WebKit-https.git
3 years agoUnreviewed follow-up fix to test after r198353.
joepeck@webkit.org [Thu, 17 Mar 2016 22:17:37 +0000 (22:17 +0000)]
Unreviewed follow-up fix to test after r198353.

* inspector/unit-tests/heap-snapshot.html:
Account for <root> in a few places.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198355 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImplement document.queryCommandSupported("copy")
weinig@apple.com [Thu, 17 Mar 2016 21:04:49 +0000 (21:04 +0000)]
Implement document.queryCommandSupported("copy")
https://bugs.webkit.org/show_bug.cgi?id=155548
<rdar://problem/25195295>

Reviewed by Enrica Casucci.

Source/WebCore:

- document.queryCommandSupported("copy") and document.queryCommandSupported("cut") need
  to return true if the ClipboardAccessPolicy is either Allow or RequiresUserGesture.
  But, document.queryCommandEnabled("copy") and document.queryCommandEnabled("cut")
  should still return false when there is no user gesture. I also had to maintain a weird
  quirk that copy and cut should be allowed to execute, and thus fire the oncopy and oncut
  events, even when disabled, if coming from a "MenuOrKeyBinding" source. To do this, I
  upgraded the allowExecutionWhenDisabled bit to a function taking a source, and return true
  only when the correct source is specified.

* editing/Editor.h:
* editing/EditorCommand.cpp:
(WebCore::defaultValueForSupportedCopyCut):
(WebCore::allowCopyCutFromDOM):
(WebCore::enabledCopy):
(WebCore::enabledCut):
(WebCore::allowExecutionWhenDisabled):
(WebCore::doNotAllowExecutionWhenDisabled):
(WebCore::allowExecutionWhenDisabledCopyCut):
(WebCore::Editor::Command::execute):
(WebCore::Editor::Command::allowExecutionWhenDisabled):

LayoutTests:

* editing/execCommand/clipboard-access-with-user-gesture-expected.txt:
* editing/execCommand/clipboard-access-with-user-gesture.html:
document.queryCommandSupported('copy') should be returning true.

* editing/pasteboard/can-read-in-copy-and-cut-events.html:
* editing/pasteboard/copy-cut-paste-events-fired-when-disabled.html:
* editing/pasteboard/pasting-empty-html-falls-back-to-text.html:
* editing/pasteboard/set_data_typeof_return.html:
Use testRunner.execCommand() to test the behavior of a user.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198354 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: HeapSnapshots are slow and use too much memory
joepeck@webkit.org [Thu, 17 Mar 2016 21:02:07 +0000 (21:02 +0000)]
Web Inspector: HeapSnapshots are slow and use too much memory
https://bugs.webkit.org/show_bug.cgi?id=155571

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

This is the first inclusion of Workers into Web Inspector. In this case
the Main side merely needs to make requests of the Worker and get back
objects that it can interact with more.

New file heirarchies:

    UserInterface/Proxies
        - new Proxy classes in the Main page.
        - treat like Model classes, but not quite model.

    UserInterface/Workers/HeapSnapshotWorker
        - new Worker classes for Workers. No WebInspector namespace.
        - no minification of these resources, they are simply copied.

Remote procedure call interface between the Main/Worker page happens
through the WorkerProxy and Worker classes. There are simple ways
to perform factory style methods and call methods on objects, and
get the result in a callback. Similiar to frontend <-> backend agent
communication:

    HeapSnapshotWorkerProxy: (Main world)
        - creates the worker
        - performAction("actionName", arguments, callback)
        - callMethod(objectId, "methodName", arguments, callback)
        - handle message => dispatch event or invoke callback

    HeapSnapshotWorker: (Worker world)
        - sendEvent("eventName", eventData)
        - handle message => dispatch action or method on object

Proxy object methods are boilerplate calls to performAction/callMethod
with deserialization of responses. The rest of the frontend can just
treat Proxy objects as Model objects with some data and async methods.

Because the Node/Edge data is so small, objects are cheaply created
when needed and not cached. This means that there may be duplicate
HeapSnapshotNode's for the same node. For example if different Views
both request instancesWithClassName("Foo"). This is fine, as none
of our Views really care about object uniqueness, they are only
interested in the data or querying for more data.

* Scripts/combine-resources.pl:
* Scripts/copy-user-interface-resources.pl:
Copy the Workers directory to the resources directory.
Its code is only meant to be loaded by Workers, so it
shouldn't be included in the Main page.

* UserInterface/Main.html:
* UserInterface/Test.html:
* UserInterface/Models/HeapSnapshot.js: Removed.
* UserInterface/Models/HeapSnapshotDiff.js: Removed.
* UserInterface/Models/HeapSnapshotEdge.js: Removed.
* UserInterface/Models/HeapSnapshotNode.js: Removed.
Replace the old simple Model classes with Proxy classes that interact
with the Worker.

* UserInterface/Models/HeapAllocationsInstrument.js:
(WebInspector.HeapAllocationsInstrument.prototype._takeHeapSnapshot):
(WebInspector.HeapAllocationsInstrument):
* UserInterface/Models/HeapAllocationsTimelineRecord.js:
(WebInspector.HeapAllocationsTimelineRecord):
* UserInterface/Models/HeapSnapshotRootPath.js:
(WebInspector.HeapSnapshotRootPath):
(WebInspector.HeapSnapshotRootPath.prototype.appendEdge):
* UserInterface/Protocol/HeapObserver.js:
(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
* UserInterface/Views/ContentView.js:
(WebInspector.ContentView.createFromRepresentedObject):
(WebInspector.ContentView.isViewable):
* UserInterface/Views/HeapAllocationsTimelineView.js:
(WebInspector.HeapAllocationsTimelineView.prototype.showHeapSnapshotDiff):
(WebInspector.HeapAllocationsTimelineView.prototype._takeHeapSnapshotClicked):
(WebInspector.HeapAllocationsTimelineView.prototype._dataGridNodeSelected):
(WebInspector.HeapAllocationsTimelineView):
* UserInterface/Views/HeapSnapshotClassDataGridNode.js:
(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):
* UserInterface/Views/HeapSnapshotClusterContentView.js:
* UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:
(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode.node.shortestGCRootPath.):
(WebInspector.HeapSnapshotInstanceDataGridNode.logHeapSnapshotNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPath):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.stringifyEdge):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler):
* UserInterface/Views/HeapSnapshotInstancesContentView.js:
(WebInspector.HeapSnapshotInstancesContentView):
* UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:
(WebInspector.HeapSnapshotInstancesDataGridTree):
* UserInterface/Views/HeapSnapshotSummaryContentView.js:
(WebInspector.HeapSnapshotSummaryContentView):
Update existing code to expect the new Proxy objects or create
the new HeapSnapshot using workers.

* UserInterface/Proxies/HeapSnapshotDiffProxy.js: Added.
(WebInspector.HeapSnapshotDiffProxy):
(WebInspector.HeapSnapshotDiffProxy.deserialize):
(WebInspector.HeapSnapshotDiffProxy.prototype.get snapshot1):
(WebInspector.HeapSnapshotDiffProxy.prototype.get snapshot2):
(WebInspector.HeapSnapshotDiffProxy.prototype.get totalSize):
(WebInspector.HeapSnapshotDiffProxy.prototype.get totalObjectCount):
(WebInspector.HeapSnapshotDiffProxy.prototype.get categories):
(WebInspector.HeapSnapshotDiffProxy.prototype.allocationBucketCounts):
(WebInspector.HeapSnapshotDiffProxy.prototype.instancesWithClassName):
(WebInspector.HeapSnapshotDiffProxy.prototype.nodeWithIdentifier):
A HeapSnapshotDiffProxy looks like a HeapSnapshotProxy and responds to
the same methods, but has the extra snapshot1/2 pointers.

* UserInterface/Proxies/HeapSnapshotEdgeProxy.js:
(WebInspector.HeapSnapshotEdgeProxy):
(WebInspector.HeapSnapshotEdgeProxy.deserialize):
Edge data. No methods are proxied at this point.

* UserInterface/Proxies/HeapSnapshotNodeProxy.js: Added.
(WebInspector.HeapSnapshotNodeProxy):
(WebInspector.HeapSnapshotNodeProxy.deserialize):
(WebInspector.HeapSnapshotNodeProxy.prototype.shortestGCRootPath):
(WebInspector.HeapSnapshotNodeProxy.prototype.dominatedNodes):
(WebInspector.HeapSnapshotNodeProxy.prototype.retainedNodes):
(WebInspector.HeapSnapshotNodeProxy.prototype.retainers):
Node data and methods to query for node relationships.

* UserInterface/Proxies/HeapSnapshotProxy.js: Added.
(WebInspector.HeapSnapshotProxy):
(WebInspector.HeapSnapshotProxy.deserialize):
(WebInspector.HeapSnapshotProxy.prototype.get proxyObjectId):
(WebInspector.HeapSnapshotProxy.prototype.get identifier):
(WebInspector.HeapSnapshotProxy.prototype.get totalSize):
(WebInspector.HeapSnapshotProxy.prototype.get totalObjectCount):
(WebInspector.HeapSnapshotProxy.prototype.get categories):
(WebInspector.HeapSnapshotProxy.prototype.allocationBucketCounts):
(WebInspector.HeapSnapshotProxy.prototype.instancesWithClassName):
(WebInspector.HeapSnapshotProxy.prototype.nodeWithIdentifier):
Snapshot data and methods to query for nodes.

* UserInterface/Proxies/HeapSnapshotWorkerProxy.js: Added.
(WebInspector.HeapSnapshotWorkerProxy):
(WebInspector.HeapSnapshotWorkerProxy.singleton):
(WebInspector.HeapSnapshotWorkerProxy.prototype.createSnapshot):
(WebInspector.HeapSnapshotWorkerProxy.prototype.createSnapshotDiff):
(WebInspector.HeapSnapshotWorkerProxy.prototype.performAction):
(WebInspector.HeapSnapshotWorkerProxy.prototype.callMethod):
(WebInspector.HeapSnapshotWorkerProxy.prototype._postMessage):
(WebInspector.HeapSnapshotWorkerProxy.prototype._handleMessage):
Singleton factory for the worker and proxied communication with the worker.
Provide means for invoking "factory actions" and "object methods".

* UserInterface/Workers/HeapSnapshot/HeapSnapshotWorker.js: Added.
(HeapSnapshotWorker):
(HeapSnapshotWorker.prototype.createSnapshot):
(HeapSnapshotWorker.prototype.createSnapshotDiff):
(HeapSnapshotWorker.prototype.sendEvent):
(HeapSnapshotWorker.prototype._handleMessage):
Main worker code. Handle dispatching actions and methods.

* UserInterface/Workers/HeapSnapshot/HeapSnapshot.js: Added.
(HeapSnapshot):
(HeapSnapshot.buildCategories):
(HeapSnapshot.allocationBucketCounts):
(HeapSnapshot.instancesWithClassName):
(HeapSnapshot.prototype.allocationBucketCounts):
(HeapSnapshot.prototype.instancesWithClassName):
(HeapSnapshot.prototype.nodeWithIdentifier):
(HeapSnapshot.prototype.shortestGCRootPath):
(HeapSnapshot.prototype.dominatedNodes):
(HeapSnapshot.prototype.retainedNodes):
(HeapSnapshot.prototype.retainers):
(HeapSnapshot.prototype.serialize):
(HeapSnapshot.prototype.serializeNode):
(HeapSnapshot.prototype.serializeEdge):
(HeapSnapshot.prototype._buildOutgoingEdges):
(HeapSnapshot.prototype._buildIncomingEdges):
(HeapSnapshot.prototype._buildPostOrderIndexes):
(HeapSnapshot.prototype._buildDominatorIndexes):
(HeapSnapshot.prototype._buildRetainedSizes):
(HeapSnapshot.prototype._gcRootPathes.visitNode):
(HeapSnapshot.prototype._gcRootPathes):
(HeapSnapshotDiff):
(HeapSnapshotDiff.prototype.allocationBucketCounts):
(HeapSnapshotDiff.prototype.instancesWithClassName):
(HeapSnapshotDiff.prototype.nodeWithIdentifier):
(HeapSnapshotDiff.prototype.shortestGCRootPath):
(HeapSnapshotDiff.prototype.dominatedNodes):
(HeapSnapshotDiff.prototype.retainedNodes):
(HeapSnapshotDiff.prototype.retainers):
(HeapSnapshotDiff.prototype.serialize):
New HeapSnapshot data processing implementation. Instead of creating
a new object per Node or per Edge create data arrays containing data
per-Node. Operate on these lists of data instead of creating many objects.

LayoutTests:

* inspector/heap/getPreview.html:
* inspector/heap/getRemoteObject.html:
* inspector/heap/snapshot.html:
Update tests to use the new HeapSnapshotWorker frontend code.

* inspector/unit-tests/heap-snapshot-expected.txt: Added.
* inspector/unit-tests/heap-snapshot.html: Added.
Verify the data processing in and worker communication work HeapSnapshotWorker
produces expected values when compared with the simple HeapSnapshot/Node/Edge
implentation.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198353 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove use of dyld_register_image_state_change_handler() in PluginProcessMac.mm
andersca@apple.com [Thu, 17 Mar 2016 21:01:21 +0000 (21:01 +0000)]
Remove use of dyld_register_image_state_change_handler() in PluginProcessMac.mm
https://bugs.webkit.org/show_bug.cgi?id=155596

Reviewed by Dan Bernstein.

