WebKit-https.git
4 years agoWincairo buildfix
oliver@apple.com [Wed, 9 Mar 2016 21:09:51 +0000 (21:09 +0000)]
Wincairo buildfix
https://bugs.webkit.org/show_bug.cgi?id=155245

Reviewed by Mark Lam.

Fix up exports for a few symbols

* jit/ExecutableAllocator.h:
* jit/ExecutableAllocatorFixedVMPool.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197876 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agofocus() / blur() should be on HTMLElement / SVGElement, not Element
cdumez@apple.com [Wed, 9 Mar 2016 20:55:28 +0000 (20:55 +0000)]
focus() / blur() should be on HTMLElement / SVGElement, not Element
https://bugs.webkit.org/show_bug.cgi?id=155216

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

focus() / blur() should be on HTMLElement / SVGElement, not Element:
- https://html.spec.whatwg.org/multipage/dom.html#htmlelement
- https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement

Chrome and Firefox match the specification.

Note that after this change, focus() / blur() is no longer exposed
on MathMLElement. This matches the MathML specification and is
consistent with Firefox and Chrome.

* dom/Element.idl:
* html/HTMLElement.idl:
* svg/SVGElement.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove attributes to the instance for most interfaces that have "Error" in their name
cdumez@apple.com [Wed, 9 Mar 2016 20:37:36 +0000 (20:37 +0000)]
Move attributes to the instance for most interfaces that have "Error" in their name
https://bugs.webkit.org/show_bug.cgi?id=155231

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Our bindings generator was keeping attributes on the instances for
interfaces having "Error" or "Exception" in their name. The reason is
that interfaces that have "Error" in their prototype would not behave
correctly otherwise because "Error" incorrectly has its attributes on
the instance at the moment. However, in our bindings generator, the
condition to decide if an interface's prototype should be "Error" is
if $interface->isException. Therefore, we should use the same condition
to decide if we should keep attributes on the instance until "Error"
is updated to have its attributes on the prototype. Doing this for any
interface having "Error" or "Exception" in their name is overkill.

No new tests, already covered by existing test.

* bindings/scripts/CodeGeneratorJS.pm:
(InterfaceRequiresAttributesOnInstance):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197874 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd dumping of function expression names in CodeBlock bytecode dump.
mark.lam@apple.com [Wed, 9 Mar 2016 20:36:40 +0000 (20:36 +0000)]
Add dumping of function expression names in CodeBlock bytecode dump.
https://bugs.webkit.org/show_bug.cgi?id=155248

Reviewed by Filip Pizlo.

Because ...
[  19] new_func_exp      loc5, loc3, f0:foo

... is more informative than
[  19] new_func_exp      loc5, loc3, f0

Anonymous functions will be dumped as <anon>.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpFunctionExpr):
(JSC::CodeBlock::dumpBytecode):
* bytecode/CodeBlock.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197873 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS Simulator EWS to bot watcher's dashboard
ap@apple.com [Wed, 9 Mar 2016 20:36:35 +0000 (20:36 +0000)]
Add iOS Simulator EWS to bot watcher's dashboard
https://bugs.webkit.org/show_bug.cgi?id=155220

Reviewed by Lucas Forschler.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueServer.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197872 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRename WebCore/platform/crypto/mac/CryptoDigestMac.cpp to WebCore/platform/crypto...
dbates@webkit.org [Wed, 9 Mar 2016 20:25:25 +0000 (20:25 +0000)]
Rename WebCore/platform/crypto/mac/CryptoDigestMac.cpp to WebCore/platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp
https://bugs.webkit.org/show_bug.cgi?id=155244

Reviewed by Alexey Proskuryakov.

The file WebCore/platform/crypto/mac/CryptoDigestMac.cpp is applicable to both iOS and OS X.
We should move and rename this file to reflect that is applicable to both of these platforms.

* PlatformMac.cmake:
* WebCore.xcodeproj/project.pbxproj:
* platform/crypto/commoncrypto/CryptoDigestCommonCrypto.cpp: Renamed from Source/WebCore/platform/crypto/mac/CryptoDigestMac.cpp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197871 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLocal HTML should be blocked from localStorage access unless "Disable Local File...
bfulgham@apple.com [Wed, 9 Mar 2016 20:22:28 +0000 (20:22 +0000)]
Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
https://bugs.webkit.org/show_bug.cgi?id=155185
Source/WebKit2:

Reviewed by Anders Carlsson.
<rdar://problem/11101440>

Tested by TestWebKitAPI tests IndexedDB.IndexedDBMultiProcess and IndexedDB.IndexedDBPersistence.

Allow Cocoa WKWebViewConfiguration access to the 'allowUniversalAccessFromFileURLs' setting.

* UIProcess/API/Cocoa/WKWebView.mm:
(- [WKWebView _initializeWithConfiguration]): Set 'allowUniversalAccessFromFileURLsKey' in
page configuration.
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration _allowUniversalAccessFromFileURLs]): Added,
(-[WKWebViewConfiguration _setAllowUniversalAccessFromFileURLs:]): Added.
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:

Tools:

<rdar://problem/11101440>

Reviewed by Anders Carlsson.

* TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp:
(TestWebKitAPI::TEST): Allow local file accesss to run test.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:
(TEST): Ditto.
* TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm:
(TEST): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197870 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Implement RegExp sticky flag and related functionality
msaboff@apple.com [Wed, 9 Mar 2016 20:11:46 +0000 (20:11 +0000)]
[ES6] Implement RegExp sticky flag and related functionality
https://bugs.webkit.org/show_bug.cgi?id=155177

Reviewed by Saam Barati.

Source/JavaScriptCore:

Implemented the ES6 RegExp sticky functionality.

There are two main behavior changes when the sticky flag is specified.
1) Matching starts at lastIndex and lastIndex is updated after the match.
2) The regular expression is only matched from the start position in the string.
See ES6 section 21.2.5.2.2 for details.

Changed both the Yarr interpreter and jit to not loop to the next character for sticky RegExp's.
Updated RegExp exec and match, and stringProtoFuncMatch to handle lastIndex changes.

Restructured the way flags are passed to and through YarrPatterns to use RegExpFlags instead of
individual bools.

Updated tests for 'y' flag and new behavior.

* bytecode/CodeBlock.cpp:
(JSC::regexpToSourceString):
* inspector/ContentSearchUtilities.cpp:
(Inspector::ContentSearchUtilities::findMagicComment):
* runtime/CommonIdentifiers.h:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):
* runtime/RegExp.h:
* runtime/RegExpKey.h:
* runtime/RegExpObjectInlines.h:
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):
* runtime/RegExpPrototype.cpp:
(JSC::regExpProtoFuncCompile):
(JSC::flagsString):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterSticky):
(JSC::regExpProtoGetterUnicode):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
* tests/es6.yaml:
* tests/stress/static-getter-in-names.js:
(shouldBe):
* yarr/RegularExpression.cpp:
(JSC::Yarr::RegularExpression::Private::compile):
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::tryConsumeBackReference):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
(JSC::Yarr::Interpreter::matchAssertionWordBoundary):
(JSC::Yarr::Interpreter::matchDotStarEnclosure):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):
* yarr/YarrInterpreter.h:
(JSC::Yarr::BytecodePattern::BytecodePattern):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::ignoreCase):
(JSC::Yarr::BytecodePattern::multiline):
(JSC::Yarr::BytecodePattern::sticky):
(JSC::Yarr::BytecodePattern::unicode):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generateAssertionBOL):
(JSC::Yarr::YarrGenerator::generateAssertionEOL):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
(JSC::Yarr::YarrGenerator::backtrack):
* yarr/YarrPattern.cpp:
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPatternConstructor::optimizeBOL):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):
* yarr/YarrPattern.h:
(JSC::Yarr::YarrPattern::reset):
(JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
(JSC::Yarr::YarrPattern::ignoreCase):
(JSC::Yarr::YarrPattern::multiline):
(JSC::Yarr::YarrPattern::sticky):
(JSC::Yarr::YarrPattern::unicode):

LayoutTests:

New and updated tests.

* js/Object-getOwnPropertyNames-expected.txt:
* js/regexp-flags-expected.txt:
* js/regexp-sticky-expected.txt: Added.
* js/regexp-sticky.html: Added.
* js/script-tests/Object-getOwnPropertyNames.js:
* js/script-tests/regexp-flags.js:
(RegExp.prototype.hasOwnProperty): Deleted check for sticky property.
* js/script-tests/regexp-sticky.js: New test.
(asString):
(testStickyExec):
(testStickyMatch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemoving and re-adding a script message handler with the same name results in an...
timothy_horton@apple.com [Wed, 9 Mar 2016 19:56:41 +0000 (19:56 +0000)]
Removing and re-adding a script message handler with the same name results in an unusable message handler
https://bugs.webkit.org/show_bug.cgi?id=155223

Reviewed by Sam Weinig.
Source/WebCore:

New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

* page/UserMessageHandler.h:
(WebCore::UserMessageHandler::descriptor):
* page/UserMessageHandlersNamespace.cpp:
(WebCore::UserMessageHandlersNamespace::handler):
This lazy removal mechanism combined with the fact that we only compare
handler name and world makes it such that m_messageHandlers could have
a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
only in client.

It is safe to compare the descriptors by pointer instead because m_messageHandler
holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
that the add-remove-add path (with identical name and world) causes a new
UserContentController to be created.

We also now clean up any stale UserMessageHandlers whenever we're about to
add a new one, by removing any which the UserContentController no longer knows about.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
(TEST):
Add a test ensuring that it is possible to remove and re-add a script message handler
with the same name and still dispatch messages to it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197868 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFunctionExecutable::ecmaName() should not be based on inferredName().
mark.lam@apple.com [Wed, 9 Mar 2016 19:36:21 +0000 (19:36 +0000)]
FunctionExecutable::ecmaName() should not be based on inferredName().
https://bugs.webkit.org/show_bug.cgi?id=155203

Reviewed by Michael Saboff.

Source/JavaScriptCore:

The ES6 rules for how a function name should be inferred closely matches JSC's
implementation with one exception:
    var o = {}
    o.foo = function() {}

JSC's inferredName for o.foo would be "foo".
ES6 specifies that o.foo.name is "".

The fix is to add a distinct FunctionExecutable::ecmaName() which applies the ES6
rules for inferring the initial value of Function.name.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createProperty):
(JSC::ASTBuilder::makeAssignNode):
* parser/Nodes.h:
* runtime/Executable.h:
* runtime/JSFunction.cpp:
(JSC::JSFunction::reifyName):
* tests/es6.yaml:

LayoutTests:

* js/script-tests/function-toString-vs-name.js:
- Fixed up object property test section and added new test cases.
* platform/mac/http/tests/media/media-source/mediasource-sourcebuffer-mode-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197867 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd two finger tap on links.
enrica@apple.com [Wed, 9 Mar 2016 19:29:29 +0000 (19:29 +0000)]
Add two finger tap on links.
https://bugs.webkit.org/show_bug.cgi?id=155205
rdar://problem/22937516

Reviewed by Sam Weinig.

Adds two finger tap gesture recognizer. When performed
on a link, it calls the delegate.

* Platform/spi/ios/UIKitSPI.h:
* UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
* UIProcess/WebPageProxy.h:
* UIProcess/ios/WKContentViewInteraction.h:
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView setupInteraction]):
(-[WKContentView cleanupInteraction]):
(-[WKContentView _removeDefaultGestureRecognizers]):
(-[WKContentView _addDefaultGestureRecognizers]):
(-[WKContentView _twoFingerSingleTapGestureRecognized:]):
* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):
* WebProcess/WebPage/WebPage.h:
* WebProcess/WebPage/WebPage.messages.in:
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::handleTwoFingerTapAtPoint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197866 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlways call NSURLSession completion handlers
commit-queue@webkit.org [Wed, 9 Mar 2016 19:04:07 +0000 (19:04 +0000)]
Always call NSURLSession completion handlers
https://bugs.webkit.org/show_bug.cgi?id=155137

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-09
Reviewed by Darin Adler.

