* quicklook/resources/word-expected.html: Added.
* quicklook/resources/word-legacy-expected.html: Added.
* quicklook/resources/word-legacy.doc: Added.
* quicklook/resources/word.docx: Added.
* quicklook/word-expected.html: Added.
* quicklook/word-legacy-expected.html: Added.
* quicklook/word-legacy.html: Added.
* quicklook/word.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189542 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189536 and r189538.
commit-queue@webkit.org [Wed, 9 Sep 2015 15:43:03 +0000 (15:43 +0000)]
Unreviewed, rolling out r189536 and r189538.
https://bugs.webkit.org/show_bug.cgi?id=149002

broke tests on mac (Requested by alexchristensen on #webkit).

Reverted changesets:

"min-width/height should default to auto for flexbox items"
https://bugs.webkit.org/show_bug.cgi?id=146020
http://trac.webkit.org/changeset/189536

"[css-grid] Percentage columns shouldn't include border and
padding"
https://bugs.webkit.org/show_bug.cgi?id=148978
http://trac.webkit.org/changeset/189538

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189541 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoREGRESSION: Inline-block baseline is wrong when zero-width replaced child is present
hyatt@apple.com [Wed, 9 Sep 2015 14:42:44 +0000 (14:42 +0000)]
REGRESSION: Inline-block baseline is wrong when zero-width replaced child is present
https://bugs.webkit.org/show_bug.cgi?id=147452
rdar://problem/21943074

Reviewed by Myles Maxfield.

Source/WebCore:

Added new test in fast/inline-block

Treat zero width replaced elements the same as replaced elements with width. Instead of
clearing floats based off having no committed width, we instead track both committed
width and committed replaced objects. We do this with two new booleans in LineWidth
so that we know when we have uncomitted and committed replaced objects.

* rendering/line/BreakingContext.h:
(WebCore::BreakingContext::handleReplaced):
(WebCore::BreakingContext::handleText):
(WebCore::BreakingContext::canBreakAtThisPosition):
(WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):
* rendering/line/LineWidth.cpp:
(WebCore::LineWidth::LineWidth):
(WebCore::LineWidth::commit):
(WebCore::LineWidth::applyOverhang):
* rendering/line/LineWidth.h:
(WebCore::LineWidth::committedWidth):
(WebCore::LineWidth::availableWidth):
(WebCore::LineWidth::logicalLeftOffset):
(WebCore::LineWidth::hasCommitted):
(WebCore::LineWidth::addUncommittedWidth):
(WebCore::LineWidth::addUncommittedReplacedWidth):

LayoutTests:

* fast/inline-block/baseline-with-zero-width-replaced-child-expected.html: Added.
* fast/inline-block/baseline-with-zero-width-replaced-child.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSplit mixed font GlyphPage functionality to separate class
antti@apple.com [Wed, 9 Sep 2015 12:26:08 +0000 (12:26 +0000)]
Split mixed font GlyphPage functionality to separate class
https://bugs.webkit.org/show_bug.cgi?id=148965

Reviewed by Myles Maxfield.

Currently GlyphPage class is used for both immutable single font case (in Font) and
for caching mixed font mappings (in FontCascadeFonts). It is cleaner to use separate
classed for these cases. This will also make future improvements easier.

* platform/graphics/Font.cpp:
(WebCore::Font::~Font):
(WebCore::fillGlyphPage):
(WebCore::createAndFillGlyphPage):
(WebCore::Font::glyphPage):
(WebCore::Font::glyphForCharacter):
(WebCore::Font::glyphDataForCharacter):
* platform/graphics/Font.h:
* platform/graphics/FontCascadeFonts.cpp:
(WebCore::MixedFontGlyphPage::MixedFontGlyphPage):
(WebCore::MixedFontGlyphPage::glyphDataForCharacter):
(WebCore::MixedFontGlyphPage::setGlyphDataForCharacter):
(WebCore::MixedFontGlyphPage::setGlyphDataForIndex):

    Mixed font pages are now an implementation detail of FontCascadeFonts.

(WebCore::FontCascadeFonts::GlyphPageCacheEntry::glyphDataForCharacter):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setGlyphDataForCharacter):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::setSingleFontPage):

    Cache entry is either shared single font GlyphPage or mutable MixedFontGlyphPage.

(WebCore::FontCascadeFonts::FontCascadeFonts):
(WebCore::FontCascadeFonts::glyphDataForCharacter):
(WebCore::FontCascadeFonts::pruneSystemFallbacks):
* platform/graphics/FontCascadeFonts.h:
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::isNull):
(WebCore::FontCascadeFonts::GlyphPageCacheEntry::isMixedFont):
* platform/graphics/GlyphPage.h:

    GlyphPage is now for single font mappings only.
    Use regular allocation instead of variable size tricks.
    It is always immutable after initialization (though currently a setter is still needed).

(WebCore::GlyphPage::create):
(WebCore::GlyphPage::~GlyphPage):
(WebCore::GlyphPage::count):
(WebCore::GlyphPage::indexForCharacter):
(WebCore::GlyphPage::glyphDataForCharacter):
(WebCore::GlyphPage::glyphForCharacter):
(WebCore::GlyphPage::glyphDataForIndex):
(WebCore::GlyphPage::glyphForIndex):
(WebCore::GlyphPage::setGlyphForIndex):
(WebCore::GlyphPage::font):
(WebCore::GlyphPage::GlyphPage):
(WebCore::GlyphPage::createForMixedFonts): Deleted.
(WebCore::GlyphPage::createCopyForMixedFonts): Deleted.
(WebCore::GlyphPage::createForSingleFont): Deleted.
(WebCore::GlyphPage::isImmutable): Deleted.
(WebCore::GlyphPage::setImmutable): Deleted.
(WebCore::GlyphPage::glyphAt): Deleted.
(WebCore::GlyphPage::fontForCharacter): Deleted.
(WebCore::GlyphPage::setGlyphDataForCharacter): Deleted.
(WebCore::GlyphPage::setGlyphDataForIndex): Deleted.
(WebCore::GlyphPage::hasPerGlyphFontData): Deleted.
* platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/mac/GlyphPageMac.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/opentype/OpenTypeVerticalData.cpp:
(WebCore::OpenTypeVerticalData::substituteWithVerticalGlyphs):
* platform/graphics/win/GlyphPageTreeNodeCGWin.cpp:
(WebCore::GlyphPage::fill):
* platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:
(WebCore::GlyphPage::fill):
* svg/SVGFontData.cpp:
(WebCore::SVGFontData::applySVGGlyphSelection):
(WebCore::SVGFontData::fillSVGGlyphPage):
(WebCore::SVGFontData::fillBMPGlyphs):
(WebCore::SVGFontData::fillNonBMPGlyphs):
* svg/SVGFontData.h:
(WebCore::SVGFontData::verticalAdvanceY):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189539 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Percentage columns shouldn't include border and padding
rego@igalia.com [Wed, 9 Sep 2015 11:23:07 +0000 (11:23 +0000)]
[css-grid] Percentage columns shouldn't include border and padding
https://bugs.webkit.org/show_bug.cgi?id=148978

Reviewed by Sergio Villar Senin.

Source/WebCore:

Subtract border and padding when we're calculating the breadth of the
columns in LayoutGrid::computeUsedBreadthOfSpecifiedLength().

Added test to check the behavior for both columns and rows.