Use _dyld_register_func_for_add_image instead which is API. Use dladdr to find the image path given its header.

* Platform/spi/Cocoa/DyldSPI.h: Removed.
* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::PluginProcess::platformInitializeProcess):
* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAn analysis task should be closed if a progression cause is identified
rniwa@webkit.org [Thu, 17 Mar 2016 20:48:28 +0000 (20:48 +0000)]
An analysis task should be closed if a progression cause is identified
https://bugs.webkit.org/show_bug.cgi?id=155549

Reviewed by Chris Dumez.

Since a progression is desirable, we should close an analysis task once its cause is identified.

Also fix some typos.

* init-database.sql: Fixed a typo.
* public/api/analysis-tasks.php:
* public/v3/models/analysis-task.js:
(AnalysisTask.prototype.dissociateBug): Renamed from dissociateBug.
* public/v3/pages/analysis-task-page.js:
(AnalysisTaskPage.prototype.render):
(AnalysisTaskPage.prototype._dissociateBug): Renamed from _dissociateBug.
(AnalysisTaskPage.prototype._dissociateCommit): Fixed the typo in the alert.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198351 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSet the WebContent process's main thread QoS to USER-INTERACTIVE
cdumez@apple.com [Thu, 17 Mar 2016 20:46:57 +0000 (20:46 +0000)]
Set the WebContent process's main thread QoS to USER-INTERACTIVE
https://bugs.webkit.org/show_bug.cgi?id=155595
<rdar://problem/22534965>

Reviewed by Antti Koivisto.

Source/WebKit2:

Increase the WebContent process main thread's QoS to USER-INTERACTIVE
instead of USER-INITIATED as it is drawing UI. However, use a relative
priority of -1 so that its priority is lower than the one of the
scrolling thread.

* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):

Source/WTF:

Add a relativePriority parameter to setCurrentThreadIsUser*() so that
we can do more fine-grained prioritization of threads that have the
same QoS.

* wtf/Threading.cpp:
(WTF::setCurrentThreadIsUserInteractive):
(WTF::setCurrentThreadIsUserInitiated):
(WTF::createThread): Deleted.
* wtf/Threading.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198350 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake FunctionMode an enum class.
mark.lam@apple.com [Thu, 17 Mar 2016 20:38:56 +0000 (20:38 +0000)]
Make FunctionMode an enum class.
https://bugs.webkit.org/show_bug.cgi?id=155587

Reviewed by Saam Barati.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* parser/NodeConstructors.h:
(JSC::BaseFuncExprNode::BaseFuncExprNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrowFuncExprNode::ArrowFuncExprNode):
(JSC::MethodDefinitionNode::MethodDefinitionNode):
* parser/ParserModes.h:
(JSC::functionNameIsInScope):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198349 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Getters and Setters should be prefixed appropriately
msaboff@apple.com [Thu, 17 Mar 2016 20:13:18 +0000 (20:13 +0000)]
[ES6] Getters and Setters should be prefixed appropriately
https://bugs.webkit.org/show_bug.cgi?id=155593

Reviewed by Mark Lam.

Changed the putDirectNativeIntrinsicGetter() to prepend "get " to the funtion name.

Updated places that had their own macro or hand constructed a getter function to use
the JSC_NATIVE_GETTER macro which will properly append "get ".

Prepended "get " and "set " to the __proto__ accessor created on the Object prototype.

When we create the Symbol.species getter, added an explicit function name of "get [Symbol.species]".

* inspector/JSInjectedScriptHostPrototype.cpp:
(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
* inspector/JSJavaScriptCallFramePrototype.cpp:
(Inspector::JSJavaScriptCallFramePrototype::finishCreation):
(Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectNativeIntrinsicGetter):
* runtime/MapPrototype.cpp:
(JSC::MapPrototype::finishCreation):
(JSC::MapPrototype::getOwnPropertySlot):
* runtime/SetPrototype.cpp:
(JSC::SetPrototype::finishCreation):
(JSC::SetPrototype::getOwnPropertySlot):
* tests/stress/accessors-get-set-prefix.js: Added.
(tryGetOwnPropertyDescriptorGetName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198348 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSupport manually accepting invalid SSL certificates with NetworkSession
achristensen@apple.com [Thu, 17 Mar 2016 19:28:24 +0000 (19:28 +0000)]
Support manually accepting invalid SSL certificates with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155442
<rdar://problem/24847398>

Reviewed by Darin Adler.

When we click continue after getting a warning about an invalid SSL certificate, we call
NSURLRequest setAllowsSpecificHTTPSCertificate in NetworkProcess::allowSpecificHTTPSCertificateForHost,
which stores information in CFNetwork about the specific invalid SSL certificate we want to accept.
If we see such a certificate during a server trust evaluation, we want to tell CFNetwork to accept it.
This fixes a loop when going to https://badssl.com, clicking on expired, and clicking continue.

* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::transferSandboxExtensionToDownload):
(WebKit::certificatesMatch):
(WebKit::NetworkDataTask::allowsSpecificHTTPSCertificateForHost):
(WebKit::NetworkDataTask::suggestedFilename):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198347 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Large repaints when typing any character in console
nvasilyev@apple.com [Thu, 17 Mar 2016 19:07:19 +0000 (19:07 +0000)]
Web Inspector: Large repaints when typing any character in console
https://bugs.webkit.org/show_bug.cgi?id=155387
<rdar://problem/25125720>

Reviewed by Timothy Hatcher.

* UserInterface/Views/Main.css:
(#content):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198346 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSilence leaks in ParkingLot
fpizlo@apple.com [Thu, 17 Mar 2016 18:54:15 +0000 (18:54 +0000)]
Silence leaks in ParkingLot
https://bugs.webkit.org/show_bug.cgi?id=155510

Reviewed by Alexey Proskuryakov.

ParkingLot has a concurrent hashtable that it reallocates on demand. It will not reallocate
it in steady state. The hashtable is sized to accommodate the high watermark of the number
of active threads - so long as the program doesn't just keep starting an unbounded number
of threads that are all active, the hashtable will stop resizing. Each resize operation is
designed to stay out of the way of the data-access-parallel normal path, in which two
threads operating on different lock addresses don't have to synchronize. To do this, it
simply drops the old hashtable without deleting it, so that threads that were still using
it don't crash. They will realize that they have the wrong hashtable before doing anything
bad, but we don't have a way of proving when all of those threads are no longer going to
read from the old hashtables. So, we just leak them.

This is a bounded leak, since the hashtable resizes exponentially. Thus the total memory
utilization of all hashtables, including the leaked ones, converges to a linear function of
the current hashtable's size (it's 2 * size of current hashtable).

But this leak is a problem for leaks tools, which will always report this leak. This is not
useful. It's better to silence the leak. That's what this patch does by ensuring that all
hashtables, including leaked ones, end up in a global vector. This is perf-neutral.

This requires making a StaticWordLock variant of WordLock. That's probably the biggest part
of this change.

* wtf/ParkingLot.cpp:
* wtf/WordLock.cpp:
(WTF::WordLockBase::lockSlow):
(WTF::WordLockBase::unlockSlow):
(WTF::WordLock::lockSlow): Deleted.
(WTF::WordLock::unlockSlow): Deleted.
* wtf/WordLock.h:
(WTF::WordLockBase::lock):
(WTF::WordLockBase::isLocked):
(WTF::WordLock::WordLock):
(WTF::WordLock::lock): Deleted.
(WTF::WordLock::isLocked): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198345 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking http/tests/security/aboutBlank/window-open-self-about-blank.html as flaky...
ryanhaddad@apple.com [Thu, 17 Mar 2016 17:37:59 +0000 (17:37 +0000)]
Marking http/tests/security/aboutBlank/window-open-self-about-blank.html as flaky on ios-sim-debug
https://bugs.webkit.org/show_bug.cgi?id=94458

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198344 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
bshafiei@apple.com [Thu, 17 Mar 2016 17:20:09 +0000 (17:20 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198343 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDataURLDecoder::DecodingResultDispatcher may get deleted outside main thread
antti@apple.com [Thu, 17 Mar 2016 17:02:14 +0000 (17:02 +0000)]
DataURLDecoder::DecodingResultDispatcher may get deleted outside main thread
https://bugs.webkit.org/show_bug.cgi?id=155584
rdar://problem/24492104

Reviewed by Chris Dumez.

This is unsafe as it owns strings and other types that are only safe to delete in the main thread.

* platform/network/DataURLDecoder.cpp:
(WebCore::DataURLDecoder::DecodingResultDispatcher::dispatch):

    The problem is that this was a refcounted type. This created a race. If the timer fired before dispatch()
    was exited the implicit deref here would trigger the deletion in the dispatching thread.

    Fix by getting rid of the unnecessary refcounting. Timer firing will now delete the instance explicitly.

(WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):
(WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198335 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198201.
commit-queue@webkit.org [Thu, 17 Mar 2016 16:43:41 +0000 (16:43 +0000)]
Unreviewed, rolling out r198201.
https://bugs.webkit.org/show_bug.cgi?id=155585

That was not the proper solution (Requested by KaL on
#webkit).

Reverted changeset:

"REGRESSION (r197724): [GTK] Web Inspector: Images being
blocked by CSP 2.0"
https://bugs.webkit.org/show_bug.cgi?id=155432
http://trac.webkit.org/changeset/198201

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198334 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Implement AutoFill Available attribute for a text field
cfleizach@apple.com [Thu, 17 Mar 2016 16:38:56 +0000 (16:38 +0000)]
AX: Implement AutoFill Available attribute for a text field
https://bugs.webkit.org/show_bug.cgi?id=155567

Reviewed by Darin Adler.

Source/WebCore:

Expose the auto fill buttons to the AX hierarchy.
Add an attribute for the textfield to inform when the auto fill button is available.

Test: accessibility/auto-fill-types.html

* English.lproj/Localizable.strings:
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::isValueAutofillAvailable):
(WebCore::AccessibilityObject::isValueAutofilled):
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::passwordFieldValue):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::addTextFieldChildren):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
* html/TextFieldInputType.cpp:
(WebCore::limitLength):
(WebCore::autoFillButtonTypeToAccessibilityLabel):
(WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
(WebCore::TextFieldInputType::createAutoFillButton):
(WebCore::TextFieldInputType::updateAutoFillButton):
* platform/LocalizedStrings.cpp:
(WebCore::AXListItemActionVerb):
(WebCore::AXAutoFillCredentialsLabel):
(WebCore::AXAutoFillContactsLabel):
(WebCore::AXARIAContentGroupText):
* platform/LocalizedStrings.h:

LayoutTests:

* accessibility/auto-fill-types-expected.txt: Added.
* accessibility/auto-fill-types.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198333 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMethod names should not appear in the lexical scope of the method's body.
mark.lam@apple.com [Thu, 17 Mar 2016 14:58:57 +0000 (14:58 +0000)]
Method names should not appear in the lexical scope of the method's body.
https://bugs.webkit.org/show_bug.cgi?id=155568

Reviewed by Saam Barati.

Source/JavaScriptCore:

Consider this scenario:

    var f = "foo";
    var result = ({
        f() {
            return f; // f should be the string "foo", not this method f.
        }
    }).f();
    result === "foo"; // Should be true.

The reason this is not current working is because the parser does not yet
distinguish between FunctionExpressions and MethodDefinitions.  The ES6 spec
explicitly distinguishes between the 2, and we should do the same.

This patch changes all methods (and getters and setters which are also methods)
to have a FunctionMode of MethodDefinition (instead of FunctionExpression).
functionNameIsInScope() is responsible for determining whether a function's name
should be in its scope or not.  It already returns false for any function
whose FunctionMode is not FunctionExpression.  Giving methods the MethodDefinition
FunctionMode gets us the correct behavior ES6 expects.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitNewMethodDefinition):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrowFuncExprNode::emitBytecode):
(JSC::MethodDefinitionNode::emitBytecode):
(JSC::YieldExprNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createMethodDefinition):
(JSC::ASTBuilder::createFunctionMetadata):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createArguments):
* parser/NodeConstructors.h:
(JSC::FunctionParameters::FunctionParameters):
(JSC::BaseFuncExprNode::BaseFuncExprNode):
(JSC::FuncExprNode::FuncExprNode):
(JSC::FuncDeclNode::FuncDeclNode):
(JSC::ArrowFuncExprNode::ArrowFuncExprNode):
(JSC::MethodDefinitionNode::MethodDefinitionNode):
(JSC::YieldExprNode::YieldExprNode):
* parser/Nodes.h:
(JSC::BaseFuncExprNode::metadata):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parsePropertyMethod):
* parser/ParserModes.h:
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionMetadata):
(JSC::SyntaxChecker::createArrowFunctionExpr):
(JSC::SyntaxChecker::createMethodDefinition):
(JSC::SyntaxChecker::setFunctionNameStart):
(JSC::SyntaxChecker::createArguments):
* tests/es6.yaml:

LayoutTests:

* inspector/model/scope-chain-node-expected.txt:
- rebased expected result.

* js/script-tests/function-toString-vs-name.js:
- fixed a bug in the shouldBe() function.

