WebKit-https.git
3 years agoUpdate serializer and iterator binding generated code
commit-queue@webkit.org [Fri, 14 Oct 2016 06:19:12 +0000 (06:19 +0000)]
Update serializer and iterator binding generated code
https://bugs.webkit.org/show_bug.cgi?id=163325

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-13
Reviewed by Darin Adler.

No change of behavior.
Covered by existing tests and rebased binding generated code.

Making use of BindingCaller::callOperation within serializer and iterator operations.
Refactored serializer code to use direct attribute getters.

* bindings/js/JSDOMIterator.h:
(WebCore::iteratorCreate):
(WebCore::iteratorForEach):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateSerializerFunction):
(GenerateImplementationIterableFunctions):
* bindings/scripts/test/JS/JSTestIterable.cpp:
(WebCore::jsTestIterablePrototypeFunctionSymbolIteratorCaller):
(WebCore::jsTestIterablePrototypeFunctionSymbolIterator):
(WebCore::jsTestIterablePrototypeFunctionEntriesCaller):
(WebCore::jsTestIterablePrototypeFunctionEntries):
(WebCore::jsTestIterablePrototypeFunctionKeysCaller):
(WebCore::jsTestIterablePrototypeFunctionKeys):
(WebCore::jsTestIterablePrototypeFunctionValuesCaller):
(WebCore::jsTestIterablePrototypeFunctionValues):
(WebCore::jsTestIterablePrototypeFunctionForEachCaller):
(WebCore::jsTestIterablePrototypeFunctionForEach):
* bindings/scripts/test/JS/JSTestNode.cpp:
(WebCore::jsTestNodePrototypeFunctionSymbolIteratorCaller):
(WebCore::jsTestNodePrototypeFunctionSymbolIterator):
(WebCore::jsTestNodePrototypeFunctionEntriesCaller):
(WebCore::jsTestNodePrototypeFunctionEntries):
(WebCore::jsTestNodePrototypeFunctionKeysCaller):
(WebCore::jsTestNodePrototypeFunctionKeys):
(WebCore::jsTestNodePrototypeFunctionValuesCaller):
(WebCore::jsTestNodePrototypeFunctionValues):
(WebCore::jsTestNodePrototypeFunctionForEachCaller):
(WebCore::jsTestNodePrototypeFunctionForEach):
(WebCore::jsTestNodePrototypeFunctionToJSON):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionToJSON):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207324 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix API test after r207318.
achristensen@apple.com [Fri, 14 Oct 2016 05:39:07 +0000 (05:39 +0000)]
Fix API test after r207318.
https://bugs.webkit.org/show_bug.cgi?id=162951

This fixes the API test WebKit2.PendingAPIRequestURL which asserted when trying to hash a null String.

* loader/DocumentLoader.cpp:
(WebCore::isRemoteWebArchive):
If the mimeType is a null String, it is not in the set webArchiveMIMETypes, so return false instead of hashing it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207323 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix Array.prototype.splice ES6 compliance.
mark.lam@apple.com [Fri, 14 Oct 2016 05:29:02 +0000 (05:29 +0000)]
Fix Array.prototype.splice ES6 compliance.
https://bugs.webkit.org/show_bug.cgi?id=163372

Reviewed by Geoffrey Garen and Yusuke Suzuki.

JSTests:

* stress/array-splice-on-frozen-object.js: Added.

Source/JavaScriptCore:

Our Array.prototype.splice implementation neglected to set length on the result
array (step 12 of https://tc39.github.io/ecma262/#sec-array.prototype.splice) in
a certain code path.  This is now fixed.

I'm deferring the implementation of step 8 till later because it requires more
careful consideration and the fix is of a lesser value (and therefore, of less
urgency).  See https://bugs.webkit.org/show_bug.cgi?id=163417

Also added some needed exception checks and assertions.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSplice):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207322 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHosts of URLs with non-special schemes should be case-sensitive, and non-ASCII charac...
achristensen@apple.com [Fri, 14 Oct 2016 04:09:33 +0000 (04:09 +0000)]
Hosts of URLs with non-special schemes should be case-sensitive, and non-ASCII characters in such hosts should be punycode-encoded
https://bugs.webkit.org/show_bug.cgi?id=163413

Reviewed by Tim Horton.

LayoutTests/imported/w3c:

* web-platform-tests/url/url-setters-expected.txt:
Update results.  Some more tests are failing, but if my proposal in https://github.com/whatwg/url/issues/148 is accepted,
then these web platform tests will need to be changed.  These web platform tests were also failing with the old URL::parse.

Source/WebCore:

This retains compatibility with the canonicalization Chrome, Firefox, and Safari with uppercase characters
in the hosts of URLs with unrecognized schemes.  Safari treats such characters as the host, while Firefox
and Chrome treat such characters as part of the path, starting with the "//" after the ':'
Behavior of non-ASCII characters is inconsistent, and since we need to have a host, we should punycode-encode
the host to be consistent with special schemes because percent-encoding hosts sometimes is inconsistent.

This solution was proposed to the spec in https://github.com/whatwg/url/issues/148

Covered by updated API and layout tests.

* platform/URLParser.cpp:
(WebCore::URLParser::parse):
(WebCore::URLParser::percentDecode):
(WebCore::URLParser::domainToASCII):
(WebCore::URLParser::hasInvalidDomainCharacter):
(WebCore::URLParser::parseHostAndPort):
(WebCore::URLParser::formURLDecode):
(WebCore::percentDecode): Deleted.
(WebCore::domainToASCII): Deleted.
(WebCore::hasInvalidDomainCharacter): Deleted.
(WebCore::formURLDecode): Deleted.
* platform/URLParser.h:

Tools:

* TestWebKitAPI/Tests/WebCore/URLParser.cpp:
(TestWebKitAPI::TEST_F):
Update parsing results.  There are now fewer differences between the new URLParser and the old URL::parse.

LayoutTests:

* contentfiltering/block-after-add-data-then-allow-unblock-expected.txt:
* contentfiltering/block-after-add-data-then-deny-unblock-expected.txt:
* contentfiltering/block-after-finished-adding-data-then-allow-unblock-expected.txt:
* contentfiltering/block-after-finished-adding-data-then-deny-unblock-expected.txt:
* contentfiltering/block-after-response-then-allow-unblock-expected.txt:
* contentfiltering/block-after-response-then-deny-unblock-expected.txt:
* contentfiltering/block-after-will-send-request-then-allow-unblock-expected.txt:
* contentfiltering/block-after-will-send-request-then-deny-unblock-expected.txt:
* fast/backgrounds/background-shorthand-after-set-backgroundSize-expected.txt:
* fast/backgrounds/background-shorthand-after-set-backgroundSize.html:
* fast/backgrounds/background-shorthand-with-backgroundSize-style-expected.txt:
* fast/backgrounds/background-shorthand-with-backgroundSize-style.html:
* fast/css/getComputedStyle/computed-style-border-image-expected.txt:
* fast/css/getComputedStyle/computed-style-border-image.html:
* fast/css/getComputedStyle/computed-style-cross-fade-expected.txt:
* fast/css/getComputedStyle/computed-style-cross-fade.html:
* fast/css/getComputedStyle/getComputedStyle-background-shorthand-expected.txt:
* fast/css/getComputedStyle/getComputedStyle-background-shorthand.html:
* fast/css/getComputedStyle/getComputedStyle-list-style-shorthand-expected.txt:
* fast/css/getComputedStyle/getComputedStyle-list-style-shorthand.html:
* fast/loader/url-parse-1-expected.txt:
* fast/url/host-lowercase-per-scheme-expected.txt:
* fast/url/safari-extension-expected.txt:
* http/tests/xmlhttprequest/access-control-and-redirects-async-expected.txt:
Update test expectations.  This is how they were before r207162, showing that this change to the URLParser increases compatibility.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207321 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoVersioning.
matthew_hanson@apple.com [Fri, 14 Oct 2016 02:58:18 +0000 (02:58 +0000)]
Versioning.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207320 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Web IDL] Add support for [SameObject] extended attribute
cdumez@apple.com [Fri, 14 Oct 2016 02:50:07 +0000 (02:50 +0000)]
[Web IDL] Add support for [SameObject] extended attribute
https://bugs.webkit.org/show_bug.cgi?id=163414

Reviewed by Darin Adler.

Source/WebCore:

Add support for [SameObject] Web IDL extended attribute:
- https://heycam.github.io/webidl/#SameObject

Start using it on DOM / HTML attributes where the specification
mandates it.

Test: js/dom/SameObject-support.html

* bindings/scripts/CodeGeneratorJS.pm:
(ShouldCacheAttribute):
(GenerateHeader):
(GenerateImplementation):
* bindings/scripts/IDLAttributes.txt:
* dom/DataTransfer.idl:
* dom/Document.idl:
* dom/Element.idl:
* dom/MutationRecord.idl:
* dom/Node.idl:
* dom/NodeIterator.idl:
* dom/ParentNode.idl:
* dom/TreeWalker.idl:
* html/HTMLAnchorElement.idl:
* html/HTMLAreaElement.idl:
* html/HTMLButtonElement.idl:
* html/HTMLDataListElement.idl:
* html/HTMLDocument.idl:
* html/HTMLElement.idl:
* html/HTMLFieldSetElement.idl:
* html/HTMLFormElement.idl:
* html/HTMLIFrameElement.idl:
* html/HTMLInputElement.idl:
* html/HTMLKeygenElement.idl:
* html/HTMLLinkElement.idl:
* html/HTMLMapElement.idl:
* html/HTMLMediaElement.idl:
* html/HTMLMeterElement.idl:
* html/HTMLOutputElement.idl:
* html/HTMLProgressElement.idl:
* html/HTMLSelectElement.idl:
* html/HTMLTableElement.idl:
* html/HTMLTableRowElement.idl:
* html/HTMLTableSectionElement.idl:
* html/HTMLTextAreaElement.idl:
* page/Location.idl:
* page/Navigator.idl:

LayoutTests:

Add layout test coverage.

* js/dom/SameObject-support-expected.txt: Added.
* js/dom/SameObject-support.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207319 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[iOS] Support Web Archive previews generated by QuickLook
aestes@apple.com [Fri, 14 Oct 2016 01:14:05 +0000 (01:14 +0000)]
[iOS] Support Web Archive previews generated by QuickLook
https://bugs.webkit.org/show_bug.cgi?id=162951
<rdar://problem/28607920>

Reviewed by Brady Eidson.

QuickLook might generate a Web Archive preview for some resource types, but WebKit would
refuse to load it due to the prohibition on loading remote Web Archives. Even though the
original resource might be from a remote origin, the QuickLook-generated preview is a
trusted local resource, so allow it to be loaded.

No test possible.

* loader/DocumentLoader.cpp:
(WebCore::isRemoteWebArchive): Added. Moved the remote web archive check from
continueAfterContentPolicy() to here, and added a check for responses containing the
QuickLook preview protocol.
(WebCore::DocumentLoader::continueAfterContentPolicy): Called isRemoteWebArchive().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207318 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCSS parsing should use Color not RGBA32
dino@apple.com [Fri, 14 Oct 2016 01:10:30 +0000 (01:10 +0000)]
CSS parsing should use Color not RGBA32
https://bugs.webkit.org/show_bug.cgi?id=163423
<rdar://problem/28766903>

Reviewed by Simon Fraser.

In order to allow CSS to use the ExtendedColor variant of
Color, we need to stop using RGBA32. This is a fairly big
change that goes through all the places in the parser
related to colors, and moves them from RGBA32 to Color.

No change in functionality, so covered by existing tests.

* WebCore.xcodeproj/project.pbxproj: Add the new ColorHash.h file.

* css/CSSPrimitiveValue.cpp: CSSPrimitiveValue now can hold a Color*
rather than an unsigned int for colors.
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::cleanup):
(WebCore::CSSPrimitiveValue::getRGBColorValue):
(WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText):
(WebCore::CSSPrimitiveValue::cloneForCSSOM):
(WebCore::CSSPrimitiveValue::equals):
* css/CSSPrimitiveValue.h: Move to Color* and also use some
nullptrs.
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Add a new inline
constructor.

* css/CSSValuePool.cpp: Move to Color.
(WebCore::CSSValuePool::CSSValuePool):
(WebCore::CSSValuePool::createColorValue):
* css/CSSValuePool.h: Change the ColorValueCache to a new type.

* css/StyleResolver.cpp: Move to Color.
(WebCore::StyleResolver::colorFromPrimitiveValue):
* css/parser/CSSParser.cpp:
(WebCore::parseColorValue):
(WebCore::CSSParser::parseColor):
(WebCore::CSSParser::parseColorFromString):
(WebCore::CSSParser::parseSystemColor):
(WebCore::fastParseColorInternal):
(WebCore::CSSParser::fastParseColor):
(WebCore::CSSParser::parseColorFromValue):
* css/parser/CSSParser.h:
* css/parser/CSSParserFastPaths.cpp:
(WebCore::fastParseColorInternal):
(WebCore::CSSParserFastPaths::parseColor):
* css/parser/CSSPropertyParserHelpers.cpp:
(WebCore::CSSPropertyParserHelpers::consumeColor):
* css/parser/SVGCSSParser.cpp:
(WebCore::CSSParser::parseSVGValue):
(WebCore::CSSParser::parseSVGPaint):
(WebCore::CSSParser::parseSVGColor):
* editing/EditingStyle.cpp:
(WebCore::cssValueToColor):
(WebCore::textColorFromStyle):
(WebCore::backgroundColorFromStyle):
(WebCore::rgbaBackgroundColorInEffect):
(WebCore::EditingStyle::prepareToApplyAt):
(WebCore::isTransparentColorValue):
(WebCore::cssValueToRGBA): Deleted.
* editing/cocoa/HTMLConverter.mm:
(HTMLConverterCaches::colorPropertyValueForNode):
* html/HTMLBodyElement.cpp:
(WebCore::HTMLBodyElement::parseAttribute):
* html/canvas/CanvasGradient.cpp:
(WebCore::CanvasGradient::addColorStop):
* html/canvas/CanvasRenderingContext2D.cpp: Ditto, but leave a FIXME to
remind myself to come back when colorWithOverrideAlpha has been updated.
(WebCore::CanvasRenderingContext2D::setStrokeStyle):
(WebCore::CanvasRenderingContext2D::setFillStyle):
(WebCore::CanvasRenderingContext2D::setShadowColor):
(WebCore::CanvasRenderingContext2D::setShadow):
* html/canvas/CanvasStyle.cpp:
(WebCore::isCurrentColorString):
(WebCore::parseColor):
(WebCore::currentColor):
(WebCore::parseColorOrCurrentColor):
(WebCore::CanvasStyle::createFromString):
(WebCore::CanvasStyle::createFromStringWithOverrideAlpha):
* html/canvas/CanvasStyle.h:
* svg/SVGColor.cpp:
(WebCore::SVGColor::colorFromRGBColorString):

* platform/graphics/Color.h: Add new constructors for the special
empty and deleted Color values used in HashTables.
(WebCore::Color::Color):
(WebCore::Color::isHashTableDeletedValue):
(WebCore::Color::asUint64): New accessor to get the raw uint64_t value.

* platform/graphics/ColorHash.h: Added. Implement the traits for a Color HashTable.
(WTF::ColorHash::hash):
(WTF::ColorHash::equal):
(WTF::HashTraits<WebCore::Color>::emptyValue):
(WTF::HashTraits<WebCore::Color>::constructDeletedValue):
(WTF::HashTraits<WebCore::Color>::isDeletedValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207317 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRebase API tests after r207305.
achristensen@apple.com [Thu, 13 Oct 2016 23:38:48 +0000 (23:38 +0000)]
Rebase API tests after r207305.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
Actually build Tests/mac/LoadInvalidURLRequest.mm so we are running the WebKit1.LoadInvalidURLRequest API test.
* TestWebKitAPI/Tests/WebKit2Cocoa/LoadInvalidURLRequest.mm:
(-[LoadInvalidURLNavigationActionDelegate webView:didFailProvisionalNavigation:withError:]):
* TestWebKitAPI/Tests/mac/LoadInvalidURLRequest.mm:
(-[LoadInvalidURLWebFrameLoadDelegate webView:didFailProvisionalLoadWithError:forFrame:]):
Change results back to what they were before r207162, r207167, and r207184.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207315 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAX: [Mac] better accessibility support for Summary elements
n_wang@apple.com [Thu, 13 Oct 2016 22:52:17 +0000 (22:52 +0000)]
AX: [Mac] better accessibility support for Summary elements
https://bugs.webkit.org/show_bug.cgi?id=163367
<rdar://problem/28745010>

Reviewed by Chris Fleizach.