Test: fast/css-grid-layout/grid-percent-track-margin-border-padding.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):

LayoutTests:

* fast/css-grid-layout/grid-percent-track-margin-border-padding-expected.txt: Added.
* fast/css-grid-layout/grid-percent-track-margin-border-padding.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189538 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHTMLTableElement.tHead / tFoot / caption should be nullable
cdumez@apple.com [Wed, 9 Sep 2015 08:49:19 +0000 (08:49 +0000)]
HTMLTableElement.tHead / tFoot / caption should be nullable
https://bugs.webkit.org/show_bug.cgi?id=148991

Reviewed by Ryosuke Niwa.

Source/WebCore:

According to the specification, HTMLTableElement.tHead / tFoot / caption
should be nullable:
https://html.spec.whatwg.org/multipage/tables.html#htmltableelement

Upon assigning null, we are supposed to remove the existing tHead / tFoot
/ caption element. However, we had a bug causing us to throw an exception
after removing the element. This is because we would try to insert a null
element and ContainerNode::insertBefore() throws when doing so.

Also, as per the specification, setting tHead / tFoot to something else
than a thead / tfoot element should throw a HierarchyRequestError:
https://html.spec.whatwg.org/multipage/tables.html#dom-table-thead
https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot

Previously, WebKit did not check the tag and was happy inserting the
element as long as it was an HTMLTableSectionElement. This means that
you could set a tfoot by assigning table.tHead.

This patch corrects both bugs and adds test coverage for it.

Test: fast/dom/HTMLTableElement/nullable-attributes.html

* html/HTMLTableElement.cpp:
(WebCore::HTMLTableElement::setCaption):
Only call insertBefore() if newCaption is not null as insertBefore()
will throw an exception otherwise.

(WebCore::HTMLTableElement::setTHead):
- Throw a HierarchyRequestError if the HTMLTableSectionElement is not
  null or a <thead> element, as per the specification.
- Only call insertBefore() if newHead is not null as insertBefore()
  will throw an exception otherwise.

(WebCore::HTMLTableElement::setTFoot):
- Throw a HierarchyRequestError if the HTMLTableSectionElement is not
  null or a <tfoot> element, as per the specification.
- Only call insertBefore() if newFoot is not null as insertBefore()
  will throw an exception otherwise.

* html/HTMLTableElement.idl:
Use [StrictTypeChecking] for these 3 attributes so that the bindings
will throw a TypeError if the JS tries to assign a value with the
wrong type. When the implementation is called with null, we now know
this is because the JS assigned null (and not an invalid value).
This is important as assigning null is valid since those attributes
are nullable.

LayoutTests:

Add new test that covers the behavior of the following HTMLTableElement
attributes: caption / tHead / tFoot.

* fast/dom/HTMLTableElement/nullable-attributes-expected.txt: Added.
* fast/dom/HTMLTableElement/nullable-attributes.html: Added.
* fast/dom/setter-type-enforcement-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189537 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agomin-width/height should default to auto for flexbox items
svillar@igalia.com [Wed, 9 Sep 2015 07:37:14 +0000 (07:37 +0000)]
min-width/height should default to auto for flexbox items
https://bugs.webkit.org/show_bug.cgi?id=146020

Reviewed by David Hyatt.

Based on Blink's r193665, r194062, r194887 and r195930 by <cbiesinger@chromium.org>.

Source/WebCore:

As specified here
http://dev.w3.org/csswg/css-flexbox/#min-size-auto the default
value of min-{width|height} is auto for flex items.

In case this patch breaks any website (as it's changing the
default value of those properties) the fix is likely to add:

min-width: 0;
min-height: 0;

to any relevant flexitems.

Test: css3/flexbox/min-size-auto.html

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::isFlexOrGrid): New helper method to identify grids and flexs.
(WebCore::ComputedStyleExtractor::propertyValue): Return auto
for flex items if min-width/height is auto.
* css/CSSParser.cpp:
(WebCore::CSSParser::parseValue):
* html/shadow/SliderThumbElement.cpp:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::constrainLogicalHeightByMinMax):
(WebCore::RenderBox::constrainContentBoxLogicalHeightByMinMax):
(WebCore::RenderBox::computeLogicalWidthInRegionUsing):
(WebCore::RenderBox::computeLogicalHeight):
(WebCore::RenderBox::computeLogicalHeightUsing):
(WebCore::RenderBox::computeContentLogicalHeight):
(WebCore::RenderBox::computeContentAndScrollbarLogicalHeightUsing):
(WebCore::RenderBox::computeReplacedLogicalWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth):
(WebCore::RenderBox::computeReplacedLogicalWidthUsing):
(WebCore::RenderBox::computeReplacedLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::RenderBox::availableLogicalHeightUsing):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalWidthUsing):
(WebCore::RenderBox::computePositionedLogicalHeight):
(WebCore::RenderBox::computePositionedLogicalHeightUsing):
* rendering/RenderBox.h:
* rendering/RenderButton.h:
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
(WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite):
(WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite):
(WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
(WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
* rendering/RenderFlexibleBox.h:
(WebCore::RenderFlexibleBox::isFlexibleBoxImpl):
* rendering/RenderFullScreen.h:
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeUsedBreadthOfSpecifiedLength):
* rendering/RenderMediaControlElements.h:
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::adjustInnerStyle): Do not longer set
the min-width explicitly.
* rendering/RenderMenuList.h:
* rendering/RenderMultiColumnSet.cpp:
(WebCore::RenderMultiColumnSet::calculateMaxColumnHeight):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::maxPageLogicalHeight):
* rendering/RenderReplaced.cpp:
(WebCore::RenderReplaced::computeReplacedLogicalWidth):
(WebCore::RenderReplaced::computeReplacedLogicalHeight):
* rendering/RenderSlider.h:
* rendering/RenderTextControl.h:
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Do not longer set
the min-width explicitly.
* rendering/mathml/RenderMathMLBlock.h:
* rendering/style/RenderStyle.h:

LayoutTests:

* TestExpectations: Removed passing flexbox tests.
* css3/flexbox/csswg/flex-flow-007.html: Added min-height: 0px.
* css3/flexbox/flexbox-baseline.html: Ditto.
* css3/flexbox/min-size-auto-expected.txt: Added.
* css3/flexbox/min-size-auto.html: Added.
* css3/flexbox/preferred-widths-orthogonal.html: Added min-height: 0px.
* fast/css/auto-min-size-expected.txt: Check default computed
styles for min-width/height for flex items.
* fast/css/auto-min-size.html: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189536 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189530 and r189534.
mmaxfield@apple.com [Wed, 9 Sep 2015 07:02:28 +0000 (07:02 +0000)]
Unreviewed, rolling out r189530 and r189534.
https://bugs.webkit.org/show_bug.cgi?id=148996

Caused assertion failures on Yosemite (Requested by litherum
on #webkit).

Reverted changesets:

"[WKTR] Allow changing the WKContextConfiguration between
successive tests"
https://bugs.webkit.org/show_bug.cgi?id=148833
http://trac.webkit.org/changeset/189530

"[Cocoa] Fix the tests after r189530"
http://trac.webkit.org/changeset/189534

Patch by Commit Queue <commit-queue@webkit.org> on 2015-09-09

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189535 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Cocoa] Fix the tests after r189530
mmaxfield@apple.com [Wed, 9 Sep 2015 05:12:37 +0000 (05:12 +0000)]
[Cocoa] Fix the tests after r189530

Unreviewed.

* WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::initializeWebViewConfiguration):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189534 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189407 and r189424.
commit-queue@webkit.org [Wed, 9 Sep 2015 04:59:47 +0000 (04:59 +0000)]
Unreviewed, rolling out r189407 and r189424.
https://bugs.webkit.org/show_bug.cgi?id=148993

Broke some tests, and made others flakily time out (Requested
by ap on #webkit).

Reverted changesets:

"[WebGL] Update WebGL 1.0.3 conformance tests"
https://bugs.webkit.org/show_bug.cgi?id=148858
http://trac.webkit.org/changeset/189407

"REGRESSION (r189407): webgl/1.0.3/conformance/extensions
/webgl-draw-buffers.html"
http://trac.webkit.org/changeset/189424

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189533 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRefactor the test for the arithmetic instructions in WebAssembly
commit-queue@webkit.org [Wed, 9 Sep 2015 04:19:01 +0000 (04:19 +0000)]
Refactor the test for the arithmetic instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148983

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Mark Lam.

Pass the values into the test functions as Mark Lam suggested in
https://bugs.webkit.org/show_bug.cgi?id=148882#c3

* tests/stress/wasm-arithmetic-int32.js: Added.
(shouldBe):
(shouldThrow):
* tests/stress/wasm-arithmetic.js: Removed.
(shouldBe): Deleted.
(shouldThrow): Deleted.
* tests/stress/wasm/arithmetic-int32.wasm: Added.
* tests/stress/wasm/arithmetic.wasm: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] reduce the amount of memory access needed for LivenessAnalysisPhase
benjamin@webkit.org [Wed, 9 Sep 2015 04:02:24 +0000 (04:02 +0000)]
[JSC] reduce the amount of memory access needed for LivenessAnalysisPhase
https://bugs.webkit.org/show_bug.cgi?id=148414

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-09-08
Reviewed by Mark Lam.

LivenessAnalysisPhase still causes a huge number of cache miss.
This patch reduces the amount of accesses needed by the HashTables.

* dfg/DFGBasicBlock.h:
* dfg/DFGLivenessAnalysisPhase.cpp:
(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::process):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WKTR] Allow changing the WKContextConfiguration between successive tests
mmaxfield@apple.com [Wed, 9 Sep 2015 03:27:48 +0000 (03:27 +0000)]
[WKTR] Allow changing the WKContextConfiguration between successive tests
https://bugs.webkit.org/show_bug.cgi?id=148833

Reviewed by Tim Horton.

Previously, we were creating a single WKContext and it lived for the life of the entire test runner.
However, there are certain tests which require specifying options in this object. This patch makes
our existing code for recreating the test runner web view also recreate the WKContext.

As such, our options to the view are now options to the WKContextConfiguration. This patch renames the
class.

* WebKitTestRunner/ContextConfigurationOptions.h: Renamed from Tools/WebKitTestRunner/ViewOptions.h.
* WebKitTestRunner/PlatformWebView.h:
(WTR::PlatformWebView::options):
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::initialize):
(WTR::TestController::generateContextConfiguration):
(WTR::TestController::generatePageConfiguration):
(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::updateContextConfigurationOptionsFromTestHeader):
(WTR::TestController::contextConfigurationOptionsForTest):
(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):
(WTR::updateViewOptionsFromTestHeader): Deleted.
(WTR::TestController::viewOptionsForTest): Deleted.
* WebKitTestRunner/TestController.h:
(WTR::TestController::injectedBundlePath):
(WTR::TestController::testPluginDirectory):
* WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
* WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::TestController::platformCreateWebView):
(WTR::TestController::platformCreateOtherPage):
* WebKitTestRunner/efl/PlatformWebViewEfl.cpp:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/efl/TestControllerEfl.cpp:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/gtk/PlatformWebViewGtk.cpp:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/gtk/TestControllerGtk.cpp:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/ios/PlatformWebViewIOS.mm:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/ios/TestControllerIOS.mm:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.
* WebKitTestRunner/mac/PlatformWebViewMac.mm:
(WTR::PlatformWebView::PlatformWebView):
(WTR::PlatformWebView::viewSupportsOptions):
* WebKitTestRunner/mac/TestControllerMac.mm:
(WTR::TestController::updatePlatformSpecificContextConfigurationOptionsForTest):
(WTR::TestController::updatePlatformSpecificViewOptionsForTest): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189530 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoProspective build fix after r189517
mmaxfield@apple.com [Wed, 9 Sep 2015 03:01:39 +0000 (03:01 +0000)]
Prospective build fix after r189517

Unreviewed.

* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::captureStack):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189529 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: No need for [Custom] Implementation of some InspectorFrontendHost...
commit-queue@webkit.org [Wed, 9 Sep 2015 02:40:40 +0000 (02:40 +0000)]
Web Inspector: No need for [Custom] Implementation of some InspectorFrontendHost methods
https://bugs.webkit.org/show_bug.cgi?id=148990

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-08
Reviewed by Timothy Hatcher.

* bindings/js/JSInspectorFrontendHostCustom.cpp:
(WebCore::JSInspectorFrontendHost::platform): Deleted.
(WebCore::JSInspectorFrontendHost::port): Deleted.
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::platform):
(WebCore::InspectorFrontendHost::port):
* inspector/InspectorFrontendHost.h:
* inspector/InspectorFrontendHost.idl:
Uncustomize a few basic functions.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCrash when WebCore::SQLiteFileSystem::openDatabase is called from multiple threads
mcatanzaro@igalia.com [Wed, 9 Sep 2015 01:38:32 +0000 (01:38 +0000)]
Crash when WebCore::SQLiteFileSystem::openDatabase is called from multiple threads
https://bugs.webkit.org/show_bug.cgi?id=143245

Reviewed by Darin Adler.

sqlite3_initialize is documented to be thread-safe, and to be called automatically by the
library when needed, so applications should never need to call it directly. The problem is,
it's not thread-safe: we have documented instances of GNOME Builder, Devhelp, Epiphany, and
cinnamon-screensaver crashing when sqlite3_initialize is called simultaneously in separate
threads (usually inside sqlite3_open). So call it manually, guarded using std::call_once, to
make sure that the library is fully initialized before the first call to sqlite3_open. It's
a good idea to do this regardless, because the documentation says it could be required in
a future release of SQLite. (Though the use of std::call_once should not be needed, and is
only used to attempt to work around the crashes.)

This is a workaround for an SQLite bug that might have been fixed upstream, but the SQLite
developers are not really confident in the thread-safety of this function, and have advised
that we carry the workaround. Seems like a good idea.

* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::SQLiteDatabase):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSource/JavaScriptCore:
utatane.tea@gmail.com [Wed, 9 Sep 2015 01:32:51 +0000 (01:32 +0000)]
Source/JavaScriptCore:
Unify symbolTableGet and Put in JSLexicalEnvironment and JSSymbolTableObject
https://bugs.webkit.org/show_bug.cgi?id=148783

Reviewed by Geoffrey Garen.

Unify the symbolTableGet and symbolTablePut into JSSymbolTableObject's one.
Since symbolTablePutWithAttributes in JSLexicalEnvironment is not used, we drop that function.