* js/methods-names-should-not-be-in-lexical-scope-expected.txt: Added.
* js/methods-names-should-not-be-in-lexical-scope.html: Added.
* js/script-tests/methods-names-should-not-be-in-lexical-scope.js: Added.
- test all variations of methods.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198332 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r197380): Build fails with new GCC and Clang
utatane.tea@gmail.com [Thu, 17 Mar 2016 13:57:03 +0000 (13:57 +0000)]
REGRESSION(r197380): Build fails with new GCC and Clang
https://bugs.webkit.org/show_bug.cgi?id=155044

Reviewed by Michael Catanzaro.

In C++, std math functions ceil and floor are overloaded for double and float.
Without explicit cast or function pointer assignment, compilers cannot
determine which function address is used in the given context.

* b3/B3LowerMacrosAfterOptimizations.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198331 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac][cmake] Unreviewed speculative buildfix after r198179. Just for fun.
ossy@webkit.org [Thu, 17 Mar 2016 13:17:55 +0000 (13:17 +0000)]
[Mac][cmake] Unreviewed speculative buildfix after r198179. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198330 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac][cmake] Unreviewed buildfix after r198070. Just for fun.
ossy@webkit.org [Thu, 17 Mar 2016 13:14:00 +0000 (13:14 +0000)]
[Mac][cmake] Unreviewed buildfix after r198070. Just for fun.

* PlatformMac.cmake:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198329 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[cmake][Mac] Unreviewed speculative buildfix after r198088. Just for fun.
ossy@webkit.org [Thu, 17 Mar 2016 12:59:27 +0000 (12:59 +0000)]
[cmake][Mac] Unreviewed speculative buildfix after r198088. Just for fun.

* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198328 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, line ending fixes.
ossy@webkit.org [Thu, 17 Mar 2016 12:28:42 +0000 (12:28 +0000)]
Unreviewed, line ending fixes.

Source/ThirdParty:

* gtest/codegear/gtest_all.cc:
* gtest/codegear/gtest_link.cc:

LayoutTests:

* css2.1/20110323/support/at-import-001.css:
* css2.1/20110323/support/at-import-002.css:
* css2.1/20110323/support/at-import-004.css:
* css2.1/20110323/support/at-import-005.css:
* css2.1/20110323/support/at-import-006.css:
* css2.1/20110323/support/at-import-007.css:
* css2.1/20110323/support/eof-green.css:
* storage/indexeddb/set_version_blocked.html:
* storage/indexeddb/transaction-read-only.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198327 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Fetch API] response-consume.html is crashing on Mac WK1 Debug builds
youenn.fablet@crf.canon.fr [Thu, 17 Mar 2016 11:25:10 +0000 (11:25 +0000)]
[Fetch API] response-consume.html is crashing on Mac WK1 Debug builds
https://bugs.webkit.org/show_bug.cgi?id=155490

Reviewed by Darin Adler.

Source/WebCore:

Covered by existing tests.

Ensured to lock state before calling JSC:JSONParse.
Adding fulfillPromiseWithJSON routine to handle it.
Applied it to FetchBody.

* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::json):
(WebCore::FetchBody::loadedAsText):
(WebCore::FetchBody::resolveAsJSON): Deleted.
* Modules/fetch/FetchBody.h:
* Modules/fetch/FetchBodyOwner.cpp:
(WebCore::FetchBodyOwner::loadedBlobAsText):
* bindings/js/JSDOMPromise.cpp:
(WebCore::parseAsJSON):
(WebCore::fulfillPromiseWithJSON):
* bindings/js/JSDOMPromise.h:

LayoutTests:

* TestExpectations: Removed crash debug expectation of response-consume.html

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198326 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWebRTC: Update RTCIceCandidate
adam.bergkvist@ericsson.com [Thu, 17 Mar 2016 10:52:20 +0000 (10:52 +0000)]
WebRTC: Update RTCIceCandidate
https://bugs.webkit.org/show_bug.cgi?id=155535

Reviewed by Eric Carlson.

Source/WebCore:

Update the RTCIceCandidate constructor procedure to match the WebRTC 1.0 specification [1].
In short: The "candidate" init dictionary member is required. At least one of the dictionary
members "sdpMid" and "sdpMLine" needs to be present; the corresponding attribute of the
other, is initialized to null.

[1] https://w3c.github.io/webrtc-pc/archives/20160215/webrtc.html

Tests: Updated fast/mediastream/RTCIceCandidate.htm

* Modules/mediastream/RTCIceCandidate.cpp:
(WebCore::RTCIceCandidate::create):
(WebCore::RTCIceCandidate::RTCIceCandidate):
* Modules/mediastream/RTCIceCandidate.h:
(WebCore::RTCIceCandidate::sdpMLineIndex):
(WebCore::RTCIceCandidate::setSdpMLineIndex):
* Modules/mediastream/RTCIceCandidate.idl:
* bindings/js/JSRTCIceCandidateCustom.cpp:
(WebCore::JSRTCIceCandidate::sdpMid):
(WebCore::JSRTCIceCandidate::sdpMLineIndex):

LayoutTests:

RTCIceCandidate.html is updated to test the new construction behavior and the nullable
attributes. The remaining updated tests simply construct an RTCIceCandidate to be used for
test purposes.

* fast/mediastream/RTCIceCandidate-expected.txt:
* fast/mediastream/RTCIceCandidate.html:
* fast/mediastream/RTCPeerConnection-closed-state.html:
* fast/mediastream/RTCPeerConnection-overloaded-operations-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params-expected.txt:
* fast/mediastream/RTCPeerConnection-overloaded-operations-params.html:
* fast/mediastream/RTCPeerConnection-overloaded-operations.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198325 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoInvoking super()/super inside of the eval should not lead to SyntaxError
gskachkov@gmail.com [Thu, 17 Mar 2016 09:46:07 +0000 (09:46 +0000)]
Invoking super()/super inside of the eval should not lead to SyntaxError
https://bugs.webkit.org/show_bug.cgi?id=153864

Reviewed by Saam Barati.

Source/JavaScriptCore:

Added support of the invoking super/super() inside of the eval within class.
Also support cases when eval is invoked in constructor, class method directly
or via arrow function. Access to the new.target in eval is not part of this patch
and will be implemented in https://bugs.webkit.org/show_bug.cgi?id=155545

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
(JSC::BytecodeGenerator::isThisUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isNewTargetUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isSuperUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::isSuperCallUsedInInnerArrowFunction):
(JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
* interpreter/Interpreter.cpp:
(JSC::eval):
* parser/Parser.cpp:
(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseMemberExpression):
* parser/Parser.h:
(JSC::Scope::Scope):
(JSC::Scope::isEvalContext):
(JSC::Scope::setIsEvalContext):
(JSC::parse):
* runtime/CodeCache.cpp:
(JSC::CodeCache::getGlobalCodeBlock):
* tests/stress/arrowfunction-lexical-bind-supercall-4.js:
* tests/stress/arrowfunction-lexical-bind-superproperty.js:
* tests/stress/class-syntax-super-in-eval.js: Added.
* tests/stress/generator-with-super.js:

LayoutTests:

* js/class-syntax-super-expected.txt:
* js/script-tests/class-syntax-super.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198324 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Mac] Enable Content-Disposition: attachment sandbox
aestes@apple.com [Thu, 17 Mar 2016 07:05:58 +0000 (07:05 +0000)]
[Mac] Enable Content-Disposition: attachment sandbox
https://bugs.webkit.org/show_bug.cgi?id=155578
<rdar://problem/21886326>

Reviewed by Dan Bernstein.

Covered by the existing set of attachment sandbox tests, which have always been run on Mac.

Source/WebKit/mac:

* WebView/WebView.mm:
(-[WebView _commonInitializationWithFrameName:groupName:]):

Source/WebKit2:

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::WebPage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUncaught Exception: SyntaxError: Invalid regular expression: \ at end of pattern
mattbaker@apple.com [Thu, 17 Mar 2016 04:42:21 +0000 (04:42 +0000)]
Uncaught Exception: SyntaxError: Invalid regular expression: \ at end of pattern
https://bugs.webkit.org/show_bug.cgi?id=155556
<rdar://problem/25200058>

Reviewed by Timothy Hatcher.

Use simpleGlobStringToRegExp, which returns a valid regular expression
for strings with trailing backslashes, and also provides globbing.
String.escapeForRegExp returns a JS string ending in "\\", which isn't
a valid regular expression.

* UserInterface/Views/OpenResourceDialog.js:
(WebInspector.OpenResourceDialog):
(WebInspector.OpenResourceDialog.prototype._handleMousedownEvent):
Fixed typo.

(WebInspector.OpenResourceDialog.prototype._updateFilter):
Switch to simpleGlobStringToRegExp.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198317 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSVG tear offs should return a const reference if possible
commit-queue@webkit.org [Thu, 17 Mar 2016 03:36:28 +0000 (03:36 +0000)]
SVG tear offs should return a const reference if possible
https://bugs.webkit.org/show_bug.cgi?id=153214

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-03-16
Reviewed by Alex Christensen.

A smaller change than expected because the returned reference is being copied into a value in additional locations that baseVal and animVal are used.

No new tests as there is no change in behaviour.

* svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
* svg/properties/SVGAnimatedStaticPropertyTearOff.h:
(WebCore::SVGAnimatedStaticPropertyTearOff::baseVal):
(WebCore::SVGAnimatedStaticPropertyTearOff::animVal):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198316 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd a new benchmark test
jonlee@apple.com [Thu, 17 Mar 2016 02:49:16 +0000 (02:49 +0000)]
Add a new benchmark test
https://bugs.webkit.org/show_bug.cgi?id=155570

Reviewed by Simon Fraser.

New Leaves test includes various image sizes and opacity.

* Animometer/resources/debug-runner/tests.js: Add it to the HTML test suite.
* Animometer/tests/dom/leaves.html: Added.
* Animometer/tests/dom/resources/leaves.js: Added. Override the
(Particle.call.reset): Uses a range of sizes, and opacity.
(Particle.call.animate): Opacity goes up then down. When it hits 0, reset the particle.
(Particle.call.move): Set transform and opacity.
* Animometer/tests/master/resources/leaves.js: Get rid of the closure so that it
can be used in this test. Update the relative path so that it works in both the master
and dom test suite.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, partial roll out of r197254.
cdumez@apple.com [Thu, 17 Mar 2016 02:18:04 +0000 (02:18 +0000)]
Unreviewed, partial roll out of r197254.
<rdar://problem/25078552>

It caused a ~1.1% PLT regression on iOS.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::commitProvisionalLoad): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198314 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRecognize mailto and tel url as data detector links.
enrica@apple.com [Thu, 17 Mar 2016 00:56:33 +0000 (00:56 +0000)]
Recognize mailto and tel url as data detector links.
https://bugs.webkit.org/show_bug.cgi?id=155569
rdar://problem/24836185

Reviewed by Sam Weinig.

When we check if the element is a data detector link,
we should return true also for URLs with mailto: and tel: scheme.

* editing/cocoa/DataDetection.mm:
(WebCore::DataDetection::isDataDetectorLink):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198187.
cdumez@apple.com [Thu, 17 Mar 2016 00:13:30 +0000 (00:13 +0000)]
Unreviewed, rolling out r198187.
https://bugs.webkit.org/show_bug.cgi?id=155564

Potentially break testing on iOS (Requested by Guest23 on
#webkit).

Reverted changeset:

"Add twisted-15.5.0 module to
webkitpy.thirdparty.autoinstalled."
https://bugs.webkit.org/show_bug.cgi?id=154667
http://trac.webkit.org/changeset/198187

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-16

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198310 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSubpixel rendering: Directly composited image layers need pixelsnapping.
zalan@apple.com [Thu, 17 Mar 2016 00:07:58 +0000 (00:07 +0000)]
Subpixel rendering: Directly composited image layers need pixelsnapping.
https://bugs.webkit.org/show_bug.cgi?id=155558

Reviewed by Simon Fraser.

In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
layer bounds for directly composited images.

Source/WebCore:

Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html

* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::resetContentsRect):
(WebCore::RenderLayerBacking::updateChildClippingStrategy):
(WebCore::RenderLayerBacking::updateImageContents):

LayoutTests:

* fast/images/hidpi-directly-composited-image-on-subpixel-position-expected.html: Added.
* fast/images/hidpi-directly-composited-image-on-subpixel-position.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198309 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkipping mathml/very-large-stretchy-operators.html on ios-simulator debug
ryanhaddad@apple.com [Wed, 16 Mar 2016 23:37:37 +0000 (23:37 +0000)]
Skipping mathml/very-large-stretchy-operators.html on ios-simulator debug
https://bugs.webkit.org/show_bug.cgi?id=155565

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking compositing/visible-rect/animated-from-none.html as flaky on ios-sim-wk2...
ryanhaddad@apple.com [Wed, 16 Mar 2016 23:32:16 +0000 (23:32 +0000)]
Marking compositing/visible-rect/animated-from-none.html as flaky on ios-sim-wk2, failing on ios-sim-wk1
https://bugs.webkit.org/show_bug.cgi?id=155495

Unreviewed test gardening.

* platform/ios-simulator-wk1/TestExpectations:
* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198307 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoProvide NSSpellChecker spellChecking methods with the current insertion point
bdakin@apple.com [Wed, 16 Mar 2016 23:25:09 +0000 (23:25 +0000)]
Provide NSSpellChecker spellChecking methods with the current insertion point
https://bugs.webkit.org/show_bug.cgi?id=155532
-and corresponding-
rdar://problem/24066952

Reviewed by Simon Fraser.