Source/WebCore:

Exposed summary elements as AXButton and used the text node's content
as AXTitle. Also exposed the details parent's expanded status on the summary
element, so that users would see it as a collapsed/expanded button.

Changes are covered in the modified tests.

* accessibility/AccessibilityObject.cpp:
(WebCore::AccessibilityObject::parentObjectUnignored):
(WebCore::AccessibilityObject::scrollViewAncestor):
(WebCore::AccessibilityObject::headingElementForNode):
(WebCore::AccessibilityObject::matchedParent):
(WebCore::AccessibilityObject::isDescendantOfObject):
(WebCore::AccessibilityObject::isInsideARIALiveRegion):
(WebCore::AccessibilityObject::elementAccessibilityHitTest):
(WebCore::AccessibilityObject::isExpanded):
(WebCore::AccessibilityObject::isARIAHidden):
(WebCore::AccessibilityObject::focusableAncestor):
(WebCore::AccessibilityObject::editableAncestor):
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::isSummary):
* accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
(-[WebAccessibilityObjectWrapper _accessibilityListAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityLandmarkAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityTableAncestor]):
(-[WebAccessibilityObjectWrapper _accessibilityFieldsetAncestor]):
(-[WebAccessibilityObjectWrapper tableCellParent]):
(-[WebAccessibilityObjectWrapper tableParent]):
(-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
(-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):
(-[WebAccessibilityObjectWrapper detailParentForSummaryObject:]):
(-[WebAccessibilityObjectWrapper detailParentForObject:]):
(matchedParent): Deleted.
* accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
(-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper roleDescription]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:

* accessibility/mac/details-summary-expected.txt:
* accessibility/mac/details-summary-role-description-expected.txt:
* accessibility/mac/details-summary-role-description.html:
* accessibility/mac/details-summary.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207314 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarking inspector/debugger/breakpoints/resolved-dump-each-line.html as flaky on mac.
ryanhaddad@apple.com [Thu, 13 Oct 2016 22:25:00 +0000 (22:25 +0000)]
Marking inspector/debugger/breakpoints/resolved-dump-each-line.html as flaky on mac.
https://bugs.webkit.org/show_bug.cgi?id=161951

Unreviewed test gardening.

* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207313 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Stepping highlight for dot/bracket expressions in if statements highli...
commit-queue@webkit.org [Thu, 13 Oct 2016 22:20:22 +0000 (22:20 +0000)]
Web Inspector: Stepping highlight for dot/bracket expressions in if statements highlights subset of the expression
https://bugs.webkit.org/show_bug.cgi?id=163378
<rdar://problem/28749376>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-10-13
Reviewed by Saam Barati.

Source/JavaScriptCore:

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseAssignmentExpression):
Since each expression builds on the previous, always keep the starting
location the first location.

LayoutTests:

* inspector/debugger/breakpoints/resolved-dump-all-pause-locations-expected.txt:
* inspector/debugger/breakpoints/resolved-dump-each-line-expected.txt:
* inspector/debugger/breakpoints/resources/dump-general.js:
* inspector/debugger/stepping/stepping-misc-expected.txt:
* inspector/debugger/stepping/stepping-misc.html:
Add tests for these kinds of special cases.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CMake] Split the definition of CODE_GENERATOR_PREPROCESSOR so it can be used in...
bburg@apple.com [Thu, 13 Oct 2016 21:48:43 +0000 (21:48 +0000)]
[CMake] Split the definition of CODE_GENERATOR_PREPROCESSOR so it can be used in a custom command
https://bugs.webkit.org/show_bug.cgi?id=163401

Reviewed by Michael Catanzaro.

In another patch, we need to use CODE_GENERATOR_PREPROCESSOR as the COMMAND argument
when defining an add_custom_command. Previously, it has only been used as a quoted argument
to various Perl code generation scripts.

To support both use cases, we need to be able to provide the executable and its arguments as
an unbroken quoted string, and as a CMake list suitable for passing as an argument to COMMAND.

* Source/cmake/OptionsCommon.cmake:
Split out the executable and argument string into separate variables that can be used elsewhere.
Compute the final unbroken quoted string using the two separate variables to arrive at the same result.

* Source/cmake/WebKitMacros.cmake:
Drive-by cleanup to add quotes around the use of CODE_GENERATOR_PREPROCESSOR so it matches other uses.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207311 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Clean RenderTree] LayoutTests/imported/blink/fast/table/crash-bad-child-table-contin...
zalan@apple.com [Thu, 13 Oct 2016 21:41:01 +0000 (21:41 +0000)]
[Clean RenderTree] LayoutTests/imported/blink/fast/table/crash-bad-child-table-continuation.html fails.
https://bugs.webkit.org/show_bug.cgi?id=163399

Reviewed by David Hyatt.

When we try to insert a renderer before a child whose direct parent is a (anonymus) RenderTable, continuation logic
should dismiss the RenderTable as the parent and find a more appropriate ancestor.
RenderTables assumes a certain descendant tree structure which might not be available in the continuation.

Will be testable with webkit.org/b/162834

* rendering/RenderInline.cpp:
(WebCore::canUseAsParentForContinuation):
(WebCore::RenderInline::addChildToContinuation):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207310 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCopy BackForwardList from WebCore to WebKit/win
andersca@apple.com [Thu, 13 Oct 2016 21:36:02 +0000 (21:36 +0000)]
Copy BackForwardList from WebCore to WebKit/win
https://bugs.webkit.org/show_bug.cgi?id=163360

Reviewed by Alex Christensen.

Source/WebKit:

This is the first step towards getting rid of BackForwardList in WebCore.

* PlatformWin.cmake:
Add new files.

Source/WebKit/win:

Use our local BackForwardList class instead of WebCore::BackForwardList.

* BackForwardList.cpp: Added.
* BackForwardList.h: Added.
* WebBackForwardList.h:
* WebView.cpp:
(WebView::initWithFrame):
(WebView::backForwardList):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207308 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDisable URLParser for non-Safari iOS and Mac apps for now
achristensen@apple.com [Thu, 13 Oct 2016 21:01:58 +0000 (21:01 +0000)]
Disable URLParser for non-Safari iOS and Mac apps for now
https://bugs.webkit.org/show_bug.cgi?id=163397

Reviewed by Tim Horton.

Source/WebCore:

r207268 was an awful hack, and it was insufficient.
Disable the URLParser for other apps for now.  Hopefully we can enable it everywhere soon.

No change in behavior for testing infrastructure.
Old URLs were well tested before making the switch, and nothing has changed for them.

* platform/URLParser.cpp:
(WebCore::URLParser::parse):
(WebCore::URLParser::parseHostAndPort):
(WebCore::URLParser::setEnabled):
(WebCore::URLParser::enabled):
* platform/URLParser.h:

Tools:

* DumpRenderTree/mac/DumpRenderTree.mm:
(DumpRenderTreeMain):
* WebKitTestRunner/TestController.cpp:
Enable the URLParser for testing.
* WebKitTestRunner/Configurations/WebKitTestRunnerApp.xcconfig:
Link with WebCoreTestSupport so we can find setURLParserEnabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207305 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename [ConstructorTemplate=*] to [LegacyConstructorTemplate=*]
cdumez@apple.com [Thu, 13 Oct 2016 19:26:19 +0000 (19:26 +0000)]
Rename [ConstructorTemplate=*] to [LegacyConstructorTemplate=*]
https://bugs.webkit.org/show_bug.cgi?id=163390

Reviewed by Darin Adler.

Rename [ConstructorTemplate=*] to [LegacyConstructorTemplate=*] as the
modern way of doing this is to use a constructor that takes in a
dictionary. I am working on getting rid of this extended attribute
entirely but the remaining uses require better support for union types.

* Modules/applepay/ApplePayValidateMerchantEvent.idl:
* Modules/indexeddb/IDBVersionChangeEvent.idl:
* Modules/mediastream/RTCTrackEvent.idl:
* bindings/scripts/CodeGenerator.pm:
(IsConstructorTemplate):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorDefinition):
(IsConstructable):
* bindings/scripts/IDLAttributes.txt:
* dom/Event.idl:
* dom/ProgressEvent.idl:
* dom/UIEvent.idl:
* html/track/TrackEvent.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207302 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r207297.
ryanhaddad@apple.com [Thu, 13 Oct 2016 19:21:35 +0000 (19:21 +0000)]
Unreviewed, rolling out r207297.

This change broke the iOS build.

Reverted changeset:

"Disable URLParser for non-Safari iOS and Mac apps for now"
https://bugs.webkit.org/show_bug.cgi?id=163397
http://trac.webkit.org/changeset/207297

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207301 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGet rid of the HistoryItemVector typedef
andersca@apple.com [Thu, 13 Oct 2016 19:15:23 +0000 (19:15 +0000)]
Get rid of the HistoryItemVector typedef
https://bugs.webkit.org/show_bug.cgi?id=163398

Reviewed by Beth Dakin.

Expand the HistoryitemVector typedef instead to make it more clear what types we are dealing with.

Source/WebCore:

* history/BackForwardList.cpp:
(WebCore::BackForwardList::backListWithLimit):
(WebCore::BackForwardList::forwardListWithLimit):
(WebCore::BackForwardList::entries):
* history/BackForwardList.h:
* history/HistoryItem.cpp:
(WebCore::HistoryItem::children):
* history/HistoryItem.h:
* loader/HistoryController.cpp:
(WebCore::HistoryController::currentFramesMatchItem):

Source/WebKit/mac:

* History/WebBackForwardList.mm:
(-[WebBackForwardList dictionaryRepresentation]):
(vectorToNSArray):
(-[WebBackForwardList backListWithLimit:]):
(-[WebBackForwardList forwardListWithLimit:]):
(-[WebBackForwardList description]):
* History/WebHistoryItem.mm:
(-[WebHistoryItem description]):

Source/WebKit/win:

* WebBackForwardList.cpp:
(WebBackForwardList::backListWithLimit):
(WebBackForwardList::forwardListWithLimit):
* WebHistoryItem.cpp:
(WebHistoryItem::children):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207300 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Modern Media Controls] MediaControls base class
commit-queue@webkit.org [Thu, 13 Oct 2016 19:02:29 +0000 (19:02 +0000)]
[Modern Media Controls] MediaControls base class
https://bugs.webkit.org/show_bug.cgi?id=163387
<rdar://problem/28753955>

Patch by Antoine Quint <graouts@apple.com> on 2016-10-13
Reviewed by Dean Jackson.

Source/WebCore:

Introducing the new MediaControls class which will serve as a basis for all media controls.
We will introduce specific MediaControls subclasses for macOS inline, macOS fullscreen and
iOS inline in future patches.

Tests: media/modern-media-controls/media-controls/media-controls-constructor.html
       media/modern-media-controls/media-controls/media-controls-placard.html
       media/modern-media-controls/media-controls/media-controls-start-button.html

* Modules/modern-media-controls/controls/media-controls.css: Added.
(.media-controls,):
* Modules/modern-media-controls/controls/media-controls.js: Added.
(MediaControls.):
(MediaControls.prototype.get showsStartButton):
(MediaControls.prototype.set showsStartButton):
(MediaControls.prototype.get showsPlacard):
(MediaControls.prototype.showPlacard):
(MediaControls.prototype.hidePlacard):

LayoutTests:

Testing the properties of the new MediaControls class.

* media/modern-media-controls/media-controls/media-controls-constructor-expected.txt: Added.
* media/modern-media-controls/media-controls/media-controls-constructor.html: Added.
* media/modern-media-controls/media-controls/media-controls-placard-expected.txt: Added.
* media/modern-media-controls/media-controls/media-controls-placard.html: Added.
* media/modern-media-controls/media-controls/media-controls-start-button-expected.txt: Added.
* media/modern-media-controls/media-controls/media-controls-start-button.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207299 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename the SPI added in r207292 due to post-landing review comments
timothy_horton@apple.com [Thu, 13 Oct 2016 19:01:53 +0000 (19:01 +0000)]
Rename the SPI added in r207292 due to post-landing review comments
https://bugs.webkit.org/show_bug.cgi?id=163364
<rdar://problem/28012494>

Reviewed by Simon Fraser.

* UIProcess/API/APIPageConfiguration.h:
(API::PageConfiguration::waitsForPaintAfterViewDidMoveToWindow):
(API::PageConfiguration::setWaitsForPaintAfterViewDidMoveToWindow):
(API::PageConfiguration::shouldWaitForPaintAfterViewDidMoveToWindow): Deleted.
(API::PageConfiguration::setShouldWaitForPaintAfterViewDidMoveToWindow): Deleted.
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]):
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]):
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _waitsForPaintAfterViewDidMoveToWindow]):
(-[WKWebViewConfiguration _setWaitsForPaintAfterViewDidMoveToWindow:]):
(-[WKWebViewConfiguration _shouldWaitForPaintAfterViewDidMoveToWindow]): Deleted.
(-[WKWebViewConfiguration _setShouldWaitForPaintAfterViewDidMoveToWindow:]): Deleted.
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::dispatchViewStateChange):
* UIProcess/WebPageProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207298 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoDisable URLParser for non-Safari iOS and Mac apps for now
achristensen@apple.com [Thu, 13 Oct 2016 18:57:27 +0000 (18:57 +0000)]
Disable URLParser for non-Safari iOS and Mac apps for now
https://bugs.webkit.org/show_bug.cgi?id=163397

Reviewed by Tim Horton.

Source/WebCore:

r207268 was an awful hack, and it was insufficient.
Disable the URLParser for other apps for now.  Hopefully we can enable it everywhere soon.

No change in behavior for testing infrastructure.
Old URLs were well tested before making the switch, and nothing has changed for them.

* platform/URLParser.cpp:
(WebCore::URLParser::parse):
(WebCore::URLParser::parseHostAndPort):
(WebCore::URLParser::setEnabled):
(WebCore::URLParser::enabled):
* platform/URLParser.h:

Tools:

* DumpRenderTree/mac/DumpRenderTree.mm:
(DumpRenderTreeMain):
* WebKitTestRunner/ios/mainIOS.mm:
(main):
* WebKitTestRunner/mac/main.mm:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207297 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoGTK and EFL on Mac fail to compile WebTextChecker due to missing definition of WKText...
jbedard@apple.com [Thu, 13 Oct 2016 18:53:45 +0000 (18:53 +0000)]
GTK and EFL on Mac fail to compile WebTextChecker due to missing definition of WKTextCheckerClientBase
https://bugs.webkit.org/show_bug.cgi?id=163346

Reviewed by Daniel Bates.

* UIProcess/API/C/WKTextChecker.cpp: Fixed #ifdefs for GTK and EFL builds on Darwin machines.
* UIProcess/API/C/WKTextChecker.h: Ditto.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Modern Media Controls] TimeControl and TimeLabel
commit-queue@webkit.org [Thu, 13 Oct 2016 18:45:10 +0000 (18:45 +0000)]
[Modern Media Controls] TimeControl and TimeLabel
https://bugs.webkit.org/show_bug.cgi?id=163356
<rdar://problem/28741376>

Patch by Antoine Quint <graouts@apple.com> on 2016-10-13
Reviewed by Dean Jackson.

Source/WebCore:

We introduce the TimeControl and TimeLabel classes. A TimeControl object
provides two TimeLabels, one for the elapsed time, one for the remaining
time, and a Scrubber in between them. Depending on a TimeControl's width,
it will adjust its layout such that the scrubber takes all the available
space between the labels, and can indicate whether it's large enough to
meet the minimal required width to show the scrubber, such that a container
node may decide not to show the TimeControl at all.

TimeLabel nodes simply show an integer time value in miliseconds in a
nicely formatted way.

Tests: media/modern-media-controls/time-control/time-control.html
       media/modern-media-controls/time-label/time-label.html

* Modules/modern-media-controls/controls/time-control.js: Added.
(TimeControl.prototype.get width):
(TimeControl.prototype.set width):
(TimeControl.prototype.get isSufficientlyWide):
* Modules/modern-media-controls/controls/time-label.css: Added.
(.time-label):
* Modules/modern-media-controls/controls/time-label.js: Added.
(TimeLabel.prototype.get value):
(TimeLabel.prototype.set value):
(TimeLabel.prototype.commitProperty):
(TimeLabel.prototype._formattedTime):

LayoutTests:

Adding tests for the new TimeControl and TimeLabel classes.

* media/modern-media-controls/time-control/time-control-expected.txt: Added.
* media/modern-media-controls/time-control/time-control.html: Added.
* media/modern-media-controls/time-label/time-label-expected.txt: Added.
* media/modern-media-controls/time-label/time-label.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207295 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoCRASH at WebCore::SourceBuffer::removeCodedFrames + 37
jer.noble@apple.com [Thu, 13 Oct 2016 18:13:19 +0000 (18:13 +0000)]
CRASH at WebCore::SourceBuffer::removeCodedFrames + 37
https://bugs.webkit.org/show_bug.cgi?id=163336

Reviewed by Alex Christensen.

