WebKit-https.git
6 years agoCreate UTF-8 string from in-band VTT cues
eric.carlson@apple.com [Thu, 7 Aug 2014 21:01:20 +0000 (21:01 +0000)]
Create UTF-8 string from in-band VTT cues
https://bugs.webkit.org/show_bug.cgi?id=135716

Reviewed by Brent Fulgham.

Tests will be added in https://bugs.webkit.org/show_bug.cgi?id=135717.

* platform/graphics/ISOVTTCue.cpp:
(WebCore::ISOBox::peekString): Call String::fromUTF8 because we know that VTT is always
    UTF-8.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172257 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: Mark some tests as failing to green the bots.
mark.lam@apple.com [Thu, 7 Aug 2014 20:56:30 +0000 (20:56 +0000)]
Gardening: Mark some tests as failing to green the bots.
<https://webkit.org/b/135720>

Not reviewed.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172253 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Dragging selection window when mouse goes out of window bounds does...
joepeck@webkit.org [Thu, 7 Aug 2014 20:50:45 +0000 (20:50 +0000)]
Web Inspector: Dragging selection window when mouse goes out of window bounds does not behave as expected
https://bugs.webkit.org/show_bug.cgi?id=135372

Reviewed by Timothy Hatcher.

Constrain move selection window dragging to the ruler bounds
based on the mouse down position on the drag window.

* UserInterface/Views/TimelineRuler.js:
(WebInspector.TimelineRuler.prototype._handleMouseDown):
(WebInspector.TimelineRuler.prototype._handleMouseMove):
(WebInspector.TimelineRuler.prototype._handleMouseUp):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172249 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDisable implicit animations on video layer.
jeremyj-wk@apple.com [Thu, 7 Aug 2014 20:41:23 +0000 (20:41 +0000)]
Disable implicit animations on video layer.
https://bugs.webkit.org/show_bug.cgi?id=135679

Reviewed by Eric Carlson.

Disable implicit animations on AVPlayerLayer except when setting fullscreen frame.
This prevents unwanted animations.

* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer): disable implicit animations
(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): allow implicit animations while changing fullscreen frame.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: Update glyphs to be more like Xcode 6
timothy@apple.com [Thu, 7 Aug 2014 20:31:41 +0000 (20:31 +0000)]
Web Inspector: Update glyphs to be more like Xcode 6
https://bugs.webkit.org/show_bug.cgi?id=135705

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:
* Localizations/en.lproj/localizedStrings.js: Updated.

* UserInterface/Base/ImageUtilities.js:
(platformImagePath): Added.
(generateEmbossedImages.generateImage):
Bump the base image version. Helper function. Use isLegacyMacOS.

* UserInterface/Base/Main.js:
(WebInspector.contentLoaded):
(WebInspector._updateDockNavigationItems):
(WebInspector._generateDisclosureTriangleImages):
Use new images and add legacy path. Remove the shadow.

* UserInterface/Images: Updated images.
* UserInterface/Images/Legacy: Added. Moved legacy images here.

* UserInterface/Views/CSSStyleDeclarationSection.css:
(.style-declaration-section):
(body.mac-platform.legacy .style-declaration-section + .style-declaration-section):
(.style-declaration-section.last-in-group):
(.style-declaration-section.last-in-group + .style-declaration-section):
Use a consistent gray for borders.

* UserInterface/Views/CSSStyleDetailsSidebarPanel.css:
(.sidebar > .panel.details.css-style > .content > .pseudo-classes):
Use a consistent gray for borders.

* UserInterface/Views/ContentBrowser.js:
(WebInspector.ContentBrowser):
Use new images and add legacy path.

* UserInterface/Views/ControlToolbarItem.css:
(.toolbar .item.control):
(body.mac-platform.legacy .toolbar .item.control):
(.toolbar .item.control:hover):
(body.mac-platform.legacy .toolbar .item.control:hover):
Adjust the opacity for controls.

* UserInterface/Views/DOMTreeContentView.js:
(WebInspector.DOMTreeContentView):
Use new images and add legacy path.

* UserInterface/Views/DataGrid.css:
(.data-grid tr.selected):
Use a consistent gray for borders.

* UserInterface/Views/DataGrid.js:
(WebInspector.DataGrid.prototype.get _generateSortIndicatorImagesIfNeeded):
Use new images and add legacy path. Remove the shadow.

* UserInterface/Views/DebuggerSidebarPanel.js:
(WebInspector.DebuggerSidebarPanel):
Use new images and add legacy path.

* UserInterface/Views/DefaultDashboardView.css:
(.toolbar .dashboard.default > .item):
(body.mac-platform.legacy .toolbar .dashboard.default > .item):
(body.mac-platform.legacy .toolbar .dashboard.default > .resourcesCount > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .time > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .logs > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .resourcesSize > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .errors > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .errors.enabled > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .issues > img):
(body.mac-platform.legacy .toolbar .dashboard.default > .issues.enabled > img):
Use new images and add legacy path.

* UserInterface/Views/DetailsSection.css:
(.details-section):
(.details-section .details-section:first-child):
(body.mac-platform.legacy .details-section > .header):
(.details-section > .content > .group):
(.details-section > .content > .group:nth-child(even) > .row.simple:first-child > *):
(body.mac-platform.legacy .details-section > .content > .group:last-child > .row.simple:last-child > *):
Use a consistent gray for borders.

* UserInterface/Views/FilterBar.css:
(body.mac-platform.legacy .filter-bar > input[type="search"]::-webkit-search-decoration):
Use new images and add legacy path.

* UserInterface/Views/FindBanner.css:
(.find-banner):
Use a consistent gray for borders.

* UserInterface/Views/FindBanner.js:
(WebInspector.FindBanner.prototype._generateButtonsGlyphsIfNeeded):
Add legacy path.

* UserInterface/Views/FrameTreeElement.js:
(WebInspector.FrameTreeElement.prototype.updateStatusForMainFrame):
Use new images and add legacy path.

* UserInterface/Views/LogContentView.js:
(WebInspector.LogContentView):
Use new images and add legacy path.

* UserInterface/Views/Main.css:
(#split-content-browser):
Use a consistent gray for borders.

* UserInterface/Views/NavigationSidebarPanel.css:
(.sidebar > .panel.navigation > .overflow-shadow):
(body.mac-platform.legacy .sidebar > .panel.navigation > .overflow-shadow):
(.sidebar > .panel.navigation > .overflow-shadow.top):
(body.mac-platform.legacy .sidebar > .panel.navigation > .overflow-shadow.top):
(.sidebar > .panel.navigation > .empty-content-placeholder):
(body.mac-platform.legacy .sidebar > .panel.navigation > .empty-content-placeholder):
(.navigation-sidebar-panel-content-tree-outline:focus .item.selected .disclosure-button):
(.navigation-sidebar-panel-content-tree-outline:focus .item.selected.expanded .disclosure-button):
(.navigation-sidebar-panel-content-tree-outline .item.selected):
(.navigation-sidebar-panel-content-tree-outline:focus .item.selected):
Adjust the styles to make the selected item use white text and icons only when focused.

* UserInterface/Views/NavigationSidebarPanel.js:
(WebInspector.NavigationSidebarPanel.prototype._updateContentOverflowShadowVisibility):
(WebInspector.NavigationSidebarPanel.prototype._generateDisclosureTrianglesIfNeeded):
Remove the shadow from the disclosure triangles. Make the overflow shadow not fade.

* UserInterface/Views/ProbeDetailsSidebarPanel.css:
(.details-section.probe-set .options > .probe-clear-samples):
(.details-section.probe-set .options > .probe-remove):
(.details-section.probe-set .options > .probe-add):
(body.mac-platform.legacy .details-section.probe-set .options > .probe-clear-samples):
(body.mac-platform.legacy .details-section.probe-set .options > .probe-remove):
(body.mac-platform.legacy .details-section.probe-set .options > .probe-add):
Tweak size and position of icons and use legacy paths.

* UserInterface/Views/QuickConsole.css:
(.quick-console):
Adjust padding to match filter bar height.

* UserInterface/Views/ResourceSidebarPanel.css:
(.sidebar > .panel.navigation.resource > .search-bar):
Adjust height.

* UserInterface/Views/RulesStyleDetailsPanel.css:
(.sidebar > .panel.details.css-style .rules .label + .style-declaration-section):
(.sidebar > .panel.details.css-style .rules .new-rule + .style-declaration-section):
(body.mac-platform.legacy .sidebar > .panel.details.css-style .rules .new-rule img):
Use a consistent gray for borders. Don't bold the New Rule label.

* UserInterface/Views/ScriptContentView.js:
(WebInspector.ScriptContentView):
Use new images and add legacy path.

* UserInterface/Views/Sidebar.css:
(.sidebar.left):
(.sidebar.right):
Use a consistent gray for borders.

* UserInterface/Views/TextContentView.js:
(WebInspector.TextContentView):
Use new images and add legacy path.

* UserInterface/Views/TextResourceContentView.js:
(WebInspector.TextResourceContentView):
Use new images and add legacy path.

* UserInterface/Views/TimelineContentView.js:
(WebInspector.TimelineContentView):
Use new images and add legacy path.

* UserInterface/Views/TimelineDataGrid.css:
(.data-grid.timeline th):
(.data-grid.timeline th.sortable:active):
(.data-grid.timeline th.sort-descending):
Fix a regression with the gradient background showing in legacy mode.

* UserInterface/Views/TimelineIcons.css:
(body.mac-platform.legacy .network-icon .icon):
(body.mac-platform.legacy .network-icon.large .icon):
(body.mac-platform.legacy .colors-icon .icon):
(body.mac-platform.legacy .colors-icon.large .icon):
Added legacy versions of these icons.

* UserInterface/Views/TimelineSidebarPanel.css:
(.sidebar > .panel.navigation.timeline > .status-bar > .record-glyph):
(.sidebar > .panel.navigation.timeline > .status-bar > .record-glyph:hover):
(.sidebar > .panel.navigation.timeline > .status-bar > .record-glyph:active):
(.sidebar > .panel.navigation.timeline > .status-bar > .record-glyph.recording):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph.recording):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph:hover):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph.recording:hover):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph.forced):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph.recording.forced):
(.sidebar > .panel.navigation.timeline > .timelines-content .close-button):
(.sidebar > .panel.navigation.timeline > .timelines-content li.item.selected + li.item):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content :focus li.item.selected + li.item):
Update the styles for the recording button and close button.

* UserInterface/Views/TimelineSidebarPanel.js:
(WebInspector.TimelineSidebarPanel.createTimelineTreeElement):
Use TreeElementStatusButton instead of a styled image.

* UserInterface/Views/TreeElementStatusButton.css:
(.item > .status > .status-button > svg path.filled):
(body.mac-platform.legacy .item > .status > .status-button > svg path.filled):
(:focus .item.selected > .status > .status-button > svg path.filled):
(.item > .status > .status-button > svg path.stroked):
(body.mac-platform.legacy .item > .status > .status-button > svg path.stroked):
(:focus .item.selected > .status > .status-button > svg path.stroked):
(.item.selected > .status > .status-button:active):
(.item > .status > .status-button.disabled):
Updated selectors and styles to work with stroke or fill.

Source/WebKit:
* WebKit.xcodeproj/project.pbxproj: Added new images.

Source/WebKit/mac:
* Resources/Dock.pdf: Added.
* Resources/DockLegacy.pdf: Copied from Source/WebKit/mac/Resources/Dock.pdf.
* WebCoreSupport/WebInspectorClient.mm:
(-[WebInspectorWindowController window]): Use new images.

Source/WebKit2:
* Resources/DockBottom.pdf: Added.
* Resources/DockBottomLegacy.pdf: Copied from Source/WebKit/mac/Resources/Dock.pdf.
* Resources/DockRight.pdf: Added.
* Resources/DockRightLegacy.pdf: Copied from Source/WebKit2/Resources/DockRight.pdf.
* UIProcess/mac/WebInspectorProxyMac.mm:
(WebKit::WebInspectorProxy::createInspectorWindow): Use new images.
* WebKit2.xcodeproj/project.pbxproj: Added new images.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWebContent needs access to HSTS database due to some networking still being performed...
oliver@apple.com [Thu, 7 Aug 2014 20:27:15 +0000 (20:27 +0000)]
WebContent needs access to HSTS database due to some networking still being performed in process
https://bugs.webkit.org/show_bug.cgi?id=135711
<rdar://17940220>

Reviewed by Alexey Proskuryakov.

Simple patch in the same theme as the equivalent network process
extension.  Provide an extension that covers the WebContent specific
HSTS file and consume it on launch.

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/WebContext.cpp:
(WebKit::WebContext::createNewWebProcess):
* UIProcess/WebContext.h:
* UIProcess/mac/WebContextMac.mm:
(WebKit::WebContext::webContentHSTSDatabasePath):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172238 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSource/WebCore:
commit-queue@webkit.org [Thu, 7 Aug 2014 20:20:40 +0000 (20:20 +0000)]
Source/WebCore:

Provide methods to clear undesired references to HistoryItems that have been removed from the back/forard list.
https://bugs.webkit.org/show_bug.cgi?id=135634
<rdar://problem/17388461>

Patch by Gordon Sheridan <gordon_sheridan@apple.com> on 2014-08-07
Reviewed by Brady Eidson.

No new tests.  Would require an API test that also needs an httpd, which we don't currently support.

* WebCore.exp.in:
Added export for Page::clearPreviousItemFromAllPages.

* loader/HistoryController.cpp:
(WebCore::HistoryController::clearPreviousItem):
Clear m_previousItem and iterate over children recursively calling clearPreviousItem().
The m_previousItem is cleared for the target HistoryController, and all of its descendents.

* loader/HistoryController.h:
Declared HistoryController::clearPreviousItem.

* page/Page.cpp:
(WebCore::Page::clearPreviousItemFromAllPages):
Iterate over each page in the web process, checking if the previous item of
the HistoryController for the main frame is the same as the item being removed. If so, the
frameTree is traversed and each associated HistoryController has its m_previousItem cleared.

* page/Page.h:
Declared Page::clearPreviousItemFromAllPages.

Source/WebKit2:

Clear the m_previousItem member of HistoryControllers when it matches the HistoryItem being removed.
https://bugs.webkit.org/show_bug.cgi?id=135634
<rdar://problem/17388461>

Patch by Gordon Sheridan <gordon_sheridan@apple.com> on 2014-08-07
Reviewed by Brady Eidson.

* WebProcess/WebPage/WebBackForwardListProxy.cpp:
(WebKit::WebBackForwardListProxy::removeItem):
Call WebCore::Page::clearPreviousItemFromAllPages() for each item removed from
the back/forward list to ensure the page URL is released from IconDatabase.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172235 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix attempt #2 following r172224.
roger_fong@apple.com [Thu, 7 Aug 2014 20:04:54 +0000 (20:04 +0000)]
Unreviewed build fix attempt #2 following r172224.

* html/track/VTTCue.cpp:
(WebCore::VTTCueBox::applyCSSProperties):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix following r172224.
roger_fong@apple.com [Thu, 7 Aug 2014 19:53:08 +0000 (19:53 +0000)]
Unreviewed build fix following r172224.

* html/track/TextTrackCueGeneric.cpp:
(WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):
* html/track/VTTCue.cpp:
(WebCore::VTTCueBox::applyCSSProperties):
* html/track/VTTCue.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172228 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r172219.
dbates@webkit.org [Thu, 7 Aug 2014 19:44:28 +0000 (19:44 +0000)]
Unreviewed, rolling out r172219.

Caused some /fast/workers tests to fail; will investigate
offline.

Reverted changeset:

"Sometimes Gmail cannot load messages, particularly on refresh
("...the application ran into an unexpected error...")"
https://bugs.webkit.org/show_bug.cgi?id=135688
http://trac.webkit.org/changeset/172219

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172225 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoIncrease width of caption container if a larger font size is selected from user prefs.
roger_fong@apple.com [Thu, 7 Aug 2014 19:34:10 +0000 (19:34 +0000)]
Increase width of caption container if a larger font size is selected from user prefs.
https://bugs.webkit.org/show_bug.cgi?id=135677.

Reviewed by Brent Fulgham.

* html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTextTrackContainerElement::updateDisplay):
Upon creation of a VTTCueBox make sure to supply the font size set by the user prefs.
* html/track/TextTrackCueGeneric.cpp:
(WebCore::TextTrackCueGenericBoxElement::applyCSSProperties):
Increase the width of the cue box based on user prefs font size selection.

* html/track/VTTCue.h:
Keep track of the font size set in the user prefs for use when the cue boxes are created.
(WebCore::VTTCueBox::setFontSizeFromCaptionUserPrefs):
* html/track/VTTCue.cpp:
(WebCore::VTTCueBox::applyCSSProperties):
Increase the width of the cue box based on user prefs font size selection.
(WebCore::VTTCue::getDisplayTree):
(WebCore::VTTCue::setFontSize):
If the font size set is important then we don't want to use the font size set by user prefs, set it to 0.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172224 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: Mark test as failing in TestExpectations until the issue can be investigated.
mark.lam@apple.com [Thu, 7 Aug 2014 19:28:04 +0000 (19:28 +0000)]
Gardening: Mark test as failing in TestExpectations until the issue can be investigated.
<https://webkit.org/b/135708>

Not reviewed.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172222 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix after r172220.
achristensen@apple.com [Thu, 7 Aug 2014 19:17:57 +0000 (19:17 +0000)]
Unreviewed build fix after r172220.

* css/SelectorChecker.cpp:
(WebCore::hasScrollbarPseudoElement):
Use ASSERT_UNUSED instead of just ASSERT.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCompile scrollbar pseudoclass css selectors.
achristensen@apple.com [Thu, 7 Aug 2014 18:55:50 +0000 (18:55 +0000)]
Compile scrollbar pseudoclass css selectors.
https://bugs.webkit.org/show_bug.cgi?id=135242

Reviewed by Benjamin Poulain.

Source/WebCore:

Tests: scrollbars/corner-resizer-window-inactive.html
       scrollbars/scrollbar-selectors.html

* css/ElementRuleCollector.cpp:
(WebCore::ElementRuleCollector::ruleMatches):
Changed assertion because there are pseudo-elements selectors that return CannotCompileAnything now, which
make SimpleSelectorCheckers.
Add scrollbar, scrollbarPart, and document to the CheckingContext and compile scrollbar pseudo-element selectors.
* css/SelectorChecker.cpp:
(WebCore::hasScrollbarPseudoElement):
Added.  Logic moved from matchRecursively to be easier to read and to add assertions.
context.scrollbar is always non-null when dynamicPseudo is SCROLLBAR_CORNER.
(WebCore::SelectorChecker::matchRecursively):
Moved logic to hasScrollbarPseudoElement.
(WebCore::SelectorChecker::checkOne):
checkScrollbarPseudoClass accesses the document through the element now.
(WebCore::SelectorChecker::checkScrollbarPseudoClass):
* css/SelectorChecker.h:
(WebCore::SelectorChecker::SelectorCheckingContext::SelectorCheckingContext):
* css/SelectorCheckerTestFunctions.h:
(WebCore::scrollbarMatchesEnabledPseudoClass):
(WebCore::scrollbarMatchesDisabledPseudoClass):
(WebCore::scrollbarMatchesHoverPseudoClass):
(WebCore::scrollbarMatchesActivePseudoClass):
(WebCore::scrollbarMatchesHorizontalPseudoClass):
(WebCore::scrollbarMatchesVerticalPseudoClass):
(WebCore::scrollbarMatchesDecrementPseudoClass):
(WebCore::scrollbarMatchesIncrementPseudoClass):
(WebCore::scrollbarMatchesStartPseudoClass):
(WebCore::scrollbarMatchesEndPseudoClass):
(WebCore::scrollbarMatchesDoubleButtonPseudoClass):
(WebCore::scrollbarMatchesSingleButtonPseudoClass):
(WebCore::scrollbarMatchesNoButtonPseudoClass):
(WebCore::scrollbarMatchesCornerPresentPseudoClass):
Move scrollbar selector logic from SelectorChecker.cpp to SelectorCheckerTestFunctions.h
For window-inactive pseudo classes, we now access the document through the element instead of as a separate parameter.
* cssjit/SelectorCompiler.cpp:
(WebCore::SelectorCompiler::SelectorFragment::appendUnoptimizedPseudoClassWithContext):
(WebCore::SelectorCompiler::addScrollbarPseudoClassType):
(WebCore::SelectorCompiler::addPseudoClassType):
(WebCore::SelectorCompiler::isScrollbarPseudoElement):
(WebCore::SelectorCompiler::constructFragments):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
Call functions for unoptimized pseudo classes that require a context.
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
Added.  Similar to generateElementFunctionCallTest, but the CheckingContext pointer is stored on the stack instead of a dedicated register.
* cssjit/SelectorCompiler.h:
Added scrollbar, scrollbarPart, and document to the CheckingContext.
(WebCore::SelectorCompiler::CheckingContext::document):
Added method to access the document in a way that is syntactically equal to SelectorCheckingContext.
This way, the template functions in SelectorCheckerTestFunctions.h can be compiled with both context types,
but the context types store the document differently.

LayoutTests:

* platform/wk2/TestExpectations:
Don't run corner-resizer-window-inactive-expected in WK2 because testRunner.setWindowIsKey doesn't work with WK2.
* scrollbars/corner-resizer-window-inactive-expected.html: Added.
* scrollbars/corner-resizer-window-inactive.html: Added.
* scrollbars/scrollbar-selectors-expected.txt: Added.
* scrollbars/scrollbar-selectors.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSometimes Gmail cannot load messages, particularly on refresh ("...the application...
dbates@webkit.org [Thu, 7 Aug 2014 18:46:43 +0000 (18:46 +0000)]
Sometimes Gmail cannot load messages, particularly on refresh ("...the application ran into an unexpected error...")
https://bugs.webkit.org/show_bug.cgi?id=135688
<rdar://problem/17886686>

Reviewed by Maciej Stachowiak.

Fixes an issue where gmail.com may fail to load the list of messages. In particular, a SQLTransactionCallback
function may not be executed and hence Gmail will not display the list of messages and
will subsequently display an error message.

When a WebKit client defers loading of a page (e.g. -[WebView setDefersCallbacks:YES]), WebCore
may still load the main resource, say if substitute data is available for it, and defer executing
tasks, such as a SQLTransactionCallback function, by appending such tasks to the end of the list
of pending tasks for the associated Document. This list of pending tasks is never processed when
a client subsequently allows loading (e.g. -[WebView setDefersCallbacks:NO])). Therefore, we never
execute a SQLTransactionCallback function that was deferred.

Ideally WebCore would defer loading of substitute data when a WebKit client requests that loading
be deferred and hence a SQLTransactionCallback function would be deferred as a consequence of the
lack of JavaScript script execution (since substitute data wasn't loaded and hence any JavaScript
script contained in the substitute data that initiates a SQL transaction isn't executed). For now,
it's sufficient to only defer executing tasks when either there are existing pending tasks or the
active DOM objects for the document are suspended (e.g. Document::suspendActiveDOMObjects() was called).

* dom/Document.cpp:
(WebCore::Document::postTask):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoborder-radius on html does not render properly.
zalan@apple.com [Thu, 7 Aug 2014 18:23:13 +0000 (18:23 +0000)]
border-radius on html does not render properly.
https://bugs.webkit.org/show_bug.cgi?id=135706

Reviewed by Simon Fraser.