Source/WebCore:

Pass the Frame‚Äôs selection to a handful of spelling checking methods that
call into WebKit/WebKit2 to ultimately call into NSSpellChecker.
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::hasMisspelling):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(AXAttributeStringSetSpelling):
* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::timerFired):
* editing/Editor.cpp:
(WebCore::Editor::guessesForMisspelledWord):
(WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
* editing/SpellChecker.cpp:
(WebCore::SpellChecker::invokeRequest):
(WebCore::SpellChecker::enqueueRequest):
* editing/TextCheckingHelper.cpp:
(WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
(WebCore::TextCheckingHelper::guessesForMisspelledOrUngrammaticalRange):
(WebCore::TextCheckingHelper::unifiedTextCheckerEnabled):
(WebCore::checkTextOfParagraph):
* editing/TextCheckingHelper.h:
* loader/EmptyClients.cpp:
(WebCore::EmptyFrameLoaderClient::createNetworkingContext):
(WebCore::EmptyTextCheckerClient::requestCheckingOfString):
* loader/EmptyClients.h:
* platform/text/TextCheckerClient.h:
(WebCore::TextCheckerClient::~TextCheckerClient):

The key needed to include the insertion point.
* platform/spi/mac/NSSpellCheckerSPI.h:

Source/WebKit/mac:

Extract the insertion point from the VisibleSelection that WebCore has
passed.
* WebCoreSupport/WebEditorClient.h:
(WebEditorClient::getGuessesForWord):
* WebCoreSupport/WebEditorClient.mm:
(WebEditorClient::checkTextOfParagraph):
(insertionPointFromCurrentSelection):
(WebEditorClient::getGuessesForWord):
(WebEditorClient::requestCheckingOfString):

Source/WebKit2:

Pass the insertionPoint to the UIProcess
* UIProcess/TextChecker.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::checkTextOfParagraph):
(WebKit::WebPageProxy::getGuessesForWord):
(WebKit::WebPageProxy::requestCheckingOfString):
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/efl/TextCheckerEfl.cpp:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):
* UIProcess/gtk/TextCheckerGtk.cpp:
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):
(WebKit::TextChecker::checkTextOfParagraph):
* UIProcess/ios/TextCheckerIOS.mm:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::requestCheckingOfString):
* UIProcess/mac/TextCheckerMac.mm:
(WebKit::TextChecker::checkTextOfParagraph):
(WebKit::TextChecker::getGuessesForWord):
(WebKit::TextChecker::ignoreWord):
(WebKit::TextChecker::requestCheckingOfString):

Extract the insertion point from the VisibleSelection that WebCore has
passed.
* WebProcess/WebCoreSupport/WebEditorClient.cpp:
(WebKit::insertionPointFromCurrentSelection):
(WebKit::WebEditorClient::checkTextOfParagraph):
(WebKit::WebEditorClient::getGuessesForWord):
(WebKit::WebEditorClient::requestCheckingOfString):
* WebProcess/WebCoreSupport/WebEditorClient.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198306 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix assertion failure on drive.google.com after r196052
achristensen@apple.com [Wed, 16 Mar 2016 22:10:02 +0000 (22:10 +0000)]
Fix assertion failure on drive.google.com after r196052
https://bugs.webkit.org/show_bug.cgi?id=155562

Reviewed by Jer Noble.

* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::mapToContainer):
Change float equality check to areEssentiallyEqual.
This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
but result was (944.335693, 232.047394).  They differ by (0, 0.000015).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agocheck-webkit-style: should warn about blank lines after #include "config.h" in TestWe...
ddkilzer@apple.com [Wed, 16 Mar 2016 22:06:41 +0000 (22:06 +0000)]
check-webkit-style: should warn about blank lines after #include "config.h" in TestWebKitAPI
<http://webkit.org/b/155445>

Reviewed by Darin Adler.

* Scripts/webkitpy/style/checker.py:
(_PATH_RULES_SPECIFIER): Do not ignore "build/include*" checks
on TestWebKitAPI since this project uses a config.h header as of
r95188.  Also remove references to WebKitAPITest, which ceased
to exist in r95944.

* Scripts/webkitpy/style/checker_unittest.py:
(GlobalVariablesTest.test_path_rules_specifier): Add tests.
Remove reference to WebKitAPITest project.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198304 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Expose aria-current status to children
n_wang@apple.com [Wed, 16 Mar 2016 21:49:26 +0000 (21:49 +0000)]
AX: Expose aria-current status to children
https://bugs.webkit.org/show_bug.cgi?id=155469

Reviewed by Chris Fleizach.

Source/WebCore:

Added aria-current to the global ARIA attributes list.

Test: accessibility/aria-current-global-attribute.html

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::supportsARIAAttributes):

LayoutTests:

* accessibility/aria-current-global-attribute-expected.txt: Added.
* accessibility/aria-current-global-attribute.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198303 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[mac] Printing test snapshots are upside-down after r198242
timothy_horton@apple.com [Wed, 16 Mar 2016 21:31:18 +0000 (21:31 +0000)]
[mac] Printing test snapshots are upside-down after r198242
https://bugs.webkit.org/show_bug.cgi?id=155543

Reviewed by Simon Fraser.

Source/WebCore:

* page/PrintContext.cpp:
(WebCore::PrintContext::spoolAllPagesWithBoundaries):
Stop PLATFORM(COCOA)-conditionally flipping here. Just paint.
This function is only used by the test runners so this doesn't have a
huge impact on anything else.

Tools:

* DumpRenderTree/mac/PixelDumpSupportMac.mm:
(createPagedBitmapContext):
Flip printing snapshots in DRT so that everything is right-side-up.

LayoutTests:

* TestExpectations:
Re-un-skip these tests.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate WebKit Feature Status page to include the status of Content Security Policy...
dbates@webkit.org [Wed, 16 Mar 2016 20:58:29 +0000 (20:58 +0000)]
Update WebKit Feature Status page to include the status of Content Security Policy Level 2 and Level 3

* features.json:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r192184): CleanMyDrive 2's tutorial window is blank
timothy_horton@apple.com [Wed, 16 Mar 2016 20:17:00 +0000 (20:17 +0000)]
REGRESSION (r192184): CleanMyDrive 2's tutorial window is blank
https://bugs.webkit.org/show_bug.cgi?id=155550
<rdar://problem/24250689>

Reviewed by Dan Bernstein.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _setDrawsTransparentBackground:]):
The app is using this SPI via key-value coding, so just keeping the implementation
is sufficient to make AppKit stop throwing an undefined key exception.
Log once that this is deprecated (... it's also SPI) and then forward to setDrawsBackground.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking inspector/controller/runtime-controller.html as flaky on mac
ryanhaddad@apple.com [Wed, 16 Mar 2016 20:13:38 +0000 (20:13 +0000)]
Marking inspector/controller/runtime-controller.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154688

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoASSERTION FAILED: !edge->isPhantomAllocation() in regress/script-tests/sink-huge...
fpizlo@apple.com [Wed, 16 Mar 2016 20:12:27 +0000 (20:12 +0000)]
ASSERTION FAILED: !edge->isPhantomAllocation() in regress/script-tests/sink-huge-activation.js.ftl-eager in debug mode
https://bugs.webkit.org/show_bug.cgi?id=153805

Reviewed by Mark Lam.

The object allocation sinking phase uses InferredValue::isStillValid() in the opposite
way from most clients: it will do an *extra* optimization if it returns false. The
phase will first compute sink candidates and then it will compute materialization
points. If something is a sink candidate then it is not a materialization point. A
NewFunction node may appear as not being a sink candidate during the first pass, so it's
not added to the set of things that will turn into PhantomNewFunction. But on the second
pass where we add materializations, we check isStillValid() again. Now this may become
false, so that second pass thinks that NewFunction is a sink candidate (even though it's
not in the sink candidates set) and so is not a materialization point.

This manifests as the NewFunction referring to a PhantomCreateActivation or whatever.

The solution is to have the phase cache results of calls to isStillValid(). It's OK if
we just remember the result of the first call and assume that it's not a sink candidate.
That's the worst that can happen.

No new tests since this is a super hard race and sink-huge-activation seemed to already
be catching it.

* dfg/DFGObjectAllocationSinkingPhase.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMark http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same...
ryanhaddad@apple.com [Wed, 16 Mar 2016 20:09:40 +0000 (20:09 +0000)]
Mark http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=94458

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Make Array.prototype.reverse spec compatible.
sbarati@apple.com [Wed, 16 Mar 2016 19:49:36 +0000 (19:49 +0000)]
[ES6] Make Array.prototype.reverse spec compatible.
https://bugs.webkit.org/show_bug.cgi?id=155528

Reviewed by Michael Saboff.

This patch make Array.prototype.reverse spec compatible.
Before, we weren't performing a HasProperty of each index
before performing a Get on that index.  We now do that on
the slow path.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncReverse):
* tests/stress/array-reverse-proxy.js: Added.
(assert):
(test):
(shallowCopy):
(shallowEqual):
(let.handler.get getSet):
(test.let.handler.get getSet):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate unit test for iOS debug queues.
ap@apple.com [Wed, 16 Mar 2016 19:47:48 +0000 (19:47 +0000)]
Update unit test for iOS debug queues.

* BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<video> and <audio> elements do not obey Content Security Policy on redirect
dbates@webkit.org [Wed, 16 Mar 2016 19:46:49 +0000 (19:46 +0000)]
<video> and <audio> elements do not obey Content Security Policy on redirect
https://bugs.webkit.org/show_bug.cgi?id=155509
<rdar://problem/10234844>

Reviewed by Alex Christensen.

Source/WebCore:

Fixes an issue where the Content Security Policy of the page was not enforced
on redirects when loading a media subresource via an HTML video or HTML audio
element.

Tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/font-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/font-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/image-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/image-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/script-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/script-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/track-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/track-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/video-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/video-redirect-blocked.html
       http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html
       http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html

* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::cachedResourceContent): Treat media resources as raw resources just as we do currently.
(WebCore::InspectorPageAgent::cachedResourceType): Ditto.
* loader/MediaResourceLoader.cpp:
(WebCore::MediaResourceLoader::requestResource): Modified to use CachedResourceLoader::requestMedia() instead
of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
more details.
* loader/ResourceLoadInfo.cpp:
(WebCore::toResourceType): Treat media resources as raw resources just as we do currently. Also, add cases for
CachedResource::LinkPrefetch and CachedResource::LinkSubresource (when ENABLE(LINK_PREFETCH) is enabled) and
remove the default statement to force a compile-time error when a new CachedResource enumerator is added and
the switch block in this function is not updated.
* loader/SubresourceLoader.cpp:
(WebCore::logResourceLoaded): Ditto.
* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::CachedRawResource): Substitute CachedResource::isMainOrMediaOrRawResource() for
CachedResource::isMainOrRawResource() as the latter was renamed to the former.
* loader/cache/CachedRawResource.h:
(isType): Ditto.
* loader/cache/CachedResource.cpp:
(WebCore::defaultPriorityForResourceType): Use priority ResourceLoadPriority::Medium for media resources just as
we do currently.
* loader/cache/CachedResource.h:
(WebCore::CachedResource::isMainOrMediaOrRawResource): Formerly named isMainOrRawResource. Returns true if the type
of this resource is a main resource, media resource, or raw resource.
(WebCore::CachedResource::isMainOrRawResource): Deleted.
* loader/cache/CachedResourceLoader.cpp:
(WebCore::createResource): Treat media resources as raw resources just as we do currently.
(WebCore::CachedResourceLoader::requestMedia): Added.
(WebCore::contentTypeFromResourceType): Consider media resources as MixedContentChecker::ContentType::Active
just as we do currently.
(WebCore::CachedResourceLoader::checkInsecureContent): Apply the mixed content policy to media resources
just as we do currently.
(WebCore::CachedResourceLoader::canRequest): Apply the Same Origin Policy to media resources just as we
do currently. Query the Content Security Policy of the page to determine if the media resource can be
requested.
(WebCore::CachedResourceLoader::determineRevalidationPolicy): Substitute CachedResource::isMainOrMediaOrRawResource()
for CachedResource::isMainOrRawResource() as the latter was renamed to the former.
* loader/cache/CachedResourceLoader.h:
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::startLoading): Modified to use CachedResourceLoader::requestMedia() instead
of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
more details. Additionally, simplified code that determined whether to request the media resource or error out
by coalescing two conditional expressions into one conditional on whether we have a loader and substituted
nullptr for 0.

Source/WebKit2:

Use 0ms as the maximum buffering time for media resource just as we do currently.

* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::maximumBufferingTime):

LayoutTests:

Add tests to ensure that the Content Security Policy is enforced on redirects when
loading a subresource, including a video or audio file.

