WebKit-https.git
7 years ago[GTK] CMake tries to install JavaScriptCore-3.0.gir outside of install prefix
commit-queue@webkit.org [Fri, 25 Jul 2014 16:18:17 +0000 (16:18 +0000)]
[GTK] CMake tries to install JavaScriptCore-3.0.gir outside of install prefix
https://bugs.webkit.org/show_bug.cgi?id=135288

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-07-25
Reviewed by Martin Robinson.

* Source/cmake/FindGObjectIntrospection.cmake: pass correct libdir and
datadir to pkgconfig
* Source/cmake/OptionsGTK.cmake: define install directories early
enough to be used in FindGObjectIntrospection.cmake

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171598 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed media test gardening after r171593.
zalan@apple.com [Fri, 25 Jul 2014 15:21:01 +0000 (15:21 +0000)]
Unreviewed media test gardening after r171593.

* platform/mac/http/tests/media/hls/video-controls-live-stream-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171595 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAdd --dry-run option to sort-export-file
commit-queue@webkit.org [Fri, 25 Jul 2014 15:08:39 +0000 (15:08 +0000)]
Add --dry-run option to sort-export-file
https://bugs.webkit.org/show_bug.cgi?id=135048

Patch by Renato Nagy <nagy.renato@stud.u-szeged.hu> on 2014-07-25
Reviewed by Csaba Osztrogonác.

Added --dry-run option to sort-export-file. Running the script with --dry-run
option does not sort the export files but creates a list of the files that
need to be sorted.

* Scripts/sort-export-file:
(sawError):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171594 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSubpixel rendering: iOS video playback controls look blurry.
zalan@apple.com [Fri, 25 Jul 2014 14:47:31 +0000 (14:47 +0000)]
Subpixel rendering: iOS video playback controls look blurry.
https://bugs.webkit.org/show_bug.cgi?id=135245
<rdar://problem/16878037>

Reviewed by Simon Fraser.

This patch introduces a compositing parent of the overlay control panel so that
the transformed overlay panel becomes sharp. This is a workaround for webkit.org/b/135246.

Can't find a way to test it yet.

Source/WebCore:
* Modules/mediacontrols/mediaControlsApple.css:
(video::-webkit-media-controls-panel-composited-parent):
* Modules/mediacontrols/mediaControlsApple.js:
(Controller.prototype.createControls):
(Controller.prototype.addControls):
* Modules/mediacontrols/mediaControlsiOS.css:
(video::-webkit-media-controls-panel-composited-parent):
* Modules/mediacontrols/mediaControlsiOS.js: This is a workaround for webkit.org/b/135248
It pushes the overlay panel down to close the gap with the video element. Since the
panel's size in css pixels is scale dependent, the gap needs to be scale dependent too.
(ControllerIOS.prototype.set pageScaleFactor):

LayoutTests:
* platform/mac/fast/hidpi/video-controls-in-hidpi-expected.txt:
* platform/mac/fast/layers/video-layer-expected.txt:
* platform/mac/media/audio-controls-rendering-expected.txt:
* platform/mac/media/controls-after-reload-expected.txt:
* platform/mac/media/controls-strict-expected.txt:
* platform/mac/media/controls-without-preload-expected.txt:
* platform/mac/media/media-controls-clone-expected.txt:
* platform/mac/media/video-no-audio-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171593 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed rebaseline of test. Uploaded wrong result.
krit@webkit.org [Fri, 25 Jul 2014 11:01:59 +0000 (11:01 +0000)]
Unreviewed rebaseline of test. Uploaded wrong result.

Patch by Dirk Schulze <krit@webkit.org> on 2014-07-25

* svg/css/parse-length-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171592 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoTurn x/y to presentation attributes
krit@webkit.org [Fri, 25 Jul 2014 09:52:25 +0000 (09:52 +0000)]
Turn x/y to presentation attributes
https://bugs.webkit.org/show_bug.cgi?id=135215

Source/WebCore:
Patch by Dirk Schulze <krit@webkit.org> on 2014-07-24
Reviewed by Dean Jackson.

This follows the patch for width and height presentation attributes and
turns x and y to presentation attributes as well:

http://trac.webkit.org/changeset/171341

Tests: svg/css/parse-length.html
       transitions/svg-layout-transition.html

Added copyright where I forgot it in previous patch.

* css/CSSComputedStyleDeclaration.cpp: Computed style of x and y.
(WebCore::ComputedStyleExtractor::propertyValue):
* css/CSSParser.cpp:
(WebCore::isSimpleLengthPropertyID): Add x and y to list.
* css/DeprecatedStyleBuilder.cpp:
(WebCore::DeprecatedStyleBuilder::DeprecatedStyleBuilder): Resolve x and y.
* css/SVGCSSParser.cpp:
(WebCore::CSSParser::parseSVGValue): Parse x and y property.
* css/SVGCSSPropertyNames.in: Add x and y to list of names.
* css/StyleResolver.h:
* page/animation/CSSPropertyAnimation.cpp: Animate x and y as Length.
(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
* rendering/style/RenderStyle.h: Add x and y setters and getters.
* rendering/style/SVGRenderStyle.cpp: Add x and y setters for StyleLayoutData.
(WebCore::SVGRenderStyle::SVGRenderStyle):
(WebCore::SVGRenderStyle::operator==):
(WebCore::SVGRenderStyle::copyNonInheritedFrom):
(WebCore::SVGRenderStyle::diff):
* rendering/style/SVGRenderStyle.h:
(WebCore::SVGRenderStyle::setX):
(WebCore::SVGRenderStyle::setY):
(WebCore::SVGRenderStyle::x):
(WebCore::SVGRenderStyle::y):
* rendering/style/SVGRenderStyleDefs.cpp: Add StyleLayoutData for style storing.
(WebCore::StyleLayoutData::StyleLayoutData):
(WebCore::StyleLayoutData::copy):
(WebCore::StyleLayoutData::operator==):
* rendering/style/SVGRenderStyleDefs.h:
(WebCore::StyleLayoutData::create):
(WebCore::StyleLayoutData::operator!=):
* rendering/svg/RenderSVGRect.cpp:
(WebCore::RenderSVGRect::updateShapeFromElement):
* rendering/svg/SVGPathData.cpp: Use RenderStyle values rather than attribute values.
(WebCore::updatePathFromRectElement):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::isTargetAttributeCSSProperty): Fix text detection.
* svg/SVGElement.cpp: Add x and y to the relevant property lists.
(WebCore::populateAttributeNameToCSSPropertyIDMap):
(WebCore::populateCSSPropertyWithSVGDOMNameToAnimatedPropertyTypeMap):
* svg/SVGFilterElement.cpp: Style update on change of x and y.
(WebCore::SVGFilterElement::svgAttributeChanged):
* svg/SVGMaskElement.cpp: Ditto.
(WebCore::SVGMaskElement::svgAttributeChanged):
* svg/SVGPatternElement.cpp: Ditto.
(WebCore::SVGPatternElement::svgAttributeChanged):
* svg/SVGRectElement.cpp: Ditto.
(WebCore::SVGRectElement::svgAttributeChanged):
* svg/SVGTextPositioningElement.cpp: Exclude x and y of text elements since they
    are lists instead of individual values. Solution about to be discussed
    in the WG. Keep current behavior for now.
(WebCore::SVGTextPositioningElement::collectStyleForPresentationAttribute):
(WebCore::SVGTextPositioningElement::isPresentationAttribute):
* svg/SVGTextPositioningElement.h:

LayoutTests:
Test parsing of x and y attributes. Rendering and SVG animation
covered by existing tests.
CSS Transition test, test transition from specified attribute value
to new property value.

Patch by Dirk Schulze <krit@webkit.org> on 2014-07-24
Reviewed by Dean Jackson.

* svg/css/parse-length-expected.txt: Added.
* svg/css/parse-length.html: Renamed from LayoutTests/svg/css/parse-width.html.
* svg/css/parse-width-expected.txt: Removed.
* transitions/svg-layout-transition-expected.txt: Added.
* transitions/svg-layout-transition.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171591 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCSS JIT: Implement Pseudo Element
utatane.tea@gmail.com [Fri, 25 Jul 2014 06:58:53 +0000 (06:58 +0000)]
CSS JIT: Implement Pseudo Element
https://bugs.webkit.org/show_bug.cgi?id=134835

Reviewed by Benjamin Poulain.

Implement Pseudo Element handling for CSS JIT SelectorCompiler.
At first, we start with the simple implementation. We handle limited number of pseudo element,
before, after, first-line, first-letter.

Source/WebCore:
Tests: fast/selectors/pseudo-element-inside-any.html
       fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any.html
       fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not.html
       fast/selectors/querySelector-pseudo-element.html

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ruleMatches):
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::matchRecursively):
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorFragment::SelectorFragment):
(WebCore::SelectorCompiler::constructFragments):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::loadCheckingContext):
(WebCore::SelectorCompiler::SelectorCodeGenerator::branchOnResolvingModeWithCheckingContext):
(WebCore::SelectorCompiler::SelectorCodeGenerator::branchOnResolvingMode):
(WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNotResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasPseudoElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateRequestedPseudoElementEqualsToSelectorPseudoElement):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateMarkPseudoStyleForPseudoElement):
* cssjit/SelectorCompiler.h:
* rendering/style/RenderStyle.h:
* rendering/style/RenderStyleConstants.h:

LayoutTests:
* fast/selectors/pseudo-element-inside-any-expected.html: Added.
* fast/selectors/pseudo-element-inside-any.html: Added.
Inside functional pseudo classes such as ":-webkit-any", when pseudo element comes (e.g. ":-webkit-any(::first-letter)"),
it produces a local failure. So if the other selectors are matched against the element, whole ":-webkit-any" succeeds.
For example, a selector ":-webkit-any(::first-letter, p)" matches against `p` elements.
* fast/selectors/querySelector-pseudo-element-expected.txt: Added.
* fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any-expected.txt: Added.
* fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-any.html: Added.
* fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not-expected.txt: Added.
* fast/selectors/querySelector-pseudo-element-inside-functional-pseudo-class-not.html: Added.
* fast/selectors/querySelector-pseudo-element.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171588 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r169105): Crash in selection
abucur@adobe.com [Fri, 25 Jul 2014 06:24:07 +0000 (06:24 +0000)]
REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Patch by Radu Stavila <stavila@adobe.com> on 2014-07-24
Reviewed by David Hyatt.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Test: fast/regions/selection/crash-deselect.html

* WebCore.xcodeproj/project.pbxproj:
* rendering/RenderSelectionInfo.h:
* rendering/RenderView.cpp:
(WebCore::RenderView::setSelection):
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::setSubtreeSelection): Deleted.
* rendering/RenderView.h:
* rendering/SelectionSubtreeRoot.cpp:
(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):
* rendering/SelectionSubtreeRoot.h:
(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

* fast/regions/selection/crash-deselect-expected.txt: Added.
* fast/regions/selection/crash-deselect.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION(r164401): Placing a caret doesn't bring up autocorrection panel
rniwa@webkit.org [Fri, 25 Jul 2014 04:51:13 +0000 (04:51 +0000)]
REGRESSION(r164401): Placing a caret doesn't bring up autocorrection panel
https://bugs.webkit.org/show_bug.cgi?id=135278

Reviewed by Tim Horton.

The bug was caused by editorUIUpdateTimerFired calling respondToChangedSelection only if the selection was
triggered by dictation instead of only if it was NOT triggered by dictation.

Prior to r164401, AlternativeTextController::respondToMarkerAtEndOfWord exited early when SetSelectionOptions
had DictationTriggered set. r164401 intended to move this check to editorUIUpdateTimerFired to avoid passing
options around but the boolean condition was erroneously flipped.

Fixed the bug by negating the condition in editorUIUpdateTimerFired.

No new tests for now since autocorrection panel cannot be tested automatically. (We should really automate this!)

* editing/Editor.cpp:
(WebCore::Editor::editorUIUpdateTimerFired):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171580 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION(r171526): [GTK] Massive crashes.
psolanki@apple.com [Fri, 25 Jul 2014 04:27:57 +0000 (04:27 +0000)]
REGRESSION(r171526): [GTK] Massive crashes.
https://bugs.webkit.org/show_bug.cgi?id=135283

Unreviewed. GTK build fix after r171526. Initialize m_buffer in SharedBuffer constructor.

* platform/soup/SharedBufferSoup.cpp:
(WebCore::SharedBuffer::SharedBuffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171579 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Correct build order in JavaScriptCore.submit.sln
bfulgham@apple.com [Fri, 25 Jul 2014 03:12:26 +0000 (03:12 +0000)]
[Win] Correct build order in JavaScriptCore.submit.sln
https://bugs.webkit.org/show_bug.cgi?id=135282
<rdar://problem/17805592>

Unreviewed build fix.

* JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Correct build order
such that LLIntDesiredOffset is built prior to the rest of JSC.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171578 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCrashes under scanSelectionForTelephoneNumbers in Range::text() on some sites
timothy_horton@apple.com [Fri, 25 Jul 2014 03:12:19 +0000 (03:12 +0000)]
Crashes under scanSelectionForTelephoneNumbers in Range::text() on some sites
https://bugs.webkit.org/show_bug.cgi?id=135281
<rdar://problem/17803347>

Reviewed by Ryosuke Niwa.

* editing/Editor.cpp:
(WebCore::Editor::scanSelectionForTelephoneNumbers):
toNormalizedRange is not guaranteed to return a non-null range.
If it returns null, pass the empty markedRanges down to the client as our new set.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171577 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS][WK2] Do not try to hit test a null mainFrameRenderView on dynamicViewportSizeUp...
benjamin@webkit.org [Fri, 25 Jul 2014 03:00:57 +0000 (03:00 +0000)]
[iOS][WK2] Do not try to hit test a null mainFrameRenderView on dynamicViewportSizeUpdate()
https://bugs.webkit.org/show_bug.cgi?id=135277
<rdar://problem/17804891>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-24
Reviewed by Tim Horton.

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::dynamicViewportSizeUpdate):
There is no guarantee that the main frame have its root view when performing a dynamicViewportSizeUpdate(),
we should not attempt to use the layer without null checking it first.

The odd part for me is <rdar://problem/17804891> is a little too frequent. In the vast majority of cases,
there is a RenderView, it seems actually pretty hard not to have one on dynamicViewportSizeUpdate().

Skipping hit testing is safe because it is a completely optional part of this algorithm.
When the hit test is not done, the new position is computed based on the relative position prior to
the size change.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171576 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS] Remove prefs to tweak cache values
psolanki@apple.com [Fri, 25 Jul 2014 02:26:34 +0000 (02:26 +0000)]
[iOS] Remove prefs to tweak cache values
https://bugs.webkit.org/show_bug.cgi?id=135274
<rdar://problem/17784826>

Reviewed by Alexey Proskuryakov.

Remove iOS specific code that used to look up user defaults to see if any cache values were
overridden. This was added for testing, is not used any more and is actually harmful now. It
can cause unnecessary memory churn when under memory pressure since we call [WebView _setCacheModel]
as a means to clear out memory cache.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences _setNSURLMemoryCacheSize:]): Deleted.
(-[WebPreferences _NSURLMemoryCacheSize]): Deleted.
(-[WebPreferences _setNSURLDiskCacheSize:]): Deleted.
(-[WebPreferences _NSURLDiskCacheSize]): Deleted.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(+[WebView _setCacheModel:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171575 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSource/WebCore: WebCore part of <rdar://problem/17593701> Assertion failure in WebPag...
mitz@apple.com [Fri, 25 Jul 2014 01:31:40 +0000 (01:31 +0000)]
Source/WebCore: WebCore part of <rdar://problem/17593701> Assertion failure in WebPage::reload (!m_pendingNavigationID) when reloading after a same-document back navigation
https://bugs.webkit.org/show_bug.cgi?id=135129

Reviewed by Darin Adler.

* WebCore.exp.in: Exported equalIgnoringFragmentIdentifier(const URL&, const URL&).

Source/WebKit2: WebKit2 part of <rdar://problem/17593701> Assertion failure in WebPage::reload (!m_pendingNavigationID) when reloading after a same-document back navigation
https://bugs.webkit.org/show_bug.cgi?id=135129

Reviewed by Darin Adler.