Ensure that background is initialized when border-radius is present.

Source/WebCore:

Test: fast/borders/border-radius-on-html.html

* rendering/RenderView.cpp:
(WebCore::rendererObscuresBackground):

LayoutTests:

* fast/borders/border-radius-on-html-expected.html: Added.
* fast/borders/border-radius-on-html.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: DebuggerManager sends spurious setBreakpointsActive commands when...
burg@cs.washington.edu [Thu, 7 Aug 2014 17:57:51 +0000 (17:57 +0000)]
Web Inspector: DebuggerManager sends spurious setBreakpointsActive commands when setting a breakpoint
https://bugs.webkit.org/show_bug.cgi?id=135674

Reviewed by David Kilzer.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.set breakpointsEnabled): Fix a typo.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172217 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agofor-in is failing fast/dom/dataset-xhtml.xhtml and dataset.html tests
mhahnenberg@apple.com [Thu, 7 Aug 2014 17:29:52 +0000 (17:29 +0000)]
for-in is failing fast/dom/dataset-xhtml.xhtml and dataset.html tests
https://bugs.webkit.org/show_bug.cgi?id=135681

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

* runtime/Structure.cpp:
(JSC::Structure::canCacheGenericPropertyNameEnumerator): We were checking the entire
prototype chain for overridesGetPropertyNames, but we were neglecting to check the
base object's Structure. D'oh!

LayoutTests:

Removed the two failing tests from the TestExpectations list since they pass now!

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRandom resource replacement on beta.icloud.com
psolanki@apple.com [Thu, 7 Aug 2014 17:20:16 +0000 (17:20 +0000)]
Random resource replacement on beta.icloud.com
https://bugs.webkit.org/show_bug.cgi?id=135685
<rdar://problem/17937975>

Reviewed by Alexey Proskuryakov.

Revert the performance optimization in r170499. It turns out we could get a delayed disk
cache notification for a resource that has since been changed in WebCore. In such a case, we
were replacing the newer resource data with the older disk cached resource data. This was
happening for cached POST content on beta.icloud.com. Fix this by forcing a memcmp of data
contents before replacing it which is what we used to do before.

* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::tryReplaceEncodedData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoThe support directory shouldn't be skipped unconditionally in test import
bjonesbe@adobe.com [Thu, 7 Aug 2014 16:37:59 +0000 (16:37 +0000)]
The support directory shouldn't be skipped unconditionally in test import
https://bugs.webkit.org/show_bug.cgi?id=135660

Reviewed by Ryosuke Niwa.

The 'DIRS_TO_SKIP' should only be skipped when in the root directory
of the test repo, as that's the only time they are special. In
addition, instead of hardcoding .hg and .git as special, skip all
directories that begin with '.', just like with files that begin with '.'.

In order to make this work, the root directory must always be
passed in, so the interface to the script has been changed to take the
root directory, and if one wants to only import a subset of the tests,
a new -t option can be used to limit the tests imported.

* Scripts/webkitpy/w3c/test_importer.py:
(main): Remove repo_dir command line argument.
(parse_args): Add -t option and set expected non-option args to 1.
(TestImporter.__init__): Remove repo_dir.
(TestImporter.do_import): Handle the varying number of import
    directories.
(TestImporter.should_keep_subdir): Helper for find_importable_tests to
    determine if a subdirectory should be skipped.
(TestImporter.find_importable_tests): Filter directories using new
    helper.
(TestImporter.import_tests): Remove use of repo_dir.
(TestImporter.setup_destination_directory): Unused, Deleted.
* Scripts/webkitpy/w3c/test_importer_unittest.py:
(TestImporterTest.test_import_dir_with_no_tests_and_no_hg): Update for
    new API.
(TestImporterTest.test_import_dir_with_no_tests): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172214 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Mac, iOS] Captions are appearing multiple times during repeated video play through
bfulgham@apple.com [Thu, 7 Aug 2014 16:23:05 +0000 (16:23 +0000)]
[Mac, iOS] Captions are appearing multiple times during repeated video play through
https://bugs.webkit.org/show_bug.cgi?id=135680
Source/WebCore:

<rdar://problem/17926802>

Reviewed by Eric Carlson.

Test: media/track/track-in-band-cues-added-once.html

Revert TextTrackCueGeneric::isOrderedBefore logic to its original form, and add
a new 'isOrderedBeforeDuringDisplay' for the special case of displaying captions.

* html/shadow/MediaControlElements.cpp:
(WebCore::compareCueIntervalForDisplay): Added helper function.
(WebCore::MediaControlTextTrackContainerElement::updateDisplay): Use the new
'isOrderedBeforeDuringDisplay' to order the cues for display.
* html/track/TextTrackCue.h:
(WebCore::TextTrackCue::isOrderedBeforeDuringDisplay): Added. This just
calls the existing 'isOrderedBefore' method.
* html/track/TextTrackCueGeneric.cpp:
(WebCore::TextTrackCueGeneric::isOrderedBefore): Revert to logic used
prior to r171700.
(WebCore::TextTrackCueGeneric::isOrderedBeforeDuringDisplay): New method that
implements the behavior in r171700.
* html/track/TextTrackCueGeneric.h:

LayoutTests:

<rdar://problem/17926802>

Reviewed by Eric Carlson.

Reactivate the 'track-in-band-cues-added-once.html' test. We would have caught
this bug immediately if the test had been enabled.

* platform/mac/TestExpectations: Turn 'track-in-band-cues-added-once.html' back
on.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Mac] Taking a paused video full screen flashes black at beginning of animation.
jer.noble@apple.com [Thu, 7 Aug 2014 16:06:06 +0000 (16:06 +0000)]
[Mac] Taking a paused video full screen flashes black at beginning of animation.
https://bugs.webkit.org/show_bug.cgi?id=135668

Reviewed by Eric Carlson.

When entering fullscreen, the full screen window will momentarily occlude the browser
window, causing a visiblity change notification. To avoid flickering when client buffering
is disabled, throttle calls to updateClientDataBuffering by delaying those calls for a
short period.

* platform/audio/MediaSession.cpp:
(WebCore::MediaSession::MediaSession):
(WebCore::MediaSession::clientWillPausePlayback):
(WebCore::MediaSession::visibilityChanged):
(WebCore::MediaSession::clientDataBufferingTimerFired):
(WebCore::MediaSession::updateClientDataBuffering):
* platform/audio/MediaSession.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172212 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Use WebKitNavigationAction also for WebKitNavigationPolicyDecision
carlosgc@webkit.org [Thu, 7 Aug 2014 14:58:11 +0000 (14:58 +0000)]
[GTK] Use WebKitNavigationAction also for WebKitNavigationPolicyDecision
https://bugs.webkit.org/show_bug.cgi?id=135695

Reviewed by Gustavo Noronha Silva.

Source/WebKit2:

WebKitNavigationAction was introduced to extend WebKitWebView::create signal
and its API is mostly duplicated in WebKitNavigationPolicyDecision.
Use WebKitNavigationAction insternally in WebKitNavigationPolicyDecision and
deprecated all the duplicated API in favor of a single property navigation-action.

* UIProcess/API/gtk/WebKitDefines.h: Remove unused macro
WEBKIT_OBSOLETE and add WEBKIT_DEPRECATED and WEBKIT_DEPRECATED_FOR.
* UIProcess/API/gtk/WebKitNavigationPolicyDecision.cpp:
(_WebKitNavigationPolicyDecisionPrivate::~_WebKitNavigationPolicyDecisionPrivate):
Free the WebKitNavigationAction.
(webkitNavigationPolicyDecisionGetProperty): Add getter for
navigation-action and use WebKitNavigationAction in all other getters.
(webkit_navigation_policy_decision_class_init): Add navigation-action
property and deprecated all others except frame-name.
(webkit_navigation_policy_decision_get_navigation_action): Return the WebKitNavigationAction.
(webkit_navigation_policy_decision_get_navigation_type): Use WebKitNavigationAction.
(webkit_navigation_policy_decision_get_mouse_button): Ditto.
(webkit_navigation_policy_decision_get_modifiers): Ditto.
(webkit_navigation_policy_decision_get_request): Ditto.
(webkitNavigationPolicyDecisionCreate):
(webkitNewWindowPolicyDecisionCreate):
* UIProcess/API/gtk/WebKitNavigationPolicyDecision.h:
* UIProcess/API/gtk/WebKitNavigationPolicyDecisionPrivate.h:
* UIProcess/API/gtk/WebKitPolicyClient.cpp: Use a custom
PolicyClient class so that we receive a NavigationActionData in
the callbacks.
(attachPolicyClientToView):
(toWebKitNavigationType): Deleted.
(decidePolicyForNavigationAction): Deleted.
(decidePolicyForNewWindowAction): Deleted.
(decidePolicyForResponse): Deleted.
* UIProcess/API/gtk/WebKitResponsePolicyDecision.cpp:
(webkitResponsePolicyDecisionCreate):
* UIProcess/API/gtk/WebKitResponsePolicyDecisionPrivate.h:
* UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Add new section for
deprecated symbols.
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Add new symbols.

Tools:

Use WebKitNavigationAction API.

* MiniBrowser/gtk/BrowserWindow.c:
(webViewDecidePolicy):
* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitPolicyClient.cpp:
(testNavigationPolicy):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172211 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoASSERT in Document::unregisterCollection reloading apple.com
zandobersek@gmail.com [Thu, 7 Aug 2014 14:11:12 +0000 (14:11 +0000)]
ASSERT in Document::unregisterCollection reloading apple.com
https://bugs.webkit.org/show_bug.cgi?id=135168

Reviewed by Andreas Kling.

* dom/Document.cpp:
(WebCore::Document::unregisterCollection): This assertion was failing
because the passed-in HTMLCollection was not invalidated for a non-related
attribute, but was instead unregistered during destruction, at which point
the m_collectionsInvalidatedAtDocument HashSet was empty.
The assertion could be trivially reduced into checking that the HashSet is
empty when it was moved out of in Document::invalidateNodeListAndCollectionCaches(),
but that just checks that the move semantics on HashSet work properly. Removing
a non-existent element from a HashSet is harmless, so the assertion can be removed
completely.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172210 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed EFL gardening
m.pakula@samsung.com [Thu, 7 Aug 2014 13:06:10 +0000 (13:06 +0000)]
Unreviewed EFL gardening

Add test expectations for failing tests.

* platform/efl/TestExpectations:
* platform/efl/inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: Rebaseline after r172136.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172209 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove Soup specific code out of WebCoreArgumentCoders.cpp
antti@apple.com [Thu, 7 Aug 2014 12:38:30 +0000 (12:38 +0000)]
Move Soup specific code out of WebCoreArgumentCoders.cpp
https://bugs.webkit.org/show_bug.cgi?id=135665

Reviewed by Anders Carlsson.

* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<ResourceRequest>::encode):
(IPC::ArgumentCoder<ResourceRequest>::decode):
(IPC::ArgumentCoder<ResourceError>::encode):
(IPC::ArgumentCoder<ResourceError>::decode):
* Shared/WebCoreArgumentCoders.h:

    Soup is the only client for this code. Move it to *Soup.cpp

* Shared/soup/WebCoreArgumentCodersSoup.cpp:
(IPC::ArgumentCoder<ResourceRequest>::encodePlatformData):
(IPC::ArgumentCoder<ResourceRequest>::decodePlatformData):
(IPC::ArgumentCoder<ResourceError>::encodePlatformData):
(IPC::ArgumentCoder<ResourceError>::decodePlatformData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMove multicol tests into fast/regions/multicol.
commit-queue@webkit.org [Thu, 7 Aug 2014 12:08:51 +0000 (12:08 +0000)]
Move multicol tests into fast/regions/multicol.
https://bugs.webkit.org/show_bug.cgi?id=135693

Patch by Iulia Tamas <tamas@adobe.com> on 2014-08-07
Reviewed by Andrei Bucur.

File Move Patch. Created the fast/regions/multicol folder. Moved the region tests testing multicol
in the fast/regions/multicol folder.

* fast/regions/multicol/multicol-as-region-prevented-expected.html: Renamed from LayoutTests/fast/regions/multicol-as-region-prevented-expected.html.
* fast/regions/multicol/multicol-as-region-prevented.html: Renamed from LayoutTests/fast/regions/multicol-as-region-prevented.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172207 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Test /webkit2/WebKitUserContentManager/injected-script fails
carlosgc@webkit.org [Thu, 7 Aug 2014 10:20:03 +0000 (10:20 +0000)]
[GTK] Test /webkit2/WebKitUserContentManager/injected-script fails
https://bugs.webkit.org/show_bug.cgi?id=135696

Reviewed by Sergio Villar Senin.

Don't assume the JavaScript result is always a valid pointer. In case of JavaScript
exception (that happens when testing the script hasn't been injected) the JavaScript
result is NULL.

* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitUserContentManager.cpp:
(isScriptInjectedForURLAtPath):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172206 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Disable IndexedDB
ossy@webkit.org [Thu, 7 Aug 2014 08:14:26 +0000 (08:14 +0000)]
[GTK] Disable IndexedDB
https://bugs.webkit.org/show_bug.cgi?id=135692

Reviewed by Carlos Garcia Campos.

.:

* Source/cmake/OptionsGTK.cmake:

Tools:

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172205 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: breakpoint resolved state should not depend on all breakpoints being...
burg@cs.washington.edu [Thu, 7 Aug 2014 06:23:14 +0000 (06:23 +0000)]
Web Inspector: breakpoint resolved state should not depend on all breakpoints being enabled
https://bugs.webkit.org/show_bug.cgi?id=135517

Reviewed by Joseph Pecoraro.

Previously, Breakpoint.resolved returned false if all breakpoints were disabled, even if
the breakpoint had an associated SourceCode. This was a weird hack to make it easier to
style breakpoint widgets. This made it hard for other code to deal with resolved
breakpoints that were also disabled, or SourceCodeLocations that resolve and unresolve.
This patch removes that consideration and fixes style update code to manually check if all
breakpoints are being suppressed.

The code now enforces that a Breakpoint must have a SourceCode before it can be resolved.
(As a performance optimization when loading the initial frame tree, we sometimes we give
Breakpoints a SourceCode before the debugger officially says that the breakpoint has been
resolved. Thus, it's possible to be unresolved with a SourceCode, but not vice-versa.)

This patch also adds a few guards where we assumed a SourceCodeLocation had a SourceCode.

* UserInterface/Controllers/DebuggerManager.js:
(WebInspector.DebuggerManager.prototype.set breakpointsEnabled): Remove spurious
ResolvedStateDidChange events.

(WebInspector.DebuggerManager.prototype.breakpointResolved): Set the breakpoint's SourceCode
if it has not been set already by DebuggerManager.associateBreakpointsWithSourceCode.

* UserInterface/Models/Breakpoint.js:
(WebInspector.Breakpoint.prototype.get resolved):
(WebInspector.Breakpoint.prototype.set resolved.isSpecialBreakpoint):
(WebInspector.Breakpoint.prototype.set resolved): Add an assertion.
* UserInterface/Models/SourceCodeLocation.js: Add guards for !SourceCode.
(WebInspector.SourceCodeLocation.prototype.populateLiveDisplayLocationTooltip):
* UserInterface/Views/BreakpointTreeElement.js: Account for DebuggerManager.breakpointsEnabled.
(WebInspector.BreakpointTreeElement):
(WebInspector.BreakpointTreeElement.prototype._updateStatus):
* UserInterface/Views/ProbeSetDetailsSection.js:
(WebInspector.ProbeSetDetailsSection.prototype._updateLinkElement): Loosen the assertion.
* UserInterface/Views/SourceCodeTextEditor.js: Account for DebuggerManager.breakpointsEnabled.
(WebInspector.SourceCodeTextEditor):
(WebInspector.SourceCodeTextEditor.prototype.close):
(WebInspector.SourceCodeTextEditor.prototype._breakpointStatusDidChange):
(WebInspector.SourceCodeTextEditor.prototype._breakpointsEnabledDidChange):
(WebInspector.SourceCodeTextEditor.prototype._updateBreakpointStatus):
* UserInterface/Views/TextEditor.js: Account for DebuggerManager.breakpointsEnabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172204 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: ReplayManager should unpause and suppress breakpoints before capturing...
burg@cs.washington.edu [Thu, 7 Aug 2014 06:14:54 +0000 (06:14 +0000)]
Web Inspector: ReplayManager should unpause and suppress breakpoints before capturing/replaying
https://bugs.webkit.org/show_bug.cgi?id=135608

Reviewed by Timothy Hatcher.

It is jarring when the debugger pauses during capturing or replaying. For now, we should suppress
all breakpoints during capturing or replaying, and restore breakpoint enabled state when
capturing finishes, when replaying finishes, or during temporary replay pauses.

In the future, the debugger will be selectively enabled during playback to seek to specific
breakpoint hits. This is tracked in https://bugs.webkit.org/show_bug.cgi?id=135663.

* UserInterface/Controllers/ReplayManager.js:
(WebInspector.ReplayManager.prototype.startCapturing.result):
(WebInspector.ReplayManager.prototype.replayToPosition.result):
(WebInspector.ReplayManager.prototype.replayToCompletion.result):
(WebInspector.ReplayManager.prototype.captureStopped):
(WebInspector.ReplayManager.prototype.playbackPaused):
(WebInspector.ReplayManager.prototype.playbackFinished):
(WebInspector.ReplayManager.prototype._changeSegmentState):
(WebInspector.ReplayManager.prototype._suppressBreakpointsAndResumeIfNeeded):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172203 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSource/WebCore:
bfulgham@apple.com [Thu, 7 Aug 2014 05:12:00 +0000 (05:12 +0000)]
Source/WebCore:

[Win] Correct build errors when WebGL Disabled
https://bugs.webkit.org/show_bug.cgi?id=135687

Unreviewed build fix.

* WebCore.vcxproj/WebCore.vcxproj: Don't build Cairo files
when building CG.
* platform/graphics/GLContext.cpp: Correct use of 3D_GRAPHICS macro.
* platform/graphics/GraphicsContext3DPrivate.cpp: Ditto.
* platform/graphics/opengl/GLPlatformContext.cpp: Ditto.
* platform/graphics/opengl/GLPlatformSurface.cpp: Ditto.

Source/WebInspectorUI:

[Win] Build fix.

* WebInspectorUI.vcxproj/WebInspectorUI.vcxproj: DebugSuffix target was missing
proper path settings for final output.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172202 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix on non Cocoa port since r172172
ryuan.choi@samsung.com [Thu, 7 Aug 2014 04:19:45 +0000 (04:19 +0000)]
Unreviewed build fix on non Cocoa port since r172172

* platform/text/TextEncodingRegistry.cpp:
(WebCore::defaultTextEncodingNameForSystemLanguage):
* platform/text/TextEncodingRegistry.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172201 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoServices overlay flashes a lot; should have some hysteresis before showing overlay
timothy_horton@apple.com [Thu, 7 Aug 2014 02:58:22 +0000 (02:58 +0000)]
Services overlay flashes a lot; should have some hysteresis before showing overlay
https://bugs.webkit.org/show_bug.cgi?id=135683
<rdar://problem/16878039>

Reviewed by Simon Fraser.

Don't show the highlight until it's been 200ms since the last change
in selection or change in which highlight is hovered, whichever was more recent.

* WebProcess/WebPage/ServicesOverlayController.h:
* WebProcess/WebPage/mac/ServicesOverlayController.mm:
(WebKit::ServicesOverlayController::ServicesOverlayController):
(WebKit::ServicesOverlayController::selectionRectsDidChange):
Keep track of when the selection last changed.

(WebKit::ServicesOverlayController::drawTelephoneNumberHighlightIfVisible):
Make establishHoveredTelephoneHighlight take a bool instead of Boolean.

(WebKit::ServicesOverlayController::mouseIsOverHighlight):
Factor mouseIsOverHighlight out of establishHoveredTelephoneHighlight and drawHighlight.

(WebKit::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
Return the amount of time until the highlight should be shown; this is
the maximum of (the difference between the last selection change and the timeout)
and (the difference between the last change in which highlight is hovered and the timeout).

Telephone number highlights are shown immediately, because they are already stable
by virtue of being expanded to include the entire telephone number.

(WebKit::ServicesOverlayController::repaintHighlightTimerFired):
(WebKit::ServicesOverlayController::drawHighlight):
If the highlight shouldn't be shown yet (because we haven't hit the two timeouts),
schedule a timer to repaint us around when we will hit the timeouts.

(WebKit::ServicesOverlayController::establishHoveredTelephoneHighlight):
(WebKit::ServicesOverlayController::mouseEvent):
Don't allow mouseUp to trigger the menu if we shouldn't be showing the overlay yet.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172200 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS WK2] www.france24.com doesn't always load the page, sections stay white
simon.fraser@apple.com [Thu, 7 Aug 2014 02:43:35 +0000 (02:43 +0000)]
[iOS WK2] france24.com doesn't always load the page, sections stay white
https://bugs.webkit.org/show_bug.cgi?id=135684
<rdar://problem/17931712>

Reviewed by Tim Horton.

It's possible for a UIScrollView for overflow to move between one scrolling tree node
and another. When this happens, we need to avoid unconditionally clearing the delegate
on the node that's being destroyed, because the new node will already have set the
UIScrollView delegate to its own delegate.

* UIProcess/Scrolling/ios/ScrollingTreeOverflowScrollingNodeIOS.mm:
(WebKit::ScrollingTreeOverflowScrollingNodeIOS::~ScrollingTreeOverflowScrollingNodeIOS):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172199 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: adding failed tests to TestExpectations.
mark.lam@apple.com [Thu, 7 Aug 2014 00:59:47 +0000 (00:59 +0000)]
Gardening: adding failed tests to TestExpectations.
<https://webkit.org/b/135681>

Not reviewed.

* TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172198 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] Make document marker assets not specific to particular scale factors
mmaxfield@apple.com [Thu, 7 Aug 2014 00:58:45 +0000 (00:58 +0000)]
[iOS] Make document marker assets not specific to particular scale factors
https://bugs.webkit.org/show_bug.cgi?id=135671

Reviewed by Simon Fraser.

No new tests.

* WebCore.xcodeproj/project.pbxproj:
* platform/ios/wak/WKGraphics.mm:
(imageResourcePath):
(WKGraphicsCreateImageFromBundleWithName):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172197 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: fix for build failure on EFL bots.
mark.lam@apple.com [Thu, 7 Aug 2014 00:48:01 +0000 (00:48 +0000)]
Gardening: fix for build failure on EFL bots.

Not reviewed.

* runtime/EnumerationMode.h:
(JSC::shouldIncludeJSObjectPropertyNames):
(JSC::modeThatSkipsJSObject):
* runtime/JSCell.cpp:
(JSC::JSCell::getEnumerableLength):
* runtime/JSCell.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoServices menu doesn't show up after you defocus/refocus the Safari window.
enrica@apple.com [Thu, 7 Aug 2014 00:45:58 +0000 (00:45 +0000)]
Services menu doesn't show up after you defocus/refocus the Safari window.
https://bugs.webkit.org/show_bug.cgi?id=135678
<rdar://problem/17929247>

Reviewed by Tim Horton.