Source/WebCore:

Test: media/media-source/media-source-remove-crash.html

A null-deref crash can occur if a SourceBuffer is removed from a MediaSource after
SourceBuffer.remove() is called, but before the removeTimer is fired.

* Modules/mediasource/SourceBuffer.cpp:
(WebCore::SourceBuffer::removeTimerFired):

LayoutTests:

* media/media-source/media-source-remove-crash-expected.txt: Added.
* media/media-source/media-source-remove-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207294 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[SOUP] SHOULD NEVER BE REACHED ../../Source/WebCore/platform/URL.cpp(1291) : void...
mcatanzaro@igalia.com [Thu, 13 Oct 2016 18:11:29 +0000 (18:11 +0000)]
[SOUP] SHOULD NEVER BE REACHED ../../Source/WebCore/platform/URL.cpp(1291) : void WebCore::URL::parse(const WTF::String&)
https://bugs.webkit.org/show_bug.cgi?id=163392

Reviewed by Alex Christensen.

Fix the URL constructor to work with URLParser.

* platform/soup/URLSoup.cpp:
(WebCore::URL::URL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207293 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoExpose SPI to disable synchronously blocking on painting after parenting a WKWebView
timothy_horton@apple.com [Thu, 13 Oct 2016 17:44:27 +0000 (17:44 +0000)]
Expose SPI to disable synchronously blocking on painting after parenting a WKWebView
https://bugs.webkit.org/show_bug.cgi?id=163364
<rdar://problem/28012494>

Reviewed by Geoff Garen.

Some clients may not want the default WKWebView behavior where we synchronously
block on the Web process after the first time a WKWebView is re-added to the window,
because they are e.g. parenting re-used WKWebViews while scrolling.

* UIProcess/API/APIPageConfiguration.h:
(API::PageConfiguration::shouldSynchronizeInitialPaintAfterMovingToWindow):
(API::PageConfiguration::setShouldSynchronizeInitialPaintAfterMovingToWindow):
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]):
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]):
(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration _shouldSynchronizeInitialPaintAfterMovingToWindow]):
(-[WKWebViewConfiguration _setShouldSynchronizeInitialPaintAfterMovingToWindow:]):
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::WebPageProxy):
Add and plumb a new WKWebView configuration parameter.

(WebKit::WebPageProxy::dispatchViewStateChange):
If the new configuration parameter is set, don't block the main thread when
a view is reparented.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207292 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r207286.
ryanhaddad@apple.com [Thu, 13 Oct 2016 17:25:24 +0000 (17:25 +0000)]
Unreviewed, rolling out r207286.

Caused LayoutTest http/tests/misc/acid3.html to fail.

Reverted changeset:

"Share inline stylesheets between shadow trees"
https://bugs.webkit.org/show_bug.cgi?id=163353
http://trac.webkit.org/changeset/207286

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207291 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Use min-size instead of min-content contribution for intrinsic maximums...
svillar@igalia.com [Thu, 13 Oct 2016 17:02:53 +0000 (17:02 +0000)]
[css-grid] Use min-size instead of min-content contribution for intrinsic maximums resolution
https://bugs.webkit.org/show_bug.cgi?id=163283

Reviewed by Manuel Rego Casasnovas.

Source/WebCore:

This was recently modified in the specs
https://hg.csswg.org/drafts/diff/575fb847e29d/css-grid/Overview.bs. Specifically this is
addressing the last one. It used to be "min-content contribution" but now it says "min-size
contribution".

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):

LayoutTests:

Uncommented a bunch of failing test cases that are working fine now.

* fast/css-grid-layout/grid-intrinsic-maximums-expected.html:
* fast/css-grid-layout/grid-intrinsic-maximums.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win64] Compile fix.
pvollan@apple.com [Thu, 13 Oct 2016 15:36:00 +0000 (15:36 +0000)]
[Win64] Compile fix.
https://bugs.webkit.org/show_bug.cgi?id=163384

Reviewed by Brent Fulgham.

Fix use of potentially uninitialized variable.

* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207289 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[css-grid] Fix intrinsic maximums resolution with fit-content and auto
svillar@igalia.com [Thu, 13 Oct 2016 15:25:14 +0000 (15:25 +0000)]
[css-grid] Fix intrinsic maximums resolution with fit-content and auto
https://bugs.webkit.org/show_bug.cgi?id=163282

Reviewed by Manuel Rego Casasnovas.

Source/WebCore:

The step 2.5 in section 12.5 https://drafts.csswg.org/css-grid/#algo-content of the specs,
details how to sizes tracks with intrinsic max track sizing functions.

Not so long ago there were only two max track sizing functions min-content and max-content
(auto was always resolved to max-content). However there were some recent changes that force
us to consider 2 new values: auto (which is not internally translated to max-content
although it still works the same) and specially the newly added fit-content.

Some of the new test cases are commented due to bug http://wkb.ug/163283.

Test: fast/css-grid-layout/grid-intrinsic-maximums.html

* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::shouldProcessTrackForTrackSizeComputationPhase):
* rendering/style/GridTrackSize.h:
(WebCore::GridTrackSize::cacheMinMaxTrackBreadthTypes):
(WebCore::GridTrackSize::hasIntrinsicMinTrackBreadth):
(WebCore::GridTrackSize::hasIntrinsicMaxTrackBreadth):
(WebCore::GridTrackSize::hasAutoOrMinContentMinTrackBreadthAndIntrinsicMaxTrackBreadth):

LayoutTests:

New test cases to verify that all tracks with intrinsic max track sizing functions are used
in step 2.5 of the track sizing algorith. Some of the new test cases are commented due to
http://wkb.ug/163283.

* fast/css-grid-layout/grid-intrinsic-maximums-expected.html: Added.
* fast/css-grid-layout/grid-intrinsic-maximums.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207288 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Video playback doesn't work properly with accelerated compositing disabled
commit-queue@webkit.org [Thu, 13 Oct 2016 15:00:09 +0000 (15:00 +0000)]
[GTK] Video playback doesn't work properly with accelerated compositing disabled
https://bugs.webkit.org/show_bug.cgi?id=163386

Patch by Miguel Gomez <magomez@igalia.com> on 2016-10-13
Reviewed by Carlos Garcia Campos.

Trigger a repaint of the player when a new frame arrives and accelerated compositing is disabled.

Covered by existent tests.

* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207287 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoShare inline stylesheets between shadow trees
antti@apple.com [Thu, 13 Oct 2016 11:59:19 +0000 (11:59 +0000)]
Share inline stylesheets between shadow trees
https://bugs.webkit.org/show_bug.cgi?id=163353

Reviewed by Ryosuke Niwa and Andreas Kling.

If shadow trees have identical inline stylesheets the data structures can be shared.
In future this will also allow sharing style resolvers.

* css/parser/CSSParserMode.h:
(WebCore::CSSParserContextHash::hash):
(WebCore::CSSParserContextHash::equal):
(WTF::HashTraits<WebCore::CSSParserContext>::constructDeletedValue):
(WTF::HashTraits<WebCore::CSSParserContext>::isDeletedValue):
(WTF::HashTraits<WebCore::CSSParserContext>::emptyValue):

    Make CSSParserContext hashable.

* dom/InlineStyleSheetOwner.cpp:
(WebCore::makeInlineStyleSheetCacheKey):
(WebCore::inlineStyleSheetCache):

    Implement a simple cache for sharing stylesheets with identical text and context.

(WebCore::InlineStyleSheetOwner::createSheet):
(WebCore::InlineStyleSheetOwner::clearCache):
* dom/InlineStyleSheetOwner.h:
* platform/MemoryPressureHandler.cpp:
(WebCore::MemoryPressureHandler::releaseNoncriticalMemory):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207286 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRevert patch landed with wrong commit message.
antti@apple.com [Thu, 13 Oct 2016 11:58:07 +0000 (11:58 +0000)]
Revert patch landed with wrong commit message.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Encode function pointers.
antti@apple.com [Thu, 13 Oct 2016 11:47:41 +0000 (11:47 +0000)]
[Win] Encode function pointers.
https://bugs.webkit.org/show_bug.cgi?id=163331

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-10-12
Reviewed by Brent Fulgham.

We should encode stored function pointers.

* platform/win/SoftLinking.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207284 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Rebaseline tests affected by r207280 and report 3 new failures on accesibility...
clopez@igalia.com [Thu, 13 Oct 2016 11:41:22 +0000 (11:41 +0000)]
[GTK] Rebaseline tests affected by r207280 and report 3 new failures on accesibility tests.
https://bugs.webkit.org/show_bug.cgi?id=163383

Unreviewed gardening.

* platform/gtk/TestExpectations:
* platform/gtk/fast/dom/HTMLMeterElement/meter-appearances-capacity-expected.txt:
* platform/gtk/fast/dom/HTMLMeterElement/meter-appearances-rating-relevancy-expected.txt:
* platform/gtk/fast/dom/HTMLMeterElement/meter-boundary-values-expected.txt:
* platform/gtk/fast/dom/HTMLMeterElement/meter-element-expected.txt: Added.
* platform/gtk/fast/dom/HTMLMeterElement/meter-element-repaint-on-update-value-expected.txt: Added.
* platform/gtk/fast/dom/HTMLMeterElement/meter-optimums-expected.txt:
* platform/gtk/fast/dom/HTMLMeterElement/meter-styles-changing-pseudo-expected.txt:
* platform/gtk/fast/dom/HTMLMeterElement/meter-styles-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207283 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Encode function pointers.
pvollan@apple.com [Thu, 13 Oct 2016 11:30:25 +0000 (11:30 +0000)]
[Win] Encode function pointers.
https://bugs.webkit.org/show_bug.cgi?id=163331

Reviewed by Brent Fulgham.

We should encode stored function pointers.

* platform/win/SoftLinking.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207282 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove CachedResourceRequest::mutableResourceRequest
commit-queue@webkit.org [Thu, 13 Oct 2016 10:34:15 +0000 (10:34 +0000)]
Remove CachedResourceRequest::mutableResourceRequest
https://bugs.webkit.org/show_bug.cgi?id=163277

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-13
Reviewed by Sam Weinig.

No change of behavior.

Removing CachedResourceRequest::mutableResourceRequest requires call sites to either update the ResourceRequest
before creating the CachedResourceRequest or to add methods at CachedResourceRequest.

Adding CachedResourceRequest::releaseResourceRequest for CachedResource constructor.

Most new CachedResourceRequest methods are used by CachedResourceLoader which is passed a CachedResourceRequest.
This allows code in CachedResourceLoader to be easier to read.

* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::loadBestFitImage):
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::loadImage):
* dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestScriptWithCache):
* loader/CrossOriginAccessControl.cpp:
(WebCore::createAccessControlPreflightRequest):
* loader/CrossOriginAccessControl.h:
* loader/CrossOriginPreflightChecker.cpp:
(WebCore::CrossOriginPreflightChecker::startPreflight):
(WebCore::CrossOriginPreflightChecker::doPreflight):
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::loadRequest):
* loader/MediaResourceLoader.cpp:
(WebCore::MediaResourceLoader::requestResource):
* loader/cache/CachedResource.cpp:
(WebCore::CachedResource::CachedResource):
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
(WebCore::CachedResourceLoader::prepareFetch):
(WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
(WebCore::CachedResourceLoader::requestResource):
(WebCore::acceptHeaderValueFromType): Deleted.
(WebCore::updateRequestAccordingCacheMode): Deleted.
* loader/cache/CachedResourceRequest.cpp:
(WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
(WebCore::CachedResourceRequest::updateForAccessControl):
(WebCore::CachedResourceRequest::upgradeInsecureRequestIfNeeded):
(WebCore::CachedResourceRequest::setDomainForCachePartition):
(WebCore::acceptHeaderValueFromType):
(WebCore::CachedResourceRequest::setAcceptHeaderIfNone):
(WebCore::CachedResourceRequest::updateAccordingCacheMode):
(WebCore::CachedResourceRequest::removeFragmentIdentifierIfNeeded):
(WebCore::CachedResourceRequest::applyBlockedStatus):
* loader/cache/CachedResourceRequest.h:
(WebCore::CachedResourceRequest::releaseResourceRequest):
(WebCore::CachedResourceRequest::setCachingPolicy):
(WebCore::CachedResourceRequest::mutableResourceRequest): Deleted.
(WebCore::CachedResourceRequest::setCacheModeToNoStore): Deleted.
* loader/icon/IconLoader.cpp:
(WebCore::IconLoader::startLoading):
* platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
(WebCore::WebCoreAVCFResourceLoader::startLoading):
* platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::startLoading):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207281 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSupport scoped style for user agent shadow trees
antti@apple.com [Thu, 13 Oct 2016 09:22:38 +0000 (09:22 +0000)]
Support scoped style for user agent shadow trees
https://bugs.webkit.org/show_bug.cgi?id=163212
<rdar://problem/28715318>

Reviewed by Ryosuke Niwa and Andreas Kling.

Source/WebCore:

This patch adds support for user agent shadow trees that have scoped style. This means
that the shadows can be styled via <style> elements contained in the tree instead of
using pseudo elements on the global UA sheet. Since the style is scoped it can use
normal id and class selectors.

Elements in the shadow tree can still be exposed for author styling if needed by giving
them pseudo ids

The patch also uses the new mechanism for the <meter> element.

The mechanism is not optimized yet, each shadow tree gets its own copy of style-related data
structures. This can be improved later.

* CMakeLists.txt:
* DerivedSources.make:
* WebCore.xcodeproj/project.pbxproj:
* css/ElementRuleCollector.cpp:
(WebCore::MatchRequest::MatchRequest):
(WebCore::ElementRuleCollector::addMatchedRule):
(WebCore::ElementRuleCollector::matchAuthorShadowPseudoElementRules):

    Make treeContextOrdinal an int so we can use negative ordinals. This is used to allow author pseudo
    elements from earlier tree context to win over the shadow tree (matching CSS scoping spec language).

* css/ElementRuleCollector.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::MatchResult::addMatchedProperties):
(WebCore::StyleResolver::CascadedProperties::addImportantMatches):
* css/StyleResolver.h:
* css/html.css:
(meter::-webkit-meter-inner-element): Deleted.
(meter::-webkit-meter-bar): Deleted.
(meter::-webkit-meter-optimum-value): Deleted.
(meter::-webkit-meter-suboptimum-value): Deleted.
(meter::-webkit-meter-even-less-good-value): Deleted.

    Remove meter pseudo elements from the UA sheet.

* html/HTMLMeterElement.cpp:
(WebCore::HTMLMeterElement::childShouldCreateRenderer):

    Don't create shadow renderers when we have appearance (are using RenderMeter).

(WebCore::setValueClass):

    Move this logic here from MeterShadowElement.cpp.
    Set both class and pseudo id. The latter is needed to keep author styling working.

(WebCore::HTMLMeterElement::didElementStateChange):
(WebCore::HTMLMeterElement::renderMeter):

    RenderMeter is now only instantiated when appearance is enabled.

(WebCore::HTMLMeterElement::didAddUserAgentShadowRoot):

    Build the shadow tree out of <div>s instead of special shadow elements.

* html/HTMLMeterElement.h:
* html/shadow/MeterShadowElement.cpp: Removed.
* html/shadow/MeterShadowElement.h: Removed.

    Not needed anymore.

* html/shadow/meterElementShadow.css: Added.
(div#inner):
(div#bar):
(div#value):
(div#value.optimum):
(div#value.suboptimum):
(div#value.even-less-good):

    Stylesheet for meter element shadow tree using normal id and class selectors.

* style/StyleScope.cpp:
(WebCore::Style::Scope::shouldUseSharedUserAgentShadowTreeStyleResolver):

    Switch to per-scope style resolver for UA shadow trees if there is stylesheets in the tree.

(WebCore::Style::Scope::resolver):
(WebCore::Style::Scope::resolverIfExists):
* style/StyleScope.h:

LayoutTests:

* fast/dom/HTMLMeterElement/meter-clone-expected.txt:
* fast/dom/HTMLMeterElement/meter-clone.html:
* fast/dom/HTMLMeterElement/meter-element-markup-expected.txt:
* platform/mac/fast/dom/HTMLMeterElement/meter-element-repaint-on-update-value-expected.txt:
* platform/mac/fast/dom/HTMLMeterElement/meter-styles-changing-pseudo-expected.txt:
* platform/mac/fast/dom/HTMLMeterElement/meter-styles-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Web IDL] Drop support for legacy [ConstructorConditional=*]
cdumez@apple.com [Thu, 13 Oct 2016 05:23:53 +0000 (05:23 +0000)]
[Web IDL] Drop support for legacy [ConstructorConditional=*]
https://bugs.webkit.org/show_bug.cgi?id=163368

Reviewed by Ryosuke Niwa.