There are some edge cases which should not be hit, but if they are they would cause the
network process to hang and network resources to be leaked.  This can be avoided.
There are also a few release asserts that do not need to crash release builds.

* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::didReceiveChallenge):
(WebKit::NetworkDataTask::didCompleteWithError):
(WebKit::NetworkDataTask::didReceiveResponse):
(WebKit::NetworkDataTask::didReceiveData):
(WebKit::NetworkDataTask::willPerformHTTPRedirection):
(WebKit::NetworkDataTask::scheduleFailure):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197865 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAlign HTMLKeygenElement.keytype with the specification
cdumez@apple.com [Wed, 9 Mar 2016 18:45:18 +0000 (18:45 +0000)]
Align HTMLKeygenElement.keytype with the specification
https://bugs.webkit.org/show_bug.cgi?id=155214

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Align HTMLKeygenElement.keytype with the specification:
- https://html.spec.whatwg.org/#dom-keygen-keytype
- https://html.spec.whatwg.org/#attr-keygen-keytype

In particular, the following changes were made:
1. Return "rsa" by default (i.e. when the corresponding content attribute is missing)
2. Only return known values

Test: fast/dom/HTMLKeygenElement/keygen-keytype.html

* html/HTMLKeygenElement.cpp:
(WebCore::HTMLKeygenElement::setKeytype):
(WebCore::HTMLKeygenElement::keytype):
(WebCore::HTMLKeygenElement::appendFormData):
* html/HTMLKeygenElement.h:
* html/HTMLKeygenElement.idl:

LayoutTests:

Add test coverage for HTMLKeygenElement.keytype.

* fast/dom/HTMLKeygenElement/keygen-keytype-expected.txt: Added.
* fast/dom/HTMLKeygenElement/keygen-keytype.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197864 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GStreamer] Fix MediaPlayerPrivate conflicts
philn@webkit.org [Wed, 9 Mar 2016 18:26:38 +0000 (18:26 +0000)]
[GStreamer] Fix MediaPlayerPrivate conflicts
https://bugs.webkit.org/show_bug.cgi?id=155236

Reviewed by Martin Robinson.

In some cases the mediastream player would be used to play
non-mediastream videos or MSE streams. The OWR player should be
used only for mediastreams and the MediaPlayerPrivateGStreamer
player should be used only for normal <video> elements and
MediaSource support.

This patch intends to fix the massive tests timeouts currently
happening on the GTK bots after r197752.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
(WebCore::MediaPlayerPrivateGStreamer::supportsType): Bail out if
the type checked represents a mediastream.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
Prevent signal disconnection on possible NULL GObjects.
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
(WebCore::MediaPlayerPrivateGStreamerOwr::MediaPlayerPrivateGStreamerOwr):
Simplify constructor to the bare minimum.
(WebCore::MediaPlayerPrivateGStreamerOwr::load): Create sinks only
if needed from the load method.
(WebCore::MediaPlayerPrivateGStreamerOwr::getSupportedTypes):
Initialize the type cache to an empty static hashset.
(WebCore::MediaPlayerPrivateGStreamerOwr::supportsType): This
player does support mediastreams and nothing else.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197863 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoHarden JSC Root element functions from bad values
msaboff@apple.com [Wed, 9 Mar 2016 18:10:59 +0000 (18:10 +0000)]
Harden JSC Root element functions from bad values
https://bugs.webkit.org/show_bug.cgi?id=155234

Reviewed by Saam Barati.

Changed jsCast() to jsDynamicCast() in Root related function to protect against being
called with non-Root arguments.

* jsc.cpp:
(functionCreateElement):
(functionGetElement):
(functionSetElementRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
benjamin@webkit.org [Wed, 9 Mar 2016 17:51:38 +0000 (17:51 +0000)]
[JSC] Pick how to OSR Enter to FTL at runtime instead of compile time
https://bugs.webkit.org/show_bug.cgi?id=155217

Reviewed by Filip Pizlo.

This patch addresses 2 types of problems with tiering up to FTL
with OSR Entry in a loop:
-When there are nested loops, it is generally valuable to enter
 an outer loop rather than an inner loop.
-When tiering up at a point that cannot OSR Enter, we are at
 the mercy of the outer loop frequency to compile the right
 entry point.

The first case is significant in the test "gaussian-blur".
That test has 4 nested loops. When we have an OSR Entry,
the analysis phases have to be pesimistic where we enter:
we do not really know what constraint can be proven from
the DFG code that was running.

In "gaussian-blur", integer-range analysis removes pretty
much all overflow checks in the inner loops of where we entered.
The more outside we enter, the better code we generate.

Since we spend the most iterations in the inner loop, we naturally
tend to OSR Enter into the 2 most inner loops, making the most
pessimistic assumptions.

To avoid such problems, I changed how we decide where to OSR Enter.
Previously, the last CheckTierUpAndOSREnter to cross the threshold
was where we take the entry point for FTL.

What happens now is that the entry point is not decied when
compiling the CheckTierUp variants. Instead, all the information
we need is gathered during compilation and keept on the JITCode
to be used at runtime.

When we try to tier up and decide to OSR Enter, we use the information
we have to pick a good outer loop for OSR Entry.

Now the problem is outer loop do not CheckTierUpAndOSREnter often,
wasting several miliseconds before entering the newly compiled FTL code.

To solve that, every CheckTierUpAndOSREnter has its own trigger that
bypass the counter. When the FTL Code is compiled, the trigger is set
and we enter through the right CheckTierUpAndOSREnter immediately.

---

This new mechanism also solves a problem of ai-astar.
When we try to tier up in ai-astar, we had nothing to compile until
the outer loop is reached.

To make sure we reached the CheckTierUpAndOSREnter in a reasonable time,
we had CheckTierUpWithNestedTriggerAndOSREnter with a special trigger.

With the new mechanism, we can do much better:
-When we keep hitting CheckTierUpInLoop, we now have all the information
 we need to already start compiling the outer loop.
 Instead of waiting for the outer loop to be reached a few times, we compile
 it as soon as the inner loop is hammering CheckTierUpInLoop.
-With the new triggers, the very next time we hit the outer loop, we OSR Enter.

This allow us to compile what we need sooner and enter sooner.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize): Deleted.
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC): Deleted.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode): Deleted.
* dfg/DFGJITCode.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::compileEntryExecutionFlag):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPlan.h:
(JSC::DFG::Plan::canTierUpAndOSREnter):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute): Deleted.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile): Deleted.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
(JSC::DFG::TierUpCheckInjectionPhase::buildNaturalLoopToLoopHintMap):
(JSC::DFG::TierUpCheckInjectionPhase::findLoopsContainingLoopHintWithoutOSREnter): Deleted.
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::ToFTLForOSREntryDeferredCompilationCallback):
(JSC::DFG::Ref<ToFTLForOSREntryDeferredCompilationCallback>ToFTLForOSREntryDeferredCompilationCallback::create):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously):
(JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
* dfg/DFGToFTLForOSREntryDeferredCompilationCallback.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197861 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoCleaning up TestExpectations files to remove deleted tests and duplicate entries...
ryanhaddad@apple.com [Wed, 9 Mar 2016 17:44:24 +0000 (17:44 +0000)]
Cleaning up TestExpectations files to remove deleted tests and duplicate entries for ios-simulator.

Unreviewed test gardening.

* TestExpectations:
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197860 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkipping fast/events/max-tabindex-focus.html on ios-simulator
ryanhaddad@apple.com [Wed, 9 Mar 2016 17:25:23 +0000 (17:25 +0000)]
Skipping fast/events/max-tabindex-focus.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155233

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197859 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoLocal HTML should be blocked from localStorage access unless "Disable Local File...
bfulgham@apple.com [Wed, 9 Mar 2016 17:06:56 +0000 (17:06 +0000)]
Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

* storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
* storage/domstorage/localstorage/blocked-file-access.html: Added.
* storage/domstorage/localstorage/resources/blocked-example.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197858 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Allow to place positioned grid items on the padding
rego@igalia.com [Wed, 9 Mar 2016 14:26:39 +0000 (14:26 +0000)]
[css-grid] Allow to place positioned grid items on the padding
https://bugs.webkit.org/show_bug.cgi?id=155199

Reviewed by Sergio Villar Senin.

Source/WebCore:

According to the following discussion on the CSS WG mailing list,
we should be able to place positioned grid items on the padding directly:
https://lists.w3.org/Archives/Public/www-style/2015Nov/0070.html

This means that a positioned grid item can be placed on the padding itself.
The "auto" value resolves to the padding edges (0th and -0th lines).
So if a positioned item is placed with: grid-column: auto / 1;
it'd be placed on the padding, from line 0th to 1st line.

On top of that, we've to detect properly the first and last explicit
grid lines during the layout of positioned grid items.
We have to consider that the grid can have implicit tracks created
previously by regular grid items.

Tests: fast/css-grid-layout/grid-positioned-items-padding.html
       fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

Add new tests and updated results in a current one.

* fast/css-grid-layout/grid-positioned-items-implicit-grid.html:
* fast/css-grid-layout/grid-positioned-items-padding-expected.txt: Added.
* fast/css-grid-layout/grid-positioned-items-padding.html: Added.
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track-expected.txt: Added.
* fast/css-grid-layout/grid-positioned-items-within-grid-implicit-track.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197857 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImageDocuments leak their world.
akling@apple.com [Wed, 9 Mar 2016 12:00:32 +0000 (12:00 +0000)]
ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

This got rolled out the first time because it failed on bots. It failed due
to expecting a specific number of documents to be live at the start of the
test, which was not reliable on bots since we appear to have more leaks(!)

Tweaked the test to check the delta in live document count instead.

* fast/dom/ImageDocument-world-leak-expected.txt: Added.
* fast/dom/ImageDocument-world-leak.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197856 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Fix auto-track sizing with min-size:auto and specific sizes
svillar@igalia.com [Wed, 9 Mar 2016 11:02:40 +0000 (11:02 +0000)]
[css-grid] Fix auto-track sizing with min-size:auto and specific sizes
https://bugs.webkit.org/show_bug.cgi?id=155165

Reviewed by Darin Adler.

Source/WebCore:

Specs recently changed the way auto tracks are sized. In the
previous versions, when sizing auto minimums, only the
min-width|height of the items spanning through the auto tracks
were used to size them. The new text specifies that for items
with a specified minimum size of auto, the behavior is
equivalent to a min-content minimum.

This means that from now on, auto tracks with min-size:auto
will no longer be smaller than min-content tracks (which was
pretty weird from the user POV).

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::minSizeForChild): use grid items
min-content contributions whenever the specified size is not
auto or when min-size is auto.

LayoutTests:

* fast/css-grid-layout/grid-automatic-minimum-for-auto-columns-expected.txt:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-columns.html:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-rows-expected.txt:
* fast/css-grid-layout/grid-automatic-minimum-for-auto-rows.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197854 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[css-grid] Initial support for implicit grid before explicit grid
rego@igalia.com [Wed, 9 Mar 2016 10:15:23 +0000 (10:15 +0000)]
[css-grid] Initial support for implicit grid before explicit grid
https://bugs.webkit.org/show_bug.cgi?id=155014

Reviewed by Darin Adler.