* Shared/WebBackForwardListItem.cpp:
(WebKit::childItemWithDocumentSequenceNumber): New helper function based on
WebCore::HistoryItem::childItemWithDocumentSequenceNumber.
(WebKit::documentTreesAreEqual): New helper function based on
WebCore::HistoryItem::hasSameDocumentTree.
(WebKit::WebBackForwardListItem::itemIsInSameDocument): Added. Based on
WebCore::HistoryItem::shouldDoSameDocumentNavigationTo.
* Shared/WebBackForwardListItem.h:

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::goForward): Don’t assign a new navigation ID if the back-forward
navigation is a same-document navigation.
(WebKit::WebPageProxy::goBack): Ditto.
(WebKit::WebPageProxy::goToBackForwardItem): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171574 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSometimes WKWebView is blank after resuming the app, until you scroll
timothy_horton@apple.com [Fri, 25 Jul 2014 01:11:24 +0000 (01:11 +0000)]
Sometimes WKWebView is blank after resuming the app, until you scroll
https://bugs.webkit.org/show_bug.cgi?id=135275
<rdar://problem/17803170>

Reviewed by Benjamin Poulain.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::dispatchViewStateChange):
If the UI process is waiting for a didUpdateViewState, we need to *always*
get a reply from the Web Process, so dispatchViewStateChange should *always*
send SetViewState even if nothing changed (so that we get the reply).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171570 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WK1] CSS viewport units use the wrong viewport size in WebKit1
simon.fraser@apple.com [Fri, 25 Jul 2014 01:05:14 +0000 (01:05 +0000)]
[iOS WK1] CSS viewport units use the wrong viewport size in WebKit1
https://bugs.webkit.org/show_bug.cgi?id=135254
<rdar://problem/17781423>

Reviewed by Tim Horton.

Source/WebCore:

Test: fast/css/viewport-units-dynamic.html

In WebKit1 on iOS, we want to resolve viewport units against the visible
viewport, not the legacy WK1 notion of the "viewport" which is the entire document.

Fixes rendering of medium.com articles in WK1 views on iPad.

* page/FrameView.cpp:
(WebCore::FrameView::viewportSizeForCSSViewportUnits):

LayoutTests:

New test that ensures that viewport units are resolved against the correct
viewport size after the first style recalc.

* fast/css/viewport-units-dynamic.html: Added.
* platform/mac/fast/css/viewport-units-dynamic-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171567 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoJSWrapperMap's jsWrapperForObject() needs to keep weak prototype and constructors...
mark.lam@apple.com [Fri, 25 Jul 2014 00:59:10 +0000 (00:59 +0000)]
JSWrapperMap's jsWrapperForObject() needs to keep weak prototype and constructors from being GCed.
<https://webkit.org/b/135258>

Reviewed by Mark Hahnenberg.

Where needed, we cache the prototype object pointer in a stack local var.
This allows it to be scanned by the GC, and hence be kept alive until
we use it.  The constructor object will in turn be kept alive by the
prototype object.

Also added some comments to warn against future code additions that could
regress this issue.

* API/JSWrapperMap.mm:
(-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
(-[JSObjCClassInfo reallocateConstructorAndOrPrototype]):
(-[JSObjCClassInfo wrapperForObject:]):
(-[JSObjCClassInfo constructor]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171564 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCrash when measuring a glyphs from a fallback SVG font
mmaxfield@apple.com [Fri, 25 Jul 2014 00:27:09 +0000 (00:27 +0000)]
Crash when measuring a glyphs from a fallback SVG font
https://bugs.webkit.org/show_bug.cgi?id=135264

Reviewed by Simon Fraser.

Source/WebCore:
We can't realize font data for all fallback fonts ahead
of time, but we don't have all the necessary context to
realize SVG fallback data when it's needed. For now, we
can just bail; however, a larger, more invasive fix is
in order.

Test: svg/text/svg-fallback-font-crash.html

* platform/graphics/WidthIterator.cpp:
(WebCore::applyFontTransforms):

LayoutTests:
Render some text with a fallback SVG Font including a glyph which
only exists in that fallback font. Make sure there is no crash.

* svg/text/resources/Litherum.svg:
* svg/text/svg-fallback-font-crash-expected.txt: Added.
* svg/text/svg-fallback-font-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171561 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
simon.fraser@apple.com [Fri, 25 Jul 2014 00:24:56 +0000 (00:24 +0000)]
[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
https://bugs.webkit.org/show_bug.cgi?id=135221
<rdar://problem/17542454>

Reviewed by Benjamin Poulain.

The call to didCommitLayerTree() can cause one or two visible rect updates,
via changes to the UIScrollView contentSize and contentOffset. As a result, we
would notify the scrolling tree about a viewport change, but using the old
scrolling tree rather than the new one, so we could move layers around for
nodes which are about to be removed from the tree.

However, we also have to ensure that programmatic scrolls are applied after
didCommitLayerTree() has updated the view size, so have RemoteScrollingCoordinatorProxy
store data about programmatic scrolls and return them to the caller, which
can apply them after didCommitLayerTree().

* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp: Store a pointer to a RequestedScrollInfo
for the duration of the tree update, so that we can store requested scroll info in it.
(WebKit::RemoteScrollingCoordinatorProxy::RemoteScrollingCoordinatorProxy):
(WebKit::RemoteScrollingCoordinatorProxy::updateScrollingTree):
(WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll):
* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didCommitLayerTree): Give Mac a stub implementation.
* UIProcess/WebPageProxy.h: Group some editing-related functions together.
(WebKit::WebPageProxy::editorState):
(WebKit::WebPageProxy::canDelete):
(WebKit::WebPageProxy::hasSelectedRange):
(WebKit::WebPageProxy::isContentEditable):
(WebKit::WebPageProxy::maintainsInactiveSelection):
* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree): Ordering change: update
the layer tree, then call didCommitLayerTree(), then do the viewport update, followed
by any programmatic scroll.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171560 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago And Alexey Proskuryakov <ap@apple.com>
dbates@webkit.org [Fri, 25 Jul 2014 00:15:06 +0000 (00:15 +0000)]
And Alexey Proskuryakov  <ap@apple.com>

[iOS] REGRESSION (WebKit2): Can't login to Wordpress.com, facebook.com when always allowing cookies
https://bugs.webkit.org/show_bug.cgi?id=135273
<rdar://problem/17598815>

Reviewed by Alexey Proskuryakov.

Fixes an issue where cookies may be created in the wrong cookie store.

Currently, when we update the CFURLRequest object associated with a ResourceRequest object
we explicitly set a cookie storage, cookie accept policy, and SSL properties based on the
corresponding values in the old CFURLRequest object (if we have one). This ultimately leads
to CFNetwork associating the cookies for the request with a different cookie store when we
handle the request in the NetworkProcess. Instead, we shouldn't set these properties
explicitly as we already copy them implicitly earlier (via CFURLRequestCreateMutableCopy()).

* platform/network/cf/ResourceRequestCFNet.cpp:
(WebCore::ResourceRequest::doUpdatePlatformRequest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171559 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoJSLock release should only modify the AtomicStringTable if it modified in acquire
joepeck@webkit.org [Thu, 24 Jul 2014 23:56:34 +0000 (23:56 +0000)]
JSLock release should only modify the AtomicStringTable if it modified in acquire
https://bugs.webkit.org/show_bug.cgi?id=135143

Reviewed by Darin Adler.

* runtime/JSLock.cpp:
(JSC::JSLock::JSLock):
Initialize the member variable to nullptr.

(JSC::JSLock::willDestroyVM):
Update style to use nullptr instead of 0.

(JSC::JSLock::willReleaseLock):
We should only reset the thread data's atomic string table if
didAcquireLock changed it. m_entryAtomicStringTable will have
been set by didAcquireLock if it changed, or nullptr if it didn't.
This way we are sure we are balanced, regardless of m_vm changes.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171558 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRename feature flag for long-press gesture on Mac.
commit-queue@webkit.org [Thu, 24 Jul 2014 23:50:19 +0000 (23:50 +0000)]
Rename feature flag for long-press gesture on Mac.

Source/JavaScriptCore:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

* Configurations/FeatureDefines.xcconfig:
Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebCore:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

* Configurations/FeatureDefines.xcconfig:
Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebKit/mac:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

* Configurations/FeatureDefines.xcconfig:
Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

Source/WebKit2:
https://bugs.webkit.org/show_bug.cgi?id=135259

Patch by Peyton Randolph <prandolph@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

* Configurations/FeatureDefines.xcconfig:
Rename LINK_LONG_PRESS to MAC_LONG_PRESS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171557 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoGTK jhbuild modules needs to build xserver with --disable-local-transport
commit-queue@webkit.org [Thu, 24 Jul 2014 23:35:12 +0000 (23:35 +0000)]
GTK jhbuild modules needs to build xserver with --disable-local-transport
https://bugs.webkit.org/show_bug.cgi?id=135262

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-07-24
Reviewed by Martin Robinson.

* gtk/jhbuild.modules:
Build X server with --disable-local-transport, since local transport
is only supported on Solaris, SCO, and System V. Fixes build on
Fedora.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171555 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFixed Windows build fix.
mitz@apple.com [Thu, 24 Jul 2014 23:34:50 +0000 (23:34 +0000)]
Fixed Windows build fix.

* platform/network/cf/AuthenticationCF.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171554 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r171527.
commit-queue@webkit.org [Thu, 24 Jul 2014 23:30:31 +0000 (23:30 +0000)]
Unreviewed, rolling out r171527.
https://bugs.webkit.org/show_bug.cgi?id=135265

Breaks JSC API tests (Requested by mlam on #webkit).

Reverted changeset:

"JSWrapperMap's jsWrapperForObject() needs to defer GC."
https://bugs.webkit.org/show_bug.cgi?id=135258
http://trac.webkit.org/changeset/171527

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171553 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[GTK] build-webkit script fails under jhbuild if ACLOCAL_FLAGS is unset
commit-queue@webkit.org [Thu, 24 Jul 2014 23:29:04 +0000 (23:29 +0000)]
[GTK] build-webkit script fails under jhbuild if ACLOCAL_FLAGS is unset
https://bugs.webkit.org/show_bug.cgi?id=135065

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-07-24
Reviewed by Martin Robinson.

* jhbuild/jhbuild-wrapper:
(ensure_jhbuild): do not assume jhbuild sets ACLOCAL_FLAGS

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171552 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAttempted Windows build fix.
mitz@apple.com [Thu, 24 Jul 2014 23:01:43 +0000 (23:01 +0000)]
Attempted Windows build fix.

* platform/network/cf/AuthenticationCF.cpp:
(WebCore::AuthenticationChallenge::AuthenticationChallenge):
* platform/network/cf/CredentialStorageCFNet.cpp:
(WebCore::CredentialStorage::getFromPersistentStorage):
* platform/network/cf/ProtectionSpaceCFNet.cpp:
(WebCore::ProtectionSpace::receivesCredentialSecurely):
(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCreating a JSGlobalObject with a custom JSClassRef results in a JSProxy with the...
mhahnenberg@apple.com [Thu, 24 Jul 2014 22:56:05 +0000 (22:56 +0000)]
Creating a JSGlobalObject with a custom JSClassRef results in a JSProxy with the wrong prototype
https://bugs.webkit.org/show_bug.cgi?id=135250

Reviewed by Geoffrey Garen.

JSGlobalObject::resetPrototype (which is called from JSGlobalContextCreateInGroup) doesn't change its
JSProxy's prototype as well. This results in a JSProxy where no properties in the original prototype
chain (as created from the JSClassRef hierarchy) are accessible. Changing resetPrototype to also change
the JSProxy's prototype fixes the issue.

* API/JSValueRef.cpp:
(JSValueIsObjectOfClass): Also fixed a bug where a JSProxy for a JSGlobalObject with a custom JSClassRef
would claim it wasn't of the specified class, even if the target was of the specified class.
* API/tests/CustomGlobalObjectClassTest.c: Added.
(jsDoSomething):
(customGlobalObjectClassTest):
* API/tests/CustomGlobalObjectClassTest.h: Added.
* API/tests/testapi.c:
(assertTrue):
(main):
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::resetPrototype):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171543 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSource/WebCore: <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn...
mitz@apple.com [Thu, 24 Jul 2014 22:51:12 +0000 (22:51 +0000)]
Source/WebCore: <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

* CMakeLists.txt: Updated for rename of a source file.

* WebCore.exp.in: Updated.

* WebCore.vcxproj/WebCore.vcxproj: Updated for rename of source files, added
ProtectionSpaceCFNet.{cpp,h}.
* WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.

* WebCore.xcodeproj/project.pbxproj: Updated for rename of source files, added
ProtectionSpaceCococa.{h.mm}.

* platform/network/ProtectionSpace.cpp: Renamed to ProtectionSpaceBase.cpp.
* platform/network/ProtectionSpace.h: This file was renamed to ProtectionSpaceBase.h, and
in its place added a generic ProtectionSpace class that just derives from
ProtectionSpaceBase. For Cocoa and CFNetwork, ProtectionSpace{Cocoa,CFNet}.h is included
instead of the generic class.

* platform/network/ProtectionSpaceBase.cpp: Renamed ProtectionSpace.cpp to this.
(WebCore::ProtectionSpaceBase::ProtectionSpaceBase): Updated for rename.
(WebCore::ProtectionSpaceBase::host): Ditto.
(WebCore::ProtectionSpaceBase::port): Ditto.
(WebCore::ProtectionSpaceBase::serverType): Ditto.
(WebCore::ProtectionSpaceBase::isProxy): Ditto.
(WebCore::ProtectionSpaceBase::realm): Ditto.
(WebCore::ProtectionSpaceBase::authenticationScheme): Ditto.
(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Removed CFNetwork-specific part,
which is now implemented in ProtectionSpaceCFNet.cpp.
(WebCore::ProtectionSpaceBase::compare): Replaced operator== with this, and made it call
ProtectionSpace::platformCompare at the end if needed.

* platform/network/ProtectionSpaceBase.h: Renamed ProtectionSpace.h to this.
(WebCore::ProtectionSpaceBase::encodingRequiresPlatformData): Added with a default
implementation that returns false, for ProtectionSpace implementations to override.
(WebCore::ProtectionSpaceBase::platformCompare): Added with a default implementation that
returns true, for ProtectionSpace implementations to override.
(WebCore::operator==): Changed to call compare.

* platform/network/cf/AuthenticationCF.cpp:
(WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
ProtectionSpace constructor that takes a CFURLProtectionSpaceRef.
(WebCore::createCF): Changed to use ProtectionSpace::cfSpace.

* platform/network/cf/AuthenticationCF.h: Guarded a couple of functiosn that aren’t used in
Cocoa with #if PLATFORM(WIN).

* platform/network/cf/CredentialStorageCFNet.cpp:
(WebCore::CredentialStorage::getFromPersistentStorage): Changed to use
ProtectionSpace::cfSpace.
(WebCore::CredentialStorage::saveToPersistentStorage): Ditto.

* platform/network/cf/ProtectionSpaceCFNet.cpp: Added.
(WebCore::ProtectionSpaceBase::receivesCredentialSecurely): Override with the
CFNetwork-specific test that was previously in ProtectionSpace.cpp.

* platform/network/cf/ProtectionSpaceCFNet.h: Copied from Source/WebCore/platform/network/ProtectionSpace.h.
Declare ProtectionSpace and override receivesCredentialSecurely.

* platform/network/mac/AuthenticationMac.h: Deleted the ProtectionSpace core() and mac().
* platform/network/mac/AuthenticationMac.mm:
(WebCore::AuthenticationChallenge::AuthenticationChallenge): Changed to use the
ProtectionSpace constructor that takes an NSURLProtectionSpace.
(WebCore::mac): Changed to use ProtectionSpace::nsSpace.

* platform/network/mac/CredentialStorageMac.mm:
(WebCore::CredentialStorage::getFromPersistentStorage): Ditto.

* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::receivedCredential): Changed to use the ProtectionSpace
constructor that takes an NSURLProtectionSpace.

* platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
(-[WebCoreResourceHandleAsDelegate connection:canAuthenticateAgainstProtectionSpace:]):
Ditto.

* platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
(-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
Ditto.

Source/WebKit/mac: WebKit part of <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

* Misc/WebDownload.mm:
(-[WebDownloadInternal download:didReceiveAuthenticationChallenge:]): Chanegd to use the
ProtectionSpace constructor that takes an NSURLProtectionSpace.

* Plugins/WebBaseNetscapePluginView.mm:
(WebKit::getAuthenticationInfo): Ditto.

* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::canAuthenticateAgainstProtectionSpace): Changed to use
ProtectionSpace::nsSpace.

Source/WebKit2: WebKit2 part of <rdar://problem/17766348> [Cocoa] WebCore::ProtectionSpace doesn’t preserve all NSURLProtectionSpace properties, such as the distinguishedNames array
https://bugs.webkit.org/show_bug.cgi?id=135229

Reviewed by Alexey Proskuryakov.

* Shared/Cocoa/WKNSURLProtectionSpace.mm: Changed to use ProtectionSpace::nsSpace.

* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<ProtectionSpace>::encode): If encoding the space requires encoding the
platform data, do that.
(IPC::ArgumentCoder<ProtectionSpace>::decode): If platform data was encoded, decode it.
* Shared/WebCoreArgumentCoders.h:

* Shared/mac/WebCoreArgumentCodersMac.mm:
(IPC::ArgumentCoder<ProtectionSpace>::encodePlatformData): Archive the NSURLProtectionSpace.
(IPC::ArgumentCoder<ProtectionSpace>::decodePlatformData): Unarchive it.

* Shared/soup/WebCoreArgumentCodersSoup.cpp:
(IPC::ArgumentCoder<ProtectionSpace>::encodePlatformData): Added.
(IPC::ArgumentCoder<ProtectionSpace>::decodePlatformData): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171540 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[WK2] Fixed/Sticky layers can get mispositioned when the layer tree commit change...
benjamin@webkit.org [Thu, 24 Jul 2014 22:25:59 +0000 (22:25 +0000)]
[WK2] Fixed/Sticky layers can get mispositioned when the layer tree commit change their position or size
https://bugs.webkit.org/show_bug.cgi?id=135227
<rdar://problem/17279500>

Reviewed by Simon Fraser.

Source/WebCore:
Keep track of the creation/destruction of Fixed and Sticky nodes in the ScrollingTree.

* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::ScrollingTree):
* page/scrolling/ScrollingTree.h:
(WebCore::ScrollingTree::hasFixedOrSticky):
(WebCore::ScrollingTree::fixedOrStickyNodeAdded):
(WebCore::ScrollingTree::fixedOrStickyNodeRemoved):
* page/scrolling/mac/ScrollingTreeFixedNode.mm:
(WebCore::ScrollingTreeFixedNode::ScrollingTreeFixedNode):
(WebCore::ScrollingTreeFixedNode::~ScrollingTreeFixedNode):
* page/scrolling/mac/ScrollingTreeStickyNode.mm:
(WebCore::ScrollingTreeStickyNode::ScrollingTreeStickyNode):
(WebCore::ScrollingTreeStickyNode::~ScrollingTreeStickyNode):

Source/WebKit2:
In some cases, a fixed or sticky positioned layer would end up at its position corresponding to the WebProcess
instead of sticking the to real viewport in the UIProcess.

The sequence of event is:
1) A layer becomes fixed in some ScrollingTree transaction.
2) Later, some change in the WebProcess causes a LayerTree update for that exact same layer, but no corresponding
   ScrollingTree update is made.
3) In the UIProcess, the position of the fixed layer is changed due to the LayerTree update.
   But! There is no ScrollingTree change, updateScrollingTree() never sets fixedOrStickyLayerChanged to true,
   and the position is not corrected.
-> The layer is now at the wrong position until the next VisibleContentRectUpdate.

Ideally, we should have fixedOrStickyLayerChanged track if either the position or size of a fixed layer changed
in the layer tree. This is tricky since the layer tree does not keep track of the fixed nodes of the scrolling tree.

Since this complexity seems risky at this point, I went for something simpler but with more overhead:
any time the scrolling tree contains either a fixed or sticky layer, viewportChangedViaDelegatedScrolling()
is called to "fix" the position.

* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.cpp:
(WebKit::RemoteScrollingCoordinatorProxy::updateScrollingTree):
(WebKit::RemoteScrollingCoordinatorProxy::connectStateNodeLayers):
* UIProcess/Scrolling/RemoteScrollingCoordinatorProxy.h:
(WebKit::RemoteScrollingCoordinatorProxy::hasFixedOrSticky):
* UIProcess/ios/RemoteScrollingCoordinatorProxyIOS.mm:
(WebKit::RemoteScrollingCoordinatorProxy::connectStateNodeLayers):
* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171532 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoLet WheelEvent wrap a PlatformWheelEvent
commit-queue@webkit.org [Thu, 24 Jul 2014 22:17:58 +0000 (22:17 +0000)]
Let WheelEvent wrap a PlatformWheelEvent
https://bugs.webkit.org/show_bug.cgi?id=135244

When WheelEvent is initialized with a PlatformWheelEvent, store that PlatformWheelEvent for future use.

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-07-24
Reviewed by Beth Dakin.

No new tests because behavior should not have changed.

* dom/WheelEvent.cpp: Added method to access the PlatformWheelEvent.
(WebCore::WheelEvent::WheelEvent):
* dom/WheelEvent.h: Added field to store PlatformWheelEvent, if initialized via PlatformWheelEvent.
(WebCore::WheelEvent::wheelEvent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171531 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Replay: don't encode/decode primitive types that lack explicit sizes
burg@cs.washington.edu [Thu, 24 Jul 2014 22:11:12 +0000 (22:11 +0000)]
Web Replay: don't encode/decode primitive types that lack explicit sizes
https://bugs.webkit.org/show_bug.cgi?id=133430

Reviewed by Anders Carlsson.

Source/JavaScriptCore:
Don't support encode/decode of unsigned long, since its size is compiler-dependent.

* replay/EncodedValue.cpp:
(JSC::EncodedValue::convertTo<unsigned long>):
(JSC::unsigned long>::encodeValue): Deleted.
* replay/EncodedValue.h:

Source/WebCore:
Remove uses of unsigned long in encode/decode methods because the type lacks an
explicit size. Move frame index serialization away from using unsigned long.

* replay/ReplayController.cpp:
(WebCore::logDispatchedDOMEvent): Fix the format string.
* replay/SerializationMethods.cpp:
(WebCore::frameIndexFromDocument):
(WebCore::frameIndexFromFrame):
(WebCore::documentFromFrameIndex):
(WebCore::frameFromFrameIndex):
(JSC::EncodingTraits<PluginData>::encodeValue):
(JSC::EncodingTraits<PluginData>::decodeValue):
* replay/SerializationMethods.h:
* replay/WebInputs.json: Remove primitive types without explicit sizes.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171528 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoJSWrapperMap's jsWrapperForObject() needs to defer GC.
mark.lam@apple.com [Thu, 24 Jul 2014 22:01:40 +0000 (22:01 +0000)]
JSWrapperMap's jsWrapperForObject() needs to defer GC.
<https://webkit.org/b/135258>

Reviewed by Oliver Hunt.

In the process of creating a JS wrapper, jsWrapperForObject() will create
the prototype and constructor of the corresponding ObjC class, as well as
for classes in its inheritance chain.  These prototypes and constructors
are stored in Weak references in the JSObjCClassInfo objects.  During all
the allocation that is being done to create all the prototypes and
constructors as well as the wrapper objects, a GC may occur thereby
collecting one or more of these newly created prototype and constructor
objects.

One example of where this problem can manifest is in wrapperForObject()
which is called from jsWrapperForObject().  In wrapperFoObject(), we do
the following steps:

1. reallocateConstructorAndOrPrototype() which creates the prototype
   object and store it in JSObjCClassInfo's m_prototype which is a Weak
   ref.
2. makeWrapper() to create the wrapper object, which may trigger a GC.
   GC will collect the prototype object and nullify the corresponding
   JSObjCClassInfo's m_prototype Weak ref.
3. call JSObjectSetPrototype() to set the JSObjCClassInfo's m_prototype
   in the newly created wrapper.  This results in the wrapper getting a
   jsNull as a prototype instead of the expected prototype object.

To ensure that the prototype and constructor objects are retained until
they can be referenced properly from the wrapper object,
jsWrapperForObject() should defer GC until it's done with its work.

* API/JSWrapperMap.mm:
(-[JSWrapperMap jsWrapperForObject:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171527 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSharing SharedBuffer between WebCore and ImageIO is racy and crash prone
psolanki@apple.com [Thu, 24 Jul 2014 21:37:43 +0000 (21:37 +0000)]
Sharing SharedBuffer between WebCore and ImageIO is racy and crash prone
https://bugs.webkit.org/show_bug.cgi?id=135069
<rdar://problem/17470655>

Reviewed by Simon Fraser.

When passing image data to ImageIO for decoding, we pass an NSData subclass that is a wraper
around SharedBuffer. This can be a problem when ImageIO tries to access the data on the CA
thread. End result is data corruption on large image loads and potential crashes. The fix is
to have SharedBuffer create a copy of its data if the data has been passed to ImageIO and
might be accessed concurrently.

Since Vector is not refcounted, we do this by having a new refcounted object in SharedBuffer
that contains the buffer and we pass that in our NSData subclass WebCoreSharedBufferData.
Code that would result in the Vector memory moving e.g. append(), resize(), now checks to
see if the buffer was shared and if so, will create a new copy of the vector. This ensures
that the main thread does not end up invalidating the vector memory that we have passed it
to ImageIO.

No new tests because no functional changes.

* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::makePurgeable):
    Remove early return - createPurgeableMemory() has the correct check now.
* platform/SharedBuffer.cpp:
(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::adoptVector):
(WebCore::SharedBuffer::createPurgeableBuffer):
    Don't create purgeable buffer if we are sharing the buffer.
(WebCore::SharedBuffer::append):
(WebCore::SharedBuffer::clear):
(WebCore::SharedBuffer::copy):
(WebCore::SharedBuffer::duplicateDataBufferIfNecessary): Added.
    Create a new copy of the data if we have shared the buffer and if appending to it would
    exceed the capacity of the vector resulting in memmove.
(WebCore::SharedBuffer::appendToInternalBuffer): Added.
(WebCore::SharedBuffer::clearInternalBuffer): Added.
(WebCore::SharedBuffer::buffer):
    Create a new copy of the buffer if we have shared it.
(WebCore::SharedBuffer::getSomeData):
* platform/SharedBuffer.h:
* platform/cf/SharedBufferCF.cpp:
(WebCore::SharedBuffer::SharedBuffer):
(WebCore::SharedBuffer::singleDataArrayBuffer):
(WebCore::SharedBuffer::maybeAppendDataArray):
* platform/mac/SharedBufferMac.mm:
    Pass the InternalBuffer object to WebCoreSharedBufferData
(-[WebCoreSharedBufferData dealloc]):
(-[WebCoreSharedBufferData initWithSharedBufferInternalBuffer:]):
(-[WebCoreSharedBufferData length]):
(-[WebCoreSharedBufferData bytes]):
(WebCore::SharedBuffer::createNSData):
    Call createCFData() instead of duplicating code.
(WebCore::SharedBuffer::createCFData):
    If the data is in purgeable memory, make a copy of it since m_buffer was cleared when
    creating the purgeable buffer.
(-[WebCoreSharedBufferData initWithSharedBuffer:]): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCommitters should mail webkit-committers not webkit-reviewers for reactivation
bjonesbe@adobe.com [Thu, 24 Jul 2014 21:12:53 +0000 (21:12 +0000)]
Committers should mail webkit-committers not webkit-reviewers for reactivation
https://bugs.webkit.org/show_bug.cgi?id=135203

Reviewed by Ryosuke Niwa.

Only reviewers can send mail to webkit-reviewers. Amend the policy so that committers should
send mail to webkit-committers instead of webkit-reviewers.

* coding/commit-review-policy.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171525 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoNeed to explicitly support location services in webcontent profile
oliver@apple.com [Thu, 24 Jul 2014 20:18:06 +0000 (20:18 +0000)]
Need to explicitly support location services in webcontent profile
https://bugs.webkit.org/show_bug.cgi?id=135251
<rdar://17798346>

Reviewed by Dan Bernstein.

Switching to uikit-app means that we remove the implicit support
for location services. This makes us explicitly opt-in.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171519 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCrash at [WKContentView _applicationWillEnterForeground:] + 28
timothy_horton@apple.com [Thu, 24 Jul 2014 20:13:34 +0000 (20:13 +0000)]
Crash at [WKContentView _applicationWillEnterForeground:] + 28
<rdar://problem/17797103>

Reviewed by Sam Weinig.

* UIProcess/ios/WKContentView.mm:
(-[WKContentView _applicationWillEnterForeground:]):
Drawing area can be null; null check it!
It's ok if we don't hide the content in this case, because if the drawing area is null,
it doesn't have any layers in the tree anyway.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Curl] Enable file logging.
commit-queue@webkit.org [Thu, 24 Jul 2014 19:23:51 +0000 (19:23 +0000)]
[Curl] Enable file logging.
https://bugs.webkit.org/show_bug.cgi?id=135202

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-24
Reviewed by Alex Christensen.

The Curl api offers the possibility to write log messages to file. Enable this for debugging purposes.

* platform/network/curl/ResourceHandleManager.cpp:
(WebCore::ResourceHandleManager::ResourceHandleManager):
(WebCore::ResourceHandleManager::~ResourceHandleManager):
(WebCore::ResourceHandleManager::initializeHandle):
* platform/network/curl/ResourceHandleManager.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171513 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSort WebCore.exp.in after r171252
commit-queue@webkit.org [Thu, 24 Jul 2014 16:20:49 +0000 (16:20 +0000)]
Sort WebCore.exp.in after r171252
https://bugs.webkit.org/show_bug.cgi?id=135239

Patch by Tibor Meszaros <tmeszaros.u-szeged@partner.samsung.com> on 2014-07-24
Reviewed by Csaba Osztrogonác.

* WebCore.exp.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171512 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[New Multicolumn] Assertion failure when an input element has multicolumn style
mihnea@adobe.com [Thu, 24 Jul 2014 12:23:04 +0000 (12:23 +0000)]
[New Multicolumn] Assertion failure when an input element has multicolumn style
https://bugs.webkit.org/show_bug.cgi?id=135234

Reviewed by Andrei Bucur.

Source/WebCore:
Restrict the assertion in RenderBlock::canComputeRegionRangeForBox
only to RenderNamedFlowThread objects since for RenderMultiColumnFlowThread
objects we can compute a range of regions during their parent block layout.

Test: fast/multicol/newmulticol/input-as-multicol.html

* rendering/RenderBlock.cpp:
(WebCore::canComputeRegionRangeForBox):

LayoutTests:
* fast/multicol/newmulticol/input-as-multicol-expected.txt: Added.
* fast/multicol/newmulticol/input-as-multicol.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171511 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WK2] Some help.apple.com pages not scrollable
simon.fraser@apple.com [Thu, 24 Jul 2014 05:17:43 +0000 (05:17 +0000)]
[iOS WK2] Some help.apple.com pages not scrollable
https://bugs.webkit.org/show_bug.cgi?id=135228
<rdar://problem/17790792>

Reviewed by Benjamin Poulain.

On pages which size their document to the device size, the WKContentView size
never changes after it's created. In this situation, we never set a bounds
on the _rootContentView, so it remains zero-sized which breaks hit testing
on all enclosed UIScrollViews for overflow:scroll.

Fix by making the _rootContentView and the _inspectorIndicationView use autosizing
so they are always the size of their parent view, and remove the explicit setting
of their bounds.

* UIProcess/ios/WKContentView.mm:
(-[WKContentView initWithFrame:context:configuration:webView:]):
(-[WKContentView setShowingInspectorIndication:]):
(-[WKContentView _didCommitLayerTree:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS][WK2] r171124 is incorrect when the virtual keyboard is up
benjamin@webkit.org [Thu, 24 Jul 2014 05:02:10 +0000 (05:02 +0000)]
[iOS][WK2] r171124 is incorrect when the virtual keyboard is up
https://bugs.webkit.org/show_bug.cgi?id=135187

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-23
Reviewed by Simon Fraser.

Unfortunately, restricting the input into the document rect does not work.
When the keyboard is up, the keyboard bounds can overlap the WKWebView, and
the valid range should account for that.

Instead of playing with the keyboard rect, we can limit the scroll position
inside the valid range of UIScrollView. The keyboard always adjusts the UIScrollView
range as needed to give access to the content. Using that range is a bit more permissive
because the page could scroll to reveal content in the content inset defined by the client
of the API (this could actually be quite useful for hybrid apps).

There was already a function to change the content offset in the valid scrollview
range: changeContentOffsetBoundedInValidRange(), I extracted the range check
to contentOffsetBoundedInValidRange() for the needs of -[WKWebView _scrollToContentOffset:].

So...contentOffsetBoundedInValidRange() is cool, but it is not in the right coordinate
system. The scroll position we get from the WebProcess is in document coordinates, while
contentOffsetBoundedInValidRange() works with the UIScrollView coordinates.
To fix that, we scale the input position to get to the same scale as UIScrollView, then
apply the insets with the weirdly named [WKWebView _adjustedContentOffset:].

* UIProcess/API/Cocoa/WKWebView.mm:
(contentOffsetBoundedInValidRange):
(changeContentOffsetBoundedInValidRange):
(-[WKWebView _scrollToContentOffset:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171507 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoTransparent fullscreen background when video is not present.
commit-queue@webkit.org [Thu, 24 Jul 2014 04:38:03 +0000 (04:38 +0000)]
Transparent fullscreen background when video is not present.
https://bugs.webkit.org/show_bug.cgi?id=135226

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-07-23
Reviewed by Simon Fraser.