* runtime/JSEnvironmentRecord.h:
(JSC::JSEnvironmentRecord::isValidScopeOffset):
(JSC::JSEnvironmentRecord::variableAt):
(JSC::JSEnvironmentRecord::isValid): Deleted.
* runtime/JSGlobalLexicalEnvironment.cpp:
(JSC::JSGlobalLexicalEnvironment::put):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
* runtime/JSLexicalEnvironment.cpp:
(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
(JSC::JSLexicalEnvironment::getOwnPropertySlot):
(JSC::JSLexicalEnvironment::put):
(JSC::JSLexicalEnvironment::symbolTableGet): Deleted.
(JSC::JSLexicalEnvironment::symbolTablePut): Deleted.
(JSC::JSLexicalEnvironment::symbolTablePutWithAttributes): Deleted.
* runtime/JSLexicalEnvironment.h:
* runtime/JSModuleRecord.cpp:
(JSC::JSModuleRecord::instantiateDeclarations):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::isValidScopeOffset):
* runtime/JSSymbolTableObject.h:
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet):
(JSC::symbolTablePutWithAttributes): Deleted.

Source/WebCore:
Unify symbolTablePut in JSLexicalEnvironment and JSSymbolTableObject
https://bugs.webkit.org/show_bug.cgi?id=148783

Reviewed by Geoffrey Garen.

No behavior change.

* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::updateDocument):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r189516.
commit-queue@webkit.org [Wed, 9 Sep 2015 01:28:22 +0000 (01:28 +0000)]
Unreviewed, rolling out r189516.
https://bugs.webkit.org/show_bug.cgi?id=148989

broke tests on windows (Requested by alexchristensen on
#webkit).

Reverted changeset:

"GC should be able to discover new strong CodeBlock references
during marking"
https://bugs.webkit.org/show_bug.cgi?id=148981
http://trac.webkit.org/changeset/189516

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189524 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove unused DFG::dfgConvertJSValueToInt32()
commit-queue@webkit.org [Wed, 9 Sep 2015 01:03:18 +0000 (01:03 +0000)]
Remove unused DFG::dfgConvertJSValueToInt32()
https://bugs.webkit.org/show_bug.cgi?id=148986

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Geoffrey Garen.

Remove unused DFG::dfgConvertJSValueToInt32() and also remove
DFG::JITCompiler::callOperation(D_JITOperation_EJ operation, ...) which
was introduced in Bug 69806 for dfgConvertJSValueToNumber() and is no
longer used.

* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189523 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFunction.prototype.bind: Bound functions must use the [[Prototype]] of their target...
commit-queue@webkit.org [Wed, 9 Sep 2015 01:01:06 +0000 (01:01 +0000)]
Function.prototype.bind: Bound functions must use the [[Prototype]] of their target function instead of Function.prototype
https://bugs.webkit.org/show_bug.cgi?id=145605

Patch by Matthew Hill <matthew.jh@outlook.com> on 2015-09-08
Reviewed by Geoffrey Garen.

* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
* tests/es6.yaml:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189522 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Unreviewed iOS gardening.
said@apple.com [Wed, 9 Sep 2015 00:46:30 +0000 (00:46 +0000)]
[iOS] Unreviewed iOS gardening.

* platform/ios-simulator/css3/filters/backdrop: Added.
* platform/ios-simulator/css3/filters/backdrop/blur-input-bounds-expected.txt: Added.
* platform/ios-simulator/css3/font-feature-settings-preinstalled-fonts-expected.txt: Added.
* platform/ios-simulator/fast/css/named-images-expected.txt: Added.
* platform/ios-simulator/fast/forms/select-element-focus-ring-expected.txt: Added.
* platform/ios-simulator/fast/text/font-weights-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189521 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixed a bad comment r189517.
mark.lam@apple.com [Wed, 9 Sep 2015 00:26:16 +0000 (00:26 +0000)]
Fixed a bad comment r189517.

Not reviewed.

* heap/MachineStackMarker.cpp:
(JSC::osRedZoneAdjustment):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189520 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, drop imported/w3c/web-platform-tests/html/semantics/embedded-content...
cdumez@apple.com [Wed, 9 Sep 2015 00:20:16 +0000 (00:20 +0000)]
Unreviewed, drop imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc.html.

This recently imported test is flaky.

* web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc-expected.txt: Removed.
* web-platform-tests/html/semantics/embedded-content/media-elements/location-of-the-media-resource/currentSrc.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoInlineCallFrames shouldn't be strongly marked by CodeBlock
ggaren@apple.com [Wed, 9 Sep 2015 00:20:12 +0000 (00:20 +0000)]
InlineCallFrames shouldn't be strongly marked by CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=146613

Reviewed by Saam Barati.

This code was vestigial an unnecessary, so I removed it.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::stronglyVisitStrongReferences):
* bytecode/InlineCallFrame.cpp:
(JSC::InlineCallFrame::calleeConstant):
(JSC::InlineCallFrame::calleeForCallFrame):
(JSC::InlineCallFrame::visitAggregate): Deleted.
* bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::specializationKind):
* bytecode/InlineCallFrameSet.cpp:
(JSC::InlineCallFrameSet::add):
(JSC::InlineCallFrameSet::visitAggregate): Deleted.
* bytecode/InlineCallFrameSet.h:
(JSC::InlineCallFrameSet::begin):
(JSC::InlineCallFrameSet::end):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGC stack scan should include ABI red zone.
mark.lam@apple.com [Wed, 9 Sep 2015 00:19:15 +0000 (00:19 +0000)]
GC stack scan should include ABI red zone.
https://bugs.webkit.org/show_bug.cgi?id=148976

Reviewed by Geoffrey Garen and Benjamin Poulain.

Source/JavaScriptCore:

The x86_64 ABI section 3.2.2[1] and ARM64 ABI[2] both state that there is a
128 byte red zone below the stack pointer (reserved by the OS), and that
"functions may use this area for temporary data that is not needed across
function calls".

Hence, it is possible for a thread to store JSCell pointers in the red zone
area, and the conservative GC thread scanner needs to scan that area as well.

Note: the red zone should not be scanned for the GC thread itself (in
gatherFromCurrentThread()).  This because we're guaranteed that there will
be GC frames below the lowest (top of stack) frame that we need to scan.
Hence, we are guaranteed that there are no red zone areas there containing
JSObject pointers of relevance.

No test added for this issue because the issue relies on:
1. the compiler tool chain generating code that stores local variables
   containing the sole reference to a JS object (that needs to be kept
   alive) in the stack red zone, and
2. GC has to run on another thread while that red zone containing the
   JS object reference is in use.

These conditions require a race that cannot be reliably reproduced.

[1]: http://people.freebsd.org/~obrien/amd64-elf-abi.pdf
[2]: https://developer.apple.com/library/ios/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html#//apple_ref/doc/uid/TP40013702-SW7

* heap/MachineStackMarker.cpp:
(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::Thread::createForCurrentThread):
(JSC::MachineThreads::Thread::freeRegisters):
(JSC::osRedZoneAdjustment):
(JSC::MachineThreads::Thread::captureStack):

Source/WTF:

* wtf/StackBounds.h:
(WTF::StackBounds::origin):
(WTF::StackBounds::end):
(WTF::StackBounds::size):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189517 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoGC should be able to discover new strong CodeBlock references during marking
ggaren@apple.com [Wed, 9 Sep 2015 00:07:51 +0000 (00:07 +0000)]
GC should be able to discover new strong CodeBlock references during marking
https://bugs.webkit.org/show_bug.cgi?id=148981

Reviewed by Mark Lam.

Previously, we required a strong reference to register itself before the
first visit to a CodeBlock. Now, we can discover a strong reference at
any time during the marking phase.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock): Remove the two strong reference state
variables from CodeBlock. Now, a strong reference immediately marks
the CodeBlock and its references at the moment of its discovery, and no
separate state is required.

(JSC::CodeBlock::visitStrongly): New helper function for establishing
a strong reference to a CodeBlock.