* http/tests/resources/redirect.php: Fix PHP "undefined index" warnings when either query
parameter code or refresh (or both) are not specified.
* http/tests/security/contentSecurityPolicy/audio-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/audio-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/audio-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/font-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/font-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/font-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/font-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/image-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/image-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/image-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/image-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/resources/ABCFont.svg: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/userAgentShadowDOM/resources/ABCFont.svg.
* http/tests/security/contentSecurityPolicy/resources/alert-fail.xsl: Added.
* http/tests/security/contentSecurityPolicy/resources/alert-pass.xsl: Added.
* http/tests/security/contentSecurityPolicy/resources/green-square.svg: Added.
* http/tests/security/contentSecurityPolicy/resources/red-square.svg: Added.
* http/tests/security/contentSecurityPolicy/resources/xsl-redirect-allowed.php: Added.
* http/tests/security/contentSecurityPolicy/resources/xsl-redirect-blocked.php: Added.
* http/tests/security/contentSecurityPolicy/script-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/script-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/script-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/script-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/track-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/track-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/track-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/track-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-svg-font.html:
* http/tests/security/contentSecurityPolicy/video-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/video-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/video-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/video-redirect-blocked.html: Added.
* http/tests/security/contentSecurityPolicy/xsl-redirect-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/xsl-redirect-blocked-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html: Added.
* platform/efl/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html
until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. We will also need to fix
<https://bugs.webkit.org/show_bug.cgi?id=153866> before we can unskip test http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
As far as I can tell the functionality exercised by these tests is not being using by the EFL port.
* platform/gtk/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html
until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. As far as I can tell the functionality
exercised by these tests is not being using by the GTK port.
* platform/ios-simulator/http/tests/security/contentSecurityPolicy/audio-redirect-blocked-expected.txt: Added expected failure result as
AV Foundation is responsible for loading media on iOS. That is, WebCore is not responsible for loading media.
* platform/ios-simulator/http/tests/security/contentSecurityPolicy/video-redirect-blocked-expected.txt: Ditto.
* platform/mac/TestExpectations: For now skip tests http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-{audio, video}.html
until we fix <https://bugs.webkit.org/show_bug.cgi?id=155505>. The functionality exercised by these
tests is not used on OS X. Additionally, mark as Failure on Yosemite and ElCapitan the added tests
http/tests/security/contentSecurityPolicy/{video, audio}-redirect-blocked.html as we do not support
Content Security Policy for media redirects in these versions of OS X.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198235, r198240, r198241, and
cdumez@apple.com [Wed, 16 Mar 2016 19:33:47 +0000 (19:33 +0000)]
Unreviewed, rolling out r198235, r198240, r198241, and
r198252.

Causing crashes on ARM

Reverted changesets:

"Remove compile time define for SEPARATED_HEAP"
https://bugs.webkit.org/show_bug.cgi?id=155508
http://trac.webkit.org/changeset/198235

"Gardening: build fix after r198235."
http://trac.webkit.org/changeset/198240

"Build fix."
http://trac.webkit.org/changeset/198241

"Rename performJITMemcpy to something more inline with our
normal webkit function names"
https://bugs.webkit.org/show_bug.cgi?id=155525
http://trac.webkit.org/changeset/198252

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198257.
bburg@apple.com [Wed, 16 Mar 2016 19:03:36 +0000 (19:03 +0000)]
Unreviewed, rolling out r198257.
https://bugs.webkit.org/show_bug.cgi?id=155553

This change is unnecessary, clients can instead compile the
file with ARC enabled (Requested by brrian on #webkit).

Reverted changeset:

"REGRESSION(r198077): generated Objective-C protocol object
getters leak their wrappers"
https://bugs.webkit.org/show_bug.cgi?id=155523
http://trac.webkit.org/changeset/198257

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoURL Parsing should signal failure for illegal IDN
jiewen_tan@apple.com [Wed, 16 Mar 2016 18:31:32 +0000 (18:31 +0000)]
URL Parsing should signal failure for illegal IDN
https://bugs.webkit.org/show_bug.cgi?id=154945
<rdar://problem/8014795>

Reviewed by Brent Fulgham.

Source/WebCore:

WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
that deal with IDN mapping will now return nil to signal error.

Test: fast/url/invalid-idn.html

* platform/URL.cpp:
(WebCore::isSchemeFirstChar):
(WebCore::URL::init):
(WebCore::appendEncodedHostname):
(WebCore::encodeHostnames):
(WebCore::encodeRelativeString):
* platform/mac/WebCoreNSURLExtras.h:
* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::mapHostNameWithRange):
(WebCore::hostNameNeedsDecodingWithRange):
(WebCore::hostNameNeedsEncodingWithRange):
(WebCore::decodeHostNameWithRange):
(WebCore::encodeHostNameWithRange):
(WebCore::decodeHostName):
(WebCore::encodeHostName):
(WebCore::collectRangesThatNeedMapping):
(WebCore::mapHostNames):
(WebCore::URLWithData):
(WebCore::dataWithUserTypedString):
(WebCore::URLWithUserTypedString):
(WebCore::URLWithUserTypedStringDeprecated):
(WebCore::userVisibleString):

Source/WebKit/ios:

* Misc/WebNSStringExtrasIOS.m:
(-[NSString _web_possibleURLsForForUserTypedString:]):
* WebView/WebPDFViewPlaceholder.mm:
(-[WebPDFViewPlaceholder _updateTitleForURL:]):

Source/WebKit/mac:

In this patch, we add new SPIs _webkit_URLWithUserTypedString, _webkit_decodeHostName and
_webkit_encodeHostName which will return nil while dealing with illegal IDN.

Old SPIs _web_URLWithUserTypedString, _web_decodeHostName and _web_encodeHostName are marked
deprecated as they ignore URL parsing failure.

* History/WebHistoryItem.mm:
(-[WebHistoryItem initFromDictionaryRepresentation:]):
* Misc/WebKitErrors.m:
(+[NSError _webKitErrorWithCode:failingURL:]):
* Misc/WebNSFileManagerExtras.mm:
(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):
* Misc/WebNSPasteboardExtras.mm:
(-[NSPasteboard _web_bestURL]):
* Misc/WebNSURLExtras.h:
* Misc/WebNSURLExtras.mm:
(+[NSURL _web_URLWithUserTypedString:]):
(+[NSURL _webkit_URLWithUserTypedString:relativeToURL:]):
(+[NSURL _webkit_URLWithUserTypedString:]):
(-[NSString _web_decodeHostName]):
(-[NSString _web_encodeHostName]):
(-[NSString _webkit_decodeHostName]):
(-[NSString _webkit_encodeHostName]):
* Panels/WebAuthenticationPanel.m:
(-[WebAuthenticationPanel setUpForChallenge:]):
* WebCoreSupport/WebEditorClient.mm:
(WebEditorClient::canonicalizeURLString):

Tools:

* MiniBrowser/mac/WK2BrowserWindowController.m:
(-[WK2BrowserWindowController fetch:]):
* TestWebKitAPI/Tests/Cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):

LayoutTests:

* fast/url/host-expected.txt:
* fast/url/idna2003-expected.txt:
* fast/url/invalid-idn-expected.txt: Added.
* fast/url/invalid-idn.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd support for setting Function.name from computed properties.
mark.lam@apple.com [Wed, 16 Mar 2016 18:16:32 +0000 (18:16 +0000)]
Add support for setting Function.name from computed properties.
https://bugs.webkit.org/show_bug.cgi?id=155437

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

In JS code, we can have initialization of computed properties with function and
class objects e.g.

    var o = {
        [x]: function() {},
        [y]: class {}
    }

The ES6 spec states that the function and class in the example above (being
anonymous) should take on the value of x and y respectively as their names:

    o[x].name; // should be the "stringified" value of x.
    o[y].name; // should be the "stringified" value of y.

To achieve this, we will now inject an op_set_function_name bytecode at property
initialization sites if:

1. the property assigned value is a function or class, and
2. the function and class is anonymous, and
3. if property assigned value is a class, it doesn't have a static method
   that is statically named "name".

The op_set_function_name will result in JSFunction::setFunctionName() being
called on the target function / class before it is assigned to the property.
JSFunction::setFunctionName() will take care of:

1. computing the name to use from the value of the computed property name
   e.g. x and y in the example above.

   If the computed property name is not a symbol, then the function / class name
   should be the toString() value of that computed property name.

   If the computed property name is a symbol, then ...
   a. if the Symbol has a defined description (e.g. Symbol("foo")), then the
      function / class name should be "[<symbol description>]" e.g. "[foo]".
   b. if the Symbol has an undefined description (e.g. Symbol()), then the
      function / class name should be "".

   Note: Symbol("") is not the same as Symbol().  The former has a defined
   descriptor "", and hence, yields a function / class name of "[]".  The latter
   yields a function / class name of "".

2. reifying the lazy name property with this function / class name.

op_set_function_name is named after the SetFunctionName internal function
in the ES6 spec that performs the above operation.

It is behaviorally correct to use op_set_function_name at every property
initialization site with computed property names.  However, we choose to not
emit the op_set_function_name bytecode when we already know that it will do
nothing i.e. when the target function / class is proven to already have a name or
name property.  This is done as an optimization to avoid unnecessary calls to
JSFunction::setFunctionName().

Note: we could further check if the class has a static method with a computed
name that is a constant string "name" and elide op_set_function_name there too.
However, we don't bother because this should be rare.  JSFunction::setFunctionName()
will still do the right thing.

* bytecode/BytecodeList.json:
* bytecode/BytecodeUseDef.h:
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitSetFunctionNameIfNeeded):
(JSC::BytecodeGenerator::emitCall):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::PropertyListNode::emitBytecode):
(JSC::PropertyListNode::emitPutConstantProperty):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileSetFunctionName):
(JSC::DFG::SpeculativeJIT::compileForwardVarargs):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileSetFunctionName):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_to_primitive):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_strcat):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_set_function_name):
(JSC::JIT::emit_op_strcat):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::handleHostCall):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
* parser/Nodes.cpp:
(JSC::FunctionNode::finishParsing):
(JSC::PropertyListNode::hasStaticallyNamedProperty):
(JSC::VariableEnvironmentNode::VariableEnvironmentNode):
* parser/Nodes.h:
* runtime/JSFunction.cpp:
(JSC::getCalculatedDisplayName):
(JSC::JSFunction::setFunctionName):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyName):
* runtime/JSFunction.h:
* tests/es6.yaml:
* tests/stress/computed-function-names.js: Added.
(toKeyString):
(toFuncName):
(shouldBe):
(return.propKey):

LayoutTests:

* js/object-literal-computed-methods-expected.txt:
- Exercise op_set_function_name at all tiers.

* js/script-tests/function-toString-vs-name.js:
- Added tests for computed properties.

* js/script-tests/object-literal-computed-methods.js:
- rebased results.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking imported/blink/fast/multicol/dynamic/relayout-abspos-in-relpos-spanner.html...
ryanhaddad@apple.com [Wed, 16 Mar 2016 17:20:11 +0000 (17:20 +0000)]
Marking imported/blink/fast/multicol/dynamic/relayout-abspos-in-relpos-spanner.html as flaky on ios-sim
https://bugs.webkit.org/show_bug.cgi?id=155339

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkipping failing printing tests
ryanhaddad@apple.com [Wed, 16 Mar 2016 16:58:29 +0000 (16:58 +0000)]
Skipping failing printing tests
https://bugs.webkit.org/show_bug.cgi?id=155543

Unreviewed test gardening.

Three printing tests that rely on software snapshotting are failing after r198242 exposed
an underlying issue. Skipping these tests to get the bots back to green during investigation.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDon't invalidate style unnecessarily when setting inline style cssText
antti@apple.com [Wed, 16 Mar 2016 16:46:12 +0000 (16:46 +0000)]
Don't invalidate style unnecessarily when setting inline style cssText
https://bugs.webkit.org/show_bug.cgi?id=155541
rdar://problem/23318893

Reviewed by Simon Fraser.

Source/WebCore:

We currently invalidate style when cssText is set whether the style declaration changed or not.

Based on a patch by Simon.

Test: fast/css/style-invalidation-inline-csstext.html

* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::PropertySetCSSStyleDeclaration::cssText):
(WebCore::PropertySetCSSStyleDeclaration::setCssText):

    Invalidate only if the parsed style changed.

* css/StyleProperties.cpp:
(WebCore::MutableStyleProperties::parseDeclaration):

    Compare the original and new style after parsing, return result.

* css/StyleProperties.h:

LayoutTests:

* fast/css/style-invalidation-inline-csstext-expected.txt: Added.
* fast/css/style-invalidation-inline-csstext.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebaseline fast/css/getPropertyValue-webkit-marquee.html after r198255
ryanhaddad@apple.com [Wed, 16 Mar 2016 16:26:22 +0000 (16:26 +0000)]
Rebaseline fast/css/getPropertyValue-webkit-marquee.html after r198255
https://bugs.webkit.org/show_bug.cgi?id=155544

Unreviewed test gardening.

* fast/css/getPropertyValue-webkit-marquee-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ES6] Reflect.set with receiver
utatane.tea@gmail.com [Wed, 16 Mar 2016 13:59:43 +0000 (13:59 +0000)]
[ES6] Reflect.set with receiver
https://bugs.webkit.org/show_bug.cgi?id=155294

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch introduces the receiver parameter support for Reflect.set.
Reflect.set can alter the receiver with arbitrary values.
Each property descriptor uses the receiver in [[Set]].

1) In the accessor descriptor case, the receiver is used as |this| value for setter calls.
2) In the data descriptor case, the actual property will be set onto the receiver objects.

The current put operation does not support the receiver that is different from the base object.
In particular, (2) case is not supported.
The naive implementation adds one more [[GetOwnProperty]] for the receiver per [[Set]] (9.1.9.1-4-c [1]), and it is unacceptable.
To keep the fast path efficiently, we fall back to the slow but generic implementation (ordinarySetSlow)
only when the receiver is altered.