Set background to black just before beginning the animation to fullscreen.

* platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
(WebVideoFullscreenInterfaceAVKit::enterFullscreen): set background color black.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoScriptController::updateDocument ASSERT mutating map while iterating map
commit-queue@webkit.org [Thu, 24 Jul 2014 02:39:53 +0000 (02:39 +0000)]
ScriptController::updateDocument ASSERT mutating map while iterating map
https://bugs.webkit.org/show_bug.cgi?id=135211

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-23
Reviewed by Oliver Hunt.

Avoid iterating over m_windowShells in more places. This prevents
the possibility of a collection during JSC allocation which might
cause a mutation to m_windowShells (HTMLMediaElement destruction).

Have ScriptController defriend ScriptCachedFrameData by providing
a getter for the list of window shells.

* bindings/js/ScriptCachedFrameData.cpp:
(WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
(WebCore::ScriptCachedFrameData::restore):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::windowShells):
(WebCore::ScriptController::clearWindowShell):
(WebCore::ScriptController::attachDebugger):
(WebCore::ScriptController::updateDocument):
* bindings/js/ScriptController.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171505 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r171498.
commit-queue@webkit.org [Thu, 24 Jul 2014 01:13:14 +0000 (01:13 +0000)]
Unreviewed, rolling out r171498.
https://bugs.webkit.org/show_bug.cgi?id=135223

It will regress some scroll position restoration on navigation
(r167916). (Requested by smfr on #webkit).

Reverted changeset:

"[iOS WK2] Header bar on nytimes articles lands in the wrong
place after rubberbanding"
https://bugs.webkit.org/show_bug.cgi?id=135221
http://trac.webkit.org/changeset/171498

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171504 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r171376): Sometimes we detect less than the whole phone number
timothy_horton@apple.com [Thu, 24 Jul 2014 00:24:09 +0000 (00:24 +0000)]
REGRESSION (r171376): Sometimes we detect less than the whole phone number
https://bugs.webkit.org/show_bug.cgi?id=135220
<rdar://problem/17783423>

Reviewed by Brady Eidson.

* editing/Editor.cpp:
(WebCore::Editor::scanSelectionForTelephoneNumbers):
Use the visible selection's start and end instead of base and extent, because they'll
always be in the right order in the case of a directional selection (base can be *after* extent
if you select from right to left). This fixes the code that expands the selection.

Pass the *entire* expanded selection to DataDetectors, instead of using TextIterator.
This way, we will find each number only once, and will never get part of a phone number once
and then the whole phone number later.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171499 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
simon.fraser@apple.com [Thu, 24 Jul 2014 00:23:03 +0000 (00:23 +0000)]
[iOS WK2] Header bar on nytimes articles lands in the wrong place after rubberbanding
https://bugs.webkit.org/show_bug.cgi?id=135221

Reviewed by Tim Horton.

Source/WebCore:

Add a function on GraphicsLayer to force a flush of the layer position
to the underlying graphics system, so that when layers cease being
scroll-coordinated, we can ensure that their layers are repositioned
in the correct location.

* WebCore.exp.in:
* platform/graphics/GraphicsLayer.h:
(WebCore::GraphicsLayer::forcePositionUpdate):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::forcePositionUpdate):
* platform/graphics/ca/GraphicsLayerCA.h:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):

Source/WebKit2:

The call to didCommitLayerTree() can cause one or two visible rect updates,
via changes to the UIScrollView contentSize and contentOffset. As a result, we
would notify the scrolling tree about a viewport change, but using the old
scrolling tree rather than the new one, so we could move layers around for
nodes which are about to be removed from the tree.

Fix by m_webPageProxy->didCommitLayerTree() after the scrolling tree has been
committed.

* UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:
(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171498 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoGet rid of SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator
psolanki@apple.com [Thu, 24 Jul 2014 00:08:10 +0000 (00:08 +0000)]
Get rid of SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator
https://bugs.webkit.org/show_bug.cgi?id=135219

Reviewed by Anders Carlsson.

No new tests because no functional changes.

* loader/ResourceBuffer.h:
* loader/mac/ResourceBuffer.mm:
(WebCore::ResourceBuffer::createNSData):
* platform/SharedBuffer.h:
(WebCore::SharedBuffer::NSDataRetainPtrWithoutImplicitConversionOperator::NSDataRetainPtrWithoutImplicitConversionOperator): Deleted.
* platform/mac/SharedBufferMac.mm:
(WebCore::SharedBuffer::createNSData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171497 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild fix after r171361.
rniwa@webkit.org [Wed, 23 Jul 2014 23:20:22 +0000 (23:20 +0000)]
Build fix after r171361.

* public/js/helper-classes.js:
(.this.formattedBuildTime):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoSubpixel rendering: Cleanup RenderLayerCompositor::deviceScaleFactor()
zalan@apple.com [Wed, 23 Jul 2014 22:55:37 +0000 (22:55 +0000)]
Subpixel rendering: Cleanup RenderLayerCompositor::deviceScaleFactor()
https://bugs.webkit.org/show_bug.cgi?id=135208

Reviewed by Simon Fraser.

Use m_renderView.document() to retrieve device scale factor value. m_renderView.document()
is always available while this->page() is not.

No change in behavior.

* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateTransform):
(WebCore::RenderLayerBacking::computeTransformOriginForPainting):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::deviceScaleFactor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171494 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoAdd a pseudo target to create sandbox override roots
oliver@apple.com [Wed, 23 Jul 2014 22:03:54 +0000 (22:03 +0000)]
Add a pseudo target to create sandbox override roots
https://bugs.webkit.org/show_bug.cgi?id=135216
<rdar://17785560>

Reviewed by Alexey Proskuryakov.

Just a duplicate of the standard ios sandbox target, targetting
the profile overrides directory.  This means we can make roots
that "Just Work".

* WebKit2.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171493 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[WinCairo] Gstreamer rendering is not working.
commit-queue@webkit.org [Wed, 23 Jul 2014 21:56:30 +0000 (21:56 +0000)]
[WinCairo] Gstreamer rendering is not working.
https://bugs.webkit.org/show_bug.cgi?id=135201

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-23
Reviewed by Alex Christensen.

WinCairo does not support accelerated rendering yet.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
(WebCore::MediaPlayerPrivateGStreamerBase::supportsAcceleratedRendering):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171492 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoIncorrect commit for sandbox profile
oliver@apple.com [Wed, 23 Jul 2014 21:43:43 +0000 (21:43 +0000)]
Incorrect commit for sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=135214
<rdar://17739108>

Reviewed by Anders Carlsson.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171490 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoWeb Inspector: InspectorBackend's promise-based agent API does not support multiple...
burg@cs.washington.edu [Wed, 23 Jul 2014 21:16:33 +0000 (21:16 +0000)]
Web Inspector: InspectorBackend's promise-based agent API does not support multiple return values
https://bugs.webkit.org/show_bug.cgi?id=135207

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:
The promise wrapper implementation assumed that the protocol callback supplies a single 'payload'
return value, but InspectorBackend will actually unpack multiple return values as multiple
callback arguments. Set a special flag so it will not try to apply multiple return values.

It would read better if multiple return values could be spread to the resolve callback, but
multiple argument support are not required by the Promises specification, so we won't use them.

* UserInterface/Controllers/ReplayManager.js: Fix uses of promise return values.
(WebInspector.ReplayManager):
* UserInterface/Models/ReplaySession.js:
* UserInterface/Models/ReplaySessionSegment.js:
(WebInspector.ReplaySessionSegment):
* UserInterface/Protocol/InspectorBackend.js:
(InspectorBackend.Command.prototype.promise):

LayoutTests:
* http/tests/inspector/replay/replay-test.js: fix uses of promise API return values.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171489 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r171455.
commit-queue@webkit.org [Wed, 23 Jul 2014 20:59:40 +0000 (20:59 +0000)]
Unreviewed, rolling out r171455.
https://bugs.webkit.org/show_bug.cgi?id=135209

completely broke selection highlight invalidation (Requested
by thorton on #webkit).

Reverted changeset:

"REGRESSION (r169105): Crash in selection"
https://bugs.webkit.org/show_bug.cgi?id=134303
http://trac.webkit.org/changeset/171455

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171488 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed iOS build fix after r171355.
joepeck@webkit.org [Wed, 23 Jul 2014 20:34:14 +0000 (20:34 +0000)]
Unreviewed iOS build fix after r171355.

* TestWebKitAPI/Configurations/Base.xcconfig:
Since all the Tests/WebKit2Cocoa tests are already explicitly skipped on iOS,
simplify to skipping all the tests in the directory. PlatformUtilities are not
building on iOS, which means we are missing necessary Util functions.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171487 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCompile window-inactive and fullscreen pseudoclasses in css selectors.
achristensen@apple.com [Wed, 23 Jul 2014 20:19:37 +0000 (20:19 +0000)]
Compile window-inactive and fullscreen pseudoclasses in css selectors.
https://bugs.webkit.org/show_bug.cgi?id=135200

Reviewed by Benjamin Poulain.

* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOne):
Removed the check of context.hasSelectionPseudo for a window-inactive pseudoclass.
Moved logic to SelectorCheckerTestFunctions.h to share with the selector compiler.
* css/SelectorCheckerTestFunctions.h:
(WebCore::isWindowInactive):
(WebCore::matchesFullScreenAnimatingFullScreenTransitionPseudoClass):
(WebCore::matchesFullScreenAncestorPseudoClass):
(WebCore::matchesFullScreenDocumentPseudoClass):
Added from SelectorChecker.cpp.
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::addPseudoClassType):
Added unoptimized pseudoclass cases for window-inactive and fullscreen pseudoclasses.
Explicitly listed uncompiled pseudoclasses for future work instead of using a default.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171486 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago<rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with...
mitz@apple.com [Wed, 23 Jul 2014 20:18:47 +0000 (20:18 +0000)]
<rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
https://bugs.webkit.org/show_bug.cgi?id=135206

Reviewed by Anders Carlsson.

* Shared/cf/ArgumentCodersCF.cpp:
(IPC::copyPersistentRef): Added this helper function. It differs from
SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
ensures that we get a reference to the copy that is in the keychain access group that the
Networking process can use.
(IPC::encode): Use copyPersistentRef.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild fix after r171482.
bfulgham@apple.com [Wed, 23 Jul 2014 18:39:41 +0000 (18:39 +0000)]
Build fix after r171482.

Rubberstamped by Joe Pecoraro.

* runtime/Identifier.h: Make header declarations match
implementation file.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171483 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago../JavaScriptCore: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows
bfulgham@apple.com [Wed, 23 Jul 2014 18:18:34 +0000 (18:18 +0000)]
../JavaScriptCore: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows
https://bugs.webkit.org/show_bug.cgi?id=135199

Reviewed by Mark Lam.

* jsc.cpp:
(WTF::RuntimeArray::deleteProperty): Stop using ugly
compiler work-around on Windows; use NO_RETURN_DUE_TO_CRASH
codepath instead.
* runtime/Identifier.h: Add NO_RETURN_DUE_TO_CRASH
to header so function declaration matches implementation.

../WebCore: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows.
https://bugs.webkit.org/show_bug.cgi?id=13519

Reviewed by Mark Lam.

* svg/SVGZoomAndPan.h: Add NO_RETURN_DUE_TO_CRASH to
header so function declarations match implementation.

../WTF: [Win] Use NO_RETURN_DUE_TO_CRASH on Windows.
https://bugs.webkit.org/show_bug.cgi?id=13519

Reviewed by Mark Lam.

* wtf/Assertions.h: Add MSVC to list of compilers supporting this macro.
* wtf/FastMalloc.cpp: Correct function declaration for NO_RETURN_DUE_TO_CRASH.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171482 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoJSDOMWindowShell leaks on pages with media elements
commit-queue@webkit.org [Wed, 23 Jul 2014 17:57:17 +0000 (17:57 +0000)]
JSDOMWindowShell leaks on pages with media elements
https://bugs.webkit.org/show_bug.cgi?id=135178

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-23
Reviewed by Oliver Hunt.

The DOMWindowWorld for HTMLMediaElements with MEDIA_CONTROLS_SCRIPT
was not getting cleared and removed.

* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::clearWindowShell):
Iterate over a copy of the values. A sweep / garbage collection caused by
any JSC allocation during iteration could trigger a mutation of the m_windowShells
table that was being iterating. So instead iterate a list that won't mutate.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement):
If we had an isolated world, release as much memory as possible.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoEnsure we compute the min and max height of replaced elements to 'none' or 0 when...
bjonesbe@adobe.com [Wed, 23 Jul 2014 17:56:18 +0000 (17:56 +0000)]
Ensure we compute the min and max height of replaced elements to 'none' or 0 when appropriate.
https://bugs.webkit.org/show_bug.cgi?id=135181

Reviewed by David Hyatt.

Source/WebCore:
If a replaced element has a percentage min or max height specified then that height value should
compute to 'none' for max-height and 0 for min-height when its containing block
does not have a height 'specified explicitly'.

This is based on a Blink patch by Robert Hogan.

Tests: css2.1/20110323/max-height-percentage-003.html
       fast/replaced/max-height-percentage-quirks.html
       fast/replaced/min-height-percentage-quirks.html
       fast/replaced/min-height-percentage.html

* rendering/RenderBox.cpp:
(WebCore::RenderBox::logicalHeightComputesAsNone):
(WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
* rendering/RenderBox.h:

LayoutTests:
* css2.1/20110323/max-height-percentage-003-expected.html: Added.
* css2.1/20110323/max-height-percentage-003.html: Added.
* fast/replaced/max-height-percentage-quirks-expected.html: Added.
* fast/replaced/max-height-percentage-quirks.html: Added.
* fast/replaced/min-height-percentage-expected.html: Added.
* fast/replaced/min-height-percentage-quirks-expected.html: Added.
* fast/replaced/min-height-percentage-quirks.html: Added.
* fast/replaced/min-height-percentage.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171480 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRemove CSS_EXCLUSIONS compile flag and leftover code
bjonesbe@adobe.com [Wed, 23 Jul 2014 17:35:29 +0000 (17:35 +0000)]
Remove CSS_EXCLUSIONS compile flag and leftover code
https://bugs.webkit.org/show_bug.cgi?id=135175

Reviewed by Zoltan Horvath.

At this point, the CSS_EXCLUSIONS flag guards nothing but some useless
stubs. This removes the flag and the useless code.

.:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:
* Configurations/FeatureDefines.xcconfig:

Source/WebCore:
No new tests, just removing code.

* Configurations/FeatureDefines.xcconfig:
* bindings/generic/RuntimeEnabledFeatures.cpp:
(WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
* bindings/generic/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setCSSExclusionsEnabled): Deleted.
(WebCore::RuntimeEnabledFeatures::cssExclusionsEnabled): Deleted.
* testing/InternalSettings.cpp:
(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setCSSExclusionsEnabled): Deleted.
* testing/InternalSettings.h:
* testing/InternalSettings.idl:

Source/WebKit/mac:
* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:
* Configurations/FeatureDefines.xcconfig:

WebKitLibraries:
* win/tools/vsprops/FeatureDefines.props:
* win/tools/vsprops/FeatureDefinesCairo.props:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171479 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[MSE][Mac] Support abort() in SourceBufferPrivateAVFObjC.
jer.noble@apple.com [Wed, 23 Jul 2014 16:20:14 +0000 (16:20 +0000)]
[MSE][Mac] Support abort() in SourceBufferPrivateAVFObjC.
https://bugs.webkit.org/show_bug.cgi?id=135163

Reviewed by Brent Fulgham.

Recreate the parser when asked to abort().

* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::SourceBufferPrivateAVFObjC::abort):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMigrate accessibility/ to using nullptr instead of 0
mmaxfield@apple.com [Wed, 23 Jul 2014 14:57:15 +0000 (14:57 +0000)]
Migrate accessibility/ to using nullptr instead of 0
https://bugs.webkit.org/show_bug.cgi?id=135185

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::focusedImageMapUIElement):
(WebCore::AXObjectCache::focusedUIElementForPage):
(WebCore::AXObjectCache::get):
(WebCore::AXObjectCache::getOrCreate):
(WebCore::AXObjectCache::rootObject):
(WebCore::AXObjectCache::rootObjectForFrame):
* accessibility/AXObjectCache.h:
(WebCore::AXObjectCache::focusedUIElementForPage):
(WebCore::AXObjectCache::get):
(WebCore::AXObjectCache::getOrCreate):
(WebCore::AXObjectCache::rootObject):
(WebCore::AXObjectCache::rootObjectForFrame):
(WebCore::AXObjectCache::rootAXEditableElement):
* accessibility/AccessibilityARIAGridRow.cpp:
(WebCore::AccessibilityARIAGridRow::disclosedByRow):
* accessibility/AccessibilityImageMapLink.cpp:
(WebCore::AccessibilityImageMapLink::AccessibilityImageMapLink):
(WebCore::AccessibilityImageMapLink::parentObject):
* accessibility/AccessibilityListBox.cpp:
(WebCore::AccessibilityListBox::listBoxOptionAccessibilityObject):
(WebCore::AccessibilityListBox::elementAccessibilityHitTest):
* accessibility/AccessibilityListBoxOption.cpp:
(WebCore::AccessibilityListBoxOption::AccessibilityListBoxOption):
(WebCore::AccessibilityListBoxOption::parentObject):
(WebCore::AccessibilityListBoxOption::listBoxOptionParentNode):
* accessibility/AccessibilityMenuListPopup.cpp:
(WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject):
* accessibility/AccessibilityMockObject.cpp:
(WebCore::AccessibilityMockObject::AccessibilityMockObject):
* accessibility/AccessibilityMockObject.h:
* accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::detach):
(WebCore::AccessibilityNodeObject::firstChild):
(WebCore::AccessibilityNodeObject::lastChild):
(WebCore::AccessibilityNodeObject::previousSibling):
(WebCore::AccessibilityNodeObject::nextSibling):
(WebCore::AccessibilityNodeObject::parentObject):
(WebCore::AccessibilityNodeObject::document):
(WebCore::AccessibilityNodeObject::anchorElement):
(WebCore::nativeActionElement):
(WebCore::AccessibilityNodeObject::actionElement):
(WebCore::AccessibilityNodeObject::mouseButtonListener):
(WebCore::AccessibilityNodeObject::labelForElement):
(WebCore::AccessibilityNodeObject::menuItemElementForMenu):
(WebCore::AccessibilityNodeObject::menuButtonForMenu):
* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::AccessibilityObject):
(WebCore::AccessibilityObject::detach):
(WebCore::AccessibilityObject::firstAccessibleObjectFromNode):
(WebCore::AccessibilityObject::findMatchingObjects):
(WebCore::renderListItemContainerForNode):
(WebCore::AccessibilityObject::accessibilityObjectForPosition):
(WebCore::AccessibilityObject::document):
(WebCore::AccessibilityObject::page):
(WebCore::AccessibilityObject::documentFrameView):
(WebCore::AccessibilityObject::anchorElementForNode):
(WebCore::AccessibilityObject::headingElementForNode):
(WebCore::AccessibilityObject::firstAnonymousBlockChild):
(WebCore::AccessibilityObject::element):
(WebCore::AccessibilityObject::focusedUIElement):
(WebCore::AccessibilityObject::scrollToMakeVisibleWithSubFocus):
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::node):
(WebCore::AccessibilityObject::renderer):
(WebCore::AccessibilityObject::selectedRadioButton):
(WebCore::AccessibilityObject::selectedTabItem):
(WebCore::AccessibilityObject::accessibilityHitTest):
(WebCore::AccessibilityObject::firstChild):
(WebCore::AccessibilityObject::lastChild):
(WebCore::AccessibilityObject::previousSibling):
(WebCore::AccessibilityObject::nextSibling):
(WebCore::AccessibilityObject::parentObjectIfExists):
(WebCore::AccessibilityObject::observableObject):
(WebCore::AccessibilityObject::titleUIElement):
(WebCore::AccessibilityObject::correspondingLabelForControlElement):
(WebCore::AccessibilityObject::correspondingControlForLabelElement):
(WebCore::AccessibilityObject::scrollBar):
(WebCore::AccessibilityObject::anchorElement):
(WebCore::AccessibilityObject::actionElement):
(WebCore::AccessibilityObject::widget):
(WebCore::AccessibilityObject::widgetForAttachmentView):
(WebCore::AccessibilityObject::activeDescendant):
(WebCore::AccessibilityObject::mathRadicandObject):
(WebCore::AccessibilityObject::mathRootIndexObject):
(WebCore::AccessibilityObject::mathUnderObject):
(WebCore::AccessibilityObject::mathOverObject):
(WebCore::AccessibilityObject::mathNumeratorObject):
(WebCore::AccessibilityObject::mathDenominatorObject):
(WebCore::AccessibilityObject::mathBaseObject):
(WebCore::AccessibilityObject::mathSubscriptObject):
(WebCore::AccessibilityObject::mathSuperscriptObject):
(WebCore::AccessibilityObject::getScrollableAreaIfScrollable):
* accessibility/AccessibilityProgressIndicator.cpp:
(WebCore::AccessibilityProgressIndicator::progressElement):
(WebCore::AccessibilityProgressIndicator::meterElement):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::detach):
(WebCore::AccessibilityRenderObject::renderBoxModelObject):
(WebCore::AccessibilityRenderObject::firstChild):
(WebCore::AccessibilityRenderObject::lastChild):
(WebCore::startOfContinuations):
(WebCore::childBeforeConsideringContinuations):
(WebCore::AccessibilityRenderObject::previousSibling):
(WebCore::AccessibilityRenderObject::nextSibling):
(WebCore::nextContinuation):
(WebCore::AccessibilityRenderObject::renderParentObject):
(WebCore::AccessibilityRenderObject::parentObject):
(WebCore::AccessibilityRenderObject::anchorElement):
(WebCore::AccessibilityRenderObject::textUnderElement):
(WebCore::AccessibilityRenderObject::node):
(WebCore::AccessibilityRenderObject::labelElementContainer):
(WebCore::AccessibilityRenderObject::internalLinkElement):
(WebCore::AccessibilityRenderObject::titleUIElement):
(WebCore::AccessibilityRenderObject::setFocused):
(WebCore::AccessibilityRenderObject::topRenderer):
(WebCore::AccessibilityRenderObject::document):
(WebCore::AccessibilityRenderObject::widget):
(WebCore::AccessibilityRenderObject::accessibilityParentForImageMap):
(WebCore::AccessibilityRenderObject::documentFrameView):
(WebCore::AccessibilityRenderObject::widgetForAttachmentView):
(WebCore::AccessibilityRenderObject::rootEditableElementForPosition):
(WebCore::AccessibilityRenderObject::visiblePositionForPoint):
(WebCore::AccessibilityRenderObject::accessibilityImageMapHitTest):
(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::accessibilityHitTest):
(WebCore::AccessibilityRenderObject::correspondingControlForLabelElement):
(WebCore::AccessibilityRenderObject::correspondingLabelForControlElement):
(WebCore::AccessibilityRenderObject::observableObject):
(WebCore::AccessibilityRenderObject::inheritsPresentationalRole):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::addHiddenChildren):
(WebCore::AccessibilityRenderObject::setAccessibleName):
(WebCore::AccessibilityRenderObject::getScrollableAreaIfScrollable):
(WebCore::AccessibilityRenderObject::mathRadicandObject):
(WebCore::AccessibilityRenderObject::mathRootIndexObject):
(WebCore::AccessibilityRenderObject::mathNumeratorObject):
(WebCore::AccessibilityRenderObject::mathDenominatorObject):
(WebCore::AccessibilityRenderObject::mathUnderObject):
(WebCore::AccessibilityRenderObject::mathOverObject):
(WebCore::AccessibilityRenderObject::mathBaseObject):
(WebCore::AccessibilityRenderObject::mathSubscriptObject):
(WebCore::AccessibilityRenderObject::mathSuperscriptObject):
* accessibility/AccessibilitySVGRoot.cpp:
(WebCore::AccessibilitySVGRoot::AccessibilitySVGRoot):
* accessibility/AccessibilityScrollView.cpp:
(WebCore::AccessibilityScrollView::detach):
(WebCore::AccessibilityScrollView::scrollBar):
(WebCore::AccessibilityScrollView::updateScrollbars):
(WebCore::AccessibilityScrollView::addChildScrollbar):
(WebCore::AccessibilityScrollView::clearChildren):
(WebCore::AccessibilityScrollView::webAreaObject):
(WebCore::AccessibilityScrollView::accessibilityHitTest):
(WebCore::AccessibilityScrollView::documentFrameView):
(WebCore::AccessibilityScrollView::parentObject):
(WebCore::AccessibilityScrollView::parentObjectIfExists):
* accessibility/AccessibilityScrollbar.cpp:
(WebCore::AccessibilityScrollbar::document):
* accessibility/AccessibilitySpinButton.cpp:
(WebCore::AccessibilitySpinButton::AccessibilitySpinButton):
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::AccessibilityTable):
(WebCore::AccessibilityTable::clearChildren):
(WebCore::AccessibilityTable::cellForColumnAndRow):
* accessibility/AccessibilityTableCell.cpp:
(WebCore::AccessibilityTableCell::parentTable):
(WebCore::AccessibilityTableCell::titleUIElement):
* accessibility/AccessibilityTableColumn.cpp:
(WebCore::AccessibilityTableColumn::headerObject):
(WebCore::AccessibilityTableColumn::headerObjectForSection):
* accessibility/AccessibilityTableRow.cpp:
(WebCore::AccessibilityTableRow::parentTable):
(WebCore::AccessibilityTableRow::headerObject):
* accessibility/ios/AXObjectCacheIOS.mm:
(WebCore::AXObjectCache::detachWrapper):
* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper detach]):
(-[WebAccessibilityObjectWrapper tableCellParent]):
(-[WebAccessibilityObjectWrapper tableParent]):
(-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
(-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):
(rendererForView):
(-[WebAccessibilityObjectWrapper _convertToDOMRange:]):
* accessibility/mac/AXObjectCacheMac.mm:
(WebCore::AXObjectCache::detachWrapper):
* accessibility/mac/AccessibilityObjectMac.mm:
(WebCore::AccessibilityObject::detachFromParent):
(WebCore::AccessibilityObject::accessibilityIgnoreAttachment):
* accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
(-[WebAccessibilityObjectWrapperBase detach]):
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(CreateCGColorIfDifferent):
(-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
(rendererForView):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
* accessibility/win/AccessibilityObjectWrapperWin.h:
(WebCore::AccessibilityObjectWrapper::AccessibilityObjectWrapper):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoASSERTION FAILED: generatingElement() in WebCore::RenderNamedFlowFragment::regionOver...
mihnea@adobe.com [Wed, 23 Jul 2014 12:12:36 +0000 (12:12 +0000)]
ASSERTION FAILED: generatingElement() in WebCore::RenderNamedFlowFragment::regionOversetState
https://bugs.webkit.org/show_bug.cgi?id=135153

Reviewed by David Hyatt.

Source/WebCore:
Even though the CSSRegions spec defines the behaviour of a multicolumn region,
we currently do not support this functionality. This patch ensures that a multicolumn
element does not become a region. In the future, when we will implement the multicolumn
as region functionality, http://dev.w3.org/csswg/css-regions/#multi-column-regions, we
will remove this restriction.

Test: fast/regions/multicol-as-region-prevented.html

* rendering/RenderBlockFlow.cpp:
(WebCore::RenderBlockFlow::createRenderNamedFlowFragmentIfNeeded):

LayoutTests:
* fast/regions/multicol-as-region-prevented-expected.html: Added.
* fast/regions/multicol-as-region-prevented.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171476 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[CMake] Avoid building WebCore with ANGLE's OpenGL/EGL headers
zandobersek@gmail.com [Wed, 23 Jul 2014 11:30:28 +0000 (11:30 +0000)]
[CMake] Avoid building WebCore with ANGLE's OpenGL/EGL headers
https://bugs.webkit.org/show_bug.cgi?id=135167

Reviewed by Martin Robinson.

* CMakeLists.txt: Don't add ANGLE/include to the WebCore_INCLUDE_DIRECTORIES list
as this results in ANGLE's OpenGL and EGL headers being included, instead of the
headers that are provided by the system. Only the ANGLESupport library should be built
with that specific header inclusion path.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r171367.
commit-queue@webkit.org [Wed, 23 Jul 2014 10:31:37 +0000 (10:31 +0000)]
Unreviewed, rolling out r171367.
https://bugs.webkit.org/show_bug.cgi?id=135192

broke three API tests (Requested by thorton on #webkit).

Reverted changeset:

"JSLock release should only modify the AtomicStringTable if it
modified in acquire"
https://bugs.webkit.org/show_bug.cgi?id=135143
http://trac.webkit.org/changeset/171367

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171474 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r171239): Much more time spent taking snapshots during the PLT
timothy_horton@apple.com [Wed, 23 Jul 2014 10:24:45 +0000 (10:24 +0000)]
REGRESSION (r171239): Much more time spent taking snapshots during the PLT
https://bugs.webkit.org/show_bug.cgi?id=135177
<rdar://problem/17764847>

Reviewed by Dan Bernstein.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPageProxy::willChangeCurrentHistoryItem): Deleted.
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::willChangeCurrentHistoryItem):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::willChangeCurrentHistoryItemForMainFrame):
(WebKit::WebPage::willChangeCurrentHistoryItem): Deleted.
* WebProcess/WebPage/WebPage.h:
Rename WillChangeCurrentHistoryItem to WillChangeCurrentHistoryItemForMainFrame.
Only send it when the current history item for the main frame changes.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171471 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[EFL] Fix build after r171454
m.pakula@samsung.com [Wed, 23 Jul 2014 09:59:42 +0000 (09:59 +0000)]
[EFL] Fix build after r171454
https://bugs.webkit.org/show_bug.cgi?id=135191

Reviewed by Csaba Osztrogonác.

* MiniBrowser/efl/CMakeLists.txt: Add path to new EWebKit2.h location .

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171470 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r169105): Crash in selection
abucur@adobe.com [Wed, 23 Jul 2014 07:52:10 +0000 (07:52 +0000)]
REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Reviewed by David Hyatt.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Also, the selectionStart/End members in RenderView have been renamed to fix problems caused by the fact that
RenderView inherits SelectionSubtreeRoot, which also has the same selectionStart/End members.

Test: fast/regions/selection/crash-deselect.html

* WebCore.xcodeproj/project.pbxproj:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::isSelectionRoot):
* rendering/RenderSelectionInfo.h:
* rendering/RenderView.cpp:
(WebCore::RenderView::RenderView):
(WebCore::RenderView::setSelection): Renamed m_selectionStart/End to m_unsplitSelectionStart/End
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::getSelection): Renamed m_selectionStart/End to m_unsplitSelectionStart/End
(WebCore::RenderView::setSubtreeSelection): Deleted.
* rendering/RenderView.h:
* rendering/SelectionSubtreeRoot.cpp:
(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):
* rendering/SelectionSubtreeRoot.h:
(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

* fast/regions/selection/crash-deselect-expected.txt: Added.
* fast/regions/selection/crash-deselect.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171455 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[EFL] EWebKit2.h should contain version information
ryuan.choi@samsung.com [Wed, 23 Jul 2014 07:21:35 +0000 (07:21 +0000)]
[EFL] EWebKit2.h should contain version information
https://bugs.webkit.org/show_bug.cgi?id=135189

Reviewed by Gyuyoung Kim.

Generate EWebKit2.h to contain the version information.

* PlatformEfl.cmake:
* UIProcess/API/efl/EWebKit2.h.in: Renamed from Source/WebKit2/UIProcess/API/efl/EWebKit2.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171454 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[EFL] Do not generate forwarding header for ewk headers
ryuan.choi@samsung.com [Wed, 23 Jul 2014 07:19:00 +0000 (07:19 +0000)]
[EFL] Do not generate forwarding header for ewk headers
https://bugs.webkit.org/show_bug.cgi?id=135147

Reviewed by Gyuyoung Kim.

Source/WebKit2:
Only EWebKit2.h and ewk_text_checker.h are generated as forwarding header.
This is unnecessary.

* UIProcess/API/efl/tests/UnitTestUtils/EWK2UnitTestBase.h:
* UIProcess/API/efl/tests/test_ewk2_application_cache_manager.cpp:
* UIProcess/API/efl/tests/test_ewk2_context_menu.cpp:
* UIProcess/API/efl/tests/test_ewk2_window_features.cpp:
* UIProcess/efl/TextCheckerClientEfl.h:

Tools:
* WebKitTestRunner/EventSenderProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171453 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[EFL] Build fix after the [ftlopt] branch merge.
llango.u-szeged@partner.samsung.com [Wed, 23 Jul 2014 07:08:03 +0000 (07:08 +0000)]
[EFL] Build fix after the [ftlopt] branch merge.

Reviewed by Csaba Osztrogonác.

* dfg/DFGBranchDirection.h:
(JSC::DFG::branchDirectionToString):
* dfg/DFGStructureClobberState.h:
(JSC::DFG::merge):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoThis test is slow so we shouldn't run it in the slower variants (like ftl-eager/dfg...
fpizlo@apple.com [Wed, 23 Jul 2014 06:24:26 +0000 (06:24 +0000)]
This test is slow so we shouldn't run it in the slower variants (like ftl-eager/dfg-eager).