(JSC::CodeBlock::visitAggregate): Adopt helper function above.

(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan): Updated
for state removal.

(JSC::CodeBlock::isKnownToBeLiveDuringGC): Ditto.

(JSC::CodeBlock::stronglyVisitWeakReferences): Be sure to record that
we have proven liveness (by virtue of marking all the references the
proof would check). This is required so that the CodeBlock knows itself
to be live, and it is also an optimization to avoid testing weak references
after we have already visited them.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::clearMarks):
(JSC::CodeBlockSet::mark):
(JSC::CodeBlockSet::clearMarks): Deleted. Updated for state removal.

* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::clearCodeBlockMarks):
(JSC::DFG::Plan::checkLivenessAndVisitChildren):
* dfg/DFGPlan.h: No need to use a CodeBlockSet in order to mark anymore.

* dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::completeAllPlansForVM):
(JSC::DFG::Worklist::clearCodeBlockMarks):
(JSC::DFG::Worklist::resumeAllThreads):
(JSC::DFG::Worklist::visitWeakReferences):
(JSC::DFG::completeAllPlansForVM):
(JSC::DFG::clearCodeBlockMarks):
* dfg/DFGWorklist.h:
(JSC::DFG::worklistForIndexOrNull): No need to use a CodeBlockSet in order
to mark anymore.

* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::clearMarksForFullCollection):
(JSC::CodeBlockSet::clearMarksForEdenCollection):
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced):
(JSC::CodeBlockSet::traceMarked):
(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
(JSC::CodeBlockSet::dump):
* heap/CodeBlockSet.h: Keep the currently executing CodeBlocks in RefPtrs
since we can no longer rely on the m_currentlyExecuting bit to keep them
alive. (A currently executing CodeBlock may not be referenced by its
Executable because it may since have been replaced by another CodeBlock.
This is common in the cases of OSR entry and exit.)

* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::visitCompilerWorklistWeakReferences):
(JSC::Heap::visitWeakHandles): No need to trace the list of CodeBlocks
on the stack in the weak reference fixpoint because we no longer overload
"on the stack" to include CodeBlocks referenced by the compiler.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189516 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Remove unused Heap::getConservativeRegisterRoots().
akling@apple.com [Tue, 8 Sep 2015 23:10:57 +0000 (23:10 +0000)]
[JSC] Remove unused Heap::getConservativeRegisterRoots().
<https://webkit.org/b/148974>

Reviewed by Geoffrey Garen.

Spotted this unused stack root gathering helper in Heap. Let's lose it.

* heap/Heap.cpp:
(JSC::Heap::getConservativeRegisterRoots): Deleted.
* interpreter/JSStack.cpp:
(JSC::JSStack::gatherConservativeRoots): Deleted.
* interpreter/JSStack.h:
(JSC::JSStack::gatherConservativeRoots): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189515 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement control flow statements in WebAssembly
commit-queue@webkit.org [Tue, 8 Sep 2015 23:04:44 +0000 (23:04 +0000)]
Implement control flow statements in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148934

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Geoffrey Garen.

This patch implements if, while, do, label, break, and continue
statements in WebAssembly. Switches will be implemented in a subsequent
patch.

* tests/stress/wasm-control-flow.js: Added.
(shouldBe):
* tests/stress/wasm/control-flow.wasm: Added.
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::linkTarget):
(JSC::WASMFunctionCompiler::jumpToTarget):
(JSC::WASMFunctionCompiler::jumpToTargetIf):
(JSC::WASMFunctionCompiler::startLoop):
(JSC::WASMFunctionCompiler::endLoop):
(JSC::WASMFunctionCompiler::startSwitch):
(JSC::WASMFunctionCompiler::endSwitch):
(JSC::WASMFunctionCompiler::startLabel):
(JSC::WASMFunctionCompiler::endLabel):
(JSC::WASMFunctionCompiler::breakTarget):
(JSC::WASMFunctionCompiler::continueTarget):
(JSC::WASMFunctionCompiler::breakLabelTarget):
(JSC::WASMFunctionCompiler::continueLabelTarget):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseIfStatement):
(JSC::WASMFunctionParser::parseIfElseStatement):
(JSC::WASMFunctionParser::parseWhileStatement):
(JSC::WASMFunctionParser::parseDoStatement):
(JSC::WASMFunctionParser::parseLabelStatement):
(JSC::WASMFunctionParser::parseBreakStatement):
(JSC::WASMFunctionParser::parseBreakLabelStatement):
(JSC::WASMFunctionParser::parseContinueStatement):
(JSC::WASMFunctionParser::parseContinueLabelStatement):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::linkTarget):
(JSC::WASMFunctionSyntaxChecker::jumpToTarget):
(JSC::WASMFunctionSyntaxChecker::jumpToTargetIf):
(JSC::WASMFunctionSyntaxChecker::startLoop):
(JSC::WASMFunctionSyntaxChecker::endLoop):
(JSC::WASMFunctionSyntaxChecker::startSwitch):
(JSC::WASMFunctionSyntaxChecker::endSwitch):
(JSC::WASMFunctionSyntaxChecker::startLabel):
(JSC::WASMFunctionSyntaxChecker::endLabel):
(JSC::WASMFunctionSyntaxChecker::breakTarget):
(JSC::WASMFunctionSyntaxChecker::continueTarget):
(JSC::WASMFunctionSyntaxChecker::breakLabelTarget):
(JSC::WASMFunctionSyntaxChecker::continueLabelTarget):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189514 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Mac] Expose Enable/Disable Accelerated Drawing in MiniBrowser
dbates@webkit.org [Tue, 8 Sep 2015 23:04:34 +0000 (23:04 +0000)]
[Mac] Expose Enable/Disable Accelerated Drawing in MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=148980

Reviewed by Alexey Proskuryakov.

Source/WebKit2:

Expose SPI web preference to enable/disable- and query the state of- accelerated drawing
so that we can toggle this setting in MiniBrowser on Mac.

* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _acceleratedDrawingEnabled]): Added.
(-[WKPreferences _setAcceleratedDrawingEnabled:]): Added.
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:

Tools:

Add setting to enable/disable accelerated drawing so as to support testing
this feature in MiniBrowser on Mac.

* MiniBrowser/mac/SettingsController.h:
* MiniBrowser/mac/SettingsController.m:
(-[SettingsController _populateMenu]): Add menu item.
(-[SettingsController validateMenuItem:]): Update setting when menu item is toggled.
(-[SettingsController toggleAcceleratedDrawingEnabled:]): Added.
(-[SettingsController acceleratedDrawingEnabled]): Added.
* MiniBrowser/mac/WK1BrowserWindowController.m:
(-[WK1BrowserWindowController didChangeSettings]): Apply setting in WebKit1.
* MiniBrowser/mac/WK2BrowserWindowController.m:
(-[WK2BrowserWindowController didChangeSettings]): Apply setting in WebKit2.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSeveral inspector-protocol tests are flaky with GuardMalloc
bburg@apple.com [Tue, 8 Sep 2015 22:38:44 +0000 (22:38 +0000)]
Several inspector-protocol tests are flaky with GuardMalloc
https://bugs.webkit.org/show_bug.cgi?id=136715

Reviewed by Joseph Pecoraro.

Sometimes, the async dispatch task can outlive its owning frontend client.
To avoid problems, make it refcounted instead and add a protector reference.

No new tests, covered by existing tests.

* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorBackendDispatchTask::create):
(WebCore::InspectorBackendDispatchTask::dispatch):
(WebCore::InspectorBackendDispatchTask::reset):
(WebCore::InspectorBackendDispatchTask::timerFired):
(WebCore::InspectorBackendDispatchTask::InspectorBackendDispatchTask):
(WebCore::InspectorFrontendClientLocal::InspectorFrontendClientLocal):
(WebCore::InspectorFrontendClientLocal::~InspectorFrontendClientLocal):
* inspector/InspectorFrontendClientLocal.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189512 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFixup typo from r189510
jmarcell@apple.com [Tue, 8 Sep 2015 22:33:10 +0000 (22:33 +0000)]
Fixup typo from r189510

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Added myself as a commiter in contributors.json.
jmarcell@apple.com [Tue, 8 Sep 2015 22:28:37 +0000 (22:28 +0000)]
Unreviewed. Added myself as a commiter in contributors.json.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189510 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Remove unused file: WebInspectorFrontendClient.h
commit-queue@webkit.org [Tue, 8 Sep 2015 22:13:34 +0000 (22:13 +0000)]
Web Inspector: Remove unused file: WebInspectorFrontendClient.h
https://bugs.webkit.org/show_bug.cgi?id=148979

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-09-08
Reviewed by Brian Burg.

* WebProcess/WebCoreSupport/WebInspectorFrontendClient.h: Removed.
Unused now. WebInspectorUI subclasses InspectorFrontendClient itself.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: REGRESSION (r189189): Missing breakpoint context menu for debugger...
mattbaker@apple.com [Tue, 8 Sep 2015 22:12:11 +0000 (22:12 +0000)]
Web Inspector: REGRESSION (r189189): Missing breakpoint context menu for debugger sidebar tree elements
https://bugs.webkit.org/show_bug.cgi?id=148651

Reviewed by Timothy Hatcher.

* UserInterface/Base/Main.js:
(WebInspector.contentLoaded):
Create BreakpointPopoverController singleton, expose as public property of global WebInspector object.

* UserInterface/Views/BreakpointTreeElement.js:
(WebInspector.BreakpointTreeElement.prototype.oncontextmenu):
Use BreakpointPopoverController singleton.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor):
Don't create BreakpointPopoverController instance.
(WebInspector.SourceCodeTextEditor.prototype.textEditorGutterContextMenu):
Use BreakpointPopoverController singleton.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189508 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agonew Comment(undefined) / new Text(undefined) should use default's empty string
cdumez@apple.com [Tue, 8 Sep 2015 21:57:06 +0000 (21:57 +0000)]
new Comment(undefined) / new Text(undefined) should use default's empty string
https://bugs.webkit.org/show_bug.cgi?id=148973
<rdar://problem/22548042>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

* web-platform-tests/dom/nodes/Comment-constructor-expected.txt:
* web-platform-tests/dom/nodes/Text-constructor-expected.txt:
* web-platform-tests/html/dom/documents/dom-tree-accessors/document.title-07-expected.txt:
* web-platform-tests/html/semantics/embedded-content/the-audio-element/audio_constructor-expected.txt:
Rebaseline tests now that new checks are passing.

Source/WebCore:

new Comment(undefined) / new Text(undefined) should use default's empty string instead of converting
undefined to the "undefined" string:
- https://dom.spec.whatwg.org/#interface-comment (parameter is optional, default value is empty String)
- https://dom.spec.whatwg.org/#text (ditto)

undefined should be treated as if the parameter is missing, in the case the parameter is optional, as
per the Web IDL specification. This patch aligns WebKit's behavior with the specification and the
behavior of Firefox and Chrome.

No new tests, already covered by existing tests.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateParametersCheck):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorNamedConstructor::constructJSTestNamedConstructor):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionMethodWithOptionalStringIsNullString):

LayoutTests:

Fix a couple of layout tests that were wrongly expecting undefined to
be converted to the "undefined" String for optional DOMString parameters.

* fast/dom/DOMImplementation/createHTMLDocument-optional-title-expected.txt:
* fast/dom/DOMImplementation/createHTMLDocument-optional-title.html:
* fast/dom/Window/custom-constructors-expected.txt:
* fast/dom/Window/custom-constructors.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Compile errors in inspector code.
peavo@outlook.com [Tue, 8 Sep 2015 21:56:22 +0000 (21:56 +0000)]
[Win] Compile errors in inspector code.
https://bugs.webkit.org/show_bug.cgi?id=148977

Reviewed by Alex Christensen.

Include definition of class FrontendRouter before use.

* inspector/InspectorBackendDispatcher.h:
* inspector/JSGlobalObjectInspectorController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix inspector/codemirror tests.
joepeck@webkit.org [Tue, 8 Sep 2015 20:50:16 +0000 (20:50 +0000)]
Fix inspector/codemirror tests.

Rubber-stamped by Brian Burg.

* UserInterface/Test.html:
Reorder includes to be more like Main.html. This ensures that CodeMirror
resources are loaded before Inspector sources use it, like CodeMirrorAdditions
which gets merged into TestCombined.js.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement computed accessors
utatane.tea@gmail.com [Tue, 8 Sep 2015 19:43:58 +0000 (19:43 +0000)]
[ES6] Implement computed accessors
https://bugs.webkit.org/show_bug.cgi?id=147883

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Implement the computed accessors functionality for class syntax and object literal syntax.
Added new opcodes, op_put_getter_by_val and op_put_setter_by_val. LLInt and baseline JIT support them.
As the same to the other accessor opcodes (like op_put_getter_by_id etc.), DFG / FTL does not support
them. This is handled here[1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=148860

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitPutGetterByVal):
(JSC::BytecodeGenerator::emitPutSetterByVal):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_put_getter_by_val):
(JSC::JIT::emit_op_put_setter_by_val):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_put_getter_by_val):
(JSC::JIT::emit_op_put_setter_by_val):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createGetterOrSetterProperty):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseGetterSetter):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createGetterOrSetterProperty):
* tests/es6.yaml:
* tests/stress/computed-accessor-parsing.js: Added.
(testShouldNotThrow):
(testShouldThrow):
(Val.prototype.get string_appeared_here):
(Val):
* tests/stress/computed-accessor.js: Added.
(shouldBe):
(.):
* tests/stress/duplicate-computed-accessors.js: Added.
(shouldBe):

LayoutTests:

Updated the existing tests.

* js/parser-syntax-check-expected.txt:
* js/script-tests/parser-syntax-check.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, added myself to the list of contributors.
keith_miller@apple.com [Tue, 8 Sep 2015 19:42:43 +0000 (19:42 +0000)]
Unreviewed, added myself to the list of contributors.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189503 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agodocument.importNode(node, deep): deep's default value should be false
cdumez@apple.com [Tue, 8 Sep 2015 19:39:40 +0000 (19:39 +0000)]
document.importNode(node, deep): deep's default value should be false
https://bugs.webkit.org/show_bug.cgi?id=148959
<rdar://problem/22558915>

Reviewed by Alexey Proskuryakov.

LayoutTests/imported/w3c:

* web-platform-tests/dom/nodes/Document-importNode-expected.txt:
Rebaseline now that an additional check is passing.

Source/WebCore:

Switch deep parameter's default value for document.importNode() to
false, as per the latest DOM specification:
- https://dom.spec.whatwg.org/#interface-document
- https://dom.spec.whatwg.org/#dom-document-importnode

Firefox and Chrome follow the specification. However, WebKit was using
"true" for deep's default value.