Source/WebCore:

Change GridSpan to store int instead of unsigned. This allows us to
resolve positions before the explicit grid with negative values.

This patch adds a new type of GridSpan called "Untranslated".
This type is only used in populateExplicitGridAndOrderIterator().
Where we store the smallest negative position in both axis.

Then the GridSpans are translated into positive values, using the offset
calculated before. This is done in placeItemsOnGrid() and from that
moment the rest of the code uses "Definite" GridSpans, which returns
only positive positions (unsigned instead of int).
This allows us to don't have to modify the rest of the code, as it keeps
using GridSpans as before.

Let's use an example to explain how it works. Imagine that we've a 2
columns grid and 2 items placed like:
* Item A: grid-column: -5;
* Item B: grid-column: 1;

Initially we'll use "Unstranslated" GridSpans with the following values:
* Item A: GridSpan(-2, -1)
* Item B: GridSpan(0, 1)

Then we'll translate them using the smallest position as offset (-2)
so we've "Definite" GridSpans:
* Item A: GridSpan(0, 1)
* Item B: GridSpan(2, 3)

Test: fast/css-grid-layout/implicit-tracks-before-explicit.html

* css/CSSParser.cpp:
(WebCore::CSSParser::parseGridTemplateAreasRow):
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::gridTrackSize):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::placeItemsOnGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
(WebCore::RenderGrid::layoutPositionedObject): Deleted.
* rendering/RenderGrid.h:
* rendering/style/GridCoordinate.h:
(WebCore::GridSpan::untranslatedDefiniteGridSpan):
(WebCore::GridSpan::translatedDefiniteGridSpan):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::untranslatedResolvedInitialPosition):
(WebCore::GridSpan::untranslatedResolvedFinalPosition):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::isTranslatedDefinite):
(WebCore::GridSpan::isIndefinite):
(WebCore::GridSpan::translate):
(WebCore::GridSpan::GridSpan):
(WebCore::GridSpan::operator==): Deleted.
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator): Deleted.
(WebCore::GridSpan::GridSpanIterator::operator unsigned&): Deleted.
* rendering/style/GridResolvedPosition.cpp:
(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
(WebCore::GridResolvedPosition::spanSizeForAutoPlacedItem): Deleted.

LayoutTests:

Updated results in current tests and added specific test for this.

* fast/css-grid-layout/grid-auto-flow-resolution.html:
* fast/css-grid-layout/grid-item-negative-position-resolution.html:
* fast/css-grid-layout/grid-item-spanning-resolution.html:
* fast/css-grid-layout/implicit-tracks-before-explicit-expected.txt: Added.
* fast/css-grid-layout/implicit-tracks-before-explicit.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197850 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[iOS] Arabic text on Wikipedia is shown as boxes
mmaxfield@apple.com [Wed, 9 Mar 2016 08:54:56 +0000 (08:54 +0000)]
[iOS] Arabic text on Wikipedia is shown as boxes
https://bugs.webkit.org/show_bug.cgi?id=155129
<rdar://problem/24919902>

Reviewed by Darin Adler.

Source/WebCore:

GeezaPro is the PostScript name, not the family name.

Test: fast/text/arabic-blacklisted.html

* platform/graphics/ios/FontCacheIOS.mm:
(WebCore::platformLookupFallbackFont):

LayoutTests:

This test is iOS-specific.

* platform/efl/TestExpectations:
* platform/gtk/TestExpectations:
* platform/mac/TestExpectations:
* platform/win/TestExpectations:
* fast/text/arabic-blacklisted-expected.html: Added.
* fast/text/arabic-blacklisted.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197847 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197825.
commit-queue@webkit.org [Wed, 9 Mar 2016 07:45:19 +0000 (07:45 +0000)]
Unreviewed, rolling out r197825.
https://bugs.webkit.org/show_bug.cgi?id=155222

It broke the EFL build. It is not dead code. (Requested by
gyuyoung on #webkit).

Reverted changeset:

"Delete dead scrolling code"
https://bugs.webkit.org/show_bug.cgi?id=155210
http://trac.webkit.org/changeset/197825

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197841 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRemove failing assertion. There are strings that claim to be atomic but that the
fpizlo@apple.com [Wed, 9 Mar 2016 07:29:43 +0000 (07:29 +0000)]
Remove failing assertion. There are strings that claim to be atomic but that the
compiler thread can totally deal with, like the empty string.

Rubber stamped by Mark Lam.

* wtf/text/StringImpl.h:
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197838 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElement with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
cdumez@apple.com [Wed, 9 Mar 2016 06:27:54 +0000 (06:27 +0000)]
Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
https://bugs.webkit.org/show_bug.cgi?id=155215

Reviewed by Ryosuke Niwa.

Source/WebCore:

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
due to a bug in r197726. This patch fixes the issue by only comparing
candidate.tabIndex to winningTabIndex if winner is non-null.

Test: fast/events/max-tabindex-focus.html

* page/FocusController.cpp:
(WebCore::nextElementWithGreaterTabIndex):

LayoutTests:

Add test to make sure that an Element with a tabIndex equal to
2147483647 (maximum tabIndex) can be focused.

* fast/events/max-tabindex-focus-expected.txt: Added.
* fast/events/max-tabindex-focus.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197835 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix iOS Simulator EWS.
ap@apple.com [Wed, 9 Mar 2016 05:53:54 +0000 (05:53 +0000)]
Fix iOS Simulator EWS.

Unreviewed build fix.

* Scripts/webkitpy/common/config/ports.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197834 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDFG should be able to constant-fold strings
fpizlo@apple.com [Wed, 9 Mar 2016 05:16:47 +0000 (05:16 +0000)]
DFG should be able to constant-fold strings
https://bugs.webkit.org/show_bug.cgi?id=155200

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This adds constant-folding of string1 + string2 and string.length. The actual folding
rule is easy, but there are some gotchas.

The problem is that the DFG cannot allocate new JSString objects until we are on the
main thread. So, DFG IR must have a node for a JSValue string constant that hasn't been
created yet - i.e. it doesn't have any concrete JSValue bits yet.

We have the ability to speak of such things, using LazyJSValue. But that's a class, not
a node type. This patch now adds a node type, LazyJSConstant, which is a Node that holds
a LazyJSValue.

This puts us in a weird situation: AI uses JSValue to represent constants. It would take
a lot of work to change it to use LazyJSValue. So, this implements the constant folding
in StrengthReductionPhase. I created a bug and put a FIXME about moving these rules into
AI.

OTOH, our experience in B3 shows that constant folding in strength reduction is quite
nice. It would totally make sense to have strength reduction have constant folding rules
that mirror the rules in AI, or to factor out the AI constant folding rules, the same
way that B3 factors out those rules into Value methods.

Another issue is how to represent the cumulative result of possibly many foldings. I
initially considered adding LazyJSValue kinds that represented concatenation. Folding
the concatenation to a constant meand that this constant was actually a LazyJSValue that
represented the concatenation of two other things. But this would get super messy if we
wanted to fold an operation that uses the results of another folded operation.

So, the JIT thread folds string operations by creating a WTF::String that contains the
result. The DFG::Graph holds a +1 on the underlying StringImpl, so we can pass the
StringImpl* around without reference counting. The LazyJSValue now has a special kind
that means: we created this StringImpl* on the JIT thread, and once the JIT is done, we
will relinquish ownership of it. LazyJSValue has some magic to emit code for these
to-be-created-JSStrings while also transferring ownership of the StringImpl from the JIT
thread to the main thread and registering the JSString with the GC.

This just implements folding for concatenation and GetArrayLength. It's just a proof of
concept for evil things I want to do later.

This change is a 2.5x speed-up on the string concatenation microbenchmarks I added in
this patch.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGFrozenValue.cpp:
(JSC::DFG::FrozenValue::emptySingleton):
(JSC::DFG::FrozenValue::tryGetString):
(JSC::DFG::FrozenValue::dumpInContext):
* dfg/DFGFrozenValue.h:
(JSC::DFG::FrozenValue::strength):
* dfg/DFGGraph.h:
* dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::newString):
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToStringImpl):
(JSC::DFG::LazyJSValue::tryGetStringImpl):
(JSC::DFG::LazyJSValue::tryGetString):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::switchLookupValue):
(JSC::DFG::LazyJSValue::emit):
(JSC::DFG::LazyJSValue::dumpInContext):
* dfg/DFGLazyJSValue.h:
(JSC::DFG::LazyJSValue::LazyJSValue):
(JSC::DFG::LazyJSValue::knownStringImpl):
(JSC::DFG::LazyJSValue::kind):
(JSC::DFG::LazyJSValue::tryGetValue):
(JSC::DFG::LazyJSValue::character):
(JSC::DFG::LazyJSValue::stringImpl):
* dfg/DFGMayExit.cpp:
(JSC::DFG::mayExit):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToIdentityOn):
(JSC::DFG::Node::convertToLazyJSConstant):
(JSC::DFG::Node::convertToPutHint):
(JSC::DFG::Node::convertToPutClosureVarHint):
(JSC::DFG::Node::tryGetString):
(JSC::DFG::Node::promotedLocationDescriptor):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::convertToConstantStoragePointer):
(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::hasLazyJSValue):
(JSC::DFG::Node::lazyJSValue):
(JSC::DFG::Node::initializationValueForActivation):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileLazyJSConstant):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Constant):
(JSC::FTL::DFG::LowerDFGToB3::compileLazyJSConstant):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):

Source/WTF:

Also disable assertions about reference counting strings on the JIT thread. We will do
that now and it's OK.

* wtf/text/StringImpl.h:
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

LayoutTests:

* js/regress/script-tests/strcat-const.js: Added.
(foo):
(bar):
* js/regress/script-tests/strcat-length-const.js: Added.
(foo):
(bar):
* js/regress/strcat-const-expected.txt: Added.
* js/regress/strcat-const.html: Added.
* js/regress/strcat-length-const-expected.txt: Added.
* js/regress/strcat-length-const.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197833 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Timelines keeps switching to overview instead of keeping the selected...
commit-queue@webkit.org [Wed, 9 Mar 2016 05:02:15 +0000 (05:02 +0000)]
Web Inspector: Timelines keeps switching to overview instead of keeping the selected timeline
https://bugs.webkit.org/show_bug.cgi?id=155212
<rdar://problem/25052504>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Timothy Hatcher.

* UserInterface/Views/TimelineSidebarPanel.js:
(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie):
The sidebar was using out of date information in its tree outline causing it to
switch to the wrong sidebar. Use the up to date information from the recording view.

* UserInterface/Views/TimelineTabContentView.js:
(WebInspector.TimelineTabContentView.prototype._recordingSelected):
Fix typo not getting the right timeline type.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197832 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStop using the UserContentController for injecting the override style sheet from...
weinig@apple.com [Wed, 9 Mar 2016 04:39:49 +0000 (04:39 +0000)]
Stop using the UserContentController for injecting the override style sheet from CaptionUserPreferences
https://bugs.webkit.org/show_bug.cgi?id=155211

Reviewed by Dan Bernstein.

The UserContentController is going to become read only from WebCore's perspective. The CaptionUserPreferences
was relying on being able to set a UserStyleSheet on it, but this was really unnecessary complexity. Simplify
things by storing the style sheet's source directly on the Page and teaching ExtensionStyleSheets about it
explicitly.

* dom/ExtensionStyleSheets.cpp:
(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
If there is a captionUserPreferencesStyleSheet on the page, inject it.

* page/CaptionUserPreferences.cpp:
(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
Greatly simplify the code. Now, all this does is set the style sheet on each page.