.:

Drop ENABLE_DOM4_EVENTS_CONSTRUCTOR compiler flag.

* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsMac.cmake:
* Source/cmake/OptionsWin.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/tools/vsprops/FeatureDefines.props:
* Source/cmake/tools/vsprops/FeatureDefinesCairo.props:

Source/JavaScriptCore:

Drop ENABLE_DOM4_EVENTS_CONSTRUCTOR compiler flag.

* Configurations/FeatureDefines.xcconfig:

Source/WebCore:

Drop support for legacy [ConstructorConditional=*] webkit-specific IDL
extended attribute. This was introduced to disable DOM4 event
constructors at compile time. However, nowadays, those constructors are
enabled everywhere.

* Configurations/FeatureDefines.xcconfig:
* bindings/scripts/CodeGenerator.pm:
(GenerateConstructorConditionalString): Deleted.
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorHelperMethods):
* bindings/scripts/IDLAttributes.txt:
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceConstructor::getConstructData): Deleted.
* bindings/scripts/test/TestInterface.idl:
* dom/UIEvent.idl:

Source/WebKit/mac:

Drop ENABLE_DOM4_EVENTS_CONSTRUCTOR compiler flag.

* Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Drop ENABLE_DOM4_EVENTS_CONSTRUCTOR compiler flag.

* Configurations/FeatureDefines.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207279 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThe bindings generator should provide a better error message when it does not find...
cdumez@apple.com [Thu, 13 Oct 2016 05:21:14 +0000 (05:21 +0000)]
The bindings generator should provide a better error message when it does not find a dictionary definition
https://bugs.webkit.org/show_bug.cgi?id=163377

Reviewed by Ryosuke Niwa.

The bindings generator should provide a better error message when it does
not find a dictionary definition.

* bindings/scripts/CodeGenerator.pm:
(GetDictionaryByName):
* bindings/scripts/CodeGeneratorJS.pm:
(assert):
(GenerateDictionaryImplementationContent):
(GenerateHeader):
(GenerateDictionaryHeader):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207278 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate WebKitMediaKeyMessageEvent / WebKitMediaKeyNeededEvent to stop using legacy...
cdumez@apple.com [Thu, 13 Oct 2016 05:18:59 +0000 (05:18 +0000)]
Update WebKitMediaKeyMessageEvent / WebKitMediaKeyNeededEvent to stop using legacy [ConstructorTemplate=Event]
https://bugs.webkit.org/show_bug.cgi?id=163369

Reviewed by Ryosuke Niwa.

Source/WebCore:

Update WebKitMediaKeyMessageEvent / WebKitMediaKeyNeededEvent to stop
using legacy [ConstructorTemplate=Event] and use regular constructors
instead.

This also adds support for having dictionary members that are typed
arrays because this was needed.

Test: fast/events/webkit-media-key-events-constructor.html

* Modules/encryptedmedia/legacy/WebKitMediaKeyMessageEvent.cpp:
(WebCore::WebKitMediaKeyMessageEvent::WebKitMediaKeyMessageEvent):
* Modules/encryptedmedia/legacy/WebKitMediaKeyMessageEvent.h:
(WebCore::WebKitMediaKeyMessageEvent::create):
(WebCore::WebKitMediaKeyMessageEvent::createForBindings): Deleted.
* Modules/encryptedmedia/legacy/WebKitMediaKeyMessageEvent.idl:
* Modules/encryptedmedia/legacy/WebKitMediaKeyNeededEvent.cpp:
(WebCore::WebKitMediaKeyNeededEvent::WebKitMediaKeyNeededEvent):
* Modules/encryptedmedia/legacy/WebKitMediaKeyNeededEvent.h:
(WebCore::WebKitMediaKeyNeededEvent::create):
(WebCore::WebKitMediaKeyNeededEvent::createForBindings): Deleted.
* Modules/encryptedmedia/legacy/WebKitMediaKeyNeededEvent.idl:
* bindings/js/JSDOMConvert.h:
(WebCore::Converter<IDLInterface<JSC::GenericTypedArrayView<Adaptor>>>::convert):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateDefaultValue):
* dom/InputEvent.cpp:
(WebCore::InputEvent::InputEvent):
* dom/InputEvent.h:
* dom/InputEvent.idl:

LayoutTests:

Add layout test coverage.

* fast/events/webkit-media-key-events-constructor-expected.txt: Added.
* fast/events/webkit-media-key-events-constructor.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207277 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate HTMLSelectElement::recalcListItems() to ignore nested optgroup elements
cdumez@apple.com [Thu, 13 Oct 2016 04:13:49 +0000 (04:13 +0000)]
Update HTMLSelectElement::recalcListItems() to ignore nested optgroup elements
https://bugs.webkit.org/show_bug.cgi?id=163358

Reviewed by Kent Tamura.

Source/WebCore:

Update HTMLSelectElement::recalcListItems() to ignore nested optgroup elements.
As per the specification, we only want optgroup elements that are direct
children of the select element. This also matches the behavior of Chrome.

Test: fast/dom/HTMLSelectElement/nested-optgroup.html

* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::recalcListItems):

LayoutTests:

Add layout test coverage.

* fast/dom/HTMLSelectElement/nested-optgroup-expected.txt: Added.
* fast/dom/HTMLSelectElement/nested-optgroup.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRenderRubyRun should not mark child renderers dirty at the end of layout.
zalan@apple.com [Thu, 13 Oct 2016 03:48:54 +0000 (03:48 +0000)]
RenderRubyRun should not mark child renderers dirty at the end of layout.
https://bugs.webkit.org/show_bug.cgi?id=163359
<rdar://problem/28711840>

Reviewed by David Hyatt.

Source/WebCore:

The current layout logic does not support marking renderers dirty for subsequent layouts.
Layout needs to exit with a clean tree.
Should relayoutChild be insufficient, we could also mark the base/text dirty for the justified content.

Test: fast/ruby/rubyrun-has-bad-child.html

* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::updateRubyForJustifiedText):
* rendering/RenderRubyRun.cpp:
(WebCore::RenderRubyRun::layout):
(WebCore::RenderRubyRun::layoutBlock):
* rendering/RenderRubyRun.h:

LayoutTests:

* fast/ruby/rubyrun-has-bad-child-expected.txt: Added.
* fast/ruby/rubyrun-has-bad-child.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSource/WebCore:
simon.fraser@apple.com [Thu, 13 Oct 2016 03:16:15 +0000 (03:16 +0000)]
Source/WebCore:
Crash when using megaplan.ru
https://bugs.webkit.org/show_bug.cgi?id=163276
rdar://problem/28446672

Reviewed by Sam Weinig.

Make sure we allocate enough space in the vector of CGPoints that we use for path building.

Test: css3/masking/large-clip-path.html

* platform/graphics/cg/PathCG.cpp:
(WebCore::Path::polygonPathFromPoints):

LayoutTests:
polygonPathFromPoints calls uncheckedAppend, but assertion size() < capacity() fails
https://bugs.webkit.org/show_bug.cgi?id=163276

Reviewed by Sam Weinig.

* css3/masking/large-clip-path-expected.txt: Added.
* css3/masking/large-clip-path.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207274 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix out-of-bounds reading in URLParser when parsing improperly percent-encoded values
achristensen@apple.com [Thu, 13 Oct 2016 02:38:13 +0000 (02:38 +0000)]
Fix out-of-bounds reading in URLParser when parsing improperly percent-encoded values
https://bugs.webkit.org/show_bug.cgi?id=163376

Reviewed by Saam Barati.

Source/WebCore:

Covered by new API tests, which used to crash under asan.

* platform/URLParser.cpp:
(WebCore::percentDecode):
If you subtract 2 from size_t's smaller than 2, you're gonna have a bad time.

Tools:

* TestWebKitAPI/Tests/WebCore/URLParser.cpp:
(TestWebKitAPI::TEST_F):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207273 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMail needs nonspecial URLs to keep case in host and not have slash after host
achristensen@apple.com [Thu, 13 Oct 2016 02:14:30 +0000 (02:14 +0000)]
Mail needs nonspecial URLs to keep case in host and not have slash after host
https://bugs.webkit.org/show_bug.cgi?id=163373

Reviewed by Saam Barati.

Mail uses urls like scheme://HoSt which were not changed when canonicalized
before enabling the URLParser but now are canonicalized to scheme://host/
I manually verified this fixes the issue.
This should be reverted once Mail will accept modern canonicalized URLs.

* platform/URLParser.cpp:
(WebCore::URLParser::parse):
(WebCore::URLParser::parseHostAndPort):
* platform/URLParser.h:
If the application is mail and the scheme is nonspecial, don't make the host lower case and don't add a slash after the host.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207268 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: step-into `console.log(o)` should not step through inspector javascript
commit-queue@webkit.org [Thu, 13 Oct 2016 02:05:44 +0000 (02:05 +0000)]
Web Inspector: step-into `console.log(o)` should not step through inspector javascript
https://bugs.webkit.org/show_bug.cgi?id=161656
<rdar://problem/28181123>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-10-12
Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

* debugger/Debugger.h:
* debugger/Debugger.cpp:
(JSC::Debugger::pauseIfNeeded):
If the Script is blacklisted skip checking if we need to pause.

(JSC::Debugger::isBlacklisted):
(JSC::Debugger::addToBlacklist):
(JSC::Debugger::clearBlacklist):
Add the ability to add a Script to a blacklist. Currently the blacklist
only prevents pausing in the Script.

* inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::isWebKitInjectedScript):
(Inspector::InspectorDebuggerAgent::didParseSource):
Always add Internal InjectedScripts to the Debugger's blacklist.

(Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
Clear blacklists when clearing debugger state.

LayoutTests:

* inspector/debugger/stepping/stepping-internal-scripts-expected.txt: Added.
* inspector/debugger/stepping/stepping-internal-scripts.html: Added.
Ensure step-into a console.log statement steps past it, and doesn't pause
inside the non-visible internal script.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207267 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoB3 needs a special WasmBoundsCheck Opcode
keith_miller@apple.com [Thu, 13 Oct 2016 01:42:53 +0000 (01:42 +0000)]
B3 needs a special WasmBoundsCheck Opcode
https://bugs.webkit.org/show_bug.cgi?id=163246

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch adds a new Opcode, WasmBoundsCheck, as well as a B3::Value subclass for it,
WasmBoundsCheckValue. WasmBoundsCheckValue takes three pieces of information. The first is
the Int32 pointer value used to be used by the Load.  Next is the pinned register. The
pinned register must be pinned by calling proc.setPinned() prior to compiling the
Procedure. Lastly, the WasmBoundsCheckValue takes an offset. The WasmBoundsCheckValue is
will then emit code that side-exits if the Int64 sum of the offset and pointer is greater
than or equal to the value in the pinnedRegister. Instead of taking a generator for each
value like Check/Patchpoint, WasmBoundsCheck gets its generator directly off Air::Code. In
Air this patch adds a new Custom opcode, WasmBoundsCheck.

In the future we should add WasmBoundsCheck to CSE so it can eliminate redundant bounds
checks. At the first cut, we can remove any WasmBoundsCheck dominated by another
WasmBoundsCheck with the same pointer and pinnedGPR, and a larger offset.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::imm):
(JSC::B3::Air::LowerToAir::lower):
* b3/B3Opcode.cpp:
(WTF::printInternal):
* b3/B3Opcode.h:
* b3/B3Procedure.cpp:
(JSC::B3::Procedure::setWasmBoundsCheckGenerator):
* b3/B3Procedure.h:
(JSC::B3::Procedure::setWasmBoundsCheckGenerator):
* b3/B3Validate.cpp:
* b3/B3Value.cpp:
(JSC::B3::Value::effects):
(JSC::B3::Value::typeFor):
* b3/B3WasmBoundsCheckValue.cpp: Added.
(JSC::B3::WasmBoundsCheckValue::~WasmBoundsCheckValue):
(JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue):
(JSC::B3::WasmBoundsCheckValue::dumpMeta):
* b3/B3WasmBoundsCheckValue.h: Added.
(JSC::B3::WasmBoundsCheckValue::accepts):
(JSC::B3::WasmBoundsCheckValue::pinnedGPR):
(JSC::B3::WasmBoundsCheckValue::offset):
* b3/air/AirCode.h:
(JSC::B3::Air::Code::setWasmBoundsCheckGenerator):
(JSC::B3::Air::Code::wasmBoundsCheckGenerator):
* b3/air/AirCustom.cpp:
(JSC::B3::Air::WasmBoundsCheckCustom::isValidForm):
* b3/air/AirCustom.h:
(JSC::B3::Air::WasmBoundsCheckCustom::forEachArg):
(JSC::B3::Air::WasmBoundsCheckCustom::isValidFormStatic):
(JSC::B3::Air::WasmBoundsCheckCustom::admitsStack):
(JSC::B3::Air::WasmBoundsCheckCustom::isTerminal):
(JSC::B3::Air::WasmBoundsCheckCustom::hasNonArgNonControlEffects):
(JSC::B3::Air::WasmBoundsCheckCustom::generate):
* b3/air/AirOpcode.opcodes:
* b3/testb3.cpp:
(JSC::B3::testWasmBoundsCheck):
(JSC::B3::run):

Websites/webkit.org:

Update the docs for the new WasmBoundsCheck opcode.

* docs/b3/intermediate-representation.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207266 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd preliminary support for extended colors to WebCore::Color
dino@apple.com [Thu, 13 Oct 2016 01:14:15 +0000 (01:14 +0000)]
Add preliminary support for extended colors to WebCore::Color
https://bugs.webkit.org/show_bug.cgi?id=162878
<rdar://problem/28596413>

Reviewed by Darin Adler.

Source/WebCore:

Add an ExtendedColor class that will hold the data necessary
for wider-than-sRGB (and more precise) colors. In order to
avoid increasing the size of Color, implement a tagged
pointer that is either referencing an ExtendedColor, or
is a 64-bit number with the top 32-bits being the RGBA, and
the bottom 2 bits indicating an invalid RGBA or a valid RGBA,
plus the tag.

Add copy constructors and operator= so that the new Color objects
are correctly copied.

There isn't yet a way to create an ExtendedColor. That's coming
in a followup patch (and will require changes to the CSS parser).

Covered by existing tests, and new API tests in Color.

* CMakeLists.txt:
* WebCore.xcodeproj/project.pbxproj: Add new files.

* platform/graphics/Color.cpp: Update everything to use m_rgbaAndFlags
instead of m_color + m_valid.
(WebCore::Color::Color):
(WebCore::Color::~Color):
(WebCore::Color::operator=):
(WebCore::Color::nameForRenderTreeAsText):
(WebCore::Color::setNamedColor):
(WebCore::Color::light):
(WebCore::Color::dark):
(WebCore::Color::setValid):
(WebCore::Color::setExtended):
(WebCore::Color::isExtended):
(WebCore::Color::asExtended):
* platform/graphics/Color.h: Implement the tagged union.
(WebCore::Color::Color):
(WebCore::Color::isValid):
(WebCore::Color::red):
(WebCore::Color::green):
(WebCore::Color::blue):
(WebCore::Color::alpha):
(WebCore::Color::rgb):
(WebCore::Color::setRGB):
(WebCore::operator==):

* platform/graphics/ExtendedColor.cpp: New file. Holds floating point
red, green, blue and alpha, plus a color space.
(WebCore::ExtendedColor::create):
(WebCore::ExtendedColor::~ExtendedColor):
(WebCore::ExtendedColor::ref):
(WebCore::ExtendedColor::deref):
* platform/graphics/ExtendedColor.h:
(WebCore::ExtendedColor::red):
(WebCore::ExtendedColor::green):
(WebCore::ExtendedColor::blue):
(WebCore::ExtendedColor::alpha):
(WebCore::ExtendedColor::colorSpace):
(WebCore::ExtendedColor::ExtendedColor):

* platform/graphics/cg/ColorCG.cpp: Update the constructors for
the platform specific color classes.
(WebCore::Color::Color):
* platform/graphics/gtk/ColorGtk.cpp:
(WebCore::Color::Color):
* platform/graphics/win/ColorDirect2D.cpp:
(WebCore::Color::Color):

* rendering/RenderEmbeddedObject.cpp: Use NeverDestroyed.
(WebCore::replacementTextRoundedRectPressedColor):
(WebCore::replacementTextRoundedRectColor):
(WebCore::replacementTextColor):
(WebCore::unavailablePluginBorderColor):

* rendering/RenderFrameSet.cpp: Ditto.
(WebCore::borderStartEdgeColor):
(WebCore::borderEndEdgeColor):
(WebCore::borderFillColor):

* rendering/RenderTableCell.cpp: This grows in size slightly
because it can no longer pack bits.