No new tests, already covered by:
imported/w3c/web-platform-tests/dom/nodes/Document-importNode.html

* dom/Document.h:
(WebCore::Document::importNode):

LayoutTests:

* fast/dom/document-importNode-arguments.html:
Explicitly pass deep parameter as the test wants a deep clone.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189502 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agobaseline JIT should emit better code for UnresolvedProperty in resolve_scope/get_from...
commit-queue@webkit.org [Tue, 8 Sep 2015 19:11:04 +0000 (19:11 +0000)]
baseline JIT should emit better code for UnresolvedProperty in resolve_scope/get_from_scope/put_to_scope
https://bugs.webkit.org/show_bug.cgi?id=148895

Patch by Saam barati <sbarati@apple.com> on 2015-09-08
Reviewed by Geoffrey Garen.

Previously, if a resolve_scope/get_from_scope/put_to_scope with
UnresolvedProperty made it to the baseline JIT, we would hard compile
a jump to the slow path. This is bad and slow. Because UnresolvedProperty
tries to update itself to something more useful, and succeeds at doing so
with high probability, we should be emitting code that checks to see if the
slow path has performed an update, and if it has, execute more efficient code
and not go to the slow path (unless it needs to for var injection check failure,
or other check failures). This increases the speed of this code greatly because
we may decide to compile a program/function before certain resolve_scope/get_from_scope/put_to_scope
operations ever execute. And now, the baseline JIT code better adapts to such
compilation scenarios.

* bytecode/Watchpoint.h:
(JSC::WatchpointSet::isBeingWatched):
(JSC::WatchpointSet::addressOfState):
(JSC::WatchpointSet::offsetOfState):
(JSC::WatchpointSet::addressOfSetIsNotEmpty):
* jit/JIT.cpp:
(JSC::JIT::emitNotifyWrite):
(JSC::JIT::assertStackPointerOffset):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetVarFromPointer):
(JSC::JIT::emitGetVarFromIndirectPointer):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVariable):
(JSC::JIT::emitPutGlobalVariableIndirect):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetVarFromPointer):
(JSC::JIT::emitGetVarFromIndirectPointer):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVariable):
(JSC::JIT::emitPutGlobalVariableIndirect):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
* tests/stress/multiple-files-tests/global-lexical-variable-unresolved-property/first.js:
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189501 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Move PrettyPrinting tests into LayoutTests
joepeck@webkit.org [Tue, 8 Sep 2015 18:47:45 +0000 (18:47 +0000)]
Web Inspector: Move PrettyPrinting tests into LayoutTests
https://bugs.webkit.org/show_bug.cgi?id=148698

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

* Tools/PrettyPrinting/index.html:
Modify the relative path to the tests which are now in LayoutTests.

* UserInterface/Test.html:
Load CodeMirror and related resources for Formatting.

LayoutTests:

* inspector/codemirror/resources/prettyprinting/css-rule-tests/*: Renamed from Source/WebInspectorUI/Tools/PrettyPrinting/css-rule-tests/*.
* inspector/codemirror/resources/prettyprinting/css-tests/*: Renamed from Source/WebInspectorUI/Tools/PrettyPrinting/css-tests/*.
* inspector/codemirror/resources/prettyprinting/javascript-tests/*: Renamed from Source/WebInspectorUI/Tools/PrettyPrinting/js-tests/*.
Move tests from PrettyPrinting tools into LayoutTests.

* inspector/codemirror/prettyprinting-css-expected.txt: Added.
* inspector/codemirror/prettyprinting-css-rules-expected.txt: Added.
* inspector/codemirror/prettyprinting-css-rules.html: Added.
* inspector/codemirror/prettyprinting-css.html: Added.
* inspector/codemirror/prettyprinting-javascript-expected.txt: Added.
* inspector/codemirror/prettyprinting-javascript.html: Added.
Add tests per CodeMirror mode.

* inspector/codemirror/resources/prettyprinting/utilities.js: Added.
(TestPage.registerInitializer):
Shared code between the pretty printing tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement all the arithmetic and logical instructions in WebAssembly
commit-queue@webkit.org [Tue, 8 Sep 2015 18:34:22 +0000 (18:34 +0000)]
Implement all the arithmetic and logical instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148882

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Mark Lam.

This patch implements all the arithmetic and logical instructions for
32-bit integers in WebAssembly.

* tests/stress/wasm-arithmetic.js:
* tests/stress/wasm/arithmetic.wasm:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildUnaryI32):
(JSC::WASMFunctionCompiler::buildBinaryI32):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseUnaryExpressionI32):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildUnaryI32):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win][HighDPI] Video window placement is incorrect.
peavo@outlook.com [Tue, 8 Sep 2015 18:23:23 +0000 (18:23 +0000)]
[Win][HighDPI] Video window placement is incorrect.
https://bugs.webkit.org/show_bug.cgi?id=148954

Reviewed by Alex Christensen.

We need to scale window dimensions with device scale factor.

* platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
(WebCore::MediaPlayerPrivateMediaFoundation::setSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Win] Implement DOMNode::attributes.
peavo@outlook.com [Tue, 8 Sep 2015 18:18:51 +0000 (18:18 +0000)]
[Win] Implement DOMNode::attributes.
https://bugs.webkit.org/show_bug.cgi?id=148747

Reviewed by Brent Fulgham.

* DOMCoreClasses.cpp:
(DOMNode::attributes):
(DOMNode::ownerDocument):
(DOMRange::detach):
(DOMNamedNodeMap::DOMNamedNodeMap):
(DOMNamedNodeMap::~DOMNamedNodeMap):
(DOMNamedNodeMap::createInstance):
(DOMNamedNodeMap::QueryInterface):
(DOMNamedNodeMap::getNamedItem):
(DOMNamedNodeMap::setNamedItem):
(DOMNamedNodeMap::removeNamedItem):
(DOMNamedNodeMap::item):
(DOMNamedNodeMap::length):
(DOMNamedNodeMap::getNamedItemNS):
(DOMNamedNodeMap::setNamedItemNS):
(DOMNamedNodeMap::removeNamedItemNS):
* DOMCoreClasses.h:
(DOMNamedNodeMap::AddRef):
(DOMNamedNodeMap::Release):
(DOMNamedNodeMap::throwException):
(DOMNamedNodeMap::callWebScriptMethod):
(DOMNamedNodeMap::evaluateWebScript):
(DOMNamedNodeMap::removeWebScriptKey):
(DOMNamedNodeMap::stringRepresentation):
(DOMNamedNodeMap::webScriptValueAtIndex):
(DOMNamedNodeMap::setWebScriptValueAtIndex):
(DOMNamedNodeMap::setException):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, fix debug by removing an assertion that is not correct anymore.
fpizlo@apple.com [Tue, 8 Sep 2015 18:17:10 +0000 (18:17 +0000)]
Unreviewed, fix debug by removing an assertion that is not correct anymore.

* jit/Repatch.cpp:
(JSC::linkFor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark animations/trigger-container-scroll-boundaries.html as failure on iOS
dbates@webkit.org [Tue, 8 Sep 2015 17:47:46 +0000 (17:47 +0000)]
Mark animations/trigger-container-scroll-boundaries.html as failure on iOS

According to Dean Jackson this feature is not supported on iOS at this time.

* platform/ios-simulator-wk1/TestExpectations: Move existing animation trigger failure expectations from here...
* platform/ios-simulator-wk2/TestExpectations: and here...
* platform/ios-simulator/TestExpectations: to here.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189495 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd initial support for doubles in WebAssembly
commit-queue@webkit.org [Tue, 8 Sep 2015 17:39:35 +0000 (17:39 +0000)]
Add initial support for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148913

Patch by Sukolsak Sakshuwong <sukolsak@gmail.com> on 2015-09-08
Reviewed by Filip Pizlo.