* page/Page.cpp:
(WebCore::Page::invalidateInjectedStyleSheetCacheInAllFrames):
Extract this out from UserContentController.

(WebCore::Page::setUserContentController):
Call the newly extracted invalidateInjectedStyleSheetCacheInAllFrames().

(WebCore::Page::captionUserPreferencesStyleSheet):
(WebCore::Page::setCaptionUserPreferencesStyleSheet):
Add getter/setter. When setting, invalidate the style sheet cache.

* page/Page.h:
Add new members and functions.

* page/UserContentController.cpp:
(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::removeAllUserContent):
Switch to calling invalidateInjectedStyleSheetCacheInAllFramesInAllPages().

(WebCore::UserContentController::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
Rename and implement in terms of Page::invalidateInjectedStyleSheetCacheInAllFrames().

* page/UserContentController.h:
Rename function.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197831 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBooting multiple iOS simulator parallely fails sometimes
aakash_jain@apple.com [Wed, 9 Mar 2016 02:50:22 +0000 (02:50 +0000)]
Booting multiple iOS simulator parallely fails sometimes
https://bugs.webkit.org/show_bug.cgi?id=155208
<rdar://problem/25019651>

Reviewed by Darin Adler.

* Scripts/webkitpy/port/ios.py:
(IOSSimulatorPort.setup_test_run): Increase the time delay between subsequent
simulator boot.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197830 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRoll r197632 back in now that the bots have caught up.
weinig@apple.com [Wed, 9 Mar 2016 02:27:18 +0000 (02:27 +0000)]
Roll r197632 back in now that the bots have caught up.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView textInputTraits]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197829 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS debug testers to flakiness dashboard
ap@apple.com [Wed, 9 Mar 2016 02:17:49 +0000 (02:17 +0000)]
Add iOS debug testers to flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=155206

Reviewed by Darin Adler.

* TestResultServer/static-dashboards/builders.jsonp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197828 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Memory Timeline should show MemoryPressure events
joepeck@webkit.org [Wed, 9 Mar 2016 02:06:55 +0000 (02:06 +0000)]
Web Inspector: Memory Timeline should show MemoryPressure events
https://bugs.webkit.org/show_bug.cgi?id=155158
<rdar://problem/25026610>

Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/protocol/Memory.json:

Source/WebCore:

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::releaseMemory):
When responding to memory pressure, notify page inspectors.

* platform/cocoa/MemoryPressureHandlerCocoa.mm:
Remove unused includes.

* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::didHandleMemoryPressureImpl):
* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::playbackStarted):
(WebCore::InspectorInstrumentation::playbackPaused):
(WebCore::InspectorInstrumentation::playbackFinished):
(WebCore::InspectorInstrumentation::playbackHitPosition):
(WebCore::InspectorInstrumentation::didHandleMemoryPressure):
* inspector/InspectorMemoryAgent.cpp:
(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):
* inspector/InspectorMemoryAgent.h:
* inspector/InstrumentingAgents.cpp:
(WebCore::InstrumentingAgents::reset):
* inspector/InstrumentingAgents.h:
(WebCore::InstrumentingAgents::inspectorMemoryAgent):
(WebCore::InstrumentingAgents::setInspectorMemoryAgent):
Plumbing to notify the right active inspector.

Source/WebInspectorUI:

* UserInterface/Main.html:
New resources.

* UserInterface/Base/Main.js:
(WebInspector.loaded):
* UserInterface/Controllers/MemoryManager.js:
(WebInspector.MemoryManager):
(WebInspector.MemoryManager.prototype.memoryPressure):
* UserInterface/Protocol/MemoryObserver.js:
(WebInspector.MemoryObserver.prototype.memoryPressure):
New manager for Memory domain events.

* UserInterface/Controllers/TimelineManager.js:
(WebInspector.TimelineManager):
(WebInspector.TimelineManager.defaultInstruments):
(WebInspector.TimelineManager.prototype._memoryPressure):
* UserInterface/Models/TimelineRecording.js:
(WebInspector.TimelineRecording.prototype.addMemoryPressureEvent):
Add events to the Memory Timeline of the active recording.

* UserInterface/Models/MemoryTimeline.js:
(WebInspector.MemoryTimeline.prototype.get memoryPressureEvents):
(WebInspector.MemoryTimeline.prototype.addMemoryPressureEvent):
(WebInspector.MemoryTimeline.prototype.reset):
(WebInspector.MemoryTimeline):
* UserInterface/Models/Timeline.js:
(WebInspector.Timeline.create):
Create a specific MemoryTimeline to hold records and memory pressure events.

* UserInterface/Models/MemoryPressureEvent.js:
(WebInspector.MemoryPressureEvent):
(WebInspector.MemoryPressureEvent.fromPayload):
(WebInspector.MemoryPressureEvent.prototype.get timestamp):
(WebInspector.MemoryPressureEvent.prototype.get severity):
Model object for a memory pressure event.

* UserInterface/Views/MemoryTimelineOverviewGraph.css:
(.timeline-overview-graph.memory .memory-pressure-event):
* UserInterface/Views/MemoryTimelineOverviewGraph.js:
(WebInspector.MemoryTimelineOverviewGraph):
(WebInspector.MemoryTimelineOverviewGraph.prototype.reset):
(WebInspector.MemoryTimelineOverviewGraph.prototype._visibleMemoryPressureEvents):
(WebInspector.MemoryTimelineOverviewGraph.prototype._memoryTimelineMemoryPressureEventAdded):
Include markers for memory pressure events.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197827 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add Heap domain start/stop tracking commands
joepeck@webkit.org [Wed, 9 Mar 2016 02:06:45 +0000 (02:06 +0000)]
Web Inspector: Add Heap domain start/stop tracking commands
https://bugs.webkit.org/show_bug.cgi?id=155190

Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::startTracking):
(Inspector::InspectorHeapAgent::stopTracking):
* inspector/agents/InspectorHeapAgent.h:
* inspector/protocol/Heap.json:

Source/WebInspectorUI:

* UserInterface/Protocol/HeapObserver.js:
(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
To be used when we have a HeapAllocationsInstrument and timeline.

LayoutTests:

* inspector/heap/tracking-expected.txt: Added.
* inspector/heap/tracking.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197826 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoDelete dead scrolling code
mmaxfield@apple.com [Wed, 9 Mar 2016 02:05:13 +0000 (02:05 +0000)]
Delete dead scrolling code
https://bugs.webkit.org/show_bug.cgi?id=155210

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

* page/FrameView.cpp:
(WebCore::FrameView::layerForScrolling): Deleted.
* page/FrameView.h:
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::scrollLayerForScrollableArea): Deleted.
* page/scrolling/ScrollingCoordinator.h:
* platform/ScrollableArea.h:
(WebCore::ScrollableArea::horizontalScrollbar):
(WebCore::ScrollableArea::verticalScrollbar):
(WebCore::ScrollableArea::tiledBacking):
(WebCore::ScrollableArea::layerForHorizontalScrollbar):
(WebCore::ScrollableArea::layerForVerticalScrollbar):
(WebCore::ScrollableArea::layerForScrollCorner):
(WebCore::ScrollableArea::layerForOverhangAreas):
(WebCore::ScrollableArea::layerForScrolling): Deleted.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects): Deleted.
* rendering/RenderLayer.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197825 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Make debugging Test.html easier
commit-queue@webkit.org [Wed, 9 Mar 2016 01:44:47 +0000 (01:44 +0000)]
Web Inspector: Make debugging Test.html easier
https://bugs.webkit.org/show_bug.cgi?id=155207

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Brian Burg.

* UserInterface/Base/InspectorFrontendHostStub.js: Renamed from Source/WebInspectorUI/UserInterface/Protocol/InspectorFrontendHostStub.js.
(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.unbufferedLog):
Add new stub for test function.

* UserInterface/Main.html:
* UserInterface/Test.html:
Move the stub to the Base directory.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[EFL] Enable the SVG -> OTF Font Converter
mmaxfield@apple.com [Wed, 9 Mar 2016 01:40:33 +0000 (01:40 +0000)]
[EFL] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155192

Reviewed by Gyuyoung Kim.

* Source/cmake/OptionsEfl.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197823 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add a way to create a Heap Snapshot
commit-queue@webkit.org [Wed, 9 Mar 2016 01:38:41 +0000 (01:38 +0000)]
Web Inspector: Add a way to create a Heap Snapshot
https://bugs.webkit.org/show_bug.cgi?id=155188

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Brian Burg.

Source/JavaScriptCore:

* inspector/agents/InspectorHeapAgent.h:
* inspector/protocol/Heap.json:
* inspector/agents/InspectorHeapAgent.cpp:
(Inspector::InspectorHeapAgent::snapshot):
Take a heap snapshot and return the JSON string result.

* inspector/protocol/Debugger.json:
Remove unused optional inferredName. Our displayName would be inferred.

Source/WebInspectorUI:

* UserInterface/Main.html:
* UserInterface/Test.html:
Add new Model resources.

* UserInterface/Models/HeapSnapshot.js: Added.
(WebInspector.HeapSnapshotClassCategory):
(WebInspector.HeapSnapshot):
(WebInspector.HeapSnapshot.fromPayload):
(WebInspector.HeapSnapshot.prototype.get rootNode):
(WebInspector.HeapSnapshot.prototype.get nodes):
(WebInspector.HeapSnapshot.prototype.get identifier):
(WebInspector.HeapSnapshot.prototype.get instances):
(WebInspector.HeapSnapshot.prototype.get categories):
(WebInspector.HeapSnapshot.prototype.get totalSize):
(WebInspector.HeapSnapshot.prototype.get totalObjectCount):
(WebInspector.HeapSnapshot.prototype.instancesWithClassName):
(WebInspector.HeapSnapshot.prototype.nodeWithObjectIdentifier):
* UserInterface/Models/HeapSnapshotEdge.js: Added.
(WebInspector.HeapSnapshotEdge):
(WebInspector.HeapSnapshotEdge.prototype.stringify):
* UserInterface/Models/HeapSnapshotNode.js: Added.
(WebInspector.HeapSnapshotNode):
Data structures for a HeapSnapshot.

LayoutTests:

* inspector/heap/snapshot-expected.txt: Added.
* inspector/heap/snapshot.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197822 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix ios bot build.
oliver@apple.com [Wed, 9 Mar 2016 01:05:53 +0000 (01:05 +0000)]
Fix ios bot build.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197821 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMove two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.
ryanhaddad@apple.com [Wed, 9 Mar 2016 01:00:34 +0000 (01:00 +0000)]
Move two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.

Unreviewed test gardening.

* TestExpectations:
* platform/wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197820 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix AppKitCompatibilityDeclarations build.
andersca@apple.com [Wed, 9 Mar 2016 00:40:03 +0000 (00:40 +0000)]
Fix AppKitCompatibilityDeclarations build.

* wtf/mac/AppKitCompatibilityDeclarations.h:
Remove duplicate declarations, conditionally define NSTextAlignment and
add a NSWindowStyleMask typedef.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197819 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoBuild fix
oliver@apple.com [Wed, 9 Mar 2016 00:25:48 +0000 (00:25 +0000)]
Build fix

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197818 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement Function.name support for getters/setters and inferring name of function...
mark.lam@apple.com [Wed, 9 Mar 2016 00:21:26 +0000 (00:21 +0000)]
Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Rubber-stamped by Joseph Pecoraro.

Follow up to the fix for this bug: adding a few small clean-ups for issues Joe
pointed out in the bug.

* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::JSBoundSlotBaseFunction::create):
* runtime/JSCJSValue.cpp:
(JSC::JSValue::putToPrimitiveByIndex):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197817 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStart moving to separated writable and executable mappings in the JIT
oliver@apple.com [Wed, 9 Mar 2016 00:08:53 +0000 (00:08 +0000)]
Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Fil Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

* Configurations/FeatureDefines.xcconfig:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

* wtf/FeatureDefines.h:
* wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197816 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImplement Function.name support for getters/setters and inferring name of function...
mark.lam@apple.com [Wed, 9 Mar 2016 00:01:09 +0000 (00:01 +0000)]
Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

1. toString() no longer uses the value of Function.name as the name of the
   function in the returned string, because ...

    i. Function.name is supposed to be configurable.  Hence, it can be made
       writable and can be set to any JSValue, or deleted.
   ii. Function.prototype.toString() is supposed to produce a string that can be
       eval'ed.  Hence, for JS functions, the function name in the produced
       string must be a legal function name (and not some arbitrary value set in
       Function.name).  For example, while a number is a legal value for
       Function.name, it is not legal as the function name in the toString()
       string.

   Instead, we'll always use the original name from the JS source that the
   function was parsed from.

2. JSFunction::name() now always return the original name, not the value of
   the Function.name property.  As a result, it also no longer needs an
   ExecState* arg.

   If the original name is an empty string, JSFunction::name() will use the
   inferred name.

3. For JS functions, the original name can be attained from their
   FunctionExecutable object.

   For host/native functions (which do not have a FunctionExecutable), we get the
   "original" name from its NativeExecutable.

4. The m_hostFunctionStubMap now keys its NativeExecutable pointers using the
   original name, in addition to the native function and constructor pointers.

   This is needed because we want a different NativeExecutable for functions with
   a different name (to satisfy (3) above).

5. Changed JSBoundFunction to store the name of its bound function in its
   NativeExecutable.  This will later be used to generate the toString() string.
   It's Function.name value is eagerly initialized at construction time.

6. Function.name for getters/setters are now prefixed with "get"/"set".
   This was done both for the JSBoundSlotBaseFunctions and JS definable get/set
   functions.

7. Added InternalFunction::m_originalName so that we can use it to generate the
   toString() string.  We're storing it as a JSString instead of a WTF::String
   only because we want InternalFunction to be continue to be trivially
   destructible.

* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::functionDetails):
* jit/JITThunks.cpp:
(JSC::JITThunks::finalize):
(JSC::JITThunks::hostFunctionStub):
* jit/JITThunks.h:
* runtime/Executable.h:
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncToString):
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):
* runtime/InternalFunction.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::visitChildren):
(JSC::JSBoundFunction::toStringName): Deleted.
* runtime/JSBoundFunction.h:
(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):
* runtime/JSBoundSlotBaseFunction.cpp:
(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::create):
* runtime/JSFunction.cpp:
(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::name):
(JSC::JSFunction::displayName):
(JSC::JSFunction::calculatedDisplayName):
(JSC::JSFunction::reifyName):
* runtime/JSFunction.h:
* tests/es6.yaml:

LayoutTests:

* js/function-toString-vs-name-expected.txt: Added.
* js/function-toString-vs-name.html: Added.
* js/script-tests/function-toString-vs-name.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197815 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[GTK] Enable the SVG -> OTF Font Converter
mmaxfield@apple.com [Tue, 8 Mar 2016 23:59:18 +0000 (23:59 +0000)]
[GTK] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155191

Reviewed by Martin Robinson.

* Source/cmake/OptionsGTK.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUse NSUInteger instead of NSWindowStyleMask.
andersca@apple.com [Tue, 8 Mar 2016 23:58:45 +0000 (23:58 +0000)]
Use NSUInteger instead of NSWindowStyleMask.

* MiniBrowser/mac/MiniBrowser_Prefix.pch:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197813 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix build.
andersca@apple.com [Tue, 8 Mar 2016 23:56:37 +0000 (23:56 +0000)]
Fix build.

We intentionally don't use AppKitCompatibilityDeclarations.h here, since we want
MiniBrowser to build without WTF.

* MiniBrowser/mac/AppDelegate.m:
(-[BrowserAppDelegate _updateNewWindowKeyEquivalents]):
* MiniBrowser/mac/BrowserWindowController.m:
(-[BrowserWindowController windowDidLoad]):
* MiniBrowser/mac/MiniBrowser_Prefix.pch:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFont size computed style is innaccurate
mmaxfield@apple.com [Tue, 8 Mar 2016 23:52:39 +0000 (23:52 +0000)]
Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

* css/CSSComputedStyleDeclaration.cpp:
(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

* css3/calc/font-size-fractional-expected.txt:
* css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
* css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
* editing/mac/attributed-string/font-size-expected.txt:
* editing/mac/attributed-string/vertical-align-expected.txt:
* platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
* platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
* platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
* platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197811 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd AppKit compatibility header
andersca@apple.com [Tue, 8 Mar 2016 23:44:00 +0000 (23:44 +0000)]
Add AppKit compatibility header
https://bugs.webkit.org/show_bug.cgi?id=155202

Reviewed by Beth Dakin.

* WTF.xcodeproj/project.pbxproj:
* wtf/mac/AppKitCompatibilityDeclarations.h: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197810 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMarking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
ryanhaddad@apple.com [Tue, 8 Mar 2016 23:31:14 +0000 (23:31 +0000)]
Marking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155201

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197809 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
bfulgham@apple.com [Tue, 8 Mar 2016 23:30:23 +0000 (23:30 +0000)]
[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
https://bugs.webkit.org/show_bug.cgi?id=155189
<rdar://problem/25042678>

Reviewed by Alexey Proskuryakov.

Update the NetworkProcess sandbox profiles with a declaration that using the
system-fctl to touch the "hot file" flag (to support caching operations)
is allowed. I should have done this in Bug 154503, but did not.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: Add sandbox permission.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197808 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoEnable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFO...
adachan@apple.com [Tue, 8 Mar 2016 23:16:29 +0000 (23:16 +0000)]
Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFObjC for Mac.
https://bugs.webkit.org/show_bug.cgi?id=153239

Reviewed by Eric Carlson.

Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
layer and the inline layer depending on the current presentation mode.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC):
Create m_videoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer):
Return the video inline layer from the VideoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):
Call VideoFullscreenLayerManager::setVideoLayer() with the m_videoBackgroundLayer. To make sure
the preview layer (a sublayer of m_videoBackgroundLayer) resize according to aspect ratio, set
its contents gravity to kCAGravityResizeAspect. Also, set its autoresizing mask so it'll resize
with its superlayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenFrame):
Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197807 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Miscellaneous inspector fixes for typos / stale code
commit-queue@webkit.org [Tue, 8 Mar 2016 23:02:55 +0000 (23:02 +0000)]
Web Inspector: Miscellaneous inspector fixes for typos / stale code
https://bugs.webkit.org/show_bug.cgi?id=155193

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Timothy Hatcher.

* UserInterface/Models/SourceCodeLocation.js:
(WebInspector.SourceCodeLocation.prototype._locationString):
Fix whitespace.

* UserInterface/Views/ApplicationCacheFrameContentView.js:
(WebInspector.ApplicationCacheFrameContentView):
Remove unused class name.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype._showPopoverForFunction.didGetDetails):
Remove inferredName, as that was never sent by our backend and is getting removed.

* UserInterface/Views/TimelineRuler.js:
(WebInspector.TimelineRuler.prototype._handleMouseUp):
Fix variable name typo.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197806 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd iOS simulator EWS that runs tests
ap@apple.com [Tue, 8 Mar 2016 22:29:50 +0000 (22:29 +0000)]
Add iOS simulator EWS that runs tests
https://bugs.webkit.org/show_bug.cgi?id=155175

Reviewed by Lucas Forschler.

* QueueStatusServer/config/queues.py:
* Scripts/webkitpy/common/config/ews.json:
* Scripts/webkitpy/common/config/ports.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197805 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Font Loading] Crash when a single load request causes multiple fonts to fail loading
mmaxfield@apple.com [Tue, 8 Mar 2016 22:22:40 +0000 (22:22 +0000)]
[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

* css/CSSFontFace.cpp:
(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.
* css/CSSFontFace.h: Adding a way for clients to make sure they don't register
or deregister another client.
* css/CSSFontFaceSet.cpp:
(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):
* css/CSSFontFaceSet.h:
* css/FontFace.cpp: Ditto.
(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):
* css/FontFace.h:
* css/FontFaceSet.cpp:
(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.
* css/FontFaceSet.h:
* dom/Document.cpp:
(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

* fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
* fast/text/font-face-set-document-multiple-failure.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197804 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197793 and r197799.
commit-queue@webkit.org [Tue, 8 Mar 2016 21:58:30 +0000 (21:58 +0000)]
Unreviewed, rolling out r197793 and r197799.
https://bugs.webkit.org/show_bug.cgi?id=155195

something weird happened while landing this and everything
broke (Requested by olliej on #webkit).

Reverted changesets:

"Start moving to separated writable and executable mappings in
the JIT"
https://bugs.webkit.org/show_bug.cgi?id=155178
http://trac.webkit.org/changeset/197793

"arm64 build fix after r197793."
http://trac.webkit.org/changeset/197799

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197803 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Images being blocked by CSP 2.0
commit-queue@webkit.org [Tue, 8 Mar 2016 21:56:14 +0000 (21:56 +0000)]
Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-08
Reviewed by Daniel Bates.

* UserInterface/Main.html:
Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197802 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[WK2] Grant explicit read access to ManagedPreferences
bfulgham@apple.com [Tue, 8 Mar 2016 21:44:43 +0000 (21:44 +0000)]
[WK2] Grant explicit read access to ManagedPreferences
https://bugs.webkit.org/show_bug.cgi?id=155173
<rdar://problem/24910550>

Reviewed by Alexey Proskuryakov.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Add new
read permission.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios...
ryanhaddad@apple.com [Tue, 8 Mar 2016 21:42:47 +0000 (21:42 +0000)]
Skip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios-simulator

Unreviewed test gardening.

The test relies on mouse events, which are unsupported on ios-simulator.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197800 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoarm64 build fix after r197793.
achristensen@apple.com [Tue, 8 Mar 2016 21:36:41 +0000 (21:36 +0000)]
arm64 build fix after r197793.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
Use consistent ENABLE macro.  It looks like it was partially renamed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197799 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip css3/filters tests that seem to cause a crash on ios-simulator
ryanhaddad@apple.com [Tue, 8 Mar 2016 21:33:01 +0000 (21:33 +0000)]
Skip css3/filters tests that seem to cause a crash on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197798 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling in r197722.
ggaren@apple.com [Tue, 8 Mar 2016 21:21:38 +0000 (21:21 +0000)]
Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

    sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

    sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197797 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRegexp matching should incur less call overhead
fpizlo@apple.com [Tue, 8 Mar 2016 21:15:07 +0000 (21:15 +0000)]
Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGOperations.cpp:
* runtime/RegExp.cpp:
(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.
* runtime/RegExp.h:
* runtime/RegExpInlines.h: Added.
(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):
* runtime/RegExpMatchesArray.cpp:
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.
* runtime/RegExpObject.h:
(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):
* runtime/RegExpObjectInlines.h: Added.
(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197796 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore deprecation warnings.
andersca@apple.com [Tue, 8 Mar 2016 21:02:09 +0000 (21:02 +0000)]
Ignore deprecation warnings.

* Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::stopNSAppRunLoop):
* Shared/mac/WebEventFactory.mm:
(WebKit::mouseButtonForEvent):
(WebKit::mouseEventTypeForEvent):
(WebKit::clickCountForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::textFromEvent):
(WebKit::unmodifiedTextFromEvent):
(WebKit::isKeypadEvent):
(WebKit::isKeyUpEvent):
(WebKit::modifiersForEvent):
(WebKit::WebEventFactory::createWebKeyboardEvent):
* UIProcess/API/Cocoa/WKNavigationAction.mm:
(toNSEventModifierFlags):
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::becomeFirstResponder):
(WebKit::WebViewImpl::updateContentInsetsIfAutomatic):
(WebKit::WebViewImpl::viewDidMoveToWindow):
(WebKit::WebViewImpl::postFakeMouseMovedEventForFlagsChangedEvent):
(WebKit::WebViewImpl::createFullScreenWindow):
(WebKit::WebViewImpl::sendToolTipMouseExited):
(WebKit::WebViewImpl::sendToolTipMouseEntered):
(WebKit::applicationFlagsForDrag):
(WebKit::WebViewImpl::setLastMouseDownEvent):
(WebKit::WebViewImpl::doneWithKeyEvent):
(WebKit::WebViewImpl::collectKeyboardLayoutCommandsForEvent):
(WebKit::WebViewImpl::performKeyEquivalent):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::beginModal):
* UIProcess/mac/WebContextMenuProxyMac.mm:
(WebKit::WebContextMenuProxyMac::showContextMenu):
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::platformCanAttach):
* UIProcess/mac/WebPopupMenuProxyMac.mm:
(WebKit::WebPopupMenuProxyMac::populate):
(WebKit::WebPopupMenuProxyMac::showPopupMenu):
* WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:
(WebKit::modifierFlagsFromWebEvent):
(WebKit::getEventTypeFromWebEvent):
* WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:
(WebKit::cssAlignmentValueForNSTextAlignment):
* WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:
(WebKit::convertImageToBitmap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197795 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agosynthesizePrototype() and friends need to be followed by exception checks (or equival...
mark.lam@apple.com [Tue, 8 Mar 2016 20:57:25 +0000 (20:57 +0000)]
synthesizePrototype() and friends need to be followed by exception checks (or equivalent).
https://bugs.webkit.org/show_bug.cgi?id=155169

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

With the exception checks, we may end up throwing new exceptions over an existing
one that has been thrown but not handled yet, thereby obscuring it.  It may also
mean that the VM will continue running on potentially unstable state, which may
have undesirable consequences.

I first observed this in some failed assertion while running tests on a patch for
https://bugs.webkit.org/show_bug.cgi?id=154865.

Performance is neutral with this patch (tested on x86_64).

1. Deleted JSNotAnObject, and removed all uses of it.

2. Added exception checks, when needed, following calls to synthesizePrototype()
   and JSValue::toObject().

   The cases that do not need an exception check are the ones that already ensures
   that JSValue::toObject() is only called on a value that is convertible to an
   object.  In those cases, I added an assertion that no exception was thrown
   after the call.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStackFromException):
* interpreter/Interpreter.cpp:
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/ExceptionHelpers.cpp:
* runtime/JSCJSValue.cpp:
(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::getPropertySlot):
(JSC::JSValue::get):
* runtime/JSFunction.cpp:
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
* runtime/JSNotAnObject.cpp: Removed.
* runtime/JSNotAnObject.h: Removed.
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):
* runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncToString):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WebCore:

No new tests because this issue is covered by existing tests when the fix for
https://bugs.webkit.org/show_bug.cgi?id=154865 lands.  That patch is waiting for
this patch to land first so as to not introduce test failures.

* Modules/plugins/QuickTimePluginReplacement.mm:
(WebCore::QuickTimePluginReplacement::installReplacement):
* bindings/js/JSDeviceMotionEventCustom.cpp:
(WebCore::readAccelerationArgument):
(WebCore::readRotationRateArgument):
* bindings/js/JSGeolocationCustom.cpp:
(WebCore::createPositionOptions):
* bindings/js/JSHTMLCanvasElementCustom.cpp:
(WebCore::get3DContextAttributes):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorDefinition):
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::JSTestEventConstructorConstructor::construct):
* contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::getTypeFlags):
* html/HTMLMediaElement.cpp:
(WebCore::setPageScaleFactorProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197794 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoStart moving to separated writable and executable mappings in the JIT
oliver@apple.com [Tue, 8 Mar 2016 20:53:11 +0000 (20:53 +0000)]
Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

* Configurations/FeatureDefines.xcconfig:
* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):
* assembler/LinkBuffer.h:
(JSC::LinkBuffer::LinkBuffer):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

* wtf/FeatureDefines.h:
* wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

* Scripts/run-jsc-benchmarks:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197766.
commit-queue@webkit.org [Tue, 8 Mar 2016 20:35:23 +0000 (20:35 +0000)]
Unreviewed, rolling out r197766.
https://bugs.webkit.org/show_bug.cgi?id=155183

Has platform-specific code in non-platform files (Requested by
smfr on #webkit).

Reverted changeset:

"AX: Force allow user zoom"
https://bugs.webkit.org/show_bug.cgi?id=155056
http://trac.webkit.org/changeset/197766

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197792 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore deprecation warnings.
andersca@apple.com [Tue, 8 Mar 2016 20:26:17 +0000 (20:26 +0000)]
Ignore deprecation warnings.

* Misc/WebNSEventExtras.m:
(-[NSEvent _web_isKeyEvent:]):
(-[NSEvent _web_isOptionTabKeyEvent]):
* Misc/WebNSViewExtras.m:
(-[NSView _web_dragShouldBeginFromMouseDown:withExpiration:xHysteresis:yHysteresis:]):
* Plugins/Hosted/NetscapePluginHostProxy.mm:
(WebKit::NetscapePluginHostProxy::beginModal):
* Plugins/Hosted/NetscapePluginInstanceProxy.mm:
(WebKit::NetscapePluginInstanceProxy::syntheticKeyDownWithCommandModifier):
* Plugins/Hosted/WebHostedNetscapePluginView.mm:
(-[WebHostedNetscapePluginView drawRect:]):
* Plugins/WebNetscapePluginEventHandlerCocoa.mm:
(WebNetscapePluginEventHandlerCocoa::syntheticKeyDownWithCommandModifier):
* WebCoreSupport/PopupMenuMac.mm:
(PopupMenuMac::populate):
(PopupMenuMac::show):
* WebCoreSupport/WebContextMenuClient.mm:
(WebContextMenuClient::showContextMenu):
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::actionDictionary):
* WebCoreSupport/WebInspectorClient.mm:
(WebInspectorFrontendClient::canAttach):
(-[WebInspectorWindowController window]):
* WebInspector/WebNodeHighlight.mm:
(-[WebNodeHighlight initWithTargetView:inspectorController:]):
* WebView/WebFrameView.mm:
(-[WebFrameView keyDown:keyDown:]):
* WebView/WebFullScreenController.mm:
(-[WebFullScreenController init]):
(createBackgroundFullscreenWindow):
* WebView/WebHTMLView.mm:
(-[WebHTMLView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WebHTMLView _setMouseDownEvent:_setMouseDownEvent:]):
(isQuickLookEvent):
(-[WebHTMLView hitTest:]):
(-[WebHTMLView _sendToolTipMouseExited]):
(-[WebHTMLView _sendToolTipMouseEntered]):
(mouseEventIsPartOfClickOrDrag):
(-[WebHTMLView _updateMouseoverWithEvent:]):
(-[WebHTMLView acceptsFirstResponder]):
(-[WebHTMLView viewDidMoveToWindow]):
(currentKeyboardEvent):
(-[WebHTMLView _handleStyleKeyEquivalent:]):
(-[WebHTMLView _interpretKeyEvent:savingCommands:]):
* WebView/WebPDFView.mm:
(-[WebPDFView hitTest:]):
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
(-[WebPDFView _fakeKeyEventWithFunctionKey:]):
* WebView/WebTextCompletionController.mm:
(-[WebTextCompletionController _buildUI]):
(-[WebTextCompletionController _placePopupWindow:]):
* WebView/WebView.mm:
(-[WebView applicationFlags:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197791 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd an event for when touch force changes
bdakin@apple.com [Tue, 8 Mar 2016 20:18:51 +0000 (20:18 +0000)]
Add an event for when touch force changes
https://bugs.webkit.org/show_bug.cgi?id=155143
-and corresponding-
rdar://problem/24068726

Reviewed by Darin Adler.

We will be able to test this once we fix the iOS touch tests.

This patch adds touchforcechange which is a lot like the iOS equivalent of
webkitmouseforcechanged. We had originally hoped to use touchmove to dispatch
force changes, but that turned out to be a compatibility nightmare.

* dom/EventNames.h:
(WebCore::EventNames::isTouchEventType):
(WebCore::EventNames::isWheelEventType):
(WebCore::EventNames::touchEventNames):
* dom/GlobalEventHandlers.idl:
* html/HTMLAttributeNames.in:
* html/HTMLElement.cpp:
(WebCore::HTMLElement::createEventHandlerNameMap):
* platform/PlatformEvent.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoIgnore deprecation warnings.
andersca@apple.com [Tue, 8 Mar 2016 20:11:36 +0000 (20:11 +0000)]
Ignore deprecation warnings.

* editing/cocoa/HTMLConverter.mm:
(HTMLConverter::computedAttributesForElement):
(HTMLConverter::_addMarkersToList):
* page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::keyEvent):
(WebCore::lastEventIsMouseUp):
(WebCore::EventHandler::passSubframeEventToSubframe):
(WebCore::EventHandler::passWheelEventToWidget):
(WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):
* page/mac/TextIndicatorWindow.mm:
(WebCore::TextIndicatorWindow::setTextIndicator):
* platform/graphics/mac/IconMac.mm:
(WebCore::Icon::paint):
* platform/mac/CursorMac.mm:
(WebCore::createCustomCursor):
* platform/mac/DragImageMac.mm:
(WebCore::dissolveDragImageToFraction):
(WebCore::createDragImageFromImage):
* platform/mac/EventLoopMac.mm:
(WebCore::EventLoop::cycle):
* platform/mac/PasteboardMac.mm:
(WebCore::Pasteboard::setDragImage):
* platform/mac/PlatformEventFactoryMac.mm:
(WebCore::globalPointForEvent):
(WebCore::pointForEvent):
(WebCore::mouseButtonForEvent):
(WebCore::mouseEventTypeForEvent):
(WebCore::clickCountForEvent):
(WebCore::textFromEvent):
(WebCore::unmodifiedTextFromEvent):
(WebCore::keyIdentifierForKeyEvent):
(WebCore::isKeypadEvent):
(WebCore::windowsKeyCodeForKeyEvent):
(WebCore::isKeyUpEvent):
(WebCore::modifiersForEvent):
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder):
* platform/mac/ScrollbarThemeMac.mm:
(WebCore::scrollbarControlSizeToNSControlSize):
* platform/mac/ThemeMac.mm:
(-[WebCoreThemeView window]):
(WebCore::controlSizeForFont):
(WebCore::controlSizeFromPixelSize):
(WebCore::setUpButtonCell):
(WebCore::stepperControlSizeForFont):
(WebCore::paintStepper):
(WebCore::ThemeMac::minimumControlSize):
* platform/mac/WebVideoFullscreenHUDWindowController.mm:
(-[WebVideoFullscreenHUDWindow initWithContentRect:styleMask:backing:defer:]):
(-[WebVideoFullscreenHUDWindow performKeyEquivalent:]):
(-[WebVideoFullscreenHUDWindowController init]):
(-[WebVideoFullscreenHUDWindowController keyDown:]):
(-[WebVideoFullscreenHUDWindowController windowDidLoad]):
* platform/mac/WebWindowAnimation.mm:
(WebWindowAnimationDurationFromDuration):
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::updateCachedSystemFontDescription):
(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::controlSizeForCell):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::paintProgressBar):
(WebCore::RenderThemeMac::popupMenuSize):
(WebCore::RenderThemeMac::sliderThumbHorizontal):
(WebCore::RenderThemeMac::sliderThumbVertical):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197789 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSupport iterating over an OptionSet and checking if it is empty
dbates@webkit.org [Tue, 8 Mar 2016 19:33:10 +0000 (19:33 +0000)]
Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

* wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -
the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

* TestWebKitAPI/Test.h:
(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.
* TestWebKitAPI/Tests/WTF/OptionSet.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoFix lifetime issues regarding WebVideoFullscreenInterfaceMac
adachan@apple.com [Tue, 8 Mar 2016 19:32:58 +0000 (19:32 +0000)]
Fix lifetime issues regarding WebVideoFullscreenInterfaceMac
https://bugs.webkit.org/show_bug.cgi?id=155130

Reviewed by Beth Dakin.