We need not to change any JIT part, because the JS code cannot alter the receiver without Reflect.set.
The property accesses generated by the JIT code always have the receiver that is the same to the base object.
ProxyObject can alter the receiver, but this situation has no problem because ProxyObject disables Inline Caching.
NOTE: Generating Inline Caching for JSProxy (that is used for the Window proxy) is already disabled before this change.

[1]: https://tc39.github.io/ecma262/#sec-ordinaryset

* jsc.cpp:
(functionCreateProxy):
* runtime/GenericArgumentsInlines.h:
(JSC::GenericArguments<Type>::put):
* runtime/JSArray.cpp:
(JSC::JSArray::put):
* runtime/JSArrayBuffer.cpp:
(JSC::JSArrayBuffer::put):
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::put):
* runtime/JSCJSValue.h:
* runtime/JSCJSValueInlines.h:
(JSC::isThisValueAltered):
* runtime/JSDataView.cpp:
(JSC::JSDataView::put):
* runtime/JSFunction.cpp:
(JSC::JSFunction::put):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::put):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::put):
* runtime/JSObject.cpp:
(JSC::ordinarySetSlow):
(JSC::JSObject::putInlineSlow):
* runtime/JSObject.h:
* runtime/JSObjectInlines.h:
(JSC::JSObject::putInline):
* runtime/JSProxy.h:
(JSC::JSProxy::createStructure):
* runtime/Lookup.h:
(JSC::putEntry):
* runtime/PropertySlot.h:
* runtime/ProxyObject.cpp:
(JSC::ProxyObject::put):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::PutPropertySlot):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableSetter):
(JSC::PutPropertySlot::isCacheableCustom):
(JSC::PutPropertySlot::isCustomAccessor):
(JSC::PutPropertySlot::disableCaching):
(JSC::PutPropertySlot::isCacheable):
* runtime/ReflectObject.cpp:
(JSC::reflectObjectSet):
* runtime/RegExpObject.cpp:
(JSC::RegExpObject::put):
(JSC::reject): Deleted.
* runtime/StringObject.cpp:
(JSC::StringObject::put):
* tests/es6.yaml:
* tests/stress/ordinary-set-exceptions.js: Added.
(shouldBe):
(shouldThrow):
(shouldThrow.set get var):
* tests/stress/proxy-set.js:
* tests/stress/reflect-set-proxy-set.js: Copied from Source/JavaScriptCore/tests/stress/proxy-set.js.
(shouldBe):
(unreachable):
(assert):
(throw.new.Error.let.handler.set 45):
(throw.new.Error):
(let.target.set x):
(let.target.get x):
(set let):
* tests/stress/reflect-set-receiver-proxy-set.js: Added.
(shouldBe):
(unreachable):
(assert):
(let.handler.set 45):
(catch):
(let.target.set x):
(let.target.get x):
(set let):
* tests/stress/reflect-set-with-global-proxy.js: Added.
(shouldBe):
(unreachable):
(get shouldBe):
(set shouldBe):
(set test1):
(set test2):
(set test3):
* tests/stress/reflect-set.js:
(shouldThrow):
(unreachable):
(get shouldBe):
(set shouldBe):
(receiverTestIndexed):
(set get Uint8Array):
(receiverCase): Deleted.
(proxyCase): Deleted.
(stringObjectCase.set get shouldBe): Deleted.
(regExpLastIndex): Deleted.

LayoutTests:

Currently, putDelegate (JSLocation is special case) and CustomIndexedSetter work as special setters.

* js/dom/reflect-set-onto-dom-expected.txt:
* js/dom/script-tests/reflect-set-onto-dom.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198270 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r195661): [GTK] very slow scrolling
carlosgc@webkit.org [Wed, 16 Mar 2016 09:36:29 +0000 (09:36 +0000)]
REGRESSION(r195661): [GTK] very slow scrolling
https://bugs.webkit.org/show_bug.cgi?id=155334

Reviewed by Sergio Villar Senin.

Fix smooth scrolling behaviour change after r195661.

* platform/ScrollAnimationSmooth.cpp:
(WebCore::getAnimationParametersForGranularity): Fix a typo,
animationTime for pixel granularity should be 11 * tickTime.
(WebCore::ScrollAnimationSmooth::animateScroll): Previous code
reset all the data except the visibleLenght, so keep it in the
PerAxisData after the reset.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196951 and r197031.
carlosgc@webkit.org [Wed, 16 Mar 2016 07:18:31 +0000 (07:18 +0000)]
Unreviewed, rolling out r196951 and r197031.

Revert also WinCairo follow ups after r196803

Reverted changesets:

"[WinCairo] Compile fix."
https://bugs.webkit.org/show_bug.cgi?id=154545
http://trac.webkit.org/changeset/196951

"[WinCairo] Mark layer as non composited."
https://bugs.webkit.org/show_bug.cgi?id=154640
http://trac.webkit.org/changeset/197031

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r197693.
carlosgc@webkit.org [Wed, 16 Mar 2016 07:11:18 +0000 (07:11 +0000)]
Unreviewed, rolling out r197693.

197031

Reverted changeset:

"[WinCairo][AcceleratedCompositing] Rendering issues on
www.bbc.com."
https://bugs.webkit.org/show_bug.cgi?id=154912
http://trac.webkit.org/changeset/197693

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r196803.
commit-queue@webkit.org [Wed, 16 Mar 2016 07:05:24 +0000 (07:05 +0000)]
Unreviewed, rolling out r196803.
https://bugs.webkit.org/show_bug.cgi?id=155534

Introduced several rendering issues in popular websites
(Requested by KaL on #webkit).

Reverted changeset:

"[GTK] Limit the number of tiles according to the visible
area"
https://bugs.webkit.org/show_bug.cgi?id=126122
http://trac.webkit.org/changeset/196803

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAnalysis task page should allow specifying commits that caused or fixed a regression...
rniwa@webkit.org [Wed, 16 Mar 2016 07:02:28 +0000 (07:02 +0000)]
Analysis task page should allow specifying commits that caused or fixed a regression or a progression
https://bugs.webkit.org/show_bug.cgi?id=155529

Reviewed by Chris Dumez.

Added the capability to associate revisions that caused or fixed a progression or a regression for which
an analysis task was created. Added task_commits that stores this relationship and added the backend
support to retrieve this table in /api/analysis-tasks and an privileged API to update this table at
/privileged-api/associate-commit.

Also extracted a new component, MutableListView, out of AnalysisTaskPage to render and manipulate a list
of mutable items, and used it to render the list of associated bugs and commits. The view takes a list of
kinds (e.g. repositories or bug trackers), and accepts a pair of a kind and arbitrary text as a new item
value.

* init-database.sql: Added task_commits table.

* public/api/analysis-tasks.php:
(main):
(fetch_associated_data_for_tasks): Renamed from fetch_and_push_bugs_to_tasks now that it also fetches
the list of commits associated with each analysis task by calling CommitLogFetcher::fetch_for_tasks.
Also fixe the bug that we were not taking
(format_task): No longer sets 'category' since the computation of category now depends on the list of
commits associated with this analysis task which aren't available until fetch_associated_data_for_tasks.
(determine_category): Added. Categorize any analysis tasks with "fixes" commits as "closed" and "causes"
commits as "identified".

* public/include/commit-log-fetcher.php:
(CommitLogFetcher::__construct): Remove the unused instance variable.
(CommitLogFetcher::fetch_for_tasks): Added. Fetches all commits associated with a list of analysis tasks.
Assumes the caller (fetch_associated_data_for_tasks) had setup "fixes" and "causes" fields on each task.

* public/privileged-api/associate-commit.php: Added. Updates task_commits table to associate or disassociate
a commit with an analysis task. When the specified analysis task and the specified commit are already
associated, we simply update the table instead of adding a duplicating entry or error. For dissociation,
the front-end specifies the commit ID.
(main): Added.

* public/v3/index.html:
* public/v3/components/mutable-list-view.js: Added. Used by the list associated bugs and commits.
(MutableListView): Added.
(MutableListView.prototype.setList): Added.
(MutableListView.prototype.setKindList): Added.
(MutableListView.prototype.setAddCallback): Added. This callback is invoked when the user tries to add
a new item to the list.
(MutableListView.prototype.render): Added.
(MutableListView.prototype._submitted): Added.
(MutableListView.cssTemplate):
(MutableListView.htmlTemplate):
(MutableListItem): Added. RemovalLink could be a hyperlink or a callback and gets involved when the user
tries to delete this item.
(MutableListItem.prototype.content):

* public/v3/models/analysis-task.js:
(AnalysisTask): Added the support of the list of commits that fixed and caused changes.
(AnalysisTask.prototype.updateSingleton): Ditto.
(AnalysisTask.prototype.causes): Added.
(AnalysisTask.prototype.fixes): Added.
(AnalysisTask.prototype.associateCommit): Added. Use the API added at /privileged-api/associate-commit
to associate a new commit with this analysis task. Each commit has either caused or fixed the change.
(AnalysisTask.prototype.dissociateCommit): Added. Use the same API to disassociate each commit.
(AnalysisTask._constructAnalysisTasksFromRawData): Find all commits associated with each analysis task.
Because commit log objects use a fake ID fdue to /api/measurement-set not providing commit IDs, we must
use CommitLog.findByRemoteId to find each commit instead of usual CommitLog.findById.
(AnalysisTask._constructAnalysisTasksFromRawData.resolveCommits): Added.

* public/v3/models/build-request.js:
(BuildRequest.prototype.hasFinished): Renamed from hasCompleted since it was confusing for this._status
being "completed" wasn't a necessary condition for this function to return true.

* public/v3/models/commit-log.js:
(CommitLog): Added the static map for actual commit ID instead of a fake ID created in ensureSingleton.
(CommitLog.prototype.remoteId): Added. Returns the real commit ID.
(CommitLog.findByRemoteId): Added. Finds an CommitLog object using the real ID.

* public/v3/models/test-group.js:
(TestGroup.prototype.hasFinished): Renamed from hasCompleted to match the rename in BuildRequest.

* public/v3/pages/analysis-task-page.js:
(AnalysisTaskPage): Added lists for the commits that fixed and caused the change using MutableListView.
Also adopted MutableListView for the list of associated bugs.
(AnalysisTaskPage.prototype.render): Added the code to populate the newly added lists.
(AnalysisTaskPage.prototype._makeCommitListItem): Added.
(AnalysisTaskPage.prototype._associateBug): Now this is a callback from MutableListView.
(AnalysisTaskPage.prototype._associateCommit): Added.
(AnalysisTaskPage.prototype._dissociateCommit): Added.
(AnalysisTaskPage.htmlTemplate):
(AnalysisTaskPage.cssTemplate):

* public/v3/remote.js:
(getJSON): Spit out the entire responseText when JSON failed to parse to make debugging easier.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Remove hint from SlowCaseEntry
commit-queue@webkit.org [Wed, 16 Mar 2016 06:48:53 +0000 (06:48 +0000)]
[JSC] Remove hint from SlowCaseEntry
https://bugs.webkit.org/show_bug.cgi?id=155530

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-15
Reviewed by Alex Christensen.

* jit/JIT.h:
(JSC::SlowCaseEntry::SlowCaseEntry):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198264 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION(r198077): generated Objective-C protocol object getters leak their wrappers
bburg@apple.com [Wed, 16 Mar 2016 03:31:35 +0000 (03:31 +0000)]
REGRESSION(r198077): generated Objective-C protocol object getters leak their wrappers
https://bugs.webkit.org/show_bug.cgi?id=155523
<rdar://problem/25181764>

Reviewed by Joseph Pecoraro.

Since the code may not be compiled with ARC, autorelease the returned wrapper.

* inspector/scripts/codegen/objc_generator.py:
(ObjCGenerator.protocol_to_objc_expression_for_member):
* inspector/scripts/tests/expected/type-declaration-object-type.json-result:
* inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198257 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[JSC] Help clang generate better code on arrayProtoFuncToString()
commit-queue@webkit.org [Wed, 16 Mar 2016 02:16:40 +0000 (02:16 +0000)]
[JSC] Help clang generate better code on arrayProtoFuncToString()
https://bugs.webkit.org/show_bug.cgi?id=155512

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-15
Reviewed by Mark Lam.

3d-raytrace hits Array.toString() hard with small arrays.
Half of the time is going into overhead around the StringJoiner.
This patch makes the function shorter and the layout better.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
Add "UNLIKELY" on rare cases. Clang pushes that code to the tail.

Factor the code of jsMakeNontrivialString() so that the operation
is not duplicated in the function.

* runtime/JSStringBuilder.h:
(JSC::jsMakeNontrivialString):
jsNontrivialString() supports r-value reference.
Move the result string into jsNontrivialString(), this removes
the deref+destructor from the function.

* runtime/JSStringJoiner.cpp:
(JSC::JSStringJoiner::~JSStringJoiner):
The destructor is pretty large. No point in inlining it.

(JSC::joinStrings):
* runtime/JSStringJoiner.h:
(JSC::JSStringJoiner::JSStringJoiner):
(JSC::JSStringJoiner::append):
The calls were duplicated. That's unnecessary.

* runtime/NumericStrings.h:
(JSC::NumericStrings::add):
Return a reference in all cases.
This removes a deref+destructor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198256 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove overflow: -webkit-marquee
zalan@apple.com [Wed, 16 Mar 2016 01:51:12 +0000 (01:51 +0000)]
Remove overflow: -webkit-marquee
https://bugs.webkit.org/show_bug.cgi?id=155517
<rdar://problem/25028481>

Reviewed by Simon Fraser.