Tools:

A new API test for Colors.

* TestWebKitAPI/Tests/WebCore/Color.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207265 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoThe blackening of CellState is a bad way of tracking if the object is being marked...
fpizlo@apple.com [Wed, 12 Oct 2016 23:56:34 +0000 (23:56 +0000)]
The blackening of CellState is a bad way of tracking if the object is being marked for the first time
https://bugs.webkit.org/show_bug.cgi?id=163343

Reviewed by Mark Lam.

When I first added the concept of NewGrey/OldGrey, I had the SlotVisitor store the old cell
state in itself, so that it could use it to decide what to do for reportExtraMemoryVisited().

Then I changed it in a recent commit, because I wanted the freedom to have SlotVisitor visit
multiple objects in tandem. But I never ended up using this capability. Still, I liked the
new way better: instead of the SlotVisitor rembemering the state-before-blackening, we would
make the object's state reflect whether it was black for the first time or not. That seemed
convenient.

Unfortunately it's wrong. After we blacken the object, a concurrent barrier could instantly
grey it. Then we would forget that we are visiting this object for the first time.
Subsequent visits will think that they are not the first. So, we will fail to do the right
thing in reportExtraMemoryVisited().

So, this reverts that change. This is a little more than just a revert, though. I've changed
the terminology a bit. For example, I got tired of reading Black and having to remind myself
that it really means that the object has begun being visited, instead of the more strict
meaning that implies that it has already been visited. We want to say that it's Black or
currently being scanned. I'm going to adopt Siebert's term for this: Anthracite [1]. So, our
black CellState is now called AnthraciteOrBlack.

[1] https://pdfs.semanticscholar.org/7ae4/633265aead1f8835cf7966e179d02c2c8a4b.pdf

* heap/CellState.h:
(JSC::isBlack): Deleted.
(JSC::blacken): Deleted.
* heap/Heap.cpp:
(JSC::Heap::addToRememberedSet):
(JSC::Heap::writeBarrierSlowPath):
* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::Heap::reportExtraMemoryVisited):
(JSC::Heap::reportExternalMemoryVisited):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):
* heap/SlotVisitor.h:
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::reportExtraMemoryVisited):
(JSC::SlotVisitor::reportExternalMemoryVisited):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, add expected file for new test after r207239
utatane.tea@gmail.com [Wed, 12 Oct 2016 23:12:52 +0000 (23:12 +0000)]
Unreviewed, add expected file for new test after r207239
https://bugs.webkit.org/show_bug.cgi?id=163245

Add an "expected.txt" file.

* js/dom/domjit-accessor-node-type-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207261 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdobe Contribute CS 6.5 Trial crashes on launch
bdakin@apple.com [Wed, 12 Oct 2016 22:37:42 +0000 (22:37 +0000)]
Adobe Contribute CS 6.5 Trial crashes on launch
https://bugs.webkit.org/show_bug.cgi?id=163365
-and corresponding-
<rdar://problem/28732731>

Reviewed by Tim Horton.

* Carbon/CarbonWindowFrame.m:
(-[CarbonWindowFrame contentFill]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207246 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Modern Media Controls] Sliders: scrubber and volume
commit-queue@webkit.org [Wed, 12 Oct 2016 21:50:03 +0000 (21:50 +0000)]
[Modern Media Controls] Sliders: scrubber and volume
https://bugs.webkit.org/show_bug.cgi?id=163328
<rdar://problem/28733838>

Patch by Antoine Quint <graouts@apple.com> on 2016-10-12
Reviewed by Dean Jackson.

Source/WebCore:

We add a new Slider class that provides a custom slider backed by an
invisible <input type="range"> element and a fill underlay to provide
a custom color between the left edge of the slider and the slider thumb.
As the slider's value changes, a UI delegate receives messages to track
such changes.

Tests: media/modern-media-controls/scrubber/scrubber.html
       media/modern-media-controls/slider/slider-constructor.html
       media/modern-media-controls/slider/slider-fill.html
       media/modern-media-controls/slider/slider-styles.html
       media/modern-media-controls/volume-slider/volume-slider-value.html
       media/modern-media-controls/volume-slider/volume-slider.html

* Modules/modern-media-controls/controls/scrubber.css: Added.
(.scrubber.slider > input::-webkit-slider-thumb):
* Modules/modern-media-controls/controls/scrubber.js: Added.
(Scrubber):
* Modules/modern-media-controls/controls/slider.css: Added.
(.slider):
(.slider > input,):
(.slider > .fill):
(.slider > input):
(.slider > input::-webkit-slider-thumb):
* Modules/modern-media-controls/controls/slider.js: Added.
(Slider.prototype.get value):
(Slider.prototype.set value):
(Slider.prototype.get width):
(Slider.prototype.set width):
(Slider.prototype.handleEvent):
(Slider.prototype.commitProperty):
(Slider.prototype._handleInputEvent):
(Slider.prototype._handleChangeEvent):
(Slider.prototype._updateFill):
* Modules/modern-media-controls/controls/volume-slider.css: Added.
(.volume.slider > input::-webkit-slider-thumb):
* Modules/modern-media-controls/controls/volume-slider.js: Added.
(VolumeSlider):

LayoutTests:

Testing the properties of the new Slider class and its subclasses.

* media/modern-media-controls/resources/media-controls-utils.js: Added.
(rgba):
(shouldBeEqualToRGBAColor):
* media/modern-media-controls/scrubber/scrubber-expected.txt: Added.
* media/modern-media-controls/scrubber/scrubber.html: Added.
* media/modern-media-controls/slider/slider-constructor-expected.txt: Added.
* media/modern-media-controls/slider/slider-constructor.html: Added.
* media/modern-media-controls/slider/slider-fill-expected.txt: Added.
* media/modern-media-controls/slider/slider-fill.html: Added.
* media/modern-media-controls/slider/slider-styles-expected.txt: Added.
* media/modern-media-controls/slider/slider-styles.html: Added.
* media/modern-media-controls/volume-slider/volume-slider-expected.txt: Added.
* media/modern-media-controls/volume-slider/volume-slider-value-expected.txt: Added.
* media/modern-media-controls/volume-slider/volume-slider-value.html: Added.
* media/modern-media-controls/volume-slider/volume-slider.html: Added.
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207245 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAdd experimental support for the "formatForeColor" inputType
wenson_hsieh@apple.com [Wed, 12 Oct 2016 21:49:10 +0000 (21:49 +0000)]
Add experimental support for the "formatForeColor" inputType
https://bugs.webkit.org/show_bug.cgi?id=163348
<rdar://problem/28739334>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Adds support for the "formatForeColor" attribute. This patch introduces a simple hook in Editor.cpp to extract
data for an input event from an EditingStyle when performing an editing action.

Test: fast/events/input-events-forecolor-data.html

* editing/EditCommand.cpp:
(WebCore::inputTypeNameForEditingAction):
* editing/Editor.cpp:
(WebCore::inputEventDataForEditingStyleAndAction):

Added a new static helper to compute the data attribute of an InputEvent when handling a style change.

(WebCore::Editor::computeAndSetTypingStyle):

LayoutTests:

Adds a new test verifying that input events with inputType "formatForeColor" are dispatched when changing
foreground color, and that their data attributes are as expected.

* fast/events/input-events-forecolor-data-expected.txt: Added.
* fast/events/input-events-forecolor-data.html: Added.
* platform/ios-simulator/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207244 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Web IDL] Generated bindings include the wrong header when ImplementedAs is used...
cdumez@apple.com [Wed, 12 Oct 2016 21:09:46 +0000 (21:09 +0000)]
[Web IDL] Generated bindings include the wrong header when ImplementedAs is used on a dictionary
https://bugs.webkit.org/show_bug.cgi?id=163352

Reviewed by Ryosuke Niwa.

Generated bindings include the wrong header when ImplementedAs is used
on a dictionary.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateDictionaryHeader):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjPrototypeFunctionOperationWithExternalDictionaryParameterCaller):
* bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
(WebCore::convertDictionary<DictionaryImplName>):
(WebCore::convertDictionary<TestStandaloneDictionary>): Deleted.
* bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
* bindings/scripts/test/TestStandaloneDictionary.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207243 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRename variables in arrayProtoFuncSplice() to match names in the spec.
mark.lam@apple.com [Wed, 12 Oct 2016 21:01:00 +0000 (21:01 +0000)]
Rename variables in arrayProtoFuncSplice() to match names in the spec.
https://bugs.webkit.org/show_bug.cgi?id=163354

Reviewed by Saam Barati.

This will make it easier to see whether the code matches the spec or not.
Ref: https://tc39.github.io/ecma262/#sec-array.prototype.splice

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSplice):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207241 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[DOMJIT][JSC] Explore the way to embed nodeType into JSC::JSType in WebCore
utatane.tea@gmail.com [Wed, 12 Oct 2016 20:47:51 +0000 (20:47 +0000)]
[DOMJIT][JSC] Explore the way to embed nodeType into JSC::JSType in WebCore
https://bugs.webkit.org/show_bug.cgi?id=163245

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

We reserve the highest bit of JSC::JSType for extensions outside JSC.
JSC does not use JSType bits so many: only 52 types are defined.

And we extend CallDOM patchpoint to claim that it does not require a global object.
This global object is used to generate a DOM wrapper. However, nodeType does not require
it since it just returns integer. In the future, we will extend CallDOM to claim
its result type. And we can decide this `requireGlobalObject` condition automatically
according to the result type.

* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasCheckDOMPatchpoint):
(JSC::DFG::Node::checkDOMPatchpoint):
(JSC::DFG::Node::hasCallDOMPatchpoint):
(JSC::DFG::Node::callDOMPatchpoint):
(JSC::DFG::Node::hasDOMJIT): Deleted.
(JSC::DFG::Node::domJIT): Deleted.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCallDOM):
(JSC::DFG::SpeculativeJIT::compileCheckDOM):
* domjit/DOMJITCallDOMPatchpoint.h: Copied from Source/JavaScriptCore/domjit/DOMJITGetterSetter.h.
(JSC::DOMJIT::CallDOMPatchpoint::create):
* domjit/DOMJITGetterSetter.h:
* domjit/DOMJITPatchpoint.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCheckDOM):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):
* jsc.cpp:
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:
* runtime/JSType.h:

Source/WebCore:

Node.nodeType accessor is so frequently called. For example, jQuery's $ function uses
this to distinguish DOM objects from the other JS objects. So every time you call `$(dom)`,
nodeType accessor is called. In addition to that, jQuery's prev, next, parent etc. also uses
this `nodeType`. And Ember.js also uses it. And ... So this function is super critical for DOM
performance.

The challenge is that there is no room for putting NodeType into C++ Node class. Node class
has a 32bit field to store some data. However, these bits are already exhausted. Extending
Node class is unacceptable since it significantly enlarges memory consumption of WebKit (Node
is everywhere!). Unfortunately, current Node::nodeType is implemented as a virtual function
even though this function is frequently called from JS world.

Interestingly, we already store some duplicate data in JSObject, JSC::JSType. WebCore already
extends it with JSElementType, JSNodeType, and JSDocumentWrapperType. And these types are
corresponding to specific NodeTypes. For example, JSElementType should have ELEMENT_NODE type.

This patch further extends this JSC::JSType in WebCore side safely. We embed NodeType bits into
JSC::JSType. This design offers significantly faster nodeType implementation. Furthermore, it
makes DOMJIT easy for nodeType accessor.

Even without the IC change[1], Dromaeo dom-query shows 8 - 10% improvement,
1452.96 runs/s vs 1578.56 runs/s. We can expect that this improvement will be applied to the
other benchmarks / real applications when the IC change is landed.

[1]: https://bugs.webkit.org/show_bug.cgi?id=163226

* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMWrapper.h:
* bindings/js/JSNodeCustom.h:
(WebCore::JSNode::nodeType):
* bindings/scripts/CodeGeneratorJS.pm:
(GetJSTypeForNode):
(GenerateHeader):
* dom/Node.idl:
* dom/NodeConstants.h: Copied from Source/JavaScriptCore/domjit/DOMJITGetterSetter.h.
* domjit/JSNodeDOMJIT.cpp:
(WebCore::createCallDOMForOffsetAccess):
(WebCore::NodeFirstChildDOMJIT::callDOM):
(WebCore::NodeLastChildDOMJIT::callDOM):
(WebCore::NodeNextSiblingDOMJIT::callDOM):
(WebCore::NodePreviousSiblingDOMJIT::callDOM):
(WebCore::NodeParentNodeDOMJIT::callDOM):
(WebCore::NodeNodeTypeDOMJIT::checkDOM):
(WebCore::NodeNodeTypeDOMJIT::callDOM):

LayoutTests:

* js/dom/domjit-accessor-node-type.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207239 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate more events to stop using legacy [ConstructorTemplate=Event]
cdumez@apple.com [Wed, 12 Oct 2016 20:41:49 +0000 (20:41 +0000)]
Update more events to stop using legacy [ConstructorTemplate=Event]
https://bugs.webkit.org/show_bug.cgi?id=163339

Reviewed by Ryosuke Niwa.

Source/WebCore:

Update more events to stop using legacy [ConstructorTemplate=Event]
and use regular constructors instead.

No new tests, updated existing tests.

* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
(WebCore::convertDictionary<TestEventConstructor::Init>):
(WebCore::JSTestEventConstructorConstructor::construct):
(WebCore::JSTestEventConstructorConstructor::prototypeForStructure):
(WebCore::JSTestEventConstructor::JSTestEventConstructor):
(WebCore::JSTestEventConstructor::createPrototype):
(WebCore::JSTestEventConstructorPrototype::create): Deleted.
(WebCore::JSTestEventConstructorPrototype::createStructure): Deleted.
(WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype): Deleted.
(WebCore::setJSTestEventConstructorConstructor): Deleted.
(WebCore::JSTestEventConstructor::getConstructor): Deleted.
* bindings/scripts/test/JS/JSTestEventConstructor.h:
(WebCore::JSTestEventConstructor::wrapped):
(WebCore::JSTestEventConstructor::create): Deleted.
(WebCore::toJS): Deleted.
(WebCore::toJSNewlyCreated): Deleted.
* bindings/scripts/test/TestEventConstructor.idl:
* css/CSSFontFaceLoadEvent.cpp:
(WebCore::CSSFontFaceLoadEvent::CSSFontFaceLoadEvent):
* css/CSSFontFaceLoadEvent.h:
* css/CSSFontFaceLoadEvent.idl:
* html/canvas/WebGLContextEvent.cpp:
(WebCore::WebGLContextEvent::WebGLContextEvent):
* html/canvas/WebGLContextEvent.h:
* html/canvas/WebGLContextEvent.idl:
* storage/StorageEvent.cpp:
(WebCore::StorageEvent::create):
(WebCore::StorageEvent::StorageEvent):
* storage/StorageEvent.h:
* storage/StorageEvent.idl:

LayoutTests:

Update existing tests to reflect minor behavior changes.

* fast/events/constructors/storage-event-constructor-expected.txt:
* fast/events/constructors/storage-event-constructor.html:
* fast/events/constructors/webgl-context-event-constructor-expected.txt:
* fast/events/constructors/webgl-context-event-constructor.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207238 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, rolling out r207225.
ryanhaddad@apple.com [Wed, 12 Oct 2016 20:38:37 +0000 (20:38 +0000)]
Unreviewed, rolling out r207225.

This change causes debug tests to exit early with crashes.

Reverted changeset:

"Optional's move-constructor and move-assignment operator
don't disengage the value being moved from"
https://bugs.webkit.org/show_bug.cgi?id=163309
http://trac.webkit.org/changeset/207225

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207237 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix assertion after switching to URLParser
achristensen@apple.com [Wed, 12 Oct 2016 20:23:03 +0000 (20:23 +0000)]
Fix assertion after switching to URLParser
https://bugs.webkit.org/show_bug.cgi?id=163350
rdar://problem/28739938

Reviewed by Brady Eidson.
Source/WebKit2:

Covered by a new API test.

* UIProcess/API/Cocoa/_WKUserStyleSheet.mm:
(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:baseURL:userContentWorld:]):
The { } here is not understood by the compiler to mean WebCore::URL(), but rather the empty constructor for the enum ParsedURLStringTag.
We used to be unsafely trusting that the URL was valid and canonicalized, but with URLParser we are canonicalizing it,
and the assertion (url == m_string) in URL.cpp was failing.

Tools:

* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
(TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207236 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHandle non-function, non-undefined comparator in Array.prototype.sort
keith_miller@apple.com [Wed, 12 Oct 2016 19:40:51 +0000 (19:40 +0000)]
Handle non-function, non-undefined comparator in Array.prototype.sort
https://bugs.webkit.org/show_bug.cgi?id=163085

Reviewed by Yusuke Suzuki.