Now that both fullscreen and video controls manager rely on WebVideoFullscreenInterface,
we now keep track of a "client count" for each context ID so we'll only remove it
from the context map after all the "clients" are done with it.

Before this change, every time WebVideoFullscreenManager::setUpVideoControlsManager()
is called, the existing interface is cleared and a new one is created even when there's
an existing interface for that. With this change, we reuse the existing interface for
the video element.

* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
* UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:
(WebKit::WebVideoFullscreenManagerProxy::invalidate):
Also clear out m_clientCounts.
(WebKit::WebVideoFullscreenManagerProxy::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManagerProxy::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from both
m_clientCounts and m_contextMap.
(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count.
(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
If the current controls manager set up has the same context ID as the one
passed in, we don't have to do anything. Otherwise, if we have set up
the video controls manager with a different ID before, call removeClientForContext()
on the old ID to decrement its client count. Set m_controlsManagerContextId
to the new value and call addClientForContext() with it.
(WebKit::WebVideoFullscreenManagerProxy::didCleanupFullscreen):
Instead of removing the mapping from m_contextMap directly, reset the fullscreen
mode on the interface and call removeClientForContext(), which removes the mapping
only if there's no more client using the interface.
* WebProcess/cocoa/WebVideoFullscreenManager.h:
* WebProcess/cocoa/WebVideoFullscreenManager.mm:
(WebKit::WebVideoFullscreenManager::~WebVideoFullscreenManager):
Clear m_clientCounts.
(WebKit::WebVideoFullscreenManager::removeContext):
Add a helper method for removing the context.
(WebKit::WebVideoFullscreenManager::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManager::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from
m_clientCounts and call removeContext() to clean up this context.
(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count. Create a layer hosting
context if it's not there.
(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):
If we have set up a context for this video element before, see if it's
the one we are currently managing video controls for. If it is, return early.
Otherwise, call removeClientForContext() on the previous m_controlsManagerContextId
and update m_controlsManagerContextId to the context ID of this video element.
If there's no context created for this video element yet, set one up.
Send a SetUpVideoControlsManagerWithID message to the proxy object in the UI process
so it'll update its controls manager context ID. Also, conditionalize all of this
under PLATFORM(MAC) to be consistent with WebVideoFullscreenManagerProxy.
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen):
Just reset the fullscreen mode on the interface and call removeClientForContext() which
only cleans up the context if there's no more client using it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197787 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoSkip svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html on...
ryanhaddad@apple.com [Tue, 8 Mar 2016 19:02:31 +0000 (19:02 +0000)]
Skip svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155174

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197786 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed attempt to fix the 32bit build after r197782.
cdumez@apple.com [Tue, 8 Mar 2016 18:58:53 +0000 (18:58 +0000)]
Unreviewed attempt to fix the 32bit build after r197782.

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197785 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoScrolling does not work when the mouse down is handled by a node
tonikitoo@webkit.org [Tue, 8 Mar 2016 18:57:54 +0000 (18:57 +0000)]
Scrolling does not work when the mouse down is handled by a node
https://bugs.webkit.org/show_bug.cgi?id=19033

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

When a mouse press/down event happens on a scrollbar area, but event
is default prevented in the document level**, for example, event does not get
properly passed to scrollbars, although it should.

Problem started long ago with r17770, and was improved with r19596.
However, years later, the way Scrollbar* is obtained is still currently different
weither event is default prevented or not.

Patch uniforms the logic for both cases, and fixes the bug.

Note: code before used to look like

if (swallowEvent) {
    <code>
} else {
    <bleh>
    <foo>
}

.. and now looks like

if (!swallowEvent)
    <bleh>

<code>

if (!swallowEvent)
    <foo>

** e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

* page/EventHandler.cpp:
(WebCore::scrollbarForMouseEvent):
(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

* fast/events/prevent-default-prevents-interaction-with-scrollbars-expected.txt: Added.
* fast/events/prevent-default-prevents-interaction-with-scrollbars.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed. Move myself to the reviewers list.
sukolsak@gmail.com [Tue, 8 Mar 2016 18:54:05 +0000 (18:54 +0000)]
Unreviewed. Move myself to the reviewers list.

* Scripts/webkitpy/common/config/contributors.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197783 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed Windows build fix after r197728.
cdumez@apple.com [Tue, 8 Mar 2016 18:51:04 +0000 (18:51 +0000)]
Unreviewed Windows build fix after r197728.

* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197782 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[ES6] Regular Expression canonicalization tables for Unicode need to be updated to...
msaboff@apple.com [Tue, 8 Mar 2016 18:35:58 +0000 (18:35 +0000)]
[ES6] Regular Expression canonicalization tables for Unicode need to be updated to use Unicode CaseFolding.txt
https://bugs.webkit.org/show_bug.cgi?id=155114

Reviewed by Darin Adler.

Source/JavaScriptCore:

Extracted out the Unicode canonicalization table creation from
YarrCanonicalizeUnicode.js into a new Python script, generateYarrCanonicalizeUnicode.
That script generates the Unicode tables as the file YarrCanonicalizeUnicode.cpp in
DerivedSources/JavaScriptCore.

Updated the processing of ignore case to make the ASCII short cuts dependent on whether
or not we are a Unicode pattern.

Renamed yarr/YarrCanonicalizeUnicode.{cpp,js} back to their prior names,
YarrCanonicalizeUCS2.{cpp,js}.
Renamed yarr/YarrCanonicalizeUnicode.h to YarrCanonicalize.h as it declares both the
legacy UCS2 and Unicode tables.

* CMakeLists.txt:
* DerivedSources.make:
* JavaScriptCore.xcodeproj/project.pbxproj:
* generateYarrCanonicalizeUnicode: Added.
* ucd: Added.
* ucd/CaseFolding.txt: Added.  The current verion, 8.0, of the Unicode CaseFolding table.
* yarr/YarrCanonicalizeUCS2.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.cpp.
* yarr/YarrCanonicalize.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.h.
* yarr/YarrCanonicalizeUCS2.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.js.
(printHeader):
* yarr/YarrCanonicalizeUnicode.cpp: Removed.
* yarr/YarrCanonicalizeUnicode.h: Removed.
* yarr/YarrCanonicalizeUnicode.js: Removed.
* yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::tryConsumeBackReference):
* yarr/YarrJIT.cpp:
* yarr/YarrPattern.cpp:
(JSC::Yarr::CharacterClassConstructor::putChar):

LayoutTests:

Updated test cases.

* js/regexp-unicode-expected.txt:
* js/script-tests/regexp-unicode.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197781 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197765.
ryanhaddad@apple.com [Tue, 8 Mar 2016 18:19:51 +0000 (18:19 +0000)]
Unreviewed, rolling out r197765.
https://bugs.webkit.org/show_bug.cgi?id=155172

The test added with this change is failing on all platforms.
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"ImageDocuments leak their world."
https://bugs.webkit.org/show_bug.cgi?id=155167
http://trac.webkit.org/changeset/197765

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197780 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoMake Element const in ElementRuleCollector
antti@apple.com [Tue, 8 Mar 2016 18:11:17 +0000 (18:11 +0000)]
Make Element const in ElementRuleCollector
https://bugs.webkit.org/show_bug.cgi?id=155170

Reviewed by Andreas Kling.

More const.

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ElementRuleCollector):
(WebCore::ElementRuleCollector::matchAllRules):
* css/ElementRuleCollector.h:
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOne):
(WebCore::SelectorChecker::matchesFocusPseudoClass):
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
(WebCore::SelectorCompiler::elementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::elementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::isPlaceholderShown):
* cssjit/SelectorCompiler.h:
* dom/StyledElement.h:
(WebCore::StyledElement::additionalPresentationAttributeStyle):
(WebCore::StyledElement::inlineStyle):
(WebCore::StyledElement::collectStyleForPresentationAttribute):
(WebCore::StyledElement::invalidateStyleAttribute):
(WebCore::StyledElement::presentationAttributeStyle):
* html/HTMLTableCellElement.cpp:
(WebCore::HTMLTableCellElement::parseAttribute):
(WebCore::HTMLTableCellElement::additionalPresentationAttributeStyle):
* html/HTMLTableCellElement.h:
* html/HTMLTableColElement.cpp:
(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::additionalPresentationAttributeStyle):
* html/HTMLTableColElement.h:
* html/HTMLTableElement.cpp:
(WebCore::leakBorderStyle):
(WebCore::HTMLTableElement::additionalPresentationAttributeStyle):
* html/HTMLTableElement.h:
* html/HTMLTableSectionElement.cpp:
(WebCore::HTMLTableSectionElement::create):
(WebCore::HTMLTableSectionElement::additionalPresentationAttributeStyle):
* html/HTMLTableSectionElement.h:
* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::didUnregisterNamedFlowContentElement):
(WebCore::InspectorCSSAgent::forcePseudoState):
* inspector/InspectorCSSAgent.h:
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::pushNodePathToFrontend):
(WebCore::InspectorDOMAgent::boundNodeId):
(WebCore::InspectorDOMAgent::backendNodeIdForNode):
* inspector/InspectorDOMAgent.h:
* inspector/InspectorInstrumentation.cpp:
(WebCore::InspectorInstrumentation::handleMousePressImpl):
(WebCore::InspectorInstrumentation::forcePseudoStateImpl):
* inspector/InspectorInstrumentation.h:
(WebCore::InspectorInstrumentation::handleMousePress):
(WebCore::InspectorInstrumentation::forcePseudoState):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197779 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years ago[Fetch API] Commonalize handling of FetchBody by FetchRequest and FetchResponse
youenn.fablet@crf.canon.fr [Tue, 8 Mar 2016 18:09:40 +0000 (18:09 +0000)]
[Fetch API] Commonalize handling of FetchBody by FetchRequest and FetchResponse
https://bugs.webkit.org/show_bug.cgi?id=154959

Reviewed by Darin Adler.

Introducing FetchBodyOwner class as base class of FetchRequest and FetchResponse.
This class is an ActiveDOMObject and is responsible of handling the Body API implemented by Request and Response.

Covered by existing tests.

* Modules/fetch/FetchBodyOwner.h: Added.
(WebCore::FetchBodyOwner::isDisturbed):
(WebCore::FetchBodyOwner::arrayBuffer):
(WebCore::FetchBodyOwner::formData):
(WebCore::FetchBodyOwner::blob):
(WebCore::FetchBodyOwner::json):
(WebCore::FetchBodyOwner::text):
(WebCore::FetchBodyOwner::body):
(WebCore::FetchBodyOwner::FetchBodyOwner):
* Modules/fetch/FetchRequest.h:
(WebCore::FetchRequest::FetchRequest):
* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::FetchResponse):
* Modules/fetch/FetchResponse.h:
* WebCore.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197778 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, fix 32-bit build after r197726.
cdumez@apple.com [Tue, 8 Mar 2016 18:06:08 +0000 (18:06 +0000)]
Unreviewed, fix 32-bit build after r197726.