In setSelection we create a SelectionRectGatherer::Notifier object that will notify
SelectionOverlayController about changes to the selection rects.
Upon creation, the list of selections rects is cleared, since it is populated by
the code that collects the selection rects. That code is never called
when setSelection won't change the selection, which the case when the window is
activated. The fix consists in postponing the SelectionRectGatherer::Notifier object
creation until we know for sure that the selection is indeed going to change.

* rendering/RenderView.cpp:
(WebCore::RenderView::setSelection):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172195 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED is not used anywhere. Remove it.
dino@apple.com [Thu, 7 Aug 2014 00:40:42 +0000 (00:40 +0000)]
ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED is not used anywhere. Remove it.
https://bugs.webkit.org/show_bug.cgi?id=135675

Reviewed by Sam Weinig.

.:

* Source/cmake/OptionsGTK.cmake:
* Source/cmake/OptionsMac.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

* Configurations/FeatureDefines.xcconfig:

Source/WTF:

* wtf/FeatureDefines.h:

Tools:

* Scripts/webkitperl/FeatureList.pm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172194 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoIDB transactions never reset if the Web Process ends before cleaning up
beidson@apple.com [Thu, 7 Aug 2014 00:32:13 +0000 (00:32 +0000)]
IDB transactions never reset if the Web Process ends before cleaning up
https://bugs.webkit.org/show_bug.cgi?id=135218

Source/WebCore:

Reviewed by David Kilzer.

No new tests (Covered by existing tests).

* Modules/indexeddb/IDBServerConnection.h: Add sync versions of reset/rollback.

* Modules/indexeddb/IDBTransactionBackend.cpp:
(WebCore::IDBTransactionBackend::abort): Call the sync versions.

Source/WebKit2:

Reviewed by Darin Adler and David Kilzer.

* DatabaseProcess/DatabaseToWebProcessConnection.cpp:
(WebKit::DatabaseToWebProcessConnection::didReceiveMessage):
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage): Added.
(WebKit::DatabaseToWebProcessConnection::didClose):
* DatabaseProcess/DatabaseToWebProcessConnection.h:

* DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp:
(WebKit::DatabaseProcessIDBConnection::resetTransactionSync): Added
    Wait until the reset is complete before sending the sync reply.
(WebKit::DatabaseProcessIDBConnection::rollbackTransactionSync): Added.
    Ditto.
* DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h:
* DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.messages.in:

Keep track of all in progress transactions and make sure they’re cleaned up
whenever a connection to a WebProcess is broken:
* DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:
(WebKit::UniqueIDBDatabase::unregisterConnection):
(WebKit::UniqueIDBDatabase::didCompleteTransactionOperation):
(WebKit::UniqueIDBDatabase::openBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::resetBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::didEstablishTransaction):
(WebKit::UniqueIDBDatabase::didResetTransaction):
(WebKit::UniqueIDBDatabase::resetAllTransactions):
(WebKit::UniqueIDBDatabase::finalizeRollback):
* DatabaseProcess/IndexedDB/UniqueIDBDatabase.h:

* DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:
(WebKit::UniqueIDBDatabaseBackingStoreSQLite::rollbackTransaction):

Add sync versions of reset/rollback:
* WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp:
(WebKit::WebIDBServerConnection::resetTransactionSync):
(WebKit::WebIDBServerConnection::rollbackTransactionSync):
* WebProcess/Databases/IndexedDB/WebIDBServerConnection.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172193 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoImplement parsing for CSS scroll snap points
commit-queue@webkit.org [Thu, 7 Aug 2014 00:19:40 +0000 (00:19 +0000)]
Implement parsing for CSS scroll snap points
https://bugs.webkit.org/show_bug.cgi?id=134301

Source/JavaScriptCore:

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

* Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

Source/WebCore:

Provided support for parsing -webkit-scroll-snap-* properties, i.e.  type, points-x, points-y, destination, and coordinates.
The exact syntax of the scroll snap CSS properties follow the W3C spec at http://dev.w3.org/csswg/css-snappoints/

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

Tests: css3/scroll-snap/scroll-snap-property-parsing.html,
    css3/scroll-snap/scroll-snap-property-computed-style.html

* CMakeLists.txt: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
* Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP
* WebCore.vcxproj/WebCore.vcxproj: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
* WebCore.vcxproj/WebCore.vcxproj.filters: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp
* WebCore.xcodeproj/project.pbxproj: Added StyleScrollSnapPoints.h, StyleScrollSnapPoints.cpp, LengthRepeat.h
* css/CSSCalculationValue.cpp: Support for LengthRepeat
(WebCore::hasDoubleValue):
* css/CSSComputedStyleDeclaration.cpp: Support for showing computed style for snap point properties.
(WebCore::scrollSnapDestination):
(WebCore::scrollSnapPoints):
(WebCore::scrollSnapCoordinates):
(WebCore::ComputedStyleExtractor::propertyValue):
* css/CSSParser.cpp: Support for parsing snap point properties.
(WebCore::isValidKeywordPropertyAndValue): handle snap point type
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue): Added support for parsing snap points.
(WebCore::CSSParser::parseNonElementSnapPoints): Helper for parsing snap points-x/y.
(WebCore::CSSParser::parseScrollSnapDestination): Helper for parsing snap point destinations.
(WebCore::CSSParser::parseScrollSnapCoordinate): Helper for parsing snap point coordinates.
* css/CSSParser.h: Support for parsing snap point properties.
* css/CSSParserValues.cpp:
(WebCore::CSSParserValue::createCSSValue):
* css/CSSPrimitiveValue.cpp:
(WebCore::isValidCSSUnitTypeForDoubleConversion):
(WebCore::CSSPrimitiveValue::init):
(WebCore::CSSPrimitiveValue::cleanup):
(WebCore::CSSPrimitiveValue::getLengthRepeatValue):
(WebCore::CSSPrimitiveValue::formatNumberForcustomCSSText):
(WebCore::CSSPrimitiveValue::cloneForCSSOM):
(WebCore::CSSPrimitiveValue::equals):
* css/CSSPrimitiveValue.h:
(WebCore::CSSPrimitiveValue::isLengthRepeat):
(WebCore::CSSPrimitiveValue::getLengthRepeatValue):
* css/CSSPrimitiveValueMappings.h: Added converters for snap point type properties.
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator ScrollSnapType):
* css/CSSPropertyNames.in: Added relevant snap point property names.
* css/CSSValueKeywords.in: Added "proximity", "mandatory" and "elements".
* css/LengthRepeat.h: Added to represent values of repeat(<length>)
(WebCore::LengthRepeat::create):
(WebCore::LengthRepeat::cloneForCSSOM):
(WebCore::LengthRepeat::interval):
(WebCore::LengthRepeat::setInterval):
(WebCore::LengthRepeat::equals):
(WebCore::LengthRepeat::cssText):
(WebCore::LengthRepeat::LengthRepeat):
* css/StyleResolver.cpp: Support for handling snap point properties
(WebCore::StyleResolver::applyProperty):Updated switch case to build snap-point-related style data
* rendering/style/RenderStyle.h: Added methods to access and modify snap point data
* rendering/style/RenderStyleConstants.h: Added scroll snap type flags.
* rendering/style/StyleAllInOne.cpp: Added StyleScrollSnapPoints.cpp
* rendering/style/StyleRareNonInheritedData.cpp: Added initiazing for m_scrollSnapPoints, updated equality check
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):
* rendering/style/StyleRareNonInheritedData.h: Added field for StyleScrollSnapPoints
* rendering/style/StyleScrollSnapPoints.cpp: Added. Wrapper for basic snap point data structures.
(WebCore::StyleScrollSnapPoints::StyleScrollSnapPoints):
(WebCore::StyleScrollSnapPoints::copy):
(WebCore::StyleScrollSnapPoints::operator==):
* rendering/style/StyleScrollSnapPoints.h: Added.
(WebCore::StyleScrollSnapPoints::create):
(WebCore::StyleScrollSnapPoints::defaultRepeatOffset): Creates a new Length representing the default repeat value of repeat(100%)
(WebCore::StyleScrollSnapPoints::defaultDestinationOffset): Creates a new Length representing a default destination value (0px)
(WebCore::StyleScrollSnapPoints::operator!=):

Source/WebInspectorUI:

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

* UserInterface/Models/CSSKeywordCompletions.js: Added snap point property keywords, such as mandatory, proximity, elements, and repeat.

Source/WebKit/mac:

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

* Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

Source/WebKit2:

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

* Configurations/FeatureDefines.xcconfig: Added ENABLE_CSS_SCROLL_SNAP

LayoutTests:

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-08-06
Reviewed by Dean Jackson.

Tests that parsing -webkit-scroll-snap-* properties behaves as expected.

* css3/scroll-snap/scroll-snap-property-computed-style-expected.txt: Expected text output of below test.
* css3/scroll-snap/scroll-snap-property-computed-style.html: Tests that scroll snap properties are correctly displayed via getComputedStyle.
* css3/scroll-snap/scroll-snap-property-computed-style.js: Script for above test.
(testComputedScrollSnapRule):
* css3/scroll-snap/scroll-snap-property-parsing-expected.txt: Expected text output of below test.
* css3/scroll-snap/scroll-snap-property-parsing.html: Tests that scroll snap properties are correctly parsed.
* css3/scroll-snap/scroll-snap-property-parsing.js: Script for above test.
(testScrollSnapRule):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172192 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] Subresources referenced in converted QuickLook documents sometimes fail to...
aestes@apple.com [Thu, 7 Aug 2014 00:16:36 +0000 (00:16 +0000)]
[iOS] Subresources referenced in converted QuickLook documents sometimes fail to load
https://bugs.webkit.org/show_bug.cgi?id=135676

Reviewed by David Kilzer.

Source/WebCore:

* loader/DocumentLoader.h:
(WebCore::DocumentLoader::setQuickLookHandle):
(WebCore::DocumentLoader::quickLookHandle):

Source/WebKit2:

QuickLookHandle needs to stay alive in order for its NSURLProtocol to service subresource loads originating
from the converted HTML document. Some of these loads happen dynamically after the main resource finishes
loading, so we cannot tie the lifetime of the QuickLookHandle to that of the main resource's ResourceLoader.
Instead, give ownership of the QuickLookHandle to DocumentLoader.

* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo): Stored the created QuickLookHandle in DocumentLoader.
(WebKit::WebResourceLoader::didReceiveData): Accessed DocumentLoader's QuickLookHandle.
(WebKit::WebResourceLoader::didFinishResourceLoad): Ditto.
(WebKit::WebResourceLoader::didFailResourceLoad): Ditto.
(WebKit::WebResourceLoader::didReceiveResource): Ditto.
* WebProcess/Network/WebResourceLoader.h: Removed m_quickLookHandle.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172191 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: fix for build failure on GTK bots.
mark.lam@apple.com [Thu, 7 Aug 2014 00:15:22 +0000 (00:15 +0000)]
Gardening: fix for build failure on GTK bots.

Not reviewed.

* runtime/FunctionHasExecutedCache.cpp:
- #include <limits.h> for UINT_MAX's definition.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: fix for build failure on EFL bots.
mark.lam@apple.com [Thu, 7 Aug 2014 00:09:14 +0000 (00:09 +0000)]
Gardening: fix for build failure on EFL bots.

Not reviewed.

* jit/JITInlines.h:
(JSC::JIT::emitLoadForArrayMode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: adding missing build file changes from the FTLOPT merge at r172176.
mark.lam@apple.com [Wed, 6 Aug 2014 23:54:30 +0000 (23:54 +0000)]
Gardening: adding missing build file changes from the FTLOPT merge at r172176.

Not reviewed.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172188 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix attempt since r172184
ryuan.choi@samsung.com [Wed, 6 Aug 2014 23:49:15 +0000 (23:49 +0000)]
Unreviewed build fix attempt since r172184

* CMakeLists.txt: Removed TypeLocation.cpp

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172187 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix: Make includes semicolon in assignment.
dfarler@apple.com [Wed, 6 Aug 2014 23:33:55 +0000 (23:33 +0000)]
Unreviewed build fix: Make includes semicolon in assignment.

* Makefile.shared: Remove a ;

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172186 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: adding missing build file changes from r171510.
mark.lam@apple.com [Wed, 6 Aug 2014 23:22:00 +0000 (23:22 +0000)]
Gardening: adding missing build file changes from r171510.
<https://webkit.org/b/134860>

Not reviewed.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: adding missing build file changes from r170490.
mark.lam@apple.com [Wed, 6 Aug 2014 23:11:47 +0000 (23:11 +0000)]
Gardening: adding missing build file changes from r170490.
<https://webkit.org/b/133395>

Not reviewed.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172184 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION (r168119): Album flipping animation doesn’t work
simon.fraser@apple.com [Wed, 6 Aug 2014 23:05:34 +0000 (23:05 +0000)]
REGRESSION (r168119): Album flipping animation doesn’t work
https://bugs.webkit.org/show_bug.cgi?id=132801
Source/WebCore:

<rdar://problem/16878497>, <rdar://problem/17908085>

Reviewed by Dean Jackson.

In r168119 I avoided creating backing store for backface-visibility:hidden unless
some ancestor was 3d-transformed. However, when starting transitions or animations
that apply transforms, we don't do a layout, and therefore don't update the RenderLayer
flags that mark an ancestor as having a transform. This broke various content which
used backface-visibility:hidden for "flip" animations.

Make a low-risk fix that looks for the pattern of CSS properties used for flipping,
making a compositing layer for backface-visibility:hidden if the stacking context element
has transform-style: preserve-3d.

Test: compositing/backing/backface-visibility-flip.html

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::requiresCompositingForBackfaceVisibility):

LayoutTests:

Reviewed by Dean Jackson.

Test that starts a transform animation and dumps layers.

* compositing/backing/backface-visibility-flip-expected.txt: Added.
* compositing/backing/backface-visibility-flip.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172183 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoConsolidate logic for calculating scrollbar page step size
bfulgham@apple.com [Wed, 6 Aug 2014 23:04:05 +0000 (23:04 +0000)]
Consolidate logic for calculating scrollbar page step size
https://bugs.webkit.org/show_bug.cgi?id=135670

Reviewed by Simon Fraser.

Consolidate the calculation of the scroll step size into a single place.
Improve the handling of sub-pixel layout behavior by performing proper
rounding on the fractional scroll ranges.

* editing/EditorCommand.cpp:
(WebCore::verticalScrollDistance): Switch to Scrollbar::pageStep method.
* platform/ScrollAnimator.cpp:
(WebCore::ScrollAnimator::handleWheelEvent): Ditto.
* platform/ScrollView.cpp:
(WebCore::ScrollView::updateScrollbars): Ditto.
* platform/Scrollbar.h:
(WebCore::Scrollbar::pageStep): Added.
(WebCore::Scrollbar::pageStepDelta): Added.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateScrollbarsAfterLayout): Switch to Scrollbar method.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172182 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSilence a debug assertion.
fpizlo@apple.com [Wed, 6 Aug 2014 22:52:08 +0000 (22:52 +0000)]
Silence a debug assertion.

Reviewed by Mark Hahnenberg.

* runtime/JSPropertyNameEnumerator.h:
(JSC::JSPropertyNameEnumerator::cachedStructure):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172181 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Replay: dispatch timing information should be stored out-of-line in a replay...
burg@cs.washington.edu [Wed, 6 Aug 2014 21:53:17 +0000 (21:53 +0000)]
Web Replay: dispatch timing information should be stored out-of-line in a replay segment
https://bugs.webkit.org/show_bug.cgi?id=135295

Reviewed by Timothy Hatcher.

We need to save a timestamp for each event loop input so that replay can
simulate the original user and network delays. Currently that timestamp
is stored on each EventLoopInput instance.

This patch stores timestamp data in a separate vector attached to the segment.
The event loop input class is now immutable, and new auxiliary data can be added
without adding members to the EventLoopInput class.

As part of the refactoring, InputCursors now keep a reference to the relevant
session segment instead of a reference to their input storage. InputCursors can
be created directly, instead of through ReplaySessionSegment.

No new tests. No behavior was changed.

* inspector/InspectorReplayAgent.cpp:
(WebCore::buildInspectorObjectForInput): Don't send the timestamp with the input.
(WebCore::buildInspectorObjectForSegment):
* inspector/protocol/Replay.json: Remove optional timestamp field for ReplayInput.
* replay/CapturingInputCursor.cpp:
(WebCore::CapturingInputCursor::CapturingInputCursor):
(WebCore::CapturingInputCursor::create):
(WebCore::CapturingInputCursor::storeInput): Save event loop input timings here.
* replay/CapturingInputCursor.h:
* replay/EventLoopInput.h:
(WebCore::EventLoopInputBase::EventLoopInputBase): Deleted.
(WebCore::EventLoopInputBase::timestamp): Deleted.
(WebCore::EventLoopInputBase::setTimestamp): Deleted.
* replay/EventLoopInputDispatcher.cpp: Use a struct for dispatch information.
(WebCore::EventLoopInputDispatcher::EventLoopInputDispatcher):
(WebCore::EventLoopInputDispatcher::dispatchInputSoon):
(WebCore::EventLoopInputDispatcher::dispatchInput):
* replay/EventLoopInputDispatcher.h:
* replay/FunctorInputCursor.h:
(WebCore::FunctorInputCursor::forEachInputInQueue):
(WebCore::FunctorInputCursor::FunctorInputCursor):
* replay/ReplayController.cpp:
(WebCore::ReplayController::createSegment):
(WebCore::ReplayController::loadSegmentAtIndex):
(WebCore::ReplayController::unloadSegment): Deleted.
(WebCore::ReplayController::startPlayback): Deleted.
* replay/ReplaySessionSegment.cpp:
(WebCore::ReplaySessionSegment::createCapturingCursor): Deleted.
(WebCore::ReplaySessionSegment::createReplayingCursor): Deleted.
(WebCore::ReplaySessionSegment::createFunctorCursor): Deleted.
* replay/ReplaySessionSegment.h:
(WebCore::ReplaySessionSegment::storage):
(WebCore::ReplaySessionSegment::eventLoopTimings):
* replay/ReplayingInputCursor.cpp:
(WebCore::ReplayingInputCursor::ReplayingInputCursor):
(WebCore::ReplayingInputCursor::create):
(WebCore::ReplayingInputCursor::uncheckedLoadInput):
(WebCore::ReplayingInputCursor::loadEventLoopInput): Added. This method collates
and returns the next event loop input with its associated dispatch information.
* replay/ReplayingInputCursor.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoDocument-relative overlays disappear after doing page-cache navigations
timothy_horton@apple.com [Wed, 6 Aug 2014 21:51:50 +0000 (21:51 +0000)]
Document-relative overlays disappear after doing page-cache navigations
https://bugs.webkit.org/show_bug.cgi?id=135669
<rdar://problem/17929171>

Reviewed by Simon Fraser.

* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::rootLayerAttachmentChanged):
When navigating from one page to another, the document-relative overlay
layer is moved from the layer tree of the RenderLayerCompositor of the
first RenderView to the layer tree of the RenderLayerCompositor of the
new RenderView, upon layer tree construction.
When going "back" via a page cache navigation, we don't rebuild the
layer tree, and just assume that it is in a valid state.
However, the document-relative overlay layer was *moved*, and as such,
needs to be moved back. To do this, reattach the document-relative
overlay layer whenever the root layer attachment of a RenderLayerCompositor
changes, which will happen in the right order when going back to a cached page.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix 32-bit build.
fpizlo@apple.com [Wed, 6 Aug 2014 21:43:16 +0000 (21:43 +0000)]
Fix 32-bit build.

* jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileHasIndexedProperty):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172177 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMerge r171389, r171495, r171508, r171510, r171605, r171606, r171611, r171614, r171763...
fpizlo@apple.com [Wed, 6 Aug 2014 21:32:55 +0000 (21:32 +0000)]
Merge r171389, r171495, r171508, r171510, r171605, r171606, r171611, r171614, r171763 from ftlopt.

Source/JavaScriptCore:

    2014-07-28  Mark Hahnenberg  <mhahnenberg@apple.com>

    Support for-in in the FTL
    https://bugs.webkit.org/show_bug.cgi?id=134140

    Reviewed by Filip Pizlo.

    * dfg/DFGSSALoweringPhase.cpp:
    (JSC::DFG::SSALoweringPhase::handleNode):
    * ftl/FTLAbstractHeapRepository.cpp:
    * ftl/FTLAbstractHeapRepository.h:
    * ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * ftl/FTLIntrinsicRepository.h:
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileNode):
    (JSC::FTL::LowerDFGToLLVM::compileHasIndexedProperty):
    (JSC::FTL::LowerDFGToLLVM::compileHasGenericProperty):
    (JSC::FTL::LowerDFGToLLVM::compileHasStructureProperty):
    (JSC::FTL::LowerDFGToLLVM::compileGetDirectPname):
    (JSC::FTL::LowerDFGToLLVM::compileGetEnumerableLength):
    (JSC::FTL::LowerDFGToLLVM::compileGetStructurePropertyEnumerator):
    (JSC::FTL::LowerDFGToLLVM::compileGetGenericPropertyEnumerator):
    (JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname):
    (JSC::FTL::LowerDFGToLLVM::compileToIndexString):

    2014-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>

    Remove JSPropertyNameIterator
    https://bugs.webkit.org/show_bug.cgi?id=135066

    Reviewed by Geoffrey Garen.

    It has been replaced by JSPropertyNameEnumerator.

    * JavaScriptCore.order:
    * bytecode/BytecodeBasicBlock.cpp:
    (JSC::isBranch):
    * bytecode/BytecodeList.json:
    * bytecode/BytecodeUseDef.h:
    (JSC::computeUsesForBytecodeOffset):
    (JSC::computeDefsForBytecodeOffset):
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    * bytecode/PreciseJumpTargets.cpp:
    (JSC::getJumpTargetsForBytecodeOffset):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitGetPropertyNames): Deleted.
    (JSC::BytecodeGenerator::emitNextPropertyName): Deleted.
    * bytecompiler/BytecodeGenerator.h:
    * interpreter/Interpreter.cpp:
    * interpreter/Register.h:
    * jit/JIT.cpp:
    (JSC::JIT::privateCompileMainPass):
    (JSC::JIT::privateCompileSlowCases):
    * jit/JIT.h:
    * jit/JITOpcodes.cpp:
    (JSC::JIT::emit_op_get_pnames): Deleted.
    (JSC::JIT::emit_op_next_pname): Deleted.
    * jit/JITOpcodes32_64.cpp:
    (JSC::JIT::emit_op_get_pnames): Deleted.
    (JSC::JIT::emit_op_next_pname): Deleted.
    * jit/JITOperations.cpp:
    * jit/JITPropertyAccess.cpp:
    (JSC::JIT::emit_op_get_by_pname): Deleted.
    (JSC::JIT::emitSlow_op_get_by_pname): Deleted.
    * jit/JITPropertyAccess32_64.cpp:
    (JSC::JIT::emit_op_get_by_pname): Deleted.
    (JSC::JIT::emitSlow_op_get_by_pname): Deleted.
    * llint/LLIntOffsetsExtractor.cpp:
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL): Deleted.
    * llint/LLIntSlowPaths.h:
    * llint/LowLevelInterpreter.asm:
    * llint/LowLevelInterpreter32_64.asm:
    * llint/LowLevelInterpreter64.asm:
    * runtime/CommonSlowPaths.cpp:
    * runtime/JSPropertyNameIterator.cpp:
    (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Deleted.
    (JSC::JSPropertyNameIterator::create): Deleted.
    (JSC::JSPropertyNameIterator::destroy): Deleted.
    (JSC::JSPropertyNameIterator::get): Deleted.
    (JSC::JSPropertyNameIterator::visitChildren): Deleted.
    * runtime/JSPropertyNameIterator.h:
    (JSC::JSPropertyNameIterator::createStructure): Deleted.
    (JSC::JSPropertyNameIterator::size): Deleted.
    (JSC::JSPropertyNameIterator::setCachedStructure): Deleted.
    (JSC::JSPropertyNameIterator::cachedStructure): Deleted.
    (JSC::JSPropertyNameIterator::setCachedPrototypeChain): Deleted.
    (JSC::JSPropertyNameIterator::cachedPrototypeChain): Deleted.
    (JSC::JSPropertyNameIterator::finishCreation): Deleted.
    (JSC::Register::propertyNameIterator): Deleted.
    (JSC::StructureRareData::enumerationCache): Deleted.
    (JSC::StructureRareData::setEnumerationCache): Deleted.
    * runtime/Structure.cpp:
    (JSC::Structure::addPropertyWithoutTransition):
    (JSC::Structure::removePropertyWithoutTransition):
    * runtime/Structure.h:
    * runtime/StructureInlines.h:
    (JSC::Structure::setEnumerationCache): Deleted.
    (JSC::Structure::enumerationCache): Deleted.
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::visitChildren):
    * runtime/StructureRareData.h:
    * runtime/VM.cpp:
    (JSC::VM::VM):

    2014-07-25  Saam Barati  <sbarati@apple.com>

    Fix 32-bit build breakage for type profiling
    https://bugs.webkit.org/process_bug.cgi

    Reviewed by Mark Hahnenberg.