JSTests:

* ChakraCore/test/Array/array_sort.baseline-jsc:
* stress/array-sort-bad-comparator.js: Added.
(test):

Source/JavaScriptCore:

* builtins/ArrayPrototype.js:
(sort.comparatorSort):
(sort.stringSort):
(sort):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207235 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMake Document::existingAXObjectCache() fast with accessibility disabled.
akling@apple.com [Wed, 12 Oct 2016 19:35:55 +0000 (19:35 +0000)]
Make Document::existingAXObjectCache() fast with accessibility disabled.
<https://webkit.org/b/163347>

Reviewed by Antti Koivisto.

Instruments says we were spending 2.3% of Dromaeo/dom-modify.html in this function,
traversing ancestors. Track whether we've ever had a cache, and use that knowledge
to return early if possible.

* dom/Document.cpp:
(WebCore::Document::existingAXObjectCache):
(WebCore::Document::axObjectCache):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207234 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[SOUP] trunk r207192 fails to compile due to missing std::function being unavailable...
commit-queue@webkit.org [Wed, 12 Oct 2016 19:18:59 +0000 (19:18 +0000)]
[SOUP] trunk r207192 fails to compile due to missing std::function being unavailable (missing #include <functional>)
https://bugs.webkit.org/show_bug.cgi?id=163340

Patch by Jeremy Huddleston Sequoia <jeremyhu@apple.com> on 2016-10-12
Reviewed by Michael Catanzaro.

* platform/network/soup/SoupNetworkSession.h: Add missing #include <functional>

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207232 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Unreviewed build fix after r207218.
bfulgham@apple.com [Wed, 12 Oct 2016 19:03:26 +0000 (19:03 +0000)]
[Win] Unreviewed build fix after r207218.

The CQ-landed patch used the old USE(CFNETWORK) compiler guard.
It should be using USE(CFURLCONNECTION).

* WebCache.cpp: Missed one!

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207231 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoREGRESSION (r207179): ASSERTION FAILED: node.cell != previousCell
fpizlo@apple.com [Wed, 12 Oct 2016 19:01:21 +0000 (19:01 +0000)]
REGRESSION (r207179): ASSERTION FAILED: node.cell != previousCell
https://bugs.webkit.org/show_bug.cgi?id=163337

Reviewed by Mark Lam.

It turns out that HeapSnapshot was not down with revisiting. The concurrent GC is going to be
built around the idea that we can revisit objects many times. This means that any action that
should only take place once per object must check the object's state. This fixes the snapshot
code to do this.

While writing this code, I realized that we're actually doing this check incorrectly, so I
filed bug 163343. That bug requires a race, so we aren't going to see it yet.

* heap/HeapSnapshot.cpp:
(JSC::HeapSnapshot::finalize):
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Improve support for logging Proxy objects in console
joepeck@webkit.org [Wed, 12 Oct 2016 18:47:53 +0000 (18:47 +0000)]
Web Inspector: Improve support for logging Proxy objects in console
https://bugs.webkit.org/show_bug.cgi?id=163323
<rdar://problem/28432553>

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

This is based off of similiar patches in Blink for Proxy handling.

* bindings/ScriptValue.cpp:
(Deprecated::ScriptValue::isEqual):
Use strict equality. This is the intent, and it prevents the possibility of triggering
primitive conversion on objects in previous ConsoleMessage argument lists.

* inspector/InjectedScriptSource.js:
(InjectedScript.prototype._propertyDescriptors):
Bail if the object is a Proxy.

(InjectedScript.prototype._describe):
Provide a friendlier name, "Proxy" instead of "ProxyObject".

(InjectedScript.RemoteObject):
When generating a preview for a Proxy object, generate it from the final target
and mark it as lossy so that the object can always be expanded to get the internal
target/handler properties.

* inspector/JSInjectedScriptHost.h:
* inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::subtype):
New subtype for Proxy objects.

(Inspector::JSInjectedScriptHost::proxyTargetValue):
Resolve the final target value for a Proxy.

* inspector/JSInjectedScriptHostPrototype.cpp:
(Inspector::JSInjectedScriptHostPrototype::finishCreation):
(Inspector::jsInjectedScriptHostPrototypeFunctionProxyTargetValue):
Add the new method.

* inspector/ScriptArguments.cpp:
(Inspector::ScriptArguments::getFirstArgumentAsString):
Avoid triggering Proxy traps on a Proxy object when getting a quick
string description for ConsoleMessages.

* inspector/protocol/Runtime.json:
Add new "proxy" subtype.

Source/WebInspectorUI:

* UserInterface/Views/ConsoleMessageView.js:
(WebInspector.ConsoleMessageView.prototype._formatParameter):
Treat a Proxy like any other object.

LayoutTests:

* inspector/console/console-log-proxy-expected.txt: Added.
* inspector/console/console-log-proxy.html: Added.
Add a test specific to console logs of Proxy objects to ensure the get
trap is not used in different cases.

* inspector/model/remote-object-expected.txt:
* inspector/model/remote-object.html:
* platform/mac/inspector/model/remote-object-expected.txt:
Update results for Proxy objects and include a test for a multi-level
Proxy object, which should preview the target.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207229 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoEmit DebugHooks uniformly with pause locations instead of having separate pause locat...
joepeck@webkit.org [Wed, 12 Oct 2016 18:47:48 +0000 (18:47 +0000)]
Emit DebugHooks uniformly with pause locations instead of having separate pause locations and op_debug emits
https://bugs.webkit.org/show_bug.cgi?id=162809

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Change how BytecodeGeneration emits debug hooks to be more consistent.
Previously most nodes individually generated their own debug hook
and we asserted that it matched a breakpoint location identified
by the parser. This could get out of sync, or nodes could forget to
emit debug hooks expected by the parser.

With this change, we always check and emit a debug hook for any
node. The default behavior is for BytecodeGenerator::emitNode
to emit the debug hook when emitting the node itself. This covers
the majority of cases (statements).

There are a few exceptions where we continue to need to customize
emitting debug hooks:

    1. Nodes with emitBytecodeInConditionContext
        - non-Expression nodes customize how they emit their children
        - constants conditions may emit nothing, but we had recorded a breakpoint location so emit a debug hook
        - always emit one debug hook in case we recorded a breakpoint location, but avoid emitting multiple
          in nodes which may call up to the ExpressionNode::emitBytecodeInConditionContext base impl.
    2. Specialized Debug Hooks
        - such as hooks for Program start/end, debugger statements, etc.
    3. Debug Hooks in for..of / for..in that don't correspond to re-emitting nodes
        - such as pausing on the assignment expression inside these loops

The majority of nodes no longer have custom emits.

* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNodeInTailPosition):
(JSC::BytecodeGenerator::emitNodeInConditionContext):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitDebugHook):
(JSC::BytecodeGenerator::emitEnumeration):
By default, when emitting a node check if we should also emit an op_debug for it.
This default DebugHook is WillExecuteStatement, which is a normal pause point.

* bytecompiler/NodesCodegen.cpp:
(JSC::ConstantNode::emitBytecodeInConditionContext):
(JSC::LogicalNotNode::emitBytecodeInConditionContext):
(JSC::BinaryOpNode::emitBytecodeInConditionContext):
(JSC::LogicalOpNode::emitBytecodeInConditionContext):
The parser would have generated a pause location for these conditions
no matter what constant folding and re-writing these nodes may perform.
So, when emitting these nodes in condition context check if they need
emit their own debug hook.

(JSC::EmptyStatementNode::emitBytecode):
(JSC::ExprStatementNode::emitBytecode):
(JSC::DeclarationStatement::emitBytecode):
(JSC::IfElseNode::emitBytecode):
(JSC::DoWhileNode::emitBytecode):
(JSC::WhileNode::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ContinueNode::emitBytecode):
(JSC::BreakNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::SwitchNode::emitBytecode):
(JSC::ThrowNode::emitBytecode):
No longer need to custom emit debug hooks. The default emitNode will handle these.

(JSC::ForInNode::emitBytecode):
Include extra debug hooks the user expects to return back to the assignment
expression in the loop header before starting the body again. The same is done
for for..of with emitEnumeration.

* parser/ASTBuilder.h:
(JSC::ASTBuilder::createExportDefaultDeclaration):
(JSC::ASTBuilder::createExportLocalDeclaration):
These are no longer needed to fake-satisfy assertions. We never wanted to
emit debug hooks for these inner statements because the export statement
will already have the debug hooks.

(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createForOfLoop):
Include the correct location where the declaration starts.

(JSC::ASTBuilder::breakpointLocation):
Simplify to a general implementation for Node.

* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createForOfLoop):
Ignore the new extra parameter.

* parser/Nodes.h:
(JSC::Node::needsDebugHook):
(JSC::Node::setNeedsDebugHook):
(JSC::ExpressionNode::needsDebugHook): Deleted.
(JSC::ExpressionNode::setNeedsDebugHook): Deleted.
(JSC::StatementNode::isEmptyStatement): Deleted.
(JSC::StatementNode::needsDebugHook): Deleted.
(JSC::StatementNode::setNeedsDebugHook): Deleted.
Move debug hook logic into the base Node class.

(JSC::StatementNode::isDebuggerStatement):
Provide a way to distinguish a debugger statement.

* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseForStatement):
Provide the location before the declaration starts.

Source/WebInspectorUI:

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype.textEditorExecutionHighlightRange):
When pausing on the variable assignment inside for..of and for..in don't just
highlight "var foo" but include the right hand side "var foo in ..." or
"var foo of ...".

LayoutTests:

* inspector/debugger/stepping/stepping-control-flow-expected.txt:
* inspector/debugger/stepping/stepping-control-flow.html:
Add new tests for stepping through conditional expressions with constants,
logical operations, binary operations, and unary negations.

* inspector/debugger/stepping/stepping-loops-expected.txt:
* inspector/debugger/stepping/stepping-loops.html:
Update tests for changes in stepping behavior in for loops.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207228 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoWeb Inspector: Whole program sometimes highlighted instead of just first statement
commit-queue@webkit.org [Wed, 12 Oct 2016 18:43:19 +0000 (18:43 +0000)]
Web Inspector: Whole program sometimes highlighted instead of just first statement
https://bugs.webkit.org/show_bug.cgi?id=163300
<rdar://problem/28723162>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-10-12
Reviewed by Timothy Hatcher.

* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype.textEditorExecutionHighlightRange):
Avoid highlighting the entire program by skipping a Program type Node.

* UserInterface/Views/TextEditor.js:
(WebInspector.TextEditor.prototype.setExecutionLineAndColumn):
Avoid unnecessary work before content has loaded.

(WebInspector.TextEditor.prototype.currentPositionToOriginalOffset):
Avoid unnecessary indirection to get the CodeMirror editor.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207227 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoArray.prototype.slice should not modify frozen objects.
mark.lam@apple.com [Wed, 12 Oct 2016 18:27:50 +0000 (18:27 +0000)]
Array.prototype.slice should not modify frozen objects.
https://bugs.webkit.org/show_bug.cgi?id=163338

Reviewed by Filip Pizlo.

JSTests:

* stress/array-slice-on-frozen-object.js: Added.

Source/JavaScriptCore:

1. The ES6 spec for Array.prototype.slice
   (https://tc39.github.io/ecma262/#sec-array.prototype.slice) states that it uses
   the CreateDataPropertyOrThrow()
   (https://tc39.github.io/ecma262/#sec-createdatapropertyorthrow) to add items to
   the result array.  The spec for CreateDataPropertyOrThrow states:

   "This abstract operation creates a property whose attributes are set to the
   same defaults used for properties created by the ECMAScript language assignment
   operator. Normally, the property will not already exist. If it does exist and
   is not configurable or if O is not extensible, [[DefineOwnProperty]] will
   return false causing this operation to throw a TypeError exception."

2. Array.prototype.slice also uses a Set function
   (https://tc39.github.io/ecma262/#sec-set-o-p-v-throw) to set the "length"
   property and passes true for the Throw argument.  Ultimately, it ends up
   calling the OrdinarySet function
   (https://tc39.github.io/ecma262/#sec-ordinaryset) that will fail if the
   property is not writable.  This failure should result in a TypeError being
   thrown in Set.

   Since the properties of frozen objects are not extensible, not configurable,
   and not writeable, Array.prototype.slice should fail to write to the result
   array if it is frozen.

If the source array being sliced has 1 or more elements, (1) will take effect
when we try to set the element in the non-writeable result obj.
If the source array being sliced has 0 elements, we will not set any elements and
(1) will not trigger.  Subsequently, (2) will take effect when we will try to
set the length of the result obj.

* runtime/ArrayPrototype.cpp:
(JSC::putLength):
(JSC::setLength):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207226 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoOptional's move-constructor and move-assignment operator don't disengage the value...
weinig@apple.com [Wed, 12 Oct 2016 17:41:00 +0000 (17:41 +0000)]
Optional's move-constructor and move-assignment operator don't disengage the value being moved from
https://bugs.webkit.org/show_bug.cgi?id=163309

Reviewed by Anders Carlsson.

Source/WTF:

* wtf/Optional.h:
(WTF::Optional::Optional):
(WTF::Optional::operator=):
Disengage 'other' on move-construction and move-assignment.

Tools:

* TestWebKitAPI/Tests/WTF/Optional.cpp:
(TestWebKitAPI::TEST):
Add tests for Optional's move-constructor and move-assignment operator.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207225 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove an unused function
andersca@apple.com [Wed, 12 Oct 2016 17:31:03 +0000 (17:31 +0000)]
Remove an unused function
https://bugs.webkit.org/show_bug.cgi?id=163341

Reviewed by Dan Bernstein.

* WebProcess/WebPage/WebBackForwardListProxy.cpp:
(WebKit::WebBackForwardListProxy::isActive): Deleted.
* WebProcess/WebPage/WebBackForwardListProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207224 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Unreviewed build fix after r207218.
bfulgham@apple.com [Wed, 12 Oct 2016 17:22:55 +0000 (17:22 +0000)]
[Win] Unreviewed build fix after r207218.

The CQ-landed patch used the old USE(CFNETWORK) compiler guard.
It should be using USE(CFURLCONNECTION).

* WebCache.cpp:
(WebCache::cacheFolder):
(WebCache::setCacheFolder):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRemove JITWriteBarrier.h
fpizlo@apple.com [Wed, 12 Oct 2016 16:56:34 +0000 (16:56 +0000)]
Remove JITWriteBarrier.h
https://bugs.webkit.org/show_bug.cgi?id=163334

Reviewed by Mark Lam.

I guess that the idea of JITWriteBarrier was to make sure that if you slap some heap pointer
bits into machine code, then you better execute a barrier on the code block. But it's a
complicated piece of code, and I can never remember how it quite works. These days it looks
vestigial, particularly since only the CallLinkInfo patchable callee immediate uses it. It's
not really necessary to have something like this, since our convention is that any pointer
stored in machine code must always be shadowed in the GC heap. I think that convention has
won by overwhelming majority, so we should finally remove JITWriteBarrier.

A practical outcome of this change is that it makes it easier to implement DirectCall ICs,
which will have to store the callee in the CallLinkInfo but not in the machine code.

* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/AbstractMacroAssembler.h:
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::setCallee): Deleted.
(JSC::CallLinkInfo::clearCallee): Deleted.
* heap/SlotVisitor.h:
* jit/JITWriteBarrier.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207222 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
bfulgham@apple.com [Wed, 12 Oct 2016 16:50:24 +0000 (16:50 +0000)]
[WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
https://bugs.webkit.org/show_bug.cgi?id=163149
<rdar://problem/28629774>

Reviewed by Dean Jackson.

Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateVertexAttributes):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207221 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoNow playing media sessions are always cleared for the active foreground tab
wenson_hsieh@apple.com [Wed, 12 Oct 2016 16:48:21 +0000 (16:48 +0000)]
Now playing media sessions are always cleared for the active foreground tab
https://bugs.webkit.org/show_bug.cgi?id=163310
<rdar://problem/28573301>

Reviewed by Jer Noble.

Source/WebCore:

Currently, we clear out Now Playing info whenever we set the visibility of Now Playing controls to Never. This
is incorrect, as the Now Playing session needs to still be active (just not visible) in this state. Instead, we
should not be taking the active/foregrounded-ness of a media session for Now Playing into account in
MediaElementSession::canShowControlsManager so that even if a media session is in the active/foreground tab, we
will update the Now Playing session with the latest info. However, when setting the visibility, we now check
and see if the session allows Now Playing visibility, and set the Now Playing visibility to Always or Never
depending on the answer.

Tweaked existing unit tests in NowPlayingControlsTests.