* js/regress/script-tests/getter-richards.js:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171429 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed, rolling out r171366.
commit-queue@webkit.org [Wed, 23 Jul 2014 06:02:58 +0000 (06:02 +0000)]
Unreviewed, rolling out r171366.
https://bugs.webkit.org/show_bug.cgi?id=135190

Broke three API tests (Requested by ap on #webkit).

Reverted changeset:

"REGRESSION (r171239): Much more time spent taking snapshots
during the PLT"
https://bugs.webkit.org/show_bug.cgi?id=135177
http://trac.webkit.org/changeset/171366

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171420 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Build fix for bot.
bfulgham@apple.com [Wed, 23 Jul 2014 05:18:09 +0000 (05:18 +0000)]
[Win] Build fix for bot.

* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
(WebCore::createLegibleOutputSubtypes): Declare 'wvtt' locally, rather
than relying on potentially unavailable declaration.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171404 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Build fix after r171370.
bfulgham@apple.com [Wed, 23 Jul 2014 05:16:24 +0000 (05:16 +0000)]
[Win] Build fix after r171370.

* WebCoreSupport/WebEditorClient.h: Add override
for new 'overflowScrollPositionChanged'.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171403 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild fix for non-clang compile.
bfulgham@apple.com [Wed, 23 Jul 2014 04:58:08 +0000 (04:58 +0000)]
Build fix for non-clang compile.

* jsc.cpp:
(WTF::RuntimeArray::put): Remove incorrect return statement
I added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoBuild fix for non-clang compile.
bfulgham@apple.com [Wed, 23 Jul 2014 04:53:54 +0000 (04:53 +0000)]
Build fix for non-clang compile.

* jsc.cpp:
(WTF::RuntimeArray::deleteProperty): Need (fake) return
value when NO_RETURN_DUE_TO_CRASH is not defined.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171393 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Build fix for Windows bots
bfulgham@apple.com [Wed, 23 Jul 2014 04:40:55 +0000 (04:40 +0000)]
[Win] Build fix for Windows bots

* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp: Provide missing
structure definition when needed by bot.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171392 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMerge r169628 from ftlopt.
fpizlo@apple.com [Wed, 23 Jul 2014 04:33:37 +0000 (04:33 +0000)]
Merge r169628 from ftlopt.

    2014-06-04  Matthew Mirman  <mmirman@apple.com>

    Added system for inlining native functions via the FTL.
    https://bugs.webkit.org/show_bug.cgi?id=131515

    Reviewed by Filip Pizlo.

    Also fixed the build to not compress the bitcode and to
    include all of the relevant runtime. With GCC_GENERATE_DEBUGGING_SYMBOLS = NO,
    the produced bitcode files are a 100th the size they were before.
    Now we can include all of the relevant runtime files with only a 3mb overhead.
    This is the same overhead as for two compressed files before,
    but done more efficiently (on both ends) and with less code.

    Deciding whether to inline native functions is left up to LLVM.
    The entire module containing the function is linked into the current
    compiled JS so that inlining the native functions shouldn't make them smaller.

    Rather than loading Runtime.symtbl at runtime FTLState.cpp now generates a file
    InlineRuntimeSymbolTable.h which statically builds the symbol table hash table.

    * JavaScriptCore.xcodeproj/project.pbxproj: Added back runtime files to compile.
    * build-symbol-table-index.py: Changed bitcode suffix.
    Added inclusion of only tested symbols.
    Added output to InlineRuntimeSymbolTable.h.
    * build-symbol-table-index.sh: Changed bitcode suffix.
    * copy-llvm-ir-to-derived-sources.sh: Removed gzip compression.
    * tested-symbols.symlst: Added.
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleCall):
    Now sets the knownFunction of the call node if such a function exists
    and emits a check that during runtime the callee is in fact known.
    * dfg/DFGNode.h:
    Added functions to set the known function of a call node.
    (JSC::DFG::Node::canBeKnownFunction): Added.
    (JSC::DFG::Node::hasKnownFunction): Added.
    (JSC::DFG::Node::knownFunction): Added.
    (JSC::DFG::Node::giveKnownFunction): Added.
    * ftl/FTLAbbreviatedTypes.h: Added a typedef for LLVMMemoryBufferRef
    * ftl/FTLAbbreviations.h: Added some abbreviations.
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Added. Hardcoded threshold to 275.
    (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Added.
    (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Added.
    (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Added.
    (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
    Added call to possiblyCompileInlineableNativeCall
    * ftl/FTLOutput.h:
    (JSC::FTL::Output::allocaName):  Added. Useful for debugging.
    * ftl/FTLState.cpp:
    (JSC::FTL::State::State): Added an include for InlineRuntimeSymbolTable.h
    * ftl/FTLState.h: Added symbol table hash table.
    * ftl/FTLCompile.cpp:
    (JSC::FTL::compile): Added inlining and dead function elimination passes.
    * heap/HandleStack.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
    * llvm/InitializeLLVMMac.mm: Deleted.
    * llvm/InitializeLLVMMac.cpp: Added.
    * llvm/LLVMAPIFunctions.h: Added macros to include Bitcode parsing and linking functions.
    * llvm/LLVMHeaders.h: Added includes for Bitcode parsing and linking.
    * runtime/BundlePath.h: Added.
    * runtime/BundlePath.mm: Added.
    * runtime/DateInstance.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
    * runtime/DateInstance.h: ditto.
    * runtime/DateConversion.h: ditto.
    * runtime/ExceptionHelpers.h: ditto.
    * runtime/JSCJSValue.h: ditto.
    * runtime/JSArray.h: ditto.
    * runtime/JSDateMath.h: ditto.
    * runtime/JSObject.h: ditto.
    * runtime/JSObject.h: ditto.
    * runtime/RegExp.h: ditto.
    * runtime/Structure.h: ditto.
    * runtime/Options.h:  Added maximumLLVMInstructionCountForNativeInlining.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171391 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoArray.concat() should work on runtime arrays too.
mark.lam@apple.com [Wed, 23 Jul 2014 04:18:35 +0000 (04:18 +0000)]
Array.concat() should work on runtime arrays too.
<https://webkit.org/b/135179>

Reviewed by Geoffrey Garen.

* jsc.cpp:
(WTF::RuntimeArray::create):
(WTF::RuntimeArray::~RuntimeArray):
(WTF::RuntimeArray::destroy):
(WTF::RuntimeArray::getOwnPropertySlot):
(WTF::RuntimeArray::getOwnPropertySlotByIndex):
(WTF::RuntimeArray::put):
(WTF::RuntimeArray::deleteProperty):
(WTF::RuntimeArray::getLength):
(WTF::RuntimeArray::createPrototype):
(WTF::RuntimeArray::createStructure):
(WTF::RuntimeArray::finishCreation):
(WTF::RuntimeArray::RuntimeArray):
(WTF::RuntimeArray::lengthGetter):
(GlobalObject::finishCreation):
(functionCreateRuntimeArray):
- Added support to create a runtime array for testing purpose.
* runtime/ArrayPrototype.cpp:
(JSC::getLength):
- Added fast case for when the array object is a JSArray.
(JSC::arrayProtoFuncJoin):
- Added a needed but missing exception check.
(JSC::arrayProtoFuncConcat):
- Use getLength() to compute the array length instead of assuming that
  the array is a JSArray instance.
* tests/stress/regexp-matches-array.js: Added.
(testArrayConcat):
* tests/stress/runtime-array.js: Added.
(testArrayConcat):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171390 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Build fix for EWS bots.
bfulgham@apple.com [Wed, 23 Jul 2014 03:52:51 +0000 (03:52 +0000)]
[Win] Build fix for EWS bots.

* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp: Forward declare
structure definition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171388 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix Windows (return a value!)
bfulgham@apple.com [Wed, 23 Jul 2014 03:39:55 +0000 (03:39 +0000)]
Fix Windows (return a value!)

* jsc.cpp:
(functionQuit): Satisfy compiler's need for
a return value.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171387 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix Windows (sleep -> Sleep)
bfulgham@apple.com [Wed, 23 Jul 2014 03:29:23 +0000 (03:29 +0000)]
Fix Windows (sleep -> Sleep)

* jsc.cpp:
(WTF::jscExit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171386 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Fix Crash when handling Legible Output callbacks
bfulgham@apple.com [Wed, 23 Jul 2014 03:19:23 +0000 (03:19 +0000)]
[Win] Fix Crash when handling Legible Output callbacks
https://bugs.webkit.org/show_bug.cgi?id=134946

Reviewed by Dean Jackson.

Relanding after adding fixes to support build bots.

* platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
(WebCore::InbandTextTrackPrivateAVF::processNativeSamples): Remove
Windows-specific 'ASSERT_NOT_REACHED' code path.
* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
(WebCore::createLegibleOutputSubtypes): Added.
(WebCore::AVFWrapper::createPlayerItem): Updated to request native
samples from AVFoundationCF.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171385 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoReduce the size of the root WebContent sandbox profile
oliver@apple.com [Wed, 23 Jul 2014 02:37:51 +0000 (02:37 +0000)]
Reduce the size of the root WebContent sandbox profile
https://bugs.webkit.org/show_bug.cgi?id=135182
<rdar://problem/17739108>

Reviewed by Alexey Proskuryakov.

Switch from apple-ui-app to uikit-app as the root of the webcontent
profile.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171384 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoCopying and pasting trivial H2 content causes a crash in firstPositionInNode
mmaxfield@apple.com [Wed, 23 Jul 2014 02:19:55 +0000 (02:19 +0000)]
Copying and pasting trivial H2 content causes a crash in firstPositionInNode
https://bugs.webkit.org/show_bug.cgi?id=134897

Reviewed by Ryosuke Niwa.

Source/WebCore:
ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder() attempts
to move pasted headings out of existed headings, with out regard to if the existing
heading is the contenteditable root.

Test: editing/pasteboard/heading-crash.html

* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::makeInsertedContentRoundTrippableWithHTMLTreeBuilder):

LayoutTests:
Copy and paste text from one heading to another. Make sure there is no crash.

* editing/pasteboard/heading-crash-expected.txt: Added.
* editing/pasteboard/heading-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171383 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix Windows.
fpizlo@apple.com [Wed, 23 Jul 2014 02:19:26 +0000 (02:19 +0000)]
Fix Windows.

* jsc.cpp:
(WTF::jscExit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171382 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix 32-bit.
fpizlo@apple.com [Wed, 23 Jul 2014 01:43:35 +0000 (01:43 +0000)]
Fix 32-bit.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171381 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoMerge r169148, r169185, r169188, r169578, r169582, r169584, r169588, r169753 from...
fpizlo@apple.com [Wed, 23 Jul 2014 01:19:50 +0000 (01:19 +0000)]
Merge r169148, r169185, r169188, r169578, r169582, r169584, r169588, r169753 from ftlopt.

Source/JavaScriptCore:

Note that r169753 is merged out of order because it fixes a bug in r169588.

    2014-06-10  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Structure::dfgShouldWatchIfPossible() is unsound
    https://bugs.webkit.org/show_bug.cgi?id=133624

    Reviewed by Mark Hahnenberg.

    * runtime/Structure.h:
    (JSC::Structure::dfgShouldWatchIfPossible): Make it sound and add some verbiage.

    2014-06-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] AI should be able track structure sets larger than 1
    https://bugs.webkit.org/show_bug.cgi?id=128073

    Reviewed by Oliver Hunt.

    This makes two major changes to how AI (abstract interpreter) proves that a value has
    some structure:

    - StructureAbstractValue can now track an arbitrary number of structures. A set whose
      size is greater than one means that the value may have any of the structures, and we
      don't know which - but we do know that it cannot be any structure not in the set. The
      structure abstract value can still be TOP, which means the set of all structures. We
      artificially limit the set size to StructureAbstractValue::polymorphismLimit to guard
      memory explosion on pathological programs. This limit is big enough that it wouldn't
      kick in for normal code, since we have other heuristics that limit the number of
      structures that we would allow an inline cache to know about.

    - We eagerly set watchpoints on all watchable structures and then we assume that
      watchable structures are being watched, and that the watchpoint will jettison the code.
      This allows tracking of watchable structures to be far simpler than before. Previously,
      a structure being tracked as "future possible" was predicated on it being watchable but
      we might not actually watch it. This makes algebra over sets of future possible
      structures quite weird. But watching all watchable structures means that we simple say
      that a structure set can be in the following states: unclobbered, which means it's just
      a set of structures and it doesn't matter what is watchable or what isn't because we've
      proven that the value must have one of these structures right now; and clobbered, which
      means that we have a set of structures, plus all possible structures temporarily, with
      invalidation removing the "plus all possible structures". Clobbering a set means that
      if any of its structures are unwatchable, the set just becomes TOP; but if all
      structures in the set are watchable then we just set the clobbered bit to add the "plus
      all possible structures temporarily" thing. This precisely tracks the exact meaning of
      watchability and invalidation points.