This patch is based on Blink patch from jchaffraix@chromium.org (https://src.chromium.org/viewvc/blink?revision=151756&view=revision)

Source/WebCore:

* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Deleted.
(WebCore::CSSPrimitiveValue::operator EOverflow): Deleted.
* css/CSSValueKeywords.in:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle):
* css/html.css:
(marquee): Deleted.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::sizesLogicalWidthToFitContent):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollTo):
(WebCore::RenderLayer::updateScrollInfoAfterLayout):
(WebCore::RenderLayer::calculateClipRects):
* rendering/RenderLayer.h:
* rendering/RenderMarquee.h:
* rendering/style/RenderStyleConstants.h:

LayoutTests:

* fast/css/getPropertyValue-webkit-marquee.html:
* fast/css/webkit-marquee-anonymous-node-crash-expected.txt: Removed.
* fast/css/webkit-marquee-anonymous-node-crash.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198255 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: Expose pointers to SVG elements referenced by aria-labelledby
jdiggs@igalia.com [Wed, 16 Mar 2016 01:45:57 +0000 (01:45 +0000)]
AX: Expose pointers to SVG elements referenced by aria-labelledby
https://bugs.webkit.org/show_bug.cgi?id=155481

Reviewed by Chris Fleizach.

Source/WebCore:

Expose elements referenced by aria-labelledby via ATK_RELATION_LABELLED_BY.
Stop calling the supportsARIA* methods before getting the elements referred
to by the associated ARIA property in the accessible wrapper for ATK and
the inspector: Getting the elements will be just as fast when there are no
such elements, and faster when there are.

Modified the w3c-svg-name-calculation.html test to include AXTitleUIElement
in its output.

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::supportsARIAAttributes):
(WebCore::AccessibilityObject::ariaElementsFromAttribute): Added.
(WebCore::AccessibilityObject::ariaControlsElements): Added.
(WebCore::AccessibilityObject::ariaDescribedByElements): Added.
(WebCore::AccessibilityObject::ariaFlowToElements): Added.
(WebCore::AccessibilityObject::ariaLabelledByElements): Added.
(WebCore::AccessibilityObject::ariaOwnsElements): Added.
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::ariaOwnsElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIAFlowTo): Deleted.
(WebCore::AccessibilityObject::ariaFlowToElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIADescribedBy): Deleted.
(WebCore::AccessibilityObject::ariaDescribedByElements): No longer virtual.
(WebCore::AccessibilityObject::supportsARIAControls): Deleted.
(WebCore::AccessibilityObject::ariaControlsElements): No longer virtual.
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::ariaElementsFromAttribute): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIAFlowTo): Deleted.
(WebCore::AccessibilityRenderObject::ariaFlowToElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIADescribedBy): Deleted.
(WebCore::AccessibilityRenderObject::ariaDescribedByElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::supportsARIAControls): Deleted.
(WebCore::AccessibilityRenderObject::ariaControlsElements): Moved to AccessibilityObject.
(WebCore::AccessibilityRenderObject::ariaOwnsElements): Moved to AccessibilityObject.
* accessibility/AccessibilityRenderObject.h:
* accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
(setAtkRelationSetFromCoreObject):
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

LayoutTests:

* accessibility/w3c-svg-name-calculation.html: Modified to also output AXTitleUIElement.
* platform/gtk/accessibility/w3c-svg-name-calculation-expected.txt: Updated.
* platform/mac/accessibility/w3c-svg-name-calculation-expected.txt: Updated.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198254 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove stale ArrayPrototype declarations
commit-queue@webkit.org [Wed, 16 Mar 2016 01:07:22 +0000 (01:07 +0000)]
Remove stale ArrayPrototype declarations
https://bugs.webkit.org/show_bug.cgi?id=155520

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-15
Reviewed by Mark Lam.

* runtime/ArrayPrototype.cpp:
The implementations went away when the methods were moved to builtins
but the declarations were left behind.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename performJITMemcpy to something more inline with our normal webkit function...
oliver@apple.com [Wed, 16 Mar 2016 01:02:32 +0000 (01:02 +0000)]
Rename performJITMemcpy to something more inline with our normal webkit function names
https://bugs.webkit.org/show_bug.cgi?id=155525

Reviewed by Saam Barati.

Simple bulk search/replace with a better name.

* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
* jit/ExecutableAllocator.h:
(JSC::writeToExecutableRegion):
(JSC::performJITMemcpy): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198252 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[ios-sim debug] API test WebKit1.AudioSessionCategoryIOS timing out
jer.noble@apple.com [Wed, 16 Mar 2016 00:45:32 +0000 (00:45 +0000)]
[ios-sim debug] API test WebKit1.AudioSessionCategoryIOS timing out
https://bugs.webkit.org/show_bug.cgi?id=155275

Reviewed by Alexey Proskuryakov.

The videoPlaybackRequiresUserGesture and audioPlaybackRequiresUserGesture should both defalut to
NO, so that legacy clients of -[UIWebView setMediaPlaybackRequiresUserAction:] continue to work
as expected.

* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFollow up to r195769.
enrica@apple.com [Wed, 16 Mar 2016 00:02:05 +0000 (00:02 +0000)]
Follow up to r195769.
https://bugs.webkit.org/show_bug.cgi?id=155519
rdar://problem/25146483

Reviewed by Tim Horton.

There are two code paths that lead to calling handleSyntheticClick()
where we need to check if the default action can be performed on the
data detector link.
Only one was covered in r195769 and this patch addresses the missing one.
I've also discovered that the point reported in DidNotHandleTapAsClick was
incorrectly always (0, 0) and I've fixed it.

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::handleTap):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198245 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Correct double-release of CFURLConnectionRef
bfulgham@apple.com [Wed, 16 Mar 2016 00:00:26 +0000 (00:00 +0000)]
[Win] Correct double-release of CFURLConnectionRef
https://bugs.webkit.org/show_bug.cgi?id=155515
<rdar://problem/25159143>

Reviewed by Tim Horton.

Tested by http/tests/download suite.

* WebDownloadCFNet.cpp: Remove extra CFRelease.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOccasional crash under GraphicsContext::platformContext() when dragging Google maps
simon.fraser@apple.com [Tue, 15 Mar 2016 23:59:24 +0000 (23:59 +0000)]
Occasional crash under GraphicsContext::platformContext() when dragging Google maps
https://bugs.webkit.org/show_bug.cgi?id=155521
rdar://problem/24357307

Reviewed by Tim Horton.

It's possible for createDragImageForSelection() to return a null image, if the bounds
of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
because a zero-sized ShareableBitmap will return a null GraphicsContext.

To avoid this, early return from DragController::startDrag() if the dragImage is null.

I wasn't able to come up with a test for this.

* page/DragController.cpp:
(WebCore::DragController::startDrag):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS Simulator] Test result snapshots are upside down
timothy_horton@apple.com [Tue, 15 Mar 2016 23:51:19 +0000 (23:51 +0000)]
[iOS Simulator] Test result snapshots are upside down
https://bugs.webkit.org/show_bug.cgi?id=154761

Reviewed by Simon Fraser.

* WebKitTestRunner/cg/TestInvocationCG.cpp:
(WTR::createCGContextFromImage):
(WTR::TestInvocation::dumpPixelsAndCompareWithExpected):
In r97104, Simon added code to take WindowServer snapshots, which came
in flipped, and added code to flip them back. At this point, WindowServer
snapshots got flipped, and software snapshots did not.

In r140067, Simon noticed that WindowServer ref test images were upside-down
on Mac (not sure why this changed), so turned off the flipping code (but
didn't delete it!). Now, WindowServer snapshots and software snapshots both
are not flipped.

In r190304, Carlos added an enum for the source of the snapshot ("WebView"
for window server snapshots, and "WebContent" for software snapshots),
and - critically - changed the flipping logic to flip software snapshots!

We didn't notice this on Mac because at this point we've made it so that
we *always* have WindowServer snapshots, but on iOS we still don't have
WindowServer snapshots, so now they're flipped.

And that's how we got here.

To restore the behavior from r140067, and correctly unflip snapshots on
iOS, just delete this code.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198242 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoImproved build fix.
oliver@apple.com [Tue, 15 Mar 2016 23:29:53 +0000 (23:29 +0000)]
Improved build fix.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGardening: build fix after r198235.
mark.lam@apple.com [Tue, 15 Mar 2016 23:24:23 +0000 (23:24 +0000)]
Gardening: build fix after r198235.

Not Reviewed.

* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoiOS <attachment> element should allow customization of action text color
timothy_horton@apple.com [Tue, 15 Mar 2016 23:13:34 +0000 (23:13 +0000)]
iOS <attachment> element should allow customization of action text color
https://bugs.webkit.org/show_bug.cgi?id=155513
<rdar://problem/24805991>

Reviewed by Simon Fraser.

Test: fast/attachment/attachment-action.html

* css/html.css:
(attachment):
On iOS (the only place it is used), <attachment> color should default to system blue.

* rendering/RenderThemeIOS.mm:
(WebCore::attachmentActionColor):
(WebCore::AttachmentInfo::AttachmentInfo):
Make use of the <attachment>'s CSS color for the action text.
This is a little weird because there are multiple bits of text in an
<attachment>, but only the action text ever changes color.

* fast/attachment/attachment-action-expected.html: Added.
* fast/attachment/attachment-action.html: Added.
* platform/ios-simulator/fast/attachment/attachment-label-highlight-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-progress-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-rendering-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-select-on-click-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-select-on-click-inside-user-select-all-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-subtitle-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-title-expected.txt:
Rebaseline some tests and add one that action text matches the requested color.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDelay HTMLFormControlElement::focus() call until after layout is finished.
zalan@apple.com [Tue, 15 Mar 2016 23:10:26 +0000 (23:10 +0000)]
Delay HTMLFormControlElement::focus() call until after layout is finished.
https://bugs.webkit.org/show_bug.cgi?id=155503
<rdar://problem/24046635>

Reviewed by Simon Fraser.

Calling focus on a form element can trigger arbitrary JS code which could interfere with
the ongoing layout.
This patch delays HTMLFormControlElement::focus() call until after layout is finished.
If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
after style resolution is done.

Covered by LayoutTests/fast/dom/adopt-node-crash-2.html

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::updateBackingStore):
* dom/Document.cpp:
(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::updateLayout):
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::didAttachRenderers):
* page/FrameView.cpp:
(WebCore::FrameView::layout):
(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):
(WebCore::FrameView::performPostLayoutTasks):
(WebCore::FrameView::sendResizeEventIfNeeded):
* page/FrameView.h:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::imageChanged):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::scrollTo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198238 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198230.
ryanhaddad@apple.com [Tue, 15 Mar 2016 22:57:20 +0000 (22:57 +0000)]
Unreviewed, rolling out r198230.

This change caused LayoutTests to fail on Mac

Reverted changeset:

"REGRESSION (r194660): Navigating to HTTPS sites may fail with
error"
https://bugs.webkit.org/show_bug.cgi?id=155455
http://trac.webkit.org/changeset/198230

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198237 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd developer Animometer test that bounces P3-tagged images
simon.fraser@apple.com [Tue, 15 Mar 2016 22:46:58 +0000 (22:46 +0000)]
Add developer Animometer test that bounces P3-tagged images
https://bugs.webkit.org/show_bug.cgi?id=155511

Reviewed by Tim Horton.

Add a test for rendering performance of tagged images. The 5 images are tagged
with the Display P3 colorspace.

* Animometer/resources/debug-runner/tests.js:
* Animometer/tests/bouncing-particles/bouncing-tagged-images.html: Added.
* Animometer/tests/bouncing-particles/resources/bouncing-tagged-images.js: Added.
* Animometer/tests/bouncing-particles/resources/image1.jpg: Added.
* Animometer/tests/bouncing-particles/resources/image2.jpg: Added.
* Animometer/tests/bouncing-particles/resources/image3.jpg: Added.
* Animometer/tests/bouncing-particles/resources/image4.jpg: Added.
* Animometer/tests/bouncing-particles/resources/image5.jpg: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198236 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove compile time define for SEPARATED_HEAP
oliver@apple.com [Tue, 15 Mar 2016 22:44:59 +0000 (22:44 +0000)]
Remove compile time define for SEPARATED_HEAP
https://bugs.webkit.org/show_bug.cgi?id=155508

Reviewed by Mark Lam.

Source/JavaScriptCore:

This removes the compile time define for the SEPARATED_HEAP
feature, and moves to a default-off runtime preference.

This happily also removes the need for world rebuilds while
bringing it up on different platforms.

* Configurations/FeatureDefines.xcconfig:
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::copyCompactAndLinkCode):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
(JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted.
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:

Source/WebCore:

Remove the feature define.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Remove the feature define.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Remove the feature define.

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

Remove the feature define.

* wtf/FeatureDefines.h:
* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198235 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoExtract the code to format commit logs into its own PHP file
rniwa@webkit.org [Tue, 15 Mar 2016 22:42:15 +0000 (22:42 +0000)]
Extract the code to format commit logs into its own PHP file
https://bugs.webkit.org/show_bug.cgi?id=155514

Rubber-stamped by Chris Dumez.

Extracted CommitLogFetcher out of /api/commits so that it could be used in analysis-tasks.php
in the future to support associating cause/fix for each analysis task.