    32-bit builds currently break because global variable IDs for high
    fidelity type profiling are int64_t. Change this to intptr_t so that
    it's 32 bits on 32-bit platforms and 64 bits on 64-bit platforms.

    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::scopeDependentProfile):
    * bytecode/TypeLocation.h:
    * runtime/SymbolTable.cpp:
    (JSC::SymbolTable::uniqueIDForVariable):
    (JSC::SymbolTable::uniqueIDForRegister):
    * runtime/SymbolTable.h:
    * runtime/TypeLocationCache.cpp:
    (JSC::TypeLocationCache::getTypeLocation):
    * runtime/TypeLocationCache.h:
    * runtime/VM.h:
    (JSC::VM::getNextUniqueVariableID):

    2014-07-25  Mark Hahnenberg  <mhahnenberg@apple.com>

    Reindent PropertyNameArray.h
    https://bugs.webkit.org/show_bug.cgi?id=135067

    Reviewed by Geoffrey Garen.

    * runtime/PropertyNameArray.h:
    (JSC::RefCountedIdentifierSet::contains):
    (JSC::RefCountedIdentifierSet::size):
    (JSC::RefCountedIdentifierSet::add):
    (JSC::PropertyNameArrayData::create):
    (JSC::PropertyNameArrayData::propertyNameVector):
    (JSC::PropertyNameArrayData::PropertyNameArrayData):
    (JSC::PropertyNameArray::PropertyNameArray):
    (JSC::PropertyNameArray::vm):
    (JSC::PropertyNameArray::add):
    (JSC::PropertyNameArray::addKnownUnique):
    (JSC::PropertyNameArray::operator[]):
    (JSC::PropertyNameArray::setData):
    (JSC::PropertyNameArray::data):
    (JSC::PropertyNameArray::releaseData):
    (JSC::PropertyNameArray::identifierSet):
    (JSC::PropertyNameArray::canAddKnownUniqueForStructure):
    (JSC::PropertyNameArray::size):
    (JSC::PropertyNameArray::begin):
    (JSC::PropertyNameArray::end):
    (JSC::PropertyNameArray::numCacheableSlots):
    (JSC::PropertyNameArray::setNumCacheableSlotsForObject):
    (JSC::PropertyNameArray::setBaseObject):
    (JSC::PropertyNameArray::setPreviouslyEnumeratedLength):

    2014-07-23  Mark Hahnenberg  <mhahnenberg@apple.com>

    Refactor our current implementation of for-in
    https://bugs.webkit.org/show_bug.cgi?id=134142

    Reviewed by Filip Pizlo.

    This patch splits for-in loops into three distinct parts:

    - Iterating over the indexed properties in the base object.
    - Iterating over the Structure properties in the base object.
    - Iterating over any other enumerable properties for that object and any objects in the prototype chain.

    It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
    support the various operations required for each loop.

    * API/JSCallbackObjectFunctions.h:
    (JSC::JSCallbackObject<Parent>::getOwnNonIndexPropertyNames):
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/BytecodeList.json:
    * bytecode/BytecodeUseDef.h:
    (JSC::computeUsesForBytecodeOffset):
    (JSC::computeDefsForBytecodeOffset):
    * bytecode/CallLinkStatus.h:
    (JSC::CallLinkStatus::CallLinkStatus):
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::CodeBlock):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitGetByVal):
    (JSC::BytecodeGenerator::emitComplexPopScopes):
    (JSC::BytecodeGenerator::emitGetEnumerableLength):
    (JSC::BytecodeGenerator::emitHasGenericProperty):
    (JSC::BytecodeGenerator::emitHasIndexedProperty):
    (JSC::BytecodeGenerator::emitHasStructureProperty):
    (JSC::BytecodeGenerator::emitGetStructurePropertyEnumerator):
    (JSC::BytecodeGenerator::emitGetGenericPropertyEnumerator):
    (JSC::BytecodeGenerator::emitNextEnumeratorPropertyName):
    (JSC::BytecodeGenerator::emitToIndexString):
    (JSC::BytecodeGenerator::pushIndexedForInScope):
    (JSC::BytecodeGenerator::popIndexedForInScope):
    (JSC::BytecodeGenerator::pushStructureForInScope):
    (JSC::BytecodeGenerator::popStructureForInScope):
    (JSC::BytecodeGenerator::invalidateForInContextForLocal):
    * bytecompiler/BytecodeGenerator.h:
    (JSC::ForInContext::ForInContext):
    (JSC::ForInContext::~ForInContext):
    (JSC::ForInContext::isValid):
    (JSC::ForInContext::invalidate):
    (JSC::ForInContext::local):
    (JSC::StructureForInContext::StructureForInContext):
    (JSC::StructureForInContext::type):
    (JSC::StructureForInContext::index):
    (JSC::StructureForInContext::property):
    (JSC::StructureForInContext::enumerator):
    (JSC::IndexedForInContext::IndexedForInContext):
    (JSC::IndexedForInContext::type):
    (JSC::IndexedForInContext::index):
    (JSC::BytecodeGenerator::pushOptimisedForIn): Deleted.
    (JSC::BytecodeGenerator::popOptimisedForIn): Deleted.
    * bytecompiler/NodesCodegen.cpp:
    (JSC::ReadModifyResolveNode::emitBytecode):
    (JSC::AssignResolveNode::emitBytecode):
    (JSC::ForInNode::tryGetBoundLocal):
    (JSC::ForInNode::emitLoopHeader):
    (JSC::ForInNode::emitMultiLoopBytecode):
    (JSC::ForInNode::emitBytecode):
    * debugger/DebuggerScope.h:
    * dfg/DFGAbstractHeap.h:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGCapabilities.cpp:
    (JSC::DFG::capabilityLevel):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGDoesGC.cpp:
    (JSC::DFG::doesGC):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGHeapLocation.cpp:
    (WTF::printInternal):
    * dfg/DFGHeapLocation.h:
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasHeapPrediction):
    (JSC::DFG::Node::hasArrayMode):
    * dfg/DFGNodeType.h:
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT.h:
    (JSC::DFG::SpeculativeJIT::callOperation):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * jit/JIT.cpp:
    (JSC::JIT::privateCompileMainPass):
    (JSC::JIT::privateCompileSlowCases):
    * jit/JIT.h:
    (JSC::JIT::compileHasIndexedProperty):
    (JSC::JIT::emitInt32Load):
    * jit/JITInlines.h:
    (JSC::JIT::emitDoubleGetByVal):
    (JSC::JIT::emitLoadForArrayMode):
    (JSC::JIT::emitContiguousGetByVal):
    (JSC::JIT::emitArrayStorageGetByVal):
    * jit/JITOpcodes.cpp:
    (JSC::JIT::emit_op_get_enumerable_length):
    (JSC::JIT::emit_op_has_structure_property):
    (JSC::JIT::emitSlow_op_has_structure_property):
    (JSC::JIT::emit_op_has_generic_property):
    (JSC::JIT::privateCompileHasIndexedProperty):
    (JSC::JIT::emit_op_has_indexed_property):
    (JSC::JIT::emitSlow_op_has_indexed_property):
    (JSC::JIT::emit_op_get_direct_pname):
    (JSC::JIT::emitSlow_op_get_direct_pname):
    (JSC::JIT::emit_op_get_structure_property_enumerator):
    (JSC::JIT::emit_op_get_generic_property_enumerator):
    (JSC::JIT::emit_op_next_enumerator_pname):
    (JSC::JIT::emit_op_to_index_string):
    * jit/JITOpcodes32_64.cpp:
    (JSC::JIT::emit_op_get_enumerable_length):
    (JSC::JIT::emit_op_has_structure_property):
    (JSC::JIT::emitSlow_op_has_structure_property):
    (JSC::JIT::emit_op_has_generic_property):
    (JSC::JIT::privateCompileHasIndexedProperty):
    (JSC::JIT::emit_op_has_indexed_property):
    (JSC::JIT::emitSlow_op_has_indexed_property):
    (JSC::JIT::emit_op_get_direct_pname):
    (JSC::JIT::emitSlow_op_get_direct_pname):
    (JSC::JIT::emit_op_get_structure_property_enumerator):
    (JSC::JIT::emit_op_get_generic_property_enumerator):
    (JSC::JIT::emit_op_next_enumerator_pname):
    (JSC::JIT::emit_op_to_index_string):
    * jit/JITOperations.cpp:
    * jit/JITOperations.h:
    * jit/JITPropertyAccess.cpp:
    (JSC::JIT::emitDoubleLoad):
    (JSC::JIT::emitContiguousLoad):
    (JSC::JIT::emitArrayStorageLoad):
    (JSC::JIT::emitDoubleGetByVal): Deleted.
    (JSC::JIT::emitContiguousGetByVal): Deleted.
    (JSC::JIT::emitArrayStorageGetByVal): Deleted.
    * jit/JITPropertyAccess32_64.cpp:
    (JSC::JIT::emitContiguousLoad):
    (JSC::JIT::emitDoubleLoad):
    (JSC::JIT::emitArrayStorageLoad):
    (JSC::JIT::emitContiguousGetByVal): Deleted.
    (JSC::JIT::emitDoubleGetByVal): Deleted.
    (JSC::JIT::emitArrayStorageGetByVal): Deleted.
    * llint/LowLevelInterpreter.asm:
    * parser/Nodes.h:
    * runtime/Arguments.cpp:
    (JSC::Arguments::getOwnPropertyNames):
    * runtime/ClassInfo.h:
    * runtime/CommonSlowPaths.cpp:
    (JSC::SLOW_PATH_DECL):
    * runtime/CommonSlowPaths.h:
    * runtime/EnumerationMode.h: Added.
    (JSC::shouldIncludeDontEnumProperties):
    (JSC::shouldExcludeDontEnumProperties):
    (JSC::shouldIncludeJSObjectPropertyNames):
    (JSC::modeThatSkipsJSObject):
    * runtime/JSActivation.cpp:
    (JSC::JSActivation::getOwnNonIndexPropertyNames):
    * runtime/JSArray.cpp:
    (JSC::JSArray::getOwnNonIndexPropertyNames):
    * runtime/JSArrayBuffer.cpp:
    (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
    * runtime/JSArrayBufferView.cpp:
    (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
    * runtime/JSCell.cpp:
    (JSC::JSCell::getEnumerableLength):
    (JSC::JSCell::getStructurePropertyNames):
    (JSC::JSCell::getGenericPropertyNames):
    * runtime/JSCell.h:
    * runtime/JSFunction.cpp:
    (JSC::JSFunction::getOwnNonIndexPropertyNames):
    * runtime/JSGenericTypedArrayViewInlines.h:
    (JSC::JSGenericTypedArrayView<Adaptor>::getOwnNonIndexPropertyNames):
    * runtime/JSObject.cpp:
    (JSC::getClassPropertyNames):
    (JSC::JSObject::hasOwnProperty):
    (JSC::JSObject::getOwnPropertyNames):
    (JSC::JSObject::getOwnNonIndexPropertyNames):
    (JSC::JSObject::getEnumerableLength):
    (JSC::JSObject::getStructurePropertyNames):
    (JSC::JSObject::getGenericPropertyNames):
    * runtime/JSObject.h:
    * runtime/JSPropertyNameEnumerator.cpp: Added.
    (JSC::JSPropertyNameEnumerator::create):
    (JSC::JSPropertyNameEnumerator::JSPropertyNameEnumerator):
    (JSC::JSPropertyNameEnumerator::finishCreation):
    (JSC::JSPropertyNameEnumerator::destroy):
    (JSC::JSPropertyNameEnumerator::visitChildren):
    * runtime/JSPropertyNameEnumerator.h: Added.
    (JSC::JSPropertyNameEnumerator::createStructure):
    (JSC::JSPropertyNameEnumerator::propertyNameAtIndex):
    (JSC::JSPropertyNameEnumerator::identifierSet):
    (JSC::JSPropertyNameEnumerator::cachedPrototypeChain):
    (JSC::JSPropertyNameEnumerator::setCachedPrototypeChain):
    (JSC::JSPropertyNameEnumerator::cachedStructure):
    (JSC::JSPropertyNameEnumerator::cachedStructureID):
    (JSC::JSPropertyNameEnumerator::cachedInlineCapacity):
    (JSC::JSPropertyNameEnumerator::cachedStructureIDOffset):
    (JSC::JSPropertyNameEnumerator::cachedInlineCapacityOffset):
    (JSC::JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset):
    (JSC::JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset):
    (JSC::structurePropertyNameEnumerator):
    (JSC::genericPropertyNameEnumerator):
    * runtime/JSProxy.cpp:
    (JSC::JSProxy::getEnumerableLength):
    (JSC::JSProxy::getStructurePropertyNames):
    (JSC::JSProxy::getGenericPropertyNames):
    * runtime/JSProxy.h:
    * runtime/JSSymbolTableObject.cpp:
    (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
    * runtime/PropertyNameArray.cpp:
    (JSC::PropertyNameArray::add):
    (JSC::PropertyNameArray::setPreviouslyEnumeratedProperties):
    * runtime/PropertyNameArray.h:
    (JSC::RefCountedIdentifierSet::contains):
    (JSC::RefCountedIdentifierSet::size):
    (JSC::RefCountedIdentifierSet::add):
    (JSC::PropertyNameArray::PropertyNameArray):
    (JSC::PropertyNameArray::add):
    (JSC::PropertyNameArray::addKnownUnique):
    (JSC::PropertyNameArray::identifierSet):
    (JSC::PropertyNameArray::canAddKnownUniqueForStructure):
    (JSC::PropertyNameArray::setPreviouslyEnumeratedLength):
    * runtime/RegExpObject.cpp:
    (JSC::RegExpObject::getOwnNonIndexPropertyNames):
    (JSC::RegExpObject::getPropertyNames):
    (JSC::RegExpObject::getGenericPropertyNames):
    * runtime/RegExpObject.h:
    * runtime/StringObject.cpp:
    (JSC::StringObject::getOwnPropertyNames):
    * runtime/Structure.cpp:
    (JSC::Structure::getPropertyNamesFromStructure):
    (JSC::Structure::setCachedStructurePropertyNameEnumerator):
    (JSC::Structure::cachedStructurePropertyNameEnumerator):
    (JSC::Structure::setCachedGenericPropertyNameEnumerator):
    (JSC::Structure::cachedGenericPropertyNameEnumerator):
    (JSC::Structure::canCacheStructurePropertyNameEnumerator):
    (JSC::Structure::canCacheGenericPropertyNameEnumerator):
    (JSC::Structure::canAccessPropertiesQuickly):
    * runtime/Structure.h:
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::visitChildren):
    (JSC::StructureRareData::cachedStructurePropertyNameEnumerator):
    (JSC::StructureRareData::setCachedStructurePropertyNameEnumerator):
    (JSC::StructureRareData::cachedGenericPropertyNameEnumerator):
    (JSC::StructureRareData::setCachedGenericPropertyNameEnumerator):
    * runtime/StructureRareData.h:
    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-07-23  Saam Barati  <sbarati@apple.com>

    Make improvements to Type Profiling
    https://bugs.webkit.org/show_bug.cgi?id=134860

    Reviewed by Filip Pizlo.

    I improved the API between the inspector and JSC. We no longer send one huge
    string to the inspector. We now send structured data that represents the type
    information that JSC has collected. I've also created a beginning implementation
    of a type lattice that allows us to resolve a display name for a type that
    consists of a single word.

    I created a data structure that knows which functions have executed. This
    solves the bug where types inside an un-executed function will resolve
    to the type of the enclosing expression of that function. This data
    structure may also be useful later if the inspector chooses to create a UI
    around showing which functions have executed.

    Better type information is gathered for objects. StructureShape now
    represents an object's prototype chain.  StructureShape also collects
    the constructor name for an object.

    Expression ranges are now zero indexed.

    Removed some extraneous methods.

    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::scopeDependentProfile):
    * bytecode/CodeBlock.h:
    * bytecode/TypeLocation.h:
    (JSC::TypeLocation::TypeLocation):
    * bytecode/UnlinkedCodeBlock.cpp:
    (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
    * bytecode/UnlinkedCodeBlock.h:
    (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset):
    (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::BytecodeGenerator):
    (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):
    * bytecompiler/BytecodeGenerator.h:
    (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.
    * heap/Heap.cpp:
    (JSC::Heap::collect):
    * inspector/agents/InspectorRuntimeAgent.cpp:
    (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
    (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset): Deleted.
    * inspector/agents/InspectorRuntimeAgent.h:
    * inspector/protocol/Runtime.json:
    * runtime/Executable.cpp:
    (JSC::ScriptExecutable::ScriptExecutable):
    (JSC::ProgramExecutable::ProgramExecutable):
    (JSC::FunctionExecutable::FunctionExecutable):
    (JSC::ProgramExecutable::initializeGlobalProperties):
    * runtime/Executable.h:
    (JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset):
    (JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset):
    * runtime/FunctionHasExecutedCache.cpp: Added.
    (JSC::FunctionHasExecutedCache::hasExecutedAtOffset):
    (JSC::FunctionHasExecutedCache::insertUnexecutedRange):
    (JSC::FunctionHasExecutedCache::removeUnexecutedRange):
    * runtime/FunctionHasExecutedCache.h: Added.
    (JSC::FunctionHasExecutedCache::FunctionRange::FunctionRange):
    (JSC::FunctionHasExecutedCache::FunctionRange::operator==):
    (JSC::FunctionHasExecutedCache::FunctionRange::hash):
    * runtime/HighFidelityLog.cpp:
    (JSC::HighFidelityLog::processHighFidelityLog):
    (JSC::HighFidelityLog::actuallyProcessLogThreadFunction): Deleted.
    * runtime/HighFidelityLog.h:
    (JSC::HighFidelityLog::recordTypeInformationForLocation):
    * runtime/HighFidelityTypeProfiler.cpp:
    (JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
    (JSC::HighFidelityTypeProfiler::insertNewLocation):
    (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
    (JSC::descriptorMatchesTypeLocation):
    (JSC::HighFidelityTypeProfiler::findLocation):
    (JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset): Deleted.
    (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset): Deleted.
    (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset): Deleted.
    * runtime/HighFidelityTypeProfiler.h:
    (JSC::QueryKey::QueryKey):
    (JSC::QueryKey::isHashTableDeletedValue):
    (JSC::QueryKey::operator==):
    (JSC::QueryKey::hash):
    (JSC::QueryKeyHash::hash):
    (JSC::QueryKeyHash::equal):
    (JSC::HighFidelityTypeProfiler::functionHasExecutedCache):
    (JSC::HighFidelityTypeProfiler::typeLocationCache):
    * runtime/Structure.cpp:
    (JSC::Structure::toStructureShape):
    * runtime/Structure.h:
    * runtime/TypeLocationCache.cpp: Added.
    (JSC::TypeLocationCache::getTypeLocation):
    * runtime/TypeLocationCache.h: Added.
    (JSC::TypeLocationCache::LocationKey::LocationKey):
    (JSC::TypeLocationCache::LocationKey::operator==):
    (JSC::TypeLocationCache::LocationKey::hash):
    * runtime/TypeSet.cpp:
    (JSC::TypeSet::getRuntimeTypeForValue):
    (JSC::TypeSet::addTypeForValue):
    (JSC::TypeSet::seenTypes):
    (JSC::TypeSet::doesTypeConformTo):
    (JSC::TypeSet::displayName):
    (JSC::TypeSet::allPrimitiveTypeNames):
    (JSC::TypeSet::allStructureRepresentations):
    (JSC::TypeSet::leastCommonAncestor):
    (JSC::StructureShape::StructureShape):
    (JSC::StructureShape::addProperty):
    (JSC::StructureShape::propertyHash):
    (JSC::StructureShape::leastCommonAncestor):
    (JSC::StructureShape::stringRepresentation):
    (JSC::StructureShape::inspectorRepresentation):
    (JSC::StructureShape::leastUpperBound): Deleted.
    * runtime/TypeSet.h:
    (JSC::StructureShape::setConstructorName):
    (JSC::StructureShape::constructorName):
    (JSC::StructureShape::setProto):
    * runtime/VM.cpp:
    (JSC::VM::dumpHighFidelityProfilingTypes):
    (JSC::VM::getTypesForVariableAtOffset): Deleted.
    (JSC::VM::updateHighFidelityTypeProfileState): Deleted.
    * runtime/VM.h:
    (JSC::VM::isProfilingTypesWithHighFidelity):
    (JSC::VM::highFidelityTypeProfiler):

    2014-07-23  Filip Pizlo  <fpizlo@apple.com>

    Fix debug build.

    * bytecode/CallLinkStatus.h:
    (JSC::CallLinkStatus::CallLinkStatus):

    2014-07-20  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Phantoms in SSA form should be aggressively hoisted
    https://bugs.webkit.org/show_bug.cgi?id=135111

    Reviewed by Oliver Hunt.

    In CPS form, Phantom means three things: (1) that the children should be kept alive so long
    as they are relevant to OSR (due to a MovHint), (2) that the children are live-in-bytecode
    at the point of the Phantom, and (3) that some checks should be performed. In SSA, the
    second meaning is not used but the other two stay.

    The fact that a Phantom that is used to keep a node alive could be anywhere in the graph,
    even in a totally different basic block, complicates some SSA transformations. It's not
    possible to just jettison some successor, since tha successor could have a Phantom that we
    care about.

    This change rationalizes how Phantoms work so that:

    1) Phantoms keep children alive so long as those children are relevant to OSR. This is true
       in both CPS and SSA. This was true before and it's true now.

    2) Phantoms are used for live-in-bytecode only in CPS. This was true before and it's true
       now, except that now we also don't bother preserving the live-in-bytecode information
       that Phantoms convey, when we are in SSA.