Also, re-enable static_assert to check the ElementRareData size.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197777 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoRebaseline WPT reflection tests for ios-simulator after r197726
ryanhaddad@apple.com [Tue, 8 Mar 2016 18:03:28 +0000 (18:03 +0000)]
Rebaseline WPT reflection tests for ios-simulator after r197726

Unreviewed test gardening.

* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
* platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197776 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAdd debug iOS Simulator bots to the dashboard
ap@apple.com [Tue, 8 Mar 2016 17:59:14 +0000 (17:59 +0000)]
Add debug iOS Simulator bots to the dashboard
https://bugs.webkit.org/show_bug.cgi?id=155157

Reviewed by Darin Adler.

* BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
akling@apple.com [Tue, 8 Mar 2016 17:57:08 +0000 (17:57 +0000)]
WeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
<https://webkit.org/b/155154>

Reviewed by Darin Adler.

Reorder the checks in WeakBlock::visit() so we don't look at the mark bits in MarkedBlock
unless the current WeakImpl has a WeakHandleOwner we need to consult.

I was originally hoping to make an optimization that could skip over entire WeakBlocks
if they didn't have a single WeakHandleOwner, but it turns out that scenario is not as
common as I suspected.

* heap/WeakBlock.cpp:
(JSC::WeakBlock::visit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197774 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoWeb Inspector: Add automation protocol methods for navigation
timothy@apple.com [Tue, 8 Mar 2016 17:55:01 +0000 (17:55 +0000)]
Web Inspector: Add automation protocol methods for navigation

https://bugs.webkit.org/show_bug.cgi?id=155163
rdar://problem/25029054

Reviewed by Darin Adler.

* UIProcess/Automation/Automation.json:
* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::getBrowsingContexts): Set url.
(WebKit::WebAutomationSession::getBrowsingContext): Added.
(WebKit::WebAutomationSession::navigateBrowsingContext): Added.
(WebKit::WebAutomationSession::goBackInBrowsingContext): Added.
(WebKit::WebAutomationSession::goForwardInBrowsingContext): Added.
(WebKit::WebAutomationSession::reloadBrowsingContext): Added.
* UIProcess/Automation/WebAutomationSession.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197773 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, rolling out r197722.
ryanhaddad@apple.com [Tue, 8 Mar 2016 17:41:59 +0000 (17:41 +0000)]
Unreviewed, rolling out r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

This change caused 800+ JSC test failures (Requested by
ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197772 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed test fix after r197721.
bfulgham@apple.com [Tue, 8 Mar 2016 17:39:52 +0000 (17:39 +0000)]
Unreviewed test fix after r197721.
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

If a WK1 client turns on the "Resource Load Statistics" debug flag, but
does not supply a data modification handler, we dereference a null function.

* loader/ResourceLoadStatisticsStore.cpp:
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): Check
for nullptr function before invoking it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197771 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, temporarily comment out static_assert while I investigate.
cdumez@apple.com [Tue, 8 Mar 2016 17:25:33 +0000 (17:25 +0000)]
Unreviewed, temporarily comment out static_assert while I investigate.

It still did not build on some platforms.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197770 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed, another build fix after r197726.
cdumez@apple.com [Tue, 8 Mar 2016 17:17:50 +0000 (17:17 +0000)]
Unreviewed, another build fix after r197726.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197769 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed Windows build fix after r197728.
cdumez@apple.com [Tue, 8 Mar 2016 17:11:28 +0000 (17:11 +0000)]
Unreviewed Windows build fix after r197728.

* platform/MemoryPressureHandler.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197768 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed build fix after r197726.
cdumez@apple.com [Tue, 8 Mar 2016 17:06:24 +0000 (17:06 +0000)]
Unreviewed build fix after r197726.

* dom/ElementRareData.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197767 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoAX: Force allow user zoom
n_wang@apple.com [Tue, 8 Mar 2016 16:13:12 +0000 (16:13 +0000)]
AX: Force allow user zoom
https://bugs.webkit.org/show_bug.cgi?id=155056

Reviewed by Chris Fleizach.

Source/WebCore:

Override the maximum scale factor when forceAlwaysUserScalable is true.

Test: accessibility/ios-simulator/force-user-scalable.html

* page/ViewportConfiguration.h:
(WebCore::ViewportConfiguration::maximumScale):
* testing/Internals.cpp:
(WebCore::Internals::composedTreeAsText):
(WebCore::Internals::setViewportForceAlwaysUserScalable):
(WebCore::Internals::viewportConfigurationMaximumScale):
* testing/Internals.h:
* testing/Internals.idl:

Source/WebKit2:

Soft linked libAccessibility library so that we can observe the accessibility
setting change for the force always user scalable feature.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::forceAlwaysUserScalableChangedCallback):
(WebKit::WebPage::create):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::~WebPage):
(WebKit::WebPage::preferencesDidChange):
(WebKit::WebPage::updateForceAlwaysUserScalable):
(WebKit::WebPage::updatePreferences):
* WebProcess/WebPage/WebPage.h:

LayoutTests:

* accessibility/ios-simulator/force-user-scalable-expected.txt: Added.
* accessibility/ios-simulator/force-user-scalable.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197766 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoImageDocuments leak their world.
akling@apple.com [Tue, 8 Mar 2016 15:14:54 +0000 (15:14 +0000)]
ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

* fast/dom/ImageDocument-world-leak-expected.txt: Added.
* fast/dom/ImageDocument-world-leak.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197765 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoElementRuleCollector should not mutate document and style
antti@apple.com [Tue, 8 Mar 2016 14:59:53 +0000 (14:59 +0000)]
ElementRuleCollector should not mutate document and style
https://bugs.webkit.org/show_bug.cgi?id=155113

Reviewed by Andreas Kling.

Move applying of style relations out of ElementRuleCollector and StyleResolver.
This gets us closer to making StyleResolver const for Element.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj:
* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ElementRuleCollector):

    No need for style parameter anymore.

(WebCore::ElementRuleCollector::collectMatchingRules):
(WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
(WebCore::ElementRuleCollector::ruleMatches):

    Client will now do the style and element mutations. Just collect the data here.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):
(WebCore::ElementRuleCollector::commitStyleRelations): Deleted.

    Moves to StyleRelations.cpp

* css/ElementRuleCollector.h:
(WebCore::ElementRuleCollector::hasMatchedRules):
(WebCore::ElementRuleCollector::matchedPseudoElementIds):
(WebCore::ElementRuleCollector::styleRelations):
(WebCore::ElementRuleCollector::didMatchUncommonAttributeSelector):
* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::prepareEvaluator):
(WebCore::MediaQueryMatcher::evaluate):
* css/SelectorChecker.cpp:
(WebCore::addStyleRelation):
(WebCore::isFirstChildElement):
(WebCore::isFirstOfType):
(WebCore::countElementsBefore):
(WebCore::countElementsOfTypeBefore):
(WebCore::SelectorChecker::matchRecursively):
(WebCore::SelectorChecker::checkOne):
* css/SelectorChecker.h:
(WebCore::SelectorChecker::CheckingContext::CheckingContext):
* css/StyleMedia.cpp:
(WebCore::StyleMedia::matchMedium):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver):
(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):

    Apply the style relations affecting current style immediately.
    Pass the rest to the client.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::pseudoStyleRulesForElement):
* css/StyleResolver.h:
(WebCore::ElementStyle::ElementStyle):
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelation):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorCheckerExcludingPseudoElements):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsEmpty):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChildOf):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):
* dom/Document.cpp:
(WebCore::Document::styleForElementIgnoringPendingStylesheets):

    Apply style relations.

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* dom/Element.cpp:
(WebCore::Element::styleResolver):
(WebCore::Element::resolveStyle):
(WebCore::Element::didDetachRenderers):
(WebCore::Element::resolveCustomStyle):

    Return ElementStyle (which contains style relations along with the render style).
    Rename for consistency.

(WebCore::Element::cloneAttributesFromElement):
(WebCore::Element::customStyleForRenderer): Deleted.
* dom/Element.h:
(WebCore::Element::isVisibleInViewportChanged):
* dom/PseudoElement.cpp:
(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::resolveCustomStyle):
(WebCore::PseudoElement::didAttachRenderers):
(WebCore::PseudoElement::customStyleForRenderer): Deleted.
* dom/PseudoElement.h:
* html/HTMLTitleElement.cpp:
(WebCore::HTMLTitleElement::computedTextWithDirection):
* html/shadow/SliderThumbElement.cpp:
(WebCore::SliderThumbElement::hostInput):
(WebCore::SliderThumbElement::resolveCustomStyle):
(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::createElementRenderer):
(WebCore::SliderContainerElement::resolveCustomStyle):
(WebCore::SliderContainerElement::shadowPseudoId):
(WebCore::SliderThumbElement::customStyleForRenderer): Deleted.
(WebCore::SliderContainerElement::customStyleForRenderer): Deleted.
* html/shadow/SliderThumbElement.h:
* html/shadow/TextControlInnerElements.cpp:
(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::resolveCustomStyle):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):
(WebCore::TextControlInnerElement::customStyleForRenderer): Deleted.
(WebCore::TextControlInnerTextElement::customStyleForRenderer): Deleted.
(WebCore::TextControlPlaceholderElement::customStyleForRenderer): Deleted.
* html/shadow/TextControlInnerElements.h:
* rendering/RenderElement.cpp:
(WebCore::RenderElement::getUncachedPseudoStyle):
* rendering/RenderNamedFlowFragment.cpp:
(WebCore::RenderNamedFlowFragment::computeStyleInRegion):
(WebCore::RenderNamedFlowFragment::computeChildrenStyleInRegion):
* style/StyleRelations.cpp: Added.
(WebCore::Style::commitRelationsToRenderStyle):

    Commit relations affecting style that is being computed.

(WebCore::Style::commitRelationsToDocument):

    Commit relations that mutate document.

* style/StyleRelations.h: Added.

    Factor style relation data structures and functions to a file of their own.

(WebCore::Style::Relation::Relation):
* style/StyleSharingResolver.cpp:
(WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):
* style/StyleTreeResolver.cpp:
(WebCore::Style::TreeResolver::styleForElement):

    Apply style relations.

* style/StyleTreeResolver.h:
* svg/SVGElement.cpp:
(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::resolveCustomStyle):
(WebCore::SVGElement::customStyleForRenderer): Deleted.
* svg/SVGElement.h:
* svg/SVGElementRareData.h:
(WebCore::SVGElementRareData::overrideComputedStyle):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197764 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoUnreviewed EFL build fix after r197752.
alex@webkit.org [Tue, 8 Mar 2016 12:07:30 +0000 (12:07 +0000)]
Unreviewed EFL build fix after r197752.

Tools:

* Scripts/webkitperl/FeatureList.pm: Avoid MEDIA_STREAM
compilation by default until EFL bumps gstreamer to 1.6.

LayoutTests:

* platform/efl/TestExpectations: Avoid running the mediastream
tests until the support is implemented and compiled by default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197754 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4 years agoOne more unreviewed speculative buildfix after r197728.
ossy@webkit.org [Tue, 8 Mar 2016 10:58:20 +0000 (10:58 +0000)]
One more unreviewed speculative buildfix after r197728.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197753 268f45cc-cd09-0410-ab3c-d52691b4dbfc