Implement the ConstantPoolIndex, Immediate, and GetLocal instructions
for doubles (float64) in WebAssembly.

* tests/stress/wasm-arithmetic-float64.js: Added.
(shouldBe):
* tests/stress/wasm/arithmetic-float64.wasm: Added.
* wasm/WASMConstants.h:
* wasm/WASMFunctionCompiler.h:
(JSC::WASMFunctionCompiler::buildSetLocal):
(JSC::WASMFunctionCompiler::buildReturn):
(JSC::WASMFunctionCompiler::buildImmediateI32):
(JSC::WASMFunctionCompiler::buildImmediateF64):
(JSC::WASMFunctionCompiler::buildGetLocal):
* wasm/WASMFunctionParser.cpp:
(JSC::WASMFunctionParser::parseExpression):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseConstantPoolIndexExpressionF64):
(JSC::WASMFunctionParser::parseImmediateExpressionF64):
(JSC::WASMFunctionParser::parseGetLocalExpressionF64):
* wasm/WASMFunctionParser.h:
* wasm/WASMFunctionSyntaxChecker.h:
(JSC::WASMFunctionSyntaxChecker::buildImmediateF64):
* wasm/WASMReader.cpp:
(JSC::WASMReader::readOpExpressionF64):
* wasm/WASMReader.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189494 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCallLinkInfo inside StructureStubInfo should not use polymorphic stubs
fpizlo@apple.com [Tue, 8 Sep 2015 17:25:28 +0000 (17:25 +0000)]
CallLinkInfo inside StructureStubInfo should not use polymorphic stubs
https://bugs.webkit.org/show_bug.cgi?id=148915

Reviewed by Mark Lam.

There is a subtle bug where if we reset a get_by_id IC that had a getter stub that in
turn had a polymorphic call stub, then the GC won't know to keep the getter stub alive.
This patch documents the bug in a FIXME and disables polymorphic call optimizations for
getters. It also just so happens that the polymorphic call optimizations usually don't
benefit getters, since it's hard to create polymorphism at the point of call without also
introducing polymorphism in the base object's structure.

The added test doesn't reproduce the problem, because it's hard to get the GC to delete
all of the stubs.

* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setCallLocations):
(JSC::CallLinkInfo::allowStubs):
(JSC::CallLinkInfo::disallowStubs):
(JSC::CallLinkInfo::setUpCallFromFTL):
* jit/Repatch.cpp:
(JSC::generateByIdStub):
(JSC::linkFor):
(JSC::linkPolymorphicCall):
* tests/stress/poly-call-stub-in-getter-stub.js: Added.
(foo):
(makeGetter):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoThe put_by_id IC store barrier contract should benefit transition over replace
fpizlo@apple.com [Tue, 8 Sep 2015 17:00:05 +0000 (17:00 +0000)]
The put_by_id IC store barrier contract should benefit transition over replace
https://bugs.webkit.org/show_bug.cgi?id=148943

Reviewed by Mark Lam.

Previously, we would only emit a barrier if the value being stored was possibly a cell, so
the transition stub code generator would have to emit a barrier for the store of the
structure, just in case the structure was newer than the base object.

This changes the contract so that the put_by_id callsite would always have a barrier on the
base (except if it proved that the base was brand new). That way, the transition doesn't have
to have a barrier unless it allocates.

This is meant to be a perf-neutral change that I need for the IC refactoring in
https://bugs.webkit.org/show_bug.cgi?id=148717.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* jit/Repatch.cpp:
(JSC::emitPutTransitionStub):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMark fast/dom/rtl-scroll-to-leftmost-and-resize.html as a flaky timeout for
ap@apple.com [Tue, 8 Sep 2015 16:54:58 +0000 (16:54 +0000)]
Mark fast/dom/rtl-scroll-to-leftmost-and-resize.html as a flaky timeout for
https://bugs.webkit.org/show_bug.cgi?id=148951

* platform/mac-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoConvert manual test added in http://trac.webkit.org/changeset/70321 to an automated...
dbates@webkit.org [Tue, 8 Sep 2015 16:01:47 +0000 (16:01 +0000)]
Convert manual test added in trac.webkit.org/changeset/70321 to an automated test
https://bugs.webkit.org/show_bug.cgi?id=74729
<rdar://problem/22550195>

Reviewed by Jon Honeycutt.

.:

* ManualTests/compositing/resources/composited-subframe.html: Removed.
* ManualTests/compositing/show-composited-iframe-on-back-button.html: Removed.

LayoutTests:

* compositing/resources/composited-subframe.html: Added.
* compositing/resources/show-composited-iframe-on-back-button.css: Added.
(.container):
(.box):
* compositing/show-composited-iframe-on-back-button-expected.html: Added.
* compositing/show-composited-iframe-on-back-button.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDashboard: Remove use of z-index for ring overlay; use DOM ordering
dbates@webkit.org [Tue, 8 Sep 2015 15:58:33 +0000 (15:58 +0000)]
Dashboard: Remove use of z-index for ring overlay; use DOM ordering
https://bugs.webkit.org/show_bug.cgi?id=148921

Reviewed by Alexey Proskuryakov.

The ring image is positioned above the platform icon in markup and we specify the CSS
property z-index for the ring image so that it is painted on top of the platform icon
instead of below it (by DOM ordering). Instead we can take advantage of the transparency
of the ring image, switch the order of these DOM elements and remove the use of the CSS
property z-index to achieve a similar effect.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Main.js:
(documentReady): Create the platform icon image element before the ring image such that
the ring image is painted on top of the platform icon.
* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/Main.css:
(table.queue-grid td.logo img.ring): Removed property z-index.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189489 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDashboard: Remove duplicate gear icon data URLs
dbates@webkit.org [Tue, 8 Sep 2015 15:57:58 +0000 (15:57 +0000)]
Dashboard: Remove duplicate gear icon data URLs
https://bugs.webkit.org/show_bug.cgi?id=148920

Reviewed by Alexey Proskuryakov.

Currently we duplicate the SVG data URL for the gear icon up to its fill color in the CSS property
background-image associated with each of the three gear icon states: collapsed (.settings), hover
(.settings:hover), and expanded (.settings-visible .settings). Instead we should use the gear icon
as a mask and make use of the CSS background-color to define the fill color for each of these three
states.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Styles/Main.css:
(.settings): Use gear icon as mask and define CSS background-color for collapsed state.
(.settings:hover): Override CSS background-color for hover state.
(.settings-visible .settings): Override CSS background-color for expanded state.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Unreviewed GTK gardening.
clopez@igalia.com [Tue, 8 Sep 2015 15:43:19 +0000 (15:43 +0000)]
[GTK] Unreviewed GTK gardening.

Update some paths for tests that were renamed.
Remove some tests from the expectations that not longer exist.
Report new failures for the Debug build.

* platform/gtk/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, land iOS baselines for a couple of html/dom tests.
cdumez@apple.com [Tue, 8 Sep 2015 15:25:53 +0000 (15:25 +0000)]
Unreviewed, land iOS baselines for a couple of html/dom tests.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/dynamic-markup-insertion/document-write/nested-document-write-1-expected.txt: Added.
* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/dynamic-markup-insertion/document-write/nested-document-write-2-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189486 268f45cc-cd09-0410-ab3c-d52691b4dbfc