    3) Phantoms may incidentally have checks, but in cases where we only want checks, we now
       use Check instead of Phantom. Notably, DCE phase has dead nodes decay to Check, not
       Phantom.

    The biggest part of this change is that in SSA, we canonicalize Phantoms:

    - All Phantoms are replaced with Check nodes that include only those edges that have
      checks.

    - Nodes that were the children of any Phantoms have a Phantom right after them.

    For example, the following code:

        5: ArithAdd(@1, @2)
        6: ArithSub(@5, @3)
        7: Phantom(Int32:@5)

    would be turned into the following:

        5: ArithAdd(@1, @2)
        8: Phantom(@5) // @5 was the child of a Phantom, so we create a new Phantom right after
                       // @5. This is the only Phantom we will have for @5.
        6: ArithSub(@5, @3)
        7: Check(Int32:@5) // We replace the Phantom with a Check; in this case since Int32: is
                           // a checking edge, we leave it.

    This is a slight speed-up across the board, presumably because we now do a better job of
    reducing the size of the graph during compilation. It could also be a fluke, though. The
    main purpose of this is to unlock some other work (like CFG simplification in SSA). It will
    become a requirement to run phantom canonicalization prior to some SSA phases. None of the
    current phases need it, but future phases probably will.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::foldConstants):
    * dfg/DFGDCEPhase.cpp:
    (JSC::DFG::DCEPhase::run):
    (JSC::DFG::DCEPhase::findTypeCheckRoot):
    (JSC::DFG::DCEPhase::countEdge):
    (JSC::DFG::DCEPhase::fixupBlock):
    (JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
    * dfg/DFGEdge.cpp:
    (JSC::DFG::Edge::dump):
    * dfg/DFGEdge.h:
    (JSC::DFG::Edge::isProved):
    (JSC::DFG::Edge::needsCheck): Deleted.
    * dfg/DFGNodeFlags.h:
    * dfg/DFGPhantomCanonicalizationPhase.cpp: Added.
    (JSC::DFG::PhantomCanonicalizationPhase::PhantomCanonicalizationPhase):
    (JSC::DFG::PhantomCanonicalizationPhase::run):
    (JSC::DFG::performPhantomCanonicalization):
    * dfg/DFGPhantomCanonicalizationPhase.h: Added.
    * dfg/DFGPhantomRemovalPhase.cpp:
    (JSC::DFG::PhantomRemovalPhase::run):
    * dfg/DFGPhantomRemovalPhase.h:
    * dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::compileInThreadImpl):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::lowJSValue):
    (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):

    2014-07-22  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Get rid of structure checks as a way of checking if a function is in fact a function
    https://bugs.webkit.org/show_bug.cgi?id=135146

    Reviewed by Oliver Hunt.

    This greatly simplifies our closure call optimizations by taking advantage of the type
    bits available in the cell header.

    * bytecode/CallLinkInfo.cpp:
    (JSC::CallLinkInfo::visitWeak):
    * bytecode/CallLinkStatus.cpp:
    (JSC::CallLinkStatus::CallLinkStatus):
    (JSC::CallLinkStatus::computeFor):
    (JSC::CallLinkStatus::dump):
    * bytecode/CallLinkStatus.h:
    (JSC::CallLinkStatus::CallLinkStatus):
    (JSC::CallLinkStatus::executable):
    (JSC::CallLinkStatus::structure): Deleted.
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::emitFunctionChecks):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    (JSC::DFG::FixupPhase::observeUseKindOnNode):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::SafeToExecuteEdge::operator()):
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::checkArray):
    (JSC::DFG::SpeculativeJIT::speculateCellTypeWithoutTypeFiltering):
    (JSC::DFG::SpeculativeJIT::speculateCellType):
    (JSC::DFG::SpeculativeJIT::speculateFunction):
    (JSC::DFG::SpeculativeJIT::speculateFinalObject):
    (JSC::DFG::SpeculativeJIT::speculate):
    * dfg/DFGSpeculativeJIT.h:
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGUseKind.cpp:
    (WTF::printInternal):
    * dfg/DFGUseKind.h:
    (JSC::DFG::typeFilterFor):
    (JSC::DFG::isCell):
    * ftl/FTLCapabilities.cpp:
    (JSC::FTL::canCompile):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable):
    (JSC::FTL::LowerDFGToLLVM::speculate):
    (JSC::FTL::LowerDFGToLLVM::isFunction):
    (JSC::FTL::LowerDFGToLLVM::isNotFunction):
    (JSC::FTL::LowerDFGToLLVM::speculateFunction):
    * jit/ClosureCallStubRoutine.cpp:
    (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
    (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
    * jit/ClosureCallStubRoutine.h:
    (JSC::ClosureCallStubRoutine::structure): Deleted.
    * jit/JIT.h:
    (JSC::JIT::compileClosureCall): Deleted.
    * jit/JITCall.cpp:
    (JSC::JIT::privateCompileClosureCall): Deleted.
    * jit/JITCall32_64.cpp:
    (JSC::JIT::privateCompileClosureCall): Deleted.
    * jit/JITOperations.cpp:
    * jit/Repatch.cpp:
    (JSC::linkClosureCall):
    * jit/Repatch.h:

Source/WebCore:

    2014-08-06  Mark Hahnenberg  <mhahnenberg@apple.com>

    Refactor our current implementation of for-in
    https://bugs.webkit.org/show_bug.cgi?id=134142

    Reviewed by Filip Pizlo.

    No new tests.

    This patch splits for-in loops into three distinct parts:

    - Iterating over the indexed properties in the base object.
    - Iterating over the Structure properties in the base object.
    - Iterating over any other enumerable properties for that object and any objects in the prototype chain.

    It does this by emitting these explicit loops in bytecode, using a new set of bytecodes to
    support the various operations required for each loop.

    * bindings/js/JSDOMWindowCustom.cpp:
    (WebCore::JSDOMWindow::getEnumerableLength):
    (WebCore::JSDOMWindow::getStructurePropertyNames):
    (WebCore::JSDOMWindow::getGenericPropertyNames):
    * bindings/scripts/CodeGeneratorJS.pm:
    (GenerateHeader):
    * bridge/runtime_array.cpp:
    (JSC::RuntimeArray::getOwnPropertyNames):

Source/WebKit2:

    2014-08-06  Mark Hahnenberg  <mhahnenberg@apple.com>

    Refactor our current implementation of for-in
    https://bugs.webkit.org/show_bug.cgi?id=134142

    Reviewed by Filip Pizlo.

    * WebProcess/Plugins/Netscape/JSNPObject.cpp:
    (WebKit::JSNPObject::invalidate): Fixed an invalid ASSERT that was crashing in debug builds.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoSet DSYMUTIL_NUM_THREADS to the number of logical cores
dfarler@apple.com [Wed, 6 Aug 2014 20:38:15 +0000 (20:38 +0000)]
Set DSYMUTIL_NUM_THREADS to the number of logical cores
https://bugs.webkit.org/show_bug.cgi?id=135655

Reviewed by Mark Rowe.

.:

* Makefile.shared: Export DSYMUTIL_NUM_THREADS.

Tools:

* Scripts/webkitdirs.pm:
(buildXCodeProject): Set before calling xcodebuild.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172174 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION (WebKit2): iOS Safari default encoding doesn't follow system language
ap@apple.com [Wed, 6 Aug 2014 20:25:00 +0000 (20:25 +0000)]
REGRESSION (WebKit2): iOS Safari default encoding doesn't follow system language
https://bugs.webkit.org/show_bug.cgi?id=135667
<rdar://problem/17862892>

Reviewed by Anders Carlsson.

Source/WebCore:
Moved a function that computes default encoding from WebKit to WebCore, so that
it could be shared with WebKit2.

* WebCore.exp.in:
* platform/ios/WebCoreSystemInterfaceIOS.mm:
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:
* platform/text/TextEncodingRegistry.cpp:
(WebCore::defaultTextEncodingNameForSystemLanguage):
* platform/text/TextEncodingRegistry.h:

Source/WebKit/mac:
* WebView/WebPreferences.mm: (+[WebPreferences _setInitialDefaultTextEncodingToSystemEncoding]):
Moved implementation to WebCore, so that it can be shared with WebKit2.

* WebCoreSupport/WebSystemInterface.mm: (InitWebCoreSystemInterface):
We now use WKGetWebDefaultCFStringEncoding in WebCore, so it needs to be initialized.

Source/WebKit2:
* Shared/WebPreferencesDefinitions.h: Compute the actual proper default, don't
hardcode it to ISO-8859-1 hoping that someone else will correct it later.

* Shared/WebPreferencesStore.cpp: Added an include for WebPreferencesDefinitions.h
macro expansion to compile.

* UIProcess/WebPreferences.cpp: (WebKit::WebPreferences::createWithLegacyDefaults):
Added a FIXME.

* WebProcess/WebCoreSupport/mac/WebSystemInterface.mm: (InitWebCoreSystemInterface):
We now use WKGetWebDefaultCFStringEncoding in WebCore, so it needs to be initialized.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172172 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoHashTable based classes leak a lot
benjamin@webkit.org [Wed, 6 Aug 2014 20:12:14 +0000 (20:12 +0000)]
HashTable based classes leak a lot
https://bugs.webkit.org/show_bug.cgi?id=135638

Reviewed by Darin Adler.

* wtf/HashTable.h:
The operator= taking a rvalue reference was never freeing the memory allocated
for the table of the left hand side object.

This patch fixes the leaks by doing an alloc+swap with a new object.
The object temp gets the reference to m_table, and destroys it in the regular destructor
when going out of scope.

Kudos to Pratik Solanki for finding the leaks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172167 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoRemove unused RenderBox::reflectionBox().
akling@apple.com [Wed, 6 Aug 2014 19:21:15 +0000 (19:21 +0000)]
Remove unused RenderBox::reflectionBox().
<https://webkit.org/b/135661>

Reviewed by Antti Koivisto.

* rendering/RenderBox.cpp:
(WebCore::RenderBox::reflectionBox): Deleted.
* rendering/RenderBox.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172165 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Win] Build error when OFFICIAL_BUILD != 1.
commit-queue@webkit.org [Wed, 6 Aug 2014 18:48:55 +0000 (18:48 +0000)]
[Win] Build error when OFFICIAL_BUILD != 1.
https://bugs.webkit.org/show_bug.cgi?id=135613

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-08-06
Reviewed by Alex Christensen.

Added python installation as a required step before building on Windows.

* building/tools.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172163 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION(r172094): tests fail because Inspector test harness does not include UIString
burg@cs.washington.edu [Wed, 6 Aug 2014 18:32:38 +0000 (18:32 +0000)]
REGRESSION(r172094): tests fail because Inspector test harness does not include UIString
https://bugs.webkit.org/show_bug.cgi?id=135658

Reviewed by Joseph Pecoraro.

* UserInterface/Base/Test.js:
(WebInspector.contentLoaded): Fix brace placement.
(WebInspector.UIString): Added. This is the identity function during testing.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172162 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: convert ReplayManager to a promise-based API
burg@cs.washington.edu [Wed, 6 Aug 2014 18:30:01 +0000 (18:30 +0000)]
Web Inspector: convert ReplayManager to a promise-based API
https://bugs.webkit.org/show_bug.cgi?id=135249

Reviewed by Timothy Hatcher.

Source/WebCore:

Fix some assertions to match ReplayController's preconditions.

* inspector/InspectorReplayAgent.cpp:
(WebCore::InspectorReplayAgent::replayToPosition):
(WebCore::InspectorReplayAgent::replayToCompletion):

Source/WebInspectorUI:

Convert replay commands to an asynchronous, promise-based API. This addresses
two problems with a synchronous replay API: clients can only use the synchronous
API if session and segment state are exactly correct, and trying to change state
to match this requirement requires chaining multiple commands and events.

The asynchronous API allows clients to issue replay commands with impunity,
as long as they can be unambiguously handled. For example, issuing
pausePlayback() while capturing is not allowed, but issuing startCapturing()
while replaying is allowed. The API also hides implementation details that
are not important, such as steps to unpause or temporarily disable the debugger.

This patch also cleans up uses of promises, such as adding error re-throwing.
It adds return type annotations to public ReplayManager asynchronous methods.

* UserInterface/Controllers/ReplayManager.js:
(WebInspector.ReplayManager.catch):
(WebInspector.ReplayManager):
(WebInspector.ReplayManager.prototype.createSession):
(WebInspector.ReplayManager.prototype.switchSession):
(WebInspector.ReplayManager.prototype.startCapturing):
(WebInspector.ReplayManager.prototype.stopCapturing):
(WebInspector.ReplayManager.prototype.replayToPosition):
(WebInspector.ReplayManager.prototype.replayToCompletion):
(WebInspector.ReplayManager.prototype.sessionCreated.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentCompleted.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentCompleted.catch): re-throw.
(WebInspector.ReplayManager.prototype.segmentUnloaded.catch): re-throw.
(WebInspector.ReplayManager.prototype.sessionCreated.catech): re-throw.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172161 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[Mac] Unable to scroll to bottom of nested scrollable areas
bfulgham@apple.com [Wed, 6 Aug 2014 18:25:08 +0000 (18:25 +0000)]
[Mac] Unable to scroll to bottom of nested scrollable areas
https://bugs.webkit.org/show_bug.cgi?id=135637
<rdar://problem/17910241>

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: platform/mac/fast/scrolling/scroll-latched-nested-div.html

Avoid truncating the fractional portion of scroll ranges.

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateScrollbarsAfterLayout): Round
the LayoutUnit values for scroll width and height rather than
truncating.

LayoutTests:

* platform/mac/fast/scrolling/scroll-latched-nested-div-expected.txt: Added.
* platform/mac/fast/scrolling/scroll-latched-nested-div.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172160 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] QuickLook returns an invalid MIME type for some documents
aestes@apple.com [Wed, 6 Aug 2014 18:18:14 +0000 (18:18 +0000)]
[iOS] QuickLook returns an invalid MIME type for some documents
https://bugs.webkit.org/show_bug.cgi?id=135651

Reviewed by David Kilzer.

r172151 ensured that we ignore QuickLook delegate messages after an error, but neglected to do so for
connectionDidFinishLoading:. Do not call ResourceLoader::didFinishLoading() if an error has occurred.

* platform/network/ios/QuickLook.mm:
(-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172159 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: protocol command invocations should return a promise if no callback...
burg@cs.washington.edu [Wed, 6 Aug 2014 17:59:06 +0000 (17:59 +0000)]
Web Inspector: protocol command invocations should return a promise if no callback is supplied
https://bugs.webkit.org/show_bug.cgi?id=130702

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

This allows the trailing Agent.command.promise(args) to be dropped in favor of just
Agent.command(args). It should make it a bit easier to convert code to use promises.

Test: LayoutTests/inspector/protocol-promise-result.html

* UserInterface/Controllers/ReplayManager.js: Drop use of .promise().
* UserInterface/Controllers/TimelineManager.js: Drop use of .promise().
(WebInspector.TimelineManager.prototype.startCapturing):
* UserInterface/Protocol/InspectorBackend.js:
(.callable): Redirect to the promise entry point if the last argument isn't a function.
(InspectorBackend.Command.create):

LayoutTests:

Addd a test for recieving protocol command results through an explicit callback,
via the .promise() entry point, and via an implicitly created promise.

* inspector/protocol-promise-result-expected.txt: Added.
* inspector/protocol-promise-result.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172158 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r172155.
commit-queue@webkit.org [Wed, 6 Aug 2014 17:57:47 +0000 (17:57 +0000)]
Unreviewed, rolling out r172155.
https://bugs.webkit.org/show_bug.cgi?id=135659

ChangeLog and commit message are wrong (Requested by estes on
#webkit).

Reverted changeset:

"Unreviewed, rolling out r172145."
https://bugs.webkit.org/show_bug.cgi?id=135657
http://trac.webkit.org/changeset/172155

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172157 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed build fix
mmaxfield@apple.com [Wed, 6 Aug 2014 17:53:50 +0000 (17:53 +0000)]
Unreviewed build fix

* rendering/TextPainter.cpp: Used incorrect variable name

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172156 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r172145.
aestes@apple.com [Wed, 6 Aug 2014 17:46:37 +0000 (17:46 +0000)]
Unreviewed, rolling out r172145.
https://bugs.webkit.org/show_bug.cgi?id=135657

caused 1 API test to fail (Requested by zalan on #webkit).

Reverted changeset:

"Cleanup InlineTextBox::paintSelection and
::localSelectionRect."
https://bugs.webkit.org/show_bug.cgi?id=135631
http://trac.webkit.org/changeset/172145

Patch by Commit Queue <commit-queue@webkit.org> on 2014-08-06

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r172145.
commit-queue@webkit.org [Wed, 6 Aug 2014 17:44:57 +0000 (17:44 +0000)]
Unreviewed, rolling out r172145.
https://bugs.webkit.org/show_bug.cgi?id=135657

caused 1 API test to fail (Requested by zalan on #webkit).

Reverted changeset:

"Cleanup InlineTextBox::paintSelection and
::localSelectionRect."
https://bugs.webkit.org/show_bug.cgi?id=135631
http://trac.webkit.org/changeset/172145

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172154 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoText-shadow with (0, 0) offset and radius = 0 is ugly
mmaxfield@apple.com [Wed, 6 Aug 2014 17:35:59 +0000 (17:35 +0000)]
Text-shadow with (0, 0) offset and radius = 0 is ugly
https://bugs.webkit.org/show_bug.cgi?id=135357

Reviewed by Darin Adler.

Source/WebCore:

Instead, check for this kind of shadow and don't draw it.

Test: fast/text/empty-shadow.html

* rendering/TextPainter.cpp:
(WebCore::isEmptyShadow): Does a shadow match these criteria?
(WebCore::paintTextWithShadows): If so, don't draw it.

LayoutTests:

Check that this kind of shadow ends up invisible.

* fast/text/empty-shadow-expected.html: Added
* fast/text/empty-shadow.html: Added

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172153 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[ARM] Incorrect handling of Unicode characters
dbatyai.u-szeged@partner.samsung.com [Wed, 6 Aug 2014 17:27:41 +0000 (17:27 +0000)]
[ARM] Incorrect handling of Unicode characters
https://bugs.webkit.org/show_bug.cgi?id=135380

Reviewed by Darin Adler.

Removed erroneous fast case from stringFromUTF(), since it assumed that
char is always implemented as signed.

* jsc.cpp:
(stringFromUTF):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172152 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] QuickLook returns an invalid MIME type for some documents
aestes@apple.com [Wed, 6 Aug 2014 17:23:04 +0000 (17:23 +0000)]
[iOS] QuickLook returns an invalid MIME type for some documents
https://bugs.webkit.org/show_bug.cgi?id=135651

Reviewed by David Kilzer.

In some cases QuickLook indicates a failure by returning a nil MIME type in -[QLPreviewConverter previewResponse]
rather than calling connection:didFailWithError:. Calling ResourceLoader::didReceiveResponse() with a response
containing a nil MIME type leads to a crash.

Stop loading the resource and display an error page if QuickLook cannot provide a MIME type for the converted response.

No new tests. QuickLook is not testable from WebKit.

* platform/network/ios/QuickLook.mm:
(-[WebResourceLoaderQuickLookDelegate _sendDidReceiveResponseIfNecessary]): Called ResourceLoader::didFail() if
MIME type was nil. Called ResourceLoader::didReceiveResponse() otherwise.
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): Called -_sendDidReceiveResponseIfNecessary.
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172151 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSSRegions] Move full screen tests into fast/regions/fullscreen
mihnea@adobe.com [Wed, 6 Aug 2014 16:02:33 +0000 (16:02 +0000)]
[CSSRegions] Move full screen tests into fast/regions/fullscreen
https://bugs.webkit.org/show_bug.cgi?id=135650

Reviewed by Andrei Bucur.

Move files and adjust paths accordingly.

* fast/regions/fullscreen/full-screen-video-from-region-expected.txt: Renamed from LayoutTests/fast/regions/full-screen-video-from-region-expected.txt.
* fast/regions/fullscreen/full-screen-video-from-region.html: Renamed from LayoutTests/fast/regions/full-screen-video-from-region.html.
* fast/regions/fullscreen/full-screen-video-in-region-crash-expected.txt: Renamed from LayoutTests/fast/regions/full-screen-video-in-region-crash-expected.txt.
* fast/regions/fullscreen/full-screen-video-in-region-crash.html: Renamed from LayoutTests/fast/regions/full-screen-video-in-region-crash.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172150 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[JSC] Build fix for FTL on EFL after ftlopt merge
dbatyai.u-szeged@partner.samsung.com [Wed, 6 Aug 2014 15:44:57 +0000 (15:44 +0000)]
[JSC] Build fix for FTL on EFL after ftlopt merge
https://bugs.webkit.org/show_bug.cgi?id=135565

Reviewed by Mark Lam.

Source/JavaScriptCore:

Adding an enable guard for native inlining, since it now requires the bitcode
emitted from Clang, and we don't have a good way of creating it from other compilers.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleCall):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
* ftl/FTLState.cpp:
(JSC::FTL::State::State):
* ftl/FTLState.h:

Source/WTF:

Added ENABLE(FTL_NATIVE_CALL_INLINING).

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172149 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSSRegions] Move parsing tests into fast/regions/parsing
mihnea@adobe.com [Wed, 6 Aug 2014 15:09:52 +0000 (15:09 +0000)]
[CSSRegions] Move parsing tests into fast/regions/parsing
https://bugs.webkit.org/show_bug.cgi?id=135649

Reviewed by Andrei Bucur.

Move files and adjust file paths.

* fast/regions/parsing/webkit-flow-from-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-flow-from-parsing-expected.txt.
* fast/regions/parsing/webkit-flow-from-parsing.html: Added.
* fast/regions/parsing/webkit-flow-into-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-flow-into-parsing-expected.txt.
* fast/regions/parsing/webkit-flow-into-parsing.html: Renamed from LayoutTests/fast/regions/webkit-flow-into-parsing.html.
* fast/regions/parsing/webkit-region-fragment-parsing-expected.txt: Renamed from LayoutTests/fast/regions/webkit-region-fragment-parsing-expected.txt.
* fast/regions/parsing/webkit-region-fragment-parsing.html: Added.
* fast/regions/webkit-flow-from-parsing.html: Removed.
* fast/regions/webkit-region-fragment-parsing.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172148 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Add support for user scripts to WebKitUserContentManager
commit-queue@webkit.org [Wed, 6 Aug 2014 15:07:08 +0000 (15:07 +0000)]
[GTK] Add support for user scripts to WebKitUserContentManager
https://bugs.webkit.org/show_bug.cgi?id=134738

Patch by Adrian Perez de Castro <aperez@igalia.com> on 2014-08-06
Reviewed by Carlos Garcia Campos.

Add support for user scripts, to complement the user style sheet
support already present in WebKitUserContentManager. Most of the
moving parts are already present, so this just adds a boxed type
for user scripts (WebKitUserScript) and the corresponding methods
to add and remove scripts from the WebKitUserContentManager.