* html/MediaElementSession.cpp:
(WebCore::MediaElementSession::canShowControlsManager):
(WebCore::MediaElementSession::allowsNowPlayingControlsVisibility):
(WebCore::MediaElementSession::pageAllowsNowPlayingControls): Deleted.
* html/MediaElementSession.h:
* platform/audio/PlatformMediaSession.h:
(WebCore::PlatformMediaSession::allowsNowPlayingControlsVisibility):
* platform/audio/mac/MediaSessionManagerMac.mm:
(WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

Tools:

Tweaks existing unit tests to verify that media session info persists when backgrounding and foregrounding, but
that media session info is correctly cleared out if the media session itself is no longer eligible for Now
Playing (not accounting for foreground/active state). Previously, these tests were verifying that we would
always clear out the information, but this is incorrect, and is the source of the problem.

* TestWebKitAPI/Tests/WebKit2Cocoa/NowPlayingControlsTests.mm:
(-[NowPlayingTestWebView waitForNowPlayingInfoToChange]):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207220 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefactor LineLayoutState's float box handling.
zalan@apple.com [Wed, 12 Oct 2016 16:45:55 +0000 (16:45 +0000)]
Refactor LineLayoutState's float box handling.
https://bugs.webkit.org/show_bug.cgi?id=163286

Reviewed by David Hyatt.

We keep track of float boxes both per line (RootInlineBox::m_floats) and
per flow block (LineLayoutState::m_floats) during layout.
As we lay out the lines and iterate through RootInlineBox::m_floats, we
increment LineLayoutState::m_floatIndex. This LineLayoutState::m_floatIndex is
later used to find the matching float box in the per-block-flow float list.
This logic works fine as long as the lists and the index manipulation are tightly coded.
However due to the complexity of the line/float layout code, this is no longer the case.

This patch makes float box handling more secure by changing this index based setup
to a list iterator. It helps to eliminate potential vector overflow issues.

LineLayoutState::FloatList (new class) keeps track of all the floats for the block flow.
It groups the float box related functions/members and provides an iterator interface to ensure safer
syncing between this and the line based floats.

No change in functionality.

* rendering/RenderBlockFlow.h:
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::appendFloatingObjectToLastLine):
(WebCore::repaintDirtyFloats):
(WebCore::RenderBlockFlow::layoutRunsAndFloats):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
(WebCore::RenderBlockFlow::layoutLineBoxes):
(WebCore::RenderBlockFlow::checkFloatInCleanLine):
(WebCore::RenderBlockFlow::determineStartPosition):
(WebCore::RenderBlockFlow::determineEndPosition):
(WebCore::RenderBlockFlow::repaintDirtyFloats): Deleted.
(WebCore::RenderBlockFlow::checkFloatsInCleanLine): Deleted.
* rendering/line/LineLayoutState.h:
(WebCore::FloatWithRect::create):
(WebCore::FloatWithRect::renderer):
(WebCore::FloatWithRect::rect):
(WebCore::FloatWithRect::everHadLayout):
(WebCore::FloatWithRect::adjustRect):
(WebCore::FloatWithRect::FloatWithRect):
(WebCore::LineLayoutState::FloatList::append):
(WebCore::LineLayoutState::FloatList::setLastFloat):
(WebCore::LineLayoutState::FloatList::lastFloat):
(WebCore::LineLayoutState::FloatList::setLastCleanFloat):
(WebCore::LineLayoutState::FloatList::lastCleanFloat):
(WebCore::LineLayoutState::FloatList::floatWithRect):
(WebCore::LineLayoutState::FloatList::begin):
(WebCore::LineLayoutState::FloatList::end):
(WebCore::LineLayoutState::FloatList::find):
(WebCore::LineLayoutState::FloatList::isEmpty):
(WebCore::LineLayoutState::LineLayoutState):
(WebCore::LineLayoutState::floatList):
(WebCore::LineLayoutState::lastFloat): Deleted.
(WebCore::LineLayoutState::setLastFloat): Deleted.
(WebCore::LineLayoutState::floats): Deleted.
(WebCore::LineLayoutState::floatIndex): Deleted.
(WebCore::LineLayoutState::setFloatIndex): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207219 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[Win] Parallel DRTs are sharing preferences and cache.
pvollan@apple.com [Wed, 12 Oct 2016 16:36:11 +0000 (16:36 +0000)]
[Win] Parallel DRTs are sharing preferences and cache.
https://bugs.webkit.org/show_bug.cgi?id=163013

Reviewed by Brent Fulgham.

Source/WebKit/win:

Make it possible for a WebKit client to use separate preferences and cache.

* Interfaces/IWebPreferencesPrivate.idl:
* WebApplicationCache.cpp:
(applicationCachePath):
* WebCache.cpp:
(WebCache::cacheFolder):
(WebCache::setCacheFolder):
* WebDatabaseManager.cpp:
(databasesDirectory):
* WebPreferences.cpp:
(WebPreferences::applicationId):
(WebPreferences::valueForKey):
(WebPreferences::setValueForKey):
(WebPreferences::save):
(WebPreferences::QueryInterface):
(WebPreferences::modernMediaControlsEnabled):
(WebPreferences::setApplicationId):
* WebPreferences.h:
* WebView.cpp:
(WebView::setCacheModel):

Tools:

Use separate cache and preferences for each DRT instance.

* DumpRenderTree/win/DumpRenderTree.cpp:
(applicationId):
(setApplicationId):
(setCacheFolder):
(setDefaultsToConsistentValuesForTesting):
* Scripts/webkitpy/port/win.py:
(WinPort.setup_test_run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207218 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[GTK] Tests that fail since the new URLParser has been enabled on r207162.
clopez@igalia.com [Wed, 12 Oct 2016 16:32:20 +0000 (16:32 +0000)]
[GTK] Tests that fail since the new URLParser has been enabled on r207162.
https://bugs.webkit.org/show_bug.cgi?id=163335

Unreviewed gardening.

Rebaseline 12 tests that don't look like real failures, and report the other 36 that look as such.

* platform/gtk/TestExpectations:
* platform/gtk/fast/css-generated-content/malformed-url-expected.txt: Added.
* platform/gtk/fast/loader/redirect-to-invalid-url-using-javascript-calls-policy-delegate-expected.txt: Added.
* platform/gtk/fast/loader/redirect-to-invalid-url-using-meta-refresh-calls-policy-delegate-expected.txt: Added.
* platform/gtk/fast/loader/url-parse-1-expected.txt: Added.
* platform/gtk/fast/loader/window-open-to-invalid-url-calls-policy-delegate-expected.txt: Added.
* platform/gtk/fast/url/invalid-idn-expected.txt: Added.
* platform/gtk/fast/url/segments-userinfo-vs-host-expected.txt: Added.
* platform/gtk/fast/url/tab-and-newline-stripping-expected.txt: Added.
* platform/gtk/fast/url/url-credentials-escaping-expected.txt: Added.
* platform/gtk/http/tests/eventsource/eventsource-cors-non-http-expected.txt: Added.
* platform/gtk/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
* platform/gtk/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/fetch-src/failure-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207217 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, fix Windows build break after r207182.
said@apple.com [Wed, 12 Oct 2016 16:24:55 +0000 (16:24 +0000)]
Unreviewed, fix Windows build break after r207182.

* platform/graphics/cg/ImageDecoderCG.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207216 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate remaining DOM events to stop using legacy [ConstructorTemplate=Event]
cdumez@apple.com [Wed, 12 Oct 2016 16:23:00 +0000 (16:23 +0000)]
Update remaining DOM events to stop using legacy [ConstructorTemplate=Event]
https://bugs.webkit.org/show_bug.cgi?id=163319

Reviewed by Darin Adler.

Source/WebCore:

Update remaining DOM events to stop using legacy [ConstructorTemplate=Event]
and use regular constructors instead.

No new tests, updated existing tests.

* dom/AutocompleteErrorEvent.h:
* dom/AutocompleteErrorEvent.idl:
* dom/BeforeLoadEvent.h:
* dom/BeforeLoadEvent.idl:
* dom/CompositionEvent.cpp:
(WebCore::CompositionEvent::CompositionEvent):
* dom/CompositionEvent.h:
* dom/CompositionEvent.idl:
* dom/ErrorEvent.cpp:
(WebCore::ErrorEvent::ErrorEvent):
* dom/ErrorEvent.h:
* dom/ErrorEvent.idl:
* dom/FocusEvent.cpp:
(WebCore::FocusEvent::FocusEvent):
* dom/FocusEvent.h:
* dom/FocusEvent.idl:
* dom/HashChangeEvent.h:
* dom/HashChangeEvent.idl:
* dom/OverflowEvent.cpp:
(WebCore::OverflowEvent::OverflowEvent):
* dom/OverflowEvent.h:
* dom/OverflowEvent.idl:
* dom/PageTransitionEvent.cpp:
(WebCore::PageTransitionEvent::PageTransitionEvent):
* dom/PageTransitionEvent.h:
* dom/PageTransitionEvent.idl:
* dom/PopStateEvent.cpp:
(WebCore::PopStateEvent::PopStateEvent):
(WebCore::PopStateEvent::create):
* dom/PopStateEvent.h:
* dom/PopStateEvent.idl:
* dom/SecurityPolicyViolationEvent.h:
* dom/SecurityPolicyViolationEvent.idl:
* dom/TouchEvent.cpp:
(WebCore::TouchEvent::TouchEvent):
* dom/TouchEvent.h:
* dom/TouchEvent.idl:
* dom/TransitionEvent.cpp:
(WebCore::TransitionEvent::TransitionEvent):
* dom/TransitionEvent.h:
* dom/TransitionEvent.idl:
* dom/WebKitAnimationEvent.cpp:
(WebCore::WebKitAnimationEvent::WebKitAnimationEvent):
* dom/WebKitAnimationEvent.h:
* dom/WebKitAnimationEvent.idl:
* dom/WebKitTransitionEvent.cpp:
(WebCore::WebKitTransitionEvent::WebKitTransitionEvent):
* dom/WebKitTransitionEvent.h:
* dom/WebKitTransitionEvent.idl:

LayoutTests:

Rebaseline several existing tests to reflect minor behavior changes:
- We now properly use the default member value when an explicit undefined
  is passed.
- We throw more exceptions when bad input is passed.
- Exception messages are sometimes slightly different.

* fast/events/constructors/before-load-event-constructor-expected.txt:
* fast/events/constructors/before-load-event-constructor.html:
* fast/events/constructors/composition-event-constructor-expected.txt:
* fast/events/constructors/composition-event-constructor.html:
* fast/events/constructors/error-event-constructor-expected.txt:
* fast/events/constructors/error-event-constructor.html:
* fast/events/constructors/focus-event-constructor-expected.txt:
* fast/events/constructors/focus-event-constructor.html:
* fast/events/constructors/hash-change-event-constructor-expected.txt:
* fast/events/constructors/hash-change-event-constructor.html:
* fast/events/constructors/pop-state-event-constructor-expected.txt:
* fast/events/constructors/pop-state-event-constructor.html:
* fast/events/constructors/transition-event-constructor-expected.txt:
* fast/events/constructors/transition-event-constructor.html:
* fast/events/constructors/webkit-animation-event-constructor-expected.txt:
* fast/events/constructors/webkit-animation-event-constructor.html:
* fast/events/constructors/webkit-transition-event-constructor-expected.txt:
* fast/events/constructors/webkit-transition-event-constructor.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207215 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoStop using PassRefPtr in platform/efl
cdumez@apple.com [Wed, 12 Oct 2016 14:41:59 +0000 (14:41 +0000)]
Stop using PassRefPtr in platform/efl
https://bugs.webkit.org/show_bug.cgi?id=163321

Reviewed by Laszlo Gombos.

Stop using PassRefPtr in platform/efl.

* platform/efl/BatteryProviderEfl.cpp:
(WebCore::batteryProperties):
(WebCore::BatteryProviderEfl::setBatteryStatus):
(WebCore::BatteryProviderEfl::dispatchEvent):
* platform/efl/BatteryProviderEfl.h:
* platform/efl/BatteryProviderEflClient.h:
* platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
(WebCore::PlatformSpeechSynthesisProviderEfl::voiceName):
(WebCore::PlatformSpeechSynthesisProviderEfl::speak):
* platform/efl/PlatformSpeechSynthesisProviderEfl.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207214 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed buildfix for GCC 4.9 after r207186.
ossy@webkit.org [Wed, 12 Oct 2016 09:54:14 +0000 (09:54 +0000)]
Unreviewed buildfix for GCC 4.9 after r207186.
https://bugs.webkit.org/show_bug.cgi?id=163255

* runtime/HasOwnPropertyCache.h:
(JSC::HasOwnPropertyCache::Entry::Entry):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoAttribute setter binding generated code should use more references
commit-queue@webkit.org [Wed, 12 Oct 2016 07:37:17 +0000 (07:37 +0000)]
Attribute setter binding generated code should use more references
https://bugs.webkit.org/show_bug.cgi?id=163275

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-12
Reviewed by Alex Christensen.

No change of behavior.

* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207193 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoRefactor binding generated casted-this checks for methods
commit-queue@webkit.org [Wed, 12 Oct 2016 06:57:04 +0000 (06:57 +0000)]
Refactor binding generated casted-this checks for methods
https://bugs.webkit.org/show_bug.cgi?id=163198

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-11
Reviewed by Darin Adler.

Covered by existing tests and binding rebased tests..

Introducing BindingCaller::callMethod and callPromiseMethod to encapsulate casted-this checks for methods.
This is supported for all methods except seralizer and iterators methods.

Introduced castForMethod similarly to castForAttribute.
Moved this from static methods of JSClass to static methods of BindingCaller<JSClass>
This allows removing the corresponding declarations from JSClass header file.

Note the difference of handling thisValue between the two in case of CustomProxyToJSObject.
This should be made more consistent.

In case of bad casted this check, CustomProxyToJSObject objects will throw a TypeError with an error message like other methods.
Before the patch, a TypeError without error message was thrown.

EventTarget being different, added a specialization of BindingCaller for it.
This allows also removing some binding generated code dedicated to EventTarget.
A similar approach might also be done for CustomProxyToJSObject objects to further simplify the binding generator.

* bindings/js/JSDOMBinding.cpp:
(WebCore::rejectPromiseWithThisTypeError):
* bindings/js/JSDOMBinding.h:
(WebCore::BindingCaller::callPromiseMethod):
(WebCore::BindingCaller::callMethod):
* bindings/js/JSEventTargetCustom.h:
(WebCore::BindingCaller<JSEventTarget>::callMethod):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateFunctionCastedThis): Deleted.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.h:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
* bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.h:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.h:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterface.h:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestNode.h:
* bindings/scripts/test/JS/JSTestNondeterministic.cpp:
* bindings/scripts/test/JS/JSTestNondeterministic.h:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestObj.h:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207192 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[EFL] Update API tests which are passed or failed
commit-queue@webkit.org [Wed, 12 Oct 2016 06:39:44 +0000 (06:39 +0000)]
[EFL] Update API tests which are passed or failed
https://bugs.webkit.org/show_bug.cgi?id=163322

Unreviewed, simple on/off API test.

*ewk_favicon_database_clear* has been crashed for a long time, however
*ewk_cookie_manager_permanent_storage* is fine now. So the passing test
is enabled again, and disable the failure tests.

Patch by Gyuyoung Kim <gyuyoung.kim@navercorp.com> on 2016-10-11

* UIProcess/API/efl/tests/test_ewk2_cookie_manager.cpp:
(TEST_F):
* UIProcess/API/efl/tests/test_ewk2_favicon_database.cpp:
(TEST_F):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207191 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMediaResourceLoader::requestResource should take a ResourceRequest&& as input
commit-queue@webkit.org [Wed, 12 Oct 2016 06:26:35 +0000 (06:26 +0000)]
MediaResourceLoader::requestResource should take a ResourceRequest&& as input
https://bugs.webkit.org/show_bug.cgi?id=160397

Patch by Youenn Fablet <youenn@apple.com> on 2016-10-11
Reviewed by Alex Christensen.

No change in behavior.

* loader/MediaResourceLoader.cpp:
(WebCore::MediaResourceLoader::requestResource): Passing a ResourceRequest&& as input parameter.
* loader/MediaResourceLoader.h:
* platform/graphics/PlatformMediaResourceLoader.h: Ditto.
* platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
(webKitWebSrcStart): Creating an extra copy since MediaResourceLoader::requestResource expects a Resourcerequest&&.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[EFL] Mark url tests to failure
gyuyoung.kim@webkit.org [Wed, 12 Oct 2016 05:34:26 +0000 (05:34 +0000)]
[EFL] Mark url tests to failure

Unreviewed EFL gardening on Oct. 12th.

URL tests have been failed since r207162.