* public/api/commits.php:
* public/include/commit-log-fetcher.php: Added.
(CommitLogFetcher)
(CommitLogFetcher::__construct): Added.
(CommitLogFetcher::repository_id_from_name): Added.
(CommitLogFetcher::fetch_between): Added.
(CommitLogFetcher::fetch_oldest): Added.
(CommitLogFetcher::fetch_latest): Added.
(CommitLogFetcher::fetch_last_reported): Added.
(CommitLogFetcher::fetch_revision): Added.
(CommitLogFetcher::commit_for_revision): Added.
(CommitLogFetcher::format_single_commit): Added.
(CommitLogFetcher::format_commit): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198234 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198148.
commit-queue@webkit.org [Tue, 15 Mar 2016 22:38:29 +0000 (22:38 +0000)]
Unreviewed, rolling out r198148.
https://bugs.webkit.org/show_bug.cgi?id=155518

"Lets do this patch at a later time" (Requested by saamyjoon
on #webkit).

Reverted changeset:

"[ES6] Disallow var assignments in for-in loops"
https://bugs.webkit.org/show_bug.cgi?id=155451
http://trac.webkit.org/changeset/198148

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198233 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoTest result gardening for
ap@apple.com [Tue, 15 Mar 2016 22:22:55 +0000 (22:22 +0000)]
Test result gardening for
ASSERT_NOT_REACHED on imported/w3c/web-platform-tests/html/semantics/embedded-content/the-area-element/area-coords.html
https://bugs.webkit.org/show_bug.cgi?id=155516

* TestExpectations: Skip the test in debug, as it's not useful to crash every time.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198232 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agorun-api-tests doesn't print test name when the test crashes
ap@apple.com [Tue, 15 Mar 2016 22:04:36 +0000 (22:04 +0000)]
run-api-tests doesn't print test name when the test crashes
https://bugs.webkit.org/show_bug.cgi?id=155476

Reviewed by Daniel Bates.

* Scripts/run-api-tests: Print "UNEXPECTEDLY EXITED" with a test name when output
doesn't contain the test name yet. Changed test name output to always be before raw
stdout for clarity.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r194660): Navigating to HTTPS sites may fail with error
dbates@webkit.org [Tue, 15 Mar 2016 21:55:49 +0000 (21:55 +0000)]
REGRESSION (r194660): Navigating to HTTPS sites may fail with error
https://bugs.webkit.org/show_bug.cgi?id=155455
<rdar://problem/24308793>

Reviewed by Alexey Proskuryakov.

Fixes an issue where navigating to an HTTPS site may fail because the Security Framework uses
a cache directory that it does not have permission to use.

* Shared/mac/ChildProcessMac.mm:
(WebKit::codeSigningIdentifierForProcess): Queries the Security Framework for the code signed
bundle identifier/code signing identifier.
(WebKit::ChildProcess::initializeSandbox): Use the client identifier as part of the user directory
suffix. Verify that the client identifier matches the code signed bundled identifier/code
signing identifier for the code signed app/tool. Fix minor code style issue; use a C++-style cast
instead of a C-style cast when casting an OSStatus to a long.
(WebKit::findSecCodeForProcess): Deleted; incorporated logic into WebKit::codeSigningIdentifierForProcess().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION: ASSERTION FAILED: !m_lastActiveBlock on js/function-apply.html
commit-queue@webkit.org [Tue, 15 Mar 2016 21:48:15 +0000 (21:48 +0000)]
REGRESSION: ASSERTION FAILED: !m_lastActiveBlock on js/function-apply.html
https://bugs.webkit.org/show_bug.cgi?id=155411
<rdar://problem/25134537>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-03-15
Reviewed by Mark Lam.

Source/JavaScriptCore:

* heap/Heap.cpp:
(JSC::Heap::collectImpl):
(JSC::Heap::didFinishCollection):
During collection allocators are stop/reset. The HeapProfiler tasks
were using HeapIterationScope (to satisfy MarkedSpace forEachCell API
contracts) which was doing its own stop/resume of allocators. Doing a
stop/resume in between the normal stop/reset of collection is unexpected.

Move this to didFinishCollection, alongside other heap iterations
like zombies and immortal objects. Putting this after those tasks
also means the heap snapshots will respect the zombies/immortal options
when deciding if the cell is alive or not.

LayoutTests:

* platform/mac/TestExpectations:
Unmark test as flakey.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198229 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWe should have different JSTypes for JSGlobalLexicalEnvironment and JSLexicalEnvironm...
sbarati@apple.com [Tue, 15 Mar 2016 20:41:00 +0000 (20:41 +0000)]
We should have different JSTypes for JSGlobalLexicalEnvironment and JSLexicalEnvironment and JSModuleEnvironment
https://bugs.webkit.org/show_bug.cgi?id=152406

Reviewed by Mark Lam.

This makes testing for a JSGlobalLexicalEnvironment faster
because we can just check the Cell's type instead of using
jsDynamicCast. I also changed code that does jsDynamicCast<JSGlobalObject*>
instead of isGlobalObject().

* interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
* jit/JITOperations.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
(JSC::CommonSlowPaths::tryCacheGetFromScopeGlobal):
* runtime/JSGlobalLexicalEnvironment.h:
(JSC::JSGlobalLexicalEnvironment::createStructure):
* runtime/JSLexicalEnvironment.h:
(JSC::JSLexicalEnvironment::createStructure):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):
* runtime/JSModuleEnvironment.h:
(JSC::JSModuleEnvironment::createStructure):
(JSC::JSModuleEnvironment::offsetOfModuleRecord):
* runtime/JSObject.h:
(JSC::JSObject::isGlobalObject):
(JSC::JSObject::isJSLexicalEnvironment):
(JSC::JSObject::isGlobalLexicalEnvironment):
(JSC::JSObject::isErrorInstance):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::isUnscopable):
(JSC::JSScope::resolve):
(JSC::JSScope::collectVariablesUnderTDZ):
(JSC::JSScope::isVarScope):
(JSC::JSScope::isLexicalScope):
(JSC::JSScope::isModuleScope):
(JSC::JSScope::isCatchScope):
(JSC::JSScope::isFunctionNameScopeObject):
(JSC::JSScope::isNestedLexicalScope):
(JSC::JSScope::constantScopeForCodeBlock):
(JSC::isScopeType): Deleted.
(JSC::JSScope::isGlobalLexicalEnvironment): Deleted.
* runtime/JSScope.h:
* runtime/JSType.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198228 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFixing expectation for css3/masking/mask-svg-script-none-to-png.html on ios-simulator
ryanhaddad@apple.com [Tue, 15 Mar 2016 20:31:33 +0000 (20:31 +0000)]
Fixing expectation for css3/masking/mask-svg-script-none-to-png.html on ios-simulator

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198227 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnskip and rebaseline <attachment> tests on iOS
timothy_horton@apple.com [Tue, 15 Mar 2016 20:27:39 +0000 (20:27 +0000)]
Unskip and rebaseline <attachment> tests on iOS
<rdar://problem/24805991>

* fast/attachment/attachment-default-icon.html:
* fast/attachment/attachment-folder-icon.html:
* fast/attachment/attachment-type-attribute.html:
Make these tests have identical titles between ref and actual, because
on iOS the layout differs if you have a title or not (unlike on Mac).

* platform/ios-simulator/TestExpectations:
* platform/ios-simulator/fast/attachment/attachment-label-highlight-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-progress-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-rendering-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-select-on-click-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-select-on-click-inside-user-select-all-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-subtitle-expected.txt:
* platform/ios-simulator/fast/attachment/attachment-title-expected.txt:
Unskip and rebaseline all but one of the attachment tests on iOS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198226 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRestore pre-r197244 behavior on Mac
cdumez@apple.com [Tue, 15 Mar 2016 20:01:39 +0000 (20:01 +0000)]
Restore pre-r197244 behavior on Mac
https://bugs.webkit.org/show_bug.cgi?id=155507
<rdar://problem/25174132>

Reviewed by Gavin Barraclough.

<http://trac.webkit.org/changeset/197244> changed the session restore
behavior to disallow stale content on all platforms except iOS.
We would also like to maintain the behavior on Mac for performance
reasons and consistency between iOS and Mac.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadDifferentDocumentItem):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198225 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd Antti to WebKit2 Owners file
antti@apple.com [Tue, 15 Mar 2016 19:46:22 +0000 (19:46 +0000)]
Add Antti to WebKit2 Owners file
https://bugs.webkit.org/show_bug.cgi?id=155504

Reviewed by Anders Carlsson and Sam Weinig.

* Owners:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198224 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<attachment> on iOS isn't quite vertically centered
timothy_horton@apple.com [Tue, 15 Mar 2016 19:45:00 +0000 (19:45 +0000)]
<attachment> on iOS isn't quite vertically centered
https://bugs.webkit.org/show_bug.cgi?id=155502
<rdar://problem/24805991>

Reviewed by Beth Dakin.

No new tests; there are existing tests that will be enabled shortly.

* rendering/RenderThemeIOS.mm:
(WebCore::AttachmentInfo::AttachmentInfo):
We were overcounting the total height of the attachment content by one margin, because each item
would add in its margin, including the last one. Remove one margin.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove flaky expectation for webgl/1.0.2/conformance/rendering/gl-scissor-test.html...
ryanhaddad@apple.com [Tue, 15 Mar 2016 19:43:40 +0000 (19:43 +0000)]
Remove flaky expectation for webgl/1.0.2/conformance/rendering/gl-scissor-test.html for mac
https://bugs.webkit.org/show_bug.cgi?id=126586

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198222 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFixing a typo in the ios-simulator TestExpectations file
ryanhaddad@apple.com [Tue, 15 Mar 2016 19:24:18 +0000 (19:24 +0000)]
Fixing a typo in the ios-simulator TestExpectations file

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking animations/3d/transform-origin-vs-functions.html as flaky on ios-simulator-wk2
ryanhaddad@apple.com [Tue, 15 Mar 2016 19:15:49 +0000 (19:15 +0000)]
Marking animations/3d/transform-origin-vs-functions.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155501

Unreviewed test gardening.

* platform/ios-simulator-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: certain elements not included in accessibility tree
cfleizach@apple.com [Tue, 15 Mar 2016 19:03:11 +0000 (19:03 +0000)]
AX: certain elements not included in accessibility tree
https://bugs.webkit.org/show_bug.cgi?id=155480

Reviewed by Beth Dakin.

Source/WebCore:

This test case exposed a hole in the nextSibling logic where you can get into a state where we skip content.
The fix is to check if an inline element continuation has no sibling, to fall back on to the parent case to see if that has a sibling.

Test: accessibility/double-nested-inline-element-missing-from-tree.html

* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::nextSibling):

LayoutTests:

* accessibility/double-nested-inline-element-missing-from-tree-expected.txt: Added.
* accessibility/double-nested-inline-element-missing-from-tree.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r198203.
cdumez@apple.com [Tue, 15 Mar 2016 18:26:41 +0000 (18:26 +0000)]
Unreviewed, rolling out r198203.

Favorites view is no longer loading on iOS

Reverted changeset:

"URL Parsing should signal failure for illegal IDN"
https://bugs.webkit.org/show_bug.cgi?id=154945
http://trac.webkit.org/changeset/198203

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago<attachment> on iOS should use short and emphasized fonts
timothy_horton@apple.com [Tue, 15 Mar 2016 18:25:52 +0000 (18:25 +0000)]
<attachment> on iOS should use short and emphasized fonts
https://bugs.webkit.org/show_bug.cgi?id=155485
<rdar://problem/24805991>

Reviewed by Simon Fraser.

No new tests; there are existing tests that will be enabled shortly.

* rendering/RenderThemeIOS.mm:
(WebCore::attachmentActionFont):
(WebCore::attachmentTitleFont):
(WebCore::attachmentSubtitleFont):
(WebCore::AttachmentInfo::buildTitleLines):
(WebCore::AttachmentInfo::buildSingleLine):
(WebCore::AttachmentInfo::AttachmentInfo):
No need for UIFonts, we can use CoreText, and that allows us to ask for the
correct Short and Emphasized variants that we need.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198217 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/WebCore:
antti@apple.com [Tue, 15 Mar 2016 17:26:50 +0000 (17:26 +0000)]
Source/WebCore:
REGRESSION (196383): Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

We fail to invalidate bar style in

    :not(.foo) bar { }

when class foo is added or removed.

There is a logic error in the invalidation code. It assumes that class addition can only make new selectors match
and removal make them not match. This is not true when :not is present.

* style/AttributeChangeInvalidation.h:
(WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
* style/ClassChangeInvalidation.cpp:
(WebCore::Style::ClassChangeInvalidation::invalidateStyle):

    Invalidate style and collect full set of rules that may affect descendant style.

(WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle):

    Invalidate with this set both before and after committing the changes.

(WebCore::Style::ClassChangeInvalidation::computeClassChange): Deleted.
* style/ClassChangeInvalidation.h:
(WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
(WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

LayoutTests:
Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

* fast/css/style-invalidation-attribute-change-descendants-expected.txt:
* fast/css/style-invalidation-attribute-change-descendants.html:

    Also add :not case for attribute changes (which handles this correctly already).

* fast/css/style-invalidation-class-change-descendants-expected.txt:
* fast/css/style-invalidation-class-change-descendants.html:

    Add :not case.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198216 268f45cc-cd09-0410-ab3c-d52691b4dbfc