Source/WebKit2:

* UIProcess/API/gtk/WebKitUserContent.cpp: Add a WebKitUserScript
boxed type and its corresponding methods and enums.
(toUserScriptInjectionTime): Needed to convert
WebKitUserScriptInjectionTime values into its WebCore counterparts.
(_WebKitUserScript::_WebKitUserScript): Added.
(_WebKitUserScript::referenceCount): Ditto.
(webkit_user_script_ref):
(webkit_user_script_unref):
(webkit_user_script_new):
(webkitUserScriptGetUserScript): Internal method to obtain the
boxed WebCore::UserScript value.
* UIProcess/API/gtk/WebKitUserContent.h: Add the new public API
methods.
* UIProcess/API/gtk/WebKitUserContentManager.cpp: Implement the
methods for adding and removing user scripts.
(webkit_user_content_manager_add_script):
(webkit_user_content_manager_remove_all_scripts):
* UIProcess/API/gtk/WebKitUserContentManager.h: Add the new public
API methods.
* UIProcess/API/gtk/WebKitUserContentPrivate.h: Add the definition
for the new private function.
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Include the
new public methods in the API documentation.

Tools:

* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitUserContentManager.cpp:
Add test case for injected user scripts.
(isScriptInjectedForURLAtPath):
(removeOldInjectedContentAndResetLists):
(testUserContentManagerInjectedStyleSheet):
(testUserContentManagerInjectedScript):
(beforeAll):
(removeOldInjectedStyleSheetsAndResetLists): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoREGRESSION (r163382): Overflow hidden for inner elements breaks blurring
stavila@adobe.com [Wed, 6 Aug 2014 15:06:08 +0000 (15:06 +0000)]
REGRESSION (r163382): Overflow hidden for inner elements breaks blurring
https://bugs.webkit.org/show_bug.cgi?id=135318

Reviewed by Zalan Bujtas.

Source/WebCore:

For elements with border radius, clipping must be applied using clipRoundedRect.
This regressed in r163382, when normal clipping started being applied also
for elements having border radius.

Test: fast/filter-image/clipped-filter.html

* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::clipToRect):
(WebCore::RenderLayer::restoreClip):

LayoutTests:

Added test for filter applied on an element overflowing its parent, which has overflow:hidden.

* fast/filter-image/clipped-filter-expected.html: Added.
* fast/filter-image/clipped-filter.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172146 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoCleanup InlineTextBox::paintSelection and ::localSelectionRect.
zalan@apple.com [Wed, 6 Aug 2014 15:04:09 +0000 (15:04 +0000)]
Cleanup InlineTextBox::paintSelection and ::localSelectionRect.
https://bugs.webkit.org/show_bug.cgi?id=135631

Reviewed by Darin Adler.

Covered by existing tests.

* rendering/InlineTextBox.cpp: Ideally these 2 functions should share some more code.
(WebCore::InlineTextBox::localSelectionRect): Local coordinates should not be snapped/enclosed.
This change could potentially break some selections. Should that be the case, they need to be addressed
separately.
(WebCore::InlineTextBox::paint):
(WebCore::InlineTextBox::paintSelection): Minor cleanup.
* rendering/InlineTextBox.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172145 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Be able to disable gtk2 dependency
carlosgc@webkit.org [Wed, 6 Aug 2014 15:01:29 +0000 (15:01 +0000)]
[GTK] Be able to disable gtk2 dependency
https://bugs.webkit.org/show_bug.cgi?id=135505

Reviewed by Gustavo Noronha Silva.

.:

Add ENABLE_PLUGIN_PROCESS_GTK2 compile option. GTK+2 is only
required when it's enabled. It's enabled by default.

* Source/cmake/OptionsGTK.cmake:

Source/WebCore:

Do not build WebCorePlatformGTK2 when ENABLE_PLUGIN_PROCESS_GTK2
is OFF.

* PlatformGTK.cmake:

Source/WebKit2:

* PlatformGTK.cmake: Only build WebKitPluginProcess2 when
ENABLE_PLUGIN_PROCESS_GTK2 is ON.
* UIProcess/Launcher/gtk/ProcessLauncherGtk.cpp:
(WebKit::ProcessLauncher::launchProcess): Do not try to launch
WebKitPluginProcess2 executable when ENABLE_PLUGIN_PROCESS_GTK2 is OFF.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172144 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoGardening: fix bindings test breakage for for r170564 merged in r172129.
mark.lam@apple.com [Wed, 6 Aug 2014 13:45:43 +0000 (13:45 +0000)]
Gardening: fix bindings test breakage for for r170564 merged in r172129.
<https://webkit.org/b/134333>

Not reviewed.

No new tests.

* bindings/scripts/test/JS/JSTestEventTarget.h:
(WebCore::JSTestEventTarget::create):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172143 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] Rename translation domain to WebKit2GTK-4.0
berto@igalia.com [Wed, 6 Aug 2014 13:36:25 +0000 (13:36 +0000)]
[GTK] Rename translation domain to WebKit2GTK-4.0
https://bugs.webkit.org/show_bug.cgi?id=135646

Reviewed by Carlos Garcia Campos.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSSRegions] Move selection tests under fast/regions/selection
mihnea@adobe.com [Wed, 6 Aug 2014 11:13:07 +0000 (11:13 +0000)]
[CSSRegions] Move selection tests under fast/regions/selection
https://bugs.webkit.org/show_bug.cgi?id=135641

Reviewed by Andrei Bucur.

Move selection related tests under fast/regions/selection.

* fast/regions/selection/selection-gaps-paint-crash-expected.txt: Renamed from LayoutTests/fast/regions/selection-gaps-paint-crash-expected.txt.
* fast/regions/selection/selection-gaps-paint-crash.html: Renamed from LayoutTests/fast/regions/selection-gaps-paint-crash.html.
* fast/regions/selection/selection-in-overflow-expected.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-expected.html.
* fast/regions/selection/selection-in-overflow-hit-testing-expected.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-hit-testing-expected.html.
* fast/regions/selection/selection-in-overflow-hit-testing.html: Renamed from LayoutTests/fast/regions/selection-in-overflow-hit-testing.html.
* fast/regions/selection/selection-in-overflow.html: Renamed from LayoutTests/fast/regions/selection-in-overflow.html.
* fast/regions/selection/selection-in-text-after-overflow-hit-testing-expected.html: Renamed from LayoutTests/fast/regions/selection-in-text-after-overflow-hit-testing-expected.html.
* fast/regions/selection/selection-in-text-after-overflow-hit-testing.html: Renamed from LayoutTests/fast/regions/selection-in-text-after-overflow-hit-testing.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172141 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CSSRegions] Move auto-height tests into fast/regions/auto-size
mihnea@adobe.com [Wed, 6 Aug 2014 11:00:05 +0000 (11:00 +0000)]
[CSSRegions] Move auto-height tests into fast/regions/auto-size
https://bugs.webkit.org/show_bug.cgi?id=135645

Reviewed by Andrei Bucur.

* fast/regions/auto-size/region-height-auto-to-defined-expected.txt: Renamed from LayoutTests/fast/regions/region-height-auto-to-defined-expected.txt.
* fast/regions/auto-size/region-height-auto-to-defined.html: Renamed from LayoutTests/fast/regions/region-height-auto-to-defined.html.
* fast/regions/auto-size/region-height-defined-to-auto-expected.txt: Renamed from LayoutTests/fast/regions/region-height-defined-to-auto-expected.txt.
* fast/regions/auto-size/region-height-defined-to-auto.html: Renamed from LayoutTests/fast/regions/region-height-defined-to-auto.html.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[GTK] run-launcher --gtk still fails
commit-queue@webkit.org [Wed, 6 Aug 2014 10:50:32 +0000 (10:50 +0000)]
[GTK] run-launcher --gtk still fails
https://bugs.webkit.org/show_bug.cgi?id=135642

Patch by Philippe Normand <pnormand@igalia.com> on 2014-08-06
Reviewed by Carlos Garcia Campos.

The perl interpreter is confused by the combination of string
concatenation and a ternary in the same line. Using a separate
variable to determine the library file extension fixes this issue.

* Scripts/webkitdirs.pm:
(builtDylibPathForName): Use an intermediate variable, it's more
readable and unambiguous.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172139 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed typo correction.
ryuan.choi@samsung.com [Wed, 6 Aug 2014 10:10:54 +0000 (10:10 +0000)]
Unreviewed typo correction.

* bindings/scripts/CodeGeneratorJS.pm: removed unnecessary space.
(GenerateImplementation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoURTBF after r172129. (ftlopt branch merge)
ossy@webkit.org [Wed, 6 Aug 2014 06:53:10 +0000 (06:53 +0000)]
URTBF after r172129. (ftlopt branch merge)

Remove the duplicated friend declaration to fix this build failure:
"error: ‘JSC::Structure’ is already a friend of ‘JSC::StructureRareData’ [-Werror]"

* runtime/StructureRareData.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172137 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoWeb Inspector: AXI: Add label string once AccessibilityObject::computedLabel() is...
jcraig@apple.com [Wed, 6 Aug 2014 06:21:03 +0000 (06:21 +0000)]
Web Inspector: AXI: Add label string once AccessibilityObject::computedLabel() is available
https://bugs.webkit.org/show_bug.cgi?id=129940

Reviewed by Chris Fleizach.

Source/WebCore:

Test: inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt

* accessibility/AccessibilityObject.cpp: Fixed crash.
(WebCore::AccessibilityObject::accessibilityComputedLabel):
* accessibility/AccessibilityObject.h: Method name update.
* inspector/InspectorDOMAgent.cpp: New support for getting Node label from AccessibilityObject.
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

Source/WebInspectorUI:

* UserInterface/Views/DOMNodeDetailsSidebarPanel.js: UI update for label field in Node Inspector.
(WebInspector.DOMNodeDetailsSidebarPanel.prototype._refreshAccessibility):

LayoutTests:

* inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: LayoutTest expectation update.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172136 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix CMake-based builds, part 3.
fpizlo@apple.com [Wed, 6 Aug 2014 06:14:48 +0000 (06:14 +0000)]
Attempt to fix CMake-based builds, part 3.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix CMake-based builds, part 2.
fpizlo@apple.com [Wed, 6 Aug 2014 06:09:55 +0000 (06:09 +0000)]
Attempt to fix CMake-based builds, part 2.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix Windows build, part 2.
fpizlo@apple.com [Wed, 6 Aug 2014 06:06:57 +0000 (06:06 +0000)]
Attempt to fix Windows build, part 2.

* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172133 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix CMake-based builds.
fpizlo@apple.com [Wed, 6 Aug 2014 06:03:50 +0000 (06:03 +0000)]
Attempt to fix CMake-based builds.

* CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoAttempt to fix Windows build.
fpizlo@apple.com [Wed, 6 Aug 2014 06:02:27 +0000 (06:02 +0000)]
Attempt to fix Windows build.

* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172131 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoFix cloop build.
fpizlo@apple.com [Wed, 6 Aug 2014 05:55:39 +0000 (05:55 +0000)]
Fix cloop build.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::jettison):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172130 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoMerge r170564, r170571, r170604, r170628, r170672, r170680, r170724, r170728, r170729...
fpizlo@apple.com [Wed, 6 Aug 2014 05:27:46 +0000 (05:27 +0000)]
Merge r170564, r170571, r170604, r170628, r170672, r170680, r170724, r170728, r170729, r170819, r170821, r170836, r170855, r170860, r170890, r170907, r170929, r171052, r171106, r171152, r171153, r171214 from ftlopt.

Source/JavaScriptCore:

This part of the merge delivers roughly a 2% across-the-board performance
improvement, mostly due to immutable property inference and DFG-side GCSE. It also
almost completely resolves accessor performance issues; in the common case the DFG
will compile a getter/setter access into code that is just as efficient as a normal
property access.

Another major highlight of this part of the merge is the work to add a type profiler
to the inspector. This work is still on-going but this greatly increases coverage.

Note that this merge fixes a minor bug in the GetterSetter refactoring from
http://trac.webkit.org/changeset/170729 (https://bugs.webkit.org/show_bug.cgi?id=134518).
It also adds a new tests to tests/stress to cover that bug. That bug was previously only
covered by layout tests.

    2014-07-17  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG Flush(SetLocal) store elimination is overzealous for captured variables in the presence of nodes that have no effects but may throw (merge trunk r171190)
    https://bugs.webkit.org/show_bug.cgi?id=135019

    Reviewed by Oliver Hunt.

    Behaviorally, this is just a merge of trunk r171190, except that the relevant functionality
    has moved to StrengthReductionPhase and is written in a different style. Same algorithm,
    different code.

    * dfg/DFGNodeType.h:
    * dfg/DFGStrengthReductionPhase.cpp:
    (JSC::DFG::StrengthReductionPhase::handleNode):
    * tests/stress/capture-escape-and-throw.js: Added.
    (foo.f):
    (foo):
    * tests/stress/new-array-with-size-throw-exception-and-tear-off-arguments.js: Added.
    (foo):
    (bar):

    2014-07-15  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Constant fold GetGetter and GetSetter if the GetterSetter is a constant
    https://bugs.webkit.org/show_bug.cgi?id=134962

    Reviewed by Oliver Hunt.

    This removes yet another steady-state-throughput implication of using getters and setters:
    if your accessor call is monomorphic then you'll just get a structure check, nothing more.
    No more loads to get to the GetterSetter object or the accessor function object.

    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * runtime/GetterSetter.h:
    (JSC::GetterSetter::getterConcurrently):
    (JSC::GetterSetter::setGetter):
    (JSC::GetterSetter::setterConcurrently):
    (JSC::GetterSetter::setSetter):

    2014-07-15  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Identity replacement in CSE shouldn't create a Phantom over the Identity's children
    https://bugs.webkit.org/show_bug.cgi?id=134893

    Reviewed by Oliver Hunt.

    Replace Identity with Check instead of Phantom. Phantom means that the child of the
    Identity should be unconditionally live. The liveness semantics of Identity are such that
    if the parents of Identity are live then the child is live. Removing the Identity entirely
    preserves such liveness semantics. So, the only thing that should be left behind is the
    type check on the child, which is what Check means: do the check but don't keep the child
    alive if the check isn't needed.

    * dfg/DFGCSEPhase.cpp:
    * dfg/DFGNode.h:
    (JSC::DFG::Node::convertToCheck):

    2014-07-13  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
    https://bugs.webkit.org/show_bug.cgi?id=134677

    Reviewed by Sam Weinig.

    This removes the old local CSE phase, which was based on manually written backward-search
    rules for all of the different kinds of things we cared about, and adds a new local/global
    CSE (local for CPS and global for SSA) that leaves the node semantics almost entirely up to
    clobberize(). Thus, the CSE phase itself just worries about the algorithms and data
    structures used for storing sets of available values. This results in a large reduction in
    code size in CSEPhase.cpp while greatly increasing the phase's power (since it now does
    global CSE) and reducing compile time (since local CSE is now rewritten to use smarter data
    structures). Even though LLVM was already running GVN, the extra GCSE at DFG IR level means
    that this is a significant (~0.7%) throughput improvement.

    This work is based on the concept of "def" to clobberize(). If clobberize() calls def(), it
    means that the node being analyzed makes available some value in some DFG node, and that
    future attempts to compute that value can simply use that node. In other words, it
    establishes an available value mapping of the form value=>node. There are two kinds of
    values that can be passed to def():

    PureValue. This captures everything needed to determine whether two pure nodes - nodes that
        neither read nor write, and produce a value that is a CSE candidate - are identical. It
        carries the NodeType, an AdjacencyList, and one word of meta-data. The meta-data is
        usually used for things like the arithmetic mode or constant pointer. Passing a
        PureValue to def() means that the node produces a value that is valid anywhere that the
        node dominates.

    HeapLocation. This describes a location in the heap that could be written to or read from.
        Both stores and loads can def() a HeapLocation. HeapLocation carries around an abstract
        heap that both serves as part of the "name" of the heap location (together with the
        other fields of HeapLocation) and also tells us what write()'s to watch for. If someone
        write()'s to an abstract heap that overlaps the heap associated with the HeapLocation,
        then it means that the values for that location are no longer available.

    This approach is sufficiently clever that the CSEPhase itself can focus on the mechanism of
    tracking the PureValue=>node and HeapLocation=>node maps, without having to worry about
    interpreting the semantics of different DFG node types - that is now almost entirely in
    clobberize(). The only things we special-case inside CSEPhase are the Identity node, which
    CSE is traditionally responsible for eliminating even though it has nothing to do with CSE,
    and the LocalCSE rule for turning PutByVal into PutByValAlias.

    This is a slight Octane, SunSpider, and Kraken speed-up - all somewhere arond 0.7% . It's
    not a bigger win because LLVM was already giving us most of what we needed in its GVN.
    Also, the SunSpider speed-up isn't from GCSE as much as it's a clean-up of local CSE - that
    is no longer O(n^2). Basically this is purely good: it reduces the amount of LLVM IR we
    generate, it removes the old CSE's heap modeling (which was a constant source of bugs), and
    it improves both the quality of the code we generate and the speed with which we generate
    it. Also, any future optimizations that depend on GCSE will now be easier to implement.

    During the development of this patch I also rationalized some other stuff, like Graph's
    ordered traversals - we now have preorder and postorder rather than just "depth first".

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGAbstractHeap.h:
    * dfg/DFGAdjacencyList.h:
    (JSC::DFG::AdjacencyList::hash):
    (JSC::DFG::AdjacencyList::operator==):
    * dfg/DFGBasicBlock.h:
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::performLocalCSE):
    (JSC::DFG::performGlobalCSE):
    (JSC::DFG::CSEPhase::CSEPhase): Deleted.
    (JSC::DFG::CSEPhase::run): Deleted.
    (JSC::DFG::CSEPhase::endIndexForPureCSE): Deleted.
    (JSC::DFG::CSEPhase::pureCSE): Deleted.
    (JSC::DFG::CSEPhase::constantCSE): Deleted.
    (JSC::DFG::CSEPhase::constantStoragePointerCSE): Deleted.
    (JSC::DFG::CSEPhase::getCalleeLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getArrayLengthElimination): Deleted.
    (JSC::DFG::CSEPhase::globalVarLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::scopedVarLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::varInjectionWatchpointElimination): Deleted.
    (JSC::DFG::CSEPhase::getByValLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::checkFunctionElimination): Deleted.
    (JSC::DFG::CSEPhase::checkExecutableElimination): Deleted.
    (JSC::DFG::CSEPhase::checkStructureElimination): Deleted.
    (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): Deleted.
    (JSC::DFG::CSEPhase::getByOffsetLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getGetterSetterByOffsetLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::checkArrayElimination): Deleted.
    (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getInternalFieldLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getMyScopeLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::getLocalLoadElimination): Deleted.
    (JSC::DFG::CSEPhase::invalidationPointElimination): Deleted.
    (JSC::DFG::CSEPhase::setReplacement): Deleted.
    (JSC::DFG::CSEPhase::eliminate): Deleted.
    (JSC::DFG::CSEPhase::performNodeCSE): Deleted.
    (JSC::DFG::CSEPhase::performBlockCSE): Deleted.
    (JSC::DFG::performCSE): Deleted.
    * dfg/DFGCSEPhase.h:
    * dfg/DFGClobberSet.cpp:
    (JSC::DFG::addReads):
    (JSC::DFG::addWrites):
    (JSC::DFG::addReadsAndWrites):
    (JSC::DFG::readsOverlap):
    (JSC::DFG::writesOverlap):
    * dfg/DFGClobberize.cpp:
    (JSC::DFG::doesWrites):
    (JSC::DFG::accessesOverlap):
    (JSC::DFG::writesOverlap):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    (JSC::DFG::NoOpClobberize::operator()):
    (JSC::DFG::CheckClobberize::operator()):
    (JSC::DFG::ReadMethodClobberize::ReadMethodClobberize):
    (JSC::DFG::ReadMethodClobberize::operator()):
    (JSC::DFG::WriteMethodClobberize::WriteMethodClobberize):
    (JSC::DFG::WriteMethodClobberize::operator()):
    (JSC::DFG::DefMethodClobberize::DefMethodClobberize):
    (JSC::DFG::DefMethodClobberize::operator()):
    * dfg/DFGDCEPhase.cpp:
    (JSC::DFG::DCEPhase::run):
    (JSC::DFG::DCEPhase::fixupBlock):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::getBlocksInPreOrder):
    (JSC::DFG::Graph::getBlocksInPostOrder):
    (JSC::DFG::Graph::addForDepthFirstSort): Deleted.
    (JSC::DFG::Graph::getBlocksInDepthFirstOrder): Deleted.
    * dfg/DFGGraph.h:
    * dfg/DFGHeapLocation.cpp: Added.
    (JSC::DFG::HeapLocation::dump):
    (WTF::printInternal):
    * dfg/DFGHeapLocation.h: Added.
    (JSC::DFG::HeapLocation::HeapLocation):
    (JSC::DFG::HeapLocation::operator!):
    (JSC::DFG::HeapLocation::kind):
    (JSC::DFG::HeapLocation::heap):
    (JSC::DFG::HeapLocation::base):
    (JSC::DFG::HeapLocation::index):
    (JSC::DFG::HeapLocation::hash):
    (JSC::DFG::HeapLocation::operator==):
    (JSC::DFG::HeapLocation::isHashTableDeletedValue):
    (JSC::DFG::HeapLocationHash::hash):
    (JSC::DFG::HeapLocationHash::equal):
    * dfg/DFGLICMPhase.cpp:
    (JSC::DFG::LICMPhase::run):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::replaceWith):
    (JSC::DFG::Node::convertToPhantomUnchecked): Deleted.
    * dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::compileInThreadImpl):
    * dfg/DFGPureValue.cpp: Added.
    (JSC::DFG::PureValue::dump):
    * dfg/DFGPureValue.h: Added.
    (JSC::DFG::PureValue::PureValue):
    (JSC::DFG::PureValue::operator!):
    (JSC::DFG::PureValue::op):
    (JSC::DFG::PureValue::children):
    (JSC::DFG::PureValue::info):
    (JSC::DFG::PureValue::hash):
    (JSC::DFG::PureValue::operator==):
    (JSC::DFG::PureValue::isHashTableDeletedValue):
    (JSC::DFG::PureValueHash::hash):
    (JSC::DFG::PureValueHash::equal):
    * dfg/DFGSSAConversionPhase.cpp:
    (JSC::DFG::SSAConversionPhase::run):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::lower):

    2014-07-13  Filip Pizlo  <fpizlo@apple.com>

    Unreviewed, revert unintended change in r171051.

    * dfg/DFGCSEPhase.cpp:

    2014-07-08  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Move Flush(SetLocal) store elimination to StrengthReductionPhase
    https://bugs.webkit.org/show_bug.cgi?id=134739

    Reviewed by Mark Hahnenberg.

    I'm going to streamline CSE around clobberize() as part of
    https://bugs.webkit.org/show_bug.cgi?id=134677, and so Flush(SetLocal) store
    elimination wouldn't belong in CSE anymore. It doesn't quite belong anywhere, which
    means that it belongs in StrengthReductionPhase, since that's intended to be our
    dumping ground.

    To do this I had to add some missing smarts to clobberize(). Previously clobberize()
    could play a bit loose with reads of Variables because it wasn't used for store
    elimination. The main client of read() was LICM, but it would only use it to
    determine hoistability and anything that did a write() was not hoistable - so, we had
    benign (but still wrong) missing read() calls in places that did write()s. This fixes
    a bunch of those cases.

    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::performNodeCSE):
    (JSC::DFG::CSEPhase::setLocalStoreElimination): Deleted.
    * dfg/DFGClobberize.cpp:
    (JSC::DFG::accessesOverlap):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize): Make clobberize() smart enough for detecting when this store elimination would be sound.
    * dfg/DFGStrengthReductionPhase.cpp:
    (JSC::DFG::StrengthReductionPhase::handleNode): Implement the store elimination in terms of clobberize().