* platform/efl/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207189 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate AnimationEvent to stop using legacy [ConstructorTemplate=Event]
cdumez@apple.com [Wed, 12 Oct 2016 04:48:13 +0000 (04:48 +0000)]
Update AnimationEvent to stop using legacy [ConstructorTemplate=Event]
https://bugs.webkit.org/show_bug.cgi?id=163312

Reviewed by Ryosuke Niwa.

Update AnimationEvent to stop using legacy [ConstructorTemplate=Event]
and use a regular constructor as in the specification:
- https://drafts.csswg.org/css-animations/#interface-animationevent

* dom/AnimationEvent.cpp:
(WebCore::AnimationEvent::AnimationEvent):
* dom/AnimationEvent.h:
* dom/AnimationEvent.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207188 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate DeviceProximityEvent to stop using legacy [ConstructorTemplate=Event]
cdumez@apple.com [Wed, 12 Oct 2016 04:47:00 +0000 (04:47 +0000)]
Update DeviceProximityEvent to stop using legacy [ConstructorTemplate=Event]
https://bugs.webkit.org/show_bug.cgi?id=163311

Reviewed by Ryosuke Niwa.

Update DeviceProximityEvent to stop using legacy [ConstructorTemplate=Event]
and use a regular constructor instead, as in the specification:
- https://www.w3.org/TR/2015/WD-proximity-20150903/#deviceproximityevent-interface

* Modules/proximity/DeviceProximityEvent.cpp:
(WebCore::DeviceProximityEvent::DeviceProximityEvent):
* Modules/proximity/DeviceProximityEvent.h:
(WebCore::DeviceProximityEvent::create):
(WebCore::DeviceProximityEventInit::DeviceProximityEventInit): Deleted.
* Modules/proximity/DeviceProximityEvent.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207187 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoHasOwnPropertyCache needs to ref the UniquedStringImpls it sees
sbarati@apple.com [Wed, 12 Oct 2016 03:14:56 +0000 (03:14 +0000)]
HasOwnPropertyCache needs to ref the UniquedStringImpls it sees
https://bugs.webkit.org/show_bug.cgi?id=163255

Reviewed by Geoffrey Garen.

The cache needs to be responsible for ensuring that things
in the cache stay alive. Before, it wasn't doing this, and
that was wrong.

* runtime/HasOwnPropertyCache.h:
(JSC::HasOwnPropertyCache::Entry::operator=):
(JSC::HasOwnPropertyCache::operator delete):
(JSC::HasOwnPropertyCache::create):
(JSC::HasOwnPropertyCache::get):
(JSC::HasOwnPropertyCache::tryAdd):
(JSC::HasOwnPropertyCache::clear):
(JSC::HasOwnPropertyCache::zeroBuffer):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207186 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix a typo in the test.
dino@apple.com [Wed, 12 Oct 2016 02:24:50 +0000 (02:24 +0000)]
Fix a typo in the test.

* fast/media/mq-color-gamut.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207185 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUpdate API test expectation after r207162.
achristensen@apple.com [Wed, 12 Oct 2016 02:06:59 +0000 (02:06 +0000)]
Update API test expectation after r207162.
       â€‹https://bugs.webkit.org/show_bug.cgi?id=162660

* TestWebKitAPI/Tests/WebKit2Cocoa/LoadInvalidURLRequest.mm:
(-[LoadInvalidURLNavigationActionDelegate webView:didFailProvisionalNavigation:withError:]):
Like r207167 but with a WebKit2 test.
"https://www.example.com<>/" was an invalid URL with the old URL parser, is now valid with URLParser but not with NSURL's parser.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207184 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoUnreviewed, EFL build fix because of r207173.
gyuyoung.kim@webkit.org [Wed, 12 Oct 2016 01:52:27 +0000 (01:52 +0000)]
Unreviewed, EFL build fix because of r207173.

* testing/InternalSettings.cpp:
(WebCore::InternalSettings::forcedPrefersReducedMotionValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207183 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years ago[CG] Add the option to immediately decode an image frame and control its memory caching
commit-queue@webkit.org [Wed, 12 Oct 2016 01:40:14 +0000 (01:40 +0000)]
[CG] Add the option to immediately decode an image frame and control its memory caching
https://bugs.webkit.org/show_bug.cgi?id=163298

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-10-11
Reviewed by Simon Fraser.

This patch fixes two things. (1) An option is added to immediately decode an
image frame. This can be done by adding kCGImageSourceShouldCacheImmediately
to the ImageSource options dictionary. (2) BitmapImage should also control
when the image frame is actually deleted from memory. This can be done by
calling CGImageSourceCreateThumbnailAtIndex(). CG does not keep a reference
to the returned CGImageRef.

* platform/graphics/ImageFrame.h: Adding the DecodingMode enum class.
Ideally this should be a member of ImageDecoder class. But since we
have three header files for ImageDecoder, this can be added here till
the three files combined in one header file.

* platform/graphics/ImageFrameCache.cpp:
(WebCore::ImageFrameCache::setRenderTarget): Deleted.
* platform/graphics/ImageFrameCache.h:
* platform/graphics/ImageSource.cpp:
(WebCore::ImageSource::setRenderTarget):
* platform/graphics/ImageSource.h:
(WebCore::ImageSource::setRenderTarget): Deleted.
Unrelated change. The native image decoder is available from the ImageSource.
ImageSource::setTarget() does not need not to get it through ImageFrameCache.

* platform/graphics/cg/ImageDecoderCG.cpp:
(WebCore::createImageSourceOptions): Clean this function by using CFMutableDictionary.
(WebCore::imageSourceOptions): Cache two default ImageSource options and create new
ones for the non default cases.

(WebCore::ImageDecoder::createFrameImageAtIndex): Use the appropriate ImageSource function

* platform/graphics/cg/ImageDecoderCG.h:
* platform/graphics/win/ImageDecoderDirect2D.cpp:
(WebCore::ImageDecoder::createFrameImageAtIndex):
* platform/graphics/win/ImageDecoderDirect2D.h:
* platform/image-decoders/ImageDecoder.cpp:
(WebCore::ImageDecoder::createFrameImageAtIndex):
* platform/image-decoders/ImageDecoder.h:
 Change functions' signature to include a DecodingMode argument.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207182 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoselect.options may return too many option elements
cdumez@apple.com [Wed, 12 Oct 2016 00:25:55 +0000 (00:25 +0000)]
select.options may return too many option elements
https://bugs.webkit.org/show_bug.cgi?id=163296

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Import html/infrastructure web-platform-tests from upstream.

* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/contains.json: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmlallcollection-expected.txt: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmlallcollection.html: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmlformcontrolscollection-expected.txt: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmlformcontrolscollection.html: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmloptionscollection-expected.txt: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmloptionscollection.html: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/radionodelist-expected.txt: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/radionodelist.html: Added.
* web-platform-tests/html/infrastructure/common-dom-interfaces/collections/w3c-import.log: Added.
* web-platform-tests/html/infrastructure/common-microsyntaxes/dates-and-times/contains.json: Added.
* web-platform-tests/html/infrastructure/common-microsyntaxes/dates-and-times/w3c-import.log: Added.
* web-platform-tests/html/infrastructure/common-microsyntaxes/numbers/contains.json: Added.
* web-platform-tests/html/infrastructure/common-microsyntaxes/numbers/w3c-import.log: Added.
* web-platform-tests/html/infrastructure/conformance-requirements/extensibility/foreign-expected.txt: Added.
* web-platform-tests/html/infrastructure/conformance-requirements/extensibility/foreign.html: Added.
* web-platform-tests/html/infrastructure/conformance-requirements/extensibility/w3c-import.log: Added.
* web-platform-tests/html/infrastructure/terminology/plugins/sample.txt: Added.
* web-platform-tests/html/infrastructure/terminology/plugins/text-plain-expected.txt: Added.
* web-platform-tests/html/infrastructure/terminology/plugins/text-plain.html: Added.
* web-platform-tests/html/infrastructure/terminology/plugins/w3c-import.log: Added.

Source/WebCore:

select.options may return too many option elements. We're only supposed
to return the option element children of the select element, and the
option element children of all the optgroup element children of the
select element, in tree order:
- https://html.spec.whatwg.org/#dom-select-options
- https://html.spec.whatwg.org/#concept-select-option-list

Firefox and Chrome agrees with the specification. However, WebKit was
returning all the option elements that are descendants of the select
element.

Test: imported/w3c/web-platform-tests/html/infrastructure/common-dom-interfaces/collections/htmloptionscollection.html

* html/HTMLOptionsCollection.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207181 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoSkipping loader/stateobjects tests on mac and ios-simulator debug.
ryanhaddad@apple.com [Wed, 12 Oct 2016 00:17:17 +0000 (00:17 +0000)]
Skipping loader/stateobjects tests on mac and ios-simulator debug.
https://bugs.webkit.org/show_bug.cgi?id=163307

Unreviewed test gardening.

* platform/ios-simulator/TestExpectations:
* platform/mac/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207180 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoMarkedBlock should know what objects are live during marking
fpizlo@apple.com [Tue, 11 Oct 2016 23:52:02 +0000 (23:52 +0000)]
MarkedBlock should know what objects are live during marking
https://bugs.webkit.org/show_bug.cgi?id=162309

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

It used to be that we would forget which objects are live the moment we started collection.
That's because the flip at the beginning clears all mark bits.

But we already have a facility for tracking objects that are live-but-not-marked. It's called
newlyAllocated. So, instead of clearing mark bits, we want to just transfer them to
newlyAllocated. Then we want to clear all newlyAllocated after GC.

This implements such an approach, along with a versioning optimization for newlyAllocated.
Instead of walking the whole heap to clear newlyAllocated bits at the end of the GC, we bump
the newlyAllocatedVersion, which causes MarkedBlock to treat newlyAllocated as if it was
clear.

We could have even avoided allocating newlyAllocated in most cases, since empirically most
blocks are either completely empty or completely full. An earlier version of this patch did
this, but it was not better than this patch. In fact, it seemed to actually be worse for PLT
and membuster.

To validate this change, we now run the conservative scan after the beginMarking flip. And it
totally works!

This is a huge step towards concurrent GC. It means that we ought to be able to run the
allocator while marking. Since we already separately made it possible to run the barrier
while marking, this means that we're pretty much ready for some serious concurrency action.

This appears to be perf-neutral and space-neutral.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
* bytecode/CodeBlock.h:
(JSC::CodeBlockSet::mark): Deleted.
* heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::writeBarrierCurrentlyExecuting):
(JSC::CodeBlockSet::clearCurrentlyExecuting):
(JSC::CodeBlockSet::writeBarrierCurrentlyExecutingCodeBlocks): Deleted.
* heap/CodeBlockSet.h:
* heap/CodeBlockSetInlines.h: Added.
(JSC::CodeBlockSet::mark):
* heap/ConservativeRoots.cpp:
* heap/Heap.cpp:
(JSC::Heap::markRoots):
(JSC::Heap::beginMarking):
(JSC::Heap::collectImpl):
(JSC::Heap::writeBarrierCurrentlyExecutingCodeBlocks):
(JSC::Heap::clearCurrentlyExecutingCodeBlocks):
* heap/Heap.h:
* heap/HeapUtil.h:
(JSC::HeapUtil::findGCObjectPointersForMarking):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::isPagedOut):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::Handle):
(JSC::MarkedBlock::Handle::sweepHelperSelectHasNewlyAllocated):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::aboutToMarkSlow):
(JSC::MarkedBlock::Handle::resetAllocated):
(JSC::MarkedBlock::resetMarks):
(JSC::MarkedBlock::setNeedsDestruction):
(JSC::MarkedBlock::Handle::didAddToAllocator):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::Handle::isLiveCell):
(JSC::MarkedBlock::clearMarks): Deleted.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::newlyAllocatedVersion):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated): Deleted.
(JSC::MarkedBlock::Handle::clearNewlyAllocated): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::cellsPerBlock):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::Handle::isLiveCell):
(JSC::MarkedBlock::Handle::isNewlyAllocatedStale):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocatedWithSweep):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
(JSC::MarkedBlock::heap):
(JSC::MarkedBlock::space):
(JSC::MarkedBlock::Handle::space):
(JSC::MarkedBlock::resetMarkingVersion): Deleted.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::beginMarking):
(JSC::MarkedSpace::endMarking):
(JSC::MarkedSpace::clearNewlyAllocated): Deleted.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::nextVersion):
(JSC::MarkedSpace::newlyAllocatedVersion):
(JSC::MarkedSpace::markingVersion): Deleted.
* runtime/SamplingProfiler.cpp:

Source/WTF:

This removes the atomicity mode, because it's not really used: it only affects the
concurrentBlah methods, but their only users turn on atomicity. This was useful because
previously, some binary Bitmap methods (like merge(const Bitmap&)) couldn't be used
effectively in the GC because some of the GC's bitmaps set the atomic mode and some didn't.
Removing this useless mode is the best solution.

Also added some new binary Bitmap methods: mergeAndClear(Bitmap& other) and
setAndClear(Bitmap& other). They perform their action on 'this' (either merge or set,
respectively) while also clearing the contents of 'other'. This is great for one of the GC
hot paths.

* wtf/Bitmap.h:
(WTF::WordType>::Bitmap):
(WTF::WordType>::get):
(WTF::WordType>::set):
(WTF::WordType>::testAndSet):
(WTF::WordType>::testAndClear):
(WTF::WordType>::concurrentTestAndSet):
(WTF::WordType>::concurrentTestAndClear):
(WTF::WordType>::clear):
(WTF::WordType>::clearAll):
(WTF::WordType>::nextPossiblyUnset):
(WTF::WordType>::findRunOfZeros):
(WTF::WordType>::count):
(WTF::WordType>::isEmpty):
(WTF::WordType>::isFull):
(WTF::WordType>::merge):
(WTF::WordType>::filter):
(WTF::WordType>::exclude):
(WTF::WordType>::forEachSetBit):
(WTF::WordType>::mergeAndClear):
(WTF::WordType>::setAndClear):
(WTF::=):
(WTF::WordType>::hash):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoArray.prototype.concat should not modify frozen objects.
mark.lam@apple.com [Tue, 11 Oct 2016 23:25:38 +0000 (23:25 +0000)]
Array.prototype.concat should not modify frozen objects.
https://bugs.webkit.org/show_bug.cgi?id=163302

Reviewed by Filip Pizlo.

JSTests:

* stress/array-concat-on-frozen-object.js: Added.

Source/JavaScriptCore:

The ES6 spec for Array.prototype.concat states that it uses the
CreateDataPropertyOrThrow() to add items to the result array.  The spec for
CreateDataPropertyOrThrow states:

"This abstract operation creates a property whose attributes are set to the same
defaults used for properties created by the ECMAScript language assignment
operator. Normally, the property will not already exist. If it does exist and is
not configurable or if O is not extensible, [[DefineOwnProperty]] will return
false causing this operation to throw a TypeError exception."

Since the properties of frozen objects are not extensible, not configurable, and
not writable, Array.prototype.concat should fail to write to the result array if
it is frozen.

Ref: https://tc39.github.io/ecma262/#sec-array.prototype.concat,
https://tc39.github.io/ecma262/#sec-createdatapropertyorthrow, and
https://tc39.github.io/ecma262/#sec-createdataproperty.

The fix consists of 2 parts:
1. moveElement() should use the PutDirectIndexShouldThrow mode when invoking
   putDirectIndex(), and
2. SparseArrayValueMap::putDirect() should check for the case where the property
   is read only.

(2) ensures that we don't write into a non-writable property.
(1) ensures that we throw a TypeError for attempts to write to a non-writeable
property.

* runtime/ArrayPrototype.cpp:
(JSC::moveElements):
* runtime/SparseArrayValueMap.cpp:
(JSC::SparseArrayValueMap::putDirect):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207178 268f45cc-cd09-0410-ab3c-d52691b4dbfc

3 years agoFix assertion when creating first WebCore::URL from non-main thread after r207162
achristensen@apple.com [Tue, 11 Oct 2016 23:24:46 +0000 (23:24 +0000)]
Fix assertion when creating first WebCore::URL from non-main thread after r207162
https://bugs.webkit.org/show_bug.cgi?id=163304

Reviewed by Filip Pizlo.

This fixes assertions when running UserContentWorld.NormalWorld API tests.

* platform/text/TextEncodingRegistry.cpp:
(WebCore::buildBaseTextCodecMaps):
(WebCore::atomicCanonicalTextEncodingName):
The new URLParser requires a TextEncoding& in its constructor, which defaults to UTF8Encoding.
When creating the first TextEncoding in a process, it calls buildBaseTextCodecMaps which asserts
it's on the main thread because it initializes static variables.  Since we are getting a lock right
after this call anyway, just put this function call inside the lock.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207177 268f45cc-cd09-0410-ab3c-d52691b4dbfc