    Slight SunSpider slow-down, neutral on Octane, slight AsmBench speed-up. I believe that
    we will ultimately undo the SunSpider slow-down by making further improvements to the set
    representation. I believe that Octane perfromance will ultimately improve once we remove
    remaining singleton special-cases. The ultimate goal of this is to remove the need to
    try quite so desperately hard to make everything monomorphic as we do currently.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/StructureSet.cpp:
    (JSC::StructureSet::clear):
    (JSC::StructureSet::remove):
    (JSC::StructureSet::filter):
    (JSC::StructureSet::copyFromOutOfLine):
    (JSC::StructureSet::StructureSet): Deleted.
    (JSC::StructureSet::operator=): Deleted.
    (JSC::StructureSet::copyFrom): Deleted.
    * bytecode/StructureSet.h:
    (JSC::StructureSet::StructureSet):
    (JSC::StructureSet::operator=):
    (JSC::StructureSet::isEmpty):
    (JSC::StructureSet::genericFilter):
    (JSC::StructureSet::ContainsOutOfLine::ContainsOutOfLine):
    (JSC::StructureSet::ContainsOutOfLine::operator()):
    (JSC::StructureSet::copyFrom):
    (JSC::StructureSet::deleteStructureListIfNecessary):
    (JSC::StructureSet::setEmpty):
    (JSC::StructureSet::getReservedFlag):
    (JSC::StructureSet::setReservedFlag):
    * dfg/DFGAbstractInterpreter.h:
    (JSC::DFG::AbstractInterpreter::setBuiltInConstant):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::verifyEdge):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberCapturedVars):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::forAllValues):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberStructures):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::setDidClobber):
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::dump):
    * dfg/DFGAbstractValue.cpp:
    (JSC::DFG::AbstractValue::observeTransitions):
    (JSC::DFG::AbstractValue::setMostSpecific):
    (JSC::DFG::AbstractValue::set):
    (JSC::DFG::AbstractValue::filter):
    (JSC::DFG::AbstractValue::shouldBeClear):
    (JSC::DFG::AbstractValue::normalizeClarity):
    (JSC::DFG::AbstractValue::checkConsistency):
    (JSC::DFG::AbstractValue::assertIsWatched):
    (JSC::DFG::AbstractValue::dumpInContext):
    (JSC::DFG::AbstractValue::setFuturePossibleStructure): Deleted.
    * dfg/DFGAbstractValue.h:
    (JSC::DFG::AbstractValue::clear):
    (JSC::DFG::AbstractValue::clobberStructures):
    (JSC::DFG::AbstractValue::clobberStructuresFor):
    (JSC::DFG::AbstractValue::observeInvalidationPoint):
    (JSC::DFG::AbstractValue::observeInvalidationPointFor):
    (JSC::DFG::AbstractValue::observeTransition):
    (JSC::DFG::AbstractValue::TransitionObserver::TransitionObserver):
    (JSC::DFG::AbstractValue::TransitionObserver::operator()):
    (JSC::DFG::AbstractValue::TransitionsObserver::TransitionsObserver):
    (JSC::DFG::AbstractValue::TransitionsObserver::operator()):
    (JSC::DFG::AbstractValue::isHeapTop):
    (JSC::DFG::AbstractValue::setType):
    (JSC::DFG::AbstractValue::operator==):
    (JSC::DFG::AbstractValue::merge):
    (JSC::DFG::AbstractValue::validate):
    (JSC::DFG::AbstractValue::hasClobberableState):
    (JSC::DFG::AbstractValue::assertIsWatched):
    (JSC::DFG::AbstractValue::observeIndexingTypeTransition):
    (JSC::DFG::AbstractValue::makeTop):
    (JSC::DFG::AbstractValue::bestProvenStructure): Deleted.
    * dfg/DFGAllocator.h:
    * dfg/DFGArgumentsSimplificationPhase.cpp:
    (JSC::DFG::ArgumentsSimplificationPhase::run):
    * dfg/DFGArrayMode.cpp:
    (JSC::DFG::ArrayMode::alreadyChecked):
    * dfg/DFGAtTailAbstractState.h:
    (JSC::DFG::AtTailAbstractState::structureClobberState):
    (JSC::DFG::AtTailAbstractState::setStructureClobberState):
    (JSC::DFG::AtTailAbstractState::setFoundConstants):
    (JSC::DFG::AtTailAbstractState::haveStructures): Deleted.
    (JSC::DFG::AtTailAbstractState::setHaveStructures): Deleted.
    * dfg/DFGBasicBlock.cpp:
    (JSC::DFG::BasicBlock::BasicBlock):
    * dfg/DFGBasicBlock.h:
    * dfg/DFGBranchDirection.h:
    (JSC::DFG::branchDirectionToString):
    (WTF::printInternal):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handlePutById):
    * dfg/DFGCFAPhase.cpp:
    (JSC::DFG::CFAPhase::performBlockCFA):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::checkStructureElimination):
    (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
    (JSC::DFG::CSEPhase::performNodeCSE):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGCommon.cpp:
    (JSC::DFG::startCrashing):
    (JSC::DFG::isCrashing):
    * dfg/DFGCommon.h:
    * dfg/DFGCommonData.cpp:
    (JSC::DFG::CommonData::notifyCompilingStructureTransition):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
    (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
    (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
    * dfg/DFGDesiredWatchpoints.cpp:
    (JSC::DFG::DesiredWatchpoints::consider):
    (JSC::DFG::DesiredWatchpoints::addLazily): Deleted.
    * dfg/DFGDesiredWatchpoints.h:
    (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
    (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
    (JSC::DFG::GenericDesiredWatchpoints::isWatched):
    (JSC::DFG::DesiredWatchpoints::isWatched):
    (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet): Deleted.
    (JSC::DFG::GenericDesiredWatchpoints::addLazily): Deleted.
    (JSC::DFG::GenericDesiredWatchpoints::isStillValid): Deleted.
    (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): Deleted.
    (JSC::DFG::GenericDesiredWatchpoints::isValidOrMixed): Deleted.
    (JSC::DFG::DesiredWatchpoints::isStillValid): Deleted.
    (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): Deleted.
    (JSC::DFG::DesiredWatchpoints::isValidOrMixed): Deleted.
    * dfg/DFGDoesGC.cpp:
    (JSC::DFG::doesGC):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
    (JSC::DFG::FixupPhase::injectTypeConversionsForEdge):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::~Graph):
    (JSC::DFG::Graph::dump):
    (JSC::DFG::Graph::dumpBlockHeader):
    (JSC::DFG::Graph::tryGetFoldableView):
    (JSC::DFG::Graph::visitChildren):
    (JSC::DFG::Graph::assertIsWatched):
    (JSC::DFG::Graph::handleAssertionFailure):
    * dfg/DFGGraph.h:
    (JSC::DFG::Graph::convertToConstant):
    (JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid):
    (JSC::DFG::Graph::addStructureTransitionData): Deleted.
    * dfg/DFGInPlaceAbstractState.cpp:
    (JSC::DFG::InPlaceAbstractState::beginBasicBlock):
    (JSC::DFG::InPlaceAbstractState::initialize):
    (JSC::DFG::InPlaceAbstractState::endBasicBlock):
    (JSC::DFG::InPlaceAbstractState::reset):
    (JSC::DFG::InPlaceAbstractState::merge):
    * dfg/DFGInPlaceAbstractState.h:
    (JSC::DFG::InPlaceAbstractState::structureClobberState):
    (JSC::DFG::InPlaceAbstractState::setStructureClobberState):
    (JSC::DFG::InPlaceAbstractState::setFoundConstants):
    (JSC::DFG::InPlaceAbstractState::haveStructures): Deleted.
    (JSC::DFG::InPlaceAbstractState::setHaveStructures): Deleted.
    * dfg/DFGLivenessAnalysisPhase.cpp:
    (JSC::DFG::LivenessAnalysisPhase::run):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasTransition):
    (JSC::DFG::Node::transition):
    (JSC::DFG::Node::hasStructure):
    (JSC::DFG::StructureTransitionData::StructureTransitionData): Deleted.
    (JSC::DFG::Node::convertToStructureTransitionWatchpoint): Deleted.
    (JSC::DFG::Node::hasStructureTransitionData): Deleted.
    (JSC::DFG::Node::structureTransitionData): Deleted.
    * dfg/DFGNodeType.h:
    * dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::compileInThreadImpl):
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
    (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
    * dfg/DFGSpeculativeJIT.h:
    (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureAbstractValue.cpp: Added.
    (JSC::DFG::StructureAbstractValue::assertIsWatched):
    (JSC::DFG::StructureAbstractValue::clobber):
    (JSC::DFG::StructureAbstractValue::observeTransition):
    (JSC::DFG::StructureAbstractValue::observeTransitions):
    (JSC::DFG::StructureAbstractValue::add):
    (JSC::DFG::StructureAbstractValue::merge):
    (JSC::DFG::StructureAbstractValue::mergeSlow):
    (JSC::DFG::StructureAbstractValue::mergeNotTop):
    (JSC::DFG::StructureAbstractValue::filter):
    (JSC::DFG::StructureAbstractValue::filterSlow):
    (JSC::DFG::StructureAbstractValue::contains):
    (JSC::DFG::StructureAbstractValue::isSubsetOf):
    (JSC::DFG::StructureAbstractValue::isSupersetOf):
    (JSC::DFG::StructureAbstractValue::overlaps):
    (JSC::DFG::StructureAbstractValue::equalsSlow):
    (JSC::DFG::StructureAbstractValue::dumpInContext):
    (JSC::DFG::StructureAbstractValue::dump):
    * dfg/DFGStructureAbstractValue.h:
    (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
    (JSC::DFG::StructureAbstractValue::operator=):
    (JSC::DFG::StructureAbstractValue::clear):
    (JSC::DFG::StructureAbstractValue::makeTop):
    (JSC::DFG::StructureAbstractValue::assertIsWatched):
    (JSC::DFG::StructureAbstractValue::observeInvalidationPoint):
    (JSC::DFG::StructureAbstractValue::top):
    (JSC::DFG::StructureAbstractValue::isClear):
    (JSC::DFG::StructureAbstractValue::isTop):
    (JSC::DFG::StructureAbstractValue::isNeitherClearNorTop):
    (JSC::DFG::StructureAbstractValue::isClobbered):
    (JSC::DFG::StructureAbstractValue::merge):
    (JSC::DFG::StructureAbstractValue::filter):
    (JSC::DFG::StructureAbstractValue::operator==):
    (JSC::DFG::StructureAbstractValue::size):
    (JSC::DFG::StructureAbstractValue::at):
    (JSC::DFG::StructureAbstractValue::operator[]):
    (JSC::DFG::StructureAbstractValue::onlyStructure):
    (JSC::DFG::StructureAbstractValue::isSupersetOf):
    (JSC::DFG::StructureAbstractValue::makeTopWhenThin):
    (JSC::DFG::StructureAbstractValue::setClobbered):
    (JSC::DFG::StructureAbstractValue::add): Deleted.
    (JSC::DFG::StructureAbstractValue::addAll): Deleted.
    (JSC::DFG::StructureAbstractValue::contains): Deleted.
    (JSC::DFG::StructureAbstractValue::isSubsetOf): Deleted.
    (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan): Deleted.
    (JSC::DFG::StructureAbstractValue::isClearOrTop): Deleted.
    (JSC::DFG::StructureAbstractValue::last): Deleted.
    (JSC::DFG::StructureAbstractValue::speculationFromStructures): Deleted.
    (JSC::DFG::StructureAbstractValue::isValidOffset): Deleted.
    (JSC::DFG::StructureAbstractValue::hasSingleton): Deleted.
    (JSC::DFG::StructureAbstractValue::singleton): Deleted.
    (JSC::DFG::StructureAbstractValue::dumpInContext): Deleted.
    (JSC::DFG::StructureAbstractValue::dump): Deleted.
    (JSC::DFG::StructureAbstractValue::topValue): Deleted.
    * dfg/DFGStructureClobberState.h: Added.
    (JSC::DFG::merge):
    (WTF::printInternal):
    * dfg/DFGTransition.cpp: Added.
    (JSC::DFG::Transition::dumpInContext):
    (JSC::DFG::Transition::dump):
    * dfg/DFGTransition.h: Added.
    (JSC::DFG::Transition::Transition):
    * dfg/DFGTypeCheckHoistingPhase.cpp:
    (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
    (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
    * dfg/DFGWatchableStructureWatchingPhase.cpp: Added.
    (JSC::DFG::WatchableStructureWatchingPhase::WatchableStructureWatchingPhase):
    (JSC::DFG::WatchableStructureWatchingPhase::run):
    (JSC::DFG::WatchableStructureWatchingPhase::tryWatch):
    (JSC::DFG::performWatchableStructureWatching):
    * dfg/DFGWatchableStructureWatchingPhase.h: Added.
    * dfg/DFGWatchpointCollectionPhase.cpp:
    (JSC::DFG::WatchpointCollectionPhase::handle):
    (JSC::DFG::WatchpointCollectionPhase::handleEdge): Deleted.
    * ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * ftl/FTLIntrinsicRepository.h:
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::ftlUnreachable):
    (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
    (JSC::FTL::LowerDFGToLLVM::compileBlock):
    (JSC::FTL::LowerDFGToLLVM::compileNode):
    (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
    (JSC::FTL::LowerDFGToLLVM::compilePhi):
    (JSC::FTL::LowerDFGToLLVM::compileDoubleRep):
    (JSC::FTL::LowerDFGToLLVM::compileValueRep):
    (JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
    (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
    (JSC::FTL::LowerDFGToLLVM::compileGetLocal):
    (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
    (JSC::FTL::LowerDFGToLLVM::compileArithAddOrSub):
    (JSC::FTL::LowerDFGToLLVM::compileArithMul):
    (JSC::FTL::LowerDFGToLLVM::compileArithDiv):
    (JSC::FTL::LowerDFGToLLVM::compileArithMod):
    (JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
    (JSC::FTL::LowerDFGToLLVM::compileArithAbs):
    (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
    (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
    (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
    (JSC::FTL::LowerDFGToLLVM::compileGetById):
    (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
    (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
    (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
    (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
    (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
    (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
    (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
    (JSC::FTL::LowerDFGToLLVM::compileNewArray):
    (JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer):
    (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
    (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
    (JSC::FTL::LowerDFGToLLVM::compileToString):
    (JSC::FTL::LowerDFGToLLVM::compileMakeRope):
    (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
    (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
    (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
    (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
    (JSC::FTL::LowerDFGToLLVM::compileSwitch):
    (JSC::FTL::LowerDFGToLLVM::compare):
    (JSC::FTL::LowerDFGToLLVM::boolify):
    (JSC::FTL::LowerDFGToLLVM::terminate):
    (JSC::FTL::LowerDFGToLLVM::lowInt32):
    (JSC::FTL::LowerDFGToLLVM::lowInt52):
    (JSC::FTL::LowerDFGToLLVM::opposite):
    (JSC::FTL::LowerDFGToLLVM::lowCell):
    (JSC::FTL::LowerDFGToLLVM::lowBoolean):
    (JSC::FTL::LowerDFGToLLVM::lowDouble):
    (JSC::FTL::LowerDFGToLLVM::lowJSValue):
    (JSC::FTL::LowerDFGToLLVM::speculate):
    (JSC::FTL::LowerDFGToLLVM::isArrayType):
    (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
    (JSC::FTL::LowerDFGToLLVM::callCheck):
    (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
    (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
    (JSC::FTL::LowerDFGToLLVM::setInt52):
    (JSC::FTL::LowerDFGToLLVM::crash):
    (JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint): Deleted.
    * ftl/FTLOutput.cpp:
    (JSC::FTL::Output::crashNonTerminal): Deleted.
    * ftl/FTLOutput.h:
    (JSC::FTL::Output::crash): Deleted.
    * jit/JITOperations.h:
    * jsc.cpp:
    (WTF::jscExit):
    (functionQuit):
    (main):
    (printUsageStatement):
    (CommandLine::parseArguments):
    * runtime/Structure.h:
    (JSC::Structure::dfgShouldWatchIfPossible):
    (JSC::Structure::dfgShouldWatch):
    * tests/stress/arrayify-to-structure-contradiction.js: Added.
    (foo):
    * tests/stress/ftl-getmyargumentslength-inline.js: Added.
    (foo):
    * tests/stress/multi-put-by-offset-multiple-transitions.js: Added.
    (foo):
    (Foo):
    * tests/stress/throw-from-ftl-in-loop.js: Added.
    * tests/stress/throw-from-ftl.js: Added.
    (foo):

    2014-06-03  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Unreviewed, roll out r169578. The build system needs some more love.

    * InlineRuntimeSymbolTable.h: Removed.
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * build-symbol-table-index.py:
    * build-symbol-table-index.sh:
    * copy-llvm-ir-to-derived-sources.sh:
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleCall):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::canBeKnownFunction): Deleted.
    (JSC::DFG::Node::hasKnownFunction): Deleted.
    (JSC::DFG::Node::knownFunction): Deleted.
    (JSC::DFG::Node::giveKnownFunction): Deleted.
    * ftl/FTLAbbreviatedTypes.h:
    * ftl/FTLCompile.cpp:
    (JSC::FTL::compile):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
    (JSC::FTL::LowerDFGToLLVM::lower):
    (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
    (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Deleted.
    (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
    (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
    (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Deleted.
    * ftl/FTLState.cpp:
    (JSC::FTL::State::State):
    * ftl/FTLState.h:
    * heap/HandleStack.h:
    * llvm/InitializeLLVM.h:
    * llvm/InitializeLLVMMac.cpp: Removed.
    * llvm/InitializeLLVMMac.mm: Added.
    (JSC::initializeLLVMImpl):
    * llvm/LLVMAPIFunctions.h:
    * llvm/LLVMHeaders.h:
    * runtime/BundlePath.h: Removed.
    * runtime/BundlePath.mm: Removed.
    * runtime/DateConversion.h:
    * runtime/DateInstance.h:
    * runtime/ExceptionHelpers.h:
    * runtime/JSArray.h:
    * runtime/JSCJSValue.h:
    (JSC::JSValue::toFloat):
    * runtime/JSDateMath.h:
    * runtime/JSObject.h:
    * runtime/JSWrapperObject.h:
    * runtime/Options.h:
    * runtime/RegExp.h:
    * runtime/StringObject.h:
    * runtime/Structure.h:
    * tested-symbols.symlst: Removed.

    2014-06-03  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] FTL native inlining tests take far too long
    https://bugs.webkit.org/show_bug.cgi?id=133498

    Unreviewed test gardening.

    Added a new exceptions test since the other one appears to not work.

    * tests/stress/ftl-library-exception.js:
    * tests/stress/ftl-library-inline-gettimezoneoffset.js: Added.
    (foo):
    * tests/stress/ftl-library-inlining-exceptions-dataview.js: Added.
    (foo):
    * tests/stress/ftl-library-inlining-exceptions.js: Copied from LayoutTests/js/regress/script-tests/ftl-library-inlining-exceptions.js.
    * tests/stress/ftl-library-inlining-loops.js: Copied from LayoutTests/js/regress/script-tests/ftl-library-inlining-loops.js.
    * tests/stress/ftl-library-inlining-random.js:
    * tests/stress/ftl-library-substring.js:

    2014-06-03  Matthew Mirman  <mmirman@apple.com>

    [ftlopt] Added system for inlining native functions via the FTL.
    https://bugs.webkit.org/show_bug.cgi?id=131515

    Reviewed by Filip Pizlo.

    Also fixed the build to not compress the bitcode and to
    include all of the relevant runtime. With GCC_GENERATE_DEBUGGING_SYMBOLS = NO,
    the produced bitcode files are a 100th the size they were before.
    Now we can include all of the relevant runtime files with only a 3mb overhead.
    This is the same overhead as for two compressed files before,
    but done more efficiently (on both ends) and with less code.

    Deciding whether to inline native functions is left up to LLVM.
    The entire module containing the function is linked into the current
    compiled JS so that inlining the native functions shouldn't make them smaller.

    Rather than loading Runtime.symtbl at runtime FTLState.cpp now includes a file
    InlineRuntimeSymbolTable.h which statically builds the symbol table hash table.
    Currently build-symbol-table-index.py updates this file from the
    contents of tested-symbols.symlst when done building as a matter of convenience.
    However, in order to include the new contents of the file in the build
    you'd need to build twice.  This will be fixed in future versions.