    2014-07-08  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Phantom simplification should be in its own phase
    https://bugs.webkit.org/show_bug.cgi?id=134742

    Reviewed by Geoffrey Garen.

    This moves Phantom simplification out of CSE, which greatly simplifies CSE and gives it
    more focus. Also this finally adds a phase that removes empty Phantoms. We sort of had
    this in CPSRethreading, but that phase runs too infrequently and doesn't run at all for
    SSA.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGAdjacencyList.h:
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::run):
    (JSC::DFG::CSEPhase::setReplacement):
    (JSC::DFG::CSEPhase::eliminate):
    (JSC::DFG::CSEPhase::performNodeCSE):
    (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren): Deleted.
    * dfg/DFGPhantomRemovalPhase.cpp: Added.
    (JSC::DFG::PhantomRemovalPhase::PhantomRemovalPhase):
    (JSC::DFG::PhantomRemovalPhase::run):
    (JSC::DFG::performCleanUp):
    * dfg/DFGPhantomRemovalPhase.h: Added.
    * dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::compileInThreadImpl):

    2014-07-08  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Get rid of Node::misc by moving the fields out of the union so that you can use replacement and owner simultaneously
    https://bugs.webkit.org/show_bug.cgi?id=134730

    Reviewed by Mark Lam.

    This will allow for a better GCSE implementation.

    * dfg/DFGCPSRethreadingPhase.cpp:
    (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::setReplacement):
    * dfg/DFGEdgeDominates.h:
    (JSC::DFG::EdgeDominates::operator()):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::clearReplacements):
    (JSC::DFG::Graph::initializeNodeOwners):
    * dfg/DFGGraph.h:
    (JSC::DFG::Graph::performSubstitutionForEdge):
    * dfg/DFGLICMPhase.cpp:
    (JSC::DFG::LICMPhase::attemptHoist):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::Node):
    * dfg/DFGSSAConversionPhase.cpp:
    (JSC::DFG::SSAConversionPhase::run):

    2014-07-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Infer immutable object properties
    https://bugs.webkit.org/show_bug.cgi?id=134567

    Reviewed by Mark Hahnenberg.

    This introduces a new way of inferring immutable object properties. A property is said to
    be immutable if after its creation (i.e. the transition that creates it), we never
    overwrite it (i.e. replace it) or delete it. Immutability is a property of an "own
    property" - so if we say that "f" is immutable at "o" then we are implying that "o" has "f"
    directly and not on a prototype. More specifically, the immutability inference will prove
    that a property on some structure is immutable. This means that, for example, we may have a
    structure S1 with property "f" where we claim that "f" at S1 is immutable, but S1 has a
    transition to S2 that adds a new property "g" and we may claim that "f" at S2 is actually
    mutable. This is mainly for convenience; it allows us to decouple immutability logic from
    transition logic. Immutability can be used to constant-fold accesses to objects at
    DFG-time. The DFG needs to prove the following to constant-fold the access:

    - The base of the access must be a constant object pointer. We prove that a property at a
      structure is immutable, but that says nothing of its value; each actual instance of that
      property may have a different value. So, a constant object pointer is needed to get an
      actual constant instance of the immutable value.

    - A check (or watchpoint) must have been emitted proving that the object has a structure
      that allows loading the property in question.

    - The replacement watchpoint set of the property in the structure that we've proven the
      object to have is still valid and we add a watchpoint to it lazily. The replacement
      watchpoint set is the key new mechanism that this change adds. It's possible that we have
      proven that the object has one of many structures, in which case each of those structures
      needs a valid replacement watchpoint set.

    The replacement watchpoint set is created the first time that any access to the property is
    cached. A put replace cache will create, and immediately invalidate, the watchpoint set. A
    get cache will create the watchpoint set and make it start watching. Any non-cached put
    access will invalidate the watchpoint set if one had been created; the underlying algorithm
    ensures that checking for the existence of a replacement watchpoint set is very fast in the
    common case. This algorithm ensures that no cached access needs to ever do any work to
    invalidate, or check the validity of, any replacement watchpoint sets. It also has some
    other nice properties:

    - It's very robust in its definition of immutability. The strictest that it will ever be is
      that for any instance of the object, the property must be written to only once,
      specifically at the time that the property is created. But it's looser than this in
      practice. For example, the property may be written to any number of times before we add
      the final property that the object will have before anyone reads the property; this works
      since for optimization purposes we only care if we detect immutability on the structure
      that the object will have when it is most frequently read from, not any previous
      structure that the object had. Also, we may write to the property any number of times
      before anyone caches accesses to it.

    - It is mostly orthogonal to structure transitions. No new structures need to be created to
      track the immutability of a property. Hence, there is no risk from this feature causing
      more polymorphism. This is different from the previous "specificValue" constant
      inference, which did cause additional structures to be created and sometimes those
      structures led to fake polymorphism. This feature does leverage existing transitions to
      do some of the watchpointing: property deletions don't fire the replacement watchpoint
      set because that would cause a new structure and so the mandatory structure check would
      fail. Also, this feature is guaranteed to never kick in for uncacheable dictionaries
      because those wouldn't allow for cacheable accesses - and it takes a cacheable access for
      this feature to be enabled.

    - No memory overhead is incurred except when accesses to the property are cached.
      Dictionary properties will typically have no meta-data for immutability. The number of
      replacement watchpoint sets we allocate is proportional to the number of inline caches in
      the program, which is typically must smaller than the number of structures or even the
      number of objects.

    This inference is far more powerful than the previous "specificValue" inference, so this
    change also removes all of that code. It's interesting that the amount of code that is
    changed to remove that feature is almost as big as the amount of code added to support the
    new inference - and that's if you include the new tests in the tally. Without new tests,
    it appears that the new feature actually touches less code!

    There is one corner case where the previous "specificValue" inference was more powerful.
    You can imagine someone creating objects with functions as self properties on those
    objects, such that each object instance had the same function pointers - essentially,
    someone might be trying to create a vtable but failing at the whole "one vtable for many
    instances" concept. The "specificValue" inference would do very well for such programs,
    because a structure check would be sufficient to prove a constant value for all of the
    function properties. This new inference will fail because it doesn't track the constant
    values of constant properties; instead it detects the immutability of otherwise variable
    properties (in the sense that each instance of the property may have a different value).
    So, the new inference requires having a particular object instance to actually get the
    constant value. I think it's OK to lose this antifeature. It took a lot of code to support
    and was a constant source of grief in our transition logic, and there doesn't appear to be
    any real evidence that programs benefited from that particular kind of inference since
    usually it's the singleton prototype instance that has all of the functions.

    This change is a speed-up on everything. date-format-xparb and both SunSpider/raytrace and
    V8/raytrace seem to be the biggest winners among the macrobenchmarks; they see >5%
    speed-ups. Many of our microbenchmarks see very large performance improvements, even 80% in
    one case.

    * bytecode/ComplexGetStatus.cpp:
    (JSC::ComplexGetStatus::computeFor):
    * bytecode/GetByIdStatus.cpp:
    (JSC::GetByIdStatus::computeFromLLInt):
    (JSC::GetByIdStatus::computeForStubInfo):
    (JSC::GetByIdStatus::computeFor):
    * bytecode/GetByIdVariant.cpp:
    (JSC::GetByIdVariant::GetByIdVariant):
    (JSC::GetByIdVariant::operator=):
    (JSC::GetByIdVariant::attemptToMerge):
    (JSC::GetByIdVariant::dumpInContext):
    * bytecode/GetByIdVariant.h:
    (JSC::GetByIdVariant::alternateBase):
    (JSC::GetByIdVariant::specificValue): Deleted.
    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::computeForStubInfo):
    (JSC::PutByIdStatus::computeFor):
    * bytecode/PutByIdVariant.cpp:
    (JSC::PutByIdVariant::operator=):
    (JSC::PutByIdVariant::setter):
    (JSC::PutByIdVariant::dumpInContext):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::specificValue): Deleted.
    * bytecode/Watchpoint.cpp:
    (JSC::WatchpointSet::fireAllSlow):
    (JSC::WatchpointSet::fireAll): Deleted.
    * bytecode/Watchpoint.h:
    (JSC::WatchpointSet::fireAll):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleGetByOffset):
    (JSC::DFG::ByteCodeParser::handleGetById):
    (JSC::DFG::ByteCodeParser::handlePutById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGConstantFoldingPhase.cpp:
    (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
    (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::tryGetConstantProperty):
    (JSC::DFG::Graph::visitChildren):
    * dfg/DFGGraph.h:
    * dfg/DFGWatchableStructureWatchingPhase.cpp:
    (JSC::DFG::WatchableStructureWatchingPhase::run):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
    * jit/JITOperations.cpp:
    * jit/Repatch.cpp:
    (JSC::repatchByIdSelfAccess):
    (JSC::generateByIdStub):
    (JSC::tryCacheGetByID):
    (JSC::tryCachePutByID):
    (JSC::tryBuildPutByIdList):
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    (JSC::LLInt::putToScopeCommon):
    * runtime/CommonSlowPaths.h:
    (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
    * runtime/IntendedStructureChain.cpp:
    (JSC::IntendedStructureChain::mayInterceptStoreTo):
    * runtime/JSCJSValue.cpp:
    (JSC::JSValue::putToPrimitive):
    * runtime/JSGlobalObject.cpp:
    (JSC::JSGlobalObject::reset):
    * runtime/JSObject.cpp:
    (JSC::JSObject::put):
    (JSC::JSObject::putDirectNonIndexAccessor):
    (JSC::JSObject::deleteProperty):
    (JSC::JSObject::defaultValue):
    (JSC::getCallableObjectSlow): Deleted.
    (JSC::JSObject::getPropertySpecificValue): Deleted.
    * runtime/JSObject.h:
    (JSC::JSObject::getDirect):
    (JSC::JSObject::getDirectOffset):
    (JSC::JSObject::inlineGetOwnPropertySlot):
    (JSC::JSObject::putDirectInternal):
    (JSC::JSObject::putOwnDataProperty):
    (JSC::JSObject::putDirect):
    (JSC::JSObject::putDirectWithoutTransition):
    (JSC::getCallableObject): Deleted.
    * runtime/JSScope.cpp:
    (JSC::abstractAccess):
    * runtime/PropertyMapHashTable.h:
    (JSC::PropertyMapEntry::PropertyMapEntry):
    (JSC::PropertyTable::copy):
    * runtime/PropertyTable.cpp:
    (JSC::PropertyTable::clone):
    (JSC::PropertyTable::PropertyTable):
    (JSC::PropertyTable::visitChildren): Deleted.
    * runtime/Structure.cpp:
    (JSC::Structure::Structure):
    (JSC::Structure::materializePropertyMap):
    (JSC::Structure::addPropertyTransitionToExistingStructureImpl):
    (JSC::Structure::addPropertyTransitionToExistingStructure):
    (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
    (JSC::Structure::addPropertyTransition):
    (JSC::Structure::changePrototypeTransition):
    (JSC::Structure::attributeChangeTransition):
    (JSC::Structure::toDictionaryTransition):
    (JSC::Structure::preventExtensionsTransition):
    (JSC::Structure::takePropertyTableOrCloneIfPinned):
    (JSC::Structure::nonPropertyTransition):
    (JSC::Structure::addPropertyWithoutTransition):
    (JSC::Structure::allocateRareData):
    (JSC::Structure::ensurePropertyReplacementWatchpointSet):
    (JSC::Structure::startWatchingPropertyForReplacements):
    (JSC::Structure::didCachePropertyReplacement):
    (JSC::Structure::startWatchingInternalProperties):
    (JSC::Structure::copyPropertyTable):
    (JSC::Structure::copyPropertyTableForPinning):
    (JSC::Structure::getConcurrently):
    (JSC::Structure::get):
    (JSC::Structure::add):
    (JSC::Structure::visitChildren):
    (JSC::Structure::prototypeChainMayInterceptStoreTo):
    (JSC::Structure::dump):
    (JSC::Structure::despecifyDictionaryFunction): Deleted.
    (JSC::Structure::despecifyFunctionTransition): Deleted.
    (JSC::Structure::despecifyFunction): Deleted.
    (JSC::Structure::despecifyAllFunctions): Deleted.
    (JSC::Structure::putSpecificValue): Deleted.
    * runtime/Structure.h:
    (JSC::Structure::startWatchingPropertyForReplacements):
    (JSC::Structure::startWatchingInternalPropertiesIfNecessary):
    (JSC::Structure::startWatchingInternalPropertiesIfNecessaryForEntireChain):
    (JSC::Structure::transitionDidInvolveSpecificValue): Deleted.
    (JSC::Structure::disableSpecificFunctionTracking): Deleted.
    * runtime/StructureInlines.h:
    (JSC::Structure::getConcurrently):
    (JSC::Structure::didReplaceProperty):
    (JSC::Structure::propertyReplacementWatchpointSet):
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::destroy):
    * runtime/StructureRareData.h:
    * tests/stress/infer-constant-global-property.js: Added.
    (foo.Math.sin):
    (foo):
    * tests/stress/infer-constant-property.js: Added.
    (foo):
    * tests/stress/jit-cache-poly-replace-then-cache-get-and-fold-then-invalidate.js: Added.
    (foo):
    (bar):
    * tests/stress/jit-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added.
    (foo):
    (bar):
    * tests/stress/jit-put-to-scope-global-cache-watchpoint-invalidate.js: Added.
    (foo):
    (bar):
    * tests/stress/llint-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added.
    (foo):
    (bar):
    * tests/stress/llint-put-to-scope-global-cache-watchpoint-invalidate.js: Added.
    (foo):
    (bar):
    * tests/stress/repeat-put-to-scope-global-with-same-value-watchpoint-invalidate.js: Added.
    (foo):
    (bar):

    2014-07-03  Saam Barati  <sbarati@apple.com>

    Add more coverage for the profile_types_with_high_fidelity op code.
    https://bugs.webkit.org/show_bug.cgi?id=134616

    Reviewed by Filip Pizlo.

    More operations are now being recorded by the profile_types_with_high_fidelity
    opcode. Specifically: function parameters, function return values,
    function 'this' value, get_by_id, get_by_value, resolve nodes, function return
    values at the call site. Added more flags to the profile_types_with_high_fidelity
    opcode so more focused tasks can take place when the instruction is
    being linked in CodeBlock. Re-worked the type profiler to search
    through character offset ranges when asked for the type of an expression
    at a given offset. Removed redundant calls to Structure::toStructureShape
    in HighFidelityLog and TypeSet by caching calls based on StructureID.

    * bytecode/BytecodeList.json:
    * bytecode/BytecodeUseDef.h:
    (JSC::computeUsesForBytecodeOffset):
    (JSC::computeDefsForBytecodeOffset):
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::finalizeUnconditionally):
    (JSC::CodeBlock::scopeDependentProfile):
    * bytecode/CodeBlock.h:
    (JSC::CodeBlock::returnStatementTypeSet):
    * bytecode/TypeLocation.h:
    * bytecode/UnlinkedCodeBlock.cpp:
    (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset):
    (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo):
    * bytecode/UnlinkedCodeBlock.h:
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitMove):
    (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
    (JSC::BytecodeGenerator::emitGetFromScopeWithProfile):
    (JSC::BytecodeGenerator::emitPutToScope):
    (JSC::BytecodeGenerator::emitPutToScopeWithProfile):
    (JSC::BytecodeGenerator::emitPutById):
    (JSC::BytecodeGenerator::emitPutByVal):
    * bytecompiler/BytecodeGenerator.h:
    (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):
    * bytecompiler/NodesCodegen.cpp:
    (JSC::ResolveNode::emitBytecode):
    (JSC::BracketAccessorNode::emitBytecode):
    (JSC::DotAccessorNode::emitBytecode):
    (JSC::FunctionCallValueNode::emitBytecode):
    (JSC::FunctionCallResolveNode::emitBytecode):
    (JSC::FunctionCallBracketNode::emitBytecode):
    (JSC::FunctionCallDotNode::emitBytecode):
    (JSC::CallFunctionCallDotNode::emitBytecode):
    (JSC::ApplyFunctionCallDotNode::emitBytecode):
    (JSC::PostfixNode::emitResolve):
    (JSC::PostfixNode::emitBracket):
    (JSC::PostfixNode::emitDot):
    (JSC::PrefixNode::emitResolve):
    (JSC::PrefixNode::emitBracket):
    (JSC::PrefixNode::emitDot):
    (JSC::ReadModifyResolveNode::emitBytecode):
    (JSC::AssignResolveNode::emitBytecode):
    (JSC::AssignDotNode::emitBytecode):
    (JSC::ReadModifyDotNode::emitBytecode):
    (JSC::AssignBracketNode::emitBytecode):
    (JSC::ReadModifyBracketNode::emitBytecode):
    (JSC::ReturnNode::emitBytecode):
    (JSC::FunctionBodyNode::emitBytecode):
    * inspector/agents/InspectorRuntimeAgent.cpp:
    (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset):
    (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange): Deleted.
    * inspector/agents/InspectorRuntimeAgent.h:
    * inspector/protocol/Runtime.json:
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::getFromScopeCommon):
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    * llint/LLIntSlowPaths.h:
    * llint/LowLevelInterpreter.asm:
    * runtime/HighFidelityLog.cpp:
    (JSC::HighFidelityLog::processHighFidelityLog):
    (JSC::HighFidelityLog::actuallyProcessLogThreadFunction):
    (JSC::HighFidelityLog::recordTypeInformationForLocation): Deleted.
    * runtime/HighFidelityLog.h:
    (JSC::HighFidelityLog::recordTypeInformationForLocation):
    * runtime/HighFidelityTypeProfiler.cpp:
    (JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset):
    (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset):
    (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset):
    (JSC::HighFidelityTypeProfiler::insertNewLocation):
    (JSC::HighFidelityTypeProfiler::findLocation):
    (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange): Deleted.
    (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange): Deleted.
    (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange): Deleted.
    (JSC::HighFidelityTypeProfiler::getLocationBasedHash): Deleted.
    * runtime/HighFidelityTypeProfiler.h:
    (JSC::LocationKey::LocationKey): Deleted.
    (JSC::LocationKey::hash): Deleted.
    (JSC::LocationKey::operator==): Deleted.
    * runtime/Structure.cpp:
    (JSC::Structure::toStructureShape):
    * runtime/Structure.h:
    * runtime/TypeSet.cpp:
    (JSC::TypeSet::TypeSet):
    (JSC::TypeSet::addTypeForValue):
    (JSC::TypeSet::seenTypes):
    (JSC::TypeSet::removeDuplicatesInStructureHistory): Deleted.
    * runtime/TypeSet.h:
    (JSC::StructureShape::setConstructorName):
    * runtime/VM.cpp:
    (JSC::VM::getTypesForVariableAtOffset):
    (JSC::VM::dumpHighFidelityProfilingTypes):
    (JSC::VM::getTypesForVariableInRange): Deleted.
    * runtime/VM.h:

    2014-07-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt][REGRESSION] debug tests fail because PutByIdDirect is now implemented in terms of In
    https://bugs.webkit.org/show_bug.cgi?id=134642

    Rubber stamped by Andreas Kling.

    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileNode):

    2014-07-01  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Allocate a new GetterSetter if we change the value of any of its entries other than when they were previously null, so that if we constant-infer an accessor slot then we immediately get the function constant for free
    https://bugs.webkit.org/show_bug.cgi?id=134518

    Reviewed by Mark Hahnenberg.

    This has no real effect right now, particularly since almost all uses of
    setSetter/setGetter were already allocating a branch new GetterSetter. But once we start
    doing more aggressive constant property inference, this change will allow us to remove
    all runtime checks from getter/setter calls.

    * runtime/GetterSetter.cpp:
    (JSC::GetterSetter::withGetter):
    (JSC::GetterSetter::withSetter):
    * runtime/GetterSetter.h:
    (JSC::GetterSetter::setGetter):
    (JSC::GetterSetter::setSetter):
    * runtime/JSObject.cpp:
    (JSC::JSObject::defineOwnNonIndexProperty):

    2014-07-02  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Rename notifyTransitionFromThisStructure to didTransitionFromThisStructure

    Rubber stamped by Mark Hahnenberg.

    * runtime/Structure.cpp:
    (JSC::Structure::Structure):
    (JSC::Structure::nonPropertyTransition):
    (JSC::Structure::didTransitionFromThisStructure):
    (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
    * runtime/Structure.h:

    2014-07-02  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Remove the functionality for cloning StructureRareData since we never do that anymore.

    Rubber stamped by Mark Hahnenberg.

    * runtime/Structure.cpp:
    (JSC::Structure::Structure):
    (JSC::Structure::cloneRareDataFrom): Deleted.
    * runtime/Structure.h:
    * runtime/StructureRareData.cpp:
    (JSC::StructureRareData::clone): Deleted.
    (JSC::StructureRareData::StructureRareData): Deleted.
    * runtime/StructureRareData.h:
    (JSC::StructureRareData::needsCloning): Deleted.

    2014-07-01  Mark Lam  <mark.lam@apple.com>

    [ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
    <https://webkit.org/b/134420>

    Reviewed by Geoffrey Garen.

    Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
    peers) which the WebInspector will use to introspect CallFrame variables.
    Instead, we should be returning a DebuggerScope as an abstraction layer that
    provides the introspection functionality that the WebInspector needs.  This
    is the first step towards not forcing every frame to have a JSActivation
    object just because the debugger is enabled.

    1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
       instead of the VM.  This allows JSObject::globalObject() to be able to
       return the global object for the DebuggerScope.

    2. On the DebuggerScope's life-cycle management:

       The DebuggerCallFrame is designed to be "valid" only during a debugging session
       (while the debugger is broken) through the use of a DebuggerCallFrameScope in
       Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
       DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
       We can't guarantee (from this code alone) that the Inspector code isn't still
       holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
       the frame will be invalidated, and any attempt to query it will return null values.
       This is pre-existing behavior.

       Now, we're adding the DebuggerScope into the picture.  While a single debugger
       pause session is in progress, the Inspector may request the scope from the
       DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
       DebuggerCallFrame::scope() to always return the same DebuggerScope object.
       This is why we hold on to the DebuggerScope with a strong ref.

       If we use a weak ref instead, the following cooky behavior can manifest:
       1. The Inspector calls Debugger::scope() to get the top scope.
       2. The Inspector iterates down the scope chain and is now only holding a
          reference to a parent scope.  It is no longer referencing the top scope.
       3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
          gets cleared.
       4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
          a different DebuggerScope instance.
       5. The Inspector iterates down the scope chain but never sees the parent scope
          instance that retained a ref to in step 2 above.  This is because when iterating
          this new DebuggerScope instance (which has no knowledge of the previous parent
          DebuggerScope instance), a new DebuggerScope instance will get created for the
          same parent scope.

       Since the DebuggerScope is a JSObject, it's liveness is determined by its reachability.
       However, it's "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
       When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
       instantiated) will also get invalidated.  This is why we need the
       DebuggerScope::invalidateChain() method.  The Inspector should not be using the
       DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
       those methods will do nothing or returned a failed status.

    * debugger/Debugger.h:
    * debugger/DebuggerCallFrame.cpp:
    (JSC::DebuggerCallFrame::scope):
    (JSC::DebuggerCallFrame::evaluate):
    (JSC::DebuggerCallFrame::invalidate):
    (JSC::DebuggerCallFrame::vm):
    (JSC::DebuggerCallFrame::lexicalGlobalObject):
    * debugger/DebuggerCallFrame.h:
    * debugger/DebuggerScope.cpp:
    (JSC::DebuggerScope::DebuggerScope):
    (JSC::DebuggerScope::finishCreation):
    (JSC::DebuggerScope::visitChildren):
    (JSC::DebuggerScope::className):
    (JSC::DebuggerScope::getOwnPropertySlot):
    (JSC::DebuggerScope::put):
    (JSC::DebuggerScope::deleteProperty):
    (JSC::DebuggerScope::getOwnPropertyNames):
    (JSC::DebuggerScope::defineOwnProperty):
    (JSC::DebuggerScope::next):
    (JSC::DebuggerScope::invalidateChain):
    (JSC::DebuggerScope::isWithScope):
    (JSC::DebuggerScope::isGlobalScope):
    (JSC::DebuggerScope::isFunctionScope):
    * debugger/DebuggerScope.h:
    (JSC::DebuggerScope::create):
    (JSC::DebuggerScope::Iterator::Iterator):
    (JSC::DebuggerScope::Iterator::get):
    (JSC::DebuggerScope::Iterator::operator++):
    (JSC::DebuggerScope::Iterator::operator==):
    (JSC::DebuggerScope::Iterator::operator!=):
    (JSC::DebuggerScope::isValid):
    (JSC::DebuggerScope::jsScope):
    (JSC::DebuggerScope::begin):
    (JSC::DebuggerScope::end):
    * inspector/JSJavaScriptCallFrame.cpp:
    (Inspector::JSJavaScriptCallFrame::scopeType):
    (Inspector::JSJavaScriptCallFrame::scopeChain):
    * inspector/JavaScriptCallFrame.h:
    (Inspector::JavaScriptCallFrame::scopeChain):
    * inspector/ScriptDebugServer.cpp:
    * runtime/JSGlobalObject.cpp:
    (JSC::JSGlobalObject::reset):
    (JSC::JSGlobalObject::visitChildren):
    * runtime/JSGlobalObject.h:
    (JSC::JSGlobalObject::debuggerScopeStructure):
    * runtime/JSObject.h:
    (JSC::JSObject::isWithScope):
    * runtime/JSScope.h:
    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:

    2014-07-01  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG bytecode parser should turn PutById with nothing but a Setter stub as stuff+handleCall, and handleCall should be allowed to inline if it wants to
    https://bugs.webkit.org/show_bug.cgi?id=130756

    Reviewed by Oliver Hunt.

    The enables exposing the call to setters in the DFG, and then inlining it. Previously we
    already supproted inlined-cached calls to setters from within put_by_id inline caches,
    and the DFG could certainly emit such IC's. Now, if an IC had a setter call, then the DFG
    will either emit the GetGetterSetterByOffset/GetSetter/Call combo, or it will do one
    better and inline the call.

    A lot of the core functionality was already available from the previous work to inline
    getters. So, there are some refactorings in this patch that move preexisting
    functionality around. For example, the work to figure out how the DFG should go about
    getting to what we call the "loaded value" - i.e. the GetterSetter object reference in
    the case of accessors - is now shared in ComplexGetStatus, and both GetByIdStatus and
    PutByIdStatus use it. This means that we can keep the safety checks common.  This patch
    also does additional refactorings in DFG::ByteCodeParser so that we can continue to reuse
    handleCall() for all of the various kinds of calls we can now emit.

    83% speed-up on getter-richards, 2% speed-up on box2d.

    * CMakeLists.txt:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/ComplexGetStatus.cpp: Added.
    (JSC::ComplexGetStatus::computeFor):
    * bytecode/ComplexGetStatus.h: Added.
    (JSC::ComplexGetStatus::ComplexGetStatus):
    (JSC::ComplexGetStatus::skip):
    (JSC::ComplexGetStatus::takesSlowPath):
    (JSC::ComplexGetStatus::kind):
    (JSC::ComplexGetStatus::attributes):
    (JSC::ComplexGetStatus::specificValue):
    (JSC::ComplexGetStatus::offset):
    (JSC::ComplexGetStatus::chain):
    * bytecode/GetByIdStatus.cpp:
    (JSC::GetByIdStatus::computeForStubInfo):
    * bytecode/GetByIdVariant.cpp:
    (JSC::GetByIdVariant::GetByIdVariant):
    * bytecode/PolymorphicPutByIdList.h:
    (JSC::PutByIdAccess::PutByIdAccess):
    (JSC::PutByIdAccess::setter):
    (JSC::PutByIdAccess::structure):
    (JSC::PutByIdAccess::chainCount):
    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::computeFromLLInt):
    (JSC::PutByIdStatus::computeFor):
    (JSC::PutByIdStatus::computeForStubInfo):
    (JSC::PutByIdStatus::makesCalls):
    * bytecode/PutByIdStatus.h:
    (JSC::PutByIdStatus::makesCalls): Deleted.
    * bytecode/PutByIdVariant.cpp:
    (JSC::PutByIdVariant::PutByIdVariant):
    (JSC::PutByIdVariant::operator=):
    (JSC::PutByIdVariant::replace):
    (JSC::PutByIdVariant::transition):
    (JSC::PutByIdVariant::setter):
    (JSC::PutByIdVariant::writesStructures):
    (JSC::PutByIdVariant::reallocatesStorage):
    (JSC::PutByIdVariant::makesCalls):
    (JSC::PutByIdVariant::dumpInContext):
    * bytecode/PutByIdVariant.h:
    (JSC::PutByIdVariant::PutByIdVariant):
    (JSC::PutByIdVariant::structure):
    (JSC::PutByIdVariant::oldStructure):
    (JSC::PutByIdVariant::alternateBase):
    (JSC::PutByIdVariant::specificValue):
    (JSC::PutByIdVariant::callLinkStatus):
    (JSC::PutByIdVariant::replace): Deleted.
    (JSC::PutByIdVariant::transition): Deleted.
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
    (JSC::DFG::ByteCodeParser::addCall):
    (JSC::DFG::ByteCodeParser::handleCall):
    (JSC::DFG::ByteCodeParser::handleInlining):
    (JSC::DFG::ByteCodeParser::handleGetById):
    (JSC::DFG::ByteCodeParser::handlePutById):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * jit/Repatch.cpp:
    (JSC::tryCachePutByID):
    (JSC::tryBuildPutByIdList):
    * runtime/IntendedStructureChain.cpp:
    (JSC::IntendedStructureChain::takesSlowPathInDFGForImpureProperty):
    * runtime/IntendedStructureChain.h:
    * tests/stress/exit-from-setter.js: Added.
    * tests/stress/poly-chain-setter.js: Added.
    (Cons):
    (foo):
    (test):
    * tests/stress/poly-chain-then-setter.js: Added.
    (Cons1):
    (Cons2):
    (foo):
    (test):
    * tests/stress/poly-setter-combo.js: Added.
    (Cons1):
    (Cons2):
    (foo):
    (test):
    (.test):
    * tests/stress/poly-setter-then-self.js: Added.
    (foo):
    (test):
    (.test):
    * tests/stress/weird-setter-counter.js: Added.
    (foo):
    (test):
    * tests/stress/weird-setter-counter-syntactic.js: Added.
    (foo):
    (test):

    2014-07-01  Matthew Mirman  <mmirman@apple.com>

    Added an implementation of the "in" check to FTL.
    https://bugs.webkit.org/show_bug.cgi?id=134508

    Reviewed by Filip Pizlo.

    * ftl/FTLCapabilities.cpp: enabled compilation for "in"
    (JSC::FTL::canCompile): ditto
    * ftl/FTLCompile.cpp:
    (JSC::FTL::generateCheckInICFastPath): added.
    (JSC::FTL::fixFunctionBasedOnStackMaps): added case for CheckIn descriptors.
    * ftl/FTLInlineCacheDescriptor.h:
    (JSC::FTL::CheckInGenerator::CheckInGenerator): added.
    (JSC::FTL::CheckInDescriptor::CheckInDescriptor): added.
    * ftl/FTLInlineCacheSize.cpp:
    (JSC::FTL::sizeOfCheckIn): added. Currently larger than necessary.
    * ftl/FTLInlineCacheSize.h: ditto
    * ftl/FTLIntrinsicRepository.h: Added function type for operationInGeneric
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileNode): added case for In.
    (JSC::FTL::LowerDFGToLLVM::compileIn): added.
    * ftl/FTLSlowPathCall.cpp: Added a callOperation for operationIn
    (JSC::FTL::callOperation): ditto
    * ftl/FTLSlowPathCall.h: ditto
    * ftl/FTLState.h: Added a vector to hold CheckIn descriptors.
    * jit/JITOperations.h: made operationIns internal.
    * tests/stress/ftl-checkin.js: Added.
    * tests/stress/ftl-checkin-variable.js: Added.

    2014-06-30  Mark Hahnenberg  <mhahnenberg@apple.com>

    CodeBlock::stronglyVisitWeakReferences should mark DFG::CommonData::weakStructureReferences
    https://bugs.webkit.org/show_bug.cgi?id=134455

    Reviewed by Geoffrey Garen.

    Otherwise we get hanging pointers which can cause us to die later.

    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::stronglyVisitWeakReferences):

    2014-06-27  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Reduce the GC's influence on optimization decisions
    https://bugs.webkit.org/show_bug.cgi?id=134427

    Reviewed by Oliver Hunt.

    This is a slight speed-up on some platforms, that arises from a bunch of fixes that I made
    while trying to make the GC keep more structures alive
    (https://bugs.webkit.org/show_bug.cgi?id=128072).

    The fixes are, roughly:

    - If the GC clears an inline cache, then this no longer causes the IC to be forever
      polymorphic.

    - If we exit in inlined code into a function that tries to OSR enter, then we jettison
      sooner.

    - Some variables being uninitialized led to rage-recompilations.

    This is a pretty strong step in the direction of keeping more Structures alive and not
    blowing away code just because a Structure died. But, it seems like there is still a slight
    speed-up to be had from blowing away code that references dead Structures.

    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpAssumingJITType):
    (JSC::shouldMarkTransition):
    (JSC::CodeBlock::propagateTransitions):
    (JSC::CodeBlock::determineLiveness):
    * bytecode/GetByIdStatus.cpp:
    (JSC::GetByIdStatus::computeForStubInfo):
    * bytecode/PutByIdStatus.cpp:
    (JSC::PutByIdStatus::computeForStubInfo):
    * dfg/DFGCapabilities.cpp:
    (JSC::DFG::isSupportedForInlining):
    (JSC::DFG::mightInlineFunctionForCall):
    (JSC::DFG::mightInlineFunctionForClosureCall):
    (JSC::DFG::mightInlineFunctionForConstruct):
    * dfg/DFGCapabilities.h:
    * dfg/DFGCommonData.h:
    * dfg/DFGDesiredWeakReferences.cpp:
    (JSC::DFG::DesiredWeakReferences::reallyAdd):
    * dfg/DFGOSREntry.cpp:
    (JSC::DFG::prepareOSREntry):
    * dfg/DFGOSRExitCompilerCommon.cpp:
    (JSC::DFG::handleExitCounts):
    * dfg/DFGOperations.cpp:
    * dfg/DFGOperations.h:
    * ftl/FTLForOSREntryJITCode.cpp:
    (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode): These variables being uninitialized is benign in terms of correctness but can sometimes cause rage-recompilations. For some reason it took this patch to reveal this.
    * ftl/FTLOSREntry.cpp:
    (JSC::FTL::prepareOSREntry):
    * runtime/Executable.cpp:
    (JSC::ExecutableBase::destroy):
    (JSC::NativeExecutable::destroy):
    (JSC::ScriptExecutable::ScriptExecutable):
    (JSC::ScriptExecutable::destroy):
    (JSC::ScriptExecutable::installCode):
    (JSC::EvalExecutable::EvalExecutable):
    (JSC::ProgramExecutable::ProgramExecutable):
    * runtime/Executable.h:
    (JSC::ScriptExecutable::setDidTryToEnterInLoop):
    (JSC::ScriptExecutable::didTryToEnterInLoop):
    (JSC::ScriptExecutable::addressOfDidTryToEnterInLoop):
    (JSC::ScriptExecutable::ScriptExecutable): Deleted.
    * runtime/StructureInlines.h:
    (JSC::Structure::storedPrototypeObject):
    (JSC::Structure::storedPrototypeStructure):

    2014-06-25  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
    https://bugs.webkit.org/show_bug.cgi?id=134333

    Reviewed by Geoffrey Garen.

    This is engineered to provide loads of information to the profiler without incurring any
    costs when the profiler is disabled. It's the oldest trick in the book: the thing that
    fires the watchpoint doesn't actually create anything to describe the reason why it was
    fired; instead it creates a stack-allocated FireDetail subclass instance. Only if the
    FireDetail::dump() virtual method is called does anything happen.

    Currently we use this to produce very fine-grained data for Structure watchpoints and
    some cases of variable watchpoints. For all other situations, the given reason is just a
    string constant, by using StringFireDetail. If we find a situation where that string
    constant is insufficient to diagnose an issue then we can change it to provide more
    fine-grained information.

    * JavaScriptCore.xcodeproj/project.pbxproj:
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::CodeBlock):
    (JSC::CodeBlock::jettison):
    * bytecode/CodeBlock.h:
    * bytecode/CodeBlockJettisoningWatchpoint.cpp:
    (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
    * bytecode/CodeBlockJettisoningWatchpoint.h:
    * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Removed.
    * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Removed.
    * bytecode/StructureStubClearingWatchpoint.cpp:
    (JSC::StructureStubClearingWatchpoint::fireInternal):
    * bytecode/StructureStubClearingWatchpoint.h:
    * bytecode/VariableWatchpointSet.h:
    (JSC::VariableWatchpointSet::invalidate):
    (JSC::VariableWatchpointSet::finalizeUnconditionally):
    * bytecode/VariableWatchpointSetInlines.h:
    (JSC::VariableWatchpointSet::notifyWrite):
    * bytecode/Watchpoint.cpp:
    (JSC::StringFireDetail::dump):
    (JSC::WatchpointSet::fireAll):
    (JSC::WatchpointSet::fireAllSlow):
    (JSC::WatchpointSet::fireAllWatchpoints):
    (JSC::InlineWatchpointSet::fireAll):
    * bytecode/Watchpoint.h:
    (JSC::FireDetail::FireDetail):
    (JSC::FireDetail::~FireDetail):
    (JSC::StringFireDetail::StringFireDetail):
    (JSC::Watchpoint::fire):
    (JSC::WatchpointSet::fireAll):
    (JSC::WatchpointSet::touch):
    (JSC::WatchpointSet::invalidate):
    (JSC::InlineWatchpointSet::fireAll):
    (JSC::InlineWatchpointSet::touch):
    * dfg/DFGCommonData.h:
    * dfg/DFGOperations.cpp:
    * interpreter/Interpreter.cpp:
    (JSC::Interpreter::execute):
    * jsc.cpp:
    (WTF::Masquerader::create):
    * profiler/ProfilerCompilation.cpp:
    (JSC::Profiler::Compilation::setJettisonReason):
    (JSC::Profiler::Compilation::toJS):
    * profiler/ProfilerCompilation.h:
    (JSC::Profiler::Compilation::setJettisonReason): Deleted.
    * runtime/ArrayBuffer.cpp:
    (JSC::ArrayBuffer::transfer):
    * runtime/ArrayBufferNeuteringWatchpoint.cpp:
    (JSC::ArrayBufferNeuteringWatchpoint::fireAll):
    * runtime/ArrayBufferNeuteringWatchpoint.h:
    * runtime/CommonIdentifiers.h:
    * runtime/CommonSlowPaths.cpp:
    (JSC::SLOW_PATH_DECL):
    * runtime/Identifier.cpp:
    (JSC::Identifier::dump):
    * runtime/Identifier.h:
    * runtime/JSFunction.cpp:
    (JSC::JSFunction::put):
    (JSC::JSFunction::defineOwnProperty):
    * runtime/JSGlobalObject.cpp:
    (JSC::JSGlobalObject::addFunction):
    (JSC::JSGlobalObject::haveABadTime):
    * runtime/JSSymbolTableObject.cpp:
    (JSC::VariableWriteFireDetail::dump):
    * runtime/JSSymbolTableObject.h:
    (JSC::VariableWriteFireDetail::VariableWriteFireDetail):
    (JSC::symbolTablePut):
    (JSC::symbolTablePutWithAttributes):
    * runtime/PropertyName.h:
    (JSC::PropertyName::dump):
    * runtime/Structure.cpp:
    (JSC::Structure::notifyTransitionFromThisStructure):
    * runtime/Structure.h:
    (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
    * runtime/SymbolTable.cpp:
    (JSC::SymbolTableEntry::notifyWriteSlow):
    (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
    * runtime/SymbolTable.h:
    (JSC::SymbolTableEntry::notifyWrite):
    * runtime/VM.cpp:
    (JSC::VM::addImpureProperty):

Source/WebCore:

    2014-07-01  Mark Lam  <mark.lam@apple.com>

    [ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
    <https://webkit.org/b/134420>

    Reviewed by Geoffrey Garen.

    No new tests.

    * ForwardingHeaders/debugger/DebuggerCallFrame.h: Removed.
    - This is not in use.  Hence, we can remove it.
    * bindings/js/ScriptController.cpp:
    (WebCore::ScriptController::attachDebugger):
    - We should acquire the JSLock before modifying a JS global object.

    2014-06-25  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
    https://bugs.webkit.org/show_bug.cgi?id=134333

    Reviewed by Geoffrey Garen.

    No new tests because no change in behavior.

    * bindings/scripts/CodeGeneratorJS.pm:
    (GenerateHeader):

Tools:

    2014-06-25  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
    https://bugs.webkit.org/show_bug.cgi?id=134333

    Reviewed by Geoffrey Garen.

    * Scripts/display-profiler-output:

LayoutTests:

    2014-07-16  Mark Hahnenberg  <mhahnenberg@apple.com>

    sputnik/Implementation_Diagnostics/S12.6.4_D1.html depends on undefined behavior
    https://bugs.webkit.org/show_bug.cgi?id=135007

    Reviewed by Filip Pizlo.

    EcmaScript 5.1 specifies that during for-in enumeration newly added properties may or may not be
    visited during the current enumeration. Specifically, in section 12.6.4 the spec states:

    "If new properties are added to the object being enumerated during enumeration, the newly added properties
    are not guaranteed to be visited in the active enumeration."

    The sputnik/Implementation_Diagnostics/S12.6.4_D1.html layout test is from before sputnik was added
    to the test262 suite. I believe it has since been removed, so it would probably be okay to remove it
    from our layout test suite.

    * sputnik/Implementation_Diagnostics/S12.6.4_D1-expected.txt: Removed.
    * sputnik/Implementation_Diagnostics/S12.6.4_D1.html: Removed.

    2014-07-13  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
    https://bugs.webkit.org/show_bug.cgi?id=134677

    Reviewed by Sam Weinig.

    * js/regress/gcse-expected.txt: Added.
    * js/regress/gcse-poly-get-expected.txt: Added.
    * js/regress/gcse-poly-get-less-obvious-expected.txt: Added.
    * js/regress/gcse-poly-get-less-obvious.html: Added.
    * js/regress/gcse-poly-get.html: Added.
    * js/regress/gcse.html: Added.
    * js/regress/script-tests/gcse-poly-get-less-obvious.js: Added.
    * js/regress/script-tests/gcse-poly-get.js: Added.
    * js/regress/script-tests/gcse.js: Added.

    2014-07-04  Filip Pizlo  <fpizlo@apple.com>

    [ftlopt] Infer immutable object properties
    https://bugs.webkit.org/show_bug.cgi?id=134567

    Reviewed by Mark Hahnenberg.

    * js/regress/infer-constant-global-property-expected.txt: Added.
    * js/regress/infer-constant-global-property.html: Added.
    * js/regress/infer-constant-property-expected.txt: Added.
    * js/regress/infer-constant-property.html: Added.
    * js/regress/script-tests/infer-constant-global-property.js: Added.
    * js/regress/script-tests/infer-constant-property.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172129 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoBuild break since r172093
ryuan.choi@samsung.com [Wed, 6 Aug 2014 05:20:33 +0000 (05:20 +0000)]
Build break since r172093
https://bugs.webkit.org/show_bug.cgi?id=135636

Reviewed by Gyuyoung Kim.

Since r172093, AbstractView.idl is added in CMake Build but CodeGeneratorJS.pm does not take care of it.

No new tests required, no new functionality.

* bindings/scripts/CodeGeneratorJS.pm:
(ShouldGenerateToJSDeclaration):
(ShouldGenerateToJSImplementation):
(GetImplClassName): Added to rename implClassName to DOMWindow if interface name is AbstractView.
(GenerateHeader):
(GenerateImplementation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172128 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years agoUnreviewed, rolling out r172099.
commit-queue@webkit.org [Wed, 6 Aug 2014 02:30:22 +0000 (02:30 +0000)]
Unreviewed, rolling out r172099.
https://bugs.webkit.org/show_bug.cgi?id=135635

Needs a do-over. (Requested by kling on #webkit).

Reverted changeset:

"The JIT should cache property lookup misses."
https://bugs.webkit.org/show_bug.cgi?id=135578
http://trac.webkit.org/changeset/172099

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[CG] strokeRect does not honor lineJoin
commit-queue@webkit.org [Wed, 6 Aug 2014 02:19:40 +0000 (02:19 +0000)]
[CG] strokeRect does not honor lineJoin
https://bugs.webkit.org/show_bug.cgi?id=132948

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2014-08-05
Reviewed by Darin Adler.

Source/WebCore:

Replaced use of CGContextStrokeRectWithWidth convenience function with explicit
call to CGContextAddRect and CGContextStrokePath.  The convenience functions
CGContextStrokeRect and CGContextStrokeRectWithWidth fail to apply some attributes
(e.g. stroke join) of the graphics state in certain cases.

Test: fast/canvas/canvas-strokeRect-lineJoin.html

* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::GraphicsContext::strokeRect):

LayoutTests:

Test behavior of canvas with stroke rect with line join

* fast/canvas/canvas-strokeRect-lineJoin-expected.txt: Added.
* fast/canvas/canvas-strokeRect-lineJoin.html: Added.
* fast/canvas/script-tests/canvas-strokeRect-lineJoin.js: Added.
* platform/mac-mountainlion/canvas/philip/tests/2d.strokeRect.zero.5-expected.txt: Added.
* platform/mac/fast/canvas/canvas-strokeRect-alpha-shadow-expected.txt: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172119 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6 years ago[iOS] Run ImageDiff in the sim bootstrap
dfarler@apple.com [Wed, 6 Aug 2014 01:39:58 +0000 (01:39 +0000)]
[iOS] Run ImageDiff in the sim bootstrap
https://bugs.webkit.org/show_bug.cgi?id=135624

Reviewed by David Kilzer.

* Scripts/webkitpy/port/image_diff.py:
(ImageDiffer.stop):
(IOSSimulatorImageDiffer):
(IOSSimulatorImageDiffer._start):
* Scripts/webkitpy/port/ios.py:
(IOSSimulatorPort.diff_image):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@172118 268f45cc-cd09-0410-ab3c-d52691b4dbfc