    * JavaScriptCore.xcodeproj/project.pbxproj: Added back runtime files to compile.
    * build-symbol-table-index.py: Changed bitcode suffix.
    Added inclusion of only tested symbols.
    Added output to InlineRuntimeSymbolTable.h.
    * build-symbol-table-index.sh: Changed bitcode suffix.
    * copy-llvm-ir-to-derived-sources.sh: Removed gzip compression.
    * tested-symbols.symlst: Added.
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleCall):
    Now sets the knownFunction of the call node if such a function exists
    and emits a check that during runtime the callee is in fact known.
    * dfg/DFGNode.h:
    Added functions to set the known function of a call node.
    (JSC::DFG::Node::canBeKnownFunction): Added.
    (JSC::DFG::Node::hasKnownFunction): Added.
    (JSC::DFG::Node::knownFunction): Added.
    (JSC::DFG::Node::giveKnownFunction): Added.
    * ftl/FTLAbbreviatedTypes.h: Added a typedef for LLVMMemoryBufferRef
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::isInlinableSize): Added. Hardcoded threshold to 275.
    (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): Added.
    (JSC::FTL::LowerDFGToLLVM::getFunctionBySymbol): Added.
    (JSC::FTL::LowerDFGToLLVM::possiblyCompileInlineableNativeCall): Added.
    (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
    Added call to possiblyCompileInlineableNativeCall
    * ftl/FTLOutput.h:
    (JSC::FTL::Output::allocaName):  Added. Useful for debugging.
    * ftl/FTLState.cpp:
    (JSC::FTL::State::State): Added an include for InlineRuntimeSymbolTable.h
    * ftl/FTLState.h: Added symbol table hash table.
    * ftl/FTLCompile.cpp:
    (JSC::FTL::compile): Added inlining and dead function elimination passes.
    * heap/HandleStack.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
    * InlineRuntimeSymbolTable.h: Added.
    * llvm/InitializeLLVMMac.mm: Deleted.
    * llvm/InitializeLLVMMac.cpp: Added.
    * llvm/LLVMAPIFunctions.h: Added macros to include Bitcode parsing and linking functions.
    * llvm/LLVMHeaders.h: Added includes for Bitcode parsing and linking.
    * runtime/BundlePath.h: Added.
    * runtime/BundlePath.mm: Added.
    * runtime/DateInstance.h: Added JS_EXPORT_PRIVATE to a few functions to get inlining to compile.
    * runtime/DateInstance.h: ditto.
    * runtime/DateConversion.h: ditto.
    * runtime/ExceptionHelpers.h: ditto.
    * runtime/JSCJSValue.h: ditto.
    * runtime/JSArray.h: ditto.
    * runtime/JSDateMath.h: ditto.
    * runtime/JSObject.h: ditto.
    * runtime/JSObject.h: ditto.
    * runtime/RegExp.h: ditto.
    * runtime/Structure.h: ditto.
    * runtime/Options.h:  Added maximumLLVMInstructionCountForNativeInlining.
    * tests/stress/ftl-library-inlining-random.js: Added.
    * tests/stress/ftl-library-substring.js: Added.

    2014-05-21  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG::clobberize should be blind to the effects of GC
    https://bugs.webkit.org/show_bug.cgi?id=133166

    Reviewed by Goeffrey Garen.

    Move the computation of where GCs happen to DFG::doesGC().

    Large (>5x) speed-up on programs that do loop-invariant string concatenations.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGAbstractHeap.h:
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    (JSC::DFG::clobberizeForAllocation): Deleted.
    * dfg/DFGDoesGC.cpp: Added.
    (JSC::DFG::doesGC):
    * dfg/DFGDoesGC.h: Added.
    * dfg/DFGStoreBarrierElisionPhase.cpp:
    (JSC::DFG::StoreBarrierElisionPhase::handleNode):
    (JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Deleted.

    2014-05-16  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] A StructureSet with one element should only require one word and no allocation
    https://bugs.webkit.org/show_bug.cgi?id=133014

    Reviewed by Oliver Hunt.

    This makes it more efficient to use StructureSet in situations where the common case is
    just one structure.

    I also took the opportunity to use the same set terminology we use in BitVector: merge,
    filter, exclude, contains, etc.

    Eventually, this will be used to implement StructureAbstractValue as well.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/StructureSet.cpp: Added.
    (JSC::StructureSet::StructureSet):
    (JSC::StructureSet::operator=):
    (JSC::StructureSet::clear):
    (JSC::StructureSet::add):
    (JSC::StructureSet::remove):
    (JSC::StructureSet::contains):
    (JSC::StructureSet::merge):
    (JSC::StructureSet::filter):
    (JSC::StructureSet::exclude):
    (JSC::StructureSet::isSubsetOf):
    (JSC::StructureSet::overlaps):
    (JSC::StructureSet::operator==):
    (JSC::StructureSet::speculationFromStructures):
    (JSC::StructureSet::arrayModesFromStructures):
    (JSC::StructureSet::dumpInContext):
    (JSC::StructureSet::dump):
    (JSC::StructureSet::addOutOfLine):
    (JSC::StructureSet::containsOutOfLine):
    (JSC::StructureSet::copyFrom):
    (JSC::StructureSet::OutOfLineList::create):
    (JSC::StructureSet::OutOfLineList::destroy):
    * bytecode/StructureSet.h:
    (JSC::StructureSet::StructureSet):
    (JSC::StructureSet::~StructureSet):
    (JSC::StructureSet::onlyStructure):
    (JSC::StructureSet::isEmpty):
    (JSC::StructureSet::size):
    (JSC::StructureSet::at):
    (JSC::StructureSet::operator[]):
    (JSC::StructureSet::last):
    (JSC::StructureSet::OutOfLineList::list):
    (JSC::StructureSet::OutOfLineList::OutOfLineList):
    (JSC::StructureSet::deleteStructureListIfNecessary):
    (JSC::StructureSet::isThin):
    (JSC::StructureSet::pointer):
    (JSC::StructureSet::singleStructure):
    (JSC::StructureSet::structureList):
    (JSC::StructureSet::set):
    (JSC::StructureSet::clear): Deleted.
    (JSC::StructureSet::add): Deleted.
    (JSC::StructureSet::addAll): Deleted.
    (JSC::StructureSet::remove): Deleted.
    (JSC::StructureSet::contains): Deleted.
    (JSC::StructureSet::containsOnly): Deleted.
    (JSC::StructureSet::isSubsetOf): Deleted.
    (JSC::StructureSet::overlaps): Deleted.
    (JSC::StructureSet::singletonStructure): Deleted.
    (JSC::StructureSet::speculationFromStructures): Deleted.
    (JSC::StructureSet::arrayModesFromStructures): Deleted.
    (JSC::StructureSet::operator==): Deleted.
    (JSC::StructureSet::dumpInContext): Deleted.
    (JSC::StructureSet::dump): Deleted.
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::emitPrototypeChecks):
    (JSC::DFG::ByteCodeParser::handleGetById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToStructureTransitionWatchpoint):
    * dfg/DFGTypeCheckHoistingPhase.cpp:
    (JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheck):

Source/WTF:

    2014-06-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] AI should be able track structure sets larger than 1
    https://bugs.webkit.org/show_bug.cgi?id=128073

    Reviewed by Oliver Hunt.

    * wtf/Bag.h:
    (WTF::Bag::Node::Node):
    (WTF::Bag::add):

LayoutTests:

    2014-06-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] AI should be able track structure sets larger than 1
    https://bugs.webkit.org/show_bug.cgi?id=128073

    Reviewed by Oliver Hunt.

    * js/regress/get-by-id-bimorphic-check-structure-elimination-expected.txt: Added.
    * js/regress/get-by-id-bimorphic-check-structure-elimination-simple-expected.txt: Added.
    * js/regress/get-by-id-bimorphic-check-structure-elimination-simple.html: Added.
    * js/regress/get-by-id-bimorphic-check-structure-elimination.html: Added.
    * js/regress/get-by-id-check-structure-elimination-expected.txt: Added.
    * js/regress/get-by-id-check-structure-elimination.html: Added.
    * js/regress/get-by-id-quadmorphic-check-structure-elimination-simple-expected.txt: Added.
    * js/regress/get-by-id-quadmorphic-check-structure-elimination-simple.html: Added.
    * js/regress/script-tests/get-by-id-bimorphic-check-structure-elimination-simple.js: Added.
    * js/regress/script-tests/get-by-id-bimorphic-check-structure-elimination.js: Added.
    * js/regress/script-tests/get-by-id-check-structure-elimination.js: Added.
    * js/regress/script-tests/get-by-id-quadmorphic-check-structure-elimination-simple.js: Added.

    2014-06-03  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] FTL native inlining tests take far too long
    https://bugs.webkit.org/show_bug.cgi?id=133498

    Unreviewed test gardening.

    Move long-running tests that focus on correctness into JSC/tests/stress.
    Speed up the performance tests by reducing allocation and call overhead.

    * js/regress/ftl-library-inlining-exceptions-expected.txt: Removed.
    * js/regress/ftl-library-inlining-exceptions.html: Removed.
    * js/regress/ftl-library-inlining-folding-expected.txt: Removed.
    * js/regress/ftl-library-inlining-folding.html: Removed.
    * js/regress/ftl-library-inlining-loops-expected.txt: Removed.
    * js/regress/ftl-library-inlining-loops.html: Removed.
    * js/regress/script-tests/ftl-library-inlining-dataview.js:
    (foo): Deleted.
    * js/regress/script-tests/ftl-library-inlining-exceptions.js: Removed.
    * js/regress/script-tests/ftl-library-inlining-folding.js: Removed.
    * js/regress/script-tests/ftl-library-inlining-loops.js: Removed.
    * js/regress/script-tests/ftl-library-inlining.js:
    (foo): Deleted.

    2014-06-03  Matthew Mirman  <mmirman@apple.com>

    [ftlopt] Added system for inlining native functions via the FTL.
    https://bugs.webkit.org/show_bug.cgi?id=131515

    Reviewed by Filip Pizlo.

    Adds microbenchmarks.

    * js/regress/script-tests/ftl-library-inlining.js: Added.
    * js/regress/ftl-library-inlining-expected.txt: Added.
    * js/regress/ftl-library-inlining.html: Added.
    * js/regress/script-tests/ftl-library-inlining-dataview.js: Added.
    * js/regress/ftl-library-inlining-dataview-expected.txt: Added.
    * js/regress/ftl-library-inlining-dataview.html: Added.
    * js/regress/script-tests/ftl-library-inlining-exceptions.js: Added.
    * js/regress/ftl-library-inlining-exceptions-expected.txt: Added.
    * js/regress/ftl-library-inlining-exceptions.html: Added.
    * js/regress/script-tests/ftl-library-inlining-folding.js: Added.
    * js/regress/ftl-library-inlining-folding-expected.txt: Added.
    * js/regress/ftl-library-inlining-folding-expected.html: Added.
    * js/regress/script-tests/ftl-library-inlining-loops.js: Added.
    * js/regress/ftl-library-inlining-loops-expected.txt: Added.
    * js/regress/ftl-library-inlining-loops.html: Added.

    2014-05-21  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG::clobberize should be blind to the effects of GC
    https://bugs.webkit.org/show_bug.cgi?id=133166

    Reviewed by Geoffrey Garen.

    * js/regress/hoist-make-rope-expected.txt: Added.
    * js/regress/hoist-make-rope.html: Added.
    * js/regress/script-tests/hoist-make-rope.js: Added.
    (foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171380 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoRemove dead APIs from TiledBackingStore
ryuan.choi@samsung.com [Wed, 23 Jul 2014 01:12:32 +0000 (01:12 +0000)]
Remove dead APIs from TiledBackingStore
https://bugs.webkit.org/show_bug.cgi?id=135158

Reviewed by Gyuyoung Kim.

setContentsFrozen and related code of TiledBackingStore are not used since Qt port is removed.

* platform/graphics/TiledBackingStore.cpp:
(WebCore::TiledBackingStore::TiledBackingStore):
(WebCore::TiledBackingStore::updateTileBuffers):
(WebCore::TiledBackingStore::setContentsScale):
(WebCore::TiledBackingStore::createTiles):
(WebCore::TiledBackingStore::startTileBufferUpdateTimer):
(WebCore::TiledBackingStore::startBackingStoreUpdateTimer):
(WebCore::TiledBackingStore::commitScaleChange): Deleted.
(WebCore::TiledBackingStore::isBackingStoreUpdatesSuspended): Deleted.
(WebCore::TiledBackingStore::isTileBufferUpdatesSuspended): Deleted.
(WebCore::TiledBackingStore::setContentsFrozen): Deleted.
* platform/graphics/TiledBackingStore.h:
(WebCore::TiledBackingStore::contentsFrozen): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171379 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoFix window-inactive css selectors when using querySelector.
commit-queue@webkit.org [Wed, 23 Jul 2014 01:01:55 +0000 (01:01 +0000)]
Fix window-inactive css selectors when using querySelector.
https://bugs.webkit.org/show_bug.cgi?id=135149

Patch by Alex Christensen <achristensen@webkit.org> on 2014-07-22
Reviewed by Tim Horton.

Source/WebCore:
Test: fast/selectors/querySelector-window-inactive.html

* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOne):
Removed default and implemented case PseudoClassWindowInactive.

LayoutTests:
* fast/selectors/querySelector-window-inactive-expected.txt: Added.
* fast/selectors/querySelector-window-inactive.html: Added.
* platform/wk2/TestExpectations:
Added querySelector-window-inactive.html to list of tests that do not work in WK2 because of setWindowIsKey.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171378 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoREGRESSION (r171016): Reproducible infinite spin selecting phone number
timothy_horton@apple.com [Wed, 23 Jul 2014 00:36:13 +0000 (00:36 +0000)]
REGRESSION (r171016): Reproducible infinite spin selecting phone number
https://bugs.webkit.org/show_bug.cgi?id=135183
<rdar://problem/17727342>

Reviewed by Ryosuke Niwa.

* editing/Editor.cpp:
(WebCore::Editor::scanRangeForTelephoneNumbers):
Make use of TextIterator::subrange, which knows how to make a subrange from character positions,
instead of assuming that our character positions translate directly to positions in the incoming range.
Make use of DocumentMarkerController::addMarker, which takes a range and applies the marker to
all text nodes inside the range as appropriate.
Fix naming of the shadowed 'length' local.
Fix a typo in the comment.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171376 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[iOS] [OSX] Don't transcode WOFF on platforms that support it natively
mmaxfield@apple.com [Wed, 23 Jul 2014 00:35:27 +0000 (00:35 +0000)]
[iOS] [OSX] Don't transcode WOFF on platforms that support it natively
https://bugs.webkit.org/show_bug.cgi?id=134904

Reviewed by Andreas Kling.

No new tests because there is no behavior change.

* loader/cache/CachedFont.cpp:
(WebCore::CachedFont::ensureCustomFontData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171375 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed build fix on EFL port after r171356.
jinwoo7.song@samsung.com [Wed, 23 Jul 2014 00:14:06 +0000 (00:14 +0000)]
Unreviewed build fix on EFL port after r171356.

Implement a dummy platformMediaCacheDirectory() to avoid undefined reference error.

* UIProcess/efl/WebContextEfl.cpp:
(WebKit::WebContext::platformMediaCacheDirectory):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years agoUnreviewed build fix attempt on the EFL port after r171362.
ryuan.choi@samsung.com [Tue, 22 Jul 2014 23:52:08 +0000 (23:52 +0000)]
Unreviewed build fix attempt on the EFL port after r171362.

Build break because of -Werror=return-type

* bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::makesCalls):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171372 268f45cc-cd09-0410-ab3c-d52691b4dbfc

7 years ago[Win] Crash after plugin is unloaded.
commit-queue@webkit.org [Tue, 22 Jul 2014 23:33:09 +0000 (23:33 +0000)]
[Win] Crash after plugin is unloaded.
https://bugs.webkit.org/show_bug.cgi?id=119044

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-07-22
Reviewed by Darin Adler.

We need to invalidate all runtime objects when a plugin view is destroyed, in case the plugin is unloaded,
and one of these runtime objects accesses the plugin function table upon destruction afterwards, which will cause a crash.
If we use the weak pointer to the runtime object when invalidating, it will be null if it's in the WeakImpl::Dead state.
This means the runtime object will not be invalidated, possibly causing a crash if the plugin is unloaded.
It should be safe to use the raw pointer to the runtime object when invalidating, since finalized runtime objects
will be removed from the set of runtime objects in the method RootObject::finalize().

* bridge/runtime_root.cpp:
(JSC::Bindings::RootObject::invalidate): Make sure all runtime objects are invalidated by getting the raw runtime object pointer from the hash key.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@171371 268f45cc-cd09-0410-ab3c-d52691b4dbfc